oversight

Evaluation of the Division of Enterprise Regulation's 2013 Examination Records: Successes and Opportunities

Published by the Federal Housing Finance Agency, Office of Inspector General on 2014-10-06.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

          Federal Housing Finance Agency
               Office of Inspector General




    Evaluation of the Division of
      Enterprise Regulation’s
    2013 Examination Records:
    Successes and Opportunities




Evaluation Report  EVL-2015-001  October 6, 2014
                                               October 6, 2014


TO:              Nina A. Nichols, Deputy Director, Division of Enterprise Regulation


FROM:            Richard Parker, Deputy Inspector General for Evaluations


SUBJECT:         Evaluation of the Division of Enterprise Regulation’s 2013 Examination Records:
                 Successes and Opportunities (EVL-2015-001)


Summary

This memorandum concludes our evaluation of the Federal Housing Finance Agency’s (FHFA
or Agency) policies and practices for creating and maintaining examination documents and
workpapers in compliance with the Federal Records Act and FHFA’s Records Management
Policy. Our evaluation focused on examination workpapers1 created and maintained by the
Division of Enterprise Regulation (DER); specifically, workpapers for targeted examinations that
were completed as part of DER’s 2013 annual examinations of Fannie Mae and Freddie Mac.2

Properly prepared and stored workpapers are critical components of a well-managed examination
program for financial institutions. Specifically, workpapers:

       Support examination findings and supervisory actions, and help ensure efficient and
        effective examination practices;

       Promote continuity over examination cycles; and




1
  For purposes of this memorandum, workpapers are documents or data created or collected by examiners during the
course of examination activities that support examination results, conclusions, findings, and ratings. FHFA, FHFA
Examination Manual – Public, at 9 (Dec. 19, 2013) (online at
http://www.fhfa.gov/SupervisionRegulation/Documents/ExaminationProgramOverview.pdf).
2
 Targeted examinations allow for a deep or comprehensive assessment of the area under review. They are a critical
component of supervision and are undertaken as needed, based on risk. See FHFA Examination Manual, at 22.




                                  OIG • EVL-2015-001 • October 6, 2014
                                                        2
         Should be easily accessed and retrieved by examination staff as well as outside oversight
          entities.3

We reviewed DER’s workpapers for 28 targeted examinations conducted by the Fannie Mae and
Freddie Mac Core Teams (together, the Core Teams)4 in 2013. We found that in each of these
cases DER staff complied with the Agency’s recordkeeping policies and procedures. However,
we also found that DER’s recordkeeping practices have limitations that impede the efficient
retrieval of these workpapers by FHFA examiners, other FHFA personnel, and outside oversight
entities such as the OIG.5 Accordingly, we recommend that DER adopt a comprehensive
examination workpaper index and standardize electronic workpaper folder structures and naming
conventions between the two Core Teams.

Background

Agency Recordkeeping Requirements

FHFA’s current Records Management Policy6 (Records Policy) establishes the responsibilities
and the procedures for maintaining and disposing of its records.7 One of the objectives of the
Records Policy is to promote compliance with federal laws and regulations, National Archives
and Records Administration (NARA) guidance, and related FHFA policies and best practices
for managing records. The Records Policy requires the Agency to create a records schedule and
division-level file plans.8 FHFA’s records schedule covers the retention and disposition schedule
for all program and administrative records created by FHFA,9 and the division-level file plans
define the documents that constitute records for each division.10

3
 See FHFA, FHFA Examination Manual, at 9. See generally, Office of the Comptroller of the Currency (OCC),
Bank Supervision Process: Comptroller’s Handbook, at 35-36 (Sept. 2007); OCC, PPM 5400-8 (Revised),
“Supervision Work Papers” (Oct. 2002); FDIC, Risk Management Manual of Examination Policies: Section 1.1, at
17-19 (Oct. 2012); Federal Reserve Board, Commercial Bank Examination Manual: Section 1030.1 (Mar. 1994).
4
  DER examiners are assigned to one of two core teams. The core teams conduct the statutory annual on-site safety
and soundness examinations of Fannie Mae and Freddie Mac required by the Federal Housing Enterprises Financial
Safety and Soundness Act of 1992, as amended. The core teams are further divided into teams specializing in risk
areas including credit, governance, market, and operations.
5
 OIG previously identified limitations in retrieving examination records created and maintained by FHFA’s
Division of Bank Regulation. See OIG, FHFA’s Oversight of Troubled Federal Home Loan Banks, at 27-29 (Jan.
11, 2012) (EVL-2012-001) (online at http://www.fhfaoig.gov/Content/Files/Troubled Banks EVL-2012-001.pdf).
6
  See FHFA, Policy No. 207, Records Management Policy (Jan. 9, 2009) (online at
http://www.fhfa.gov/AboutUs/Policies/RIM Policies/Records Management Policy.pdf).
7
  The Records Policy was originally issued in January 2009 and FHFA has reorganized several times since then.
FHFA informed OIG that it is revising the Records Policy to reflect changes in recordkeeping responsibilities that
resulted from these reorganizations.
8
    See FHFA, Records Management Policy, at 2, 4.
9
  The Agency’s records schedule includes FHFA’s Comprehensive Records Schedule, which provides retention and
disposition authority for mission-related Agency records, and the General Records Schedule (GRS), which provides




                                   OIG • EVL-2015-001 • October 6, 2014
                                                         3
All FHFA employees and contractors are responsible for managing the Agency’s records in
accordance with FHFA’s recordkeeping requirements. The Agency’s senior officials, which
include the Director of FHFA, the Deputy Directors, Senior Associate Directors, Associate
Directors, and Office Directors, have additional responsibilities for creating, maintaining, and
protecting official agency records and enforcing compliance with the retention and disposition
schedule for the records in their respective offices.11 In practical terms, this means that the head
of each FHFA office is responsible for ensuring that the office’s recordkeeping complies with the
Records Policy.

DER’s Implementation of Recordkeeping Requirements

As noted above, each FHFA division has the obligation and responsibility to implement the
Records Policy and FHFA’s records schedule by establishing adequate and proper recordkeeping
practices. In the case of DER, the FHFA Examination Manual12 (Exam Manual) and DER
operating procedures13 describe the recordkeeping requirements for documents and workpapers
created during examination activities.

The Exam Manual applies to DER’s examinations of Fannie Mae and Freddie Mac as well
as the Division of Bank Regulation’s (DBR) examinations of the Federal Home Loan Banks
(FHLBanks) and the Office of Finance. The Exam Manual explains that certain examination
workpapers prepared during the course of examination activities will meet the definition of a
“record,” and that FHFA examination staff must maintain them in compliance with the Records
Policy.14 DER examination staff must maintain final examination workpapers in the appropriate
examination folder in FHFA’s electronic recordkeeping system.

DER has issued division-level operating procedures that supplement the guidance contained in
the Exam Manual and provide more detailed instructions to examiners regarding documentation
requirements and file management policies. In January 2014, DER issued an operating


disposal authority for administrative records common to many federal agencies, such as budget, procurement,
personnel, and travel records. See FHFA, What is a Records Schedule? (May 2014) (online at
http://www.fhfa.gov/AboutUs/Policies/RIM AtAGlance/What is a Records Schedule.pdf); see also FHFA, FHFA
Comprehensive Records Schedule: Public Information, at 3 (Jan. 11, 2013) (online at
http://www.fhfa.gov/AboutUs/Policies/Record Schedules/FHFA Comprehensive Records Schedule.pdf).
10
  See FHFA, What is a File Plan? (May 2014) (online at http://www.fhfa.gov/AboutUs/Policies/RIM
AtAGlance/What is a File Plan.pdf).
11
     See FHFA, Records Management Policy, at 4-5.
12
   FHFA, FHFA Examination Manual – Public (Dec. 19, 2013) (online at
http://www.fhfa.gov/SupervisionRegulation/Documents/ExaminationProgramOverview.pdf).
13
  DER issues internal guidance through different documents including supervision directives, examiner guidance
bulletins and examiner bulletins, and division operating procedure bulletins. See FHFA, FHFA Examination
Manual, at 5, 9.
14
     See FHFA, FHFA Examination Manual, at 9.




                                   OIG • EVL-2015-001 • October 6, 2014
                                                       4
procedures bulletin (Operating Procedure)15 that provides procedures and guidelines for creating,
naming, and storing DER electronic examination workpapers.16

DER’s Operating Procedure requires examiners to be familiar with the Records Policy and
complete all required FHFA records management training.17 Part of this training involves
educating examiners on how to properly maintain and dispose of DER workpapers that are
considered Agency records according to FHFA’s Records Schedule and DER’s File Plan. DER
generates a variety of examination workpapers including request letters, procedure documents,
analysis memoranda, and conclusion letters.18 (See Figure 1 below). These and other
examination workpapers are considered Agency records for purposes of the Federal Records
Act and are governed by the Records Policy.

                                   Figure 1: DER Workpaper Descriptions19

                   Type                                                 Description
                                           Communicates to the Enterprise the purpose and scope of the
     Request Letter                        targeted examination, and includes a preliminary document
                                           request.
                                           Describes the scope and objective of the targeted examination,
                                           level of risk(s), steps to assess risk management, and steps to
     Procedures Document
                                           complete testing and analysis of Enterprise information, data,
                                           documents, and other materials.
                                           Documents the analysis, conclusions, and findings of the
     Analysis Memorandum
                                           targeted examination.
                                           Communicates to the Enterprise the final conclusions of
     Conclusion Letter                     targeted examination activities and, when applicable,
                                           examination findings.


15
     See DER, Operating Procedures Bulletin No. 2014-DER-OPB-01 (Non-Public) (Jan. 27, 2014).
16
   Consistent with common examination and audit practice, workpapers—whether they are in digital or paper
format—should be maintained in accordance with a logical filing structure in order to facilitate access, control,
review, and retrieval for future use. See generally, FHFA, FHFA Examination Manual, at 8-9; OCC, PPM 5400-8
(Revised), at 7; Public Company Accounting Oversight Board (PCAOB), PCAOB Release 2004-006, at A1-3-5
(June 9, 2004). Consistency in the organization of electronic workpapers is an important element of the examination
program. In order to promote consistency in workpapers, the Operating Procedure encourages examiners to follow
the workpaper naming conventions identified in the Procedure.
17
   FHFA requires “mandatory records and information management training for every government employee to
ensure everyone understands his or her responsibilities and the procedures for appropriately keeping and disposing
of records.” FHFA, Records and Information Management (RIM) (online at
http://www.fhfa.gov/AboutUs/Policies/Pages/Records-Management.aspx) (accessed Aug. 7, 2013).
18
     See FHFA, FHFA Comprehensive Records Schedule, at 8.
19
  DER may create other types of workpapers during the course of an examination. OIG chose to focus on these
four workpapers because they are required for every targeted examination. See infra Finding 1.




                                   OIG • EVL-2015-001 • October 6, 2014
                                                         5
DER’s Operating Procedure provides high-level recordkeeping guidelines but delegates the
specific design of DER’s recordkeeping structures to the examiner-in-charge (EIC) of the Fannie
Mae Core Team and the Freddie Mac Core Team. The Operating Procedure requires examiners
to file workpapers in FHFA’s electronic recordkeeping system that the EIC has authorized for
the storage of examination documents. In practice, each Core Team files its final approved
workpapers in authorized folders located on FHFA’s electronic recordkeeping system. DER’s
Operating Procedure does not require the EICs to adopt standardized electronic folder structures
or naming conventions. As a consequence, the two DER Core Teams have adopted different
folder structures for their examination documents.

Findings

     1. DER’s 2013 Examination Records Complied with Established Policies

To test DER’s recordkeeping practices against the applicable policies and procedures, OIG
selected the 28 targeted examinations completed by the Core Teams in 2013.20 OIG reviewed
the workpapers of each targeted examination in electronic format in FHFA’s electronic
recordkeeping system.

We confirmed that DER examiners created and stored four required examination records for
each of the 28 targeted examinations. Specifically, we found that each examination’s electronic
recordkeeping folder contained a request letter, a procedure document, an analysis memorandum,
and a conclusion letter. This indicates that DER’s practices conform to FHFA’s and DER’s
recordkeeping requirements.21

     2. DER Examination Recordkeeping Practices Have Limitations that Impede Efficient
        Workpaper Identification and Retrieval

Although we found DER maintained required workpapers in its recordkeeping system, DER’s
recordkeeping practices have the following limitations:

        DER has not established an index or directory that identifies the universe of workpapers
         that support targeted examination conclusions and recommendations;

        The two Core Teams use different electronic folder naming conventions for comparable
         examination activities and documents; and

20
   The Core Teams provided OIG with the targeted examinations completed in 2013. A review of DER examination
records created prior to the 2013 annual on-site examination was outside the scope of this evaluation. Examination
activities other than targeted examinations were outside the scope of this evaluation.
21
  The Operating Procedure requires the four forms of workpapers identified in Figure 1 for every targeted
examination. Other forms of workpapers, such as meeting notes and report notes, may be appropriate depending
on the examination activity. We confined our review to the four required workpaper forms to narrow the scope of
documents and thereby facilitate a timely review. Accordingly, we do not opine on whether every workpaper for
each targeted examination was properly completed and stored in the recordkeeping system.




                                  OIG • EVL-2015-001 • October 6, 2014
                                                        6
        DER workpaper folders do not adhere to a cohesive, common structure.

Given these limitations, DER’s recordkeeping practices
do not support the efficient retrieval of examination          Naming conventions are
workpapers by FHFA examiners, other FHFA personnel,            protocols for assigning file and
or outside oversight entities such as the OIG. For             folder names to the directories
example, we required assistance from DER Core Team             in the electronic recordkeeping
personnel to identify the electronic folders that contain      system.
the complete collection of examination workpapers.
A comprehensive index of workpapers and a common
folder structure would address this limitation and would benefit FHFA examiners and any third-
party reviewers. Given the limitations in DER’s current recordkeeping practices, the Agency
could face difficulties in identifying and producing examination workpapers for any required
purpose.

We observe that DER policies and procedures contemplate standardized examination
recordkeeping practices. In particular, DER’s Operating Procedure encourages the EICs of
the Core Teams to adopt standardized electronic folder structures and workpaper naming
conventions. However, the procedure does not require such standardization; nor does it require
a comprehensive workpaper index or directory.22

FHFA officials informed us that an effort is under way to enhance the Agency’s electronic
recordkeeping system. It is not clear whether this effort addresses standardized electronic folder
structures and naming conventions. This Agency effort was outside the scope of our evaluation.

Conclusion

DER maintains examination workpapers in accordance with both its Operating Procedure and the
Agency’s recordkeeping policies. However, DER’s recordkeeping practices have limitations that
impede the efficient retrieval of these workpapers by FHFA examiners, other FHFA personnel,
and outside oversight entities.

Recommendation

We recommend that DER:

        Adopt a comprehensive examination workpaper index; and

        Standardize electronic workpaper folder structures and naming conventions between the
         two Core Teams.



22
  OIG notes that every FHFA examination module instructs examiners to review prior examination work as they
prepare for current examination activities. Standardized folder structures would facilitate examiner identification of
electronic workpapers and make the review process more efficient.




                                    OIG • EVL-2015-001 • October 6, 2014
                                                          7
In addition, we recommend that FHFA and DER upgrade recordkeeping practices as necessary to
enhance the identification and retrieval of critical workpapers.

Scope and Methodology

The objective of this evaluation was to assess FHFA’s policies and practices for creating and
maintaining examination documents and workpapers in compliance with the Federal Records
Act and FHFA’s Records Management Policy.

To achieve this objective, we reviewed public and non-public documents containing information
on FHFA’s and DER’s recordkeeping policies and procedures. We also interviewed FHFA
and DER personnel. To test DER’s recordkeeping practices, we reviewed the request letter,
procedure document, analysis memorandum, and conclusion letter of 28 targeted examinations
completed by the Core Teams in 2013 in electronic format as maintained in FHFA’s electronic
recordkeeping system. The Core Teams provided OIG with the targeted examinations completed
in 2013. A review of DER examination records created prior to the 2013 annual on-site
examination and exam activities other than targeted examinations were outside the scope of
this evaluation.

Our work was conducted under the authority of the Inspector General Act and in accordance
with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for
Inspection and Evaluation (January 2012). These standards require us to plan and perform an
evaluation based upon evidence sufficient to provide reasonable bases to support its findings
and recommendations. We believe that the findings and recommendation discussed in this
memorandum meet these standards.

The performance period for this evaluation was from April 2014 to August 2014.

This evaluation was led by Kyle D. Roberts, Director, Division of Supervision and Regulation,
and Alexa Strear, Investigative Counsel.

We appreciate the cooperation of FHFA staff, as well as the assistance of all those who
contributed to the preparation of this report. It has been distributed to Congress, the Office of
Management and Budget, and others and will be posted on OIG’s website, www.fhfaoig.gov.



cc:    Melvin L. Watt, Director
       Lawrence Stauffer, Acting Chief Operating Officer
       John Major, Manager, Internal Controls and Audit Follow-Up




                              OIG • EVL-2015-001 • October 6, 2014
                                                 8
Appendix A

FHFA’s Comments




                  OIG • EVL-2015-001 • October 6, 2014
                                   9
OIG • EVL-2015-001 • October 6, 2014
                10
Appendix B

OIG’s Response to FHFA’s Comments

In light of the Agency’s response and additional communication from DER, we will treat
FHFA’s comments as an acceptance of our recommendations. We will review the methodology,
results, and conclusions of DER’s cost-benefit analysis when they become available, no later
than January 20, 2015, and determine whether DER’s actions satisfy our recommendations.




                            OIG • EVL-2015-001 • October 6, 2014
                                             11
Additional Information and Copies

For additional copies of this report:

         Call: (202) 730-0880

         Fax: (202) 318-0239

         Visit: www.fhfaoig.gov

To report alleged fraud, waste, abuse, mismanagement, or any other kind of criminal or
noncriminal misconduct relative to FHFA’s programs or operations:

         Call: (800) 793-7724

         Fax: (202) 318-0385

         Visit: www.fhfaoig.gov/ReportFraud

         Write:
                   FHFA Office of Inspector General
                   Attn: Office of Investigation – Hotline
                   400 Seventh Street, S.W.
                   Washington, DC 20024




                               OIG • EVL-2015-001 • October 6, 2014
                                                12