Internal Control Over
DATE: March 27, 2003 TO: Fred S. Selby, Director, Division of Finance; Mitchell L. Glassman, Director, Division of Resolutions and Receiverships; and Arleas Upton Kea, Director, Division of Administration FROM: Russell A. Rau [Electronically produced version; original signed by Russell A. Rau], Assistant Inspector General for Audits SUBJECT: Internal Control Over Receivership Receipts (Audit Report Number 03-024) This report presents the results of our audit of the Federal Deposit Insurance Corporation’s (FDIC) internal control over receivership receipts. The objective of the audit was to determine whether the FDIC has effectively implemented selected internal controls to safeguard recoveries from the liquidation of failed insured depository institution assets. (Note: Insured depository institutions include banks and savings institutions.) Our work was conducted to assist the U.S. General Accounting Office (GAO) with its audit of the Bank Insurance Fund (BIF), Savings Association Insurance Fund (SAIF), and Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF) financial statements for the years ended December 31, 2002 and 2001. (Note: The Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) created the BIF, SAIF, and FRF. The BIF and SAIF are insurance funds responsible for protecting insured bank and thrift depositors from loss due to institution failures. The FRF is a resolution fund from which funds are used to wind up the affairs of the former Federal Savings and Loan Insurance Corporation and liquidate the assets and liabilities transferred from the former Resolution Trust Corporation.) Additional details on the audit objective, scope, and methodology, including the specific controls tested, are included in Appendix I. BACKGROUND A receivership is a temporary entity that is established when the primary federal or state regulatory authority closes an insured depository institution and appoints the FDIC as receiver to manage the business affairs of the failed institution. The receivership receipts process encompasses those activities associated with receiving and controlling monetary items from all sources until they are deposited in the correct account or forwarded to the proper recipient. This process also includes preparing journal entries to record receipts and related transactions in the FDIC Financial Information Management System (FIMS). Policies and procedures applicable to the receipt process are described in the FDIC’s Field Financial Operations (FFO) Accounting Manual. The FDIC’s Division of Resolutions and Receiverships (DRR), Field Operations Group, Accounting Operations (AO), located in Dallas, Texas, has overall responsibility for processing and accounting for all receivership receipts. The majority of the receipts received are wired and deposited directly into the receiverships’ bank depository account. The remaining receipts are generally sent either to the FDIC mailroom or to a lockbox maintained by Bank One. (Note: The lockbox in this instance is a unique United States Postal Service address used specifically to identify customer remittances.) An outside contractor provides mailroom services at the FDIC Dallas, Texas location. The mailroom is responsible for opening the mail, identifying which envelopes contain check receipts, recording the checks received, and forwarding the checks to AO for further processing. The FDIC also contracted with Bank One for lockbox services. Bank One is required to collect, open, and process all receipts received through the lockbox and deposit them directly into the receiverships’ bank depository account. AO processes receipts for the BIF, the SAIF, and the FRF. These receipts generally consist of loan payments from debtors of failed financial institutions. The group also processes receipts for prior Resolution Trust Corporation receiverships, and these receipts generally consist of remittances for loan payments from contracted asset servicers. (Note: The RTC existed from August 1989 through December 1995 and was established by Congress as a temporary federal agency to clean up the savings and loan crisis after the Federal Savings and Loan Insurance Corporation was abolished. An asset servicer is a contractor acting on behalf of the FDIC in the administration and servicing of assets, such as loans. The servicer’s functions include collecting and recording payments from borrowers; negotiating, compromising, and restructuring loans; and reporting to the FDIC.) During the period January 1, 2002 through December 31, 2002, the FDIC recorded over $3.6 billion in receivership receipts transactions. RESULTS OF AUDIT The FDIC effectively implemented the selected internal controls to safeguard recoveries from the liquidation of failed insured depository institution assets. We identified the following controls that were in place and operating:
However, we noted the following deficiencies in controls related to receivership receipts processing.
We provided the results of our audit, including the deficiencies, to the GAO for its consideration in evaluating the Corporation’s internal control over financial reporting and compliance with laws and regulations. Accordingly, we are not making recommendations to address the deficiencies, and the GAO will determine whether they are either individually or in the aggregate material weaknesses or reportable conditions that warrant further reporting in the reports on the FDIC’s financial statements. (Note: The American Institute of Certified Public Accountants standards define a material weakness as a reportable condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low risk that misstatements caused by error or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions. A reportable condition is a matter coming to the auditor’s attention that in his (or her) judgment, should be communicated to the audit committee because the matter represents significant deficiencies in the design or operation of the internal control that could adversely affect the FDIC’s ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements.) CORPORATION COMMENTS AND OIG EVALUATION Our report does not include recommendations for corrective actions. However, we provided our draft report to the Director, Division of Finance, Director, Division of Resolutions and Receiverships, and the Director, Division of Administration. The Division of Finance and the Division of Resolutions and Receiverships responded that they had no comments. On March 24, 2003, the Division of Administration responded via email that it would not be providing a formal written response to the draft report since the report contains no findings or recommendations. The Division of Administration further stated that two internal control concerns were presented to DOA by the OIG as "Matters for Further Consideration (MFC)" in an email dated February 5, 2003. (Note: The Matters for Further Consideration form is used to document the request for further information from the FDIC regarding discrepancies and potential internal control weaknesses found during the audit.) As stated in DOA’s response to the MFC, DOA staff members in Dallas have taken necessary corrective actions to address the issues at hand. Specifically, according to DOA, the corrective actions already taken are as follows:
While the corrective actions taken by DOA address several of the deficiencies noted in our report, we did not review them as part of our audit and cannot conclude on their effectiveness. APPENDIX I OBJECTIVE, SCOPE, AND METHODOLOGY The objective of the audit was to determine whether the FDIC has implemented effective internal control to safeguard recoveries from the liquidation of failed insured depository institution assets. Our work was not intended to express, and we do not express, opinions on the fair presentation of the balances for corporate receivables for 2002 or 2001, or related internal control over financial reporting and compliance with laws and regulations. Such opinions, if expressed, are the responsibility of the GAO as the principal auditor for the FDIC’s corporate financial statements. To achieve our objective, we followed the process outlined in the GAO/President’s Council on Integrity and Efficiency Financial Audit Manual. Specifically, we:
We relied on computer processed data to complete our audit; therefore, we tested the reliability of data by comparing the data in FIMS to source documentation. We found no instances of non-compliance with significant provisions of applicable laws and regulations as they relate to the processing of receivership receipts. The applicable laws identified were: the FDI Act Sections 11(a) (4) (A) and 11A(a)(1), codified to 12 U.S.C. sections 1821 and 1821a, which require the FDIC to separately maintain and not commingle the BIF, SAIF, and FRF. There are no performance measures with which the FDIC must comply regarding the processing of receivership receipts. Therefore, we did not perform testing related to performance objectives. We performed fieldwork at the FDIC's Regional Office in Dallas, Texas. We conducted the audit from November 2002 through February 2003 in accordance with generally accepted government auditing standards. |
Last Updated 04/09/2003 |
|