Management Report:

Improvements Needed in SEC's Internal Controls and Accounting Procedures

GAO-13-274R: Published: Apr 4, 2013. Publicly Released: Apr 5, 2013.

Additional Materials:

Contact:

James R. Dalkin
(202) 512-3133
dalkinj@gao.gov

 

Gregory C. Wilshusen
(202) 512-6244
wilshuseng@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

GAO’s audit of U.S. Securities and Exchange Commission’s (SEC) fiscal years 2012 and 2011 financial statements identified two areas of deficiency in SEC’s internal control that GAO determined represented significant deficiencies. Specifically, as briefly discussed in GAO’s November 2012 audit report, the aggregation of both continuing and new deficiencies in SEC’s financial reporting controls over (1) budgetary resources and (2) property and equipment transactions each constituted significant deficiencies. These significant control deficiencies may adversely affect the accuracy and completeness of information used and reported by SEC’s management. GAO is making a total of nine new recommendations to address these significant internal control deficiencies.

In addition to the two significant deficiencies, GAO’s fiscal year 2012 financial audit identified other deficiencies in SEC’s internal control over financial reporting that while not considered material weaknesses or significant deficiencies, nonetheless warrant SEC management’s attention. GAO is making a total of nine recommendations to address these deficiencies in SEC’s controls over financial reporting related to

  • review and monitoring of disgorgement and penalty transactions,

  • supervisory review and monitoring procedures over manual journal entries,

  • the accounts payable accrual methodology, and

  • information security.

Further, GAO’s follow-up on the status of internal control recommendations made in GAO’s prior audits found that SEC took action to fully address 25 of GAO’s 47 prior years’ recommendations, as of the conclusion of our fiscal year 2012 audit.

Why GAO Did This Study

GAO’s November 15, 2012, report containing its audit of the SEC and its Investor Protection Fund’s (IPF) fiscal years 2012 and 2011 financial statements identified two significant deficiencies in SEC’s internal control over financial reporting on its budgetary resources and property and equipment.

The purpose of this report is to (1) present additional information regarding the significant deficiencies GAO identified in its November 2012 report, along with related new recommendations; (2) communicate other less significant control deficiencies GAO identified in SEC’s internal controls during its fiscal year 2012 audit along with its related recommended corrective actions; and (3) provide an overview of the status of GAO’s prior recommendations as of the end of its fiscal year 2012 audit.

What GAO Recommends

GAO is making a total of 18 new recommendations related to SEC’s internal control deficiencies.

For more information, contact James R. Dalkin at (202) 512-3133 or dalkinj@gao.gov, or Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC finalized procedures that included use of a database for recalculating downward adjustments to obligations incurred in previous fiscal years. SEC's Office of Financial Management performs monthly analysis using the database and additional manual procedures to verify upward and downward adjustments calculated by the service provider. As a result of these actions, SEC improved control procedures for ensuring the propriety and accuracy of downward adjustments reported in its financial statements.

    Recommendation: To address the deficiencies in internal control over the financial reporting related to budgetary resources, the Chairman should direct the Chief Operating Officer (COO) and Chief Financial Officer (CFO) to finalize procedures requiring monitoring of SEC's service provider's accounting and reporting on budgetary resources to include required steps and documentation requirements for monthly review of the propriety and accuracy of downward adjustment transactions to identify and process any necessary adjusting entries.

    Agency Affected: United States Securities and Exchange Commission

  2. Status: Closed - Implemented

    Comments: During our audit of the Securities and Exchange Commission's (SEC) fiscal year 2012 financial statements, we found that SEC did not establish required internal control procedures for monitoring its service provider's capability for recording downward adjustment transactions (deobligations or cancellation of obligations recorded in prior budget fiscal years) to SEC's prior year obligations before the migration of its core financial systems to its service provider. As a result, we recommended that as part of SEC's annual risk assessment process, SEC include required steps for assessing its monitoring controls to identify, document, and record any downward adjustment transactions to SEC's prior year obligations in the general ledger. During our fiscal year 2014 audit, in response to our recommendation, we found that SEC's Office of Financial Management developed and implemented a key control to address this recommendation. Specifically, this control required the financial reporting branch chief to review the monthly adjusting entries for downward adjustments to obligations incurred in previous fiscal years to ensure these were properly reported and included in its Internal Control over Financial Reporting assessment process, the required steps for assessing SEC's monitoring controls to identify, document, and record any downward adjustment transactions. As a result, the new key control and revised risk assessment process should 1) help ensure that procedures are designed and operating effectively and 2) decrease SEC's risk of misstating downward adjustments and related activities in its Statement of Budgetary Resources.

    Recommendation: To address the deficiencies in internal control over the financial reporting related to budgetary resources, the Chairman should direct the Chief Operating Officer (COO) and Chief Financial Officer (CFO) to, as part of the annual risk assessment process, include required steps for assessing SEC's monitoring controls to identify, document, and record any downward adjustment transactions to SEC's prior year obligations in the general ledger.

    Agency Affected: United States Securities and Exchange Commission

  3. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC developed and implemented a monthly reconciliation process between the subsidiary ledger and general ledger designed to identify manual journal adjustments and validate transactions in the subsidiary ledger that are posted to the general ledger. As a result, SEC improved control procedures for ensuring consistency of financial data in the subsidiary ledger and general ledger and reduced the risk of material misstatements for the related amounts report in its financial statements.

    Recommendation: To address the deficiency in internal control over accounting and financial reporting for apportioned but unobligated balances, the Chairman should direct the COO and CFO to develop and implement control procedures to monthly reconcile the budget execution module (subsidiary ledger) to the related general ledger account balances for SEC's apportioned but unobligated balances.

    Agency Affected: United States Securities and Exchange Commission

  4. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC implemented procedures related to the documentation, review, and approval of property and equipment acquisitions to help ensure timely recording of transactions. As a result, SEC reduced the risk of material misstatement related to property and equipment acquisition transactions in its financial statements.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to develop and implement control procedures to review all property and equipment acquisition transactions to ensure that they are properly accounted for in the year-end financial statements.

    Agency Affected: United States Securities and Exchange Commission

  5. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC revised its procedures to require a review of assets placed into service in prior years but recorded in SEC's fixed asset module during the current year in order to identify any prior period adjustment impact. As a result, SEC reduced the risk of material misstatement related to prior period misstatements resulting from property acquisition transactions in its financial statements.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to augment current procedures to require considering whether the cumulative effect of all misstatements of property transactions identified in the current year would require revision to prior year or current year financial statements.

    Agency Affected: United States Securities and Exchange Commission

  6. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC developed and implemented procedures to require review of purchasing transactions posted to the general ledger for accuracy. In addition, SEC implemented required approval procedures for all requisitions recorded to an asset-related budget object classification code, and provided training on transaction processing to all personnel involved in asset acquisitions. As a result of these improvements, SEC reduced the risk of reporting misstated property and equipment balances in its financial statements.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to develop and implement control procedures to require the review of underlying invoices and obligation documents at the time of capitalization to ensure that recorded asset acquisition costs represent capitalizable costs.

    Agency Affected: United States Securities and Exchange Commission

  7. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC's Office of Financial Management coordinated with the Office of Information Technology and the Office of Support Operations to develop a consolidated asset log containing all fixed asset worksheets for new assets and disposals to be used for monitoring property and equipment transactions. As a result, SEC improved its monitoring controls over property and equipment transactions, and reduced the risk of misstatements in its financial statements related to property and equipment transactions.

    Recommendation: To address the deficiencies GAO identified in the monitoring of property and equipment transactions, the Chairman should direct the COO and CFO to augment SEC's service provider monitoring spreadsheet to include all property and equipment acquisition and disposal transactions from all SEC offices.

    Agency Affected: United States Securities and Exchange Commission

  8. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC finalized and implemented procedures requiring a quarterly review of all asset costs to identify assets that should be depreciated. The procedure also required a semi-annual recalculation of depreciation on a sample of assets. As a result, SEC helped to ensure that any errors in the recording of depreciation and related transactions will be timely detected and corrected, and reduced the risk of misstatements in its financial statements related to depreciation and related transactions.

    Recommendation: To address the deficiencies GAO identified in the monitoring of property and equipment transactions, the Chairman should direct the COO and CFO to finalize procedures documenting the required steps to be followed for monitoring the service provider's calculation and recording of property and equipment, depreciation, and related transactions in the general ledger.

    Agency Affected: United States Securities and Exchange Commission

  9. Status: Closed - Implemented

    Comments: During our fiscal year 2012 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC's procedures for conducting its annual physical inventory count did not include specific steps to ensure all capitalized assets were counted and that the results were properly reflected in its financial statements. We recommended that SEC revise control procedures for conducting the annual physical inventory count to include specific steps to reconcile capitalized property and equipment to be counted with related general ledger balances, reconcile division and office responses to the items listed in the property and equipment report used for the physical count, and assess and appropriately reflect any financial statement impact of any issues identified during the physical count. In response to our recommendation, in fiscal year 2014, SEC (1) reconciled the inventory report used for performing the physical inventory count of capitalized property and equipment (capitalized assets) to the general ledger balances; (2) reconciled division and office responses to the items listed in the property and equipment report used for the physical count; and (3) used a Board of Survey to assess and appropriately reflect any financial statement impact of any issues identified during the physical count. Therefore, we concluded that SEC has significantly improved its control procedures for conducting the annual physical count of its capitalized assets. As a result, SEC decreased its risk of inaccurate reporting of its capitalized assets in certain of its financial statements.

    Recommendation: To address the deficiencies GAO identified in SEC's procedures for conducting its annual property and equipment physical inventory count, the Chairman should direct the COO and CFO to revise control procedures for conducting the annual physical inventory count of property and equipment to include specific steps required to (1) reconcile capitalized property and equipment to be counted with related general ledger balances, (2) reconcile division and office responses to the items listed in the property and equipment report used for the physical count, and (3) assess and appropriately reflect any financial statement impact of any issues identified during the physical count.

    Agency Affected: United States Securities and Exchange Commission

  10. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC established a requirement for a secondary review to help ensure accuracy and proper posting of any individual electronic collection transaction in excess of $100,000. As a result, SEC reduced the risk that an individual could both create and conceal an error or irregularity in SEC's collections and accounts receivable balance.

    Recommendation: The Chairman should direct the COO and CFO to revise existing collection procedures to provide for segregating incompatible responsibilities, including prohibiting an individual from both processing and reviewing electronic collections transactions.

    Agency Affected: United States Securities and Exchange Commission

  11. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chairman should direct the COO and CFO to revise existing procedures for review of disbursements transactions to include specifically required steps for verification of individual disbursements processed by Treasury to ensure that these disbursements were made for the correct amounts and to the correct payees.

    Agency Affected: United States Securities and Exchange Commission

  12. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chairman should direct the COO and CFO to develop and implement control procedures to include specific steps for the review, classification, and disposition of collections in order to properly apply collections to an SEC accounts receivable or transfer collections to either another entity or to Treasury.

    Agency Affected: United States Securities and Exchange Commission

  13. Status: Closed - Implemented

    Comments: During our fiscal year 2012 financial statement audit of the Securities and Exchange Commission (SEC), we found that SEC's monitoring procedures for disgorgement and penalty accounts receivable transactions recorded in the general ledger did not require the review of all transactions affecting the balance of accounts receivables. While the procedures provided for daily review of original receivable transactions recorded in the general ledger, the procedures did not require review of all types of accounting entries that could affect the disgorgement and penalty accounts receivable balance, such as correcting entries. We recommended that SEC revise existing procedures for the monitoring of accounts receivable transactions recorded in the general ledger to specifically require review of all types of accounting entries that could affect the accounts receivable balance, including correcting entries. In response to our recommendation, in March 2013, SEC revised its procedures for the daily review of disgorgement and penalty accounts receivable transactions to include all accounting entries that could affect the accounts receivable balance, including correcting entries. These revised processes should decrease the risk that SEC's disgorgement and penalty transactions will not be properly recorded and reported or that any errors will not be detected and corrected timely.

    Recommendation: The Chairman should direct the COO and CFO to revise existing procedures for the monitoring of accounts receivable transactions recorded in the general ledger to specifically require review of all types of accounting entries that could affect the accounts receivable balance, including correcting entries.

    Agency Affected: United States Securities and Exchange Commission

  14. Status: Closed - Implemented

    Comments: During our fiscal year 2012 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that controls over SEC's supervisory review process for nonrecurring manual journal voucher adjustment entries (JV transactions) were not operating effectively. Specifically, our tests identified several instances in which SEC's controls for review of manual JV transactions did not prevent or timely detect and correct errors made by SEC personnel. We recommended that SEC establish a mechanism to ensure that existing supervisory review procedures over manual JV transactions are followed to ensure that all manual JV transactions are properly prepared and accurately and timely recorded. These procedures could include sending periodic reminders to JV transaction reviewers emphasizing existing procedures and the importance of adhering to them. In response to our recommendation, in August 2012, SEC created a journal voucher policy which details procedures for the review of journal vouchers. Also, in fiscal year 2014, we did not identify issues in our testing of SEC's JV transactions. We therefore determined that SEC had established appropriate mechanisms for review of its JV transactions, which helped to ensure that existing supervisory review procedures over JV transactions were followed and that JV transactions were properly prepared and accurately and timely recorded. Further, these procedures decreased the risk of material misstatements in SEC's financial statements that may occur from its processing and recording of JV transactions.

    Recommendation: The Chairman should direct the COO and CFO to establish a mechanism to ensure that existing supervisory review procedures over manual journal voucher adjustment entries (JV) transactions are followed to ensure that all manual JVs are properly prepared and accurately and timely recorded. These procedures could include sending periodic reminders to JV reviewers emphasizing existing procedures and the importance of adhering to them.

    Agency Affected: United States Securities and Exchange Commission

  15. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC's Office of Financial Management developed and implemented procedures for reviewing JVs. Specifically, SEC developed a list of recurring JV entries to facilitate the efficiency of the JV review process and implemented quality-control monitoring processes that required the review and approval of the JVs by the appropriate branch chief. As a result of these new review procedures, SEC significantly improved internal controls over manual JVs and reduced the risk of misstatements in its financial statements resulting from erroneous JVs.

    Recommendation: The Chairman should direct the COO and CFO to establish a mechanism to ensure that procedures for reviewing JV's processed by SEC's service provider are followed to ensure that all manual JVs are recorded in the general ledger in accordance with the JV forms approved by SEC management.

    Agency Affected: United States Securities and Exchange Commission

  16. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC revised its accounts payable accrual review process to consider all accounts payable accrual amounts, incorporate analytical review and statistical sampling procedures, and increase the number of items reviewed. As a result, SEC reduced the risk of misstatements related to accounts payable accrual amounts reported in its financial statements.

    Recommendation: The Chairman should direct the COO and CFO to revise SEC's procedures for evaluating the ongoing reasonableness of its account payable accrual methodology to include steps to ensure that the results of reviews will be projectable to the population and any variances derived from its review, in aggregate, are acceptable for financial reporting purposes.

    Agency Affected: United States Securities and Exchange Commission

  17. Status: Closed - Implemented

    Comments: In fiscal year 2013, SEC revised its accounts payable accrual review process to consider all accounts payable accrual amounts, incorporate analytical review and statistical sampling procedures, and increase the number of items reviewed. As a result, SEC reduced the risk of misstatements related to accounts payable accrual amounts reported in its financial statements.

    Recommendation: The Chairman should direct the COO and CFO to revise the accounts payable accrual methodology to specify required steps for properly considering obligation amounts for capitalized assets.

    Agency Affected: United States Securities and Exchange Commission

  18. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chairman should direct the COO and Chief Information Officer to augment control procedures over SEC's information security to include specific steps for (1) configuring SEC's remote host and network infrastructure devices to require the use of strong passwords; (2) disabling access of all contractors and employees to SEC's networks or financial applications upon separation from SEC; (3) monitoring compliance with information security policies, such as by enabling audit and monitoring of software on servers that support financial applications; and (4) mitigating software vulnerabilities, for example, by requiring installation (or deployment) of high-risk patches, consistent with SEC policy.

    Agency Affected: United States Securities and Exchange Commission

 

Explore the full database of GAO's Open Recommendations »

Aug 31, 2015

Aug 17, 2015

Aug 5, 2015

Aug 3, 2015

Jul 30, 2015

Jul 16, 2015

Jul 10, 2015

Jun 30, 2015

Jun 25, 2015

Jun 24, 2015

Looking for more? Browse all our products here