Program evaluations are designed to improve the operational effectiveness of FDIC's programs and ensure that objectives are met. These evaluations are often led by the Office of Enterprise Risk Management and are generally interdivisional, collaborative efforts involving management and staff from the affected program(s).
The Corporation's 2007 Annual Performance Plan contained several objectives aimed at ensuring that the FDIC would continue to address issues associated with implementation of Deposit Insurance Reform and continue its commitment to enhance systems security, privacy, and project management efforts. The following are the results of the Corporation's program evaluation activities for 2007.
The FDIC issued clarifying guidance on its authority to enforce conditions imposed in connection with deposit insurance applications, notices and requests. This guidance ensured consistency in reviewing proposals involving a change in bank control and the appropriateness of recommending conditions that are similar in nature and language to conditions imposed in deposit insurance applications.
The FDIC addressed several remaining Deposit Insurance Reform issues in 2007. Deposit Insurance Reform directly impacted the business process of assessments invoicing and collection, and forced major changes to the Assessment Invoice Management System (AIMS) and the FDICconnect interface. Significant upgrades were implemented in AIMS including a new pricing scheme, payment in arrears process, interim dividend process, one-time credit process, and a mechanism for tracking and reporting on the average deposit base.
In the third quarter of 2007, two Post Project Reviews (PPRs) were conducted. Their purpose is to improve the Corporation's future systems development efforts by reviewing recently implemented projects. Among the several significant reviews completed in 2007 were Phase Four of the Virtual Supervisory Information on the Net (ViSION) and the FDIC's New Financial Environment. PPRs currently underway include the Central Data Repository (CDR) and the Corporate Human Resources Information System Time and Attendance (CHRIS T&A). Both the CDR and CHRIS T&A PPRs are scheduled for completion in the first quarter of 2008.
In the area of systems security, the FDIC focused on mission-critical information systems and applications. The Corporation strengthened its procedures for securing and disposing of electronic data collected during examinations and using encryption to protect confidential/sensitive data. Further, the Corporation enacted measures to protect the privacy of personally-identifiable information (PII), including requiring mandatory Web-based privacy awareness training for employees and contractors, conducting Privacy Impact Assessments (PIAs) on systems identified as containing PII, and purging Social Security numbers from paper documents and automated systems files in certain program areas. The Corporation initiated a major security project during 2007 to review access to and to determine the continuing need for existing shared network folders. Those folders deemed necessary for ongoing operations will be reviewed for sensitive information and flagged with appropriate access rights. The remainder will be archived with restricted access. The first step of this project was completed in 2007 and resulted in access restrictions to domain users. The project will continue and be tracked as a Corporate Performance Objective in 2008.
The Corporation developed policies and procedures to ensure consistent implementation of and oversight for using Memoranda of Understanding and Interagency Agreements. This included expanding their use to promote the exchange of technical information with foreign banking authorities, foreign central banks and banking regulators.
Program evaluation activities in 2008 will focus on key corporate issues, including addressing privacy issues, shared folder access and security, and asset management. Of particular importance in 2008 is upgrading the FDIC's New Financial Environment, an integrated state-of-the-art financial management system.