Skip Header
U.S. flag

An official website of the United States government

2017 Annual Report

Previous | Contents | Next

Government Accountability Office Auditor’s Report

Independent Auditor’s Report

To the Board of Directors
The Federal Deposit Insurance Corporation

In our audits of the 2017 and 2016 financial statements of the Deposit Insurance Fund (DIF) and of the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF), both of which are administered by the Federal Deposit Insurance Corporation (FDIC),1 we found

The following sections discuss in more detail (1) our report on the financial statements and on internal control over financial reporting and other information included with the financial statements;2 (2) our report on compliance with laws, regulations, contracts, and grant agreements; and (3) agency comments.

Report on the Financial Statements and Internal Control over Financial Reporting

In accordance with Section 17 of the Federal Deposit Insurance Act, as amended,3 and the Government Corporation Control Act,4 we have audited the financial statements of the DIF and of the FRF, both of which are administered by FDIC. The financial statements for the DIF comprise the balance sheets as of December 31, 2017, and 2016; the related statements of income and fund balance and of cash flows for the years then ended; and the related notes to the financial statements. The financial statements for the FRF comprise the balance sheets as of December 31, 2017, and 2016; the related statements of income and accumulated deficit and of cash flows for the years then ended; and the related notes to the financial statements. We also have audited FDIC’s internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2017, based on criteria established under 31 U.S.C. § 3512(c), (d), commonly known as the Federal Managers’ Financial Integrity Act (FMFIA).

We conducted our audits in accordance with U.S. generally accepted government auditing standards. We believe that the audit evidence we obtained is sufficient and appropriate to provide a basis for our audit opinions.

Management’s Responsibility

FDIC management is responsible for (1) the preparation and fair presentation of these financial statements in accordance with U.S. generally accepted accounting principles; (2) preparing and presenting other information included in documents containing the audited financial statements and auditor’s report, and ensuring the consistency of that information with the audited financial statements; (3) maintaining effective internal control over financial reporting, including the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; (4) evaluating the effectiveness of internal control over financial reporting based on the criteria established under FMFIA; and (5) its assessment about the effectiveness of internal control over financial reporting as of December 31, 2017, included in the accompanying Management’s Report on Internal Control over Financial Reporting in appendix I.

Auditor’s Responsibility

Our responsibility is to express opinions on these financial statements and opinions on FDIC’s internal control over financial reporting relevant to the DIF and to the FRF based on our audits. U.S. generally accepted government auditing standards require that we plan and perform the audits to obtain reasonable assurance about whether the financial statements are free from material misstatement, and whether effective internal control over financial reporting was maintained in all material respects. We are also responsible for applying certain limited procedures to other information included with the financial statements.

An audit of financial statements involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the auditor’s assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances. An audit of financial statements also involves evaluating the appropriateness of the accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.

An audit of internal control over financial reporting involves performing procedures to obtain evidence about whether a material weakness exists.5 The procedures selected depend on the auditor’s judgment, including the assessment of the risk that a material weakness exists. An audit of internal control over financial reporting also includes obtaining an understanding of internal control over financial reporting, and evaluating and testing the design and operating effectiveness of internal control over financial reporting based on the assessed risk. Our audit of internal control also considered FDIC’s process for evaluating and reporting on internal control over financial reporting based on criteria established under FMFIA. Our audits also included performing such other procedures as we considered necessary in the circumstances.

We did not evaluate all internal controls relevant to operating objectives as broadly established under FMFIA, such as those controls relevant to preparing performance information and ensuring efficient operations. We limited our internal control testing to testing controls over financial reporting. Our internal control testing was for the purpose of expressing an opinion on whether effective internal control over financial reporting was maintained, in all material respects. Consequently, our audit may not identify all deficiencies in internal control over financial reporting that are less severe than a material weakness.

Definitions and Inherent Limitations of Internal Control over Financial Reporting

An entity’s internal control over financial reporting is a process effected by those charged with governance, management, and other personnel, the objectives of which are to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with provisions of applicable laws, regulations, contracts, and grant agreements, noncompliance with which could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct, misstatements due to fraud or error. We also caution that projecting any evaluation of effectiveness to future periods is subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Opinions on Financial Statements

In our opinion,

Opinions on Internal Control over Financial Reporting

In our opinion,

FDIC made progress during 2017 in addressing a significant deficiency6 that we reported in our 2016 audit.7 Specifically, FDIC sufficiently addressed the deficiencies in information systems access and configuration management controls such that we no longer consider the remaining control deficiencies in this area, individually or collectively, to represent a significant deficiency as of December 31, 2017.

During our 2017 audit, we identified other deficiencies in FDIC’s internal control over financial reporting that we do not consider to be material weaknesses or significant deficiencies. Nonetheless, these deficiencies warrant FDIC management’s attention. We have communicated these matters to FDIC management and, where appropriate, will report on them separately.

Other Matters

Other Information

FDIC’s other information contains a wide range of information, some of which is not directly related to the financial statements. This information is presented for purposes of additional analysis and is not a required part of the financial statements. We read the other information included with the financial statements in order to identify material inconsistencies, if any, with the audited financial statements. Our audit was conducted for the purpose of forming opinions on the DIF and the FRF financial statements. We did not audit and do not express an opinion or provide any assurance on the other information.

Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements

In connection with our audits of the financial statements of the DIF and of the FRF, both of which are administered by FDIC, we tested compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements consistent with our auditor’s responsibility discussed below. We caution that noncompliance may occur and not be detected by these tests. We performed our tests of compliance in accordance with U.S. generally accepted government auditing standards.

Management’s Responsibility

FDIC management is responsible for complying with applicable laws, regulations, contracts, and grant agreements.

Auditor’s Responsibility

Our responsibility is to test compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements that have a direct effect on the determination of material amounts and disclosures in the financial statements of the DIF and of the FRF, and to perform certain other limited procedures. Accordingly, we did not test FDIC’s compliance with all applicable laws, regulations, contracts, and grant agreements.

Results of Our Tests for Compliance with Laws, Regulations, Contracts, and Grant Agreements

Our tests for compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements disclosed no instances of noncompliance for 2017 that would be reportable, with respect to the DIF and to the FRF, under U.S. generally accepted government auditing standards. However, the objective of our tests was not to provide an opinion on compliance with applicable laws, regulations, contracts, and grant agreements. Accordingly, we do not express such an opinion.

Intended Purpose of Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements

The purpose of this report is solely to describe the scope of our testing of compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements, and the results of that testing, and not to provide an opinion on compliance. This report is an integral part of an audit performed in accordance with U.S. generally accepted government auditing standards in considering compliance. Accordingly, this report on compliance with laws, regulations, contracts, and grant agreements is not suitable for any other purpose.

Agency Comments

In commenting on a draft of this report, FDIC stated that it was pleased to receive unmodified opinions on the DIF’s and the FRF’s financial statements, and noted that we reported that FDIC had effective internal control over financial reporting and that there was no reportable noncompliance with tested provisions of applicable laws, regulations, contracts, and grant agreements. Further, FDIC stated that it remains committed to ensuring sound financial management remains a top priority. The complete text of FDIC’s response is reprinted in appendix II.

James R. Dalkin’s signature

James R. Dalkin
Director
Financial Management and Assurance

February 8, 2018

1A third fund managed by FDIC, the Orderly Liquidation Fund, established by Section 210(n) of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376, 1506 (July 21, 2010), is unfunded and did not have any transactions from its inception in 2010 through 2017.

2Other information consists of information included with the financial statements, other than the auditor’s report.

3Act of September 21, 1950, Pub. L. No. 797, § 2[17], 64 Stat. 873, 890, classified as amended at 12 U.S.C. § 1827.

431 U.S.C. §§ 9101-9110.

5A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.

6A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

7GAO, Financial Audit: Federal Deposit Insurance Corporation Funds’ 2016 and 2015 Financial Statements, GAO-17-299R (Washington, D.C.: Feb. 15, 2017).

 

Previous | Contents | Next