V. Management Control
Enterprise Risk Management
The Office of Enterprise Risk Management,
under the auspices of the Chief Financial Officer
organization, is responsible for corporate oversight
of internal control and enterprise risk management
(ERM). This includes ensuring that the FDIC’s
operations and programs are effective and
efficient and that internal controls are sufficient to
minimize exposure to waste and mismanagement.
The FDIC recognizes the importance of a strong
risk management and internal control program
and has adopted a more proactive and enterprise-wide
approach to managing risk. This approach
focuses on the identification and mitigation of
risk consistently and effectively throughout the
Corporation, with emphasis on those areas/
issues most directly related to the FDIC’s
overall mission. As an independent government
corporation, the FDIC has different requirements
than appropriated federal government agencies;
nevertheless, its ERM program seeks to comply
with the spirit of the following standards,
among others:
- the Federal Managers’ Financial Integrity Act (FMFIA);
- the Chief Financial Officers Act (CFO Act);
- the Government Performance and Results Act (GPRA);
- the Federal Information Security Management Act (FISMA); and
- the OMB Circular A-123.
The CFO Act extends to
the FDIC the FMFIA
requirements for establishing, evaluating and
reporting on internal controls. The FMFIA
requires agencies to annually provide a statement
of assurance regarding the effectiveness of
management, administrative and accounting
controls, and financial management systems.
The FDIC has developed
and implemented
management, administrative, and financial systems
controls that reasonably ensure that:
- Programs are
efficiently and effectively carried
out in accordance with applicable laws and
management policies;
- Programs and resources
are safeguarded
against waste, fraud, and mismanagement;
- Obligations and costs
comply with applicable
laws; and
- Reliable, complete, and
timely data are
maintained for decision-making and
reporting purposes.
The FDIC’s control
standards incorporate the
Government Accountability Office’s (GAO)
Standards for Internal Control in the Federal
Government. Good internal control systems are
essential for ensuring the proper conduct of FDIC
business and the accomplishment of management
objectives by serving as checks and balances
against undesirable actions or outcomes.
As part of the
Corporation’s continued
commitment to establish and maintain effective
and efficient internal controls, FDIC management
routinely conducts reviews of internal control
systems. The results of these reviews, as well as
consideration of the results of audits, evaluations,
and reviews conducted by GAO, the Office of
Inspector General (OIG), and other outside
entities, are used as a basis for the FDIC’s
reporting on the condition of the Corporation’s
internal control activities.
|