Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures

GAO-11-348R Published: Mar 29, 2011. Publicly Released: Mar 29, 2011.

Highlights

On November 15, 2010, we issued our opinion on the U. S. Securities and Exchange Commission's (SEC) fiscal years 2010 and 2009 financial statements. We also issued our opinion on the effectiveness of SEC's internal controls over financial reporting as of September 30, 2010, and our evaluation of SEC's compliance with selected provisions of laws and regulations during fiscal year 2010. In that report we identified material weaknesses in SEC's controls. The purpose of this report is to present (1) more detailed information and our recommendations related to the material weaknesses we reported and discussed in our opinion report; (2) less significant internal control issues we identified during our fiscal year 2010 audit of SEC's internal controls and accounting procedures, along with our related recommended corrective actions; (3) summary information on the status of the recommendations reported as open in our March 31, 2010, management report, and (4) the status of the security weaknesses in information systems controls at SEC that we identified in public and "Limited Official Use Only" reports issued in 2005 through 2009, that were unresolved at the time of our March 31, 2010, management report.

As part of our audit of SEC's fiscal years 2010 and 2009 financial statements, we identified two material weaknesses in internal control as of September 30, 2010. These material weaknesses concern SEC's (1) information systems controls and (2) controls over financial reporting and accounting processes. The material weakness we identified over information systems, including continuing deficiencies reported in prior audits, spanned both SEC's general support system and all key SEC financial reporting applications. The material weakness in financial reporting and accounting processes we identified encompassed deficiencies in five areas of SEC's operations and related reporting: (1) financial reporting process, (2) budgetary resources, (3) registrant deposits, (4) disgorgement and penalties, and (5) required supplementary information. These material weaknesses may adversely affect the accuracy and completeness of information used and reported by SEC's management. We are making a total of 30 new recommendations to address these material weaknesses. We also identified other internal control issues that, although not considered material weaknesses or significant control deficiencies, warrant SEC management's consideration. These issues concern: (1) proper and timely approvals of disbursements, (2) review of service providers' auditor reports, and (3) controls over travel transaction documentation. We are making a total of 3 new recommendations related to these less significant control deficiencies. We are also providing summary information on the status of SEC's actions to address the recommendations from our prior audits as of the conclusion of our fiscal year 2010 audit. Specifically, as summarized in enclosure I, by the end of our fiscal year 2010 audit, we found SEC took action to fully address 17 of the 50 recommendations from our prior audits that were open at the time of our March 31, 2010, management report. Lastly, we are providing summary information on the status of SEC's actions to address previously reported information system security weaknesses. Specifically, as of the end of fiscal year 2010, we found SEC took action to address 18 of the 22 security weaknesses in information systems controls that were open at the time of our March 31, 2010, management report. In providing written comments on a draft of this report, the SEC Chairman stated that remediation of the agency's two material weaknesses is a top priority for SEC. The Chairman stated that SEC is taking a number of steps to address the material weaknesses this fiscal year; however, putting SEC's internal controls on a solid footing over the long term primarily requires significant investment in SEC's financial systems. The Chairman also stated that the centerpiece of SEC's remediation strategy is to migrate its core financial system and transaction processing to a Federal Shared Service Provider. SEC also provided technical comments which we incorporated as appropriate. We will evaluate SEC's actions, strategies, and plans as part of our fiscal year 2011 audit.

Recommendations

Recommendations for Executive Action

Agency Affected	Recommendation	Status
United States Securities and Exchange Commission	In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the Chief Operating Officer (COO) and Chief Information Officer (CIO) to establish a mechanism to ensure current procedures for implementing all elements of an entitywide information security program for GSS are followed, consistent with Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) guidance.	Closed – Implemented In fiscal year 2011, we reported that SEC did not implement all elements of an entitywide information security program consistent with Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) guidance. We recommended that SEC establish a mechanism to ensure current procedures for implementing all elements of an entitywide information security program for General Support System are followed. In fiscal year 2011, we verified that SEC, in response to our recommendation, implemented a continuous vulnerability scanning process and established metrics that were incorporated into the CIO dashboard. As a result, SEC has greater... View More
United States Securities and Exchange Commission	In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures to ensure timely follow up on outstanding general support system (GSS) Plan of Action and Milestones (POA&M) items are followed, consistent with SEC policy.	Closed – Implemented In fiscal year 2011, we reported that SEC did not adequately implement all elements of an entitywide information security program for the general support system (GSS) consistent with Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) guidance. We recommended that SEC establish a mechanism to ensure current procedures to ensure timely follow up on outstanding GSS POA&M items are followed, consistent with SEC policy. In fiscal year 2011, we verified that SEC, in response to our recommendation, reviewed POA&M items weekly at a meeting of all senior OIT staff. SEC tracked POA&M items using a web-based tool. In fiscal... View More
United States Securities and Exchange Commission	In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures for audit logging and audit log monitoring activities are followed for all financial systems.	Closed – Implemented In fiscal year 2011, we reported that SEC did not adequately monitor system security audit logs. We recommended that SEC establish a mechanism to ensure current procedures for audit logging and audit log monitoring activities are followed for all financial systems. In fiscal year 2011, we verified that SEC, in response to our recommendation, established logging and auditing activities for financial applications and developed a procedure for database audits. As a result, SEC has greater assurance for the integrity of its financial reporting.
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures to periodically review the information system access and roles of all SEC personnel for suitability and compliance with authorized security forms are followed, consistent with SEC policy.	Closed – Implemented In fiscal year 2011, we reported that SEC did not always adequately segregate computer-related duties and functions. We recommended that SEC establish a mechanism to ensure current procedures to periodically review the information system access and roles of all SEC personnel for suitability and compliance with authorized security forms are followed, consistent with SEC policy. In fiscal year 2011, we verified that SEC, in response to our recommendation, established procedures for segregation of duties process and validated the process through the user account management validation. As a result, SEC has greater assurance that personnel with inappropriate access to accounts unrelated to... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CIO to perform and document a business impact analysis (BIA) for the GSS in accordance with SEC policy.	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not perform a required business impact analysis (BIA) for the general support system (GSS). The BIA is an essential component of the SEC business continuity management program. The BIA links specific system components with the critical services they provide, identifying the consequences that disrupting of the system's availability would have on the SEC mission. In fiscal year 2011, we verified that SEC, in response to our recommendation, documented recovery time objectives for its applications. The GSS supports the recovery time objective for each of the... applications in SEC's network. View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CIO to conduct an analysis of the cost and benefits of relocating the Alternate Data Center (ADC) to a different geographical area in comparison with the cost of recreating data if a major disaster compromised data at both primary Operations Center (OPC) and ADC locations.	Closed – Implemented In fiscal year 2011, we reported that SEC did not conduct a cost analysis relative to the geographic separation of the primary operations center and alternate data center (ADC). We recommended that SEC conduct an analysis of the cost and benefits of relocating the ADC to a different geographical area in comparison with the cost of recreating data if a major disaster compromised data at both operations center and alternate data center. In fiscal year 2011, we verified that SEC, in response to our recommendation, conducted a study that determined the cost and performance degradation with geographically separating data centers. As a result, SEC has greater assurance that its decision with... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and Chief Financial Officer (CFO) to augment policies and procedures to ensure the completeness of the "GL Summary file" used to prepare monthly trial balance reports, including procedures for identifying and notifying management and key users of any errors or omissions detected in the report.	Closed – Implemented The Securities and Exchange Commission's (SEC) procedures to prepare monthly financial statements and trial balance reports used transaction journals extracted from the general ledger (GL), the GL Summary file. In our fiscal year 2010 audit of SEC's financial statements, we found that SEC did not have controls in place to ensure the GL Summary file was complete to rely on for preparing monthly financial reports. For example, we found the version of the GL Summary file used to calculate and prepare manual adjustments was missing over 57,000 records. The lack of controls to reasonably assure the GL Summary file was complete significantly increased the risk of errors in the monthly... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing control procedures over the "GL Summary file" by requiring documented approval by SEC management before making the file available to key users to calculate manual adjustments.	Closed – Implemented The Securities and Exchange Commission's (SEC) procedures to prepare monthly financial statements and trial balance reports used transaction journals extracted from the general ledger (GL), the GL Summary file. In our fiscal year 2010 audit of SEC's financial statements, we found that SEC did not have controls in place to ensure the GL Summary file was complete to rely on for preparing monthly financial reports. For example, we found the version of the GL Summary file used to calculate and prepare manual adjustments was missing over 57,000 records. The lack of controls to reasonably assure the GL Summary file was complete significantly increased the risk of errors in the monthly... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement procedures over the preparation of the monthly accounts payable accrual calculation and entry to provide assurance that all organization codes are included in the calculation.	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that the SEC's procedures over the preparation of its monthly accounts payable accrual entry did not provide for identification of all instances in which goods or services were received and accepted but not yet paid prior to month-end. Consequently, SEC did not accurately and completely capture all of the appropriate accounts payable activity during a month, resulting in an understatement of SEC's monthly accounts payable. According to SEC's accounts payable policy, and in accordance with Statement of Federal Financial Accounting Standards (SFFAS) No. 5, accounts payable... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment procedures over the preparation of the monthly accounts payable accrual entry to provide for identification of all instances in which a good or service has been received and accepted but has not yet been paid prior to month-end.	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that the SEC's procedures over the preparation of its monthly accounts payable accrual entry did not provide for identification of all instances in which goods or services were received and accepted but not yet paid prior to month-end. Consequently, SEC did not accurately and completely capture all of the appropriate accounts payable activity during a month, resulting in an understatement of SEC's monthly accounts payable. According to SEC's accounts payable policy, and in accordance with Statement of Federal Financial Accounting Standards (SFFAS) No. 5, an accounts payable... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment policies and procedures concerning SEC's monthly review and recalculation of securities transaction fee assessments to include procedures to ensure that the appropriate fee rate is used in the calculation of accounts receivable.	Closed – Implemented In our fiscal year 2010 financial statement audit of the Securities and Exchange Commission, GAO found that SEC management's monthly review of its manual accounts receivable calculations related to its securities transaction revenue did not identify that SEC staff were using the wrong fee rate in the calculations for April, May, and June. Specifically, GAO noted that management's review was designed to ensure that the Section 31 fee rate calculations were accurate but did not provide for assessing the propriety of data (e.g., fee rate) used in the calculation. As a result, SEC's initial calculation of its securities transaction revenue receivable balance as of June 30, 2010 was... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment policies and procedures concerning supervisory review of key spreadsheets used for financial disclosures to provide assurance that calculations within the spreadsheets are accurate.	Closed – Implemented Our fiscal year 2010 audit of Securities and Exchange Commission's (SEC) financial statements found that several of SEC's key spreadsheets used for its financial disclosures contained errors, which were not detected by supervisory reviews. We recommended that SEC augment policies and procedures concerning supervisory review of key spreadsheets used for financial disclosures to provide assurance that calculations within the spreadsheets were accurate. In response to our recommendation, in fiscal year 2012, SEC developed procedures to ensure that financial data extracted from applications into spreadsheets remains accurate and reliable. As a result, SEC significantly reduced the risk of... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to record investment activity in the general ledger using investment purchase and withdrawal requests submitted to Bureau of Public Debt (BPD).	Closed – Implemented The Securities and Exchange Commission (SEC) collects and invests amounts received from disgorgement, civil monetary penalties, and interest against violators of federal securities laws on behalf of harmed investors in U.S. Treasury securities with the Bureau of Public Debt (BPD). In our fiscal year 2010 audit of the SEC's financial statements, we found that SEC did not utilize internal data when recording investment activity in the general ledger or reconcile the general ledger postings to the related purchase and withdrawal transactions submitted to BPD for processing. Consequently, SEC's monthly adjustment to record investment activity did not identify an investment withdrawal... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to reconcile investment balances reported by BPD to SEC records of investment purchase and withdrawal transactions processed during the reporting period.	Closed – Implemented The Securities and Exchange Commission (SEC) collects and invests amounts received from disgorgement, civil monetary penalties, and interest against violators of federal securities laws on behalf of harmed investors in U.S. Treasury securities with the Bureau of Public Debt (BPD). In our fiscal year 2010 audit of the SEC's financial statements, we found that SEC did not utilize internal data when recording investment activity in the general ledger or reconcile the general ledger postings to the related purchase and withdrawal transactions submitted to BPD for processing. Consequently, SEC's monthly adjustment to record investment activity did not identify an investment withdrawal... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to reconcile SEC's calculated interest receivable to interest receivable amounts reported by BPD.	Closed – Implemented The Securities and Exchange Commission (SEC) collects disgorgement, civil monetary penalties, and interest from violators of federal securities laws. SEC may invest amounts of disgorgements and penalties collected on behalf of harmed investors in U.S. Treasury securities with the Bureau of Public Debt (BPD). In our fiscal year 2010 audit of the SEC's financial statements, we found that SEC was not properly using BPD reports in its calculation of interest receivable on investment balances. Consequently, SEC's interest receivable balances were misstated for a majority of the fiscal year. In March 2011, we recommended that SEC develop and implement policies and procedures to reconcile SEC's... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing control procedures over the processing of journal vouchers (JV) transactions to provide assurance that JVs processed into the general ledger reflect transactions approved by management. Such procedures should provide for accurate JV transaction posting at the account, fund, organization, and budget object class level.	Closed – Implemented During our fiscal year 2010 financial statement audit, we found that the Security and Exchange Commission's (SEC) review procedures over journal vouchers (JV) transactions were not operating effectively. We recommended that SEC augment existing control procedures over the processing of JV transactions to provide assurance that JVs processed in the general ledger reflect transactions approved by management. In response to our recommendation, in fiscal year 2012, SEC developed and implemented monitoring controls to ensure that JVs were being recorded in the general ledger in accordance with the JV forms approved by management. These revised control procedures significantly improved SEC's... View More
United States Securities and Exchange Commission	To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement reconciliation, validation, and analytical procedures to ensure the reliability of the "Open Obligations Review Reports" used by the various SEC divisions and offices in their review of unliquidated obligations.	Closed – Implemented During our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC's review process for unliquidated obligations did not identify inaccuracies in the Open Obligations Review Reports which are relied on to certify the accuracy of recorded SEC obligations. We recommended that SEC develop and implement reconciliation, validation, and analytical procedures to ensure the reliability of the Open Obligations Review Reports used by the various SEC divisions and offices in their review of open obligations. In response to our recommendation, in fiscal year 2013, SEC developed a centralized list of open obligations containing significant... View More
United States Securities and Exchange Commission	To help address the deficiency in control over the recording of miscellaneous purchase order documents (MO), we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing policies and procedures for recording obligations to include, at a minimum: (a) back-up procedures for the recording of obligations in the event that responsible employees are unable to perform their assigned duties; and (b) controls designed to ensure that SEC offices submit obligating documents to OFM for processing as obligations are incurred.	Closed – Implemented In response to our recommendation, SEC issued written procedures on July 2015. The procedures required SEC to commit funds upon creation of a purchase requisition related to miscellaneous obligating documents. The procedures also required designated SEC staff or a back-up to review obligating documents for accuracy, completeness, and sufficiency of funds prior to the creation of the purchase order and the recording of the obligation in the financial system. Proper and effective implementation of these new procedures should result in the prompt recording of obligations in the financial systems and reduce SEC's risk of over-obligating funds that could lead to Anti-Deficiency Act... violations. View More
United States Securities and Exchange Commission	To help address the deficiency in control over the recording of MOs, we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to augment guidance in SEC's Unliquidated Obligation Review Process to provide, at a minimum: (a) clarifying and communicating the responsibilities for recording deobligations; and (b) clarifying when to deobligate unliquidated obligations with no recent activity for financial reporting purposes and for contract close-out purposes for completed contracts to be consistent with applicable federal financial reporting guidance and OMB Circular No. A-11, "Preparation, Submission, and Execution of the Budget."	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not have adequate controls for timely recording of budgetary transactions. Specifically, our review found that 7 of the 10 deobligation transactions we selected for testing were approved for deobligation during SEC's April 30, 2010 unliquidated obligations review process but were not deobligated as of June 30, 2010. Similarly, our sample of recorded downward adjustment transactions found two instances in which the downward adjustment to a purchase contract was not recorded in the same accounting period in which it was approved for deobligation. As a result of these... View More
United States Securities and Exchange Commission	To help address the deficiency in control over the recording of MOs, we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement documented control procedures to ensure liquidation and/or deobligation of remaining travel obligations after the completion of the travel.	Closed – Implemented During our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that twenty travel obligations we tested did not have their voucher submitted within the five business days allotted by Federal Travel Regulation (FTR). Our testing found that between 4 to 16 months had elapsed from the time travel was completed until the deobligations were recorded in the general ledger. Further, our testing of unliquidated obligations at June 30, 2010, found that six of the eight travel obligations we reviewed were not liquidated upon completion of the travel. We recommended that SEC develop and implement documented control procedures to ensure liquidation... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO to implement procedures to prepare and post correcting budgetary transactions prior to the close of the monthly accounting period until such time that SEC is able to correct configuration limitations of its general ledger system.	Closed – Implemented During our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we continued to find incorrect posting configurations in SEC's general ledger system related to the proper accounting of adjustments to previously recorded obligations such as downward-adjustments. These resulted in significant misstatements in SEC's interim statements of budgetary resources until these errors were corrected. We recommended that, until SEC is able to correct the posting configuration errors in its general ledger system, SEC should implement procedures to prepare and post correcting budgetary transactions prior to the close of each monthly accounting period. In... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO to augment existing policies and procedures to provide for supporting documentation for MOs consistent with applicable guidance provided in OMB Circular No. A-11.	Closed – Implemented Our fiscal year 2010 financial statement audit of the Securities and Exchange Commission (SEC) found that SEC's obligations were not always supported by documentation evidencing approval by an authorized individual. GAO recommended that SEC augment existing policies and procedures to provide for supporting documentation for miscellaneous obligating documents (MOs) consistent with applicable guidance provided in OMB Circular No. A-11. In response to our recommendation, in fiscal year 2012, SEC revised its Reference Guide Budget Formulation and Execution: Miscellaneous Obligating Documents, to specifically require supporting documentation for MOs consistent with applicable guidance... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to augment current procedures to require that Enforcement's reviews of disgorgement and penalty data in the case-management system be completed prior to closing the accounting period.	Closed – Implemented In our fiscal year 2010 financial statement audit of the Securities and Exchange Commission (SEC), GAO noted that SEC's procedures for entering disgorgement and penalty accounts receivable transactions into its general ledger system did not provide effective controls over the accuracy of financial data. We recommended that SEC augment current procedures to require that reviews of disgorgement and penalty data entered in the case-management system be completed prior to the close of the relevant accounting period. In response to our recommendation, in fiscal year 2012, SEC replaced its old case management system with the implementation of ImageNow, a document management and workflow system... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement policies and procedures to identify and post receivable transactions for court orders initiating the transfer of monies to the SEC after a distribution has occurred in accordance with generally accepted accounting principles.	Closed – Implemented The Securities and Exchange Commission (SEC) is to recognize a receivable for disgorgement, civil monetary penalties, and interest from violators of federal securities laws when designated in an order or a final judgment to collect the assessed disgorgement, penalties, and interest. SEC is also party to court orders directing violators of federal securities laws to pay amounts assessed to a federal court or to a nonfederal receiver acting on behalf of harmed investors. SEC is to recognize a receivable when a court order provides for transfer of monies from a court to SEC. In our fiscal year 2010 audit of the SEC's financial statements, we found that SEC's procedures did not require... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement policies and procedures to calculate and accrue for post-judgment interest amounts collectible prior to closing the accounting period in accordance with generally accepted accounting principles.	Closed – Implemented The Securities and Exchange Commission (SEC) issues orders and administers judgments ordering, among other things, disgorgement, civil monetary penalties, and interest against violators of federal securities laws. Further, under 28 U.S.C. 1961, SEC is to accrue post-judgment interest on federal money judgments entered in a civil suit in federal court. Unless otherwise provided, post-judgment interest also accrues on SEC orders requiring the payment of disgorgement or penalties that the commission issues in administrative proceedings. In our fiscal year 2010 audit of SEC's financial statements, we found that SEC did not have procedures requiring periodic calculation and accrual of amounts... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement procedures to provide for footnote disclosures concerning post-judgment interest amounts accrued on uncollectible accounts receivable in accordance with generally accepted accounting principles.	Closed – Implemented The Securities and Exchange Commission (SEC) issues orders and administers judgments ordering, among other things, disgorgement, civil monetary penalties, and interest against violators of federal securities laws. Further, under 28 U.S.C. 1961, SEC is to accrue post-judgment interest on federal money judgments entered in a civil suit in federal court. Unless otherwise provided, post-judgment interest also accrues on SEC orders requiring the payment of disgorgement or penalties that the commission issues in administrative proceedings. In our fiscal year 2010 audit of SEC's financial statements, we found that SEC did not have procedures requiring periodic calculation and accrual of amounts... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to establish and implement procedures for recording all check collections in the general ledger in the same fiscal period they are received in accordance with generally accepted accounting principles.	Closed – Implemented The Securities and Exchange Commission (SEC) issues orders and administers judgments ordering, among other things, disgorgement, civil monetary penalties, and interest against violators of federal securities laws. In accordance with generally accepted accounting principles, SEC is to recognize a receivable when it is designated in an order or a final judgment to collect the assessed disgorgement, penalties, and interest and reduce the receivable by the dollar amount of checks collected. In our fiscal year 2010 audit of the SEC's financial statements, we found that SEC did not have effective procedures to ensure proper cutoff of its collection on disgorgement and penalties receivable. Our... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to revise existing posting configurations to account for amounts disbursed from SEC's Deposit Suspense Liability accounts in accordance with the U.S. Standard General Ledger (USSGL).	Closed – Implemented Our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements found that SEC's posting model for recording disgorgement and penalty amounts disbursed from SEC's Deposit Suspense Liability Non Fed account in its General Ledger was not in compliance with the US Standard General Ledger (USSGL). We recommended that SEC revise existing posting configurations to account for amounts disbursed from SEC's Deposit Suspense Liability accounts in accordance with the USSGL. In response to our recommendation, in fiscal year 2012, SEC revised existing posting configurations to account for amounts disbursed from SEC's Deposit Suspense Liability accounts in accordance... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, until posting configurations for amounts disbursed from SEC's Deposit Suspense Liability accounts are corrected, to establish and implement interim procedures to evaluate balances residing in SEC's Deposit Suspense Liability accounts and adjust related accounts for amounts that have already been disbursed prior to the close of each accounting period.	Closed – Implemented The Securities and Exchange Commission's (SEC) Liability for Disgorgement and Penalties line item is made up of two general ledger accounts (GLAC): (1)2990, Other Liabilities without Related Budgetary Obligations, and (2)GLAC 2400, Deposit Suspense Liability- Non Fed, which represents cash, accounts receivables, and investment balances that are pending distribution to harmed investors or to the general fund of the U.S. Treasury. SEC uses GLAC 2400 to temporarily account for disgorgement and penalty transactions that are awaiting disposition or reclassification, such as cash receipts for which SEC has not recorded a related receivable. As of September 30, 2010, SEC reported balances for... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO to augment procedures concerning SEC's review of its financial statements to specify review steps necessary to ensure that all applicable financial statements, related notes, and required supplementary information required under OMB Circular No. A-136 are presented.	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC management's review of the draft annual financial statements did not detect the omission of key required supplementary information (RSI). Specifically, SEC omitted $452 million in disaggregated budgetary information for one of its major budget accounts presented in the draft statement of budgetary resources. Consequently, SEC's draft financial statements were not in compliance with OMB Circular A-136 and generally accepted accounting principles (GAAP). In March 2011, we recommended that SEC augment procedures concerning SEC's review of its financial statements to... View More
United States Securities and Exchange Commission	We reaffirm our prior recommendation that SEC investigate the causes of late payments and develop and implement any necessary corrective action. The Chairman should direct the COO and CFO to establish a mechanism to monitor compliance with the documentation requirements under SEC regulations to ensure proper, consistent approval of invoices by Contracting Officer's Technical Representatives (COTR), Inspection and Acceptance Officials (IAO), and other designated persons and retention of their appointment letters, if applicable.	Closed – Implemented In our fiscal year 2010 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC had no mechanism to monitor compliance with the documentation requirements for invoice approval under its internal Administrative Regulation, SECR 10-15. Such documentation is necessary to ensure proper, consistent approval of invoices by Contracting Officer's Technical Representatives (COTR) or Inspection and Acceptance Officials (IAO) and to ensure consistent retention of their appointment letters. Our fiscal year 2010 audit found that invoices were not always approved by a properly designated COTR or IAO in accordance with SEC regulations. Specifically, during our... View More
United States Securities and Exchange Commission	We reaffirm our prior recommendation that SEC establish procedures to comprehensively identify and assess risk related to SEC's payroll-related activities, including risk associated with user controls identified by its payroll service provider in SAS No. 70 reports. The Chairman should direct the COO and CFO also to establish and implement procedures requiring review of the payroll service provider SAS No. 70 report to include consideration of whether compensating controls are needed to address any open exceptions in the report that affect SEC's payroll processing.	Closed – Implemented In our fiscal year 2009 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC lacked procedures to comprehensively identify and assess risk related to SEC's payroll-related control activities, including risk associated with user controls identified by its payroll service provider in Statement on Auditing Standards (SAS) 70 reports. Based on our review of SEC's risk assessment of internal controls over financial reporting, we found that management did not develop an understanding of its complete financial reporting control environment sufficient to identify all relevant risks and effectively plan and test controls. For example, a significant... View More
United States Securities and Exchange Commission	The Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures detailing the steps and documentation required to effectively control and monitor travel expenses paid through the central billing account, including steps required to ensure documented receipt of refunds or credits for travel/tickets that were previously paid for by SEC but subsequently canceled.	Closed – Not Implemented SEC officials informed GAO that the agency will not implement corrective actions to address this recommendation and will accept the associated risks.

See All 33 Recommendations

Full Report

Full Report (37 pages)

Accessible Text

GAO Contacts

James R. Dalkin

Director

Financial Management and Assurance

dalkinj@gao.gov

Media Inquiries

Sarah Kaczmarek

Managing Director

Office of Public Affairs

media@gao.gov

Public Inquiries

Topics

Auditing and Financial Management

AccountingAccounting proceduresAccounting standardsAccounts receivableAuditing proceduresBudget obligationsFinancial management systemsFinancial recordsFinancial statement auditsFinancial statementsInformation systemsInternal auditsInternal controlsRecordsReporting requirementsReports managementMaterial weakness