oversight

Management Report: Opportunities for Improvements in FDIC's Shared Loss Estimation Process

Published by the Government Accountability Office on 2012-07-19.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States Government Accountability Office
Washington, DC 20548




           July 19, 2012

           The Honorable Steven O. App
           Deputy to the Chairman and Chief Financial Officer
           Federal Deposit Insurance Corporation

           Subject: Management Report: Opportunities for Improvements in FDIC’s Shared Loss
           Estimation Process

           Dear Mr. App:

           In April 2012, we issued our report on the results of our audits of the financial statements of
           the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation
           Resolution Fund (FRF) as of and for the years ending December 31, 2011, and 2010, and
           on the effectiveness of the Federal Deposit Insurance Corporation’s (FDIC) internal control
           over financial reporting as of December 31, 2011. We also reported our conclusions on
           FDIC’s compliance with selected provisions of laws and regulations. 1 As part of that audit,
           we identified a significant deficiency 2 in FDIC’s internal control over its shared loss
           estimation process for the DIF.

           The purpose of this report is to present additional information on the control deficiencies we
           identified during our 2011 audit that comprised the significant deficiency, along with our four
           related recommended corrective actions to address them. In addition, we are providing an
           update on our assessment of the status of recommendations we made to address control
           deficiencies identified in previous audits that were open at the beginning of our 2011
           financial statement audits (see summary in encl. I). In a separate report 3, we provided
           details on additional information technology-related deficiencies also identified during our
           2011 FDIC financial statement audits. These findings and related recommendations were
           issued in a separate report due to their sensitive nature.




           1
            GAO, Financial Audit: Federal Deposit Insurance Corporation Funds’ 2011 and 2010 Financial
           Statements, GAO-12-416 (Washington, D.C.: Apr. 19, 2012).
           2
            A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less
           severe than a material weakness, yet important enough to merit the attention of those charged with
           governance. A deficiency in internal control exists when the design or operation of a control does not
           allow management or employees, in the normal course of performing their assigned functions, to
           prevent or detect and correct misstatements on a timely basis.
           3
            GAO, Information Security: Opportunities Exist for the Federal Deposit Insurance Corporation to
           Improve Controls, GAO-12-609SU (Washington, D.C.: June 14, 2012).


                                                                GAO-12-752R FDIC Management Report 2011
Results in Brief

During our audit of the DIF’s 2011 and 2010 financial statements, we identified deficiencies
in controls over FDIC’s process for deriving and reporting estimates of losses to the DIF
from resolution transactions involving shared loss agreements. While these deficiencies,
individually and collectively, did not constitute a material weakness in internal control over
financial reporting, they nevertheless increased the risk of additional undetected errors or
irregularities in the DIF’s financial statements. 4 Thus, these control deficiencies collectively
represented a significant deficiency in FDIC’s internal control over financial reporting for the
DIF related to estimating losses from shared loss agreements.

Specifically, we found the following deficiencies in FDIC’s internal control over financial
reporting for the DIF related to estimating losses from shared loss agreements:

    •    FDIC did not have adequate documentation for key aspects of the shared loss
         estimation process. This, in turn, did not allow for sufficient review and oversight of
         its loss estimation process for shared loss agreements. As a result, FDIC’s multiple
         reviews and approvals did not identify three programming errors that existed in the
         shared loss model that caused errors in the shared loss estimate and resulted in
         errors in the DIF’s draft financial statements.

    •    FDIC did not consistently implement its corporate software change management
         policies to its shared loss estimating process. This led to programming errors that
         went unidentified and resulted in inaccuracies in the DIF’s draft financial statements.

    •    FDIC’s internal controls were not designed or implemented to ensure that the source
         data used by the shared loss model were accurate. As a result, FDIC did not identify
         errors in the source information or errors in the shared loss model that resulted in
         errors in the DIF’s draft financial statements.

At the end of our description of each of these deficiencies, we provide our recommendations
for strengthening FDIC’s related internal controls. These recommendations are intended to
improve management’s oversight and controls and minimize the risk of misstatements in
FDIC’s financial statements for the DIF.

We also found that FDIC addressed many of the control deficiencies related to open
recommendations from our prior audits. As a result, FDIC has eight financial management-
related recommendations that need to be addressed, including four new recommendations
we are making in this report.

We provided FDIC with a draft of this report and obtained its written comments. In its
comments, FDIC concurred with all of our recommendations and described actions it has
taken, has underway, or plans to take to address the control weaknesses described in this
report. In addition, FDIC provided an update on actions it has taken or plans to take to
address our prior open recommendations related to its processing of receivership
disbursements, its review of asset valuations, and its documentation of the shared loss
estimation process. At the end of our discussion of each of the deficiencies in this report, we
have summarized FDIC’s related comments and our evaluation. We have also reprinted
FDIC’s written comments in their entirety in enclosure II.


4
 A material weakness is a deficiency, or combination of deficiencies, in internal control over financial
reporting, such that there is a reasonable possibility that a material misstatement of the entity’s
financial statements will not be prevented or detected and corrected on a timely basis.

Page 2                                              GAO-12-752R FDIC Management Report 2011
In addition to its written comments, FDIC provided technical comments, which we
considered and have incorporated where appropriate.

Scope and Methodology

As part of our financial statement audits of the two funds 5 administered by FDIC, we
determined whether FDIC maintained, in all material respects, effective internal control over
financial reporting as of December 31, 2011, as it relates to the two funds. We also tested
compliance with selected provisions of laws and regulations that had a direct and material
effect on the funds’ financial statements. In conducting the audit, we examined, on a test
basis, evidence supporting the amounts and disclosures in the financial statements,
assessed the accounting principles used and significant estimates made by FDIC
management, and obtained an understanding of FDIC and its operations. We also tested
internal control over financial reporting. We did not evaluate all internal controls relevant to
operating objectives, such as controls relevant to ensuring efficient operations. We limited
our internal control testing to controls over financial reporting. We performed our audits of
the DIF’s and the FRF’s 2011 and 2010 financial statements in accordance with U.S.
generally accepted government auditing standards. We believe that our audits provided a
reasonable basis for our conclusions in this report. Further details on our audit methodology
are presented in enclosure III.

Documentation for the Shared Loss Model

During our 2011 financial audit, we found that FDIC lacked adequate documentation for key
aspects of its shared loss estimation process for the DIF. Lacking such documentation,
FDIC officials were unable to effectively review and verify the accuracy of the loss estimates
associated with FDIC’s shared loss agreements. As a result, FDIC’s multiple reviews and
approvals did not identify programming errors that existed within the shared loss model. This
resulted in errors in the draft DIF financial statements that went undetected by FDIC.

Since 2009, FDIC has used purchase and assumption agreements with accompanying
shared loss agreements as the primary means of resolving failed financial institutions. Under
such a purchase and assumption agreement, FDIC sells a failed institution to an acquirer
with an agreement that FDIC, through the DIF, will share in losses the acquirer experiences
in servicing and disposing of assets purchased and covered under these agreements.
Typically, shared loss agreements are structured such that FDIC assumes 80 percent of any
such losses. For financial reporting purposes, FDIC developed a process to calculate a
lifetime loss estimate under these shared loss agreements. For 2011, the lifetime loss
estimate was $42.8 billion (46 percent) of the total DIF allowance for losses related to the
Receivables from resolutions, net line item on the DIF’s balance sheet at December 31,
2011. As an integral part of this shared loss estimation process, FDIC developed a series of
computerized programs that are commonly referred to as the shared loss model.

We reported in 2009 and again in 2010 that FDIC did not have clear, comprehensive
documentation over the shared loss estimation process to allow for an effective level of
review. FDIC attempted to address this continuing deficiency by strengthening its internal

5
 FDIC is also the manager of the Orderly Liquidation Fund established under title II of the Dodd-Frank
Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, § 210(n), 124 Stat. 1376,
1506 (July 21, 2010). That fund, established as a separate fund in the U.S. Treasury, is unfunded and
conducted no transactions during the years covered by our audit. Thus, FDIC did not prepare
financial statements for the fund.

Page 3                                            GAO-12-752R FDIC Management Report 2011
controls over the entire process in 2011 through documenting flowcharts, data dictionaries,
and high-level comprehensive descriptions of the process. However, FDIC did not document
how the shared loss model should perform calculations or how the calculations relate to the
estimation methodology. In December 2011, FDIC’s internal review reported a similar lack of
documentation. 6 As a result, review of the model was problematic and ineffective. The
documentation developed for the model did not clearly document, outside of the programs
themselves, the calculations performed by the model to derive the estimates. As such, FDIC
management or other reviewers were unable to identify the specific logic of the program to
verify that it was accurately following management’s intentions. This deficiency led to
undetected errors in the calculation of the shared loss estimate that were reflected in the
initial draft of the DIF’s 2011 financial statements.

Standards for Internal Control in the Federal Government states that internal control and all
transactions and other significant events need to be clearly documented, and the
documentation should be readily available for examination. The documentation should
appear in management directives, administrative policies, or operating manuals. 7 Given that
the shared loss estimate is a key element used in deriving the overall allowance for losses
on the DIF’s Receivables from resolutions, net financial statement line item, it is critical that
FDIC design and implement effective controls and ensure that all steps in the shared loss
model are fully documented to allow for appropriate review of key steps in the process.

Recommendation

We recommend that you direct the appropriate FDIC officials to develop documentation
specifying how the shared loss estimation model programs should perform calculations and
how the calculations within the model’s programs relate to the shared loss estimation
methodology.

FDIC Comments and Our Evaluation

FDIC agreed with our recommendation and stated that it is in the process of developing a
document to define terms, assumptions, and calculations that are relevant to the shared loss
estimation methodology. FDIC stated that it expects to have these actions fully implemented
by August 31, 2012. We will review and evaluate FDIC’s documentation of the shared loss
model during our 2012 financial audit.

Change Control and Testing the Shared Loss Model

During our 2011 financial audit, we found that FDIC did not consistently implement its
corporate software change management policies to its shared loss model or data used in
the shared loss estimating process. Although FDIC made progress in applying change
management controls to those areas, it did not always (1) document change management
procedures, (2) store all programs in the model in its software change management library,
and (3) sufficiently test program changes. These deficiencies led to undetected
programming errors resulting in inaccuracies in the initial year-end shared loss calculation.

Although in most instances FDIC had documented and controlled changes to its major
applications in accordance with its policies, it did not consistently implement its corporate
software change management policies in controlling changes to the shared loss model.

6
 FDIC Division of Resolutions and Receiverships, SAS Program Methodology Review (Washington,
D.C.: Dec. 22, 2011).
7
 GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington,
D.C.: Nov. 1999).

Page 4                                          GAO-12-752R FDIC Management Report 2011
Specifically, FDIC did not document its procedures for managing changes to the model used
to derive its shared loss estimates. In addition, although FDIC used a software change
management library for access and version control for most of the programs in the model, it
did not use the library to store a program that generated data for the year-end calculation.
Finally, even though FDIC conducted two tests of the changes to the model, one test was
not designed to compare the program logic and the test results to the objective of the
program, and the other test did not include all portions of the shared loss calculation in its
scope. These deficiencies occurred because FDIC’s Division of Resolutions and
Receivership’s process for managing changes to the model did not include steps to
systematically propose, coordinate, approve, track, and implement program changes in
accordance with FDIC’s established policies for software change management.

Because of these deficiencies, FDIC did not detect certain programming errors either
through its existing change management controls or through its testing of the model which
resulted in undetected gross errors in the draft DIF financial statements’ overall allowance
for losses of $578 million and a $184 million net reduction in the loss estimate. The specific
programming errors resulted in the following:

    •    Double counting covered losses 8 in the calculation of the liability estimate. The error
         affected the loss estimate for 40 different agreements and caused a $381 million
         overstatement to the overall allowance for losses

    •    Misallocating of assets 9 across various asset categories. This error affected the loss
         estimate for 23 agreements and resulted in a $289,000 understatement to the overall
         allowance for losses.

    •    Miscalculating true-up. 10 The model erroneously interpreted blank fields as zero
         dollar items, which resulted in a miscalculation of the estimated value of the true-up
         payment. The result of the error was an understatement to the overall allowance for
         losses of $197 million.

While FDIC subsequently corrected these errors in finalizing the DIF’s 2011 financial
statements, errors may continue to occur if changes to these programs are not consistently
controlled, documented, and fully tested.

Recommendations

We recommend that you direct the appropriate FDIC officials to implement the corporation’s
change management policies to the shared loss model by taking the following actions:

    •    develop, document, and implement a formal change management process for the
         shared loss model that is consistent with FDIC’s corporate policies for software
         change management and

    •    design and perform tests of the shared loss model to ensure that (1) the program
         logic and test results are consistent with the objectives of the programs and (2) all
         portions of the shared loss calculation are tested.

8
  Covered losses are a key component used in the shared loss model to calculate FDIC’s estimated
liability.
9
  Asset balances are a key component used in the shared loss model to calculate the estimated
liability.
10
   True-up is a term used by FDIC to reflect a payment to FDIC from the acquiring institution to be
made at the termination of the shared loss agreement if covered losses have not equaled estimates.

Page 5                                           GAO-12-752R FDIC Management Report 2011
In a separate report with limited distribution, we made an additional recommendation to
store all programs that make up the shared loss model in a software change management
library. 11

FDIC Comments and Our Evaluation

FDIC agreed with our change management recommendation and stated that it has planned
improvements that are consistent with the corporation’s change management policies.
Specifically, FDIC will implement a more complete change management process, including
formal signoffs and testing checklists, and will upgrade documentation of the coding logic
and business rules used in the estimation model.

FDIC also agreed with our testing recommendation, stating that it will conduct more rigorous
testing that covers all portions of the shared loss calculation. FDIC expects to have these
actions fully implemented by November 30, 2012. We will evaluate the effectiveness of
these new procedures during our 2012 financial audit.

Source Data Used by the Shared Loss Model

During our 2011 financial statement audit, we found FDIC’s controls were not designed or
implemented to ensure that the source data used by its shared loss model were accurate.
For example, when FDIC tested the model it did not include steps to verify either the model’s
input or results with original source documents. FDIC’s data validation testing of the
calculations focused on analytic testing rather than tracing transactions back to source
documentation. Similarly, in its review of data integrity controls over one of the source
databases for the model, FDIC concluded that tracing data back to its original source was
not necessary to validate the data in the database. 12

However, because our audit procedures were designed to trace back to original source
data, we identified errors not only in the source information but also in the model itself that
FDIC’s testing did not identify. Subsequently, FDIC performed an additional validation of
source data and identified potential errors in 45 receiverships. Errors in the source data
from 4 receiverships resulted in undetected gross errors in the draft DIF financial
statements’ overall allowance for losses of $191 million and a $90 million net reduction in
the loss estimate. Had FDIC traced the data used by the model back to the original source
documentation, these errors could have been identified and corrected before the final
shared loss liability was calculated.

Standards for Internal Control in the Federal Government states that internal control
activities are to help ensure that all activities are completely and accurately recorded.
These standards also state that internal control should generally be designed to assure that
ongoing review and monitoring occurs in the course of normal operations. 13




11
  GAO-12-609SU.
12
  FDIC Division of Resolutions and Receiverships, General Controls Review of the Loss Share
Database (Washington, D.C.: Dec. 8, 2011).
13
  GAO/AIMD-00-21.3.1.

Page 6                                          GAO-12-752R FDIC Management Report 2011
Recommendation

To enhance the reliability of estimates produced by the shared loss model, we recommend
that you direct the appropriate FDIC officials to design and perform tests to verify data used
in the shared loss model back to an original source.

FDIC Comments and Our Evaluation

FDIC agreed with our recommendation and stated that it will expand testing procedures to
include verification of certain data points of the model back to the original source
documentation. FDIC stated that it expects to have these actions fully implemented by
October 31, 2012. We will evaluate the effectiveness of these new testing procedures
during our 2012 financial audit.

Status of GAO Recommendations from FDIC Financial Audits and Related
Management Reports

FDIC has continued to work to address many of the control deficiencies related to open
recommendations from our prior audits. At the beginning of our 2011 financial audit, we had
10 recommendations to improve FDIC’s financial operations from prior year audits that
remained open and therefore required corrective action by FDIC. 14 In the course of
performing our 2011 financial audits, we identified numerous actions FDIC took to address
many of its previously identified control deficiencies. On the basis of FDIC’s actions, which
we were able to substantiate through our audit, we are closing 6 of our prior years’
recommendations. Consequently, a total of 8 financial management–-related
recommendations need to be addressed—4 remaining from our prior years’ audits and 4
new recommendations resulting from our 2011 financial audit. See enclosure I for more
details on our assessment of the status of FDIC’s actions to address our prior year
recommendations.




14
  This does not include information systems security recommendations reported separately and with
limited distribution due to their sensitive nature.

Page 7                                           GAO-12-752R FDIC Management Report 2011
                                        -----------

This report contains recommendations to you. We would appreciate receiving a description
and status of your corrective actions within 30 days of the date of this report.

This report is intended for use by FDIC management, members of the FDIC Audit
Committee, and the FDIC Inspector General. We are sending copies of this report to the
Chairman and Ranking Member of the Senate Committee on Banking, Housing, and Urban
Affairs; the Chairman and Ranking Member of the House Committee on Financial Services;
the Chairman of the Board of Directors of the Federal Deposit Insurance Corporation; the
Chairman of the Board of Governors of the Federal Reserve System; the Comptroller of the
Currency; the Secretary of the Treasury; the Director of the Office of Management and
Budget; and other interested parties. In addition, this report is available at no charge on the
GAO website at http://www.gao.gov.

We acknowledge and appreciate the cooperation and assistance provided by FDIC
management and staff during our audits of FDIC’s 2011 and 2010 financial statements. If
you or members of your staff have any questions concerning this report, please contact Jim
Dalkin at (202) 512-3133 or dalkinj@gao.gov or Greg Wilshusen at (202)-512-6244 or
wilshuseng@gao.gov. Contact points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. GAO staff who made major
contributions to this report are listed in enclosure IV.

Sincerely yours,




James R. Dalkin
Director
Financial Management and Assurance




Gregory C. Wilshusen
Director
Information Security Issues


Enclosures - 4




Page 8                                         GAO-12-752R FDIC Management Report 2011
      Enclosure I: Status of Recommendations That Were Open at the Beginning of GAO’s
      Audit of FDIC’s 2011 Financial Statements

Audit area                                                                                            Status as of
                                                                                                      April 2012

Oversight of lockbox bank

1     Revise procedures to obtain assurance—through such means as SAS 70 reports,                     Closed
      internal audit reports, and other monitoring processes—that internal controls over
      receivership receipts are in place and functioning properly at the Dallas lockbox facility.
      (GAO-09-943R, p. 8)

      FDIC action: The Federal Deposit Insurance Corporation’s (FDIC) lockbox service
      provider does not engage for a SSAE 16 (formerly SAS 70) audit. To address this
      recommendation, FDIC conducted an internal control site visit of the lockbox facility and
      implemented check deposit tests to verify that the lockbox accurately deposited checks
      into FDIC’s account. FDIC revised its policies and procedures to require quarterly
      testing of check deposit.

Processing receivership disbursements and expenses

2     Develop and implement written policies and procedures for assigning responsibility and          Closed
      detailing actions required to effectively review and approve payment vouchers, enter
      and verify payment vouchers in the accounts payable system, and generate
      receivership payments through checks, wires, or electronic fund transfers. (GAO-11-
      23R, p. 15)

      FDIC action: To address this recommendation, FDIC updated its policies and
      procedures to include assigning responsibility and giving guidance for approving
      payment vouchers and related activities.

3     Develop and implement written policies and procedures for reviewing receivership                In progress
      liabilities, including assigning responsibility and detailing actions required for performing
      oversight reviews and the frequency for performing such reviews. (GAO-11-23R, p. 15)

      FDIC action: To address this recommendation, FDIC updated its policies and
      procedures. However, FDIC’s updates did not assign responsibility for preparing the
      tracking of account 2000. We will evalutate FDIC’s implementation of its new
      procedures during our 2012 financial audit.

4     Develop and implement written policies and procedures for reviewing and canceling               Closed
      stale checks, including assigning specific responsibility, stating the frequency in which
      stale checks should be reviewed and cancelled, and detailing the manner in which
      banks are to be notified to cancel stale checks. (GAO-11-23R, p. 16)

      FDIC action: To address this recommendation, FDIC updated its policies and
      procedures to include a policy that governs the frequency at which stale checks should
      be reviewed and cancelled.

5     Take steps to reinforce the policy that voucher approvers ensure the accuracy and               In progress
      validity of general ledger expense coding and hold preparers accountable for coding
      expenses correctly. (GAO-11-687R, p. 12)

      FDIC action: To address this recommendation, FDIC reinforced the policy that voucher
      approvers ensure the accuracy and validity of general ledger expense coding by
      sending an e-mail message reminding approvers to be diligent in reviewing the
      selection of expense general ledger accounts. FDIC also provided a job aid to facilitate
      selecting general ledger expense accounts and updated the general ledger expense
      account definitions for clarity. However, during our 2011 audit testing, we continued to
      find disbursements being applied to incorrect general ledger expense accounts. We will
      continue to monitor FDIC’s actions during our 2012 financial audit.



      Page 9                                                     GAO-12-752R FDIC Management Report 2011
Audit area                                                                                         Status as of
                                                                                                   April 2012

Review of asset valuations

6     Establish a mechanism to better ensure FDIC officials comply with the SAVE                   In progress
      methodology’s review procedures for asset valuations, including correctly tracing the
      numbers used in the calculations back to the source documents and verifying that asset
      valuations are fully substantiated, logical, and reasonable. (GAO-11-687R, p. 11)

      FDIC action: To address this recommendation, FDIC added to its SAVE Job Aid
      sections detailing instructions on how to verify calculations and actions, affirm that
      assumptions are correctly applied, and review supporting documents that are the
      sources for the calculations, actions, and assumptions. Additionally, most of the SAVE
      asset valuation preparers and reviewers completed training in 2011. However, we found
      that FDIC did not always comply with the SAVE procedures in the Job Aid. As a result,
      the preparers made errors in valuing the assets and the first and second-level reviewers
      did not identify numerous errors in the valuation of the assets using the SAVE
      methodology. We will continue to monitor FDIC’s actions during our 2012 financial
      audit.

Recognition of systemic risk revenue

7     Direct appropriate FDIC officials to document FDIC’s analysis and conclusions                Closed
      regarding the amount of systemic risk revenue to recognize at December 2011. (GAO-
      11-687R, p. 14)

      FDIC action: FDIC documented its analysis of deferred revenue recognition in 2011,
      recognizing Deposit Insurance Fund (DIF) revenue of $2.6 billion for fees related to debt
      guarantees that had expired. In recognizing this revenue FDIC transferred funds from
      restricted systemic risk cash and investments to the DIF’s cash and investments
      accounts.

Procedures over financial reporting

8     Direct appropriate staff to complete revisions to the Accounting Operations Branch           Closed
      procedures regarding the preparation and review of depreciation expenses and fringe
      benefits and leave allocations, to include providing sufficiently detailed steps staff and
      reviewers are to follow to perform their general ledger closing responsibilities
      completely and effectively. (GAO-11-687R, p. 15)

      FDIC action: FDIC staff completed revisions to the Accounting Operations Branch
      procedures regarding the preparation and review of depreciation expenses and fringe
      benefits and leave allocations. The revisions include detailed steps that allow staff and
      reviewers to perform their general ledger closing responsibilities completely and
      effectively.

Documentation of shared loss estimation process

9     Direct the appropriate FDIC officials to develop comprehensive shared loss process           In progress
      documentation to include detailing the shared loss estimation process steps to be
      followed from the inception of the agreement to the reporting on the financial
      statements, including details regarding assumptions, databases, computer programs,
      and any other related materials used to estimate losses resulting from shared loss
      agreements. (GAO-11-687R, p. 6)

      FDIC action: FDIC made progress in addressing this recommendation by attempting to
      strengthen its internal controls over the entire process in 2011. FDIC documented flow
      charts, developed multiple data dictionaries, and created high-level comprehensive
      descriptions of the process. However, FDIC continued to lack documentation in critical
      areas of the process such as the methodology and calculation of true-up recovery
      amounts, which are used to decrease current loss estimate amounts FDIC anticipates
      recovering when a shared loss agreement ends. We will continue to monitor progress
      in this area as part of our 2012 financial audit.




      Page 10                                                    GAO-12-752R FDIC Management Report 2011
Audit area                                                                                       Status as of
                                                                                                 April 2012

Reviews of allowance for loss estimation process

10    Direct the appropriate FDIC officials to consider and adopt, as appropriate, additional    Closed
      cost-effective automated tools and procedures for DOF officials to enhance the review
      and monitoring activities related to the LLR templates to gain additional assurance that
      the underlying data and calculations are complete and accurate. (GAO-11-687R, p. 9)

      FDIC action: To make the process more automated and less prone to error, FDIC’s
      Division of Finance (DOF) changed its process for generating the Loan Loss Reserve
      (LLR) templates used to perform the overall allowance for loss calculation. FDIC
      implemented the use of a software program to upload files and automatically run
      programmed mathematical calculations, which helps to ensure the consistency and
      accuracy of the estimates produced by the LLR templates. We tested the effectiveness
      of the program and found it to be producing a reliable overall allowance for loss
      estimate.

      Source: GAO and FDIC




      Page 11                                                  GAO-12-752R FDIC Management Report 2011
Enclosure II: Comments from the Federal Deposit Insurance Corporation




Page 12                                 GAO-12-752R FDIC Management Report 2011
Page 13   GAO-12-752R FDIC Management Report 2011
Page 14   GAO-12-752R FDIC Management Report 2011
Page 15   GAO-12-752R FDIC Management Report 2011
Enclosure III: Details on Audit Scope and Methodology


To fulfill our responsibilities as auditor of the financial statements of the two funds
administered by the Federal Deposit Insurance Corporation (FDIC), we did the following:

   •   Examined, on a test basis, evidence supporting the amounts and disclosures in the
       financial statements.

   •   Assessed the accounting principles used and significant estimates made by FDIC
       management.

   •   Evaluated the overall presentation of the financial statements.

   •   Obtained an understanding of FDIC and its operations, including its internal control
       related to financial reporting and compliance with certain laws and regulations.

   •   Assessed the risk that a material misstatement exists in the financial statements.

   •   Tested relevant internal controls over financial reporting and compliance, and
       evaluated the design and operating effectiveness of FDIC’s internal control based on
       the assessed risk.

   •   Considered FDIC’s process for evaluating and reporting on internal control based on
       criteria established under the Federal Managers’ Financial Integrity Act (FMFIA).

   •   Tested compliance with certain laws and regulations, including selected provisions of
       the Federal Deposit Insurance Act, as amended.

   •   Performed such other procedures as we considered necessary in the circumstances.




Page 16                                       GAO-12-752R FDIC Management Report 2011
Enclosure IV: GAO Contact and Staff Acknowledgments


GAO Contact

James R. Dalkin, (202) 512-3133 or dalkinj@gao.gov
Gregory C. Wilshusen (202) 512-6244 or wilhuseng@gao.gov


Staff Acknowledgments

The following individuals made key contributions to this report: William J. Cordrey, Assistant
Director; Nicholas H. Marinos, Assistant Director; Gloria Cano; Gary Chupka; Dennis Clarke;
William Cook; Jody Ecie; David Hayes; Brian P. Koning; Marc Oestreicher; Krzysztof
Pasternak; Leticia Pena, Daniel Swartz; Shaunyce Wallace; and Gregory Ziombra.




(196258)



Page 17                                       GAO-12-752R FDIC Management Report 2011
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
                      The Government Accountability Office, the audit, evaluation, and
GAO’s Mission         investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (www.gao.gov). Each weekday afternoon,
GAO Reports and       GAO posts on its website newly released reports, testimony, and
                      correspondence. To have GAO e-mail you a list of newly posted products,
Testimony             go to www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
Waste, and Abuse in   Website: www.gao.gov/fraudnet/fraudnet.htm
                      E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.