This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

1994 Semiannual Report to Congress
April 1994

EXECUTIVE SUMMARY

During this reporting period (October 1, 1993 to March 31, 1994) the Office of Inspector General completed eight audits and eight investigations.

In keeping with the our expanded emphasis on Commission programs, many audit recommendations concerned improvements to program operations. These operations included workpapers of broker/dealer examinations, the Chief Counsel Letter Log in the Division of Investment Management, and Commission follow-up of deficiencies found in investment company/investment adviser inspections.

The Office also conducted audits of disaster recovery contingency capabilities for critical computer systems, the Commission's Management Control Program, consulting services contracts, and implementation of the Contractor Lobbying Statute. A close-out audit of a system development contract identified $37,000 in questioned costs.

The audit of disaster recovery found that the Commission has established a back-up disaster recovery site for critical systems and that a formal disaster recovery plan is being developed. However, the Commission has not yet decided on long-term disaster recovery procedures for the EDGAR system.

The Office completed program surveys of four major programs during the period including: Full Disclosure, Market Regulation, Enforcement, and Investment Management. The surveys and a risk assessment, also completed this period, will help the Office implement its current audit strategy focusing on Commission programs, while maintaining audit coverage of financial and administrative areas.

Three of the eight investigations closed during the period resulted in referrals to the Commission. A follow-up to a prior investigation found evidence of forgery and embezzlement of an additional $650 in travel advance funds by a former employee. In another investigation, an employee confessed to personal use of a government vehicle during working hours.

A peer review, conducted by the National Credit Union Administration Inspector General, found that the we met all applicable auditing standards.

Because of increased use of automation, the Office was able to convert a secretarial position to an auditor position. This change streamlined operations and is enhancing efficiency.

AUDIT PROGRAM

The Office issued eight audit reports during this reporting period. Forty-three recommendations were made in these reports, which are further described below. Management generally concurred with the recommendations.

Broker/Dealer Examination Workpapers

Audit 194, October 20, 1993

The regions implement a program of broker/dealer examinations under the overall direction of the Division of Market Regulation. We audited the policies and procedures governing examination workpapers. Our objective was to determine whether adequate management controls were in place and functioning as intended.

The workpapers reviewed generally supported deficiencies in the examination reports and most workpapers were adequately organized. In addition, the Division and regional staff have implemented a number of management controls over workpapers.

Most checklists of examination steps we reviewed were only partially complete, however. Without this documentation, it could not be determined if all examination procedures were performed. Also, although regional staff indicated that supervisors review workpapers, these reviews were generally not documented.

We recommended that policy guidance be issued on a number of topics, including completion of the checklists, organization of workpapers, supervisory review of workpapers, and Market Regulation's review function. The Division should also expand its technical assistance and training activities.

Follow-up of IA/IC Inspection Deficiencies

Audit 198, February 22, 1994

The Office of Inspections, in the Division of Investment Management (IM), is responsible for coordinating the Commission's investment adviser (IA) and investment company (IC) inspection program. Inspections are primarily conducted by staff of the Commission's five regional and seven district offices to ensure that IAs/ICs are complying with Federal securities laws or to gather information about industry practices.

Our audit reviewed the IA and IC inspection activity for 1992. The objectives were to assess the efficiency and effectiveness of: IA/IC notification of deficiencies, the Commission's review of the correction of prior deficiencies, and the tracking of deficiencies, responses, and follow-up in the field offices.

We found that notification of IAs/ICs is adequate, but improvements are recommended. Our recommendations included documenting closing discussions, describing the inspection process to IAs/ICs, and establishing time frames in which to report deficiencies.

In addition, improvements can be made in the review of prior deficiencies and in the tracking of deficiencies, responses, and follow-up. These recommendations included requiring a work paper statement explaining what the review of prior deficiencies uncovered, establishing a uniform time frame for responding to deficiency letters, and tracking deficiencies.

Mitchell Systems Contract Close-out

Audit 199, March 30, 1994

Under a time and materials/labor-hour contract, Mitchell Systems Corporation provided ADP systems development services to the Office of Information Technology (formally the Office of Information Systems Management) from September 30, 1987 to January 31, 1993. Cotton & Co., an independent CPA firm, performed an audit of contract costs claimed by Mitchell, pursuant to a task order with the Office of Inspector General.

The audit report questioned costs of $37,000. Cotton & Co. also recommended certain improvements in Mitchell's internal controls and its procedures for complying with contract terms.

The Contracting Officer intends to use the report as a basis for negotiations with Mitchell to close-out the contract.

Computer Disaster Contingency Tests

Audit 208, March 31, 1994

The Commission established a back-up computer site at its headquarters as the central component of its computer disaster contingency plans for critical systems. In January, 1994, we observed tests of the back-up computer site. The testing was successful and indicated that the Commission now has an ADP disaster recovery capability for critical systems, thereby addressing a previous material weakness.

We commended the Office of Information Technology (OIT) for its efforts in establishing the back-up site. OIT plans to further enhance the Commission's disaster recovery capabilities by developing a formal disaster recovery plan; training appropriate staff; and conducting periodic tests. We recommended that OIT implement its plans.

The back-up computer site does not address long term disaster recovery for the Electronic Data Gathering and Retrieval (EDGAR) system, however. Currently, paper submissions of necessary filings could be processed in the event of a catastrophic failure of EDGAR. The Commission is currently considering the long term disaster recovery needs of EDGAR. We recommended that OIT develop a disaster recovery plan for EDGAR. As described below, we believe the lack of a long-term contingency plan for the EDGAR system is a significant problem that must be addressed.

Management Control Program - 1993

Audit 204, March 25, 1994

The Commission performs an annual assessment of its management controls, under the direction of the Office of the Executive Director (OED) in compliance with OMB Circulars

A-123 and A-127. The assessment culminates in a certification letter from the Chairman to the President and Congress. The letter provides reasonable assurance that Commission controls are functioning, and describes any material weaknesses in those controls.

As required by OMB, we audited the Commission's 1993 management control assessment. Our objective was to determine whether the assessment was carried out in a reasonable and prudent manner, and in compliance with OMB guidance. Because of time constraints, we limited the scope of the review to discussions with management control staff and analysis of documentation maintained by OED.

Generally, we found that OED implemented the management control program in a reasonable and prudent manner, in accordance with OMB guidance. During 1993, OED enhanced its audit follow-up system; issued guidance on alternative management control reviews; and coordinated the Commission-wide assessment of management controls.

During our review, we noted several enhancements that could be made to the management control program. They include modifying guidance to reflect revisions to Circular A-127, consolidating the Inspector General Advisory Committee and the Management Control Committee, updating the Commission's inventory of management controls, and reviewing the inventory of financial management systems for possible changes.

Reliability of IM Chief Counsel Letter Log

Audit 197, March 9, 1994

The Chief Counsel Letter Log is a microcomputer tracking system which records data concerning no action requests received by the Division of Investment Management (IM). These requests allow companies to determine whether the Commission staff believes a proposed transaction would violate the federal securities laws.

Our audit reviewed no action request activity for Fiscal Years 1992 and 1993. The objectives were to assess the extent to which the Letter Log had accurate and complete data, and adequate controls.

We found that the Letter Log data was generally accurate and complete, but improvements could be made. Recommended improvements include modification of the current data entry and update process, documentation of policies and procedures, reconciliation of the Letter Log and a manual log, placement of the system on the network, development of a user manual, obtaining Letter Log training for appropriate staff, modification of the Letter Log record fields, and obtaining user feedback.

In addition, we found that controls were basically adequate, but improvements were recommended. Recommendations include documenting the existing controls, backing up the data to floppy disks, and developing controls to reduce the risk of exaggeration of the "days tolled" data element, secure the Manual Log, and reconcile the two logs periodically.

Consulting Services Contracts

Audit 206, March 8, 1994

Inspectors General are required under 31 U.S.C. 1114(b) to evaluate consulting service actions annually. Between November and December 1993, we reviewed the consulting contracts and personnel appointments issued in fiscal year 1993. Our objective was to evaluate the Commission's progress in establishing effective management controls over consulting services, and in reporting them to the Federal Procurement Data System (FPDS).

We found that the Commission has made progress since our prior audit. The Office of Administrative and Personnel Management (OAPM) has established a log of consulting contracts, and tracks the obligation of funds against spending limits. The contract files we reviewed contained statements of need, and certifications that the contract did not involve a conflict of interest. OAPM processed consulting appointments appropriately.

Management controls can be improved further, however. Six contract actions were not entered into the log, and one of these was not reported to the FPDS. OAPM should enter these actions in the log, and make the appropriate FPDS report. It should also ensure that the contracting officer reviews the log and FPDS reports.

OMB Circular A-120 on consulting services has been rescinded, effective January 3, 1994. Policy Letter 93-1 replaces the Circular, and incorporates much of the guidance contained in Circular A-120. We recommended that OAPM develop implementation plans and provide training to its staff, as it plans to do.

Contractor Lobbying Statute

Audit 205, February 22, 1994

As required by 31 U.S.C. 1352, we evaluated the compliance of the Commission with this statute, which imposes lobbying restrictions on recipients of Federal funds.

We found that the Commission has complied with 31 U.S.C. 1352. OAPM incorporated the appropriate Federal Acquisition Regulation lobbying clause in its standard solicitation package. This clause was included in the seventeen contract actions awarded during fiscal year 1993 subject to the lobbying restrictions. In addition, OAPM submitted the required Semiannual reports to the Congress during fiscal year 1993.

Program Surveys

Audits 187, 188, 189, and 195, December 16, 1993

The Office completed surveys of the following four programs: Full Disclosure, Market Regulation, Prevention and Suppression of Fraud, and Investment Management. The surveys and a risk assessment, also completed this period, were used in the development of the annual audit plan. They also will be critical in the implementation of the Office's audit strategy. Our current audit focus is on the operations of Commission programs.

INVESTIGATIVE PROGRAM

Eight investigations were closed during the period. Evidence developed during the investigations supported allegations of forgery and embezzlement, misuse of a government vehicle, and violation of time and attendance requirements. The Office referred these matters to Commission management. The most significant two cases are described below.

Forgery and Embezzlement

At the request of the Comptroller's Office, we reviewed a total of $650 in questionable travel advance forms. These forms were processed by a former employee, who had confessed during a prior Office investigation to forgery and embezzlement in connection with another travel advance form of $150. The U.S. Attorney's Office orally declined prosecution of the initial matter. The follow-up investigation identified additional evidence of forgery and embezzlement, which is currently being reviewed by the Office of the General Counsel.

Misuse of Government Vehicle

An employee confessed to personal use of a government vehicle during working hours. Management has indicated that the employee will be suspended for 30 days without pay, as required by Federal statute.

At the close of the period, seven investigations were pending. The investigations involved allegations of:

• Investigative misconduct,

• Unauthorized disclosure of non-public information,

• Personal use of government frequent flyer miles,

• Contracting irregularities,

• Theft,

• Time and attendance abuse, and

• Cover-up of mismanagement.

SIGNIFICANT PROBLEMS

The Commission does not have a long-term disaster recovery plan for the Electronic Data Gathering and Retrieval (EDGAR) system. A long-term automated solution to disaster recovery will become increasingly necessary as essentially all filers will eventually use EDGAR. The Commission is currently considering architectural changes to EDGAR that it believes will provide significant disaster recovery advantages.

In the short term, electronic filers would be asked to file manually, in the event of a computer disaster. Given the relatively small number of EDGAR filers currently, this alternative appears adequate for the time being. At some point, however, as filers are phased onto EDGAR, the Commission will lose its ability to process all filings in paper form. It is critical that the Commission have a tested computer backup for EDGAR before that point is reached.

We recommend that, after the EDGAR architectural decisions are made, OIT develop an EDGAR disaster recovery plan. See the description of Audit 208 above for additional details.

SIGNIFICANT PROBLEMS IDENTIFIED PREVIOUSLY

ADP Disaster Recovery

We previously reported the Commission's critical systems' inability to recover, in a timely manner, from a computer disaster as a significant problem. In response, the Commission established a back-up computer site at its headquarters as the central component of its computer disaster contingency plans for critical systems. In January, 1994, we observed tests of the back-up computer site. The testing was successful and indicated that the Commission now has an ADP disaster recovery capability for critical systems.

ACCESS TO INFORMATION

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

OTHER MATTERS

Audit Risk Assessment

The Office of Inspector General completed its first risk assessment of all Commission programs. The assessment will be used to focus the Office's current audit strategy of concentrating on Commission programs, as well as financial and administrative functions.

The risk assessment methodology consists of five steps:

1) Identify the audit universe. What are the programs, projects, activities, systems, functions, or operations of the Commission? Each is an "audit entity".

2) Identify risk factors. What are the factors that will help determine the relative importance of the audit entity from an audit perspective?

3) Prioritize or weight risk factors. Due to the nature of the Commission's work, what risk factors are important?

4) Score the risk for each audit entity. With respect to each risk factor, how risky is each audit entity?

5) Rank each audit entity. Based on the risk factors and weights, what is the priority order of the audit universe?

Eight risk factors that we believe are appropriate for the Commission's programs, were also identified. The risk factors were developed after reviewing several risk assessment models. The factors also include the requirements of OMB Circular A-73 on audit planning in Federal agencies. They include:

Mission Criticality - Importance to achieving the goals of the program.

Public Policy Considerations - Emphasis placed on the activity because of Congressional, Presidential, or Commission interest.

Materiality - Percent of the dollar value of industry transactions or assets overseen by the program involved in the activity or, for support functions, percent of the Commission program budget involved.

Complexity - Technical, legal, or regulatory complexity, especially coordination with other units.

Prior Review/Audit Experience - The extent to which the activity has been reviewed by external entities (eg., GAO, OIG) and the results of the reviews.

Internal Controls - Quality of the procedures used to maintain control of the activity.

Extent of Staff Discretion Exercised - The frequency and "forgivingness of the environment" in which discretion is exercised.

Degree of Change - New or modified duties, systems, organization, procedures, operations, or personnel. Also changes in statutes, markets, or financial instruments.

When fully analyzed, the risk assessments will help to identify the most cost-effective use of limited audit resources; provide the framework for preparing annual audit plans; and support and justify the use of audit resources.

Executive Council on Integrity and Efficiency

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends all ECIE meetings and is an active member of several of its committees including the Peer Review and Financial Institutions Regulatory committees. He also serves as the ECIE representative to the PCIE Audit Committee - Training Subcommittee.

The Counsel to the Inspector General is Vice-Chair of the President's Council on Integrity and Efficiency, Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

Peer Review

In compliance with the Inspector General Act and Government Auditing Standards, the Inspector General requested an External Quality Control Review (Peer Review). The ECIE assigned the OIG of the National Credit Union Administration (NCUA) to conduct the review of the Office. This Office is the first Designated Entity OIG to arrange its second Peer Review since passage of the IG Act Amendments in 1988.

NCUA/OIG performed the review during the reporting period and issued its report on March 25, 1994. The report indicated that the Office met all applicable auditing standards and was in conformance with the Government Auditing Standards.

Streamling Efforts

To increase its efficiency, the Office converted a secretarial position to an auditor position. The conversion was made possible by the Commission's increasing use of automation (e.g., personal computers, voice mail) which decreased administrative workload.

QUESTIONED COSTS

		Number	Dollar Value (in thousands)
			Unsupported	Questioned
			Costs	Costs
A.	For which no management decision has been made by the commencement of the reporting period	1	184	[333]
B.	Which were issued during the reportingperiod	1	37	[ 0 ]
	Subtotals (A + B)	2	221	[333]
C.	For which a management decision was made during the reportingperperiod	0	184	[333]
	(i) dollar value of disallowed costs	0	1/	[ 1/]
	(ii) dollar value of costs not disallowed	0	1/	[ 1/]
D.	For which no management decisionhas been made bythe end of the reporting period	1	37	[ 0 ]
	Reports for which nomanagement decision was made within six months of issuance	0	0	[ 0 ]

________________________________________________

1/ The Contracting Officer negotiated a lump sum settlement of $300,000 to resolve the $517,000 in audit findings ($184,000 in questioned costs, and $333,000 in unsupported costs). The contractor has paid the settlement to the Commission.

RECOMMENDATIONS THAT FUNDS BE PUT TO BETTER USE

		Number	Dollar Value (in thousands)
A.	For which no management decision has been made by the commencement ofthe reporting period	0	0
B.	Which were issued during the reporting period	0	0
	Subtotals (A + B)	0	0
C.	For which a management decision was made during the reporting period	0	0
	(i) dollar value of recommendations that were agreed to by management	0	0
	- based on proposed management action	0	0
	- based on proposed legislative action	0	0
	(ii) dollar value of recommendations that were not agreed to bymanagement	0	0
D.	For which no management decision has been made by the end of thereporting period	0	0
	Reports for which no management decision was made within six months of issuance	0	0

 REPORTS WITH NO MANAGEMENT DECISIONS

Management decisions have been made on all audit reports issued before the commencement of this reporting period (October 1, 1993).

 REVISED MANAGEMENT DECISIONS

No management decisions were revised during the period.

 AGREEMENT WITH SIGNIFICANT MANAGEMENT DECISIONS

The Office of Inspector General agrees with all significant management decisions.

April 29, 1994

Honorable Arthur Levitt, Jr.
Chairman
Securities and Exchange Commission
Washington, D.C. 20549

Dear Chairman Levitt:

Attached is the Semiannual Report to Congress of the Commission's Office of Inspector General for the six month period ending March 31, 1994. During this reporting period, the Office completed eight audits and closed eight investigations. You should forward this report to the Congress with your separate response within thirty days.

In keeping with the our expanded emphasis on Commission programs, many audit recommendations concerned improvements to program operations. These operations included workpapers of broker/dealer examinations, the Chief Counsel Letter Log in the Division of Investment Management, and Commission follow-up of deficiencies found in investment company/investment adviser inspections.

The Office also conducted audits of disaster recovery contingency capabilities for critical computer systems, the Commission's Management Control Program, consulting services contracts, and implementation of the Contractor Lobbying Statute. A close-out audit of a system development contract identified $37,000 in questioned costs.

Three of the eight investigations closed during the period resulted in referrals to the Commission. A follow-up to a prior investigation found evidence of forgery and embezzlement of an additional $650 in travel advance funds by a former employee. In another investigation, an employee confessed to personal use of a government vehicle during working hours.

The continued support and cooperation of the Commission is greatly appreciated.

Sincerely,

Walter Stachnik
Inspector General

Attachment

*** Last Update 3/27/95 (twg) ***

http://www.sec.gov/about/oig/audit/semi9404.htm