2014 Annual Report
VI. Corporate Management Control
The FDIC uses several means to maintain comprehensive internal controls, ensure the overall effectiveness and efficiency of operations, and otherwise comply as necessary with the following federal standards, among others:
- Chief Financial Officers’ Act (CFO Act)
- Federal Managers’ Financial Integrity Act (FMFIA)
- Federal Financial Management Improvement Act (FFMIA)
- Government Performance and Results Act (GPRA)
- Federal Information Security Management Act (FISMA)
- OMB Circular A-123
- GAO’s Standards for Internal Control in the Federal Government
As a foundation for these efforts, the DOF Corporate Management Control Branch oversees a corporate-wide program of relevant activities by establishing policies and working with management in each division and office in the FDIC. The FDIC has made a concerted effort to ensure that financial, reputational, and operational risks have been identified and that corresponding control needs are being incorporated into day-to-day operations. The program also requires that comprehensive procedures be documented, employees be thoroughly trained, and supervisors be held accountable for performance and results. Compliance monitoring is carried out through periodic management reviews and by the distribution of various activity reports to all levels of management. Conscientious attention is also paid to the implementation of audit recommendations made by the FDIC Office of the Inspector General, the GAO, the Treasury Department’s Special Inspector General for the TARP program, and other providers of external/audit scrutiny. The FDIC has received unmodified/unqualified opinions on its financial statement audits for 23 consecutive years, and these and other positive results reflect the effectiveness of the overall management control program.
The year 2014 was a continuation of our efforts over the past few years. Considerable energy was devoted to ensuring that the FDIC’s processes and systems of control have kept pace with the workload, and that the FDIC’s foundation of controls throughout the FDIC remained strong. Enhanced metrics, process mapping, and monitoring activities were put in action.
In 2015, among other things, program evaluation activities will focus on human resources, process mapping, the continuation of activities associated with the Dodd-Frank Act, and contract oversight. Continued emphasis and management scrutiny also will be applied to the accuracy and integrity of transactions, the expansion of performance metrics, and oversight of systems development efforts in general.
MANAGEMENT REPORT ON FINAL ACTIONS
As required under amended Section 5 of the Inspector General Act of 1978, the FDIC must report information on final action taken by management on certain audit reports. For the federal fiscal year period October 1, 2013, through September 30, 2014, there were no audit reports in the following categories:
- Management Report on Final Action on Audits with Disallowed Costs; and
- Management Report on Final Action on Audits with Recommendations to Put Funds to Better Use.
The table below provides information on final action taken by management on audit reports for the same fiscal year.
|Report No. and Issue Date||OIG Audit Finding||Management Action||Disallowed Costs|
|The Director of the Division of Administration should implement a formal sustainability program to encompass the FDIC's goals, processes, policies and procedures, and overall energy management efforts. The program should be documented and include written provisions for ensuring compliance with the various legislative requirements pertaining to energy efficiency.||The FDIC's sustainability program for the Virginia Square buildings was expanded to include all headquarters facilities and the San Francisco Regional Office. The program was documented and incorporates the various legislative requirements on energy efficiency identified in the report.
|The Acting Chief Information Officer should coordinate with the Division of Resolutions and Receiverships (DRR) and the Division
of Risk Management Supervision (RMS) to ensure that existing applications developed under the divisions' direction comply with FDIC security policies pertaining to sensitivity assessments, privacy reviews, security plans, access control reviews, and separation
|The Division of Information Technology will review DRR and RMS' business-developed applications for noncompliance with FDIC security policies pertaining to sensitivity assessments, privacy reviews, security plans, access control reviews, and separation of duties. If an application is found to be noncompliant with FDIC security policies, noncompliant issues will be cataloged and communicated to the divisions. Necessary remedial actions will be identified during the review along with specific owners and due dates commensurate with the severity of the flaw(s).
Due Date: 04/15/2015