
Federal Deposit Insurance Corporation
550 17th St. NW Washington, DC, 20429 Deputy to the Chairman & Chief Financial Officer
February 9, 2004
Mr. David M. Walker
Comptroller General of the United States
U. S. General Accounting Office
441 G Street, NW
Washington, DC 20548
Re: FDIC Management Response on the
GAO 2003 Financial Statements Audit Report
Dear Mr. Walker:
Thank you for the opportunity to comment on the U. S. General Accounting Offices (GAO)
draft audit report titled, Financial Audit: Federal Deposit Insurance Corporation Funds
2003 and 2002 Financial Statements, GAO-04-429. The report presents GAOs opinions
on the calendar year 2003 financial statements of the Bank Insurance Fund (BIF), the
Savings Association Insurance Fund (SAIF), and the Federal Savings and Loan Insurance
Corporation Resolution Fund (FRF). The report also presents GAOs opinion on the
effectiveness of FDICs internal controls as of December 31, 2003 and GAOs evaluation
of FDICs compliance with applicable laws and regulations.
We are pleased to accept GAOs unqualified opinions on the BIF, SAIF, and FRF financial
statements and to note that there were no material weaknesses identified during the 2003
audits. The GAO reported that: the funds financial statements were presented fairly and in
conformity with U. S. generally accepted accounting principles; FDIC had effective internal
control over financial reporting (including safeguarding of assets) and compliance with laws
and regulations; and there were no instances of noncompliance with selected provisions of
laws and regulations.
GAO identified the need to improve internal control over FDICs information systems (IS)
and issued a reportable condition. Although GAO identified weaknesses in FDICs IS
controls, the audit team noted that significant improvements had been made during the past
year, and that the weaknesses did not materially affect the 2003 financial statements.
We acknowledge GAOs assessment of both the status and the substantial progress made
in addressing the IS control environment. During 2003, FDICs accomplishments included
implementation of a recurring IS controls self assessment program, implementation of
more stringent contractor personnel clearance and site security policies and procedures,
and establishment of an aggressive patch management program. The FDIC will continue
efforts to strengthen its ongoing, comprehensive information security program during 2004.
If you have any questions or concerns, please let me know.
Sincerely,
Steven O. App
Deputy to the Chairman and Chief Financial Officer