Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Since 1933, no depositor has lost a penny of FDIC-insured funds

2014 Annual Report

Previous | Contents | Next

VI. Corporate Management Control

The FDIC uses several means to maintain comprehensive internal controls, ensure the overall effectiveness and efficiency of operations, and otherwise comply as necessary with the following federal standards, among others:

As a foundation for these efforts, the DOF Corporate Management Control Branch oversees a corporate-wide program of relevant activities by establishing policies and working with management in each division and office in the FDIC.  The FDIC has made a concerted effort to ensure that financial, reputational, and operational risks have been identified and that corresponding control needs are being incorporated into day-to-day operations.  The program also requires that comprehensive procedures be documented, employees be thoroughly trained, and supervisors be held accountable for performance and results.  Compliance monitoring is carried out through periodic management reviews and by the distribution of various activity reports to all levels of management.  Conscientious attention is also paid to the implementation of audit recommendations made by the FDIC Office of the Inspector General, the GAO, the Treasury Department’s Special Inspector General for the TARP program, and other providers of external/audit scrutiny.  The FDIC has received unmodified/unqualified opinions on its financial statement audits for 23 consecutive years, and these and other positive results reflect the effectiveness of the overall management control program.

The year 2014 was a continuation of our efforts over the past few years.  Considerable energy was devoted to ensuring that the FDIC’s processes and systems of control have kept pace with the workload, and that the FDIC’s foundation of controls throughout the FDIC remained strong.  Enhanced metrics, process mapping, and monitoring activities were put in action. 

In 2015, among other things, program evaluation activities will focus on human resources, process mapping, the continuation of activities associated with the Dodd-Frank Act, and contract oversight.  Continued emphasis and management scrutiny also will be applied to the accuracy and integrity of transactions, the expansion of performance metrics, and oversight of systems development efforts in general.            


As required under amended Section 5 of the Inspector General Act of 1978, the FDIC must report information on final action taken by management on certain audit reports.  For the federal fiscal year period October 1, 2013, through September 30, 2014, there were no audit reports in the following categories:

The table below provides information on final action taken by management on audit reports for the same fiscal year.

Report No. and Issue Date OIG Audit Finding Management Action Disallowed Costs
The Director of the Division of Administration should implement a formal sustainability program to encompass the FDIC's goals, processes, policies and procedures, and overall energy management efforts. The program should be documented and include written provisions for ensuring compliance with the various legislative requirements pertaining to energy efficiency. The FDIC's sustainability program for the Virginia Square buildings was expanded to include all headquarters facilities and the San Francisco Regional Office. The program was documented and incorporates the various legislative requirements on energy efficiency identified in the report.

Completed: 12/31/2014

The Acting Chief Information Officer should coordinate with the Division of Resolutions and Receiverships (DRR) and the Division of Risk Management Supervision (RMS) to ensure that existing applications developed under the divisions' direction comply with FDIC security policies pertaining to sensitivity assessments, privacy reviews, security plans, access control reviews, and separation
of duties.
The Division of Information Technology will review DRR and RMS' business-developed applications for noncompliance with FDIC security policies pertaining to sensitivity assessments, privacy reviews, security plans, access control reviews, and separation of duties. If an application is found to be noncompliant with FDIC security policies, noncompliant issues will be cataloged and communicated to the divisions. Necessary remedial actions will be identified during the review along with specific owners and due dates commensurate with the severity of the flaw(s).

Due Date: 04/15/2015



Previous | Contents | Next

Skip Footer back to content