United States Government Accountability Office Washington, DC 20548 July 19, 2012 The Honorable Steven O. App Deputy to the Chairman and Chief Financial Officer Federal Deposit Insurance Corporation Subject: Management Report: Opportunities for Improvements in FDIC’s Shared Loss Estimation Process Dear Mr. App: In April 2012, we issued our report on the results of our audits of the financial statements of the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF) as of and for the years ending December 31, 2011, and 2010, and on the effectiveness of the Federal Deposit Insurance Corporation’s (FDIC) internal control over financial reporting as of December 31, 2011. We also reported our conclusions on FDIC’s compliance with selected provisions of laws and regulations. 1 As part of that audit, we identified a significant deficiency 2 in FDIC’s internal control over its shared loss estimation process for the DIF. The purpose of this report is to present additional information on the control deficiencies we identified during our 2011 audit that comprised the significant deficiency, along with our four related recommended corrective actions to address them. In addition, we are providing an update on our assessment of the status of recommendations we made to address control deficiencies identified in previous audits that were open at the beginning of our 2011 financial statement audits (see summary in encl. I). In a separate report 3, we provided details on additional information technology-related deficiencies also identified during our 2011 FDIC financial statement audits. These findings and related recommendations were issued in a separate report due to their sensitive nature. 1 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds’ 2011 and 2010 Financial Statements, GAO-12-416 (Washington, D.C.: Apr. 19, 2012). 2 A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit the attention of those charged with governance. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis. 3 GAO, Information Security: Opportunities Exist for the Federal Deposit Insurance Corporation to Improve Controls, GAO-12-609SU (Washington, D.C.: June 14, 2012). GAO-12-752R FDIC Management Report 2011 Results in Brief During our audit of the DIF’s 2011 and 2010 financial statements, we identified deficiencies in controls over FDIC’s process for deriving and reporting estimates of losses to the DIF from resolution transactions involving shared loss agreements. While these deficiencies, individually and collectively, did not constitute a material weakness in internal control over financial reporting, they nevertheless increased the risk of additional undetected errors or irregularities in the DIF’s financial statements. 4 Thus, these control deficiencies collectively represented a significant deficiency in FDIC’s internal control over financial reporting for the DIF related to estimating losses from shared loss agreements. Specifically, we found the following deficiencies in FDIC’s internal control over financial reporting for the DIF related to estimating losses from shared loss agreements: • FDIC did not have adequate documentation for key aspects of the shared loss estimation process. This, in turn, did not allow for sufficient review and oversight of its loss estimation process for shared loss agreements. As a result, FDIC’s multiple reviews and approvals did not identify three programming errors that existed in the shared loss model that caused errors in the shared loss estimate and resulted in errors in the DIF’s draft financial statements. • FDIC did not consistently implement its corporate software change management policies to its shared loss estimating process. This led to programming errors that went unidentified and resulted in inaccuracies in the DIF’s draft financial statements. • FDIC’s internal controls were not designed or implemented to ensure that the source data used by the shared loss model were accurate. As a result, FDIC did not identify errors in the source information or errors in the shared loss model that resulted in errors in the DIF’s draft financial statements. At the end of our description of each of these deficiencies, we provide our recommendations for strengthening FDIC’s related internal controls. These recommendations are intended to improve management’s oversight and controls and minimize the risk of misstatements in FDIC’s financial statements for the DIF. We also found that FDIC addressed many of the control deficiencies related to open recommendations from our prior audits. As a result, FDIC has eight financial management- related recommendations that need to be addressed, including four new recommendations we are making in this report. We provided FDIC with a draft of this report and obtained its written comments. In its comments, FDIC concurred with all of our recommendations and described actions it has taken, has underway, or plans to take to address the control weaknesses described in this report. In addition, FDIC provided an update on actions it has taken or plans to take to address our prior open recommendations related to its processing of receivership disbursements, its review of asset valuations, and its documentation of the shared loss estimation process. At the end of our discussion of each of the deficiencies in this report, we have summarized FDIC’s related comments and our evaluation. We have also reprinted FDIC’s written comments in their entirety in enclosure II. 4 A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis. Page 2 GAO-12-752R FDIC Management Report 2011 In addition to its written comments, FDIC provided technical comments, which we considered and have incorporated where appropriate. Scope and Methodology As part of our financial statement audits of the two funds 5 administered by FDIC, we determined whether FDIC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2011, as it relates to the two funds. We also tested compliance with selected provisions of laws and regulations that had a direct and material effect on the funds’ financial statements. In conducting the audit, we examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements, assessed the accounting principles used and significant estimates made by FDIC management, and obtained an understanding of FDIC and its operations. We also tested internal control over financial reporting. We did not evaluate all internal controls relevant to operating objectives, such as controls relevant to ensuring efficient operations. We limited our internal control testing to controls over financial reporting. We performed our audits of the DIF’s and the FRF’s 2011 and 2010 financial statements in accordance with U.S. generally accepted government auditing standards. We believe that our audits provided a reasonable basis for our conclusions in this report. Further details on our audit methodology are presented in enclosure III. Documentation for the Shared Loss Model During our 2011 financial audit, we found that FDIC lacked adequate documentation for key aspects of its shared loss estimation process for the DIF. Lacking such documentation, FDIC officials were unable to effectively review and verify the accuracy of the loss estimates associated with FDIC’s shared loss agreements. As a result, FDIC’s multiple reviews and approvals did not identify programming errors that existed within the shared loss model. This resulted in errors in the draft DIF financial statements that went undetected by FDIC. Since 2009, FDIC has used purchase and assumption agreements with accompanying shared loss agreements as the primary means of resolving failed financial institutions. Under such a purchase and assumption agreement, FDIC sells a failed institution to an acquirer with an agreement that FDIC, through the DIF, will share in losses the acquirer experiences in servicing and disposing of assets purchased and covered under these agreements. Typically, shared loss agreements are structured such that FDIC assumes 80 percent of any such losses. For financial reporting purposes, FDIC developed a process to calculate a lifetime loss estimate under these shared loss agreements. For 2011, the lifetime loss estimate was $42.8 billion (46 percent) of the total DIF allowance for losses related to the Receivables from resolutions, net line item on the DIF’s balance sheet at December 31, 2011. As an integral part of this shared loss estimation process, FDIC developed a series of computerized programs that are commonly referred to as the shared loss model. We reported in 2009 and again in 2010 that FDIC did not have clear, comprehensive documentation over the shared loss estimation process to allow for an effective level of review. FDIC attempted to address this continuing deficiency by strengthening its internal 5 FDIC is also the manager of the Orderly Liquidation Fund established under title II of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, § 210(n), 124 Stat. 1376, 1506 (July 21, 2010). That fund, established as a separate fund in the U.S. Treasury, is unfunded and conducted no transactions during the years covered by our audit. Thus, FDIC did not prepare financial statements for the fund. Page 3 GAO-12-752R FDIC Management Report 2011 controls over the entire process in 2011 through documenting flowcharts, data dictionaries, and high-level comprehensive descriptions of the process. However, FDIC did not document how the shared loss model should perform calculations or how the calculations relate to the estimation methodology. In December 2011, FDIC’s internal review reported a similar lack of documentation. 6 As a result, review of the model was problematic and ineffective. The documentation developed for the model did not clearly document, outside of the programs themselves, the calculations performed by the model to derive the estimates. As such, FDIC management or other reviewers were unable to identify the specific logic of the program to verify that it was accurately following management’s intentions. This deficiency led to undetected errors in the calculation of the shared loss estimate that were reflected in the initial draft of the DIF’s 2011 financial statements. Standards for Internal Control in the Federal Government states that internal control and all transactions and other significant events need to be clearly documented, and the documentation should be readily available for examination. The documentation should appear in management directives, administrative policies, or operating manuals. 7 Given that the shared loss estimate is a key element used in deriving the overall allowance for losses on the DIF’s Receivables from resolutions, net financial statement line item, it is critical that FDIC design and implement effective controls and ensure that all steps in the shared loss model are fully documented to allow for appropriate review of key steps in the process. Recommendation We recommend that you direct the appropriate FDIC officials to develop documentation specifying how the shared loss estimation model programs should perform calculations and how the calculations within the model’s programs relate to the shared loss estimation methodology. FDIC Comments and Our Evaluation FDIC agreed with our recommendation and stated that it is in the process of developing a document to define terms, assumptions, and calculations that are relevant to the shared loss estimation methodology. FDIC stated that it expects to have these actions fully implemented by August 31, 2012. We will review and evaluate FDIC’s documentation of the shared loss model during our 2012 financial audit. Change Control and Testing the Shared Loss Model During our 2011 financial audit, we found that FDIC did not consistently implement its corporate software change management policies to its shared loss model or data used in the shared loss estimating process. Although FDIC made progress in applying change management controls to those areas, it did not always (1) document change management procedures, (2) store all programs in the model in its software change management library, and (3) sufficiently test program changes. These deficiencies led to undetected programming errors resulting in inaccuracies in the initial year-end shared loss calculation. Although in most instances FDIC had documented and controlled changes to its major applications in accordance with its policies, it did not consistently implement its corporate software change management policies in controlling changes to the shared loss model. 6 FDIC Division of Resolutions and Receiverships, SAS Program Methodology Review (Washington, D.C.: Dec. 22, 2011). 7 GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: Nov. 1999). Page 4 GAO-12-752R FDIC Management Report 2011 Specifically, FDIC did not document its procedures for managing changes to the model used to derive its shared loss estimates. In addition, although FDIC used a software change management library for access and version control for most of the programs in the model, it did not use the library to store a program that generated data for the year-end calculation. Finally, even though FDIC conducted two tests of the changes to the model, one test was not designed to compare the program logic and the test results to the objective of the program, and the other test did not include all portions of the shared loss calculation in its scope. These deficiencies occurred because FDIC’s Division of Resolutions and Receivership’s process for managing changes to the model did not include steps to systematically propose, coordinate, approve, track, and implement program changes in accordance with FDIC’s established policies for software change management. Because of these deficiencies, FDIC did not detect certain programming errors either through its existing change management controls or through its testing of the model which resulted in undetected gross errors in the draft DIF financial statements’ overall allowance for losses of $578 million and a $184 million net reduction in the loss estimate. The specific programming errors resulted in the following: • Double counting covered losses 8 in the calculation of the liability estimate. The error affected the loss estimate for 40 different agreements and caused a $381 million overstatement to the overall allowance for losses • Misallocating of assets 9 across various asset categories. This error affected the loss estimate for 23 agreements and resulted in a $289,000 understatement to the overall allowance for losses. • Miscalculating true-up. 10 The model erroneously interpreted blank fields as zero dollar items, which resulted in a miscalculation of the estimated value of the true-up payment. The result of the error was an understatement to the overall allowance for losses of $197 million. While FDIC subsequently corrected these errors in finalizing the DIF’s 2011 financial statements, errors may continue to occur if changes to these programs are not consistently controlled, documented, and fully tested. Recommendations We recommend that you direct the appropriate FDIC officials to implement the corporation’s change management policies to the shared loss model by taking the following actions: • develop, document, and implement a formal change management process for the shared loss model that is consistent with FDIC’s corporate policies for software change management and • design and perform tests of the shared loss model to ensure that (1) the program logic and test results are consistent with the objectives of the programs and (2) all portions of the shared loss calculation are tested. 8 Covered losses are a key component used in the shared loss model to calculate FDIC’s estimated liability. 9 Asset balances are a key component used in the shared loss model to calculate the estimated liability. 10 True-up is a term used by FDIC to reflect a payment to FDIC from the acquiring institution to be made at the termination of the shared loss agreement if covered losses have not equaled estimates. Page 5 GAO-12-752R FDIC Management Report 2011 In a separate report with limited distribution, we made an additional recommendation to store all programs that make up the shared loss model in a software change management library. 11 FDIC Comments and Our Evaluation FDIC agreed with our change management recommendation and stated that it has planned improvements that are consistent with the corporation’s change management policies. Specifically, FDIC will implement a more complete change management process, including formal signoffs and testing checklists, and will upgrade documentation of the coding logic and business rules used in the estimation model. FDIC also agreed with our testing recommendation, stating that it will conduct more rigorous testing that covers all portions of the shared loss calculation. FDIC expects to have these actions fully implemented by November 30, 2012. We will evaluate the effectiveness of these new procedures during our 2012 financial audit. Source Data Used by the Shared Loss Model During our 2011 financial statement audit, we found FDIC’s controls were not designed or implemented to ensure that the source data used by its shared loss model were accurate. For example, when FDIC tested the model it did not include steps to verify either the model’s input or results with original source documents. FDIC’s data validation testing of the calculations focused on analytic testing rather than tracing transactions back to source documentation. Similarly, in its review of data integrity controls over one of the source databases for the model, FDIC concluded that tracing data back to its original source was not necessary to validate the data in the database. 12 However, because our audit procedures were designed to trace back to original source data, we identified errors not only in the source information but also in the model itself that FDIC’s testing did not identify. Subsequently, FDIC performed an additional validation of source data and identified potential errors in 45 receiverships. Errors in the source data from 4 receiverships resulted in undetected gross errors in the draft DIF financial statements’ overall allowance for losses of $191 million and a $90 million net reduction in the loss estimate. Had FDIC traced the data used by the model back to the original source documentation, these errors could have been identified and corrected before the final shared loss liability was calculated. Standards for Internal Control in the Federal Government states that internal control activities are to help ensure that all activities are completely and accurately recorded. These standards also state that internal control should generally be designed to assure that ongoing review and monitoring occurs in the course of normal operations. 13 11 GAO-12-609SU. 12 FDIC Division of Resolutions and Receiverships, General Controls Review of the Loss Share Database (Washington, D.C.: Dec. 8, 2011). 13 GAO/AIMD-00-21.3.1. Page 6 GAO-12-752R FDIC Management Report 2011 Recommendation To enhance the reliability of estimates produced by the shared loss model, we recommend that you direct the appropriate FDIC officials to design and perform tests to verify data used in the shared loss model back to an original source. FDIC Comments and Our Evaluation FDIC agreed with our recommendation and stated that it will expand testing procedures to include verification of certain data points of the model back to the original source documentation. FDIC stated that it expects to have these actions fully implemented by October 31, 2012. We will evaluate the effectiveness of these new testing procedures during our 2012 financial audit. Status of GAO Recommendations from FDIC Financial Audits and Related Management Reports FDIC has continued to work to address many of the control deficiencies related to open recommendations from our prior audits. At the beginning of our 2011 financial audit, we had 10 recommendations to improve FDIC’s financial operations from prior year audits that remained open and therefore required corrective action by FDIC. 14 In the course of performing our 2011 financial audits, we identified numerous actions FDIC took to address many of its previously identified control deficiencies. On the basis of FDIC’s actions, which we were able to substantiate through our audit, we are closing 6 of our prior years’ recommendations. Consequently, a total of 8 financial management–-related recommendations need to be addressed—4 remaining from our prior years’ audits and 4 new recommendations resulting from our 2011 financial audit. See enclosure I for more details on our assessment of the status of FDIC’s actions to address our prior year recommendations. 14 This does not include information systems security recommendations reported separately and with limited distribution due to their sensitive nature. Page 7 GAO-12-752R FDIC Management Report 2011 ----------- This report contains recommendations to you. We would appreciate receiving a description and status of your corrective actions within 30 days of the date of this report. This report is intended for use by FDIC management, members of the FDIC Audit Committee, and the FDIC Inspector General. We are sending copies of this report to the Chairman and Ranking Member of the Senate Committee on Banking, Housing, and Urban Affairs; the Chairman and Ranking Member of the House Committee on Financial Services; the Chairman of the Board of Directors of the Federal Deposit Insurance Corporation; the Chairman of the Board of Governors of the Federal Reserve System; the Comptroller of the Currency; the Secretary of the Treasury; the Director of the Office of Management and Budget; and other interested parties. In addition, this report is available at no charge on the GAO website at http://www.gao.gov. We acknowledge and appreciate the cooperation and assistance provided by FDIC management and staff during our audits of FDIC’s 2011 and 2010 financial statements. If you or members of your staff have any questions concerning this report, please contact Jim Dalkin at (202) 512-3133 or firstname.lastname@example.org or Greg Wilshusen at (202)-512-6244 or email@example.com. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in enclosure IV. Sincerely yours, James R. Dalkin Director Financial Management and Assurance Gregory C. Wilshusen Director Information Security Issues Enclosures - 4 Page 8 GAO-12-752R FDIC Management Report 2011 Enclosure I: Status of Recommendations That Were Open at the Beginning of GAO’s Audit of FDIC’s 2011 Financial Statements Audit area Status as of April 2012 Oversight of lockbox bank 1 Revise procedures to obtain assurance—through such means as SAS 70 reports, Closed internal audit reports, and other monitoring processes—that internal controls over receivership receipts are in place and functioning properly at the Dallas lockbox facility. (GAO-09-943R, p. 8) FDIC action: The Federal Deposit Insurance Corporation’s (FDIC) lockbox service provider does not engage for a SSAE 16 (formerly SAS 70) audit. To address this recommendation, FDIC conducted an internal control site visit of the lockbox facility and implemented check deposit tests to verify that the lockbox accurately deposited checks into FDIC’s account. FDIC revised its policies and procedures to require quarterly testing of check deposit. Processing receivership disbursements and expenses 2 Develop and implement written policies and procedures for assigning responsibility and Closed detailing actions required to effectively review and approve payment vouchers, enter and verify payment vouchers in the accounts payable system, and generate receivership payments through checks, wires, or electronic fund transfers. (GAO-11- 23R, p. 15) FDIC action: To address this recommendation, FDIC updated its policies and procedures to include assigning responsibility and giving guidance for approving payment vouchers and related activities. 3 Develop and implement written policies and procedures for reviewing receivership In progress liabilities, including assigning responsibility and detailing actions required for performing oversight reviews and the frequency for performing such reviews. (GAO-11-23R, p. 15) FDIC action: To address this recommendation, FDIC updated its policies and procedures. However, FDIC’s updates did not assign responsibility for preparing the tracking of account 2000. We will evalutate FDIC’s implementation of its new procedures during our 2012 financial audit. 4 Develop and implement written policies and procedures for reviewing and canceling Closed stale checks, including assigning specific responsibility, stating the frequency in which stale checks should be reviewed and cancelled, and detailing the manner in which banks are to be notified to cancel stale checks. (GAO-11-23R, p. 16) FDIC action: To address this recommendation, FDIC updated its policies and procedures to include a policy that governs the frequency at which stale checks should be reviewed and cancelled. 5 Take steps to reinforce the policy that voucher approvers ensure the accuracy and In progress validity of general ledger expense coding and hold preparers accountable for coding expenses correctly. (GAO-11-687R, p. 12) FDIC action: To address this recommendation, FDIC reinforced the policy that voucher approvers ensure the accuracy and validity of general ledger expense coding by sending an e-mail message reminding approvers to be diligent in reviewing the selection of expense general ledger accounts. FDIC also provided a job aid to facilitate selecting general ledger expense accounts and updated the general ledger expense account definitions for clarity. However, during our 2011 audit testing, we continued to find disbursements being applied to incorrect general ledger expense accounts. We will continue to monitor FDIC’s actions during our 2012 financial audit. Page 9 GAO-12-752R FDIC Management Report 2011 Audit area Status as of April 2012 Review of asset valuations 6 Establish a mechanism to better ensure FDIC officials comply with the SAVE In progress methodology’s review procedures for asset valuations, including correctly tracing the numbers used in the calculations back to the source documents and verifying that asset valuations are fully substantiated, logical, and reasonable. (GAO-11-687R, p. 11) FDIC action: To address this recommendation, FDIC added to its SAVE Job Aid sections detailing instructions on how to verify calculations and actions, affirm that assumptions are correctly applied, and review supporting documents that are the sources for the calculations, actions, and assumptions. Additionally, most of the SAVE asset valuation preparers and reviewers completed training in 2011. However, we found that FDIC did not always comply with the SAVE procedures in the Job Aid. As a result, the preparers made errors in valuing the assets and the first and second-level reviewers did not identify numerous errors in the valuation of the assets using the SAVE methodology. We will continue to monitor FDIC’s actions during our 2012 financial audit. Recognition of systemic risk revenue 7 Direct appropriate FDIC officials to document FDIC’s analysis and conclusions Closed regarding the amount of systemic risk revenue to recognize at December 2011. (GAO- 11-687R, p. 14) FDIC action: FDIC documented its analysis of deferred revenue recognition in 2011, recognizing Deposit Insurance Fund (DIF) revenue of $2.6 billion for fees related to debt guarantees that had expired. In recognizing this revenue FDIC transferred funds from restricted systemic risk cash and investments to the DIF’s cash and investments accounts. Procedures over financial reporting 8 Direct appropriate staff to complete revisions to the Accounting Operations Branch Closed procedures regarding the preparation and review of depreciation expenses and fringe benefits and leave allocations, to include providing sufficiently detailed steps staff and reviewers are to follow to perform their general ledger closing responsibilities completely and effectively. (GAO-11-687R, p. 15) FDIC action: FDIC staff completed revisions to the Accounting Operations Branch procedures regarding the preparation and review of depreciation expenses and fringe benefits and leave allocations. The revisions include detailed steps that allow staff and reviewers to perform their general ledger closing responsibilities completely and effectively. Documentation of shared loss estimation process 9 Direct the appropriate FDIC officials to develop comprehensive shared loss process In progress documentation to include detailing the shared loss estimation process steps to be followed from the inception of the agreement to the reporting on the financial statements, including details regarding assumptions, databases, computer programs, and any other related materials used to estimate losses resulting from shared loss agreements. (GAO-11-687R, p. 6) FDIC action: FDIC made progress in addressing this recommendation by attempting to strengthen its internal controls over the entire process in 2011. FDIC documented flow charts, developed multiple data dictionaries, and created high-level comprehensive descriptions of the process. However, FDIC continued to lack documentation in critical areas of the process such as the methodology and calculation of true-up recovery amounts, which are used to decrease current loss estimate amounts FDIC anticipates recovering when a shared loss agreement ends. We will continue to monitor progress in this area as part of our 2012 financial audit. Page 10 GAO-12-752R FDIC Management Report 2011 Audit area Status as of April 2012 Reviews of allowance for loss estimation process 10 Direct the appropriate FDIC officials to consider and adopt, as appropriate, additional Closed cost-effective automated tools and procedures for DOF officials to enhance the review and monitoring activities related to the LLR templates to gain additional assurance that the underlying data and calculations are complete and accurate. (GAO-11-687R, p. 9) FDIC action: To make the process more automated and less prone to error, FDIC’s Division of Finance (DOF) changed its process for generating the Loan Loss Reserve (LLR) templates used to perform the overall allowance for loss calculation. FDIC implemented the use of a software program to upload files and automatically run programmed mathematical calculations, which helps to ensure the consistency and accuracy of the estimates produced by the LLR templates. We tested the effectiveness of the program and found it to be producing a reliable overall allowance for loss estimate. Source: GAO and FDIC Page 11 GAO-12-752R FDIC Management Report 2011 Enclosure II: Comments from the Federal Deposit Insurance Corporation Page 12 GAO-12-752R FDIC Management Report 2011 Page 13 GAO-12-752R FDIC Management Report 2011 Page 14 GAO-12-752R FDIC Management Report 2011 Page 15 GAO-12-752R FDIC Management Report 2011 Enclosure III: Details on Audit Scope and Methodology To fulfill our responsibilities as auditor of the financial statements of the two funds administered by the Federal Deposit Insurance Corporation (FDIC), we did the following: • Examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements. • Assessed the accounting principles used and significant estimates made by FDIC management. • Evaluated the overall presentation of the financial statements. • Obtained an understanding of FDIC and its operations, including its internal control related to financial reporting and compliance with certain laws and regulations. • Assessed the risk that a material misstatement exists in the financial statements. • Tested relevant internal controls over financial reporting and compliance, and evaluated the design and operating effectiveness of FDIC’s internal control based on the assessed risk. • Considered FDIC’s process for evaluating and reporting on internal control based on criteria established under the Federal Managers’ Financial Integrity Act (FMFIA). • Tested compliance with certain laws and regulations, including selected provisions of the Federal Deposit Insurance Act, as amended. • Performed such other procedures as we considered necessary in the circumstances. Page 16 GAO-12-752R FDIC Management Report 2011 Enclosure IV: GAO Contact and Staff Acknowledgments GAO Contact James R. Dalkin, (202) 512-3133 or firstname.lastname@example.org Gregory C. Wilshusen (202) 512-6244 or email@example.com Staff Acknowledgments The following individuals made key contributions to this report: William J. Cordrey, Assistant Director; Nicholas H. Marinos, Assistant Director; Gloria Cano; Gary Chupka; Dennis Clarke; William Cook; Jody Ecie; David Hayes; Brian P. Koning; Marc Oestreicher; Krzysztof Pasternak; Leticia Pena, Daniel Swartz; Shaunyce Wallace; and Gregory Ziombra. (196258) Page 17 GAO-12-752R FDIC Management Report 2011 This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. The Government Accountability Office, the audit, evaluation, and GAO’s Mission investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no Obtaining Copies of cost is through GAO’s website (www.gao.gov). Each weekday afternoon, GAO Reports and GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, Testimony go to www.gao.gov and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, http://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at www.gao.gov. Contact: To Report Fraud, Waste, and Abuse in Website: www.gao.gov/fraudnet/fraudnet.htm E-mail: firstname.lastname@example.org Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Katherine Siggerud, Managing Director, email@example.com, (202) 512- Congressional 4400, U.S. Government Accountability Office, 441 G Street NW, Room Relations 7125, Washington, DC 20548 Chuck Young, Managing Director, firstname.lastname@example.org, (202) 512-4800 Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 Please Print on Recycled Paper.
Management Report: Opportunities for Improvements in FDIC's Shared Loss Estimation Process
Published by the Government Accountability Office on 2012-07-19.
Below is a raw (and likely hideous) rendition of the original report. (PDF)