Management Report:

Improvements Needed in SEC's Internal Controls and Accounting Procedures

GAO-14-416R: Published: May 12, 2014. Publicly Released: May 12, 2014.

Additional Materials:

Contact:

James R. Dalkin
(202) 512-3133
dalkinj@gao.gov.

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During its audit of the U.S. Securities and Exchange Commission’s (SEC) fiscal year 2013 financial statements, GAO identified several deficiencies in SEC’s internal control over financial reporting that it did not consider to be material weaknesses or significant deficiencies, either individually or collectively, but which nonetheless warrant SEC management’s attention. These deficiencies related to

  • procedures for transferring disgorgement and penalty-related funds to the Department of the Treasury (Treasury),
  • monitoring of disgorgement and penalty related cases filed in courts,
  • segregation of duties for recording disgorgement and penalty-related financial data,
  • safeguarding of SEC cash receipts received at its service provider,
  • recording of property and equipment transactions, and
  • management’s review of legal contingencies and significant events.

GAO is making 9 new recommendations to address these deficiencies in SEC’s controls over financial reporting. Further, GAO’s follow-up on the status of internal control recommendations that it made in prior reports found that SEC took action to fully address 24 of 40 prior years’ recommendations that remained open at the beginning of fiscal year 2013. Consequently, SEC currently has 25 recommendations that need to be addressed—the 16 prior recommendations and the 9 new ones being made in this report. 

Why GAO Did This Study

During GAO’s audit of SEC’s fiscal year 2013 financial statements, GAO identified several deficiencies in SEC’s internal control over financial reporting that it did not consider to be material weaknesses or significant deficiencies, either individually or collectively, but which nonetheless warrant SEC management’s attention. The recommendations provided in this report will help improve internal control over financial reporting at SEC. In addition, this report provides summary information on the status of SEC’s actions to address the open recommendations from prior GAO reports. 

What GAO Recommends

GAO is making nine new recommendations to address deficiencies in SEC’s controls over financial reporting.

In commenting on a draft of this report, SEC acknowledged that the report contained a number of helpful recommendations to strengthen SEC’s internal controls over financial reporting. Further, the SEC Chair stated that SEC is working to address the recommendations contained in the report and that SEC remains committed to investing the time and resources to maintain strong and sustainable internal control over financial reporting.

For more information, contact James R. Dalkin at (202) 512-3133 or dalkinj@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chair should direct the Chief Operating Officer (COO) and Chief Financial Officer (CFO) to develop and implement specific procedures for documenting (1) the funds availability validation procedures performed and (2) the supervisory review to ensure that validation of funds availability procedures is appropriately performed prior to transferring disgorgement and penalty-related funds to Treasury.

    Agency Affected: United States Securities and Exchange Commission

  2. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chair should direct the COO and CFO to enhance current SEC procedures over the daily reconciliation process by developing and implementing sufficiently detailed operating procedures that include specific review procedures to be followed, such as verifying that the alert in CourtLink was actually established and documenting that this review procedure had been performed, to ensure that all SEC disgorgement and penalty judgment cases are tracked in CourtLink and uploaded into ImageNow.

    Agency Affected: United States Securities and Exchange Commission

  3. Status: Closed - Implemented

    Comments: During our fiscal year 2013 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not fully segregate certain incompatible duties in assigning user roles in SEC's system used for tracking disgorgement and penalties cases. Specifically, we found that both an SEC branch chief and the branch chief's backup had access to all user roles (e.g., create, audit, and approve the recording of transactions) in the system. We recommended that SEC restrict user roles in SEC's system for tracking and documenting processes leading to the recording of financial data related to disgorgement and penalty transactions to ensure proper segregation of duties and compliance with SEC's policies and procedures for assigning user roles. In response to our recommendation, in August 2014, SEC updated its procedures and implemented controls, such as approval of user privileges by a designated manager and a semiannual review of user privileges, to mitigate the segregation of duties risk and restrict user roles for tracking and documenting the recording of financial data related to disgorgement and penalty transactions Also, in fiscal year 2014, SEC restricted user roles in the system to ensure proper segregation of duties. As a result, SEC has reduced the risk of fraud or error in the recording of disgorgement and penalty transactions.

    Recommendation: The Chair should direct the COO and CFO to restrict user roles in SEC's system for tracking and documenting processes leading to the recording of financial data related to disgorgement and penalty transactions to ensure proper segregation of duties and compliance with SEC's policies and procedures for assigning user roles.

    Agency Affected: United States Securities and Exchange Commission

  4. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chair should direct the COO and CFO to coordinate with SEC's service provider to develop and implement controls to (1) physically secure cash receipts received by the service provider on SEC's behalf prior to delivery and processing in the general accounting branch and (2) log mail as it is opened in the general accounting branch and store checks in a safe or other locked facility until deposited.

    Agency Affected: United States Securities and Exchange Commission

  5. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chair should direct the COO and CFO to coordinate with SEC's service provider to request that its service auditor test safeguarding controls over cash receipts received by the service provider on SEC's behalf and report on the design and operation of such controls in the service auditor's report.

    Agency Affected: United States Securities and Exchange Commission

  6. Status: Open

    Comments: We will review as part of our FY 2015 audit.

    Recommendation: The Chair should direct the COO and CFO to develop and implement control procedures to ensure that responsible offices timely complete and submit the required documentation to the service provider for recording of an asset into the FA module in the same accounting month as it is received or placed in service.

    Agency Affected: United States Securities and Exchange Commission

  7. Status: Closed - Implemented

    Comments: During our fiscal year 2013 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC lacked effective controls to ensure the timely recording of its property and equipment transactions in its Fixed Asset (FA) module (subsidiary ledger). Specifically, we found a reclassification form for $3.2 million, to capitalize previously expensed costs, was not recorded until 7 months after the assets were placed in service. We recommended that SEC develop and implement control procedures for the timely processing of reclassification forms into the FA module to ensure that such forms are processed in the same month that the assets are placed into service. In response to our recommendation, in June 2014, SEC established procedures to review, weekly, expensed asset acquisitions to determine the need to reclassify asset acquisitions that meet SEC's capitalization criteria prior to being posted into the FA module. During our fiscal year 2014 audit of SEC's financial statements, specifically, our test of capitalizable asset acquisitions, did not find untimely recording of capitalizable asset acquisition. We therefore concluded that reclassifications of expensed capitalizable costs were timely performed and that SEC effectively implemented control procedures that ensured timely processing of asset reclassification forms into the FA module. As a result, SEC reduced the risk of misstatement in SEC's property and equipment balances reported in its financial statements.

    Recommendation: The Chair should direct the COO and CFO to develop and implement control procedures for the timely processing of reclassification forms into the Fixed Asset module to ensure that such forms are processed in the same month that the assets are placed into service.

    Agency Affected: United States Securities and Exchange Commission

  8. Status: Closed - Implemented

    Comments: During our fiscal year 2013 audit of the Securities and Exchange Commission's (SEC) financial statements, we found certain inconsistencies of legal contingencies discussed in SEC's interim legal representation letter (letter) and the related management schedule prepared to document management's evaluation of the contingencies discussed in the letter. For example, the letter stated that discussions were ongoing related to certain claims that appeared to constituted liabilities to be recorded in SEC's financial statements. Although SEC did not ultimately record theses claims as liabilities, the management schedule did not sufficiently document management's assessment that these asserted claims were not liabilities. We recommended that SEC implement controls to ensure that procedures for reviewing legal contingencies reflected in the management schedule are followed and that such reviews are properly documented. In response to our recommendation, in May 2014, SEC updated its contingency and subsequent events policy and procedures to include steps to cross reference the management schedule to the legal representation letter and to specify the individuals who must review the management schedule. Also, in fiscal year 2014, we did not find errors or inconsistencies in the legal representation letter and the related Office of Financial Management's management schedules. Therefore, we determined that SEC had implemented adequate controls for reviewing legal contingencies, as we recommended. As a result, SEC significantly improved its procedures for reviewing legal contingencies and reduced the risk of misstatement related to legal liabilities reported in its financial statements.

    Recommendation: The Chair should direct the COO and CFO to implement controls to ensure that procedures for reviewing legal contingencies reflected in the management schedule are followed and that such reviews are properly documented.

    Agency Affected: United States Securities and Exchange Commission

  9. Status: Closed - Implemented

    Comments: During our fiscal year 2013 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not have a process for ensuring that it timely analyzed significant events with potential financial consequences and recorded any necessary transactions in its financial records. Specifically, SEC management did not review the financial implications of its April 23, 2013, announcement informing its employees of a 1 percent supplemental retirement benefit until October 2013, after the end of the fiscal year. We recommended that SEC develop and implement control procedures for timely assessment and, as applicable, timely recording of significant events with financial consequences. In response to our recommendation, in May 2014 SEC updated its control procedures for subsequent events to require a data call with the Office of Human Resources to discuss any significant events. SEC's Office of Financial Management and Office of Human Resources met in the third and fourth quarter of fiscal year 2014 and documented this meeting. As a result, we determined that SEC has improved its procedures for assessing and recording significant events and therefore reduced the risk of misstatements related to significant events reported in its financial statements.

    Recommendation: The Chair should direct the COO and CFO to develop and implement control procedures for timely assessment and, as applicable, timely recording of significant events with financial consequences.

    Agency Affected: United States Securities and Exchange Commission

 

Explore the full database of GAO's Open Recommendations »

Jul 16, 2015

Jul 15, 2015

Jul 10, 2015

Jul 9, 2015

Jul 7, 2015

Jun 30, 2015

Jun 25, 2015

Jun 24, 2015

Jun 17, 2015

Looking for more? Browse all our products here