Each depositor insured to at least $250,000 per insured bank



Home > About FDIC > Financial Reports > 2006 Annual Report




2006 Annual Report

Previous | Contents | Next

IV. Financial Statements and Notes

GAO's Audit Opinion

GAO logo. Accountability * Integrity * Reliability



Comptroller General
of the United States

United States Government Accountability Office
Washington, D.C. 20548

To the Board of Directors
The Federal Deposit Insurance Corporation

We have audited the balance sheets as of December 31, 2006 and 2005, for the two funds administered by the Federal Deposit Insurance Corporation (FDIC), the related statements of income and fund balance (accumulated deficit), and the statements of cash flows for the years then ended. In our audits of the Deposit Insurance Fund (DIF) and the FSLIC Resolution Fund (FRF), we found

  • the financial statements of each fund are presented fairly, in all material
    respects, in conformity with U.S. generally accepted accounting principles;
  • FDIC had effective internal control over financial reporting and
    compliance with laws and regulations for each fund; and
  • no reportable noncompliance with laws and regulations we tested.

The following sections discuss our conclusions in more detail. They also present information on the scope of our audits and our evaluation of FDIC management's comments on a draft of this report.

Opinion on DIF's Financial Statements
The financial statements, including the accompanying notes, present fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, DIF's financial position as of December 31, 2006, and 2005, and the results of its operations and its cash flows for the years then ended.

As discussed in note 1 to DIF's financial statements, on February 8, 2006, the President signed into law the Federal Deposit Insurance Reform Act of 2005 (the Act). Among its provisions, the Act called for the merger of the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF) into a single deposit insurance fund. In accordance with the Act, on March 31, 2006, FDIC established the DIF with the merger of the BIF and SAIF. As further discussed in note 2 to DIF's financial statements, the merger resulted in a new reporting entity. The financial results of the newly formed DIF were retrospectively applied as though they had been combined at the beginning of the reporting year as well as for prior periods presented for comparative purposes.

Opinion on FRF's Financial Statements
The financial statements, including the accompanying notes, present fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, FRF's financial position as of December 31, 2006 and 2005, and the results of its operations and its cash flows for the years then ended.

Opinion on Internal Control
FDIC management maintained, in all material respects, effective internal control over financial reporting (including safeguarding assets) and compliance as of December 31, 2006, that provided reasonable assurance that misstatements, losses, or noncompliance material in relation to FDIC's financial statements for each fund would be prevented or detected on a timely basis. Our opinion is based on criteria established under 31 U.S.C. 3512 (c), (d) [commonly known as the Federal Managers' Financial Integrity Act (FMFIA)].

In our prior year audit,1 we reported on weaknesses we identified in FDIC's information system controls, which we considered to be a reportable condition.2 Specifically, FDIC had implemented a new financial system May 2005 and, in doing so, did not ensure that controls were adequate to accommodate its new systems environment.

During 2006, FDIC corrected many of these weaknesses and implemented mitigating or compensating controls to provide protection for the corporation's financial and sensitive information in the new systems environment. These improvements enabled us to conclude that the remaining issues related to information systems controls do not constitute a significant deficiency. However, continued management commitment to an effective information security program will be essential to ensure that the corporation's financial and sensitive information will be adequately protected. In light of the evolving nature of information security, and with new exposures and threats continuing to develop, the corporation's information security program will need to dynamically adapt to address changing information security challenges. As FDIC continues to enhance its new financial system, which is based on an integrated financial management software package, the corporation's reliance on controls implemented in the single, integrated financial system will increase. The continued effectiveness of FDIC's controls will be dependent on sound implementation of the integrated financial management software and its operations.

We did identify control deficiencies during our 2006 audits that we do not consider to be significant deficiencies. We will be reporting separately to FDIC management on these matters.

Compliance with Laws and Regulations
Our tests for compliance with selected provisions of laws and regulations disclosed no instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards. However, the objective of our audits was not to provide an opinion on overall compliance with laws and regulations. Accordingly, we do not express such an opinion.

Objectives, Scope, and Methodology
FDIC management is responsible for (1) preparing the annual financial statements in conformity with U.S. generally accepted accounting principles; (2) establishing, maintaining, and assessing internal control to provide reasonable assurance that the broad control objectives of FMFIA are met; and (3) complying with applicable laws and regulations.

We are responsible for obtaining reasonable assurance about whether (1) the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles; and (2) management maintained effective internal control, the objectives of which are the following:

  • financial reporting-transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in conformity with U.S. generally accepted accounting principles; and assets are safeguarded against loss from unauthorized acquisition, use, or disposition; and
  • compliance with laws and regulations-transactions are executed in accordance with laws and regulations that could have a direct and material effect on the financial statements.
We are also responsible for testing compliance with selected provisions of laws and regulations that could have a direct and material effect on the financial statements.

In order to fulfill these responsibilities, we
  • examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements;
  • assessed the accounting principles used and significant estimates made by management;
  • evaluated the overall presentation of the financial statements;
  • obtained an understanding of internal control related to financial reporting (including safeguarding assets) and compliance with laws and regulations;
  • tested relevant internal controls over financial reporting and compliance, and evaluated the design and operating effectiveness of internal control;
  • considered FDIC's process for evaluating and reporting on internal control based on criteria established by FMFIA; and
  • tested compliance with certain laws and regulations, including selected provisions of the Federal Deposit Insurance Act, as amended, the Federal Deposit Insurance Reform Act of 2005, and the Chief Financial Officers Act of 1990.

We did not evaluate all internal controls relevant to operating objectives as broadly defined by FMFIA, such as those controls relevant to preparing statistical reports and ensuring efficient operations. We limited our internal control testing to controls over financial reporting and compliance. Because of inherent limitations in internal control, misstatements due to error or fraud, losses, or noncompliance may nevertheless occur and not be detected. We also caution that projecting our evaluation to future periods is subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with controls may deteriorate.

We did not test compliance with all laws and regulations applicable to FDIC. We limited our tests of compliance to those laws and regulations that could have a direct and material effect on the financial statements for the year ended December 31, 2006. We caution that noncompliance may occur and not be detected by these tests and that such testing may not be sufficient for other purposes.

We performed our work in accordance with U.S. generally accepted government auditing standards.

FDIC Comments and Our Evaluation
In commenting on a draft of this report, FDIC's Chief Financial Officer (CFO) was pleased to receive unqualified opinions on the DIF and FRF financial statements and to note that there were no material weaknesses identified during the 2006 audits. FDIC's CFO appreciated that we recognized the improvements that FDIC made over the past year to its information systems environment. Also, the CFO stated that FDIC's sustained commitment to enhancing information systems controls adequately addressed the concerns that we highlighted in the prior year report and enabled us to conclude that the remaining issues related to such controls do not constitute a significant deficiency. Finally, the CFO stated that FDIC's goal is to maintain an effective information security program going forward, and has pledged to work diligently to resolve control issues that we identified during the 2006 audits, as well as any that may arise in the future.

The complete text of FDIC's comments is reprinted in appendix I.

David M. Walker

David M. Walker
Comptroller General
of the United States

January 31, 2007



1 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2005 and 2004 Financial Statements, GAO-06-146 (Washington, D.C.: Mar. 2, 2006).
2 Reportable conditions involve matters coming to the auditor's attention that, in the auditor's judgment, should be communicated because they represent significant deficiencies in the design or operation of internal control and could adversely affect FDIC's ability to meet the control objectives described in this report. In May 2006, the American Institute of Certified Public Accountants (AICPA) issued Statement on Auditing Standard (SAS) 112, which became effective for audits of financial statements for periods ending on or after December 15, 2006. SAS 112 established standards and provides guidance on the auditor's responsibilities for identifying, evaluating, and communicating matters related to an entity's internal control over financial reporting identified in an audit of financial statements. Under the new SAS, the auditor is required to communicate control deficiencies that are significant deficiencies or material weaknesses in internal controls. A significant deficiency is a control deficiency, or combination of deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. As a result of SAS 112, the term reportable condition is no longer used.



Last Updated 04/02/2007 communications@fdic.gov