Federal Housing Finance Agency Office of Inspector General Evaluation of the Division of Enterprise Regulation’s 2013 Examination Records: Successes and Opportunities Evaluation Report EVL-2015-001 October 6, 2014 October 6, 2014 TO: Nina A. Nichols, Deputy Director, Division of Enterprise Regulation FROM: Richard Parker, Deputy Inspector General for Evaluations SUBJECT: Evaluation of the Division of Enterprise Regulation’s 2013 Examination Records: Successes and Opportunities (EVL-2015-001) Summary This memorandum concludes our evaluation of the Federal Housing Finance Agency’s (FHFA or Agency) policies and practices for creating and maintaining examination documents and workpapers in compliance with the Federal Records Act and FHFA’s Records Management Policy. Our evaluation focused on examination workpapers1 created and maintained by the Division of Enterprise Regulation (DER); specifically, workpapers for targeted examinations that were completed as part of DER’s 2013 annual examinations of Fannie Mae and Freddie Mac.2 Properly prepared and stored workpapers are critical components of a well-managed examination program for financial institutions. Specifically, workpapers: Support examination findings and supervisory actions, and help ensure efficient and effective examination practices; Promote continuity over examination cycles; and 1 For purposes of this memorandum, workpapers are documents or data created or collected by examiners during the course of examination activities that support examination results, conclusions, findings, and ratings. FHFA, FHFA Examination Manual – Public, at 9 (Dec. 19, 2013) (online at http://www.fhfa.gov/SupervisionRegulation/Documents/ExaminationProgramOverview.pdf). 2 Targeted examinations allow for a deep or comprehensive assessment of the area under review. They are a critical component of supervision and are undertaken as needed, based on risk. See FHFA Examination Manual, at 22. OIG • EVL-2015-001 • October 6, 2014 2 Should be easily accessed and retrieved by examination staff as well as outside oversight entities.3 We reviewed DER’s workpapers for 28 targeted examinations conducted by the Fannie Mae and Freddie Mac Core Teams (together, the Core Teams)4 in 2013. We found that in each of these cases DER staff complied with the Agency’s recordkeeping policies and procedures. However, we also found that DER’s recordkeeping practices have limitations that impede the efficient retrieval of these workpapers by FHFA examiners, other FHFA personnel, and outside oversight entities such as the OIG.5 Accordingly, we recommend that DER adopt a comprehensive examination workpaper index and standardize electronic workpaper folder structures and naming conventions between the two Core Teams. Background Agency Recordkeeping Requirements FHFA’s current Records Management Policy6 (Records Policy) establishes the responsibilities and the procedures for maintaining and disposing of its records.7 One of the objectives of the Records Policy is to promote compliance with federal laws and regulations, National Archives and Records Administration (NARA) guidance, and related FHFA policies and best practices for managing records. The Records Policy requires the Agency to create a records schedule and division-level file plans.8 FHFA’s records schedule covers the retention and disposition schedule for all program and administrative records created by FHFA,9 and the division-level file plans define the documents that constitute records for each division.10 3 See FHFA, FHFA Examination Manual, at 9. See generally, Office of the Comptroller of the Currency (OCC), Bank Supervision Process: Comptroller’s Handbook, at 35-36 (Sept. 2007); OCC, PPM 5400-8 (Revised), “Supervision Work Papers” (Oct. 2002); FDIC, Risk Management Manual of Examination Policies: Section 1.1, at 17-19 (Oct. 2012); Federal Reserve Board, Commercial Bank Examination Manual: Section 1030.1 (Mar. 1994). 4 DER examiners are assigned to one of two core teams. The core teams conduct the statutory annual on-site safety and soundness examinations of Fannie Mae and Freddie Mac required by the Federal Housing Enterprises Financial Safety and Soundness Act of 1992, as amended. The core teams are further divided into teams specializing in risk areas including credit, governance, market, and operations. 5 OIG previously identified limitations in retrieving examination records created and maintained by FHFA’s Division of Bank Regulation. See OIG, FHFA’s Oversight of Troubled Federal Home Loan Banks, at 27-29 (Jan. 11, 2012) (EVL-2012-001) (online at http://www.fhfaoig.gov/Content/Files/Troubled Banks EVL-2012-001.pdf). 6 See FHFA, Policy No. 207, Records Management Policy (Jan. 9, 2009) (online at http://www.fhfa.gov/AboutUs/Policies/RIM Policies/Records Management Policy.pdf). 7 The Records Policy was originally issued in January 2009 and FHFA has reorganized several times since then. FHFA informed OIG that it is revising the Records Policy to reflect changes in recordkeeping responsibilities that resulted from these reorganizations. 8 See FHFA, Records Management Policy, at 2, 4. 9 The Agency’s records schedule includes FHFA’s Comprehensive Records Schedule, which provides retention and disposition authority for mission-related Agency records, and the General Records Schedule (GRS), which provides OIG • EVL-2015-001 • October 6, 2014 3 All FHFA employees and contractors are responsible for managing the Agency’s records in accordance with FHFA’s recordkeeping requirements. The Agency’s senior officials, which include the Director of FHFA, the Deputy Directors, Senior Associate Directors, Associate Directors, and Office Directors, have additional responsibilities for creating, maintaining, and protecting official agency records and enforcing compliance with the retention and disposition schedule for the records in their respective offices.11 In practical terms, this means that the head of each FHFA office is responsible for ensuring that the office’s recordkeeping complies with the Records Policy. DER’s Implementation of Recordkeeping Requirements As noted above, each FHFA division has the obligation and responsibility to implement the Records Policy and FHFA’s records schedule by establishing adequate and proper recordkeeping practices. In the case of DER, the FHFA Examination Manual12 (Exam Manual) and DER operating procedures13 describe the recordkeeping requirements for documents and workpapers created during examination activities. The Exam Manual applies to DER’s examinations of Fannie Mae and Freddie Mac as well as the Division of Bank Regulation’s (DBR) examinations of the Federal Home Loan Banks (FHLBanks) and the Office of Finance. The Exam Manual explains that certain examination workpapers prepared during the course of examination activities will meet the definition of a “record,” and that FHFA examination staff must maintain them in compliance with the Records Policy.14 DER examination staff must maintain final examination workpapers in the appropriate examination folder in FHFA’s electronic recordkeeping system. DER has issued division-level operating procedures that supplement the guidance contained in the Exam Manual and provide more detailed instructions to examiners regarding documentation requirements and file management policies. In January 2014, DER issued an operating disposal authority for administrative records common to many federal agencies, such as budget, procurement, personnel, and travel records. See FHFA, What is a Records Schedule? (May 2014) (online at http://www.fhfa.gov/AboutUs/Policies/RIM AtAGlance/What is a Records Schedule.pdf); see also FHFA, FHFA Comprehensive Records Schedule: Public Information, at 3 (Jan. 11, 2013) (online at http://www.fhfa.gov/AboutUs/Policies/Record Schedules/FHFA Comprehensive Records Schedule.pdf). 10 See FHFA, What is a File Plan? (May 2014) (online at http://www.fhfa.gov/AboutUs/Policies/RIM AtAGlance/What is a File Plan.pdf). 11 See FHFA, Records Management Policy, at 4-5. 12 FHFA, FHFA Examination Manual – Public (Dec. 19, 2013) (online at http://www.fhfa.gov/SupervisionRegulation/Documents/ExaminationProgramOverview.pdf). 13 DER issues internal guidance through different documents including supervision directives, examiner guidance bulletins and examiner bulletins, and division operating procedure bulletins. See FHFA, FHFA Examination Manual, at 5, 9. 14 See FHFA, FHFA Examination Manual, at 9. OIG • EVL-2015-001 • October 6, 2014 4 procedures bulletin (Operating Procedure)15 that provides procedures and guidelines for creating, naming, and storing DER electronic examination workpapers.16 DER’s Operating Procedure requires examiners to be familiar with the Records Policy and complete all required FHFA records management training.17 Part of this training involves educating examiners on how to properly maintain and dispose of DER workpapers that are considered Agency records according to FHFA’s Records Schedule and DER’s File Plan. DER generates a variety of examination workpapers including request letters, procedure documents, analysis memoranda, and conclusion letters.18 (See Figure 1 below). These and other examination workpapers are considered Agency records for purposes of the Federal Records Act and are governed by the Records Policy. Figure 1: DER Workpaper Descriptions19 Type Description Communicates to the Enterprise the purpose and scope of the Request Letter targeted examination, and includes a preliminary document request. Describes the scope and objective of the targeted examination, level of risk(s), steps to assess risk management, and steps to Procedures Document complete testing and analysis of Enterprise information, data, documents, and other materials. Documents the analysis, conclusions, and findings of the Analysis Memorandum targeted examination. Communicates to the Enterprise the final conclusions of Conclusion Letter targeted examination activities and, when applicable, examination findings. 15 See DER, Operating Procedures Bulletin No. 2014-DER-OPB-01 (Non-Public) (Jan. 27, 2014). 16 Consistent with common examination and audit practice, workpapers—whether they are in digital or paper format—should be maintained in accordance with a logical filing structure in order to facilitate access, control, review, and retrieval for future use. See generally, FHFA, FHFA Examination Manual, at 8-9; OCC, PPM 5400-8 (Revised), at 7; Public Company Accounting Oversight Board (PCAOB), PCAOB Release 2004-006, at A1-3-5 (June 9, 2004). Consistency in the organization of electronic workpapers is an important element of the examination program. In order to promote consistency in workpapers, the Operating Procedure encourages examiners to follow the workpaper naming conventions identified in the Procedure. 17 FHFA requires “mandatory records and information management training for every government employee to ensure everyone understands his or her responsibilities and the procedures for appropriately keeping and disposing of records.” FHFA, Records and Information Management (RIM) (online at http://www.fhfa.gov/AboutUs/Policies/Pages/Records-Management.aspx) (accessed Aug. 7, 2013). 18 See FHFA, FHFA Comprehensive Records Schedule, at 8. 19 DER may create other types of workpapers during the course of an examination. OIG chose to focus on these four workpapers because they are required for every targeted examination. See infra Finding 1. OIG • EVL-2015-001 • October 6, 2014 5 DER’s Operating Procedure provides high-level recordkeeping guidelines but delegates the specific design of DER’s recordkeeping structures to the examiner-in-charge (EIC) of the Fannie Mae Core Team and the Freddie Mac Core Team. The Operating Procedure requires examiners to file workpapers in FHFA’s electronic recordkeeping system that the EIC has authorized for the storage of examination documents. In practice, each Core Team files its final approved workpapers in authorized folders located on FHFA’s electronic recordkeeping system. DER’s Operating Procedure does not require the EICs to adopt standardized electronic folder structures or naming conventions. As a consequence, the two DER Core Teams have adopted different folder structures for their examination documents. Findings 1. DER’s 2013 Examination Records Complied with Established Policies To test DER’s recordkeeping practices against the applicable policies and procedures, OIG selected the 28 targeted examinations completed by the Core Teams in 2013.20 OIG reviewed the workpapers of each targeted examination in electronic format in FHFA’s electronic recordkeeping system. We confirmed that DER examiners created and stored four required examination records for each of the 28 targeted examinations. Specifically, we found that each examination’s electronic recordkeeping folder contained a request letter, a procedure document, an analysis memorandum, and a conclusion letter. This indicates that DER’s practices conform to FHFA’s and DER’s recordkeeping requirements.21 2. DER Examination Recordkeeping Practices Have Limitations that Impede Efficient Workpaper Identification and Retrieval Although we found DER maintained required workpapers in its recordkeeping system, DER’s recordkeeping practices have the following limitations: DER has not established an index or directory that identifies the universe of workpapers that support targeted examination conclusions and recommendations; The two Core Teams use different electronic folder naming conventions for comparable examination activities and documents; and 20 The Core Teams provided OIG with the targeted examinations completed in 2013. A review of DER examination records created prior to the 2013 annual on-site examination was outside the scope of this evaluation. Examination activities other than targeted examinations were outside the scope of this evaluation. 21 The Operating Procedure requires the four forms of workpapers identified in Figure 1 for every targeted examination. Other forms of workpapers, such as meeting notes and report notes, may be appropriate depending on the examination activity. We confined our review to the four required workpaper forms to narrow the scope of documents and thereby facilitate a timely review. Accordingly, we do not opine on whether every workpaper for each targeted examination was properly completed and stored in the recordkeeping system. OIG • EVL-2015-001 • October 6, 2014 6 DER workpaper folders do not adhere to a cohesive, common structure. Given these limitations, DER’s recordkeeping practices do not support the efficient retrieval of examination Naming conventions are workpapers by FHFA examiners, other FHFA personnel, protocols for assigning file and or outside oversight entities such as the OIG. For folder names to the directories example, we required assistance from DER Core Team in the electronic recordkeeping personnel to identify the electronic folders that contain system. the complete collection of examination workpapers. A comprehensive index of workpapers and a common folder structure would address this limitation and would benefit FHFA examiners and any third- party reviewers. Given the limitations in DER’s current recordkeeping practices, the Agency could face difficulties in identifying and producing examination workpapers for any required purpose. We observe that DER policies and procedures contemplate standardized examination recordkeeping practices. In particular, DER’s Operating Procedure encourages the EICs of the Core Teams to adopt standardized electronic folder structures and workpaper naming conventions. However, the procedure does not require such standardization; nor does it require a comprehensive workpaper index or directory.22 FHFA officials informed us that an effort is under way to enhance the Agency’s electronic recordkeeping system. It is not clear whether this effort addresses standardized electronic folder structures and naming conventions. This Agency effort was outside the scope of our evaluation. Conclusion DER maintains examination workpapers in accordance with both its Operating Procedure and the Agency’s recordkeeping policies. However, DER’s recordkeeping practices have limitations that impede the efficient retrieval of these workpapers by FHFA examiners, other FHFA personnel, and outside oversight entities. Recommendation We recommend that DER: Adopt a comprehensive examination workpaper index; and Standardize electronic workpaper folder structures and naming conventions between the two Core Teams. 22 OIG notes that every FHFA examination module instructs examiners to review prior examination work as they prepare for current examination activities. Standardized folder structures would facilitate examiner identification of electronic workpapers and make the review process more efficient. OIG • EVL-2015-001 • October 6, 2014 7 In addition, we recommend that FHFA and DER upgrade recordkeeping practices as necessary to enhance the identification and retrieval of critical workpapers. Scope and Methodology The objective of this evaluation was to assess FHFA’s policies and practices for creating and maintaining examination documents and workpapers in compliance with the Federal Records Act and FHFA’s Records Management Policy. To achieve this objective, we reviewed public and non-public documents containing information on FHFA’s and DER’s recordkeeping policies and procedures. We also interviewed FHFA and DER personnel. To test DER’s recordkeeping practices, we reviewed the request letter, procedure document, analysis memorandum, and conclusion letter of 28 targeted examinations completed by the Core Teams in 2013 in electronic format as maintained in FHFA’s electronic recordkeeping system. The Core Teams provided OIG with the targeted examinations completed in 2013. A review of DER examination records created prior to the 2013 annual on-site examination and exam activities other than targeted examinations were outside the scope of this evaluation. Our work was conducted under the authority of the Inspector General Act and in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation (January 2012). These standards require us to plan and perform an evaluation based upon evidence sufficient to provide reasonable bases to support its findings and recommendations. We believe that the findings and recommendation discussed in this memorandum meet these standards. The performance period for this evaluation was from April 2014 to August 2014. This evaluation was led by Kyle D. Roberts, Director, Division of Supervision and Regulation, and Alexa Strear, Investigative Counsel. We appreciate the cooperation of FHFA staff, as well as the assistance of all those who contributed to the preparation of this report. It has been distributed to Congress, the Office of Management and Budget, and others and will be posted on OIG’s website, www.fhfaoig.gov. cc: Melvin L. Watt, Director Lawrence Stauffer, Acting Chief Operating Officer John Major, Manager, Internal Controls and Audit Follow-Up OIG • EVL-2015-001 • October 6, 2014 8 Appendix A FHFA’s Comments OIG • EVL-2015-001 • October 6, 2014 9 OIG • EVL-2015-001 • October 6, 2014 10 Appendix B OIG’s Response to FHFA’s Comments In light of the Agency’s response and additional communication from DER, we will treat FHFA’s comments as an acceptance of our recommendations. We will review the methodology, results, and conclusions of DER’s cost-benefit analysis when they become available, no later than January 20, 2015, and determine whether DER’s actions satisfy our recommendations. OIG • EVL-2015-001 • October 6, 2014 11 Additional Information and Copies For additional copies of this report: Call: (202) 730-0880 Fax: (202) 318-0239 Visit: www.fhfaoig.gov To report alleged fraud, waste, abuse, mismanagement, or any other kind of criminal or noncriminal misconduct relative to FHFA’s programs or operations: Call: (800) 793-7724 Fax: (202) 318-0385 Visit: www.fhfaoig.gov/ReportFraud Write: FHFA Office of Inspector General Attn: Office of Investigation – Hotline 400 Seventh Street, S.W. Washington, DC 20024 OIG • EVL-2015-001 • October 6, 2014 12
Evaluation of the Division of Enterprise Regulation's 2013 Examination Records: Successes and Opportunities
Published by the Federal Housing Finance Agency, Office of Inspector General on 2014-10-06.
Below is a raw (and likely hideous) rendition of the original report. (PDF)