Securities and Exchange Commission
Office of Inspector General
Semiannual Report To Congress - October 1995
EXECUTIVE SUMMARYDuring this reporting period (April 1, 1995 to September 30, 1995) the Office of Inspector General (Office) completed six audits and nineteen investigations. In addition, the Office issued one audit memorandum and three public reports, making management recommendations arising from investigations.
Program audits of the efficiency and effectiveness of program operations, involving Controls on Negotiated Settlements and the Commission's Bankruptcy Program, were completed. Administrative findings and recommendations concerning the Commission's two largest contracts, contingency plans for ADP disaster recovery, and personnel management were also reported during the period.
Ten matters investigated by the Office were referred to the Commission. The staff involved in two of the investigations resigned from the Commission before administrative action could be completed; several staff were reprimanded. Three of the matters were referred to management with recommendations for changes in management policies. Five of the referrals remained pending as of the end of the reporting period.
We remain very concerned that the Commission does not have adequate, tested disaster recovery plans or resources for its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system. Until contingency backup plans are developed, resources obtained, and recovery procedures tested, the loss of this critical program function remains a real and significant risk to the Commission's program operations.
AUDIT PROGRAMThe Office issued six audit reports during the reporting period. One audit memorandum and three investigative reports with management recommendations were also issued. A total of sixty-one recommendations were made in these reports, which are further described below. Management generally concurred with the recommendations.
Controls on Negotiated Settlements
Most Commission investigations of alleged securities violations eventually result in a negotiated settlement between the Commission and the subject, resolving the allegations. Typically, the subject neither
admits nor denies violating securities laws, but agrees to the imposition of sanctions. These may include disgorgement of profits, civil penalties, an injunction from future violations of securities laws, or a bar from the securities industry. Through settlements, the Commission avoids time-consuming litigation while still protecting investors.
Audit 218, September 26, 1995
We evaluated the management controls used in the negotiations that produce these settlements. Our primary objective was to determine whether controls over the settlements were adequate. Also, we sought to determine whether the settlement process could be made more efficient, and whether monitoring of settlement terms could be improved.
We interviewed staff in the Division of Enforcement and three regions (Northeast, Central, and Pacific), and reviewed a judgement sample of 24 negotiated settlements. The audit was performed between September 1994 and May 1995.
The audit determined that controls over negotiated settlements of enforcement cases were generally adequate. We recommended several enhancements, however, including: improving collection procedures for disgorgements and penalties arising from settlements; earlier consideration of settlement issues by the Commission; and establishing a data base of prior settlements. Generally, management concurred with the report, which was modified as appropriate to reflect the comments received.
Congress granted to the Commission statutory authority to participate in bankruptcy proceedings. There are five main functions of the Commission's program: reviewing reorganization plan disclosure statements to make certain they contain adequate information; assuring that public investors are adequately represented; taking legal positions on issues affecting public investors; keeping staff apprised of reorganization cases with significant public investor interest; and providing advice on bankruptcy law to the divisions of Enforcement and Corporation Finance, the Regional Offices, and other Commission divisions and offices.
Audit 215, June 19, 1995
From August 1994 to January 1995, we reviewed several issues affecting the Commission's bankruptcy program. The audit objectives were to determine whether: expanding the bankruptcy program might provide better protection to investors; the review of disclosure statements could be improved by using accountants or financial analysts; the staff receive timely notification of bankruptcy filings; the staff receive adequate time to review pre-packaged plans; and the bankruptcy program could be enhanced in other ways.
During the audit, we interviewed and surveyed Commission staff, as well as bankruptcy court judges, bankruptcy attorneys, other non-Commission professionals, and U.S. trustees and their administrative staffs. We reviewed available documentation and tested management controls relevant to the audit objectives.
Overall, the review indicated that the bankruptcy staff are held in high regard by their colleagues and outside professionals (e.g., bankruptcy courts and attorneys). We made a number of recommendations to enhance the program, including: clarifying the extent that Commission staff should be involved; delegating authority to the staff on matters for which adequate Commission precedent exists; using accountants or financial analysts for analysis of certain disclosure documents; advising the Administrative Office of the United States Courts that some petitions are not being received reliably; clarifying reporting requirements to filers in bankruptcy; improving intra-Commission communications; improving the sources of information on bankruptcy cases available to the staff; and modifying the case opening form. Management generally concurred with the report.
Contingency Plans for PABX and Data Center
The Commission's Operations Center in Alexandria, Virginia, has primary responsibility for mainframe and EDGAR operations. Another data center at headquarters provides a limited mainframe back-up
capability, and also houses network file servers and the Private Automated Branch Exchange (PABX) telephone system. The data centers are linked to each other and regional offices through communication lines. These facilities are critical to Commission program operations.
Audit 226, July 31, 1995
We conducted an evaluation of the adequacy of the Commission's disaster recovery capabilities for these facilities. The audit scope included mainframe computers and environmental controls at the Operations Center and headquarters data centers; the Private Automated Branch Exchange (PABX) and EDGAR systems; and file servers at the headquarters data center.
During the audit, we interviewed staff from the Offices of Information Technology, Administrative and Personnel Management, and the Executive Director. We reviewed relevant documentation and observed selected environmental controls. The audit was performed between February and May 1995.
We made a number of recommendations to enhance Commission disaster recovery capabilities. The most significant of these were: developing and testing complete and up-to-date disaster recovery plans for the mainframe, networks, PABX, and EDGAR; installing Stratus computers at headquarters to provide a disaster recovery capability for EDGAR; obtaining back-up power for the headquarters file servers and PABX; and developing a business recovery plan for the Commission. Generally, management concurred with our recommendations.
Survey of Personnel Management
Personnel management functions under 5 U.S.C. include recruitment and hiring, position classification, training, and employee relations and benefits. In 1992, the Office of Human Resources Management was combined with the Office of Administrative Services to form the Office of Administrative and Personnel Management (OAPM).
Audit 222, June 15, 1995
We conducted an audit survey of personnel management. The primary objectives were to gather information on personnel management to assist in audit planning, and to follow-up on prior audit work. We interviewed staff in OAPM, the Comptroller's Office, the Commission's regional and district offices and the Office of Personnel Management; reviewed relevant documentation; and researched applicable laws and regulations. The survey was conducted between November 1994 and May 1995.
Our recommendations included: issuing updated regulations for the training program; increasing coverage of government regulations in the executive development program; and revising time frames for grievance processing. Management generally concurred with the recommendations.
ADP Systems Development Contract
Audit 231, August 17, 1995
The Commission procured a contractor to assist in a fundamental reassessment of the Commission's automation capabilities. The goals of the work covered by the contract included: upgrading the Commission's technological infrastructure; developing applications to support several large programs; and undertaking numerous additional system and process improvements. These objectives were part of the Commission's Strategic Automation Modernization initiative. The initial $2.5 million Indefinite Delivery/Indefinite Quantity, Level of Effort contract was expanded to a maximum value of $12.5 million covering several fiscal years.
The Office of Inspector General engaged M.D. Oppenheim & Company (an independent accounting firm) to audit the invoices submitted by the contractor in connection with its contract with the Commission. The primary objectives of the audit were to evaluate the allowability of costs submitted to the Commission for payment and to evaluate related Commission internal controls.
Of the $5,339,000 invoices reviewed, the contract audit report questioned a net total of $435,645 of the invoices. After additional documentation and explanations were provided to the Contracting Officer, the Commission, following consultation with the auditors, sustained $38,630 of the amount originally questioned by the auditors (shortly after the end of the reporting period).
EDGAR Contract Closeout
The EDGAR system electronically receives, reviews, and disseminates issuer and other filings required under the statutes administered by the Commission. The Commission uses a contractor to develop and operate portions of the system.
Audit 227, July 5, 1995
Under contract to the Office of Inspector General, the Defense Contract Audit Agency conducted an audit of the EDGAR contractor's books and records. The primary focus was the Commission's reimbursement of direct costs incurred under the EDGAR contract. The audit objective was to determine the allowability of the direct costs incurred between October 1, 1991 and June 1, 1994.
Personal Computer Energy Savings
Audit Memorandum 4, August 25, 1995
One audit memorandum was issued during the period. Audit memoranda are used to transmit recommendations to management concerning control issues that arise outside a formal audit or investigation, but need to be addressed promptly.
We observed that certain Commission PCs have the "Energy Star" features, but that the features had not been activated. Moreover, the features were not being activated on newly purchased machines either. GSA estimates that between $17.88 and $31.68 in energy costs can be saved per year per machine. Management generally concurred with our recommendation.
Investigative Reports on Management Issues
Three investigative reports, making audit-like recommendations to management, were issued during the period. These reports are public and do not contain allegations, evidence, and names of subjects, but rather focus exclusively on corrective actions needed to strengthen controls. More traditional referral reports to management, Justice, etc.are also issued, as appropriate.
Photocopying of Articles in the Library
The objective of the investigation was to determine whether the headquarters library's current reproduction procedures are in compliance with the copyright laws. Our review was limited to the reproduction of articles from law reviews and other journals.
To accomplish our objective, we reviewed and analyzed the applicable statutes, legislative history and case law. In addition, we obtained an understanding of the library's current procedures for reproducing articles by an on-site inspection and interviews of library personnel.
The library agreed to discontinue certain photocopying of articles that was identified in the report and to properly stamp the articles it does copy to denote copyright status. It is also issuing guidelines to its users reminding them of the restrictions of the copyright laws and to make clear what photocopying requests will be honored by the library.
Allocation of Parking Spaces and Accounting for Parking Receipts
The Commission sublets parking spaces in the garage in its headquarters building to employees through its employee recreation and welfare association. The Commission took over the parking garage in 1993 in order to ensure the safety and security of the building. The Office investigated complaints concerning the use of the garage space.
The objective of the review was to determine whether any impropriety existed with respect to the allocation of parking spaces and the use of available space in connection with the Commission's takeover of the headquarters parking garage.
In a report to management, we recommended that a lottery be used to assign the available parking spaces to Commission staff; the Commission document certain determinations made with respect to the parking program; a decision be made concerning spaces originally reserved for construction and storage but vacant at the time of our review; certain functions be transferred to the sublessor association; and the Commission request an opinion from the Comptroller General on the proper accounting treatment of parking receipts. Management agreed with and has implemented our recommendations.
Time and Attendance Controls
We conducted an investigation into allegations of time and attendance abuse and failure to supervise within a particular office of the Commission. In addition to reports concerning misconduct, we issued a separate report containing recommendations for improving management controls in the office.
The recommendations included: providing managers with additional training in personnel matters (e.g., how to deal properly with problem employees); providing staff with training in time and attendance procedures; and enhancing controls over the use of keycards and logbooks for employees on flexible leave schedules. Management generally concurred with our recommendations.
INVESTIGATIVE PROGRAMNineteen investigations were closed during the period. Ten matters were referred to the Commission. The staff involved in two of the investigations resigned from the Commission before administrative action could be completed; several staff received reprimands. Three of the matters were referred to management with recommendations for changes in management policies. Five of the referrals remained pending as of the end of the reporting period. The most significant cases are described below.
At the close of the period, seven investigations were pending. The investigations include allegations of:
- Conflict of interest,
- Unauthorized disclosure,
- Written, anonymous obscenity,
- Contract fraud, and
- Conspiracy to persecute.
SIGNIFICANT PROBLEMS IDENTIFIED PREVIOUSLY
We remain very concerned that the Commission does not have adequate, tested disaster recovery plans or resources for its EDGAR system. Moreover, procedures for manual, paper backup of EDGAR, as the automated system is being phased in, have not been developed or tested. Until contingency backup plans are developed, resources obtained, and recovery procedures tested, the loss of this critical function remains a real and significant risk to the Commission's program operations.
The lack of a long-term disaster recovery plan for the EDGAR system had been previously reported. The Commission has indicated that the development, implementation, and testing of an automated long-term disaster recovery plan is highly contingent on 1996 funding.
ACCESS TO INFORMATION
The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.
Executive Council on Integrity and EfficiencyThe Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends all ECIE meetings and is an active member of several of its committees including the Peer Review and Financial Institutions Regulatory committees.
The Counsel to the Inspector General is a member of the President's Council on Integrity and Efficiency, Council of Counsels. The Council considers legal issues relevant to the Inspector General community.
|A.||For which no management decision has been made by the commencement of the reporting period||0||0||[ 0 ] /|
|B.||Which were issued during the reporting period||1
|Subtotals (A + B)||1||0||[ 436 ]|
|C.||For which a management decision was made duringthe reporting period||0||0||[ 0 ] /|
|(i) dollar value of disallowed costs||0||0||[ 0 ] /|
|(ii) dollar value of costs not disallowed||0||0||[ 0 ] /|
|D.||For which no management decision has been made by the end of the reporting period||0||||1|
|Reports for which no management decision was made within six months of issuance||0||0||[ 0 ]|
RECOMMENDATIONS THAT FUNDS BE PUT TO BETTER USE
|A.||For which no management decision has been made by the commencement of the reporting period||0||0|
|B.||Which were issued during the reporting period||1
|Subtotals (A + B)||1||18|
|C.||For which a management decision was made during the reporting period||1||18|
|(i) dollar value of recommendations that were agreed to by management||1||18|
|- based on proposed management action||1||18|
|- based on proposed legislative action||0||0|
|(ii) dollar value of recommendations that were not agreed to by management||0||0|
|D.||For which no management decision has been made by the end of the reporting period||0||0|
|Reports for which no management decision was made within six months of issuance||0||0|
Management decisions have been made
on all audit reports issued before the commencement of this reporting period
(April 1, 1995).
No management decisions were revised
during the period.
The Office of Inspector General agrees with all significant management decisions.
October 31, 1995
The Honorable Arthur Levitt, Jr.
Securities and Exchange Commission
Washington, D.C. 20549
Dear Chairman Levitt:
The attached Semiannual Report to Congress summarizes the activities of the Office of Inspector General for the six months ending September 30, 1995. It contains descriptions and accounts of the audit reports we issued during the period and summarizes the activities of our investigative and other review functions.
In accordance with the Inspector General Act of 1978, as amended, the report should be forwarded to Congress, with your comments and a separate management report, by November 30, 1995.
Your continued support and cooperation, as well as that of the Commission and its staff, are greatly appreciated.