Management Report:

Opportunities for Improvement in the Federal Housing Finance Agency's Internal Controls

GAO-12-499R: Published: May 16, 2012. Publicly Released: May 16, 2012.

Additional Materials:

Contact:

Steven J. Sebastian
(202) 512-3406
sebastians@gao.gov

 

Gregory C. Wilshusen
(202) 512-6244
wilshuseng@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During our audit of FHFA’s fiscal years 2011 and 2010 financial statements, we identified one internal control issue and a continuing issue related to information systems controls that could adversely affect FHFA’s ability to meet its internal control objectives. We do not consider these issues to represent material weaknesses or significant deficiencies in relation to FHFA’s financial statements. Nonetheless, we believe they warrant management’s attention and action.

Specifically, we found:

  • FHFA did not establish effective controls to assess the risk of errors by its payroll service provider and determine if any compensating controls were necessary to ensure the accuracy of payroll calculations.
  • FHFA had not yet fully implemented its information security program, resulting in weaknesses in four information security control areas.

These issues increase the risk to FHFA that 1) misstatements in its financial statements may not be promptly detected and corrected, 2) errors in the calculation of its payroll amounts may not be identified, 3) contractors or other users with privileged access could gain unauthorized access to or improperly use agency financial systems, applications, and information, and 4) unauthorized system changes could be implemented without FHFA’s knowledge.

Why GAO Did This Study

In November 2011, we issued our opinion on the Federal Housing Finance Agency’s (FHFA) fiscal years 2011 and 2010 financial statements. Our report also included our opinion on the effectiveness of FHFA’s internal control over financial reporting as of September 30, 2011, and our evaluation of FHFA’s compliance with provisions of selected laws and regulations for the fiscal year ended September 30, 2011.

The Housing and Economic Recovery Act of 2008 (HERA) created FHFA and assigned it responsibility for, among other things, the supervision and regulation of the Federal National Mortgage Association (Fannie Mae), the Federal Home Loan Mortgage Corporation (Freddie Mac), the 12 federal home loan banks, and the Office of Finance. Specifically, FHFA was assigned responsibility for ensuring that the regulated entities operate in a fiscally safe and sound manner, including maintenance of adequate capital and internal controls, in carrying out their housing and community development finance mission. HERA requires FHFA to annually prepare financial statements, and requires GAO to audit these statements.

The purpose of this report is to present additional information on the financial reporting-related internal control issue we identified during our audit of FHFA’s fiscal year 2011 financial statements and to provide our recommended action to address that issue. This report also discusses a continuing issue with respect to FHFA’s information security that resulted in new weaknesses in information security control areas. In addition, we are providing an update on the status of recommendations we made to address internal control issues identified during our audits of FHFA’s fiscal years 2010 and 2009 financial statements as reported in our related management reports on internal controls and accounting procedures and our fiscal year 2009 report on controls related to information security.

What GAO Recommends

We present our recommendation for strengthening FHFA’s internal controls. Our recommendation is intended to improve management’s oversight and controls and minimize the risk of misstatements in FHFA’s accounts and financial statements.

For more information, contact Steven Sebastian at (202) 512-3406 or sebastians@gao.gov or Gregory Wilshusen at (202) 512-6244 or wilshuseng@gao.gov.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: To identify and address any National Finance Center (NFC) errors in processing FHFA payroll, the Acting Director of FHFA should direct the Chief Financial Officer to develop and implement a process to assess and address the risk to FHFA from any internal control issues at NFC including, as appropriate, any compensating controls commensurate with any identified risk.

    Agency Affected: Federal Housing Finance Agency

    Status: Closed - Implemented

    Comments: We reviewed the status of FHFA's corrective action plans, including FHFA's A-123 review of NFC errors and the quality control process to verify withholdings. In addition, for the past two years, as part of our detail testing of payroll samples at interim, we reviewed SPPS payments and found no exceptions that were not self-corrected by NFC. Therefore, we found this control deficiency to have been addressed and actions taken to be sufficient.

    Mar 31, 2014

    Mar 27, 2014

    Mar 18, 2014

    Feb 6, 2014

    Jan 30, 2014

    Jan 28, 2014

    Oct 22, 2013

    Aug 8, 2013

    Jul 31, 2013

    Looking for more? Browse all our products here