Securities and Exchange Commission's Financial Statements for Fiscal Years 2005 and 2004
GAO-06-239, Nov 15, 2005
Established in 1934 to enforce the securities laws and protect investors, the Securities and Exchange Commission (SEC) plays an important role in maintaining the integrity of the U.S. securities markets. Pursuant to the Accountability of Tax Dollars Act of 2002, the SEC is required to prepare and submit to Congress and the Office of Management and Budget audited financial statements. GAO agreed, under its audit authority, to perform the audit of SEC's financial statements. GAO's audit was done to determine whether, in all material respects, (1) SEC's fiscal year 2005 financial statements were reliable and (2) SEC's management maintained effective internal control over financial reporting and compliance with laws and regulations. We also tested SEC's compliance with certain laws and regulations.
In GAO's opinion, SEC's fiscal year 2005 financial statements were fairly presented in all material respects. A notable achievement during fiscal year 2005 was SEC's acceleration of its financial reporting and issuance of its audited financial statements by November 15, 2005. However, because of continued material internal control weaknesses in the areas of preparing financial statements and related disclosures, recording and reporting disgorgements and penalties, and information security, in GAO's opinion, SEC did not maintain effective internal control over financial reporting as of September 30, 2005. Recommendations for corrective actions will be included in a separate report. SEC did maintain in all material respects effective internal control over compliance with laws and regulations we tested as of September 30, 2005, and GAO did not find reportable instances of noncompliance with laws and regulations it tested. For the preparation of its financial statements, SEC has drafted some policies and procedures, improved communication among SEC divisions, and improved subsidiary ledgers that support financial statement amounts. However, SEC's financial reporting process continues to be largely manual and difficult to follow. The link between the financial statements and the detailed account balances was not supported by an adequate audit trail; support for certain balances was not readily available; and policies for financial reporting were still incomplete. SEC's Office of Financial Management does not have sufficient staff with expertise in financial reporting, resulting in too many responsibilities vested with too few people, causing problems with segregation of duties, achieving quality assurance reviews, and being able to effectively manage the workload. In the area of disgorgements and penalties, SEC has undertaken a comprehensive review of related financial data and has identified many inaccuracies which it is in the process of correcting. Contributing to SEC's control weakness in this area are limitations in SEC's database used to track disgorgement- and penalty-related activity. The database is not designed to facilitate accounting and financial reporting causing SEC to perform extensive, manual procedures to account for this activity. During our fiscal year 2005 audit, we continued to find inaccuracies in the data that were similar to what we found during the fiscal year 2004 audit. SEC has taken steps to strengthen its information security by increasing staffing, certifying and accrediting applications, and establishing a backup data center. However, most of the weaknesses identified in our fiscal year 2004 audit persisted, and we identified additional weaknesses, including several important aspects of access control. Key to SEC's weakness in information security control is that it has not fully implemented a comprehensive program for security management. Such a program is fundamental to protecting the integrity, confidentiality, and availability of SEC's sensitive data.