Federal Deposit Insurance Corporation Funds' 2005 and 2004 Financial Statements
GAO-06-146, Mar 2, 2006
GAO is required to annually audit the financial statements of the Bank Insurance Fund (BIF), Savings Association Insurance Fund (SAIF), and FSLIC Resolution Fund (FRF), which are administered by the Federal Deposit Insurance Corporation (FDIC). GAO is responsible for obtaining reasonable assurance about whether FDIC's financial statements for BIF, SAIF, and FRF are presented fairly in all material respects, in conformity with U.S. generally accepted accounting principles, and whether FDIC maintained effective internal control over financial reporting and compliance. Also, GAO is responsible for testing FDIC's compliance with selected laws and regulations. Created in 1933 to insure bank deposits and promote sound banking practices, FDIC plays an important role in maintaining public confidence in the nation's financial system. In 1989, legislation to reform the federal deposit insurance system created three funds to be administered by FDIC: BIF and SAIF, which protect bank and savings deposits, and FRF, which was created to close out the business of the former Federal Savings and Loan Insurance Corporation.
In GAO's opinion, FDIC fairly presented the 2005 and 2004 financial statements for the three funds it administers--the Bank Insurance Fund, the Savings Association Insurance Fund, and the FSLIC Resolution Fund. GAO also found that, although certain controls should be improved, FDIC had effective internal control over financial reporting and compliance for each fund. GAO did not find reportable instances of noncompliance with the laws and regulations it tested. On February 8, 2006, the President signed into law the Federal Deposit Insurance Reform Act of 2005. Among its provisions, the Act calls for merging the Bank Insurance and Savings Association Insurance Funds into a single Deposit Insurance Fund no later than July 1, 2006. Last year, GAO reported on progress FDIC made in addressing long-standing issues related to weaknesses in its information system controls, which GAO had been reporting as a reportable condition. Based on the progress FDIC had made, GAO had concluded in its 2004 audit report that the remaining issues related to information system controls no longer constituted a reportable condition. GAO noted in that report, however, that FDIC's implementation of a new financial system during 2005 would significantly change its information systems environment and the related information systems controls necessary for their effective operation. GAO found that FDIC, in implementing its new financial system during 2005, did not ensure that adequate controls were in place to accommodate its new systems environment. During its review, GAO identified information system control weaknesses that increased the risk of unauthorized modification and disclosure of critical FDIC financial and sensitive personnel information, disruption of critical operations, and loss of assets. These weaknesses, which constitute a reportable condition in 2005, affected FDIC's ability to ensure that users only had the access needed to perform their assigned duties and that its systems were sufficiently protected from unauthorized users. FDIC acknowledged but did not share GAO's assessment regarding the severity of the risks or the magnitude of the vulnerability posed by the issues identified during the audit. However, GAO continues to believe the weaknesses represent significant vulnerabilities in FDIC's information system controls. In addition to the reportable condition related to FDIC's information systems controls, GAO noted other less significant matters involving FDIC's internal controls. GAO will be reporting separately to FDIC management on these matters.