This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.
1996 Semiannual Report To Congress
April 30, 1996
During this reporting period (October 1, 1995 to March 31, 1996) the Office of Inspector General (Office) completed nine audits and fifteen investigations. In addition, the Office issued one audit memorandum and three public investigative reports, making management recommendations arising from investigations.
Program audits of the efficiency and effectiveness of program operations, involving the Processing of Investment Company and Adviser Exemptive Applications, Equal Employment Opportunity Program, and Information Resources Management Planning and Execution were completed. Administrative/financial findings and recommendations concerning the financial management systems' internal controls, all major Commission contracts, Interagency Agreements, and the Commission's Collection of Transaction and Filing Fees were also reported during the period.
Five matters investigated by the Office were referred to the Commission; one case was also referred to a U.S. Attorney. The staff involved in two of the investigations resigned from the Commission; one employee was reprimanded; three staff were reassigned. Three of the matters were referred to management with recommendations for changes in management policies.
We remain very concerned that the Commission does not have adequate, tested disaster recovery plans or resources for its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system. Until contingency backup plans are developed, resources obtained, and recovery procedures tested, the possible loss of this critical program function remains a real and significant risk to the Commission's program operations.
We are reporting two new significant problems in this report. Controls over the collection of filing fees were inadequate during the period of our audit tests. Although the Commission redesigned the controls that were responsible for the most serious risks, the strengthening of some of the other controls must await the redesign of the system. In addition, information resources management was also a significant problem during the period. Specifically, systems development contracting, Information Resources Management planning, and ADP security were identified as problem areas in audits completed this period.
The Office issued nine audit reports during the reporting period. One audit memorandum and three investigative reports with management recommendations were also issued. A total of one hundred and fifteen recommendations were made in these reports, which are further described below. Management generally concurred with the recommendations.
1940 Act Exemptive Applications
Audit 230, March 29, 1996
The Investment Company and Investment Advisers Acts (1940 Act) authorize the Commission to exempt any person, security, or transaction from one or more provisions of the Acts or Commission rules. Applicants seeking exemptive relief must file an application with the Commission presenting a basis for the relief requested, and identifying any benefits expected for investors and any conditions imposed to protect investors. Most applications are reviewed by the Office of Investment Company Regulation, in the Division of Investment Management.
The primary objective of our audit was to evaluate the efficiency and effectiveness of the exemptive application process. The audit was conducted between May and November 1995. Particular attention was paid to whether the process responds with enough promptness to ensure flexibility in the administration of the Investment Company Act of 1940.
We found that the exemption process is essentially sound and that internal controls surrounding the process are generally adequate. But many of the outside attorneys we spoke to are dissatisfied with how long it takes to obtain an exemptive order, especially when novel issues are involved.
Our recommendations to improve the effectiveness and efficiency of the process included: giving the applicant the right to request a hearing after a certain period of time has passed; reducing the number of deregistrations reviewed by staff attorneys; establishing time frames for the completion of significant milestones in the review of novel applications; reaffirming a division policy of consolidating comments; and offering a generic comment letter to applicants.
The Division of Investment Management generally concurred with the recommendations presented in the report.
Information Resource Management Planning and Execution
Audit 220, March 26, 1996
Over the last decade, the Commission planned and executed changes in Information Resources Management (IRM) which dramatically affected its work methods. The basic automation environment changed from one composed primarily of mainframe computers, stand-alone personal computers, and applications, to an integrated environment of mainframes and networked personal computers.
We conducted an audit of IRM planning from November 1994 through December 1995. Our objectives were to determine if the Commission's information resources management planning for automated systems was adequate, and if controls over the execution of IRM plans were effective. Our approach focused on promoting best practices identified (by GAO) at other organizations.
We found that, until recently, Commission IRM planning and execution were not adequate. This was due primarily to factors that, according to a GAO report, are common throughout government. Consequently, significant IRM projects were frequently over budget or delayed, or did not fully meet Commission needs. We also found, however, that new management in the Office of Information Technology (OIT) is making significant improvements. The Commission staff we interviewed feel that OIT is now heading in the right direction.
We made several recommendations to further that progress. Generally, OIT concurred with these recommendations and has already implemented or is actively working on many of them.
Equal Employment Opportunity Program
Audit 224, November 2, 1996
Discrimination in employment because of race, color, religion, sex, national origin, age, and disability is prohibited under EEO statutes, regulations, and executive orders, as well as under personnel laws and regulations. The Equal Employment Opportunity Commission (EEOC) is responsible for oversight of EEO programs in the Federal government. The Office of Equal Employment Opportunity oversees the Commission's EEO program. The Director of the Office reports to the Chairman.
The audit objectives were to obtain information about the EEO program for audit planning, and to identify possible improvements to the program. We interviewed EEO staff and managers, and reviewed relevant documentation, including program guidance and selected case files. We did not conduct extensive tests of management controls, however.
Our audit identified several possible improvements, including: creation of an EEO Committee; increased use of alternative dispute resolution; informing supervisors of the duty to cooperate with counseling; and emphasizing recruitment efforts for under-represented groups protected by the EEO laws.
The EEO Office and the Office of Administrative and Personnel Management generally concurred with our recommendations.
Collection of Filing Fees
Audit 225, February 8, 1996
The Securities Act of 1933 requires that a filing fee be paid at the time securities are registered. The Commission also collects various filing fees required by the Securities Exchange Act of 1934 and other statutes, and pursuant to rules issued under the Independent Offices Appropriation Act for various other filings. The Commission reported the collection of approximately $456 million in net filing fees during fiscal year 1995, approximately 89% of which were from '33 Act registration statement filings.
We conducted a performance audit of the collection process in order to recommend corrective actions that would strengthen internal controls. During the audit, we evaluated the aggregate balance of fees received and fees owed, as recorded by the Commission; management's internal controls; and compliance with laws and regulations. The audit was performed between January and October 1995.
The audit confirmed the Commission's previous assessment that the internal controls were not materially in conformance with accounting standards. The audit also identified additional specific problems and recommended corrective actions.
The Commission generally concurred with our recommendations. While providing comments on draft versions of this report, they began taking corrective actions on a number of important recommendations. See page 13 for additional details.
Collection of Transaction Fees
Audit 234, March 29, 1996
The Securities Exchange Act of 1934 provides that each national securities exchange shall pay a fee to the Commission equal to 1/300 of one percent of the aggregate dollar amount of the sale of securities (trade value), except debt securities, transacted on the exchange during the preceding year. It establishes a similar fee to be paid by brokers and dealers on the trade value of over-the-counter sales of listed securities. The Act also gives the Commission authority to exempt any security or any class of security from these fees.
The Office of Inspector General contracted with the accounting firm of Deloitte and Touche LLP to conduct an audit of the Commission's collection of these transaction fees. The objectives of the audit were to determine whether:
- Applicable manual and automated internal controls provide reasonable assurance that:
- funds are safeguarded against waste, loss, unauthorized use, or misappropriation, and
- revenues are properly recorded and accounted for to permit the preparation of accounts and reliable financial and statistical reports;
- Current Commission policies and practices (including reliance on testing and validation procedures by third parties such as SRO or Broker/Dealer CPAs) ensure that the fees paid are accurate, based on the requisite trade volume, and in compliance with applicable law;
- Commission procedures are adequate to ensure that all entities required to pay transaction fees by law are submitting the fees and supporting data to the Commission as required;
- Commission collection procedures (accounts receivable) for late transaction fees are adequate and comply with applicable regulations and law; and
- Commission deposits of transaction fees are timely and meet sound cash management principles.
The review attested to the Commission's assertion (made in its annual internal control certification) that the controls over these fees were effective except for the following material weaknesses:
The Commission lacks adequate verification procedures to ensure that the required amounts of transaction fees are reported and remitted,
The Commission's administration of ADP security is not standardized or formalized, and
Access restrictions to the Commission's mainframe and network systems have not been appropriately defined.
The report made several recommendations to strengthen internal management controls and improve the collection of fees. Management is working to implement the recommendations.
Financial Management Systems Controls
Audit 240, March 29, 1996
The Federal Manager's Financial Integrity Act (FMFIA) and Office of Budget and Management Circulars A-123 and A-127 require agencies to certify that internal controls provide reasonable assurance that:
- Obligations and costs are in compliance with applicable law;
- Funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation; and
- Revenues and expenditures applicable to agency operations are properly recorded and accounted for to permit the preparation of accounts and reliable financial and statistical reports and to maintain accountability over assets.
In the past, the Commission's Office of Inspector General conducted audits of financial management functions (e.g., payroll, property) on a regular basis (a three year cycle was the target). The Commission relied on these audits (as "alternative internal control reviews") in concluding whether the financial management controls provided reasonable assurance. Resource restrictions, and recent Congressional and administration emphasis encouraging OIGs to conduct more program evaluations, have prevented the Office from reviewing these functions on a regular basis.
The Office of Inspector General contracted with the accounting firm of Deloitte and Touche LLP to review the internal management controls related to Commission financial management systems. The objectives of the audit were to attest to management's certification of these controls and recommend improvements.
The review attested to the Commission's assertion (made in its annual internal control certification) that the financial management systems controls were effective except that:
The Commission lacks adequate verification procedures to ensure that the required amounts of transaction fees are reported and remitted,
The Commission's administration of ADP security is not standardized or formalized,
The Commission lacks an adequate agency-wide integrated tracking system for the payments of disgorgements, fines, and penalties imposed as a result of enforcement proceedings, and
Access restrictions to the Commission's mainframe and network systems have not been appropriately defined.
The report made several recommendations to strengthen financial management systems controls. Management is working to implement the recommendations.
Review of Major Contracts
Audit 239, March 29, 1996
The Commission increasingly uses contractors for obtaining a wide variety of products and services. Research databases, office space rental, court reporter services, and ADP consulting are just a few of the goods and services acquired through contracts.
The Office engaged M.D. Oppenheim & Company (an independent accounting firm) to evaluate the vulnerability of fourteen major Commission contracts and make recommendations for strengthening internal controls. Using a survey guide of thirty specific questions/issues, developed by the Office of Inspector General, Oppenheim reviewed the contract documentation and interviewed the contracting personnel for the fourteen contracts.
The auditors concluded that, based on the limited scope of the engagement, the contract award and administration procedures appeared to be working adequately, for the most part. No violations of the Federal Acquisition Regulation were found. Recommendations included standardizing contract documentation, increased use of preaward audits, revising Contracting Officer guidance, and enhanced monitoring of contracts.
Management generally concurred with the recommendations and is implementing the recommendations.
Systems Development Contract Controls
Audit 235, October 31, 1995
The Commission often contracts with outside firms for assistance in developing major data systems and IRM planning. Properly administered, these contracts provide a cost-effective way for the Commission to obtain needed expertise and be able to provide the data services needed by its staff.
M.D. Oppenheim & Company, P.C., under contract to the Office of Inspector General, conducted an audit of costs incurred by an ADP contractor doing a significant amount of work for the Commission. The report of their contract cost audit was issued previously. In the course of its audit, however, Oppenheim identified opportunities for improved internal controls. Their observations formed the basis for this report and these audit recommendations.
Recommendations reported for strengthening controls focused on enhanced guidance and training for the contracting staff and the Contracting Officer's Technical Representatives. Management generally concurred with the recommendations in the report.
Audit 228, February 1, 1996
The Economy Act provides general authority for agencies to obtain goods and services from other government agencies. Other statutes also authorize interagency procurement. Among the services purchased by the Commission under this authority are: access to automated systems of the Departments of the Treasury and Justice, and health and employee assistance services provided by the Public Health Service (PHS).
We conducted an audit to determine if Commission controls over interagency agreements were effective and if the agreements were cost effective in procuring goods and services. We reviewed eleven Commission interagency agreements totaling $1.14 million in FY 1995 obligations.
Several audit recommendations were made to strengthen controls over the interagency agreements. They included improvements in documentation, notification, close-out procedures, and legal references and citation.
Management generally agreed with the recommendations.
Screening Prospective Employees
Audit Memorandum 5, January 19, 1996
Commission screening of prospective employees appeared to need improvement, based on several Office of Inspector General investigations. The investigations, examining work related allegations, identified misconduct by employees that occurred before they joined the Commission.
This prior misconduct was either not detected by the Commission's screening procedures, or no action was taken. Proper screening and action might have protected the Commission from the subsequent misconduct. We recommended that the Commission develop procedures to help ensure adequate screening of prospective employees.
Commission management concurred with the recommendations. Management stated that the Office of Personnel Management (OPM) issued guidance on this issue prior to the Federal Personnel Manual being abolished. The Office of Administrative and Personnel Management (OAPM) indicated that it has made some effort to develop procedures and completed a draft in January 1992, but they were not formally issued, pending new guidance from OPM. However, this guidance has been indefinitely postponed, based on OPM's program redirection and the privatization of investigations.
The Audit Memorandum was a follow up to Audit Report No. 167, issued in July 1992.
Investigative Reports on Management Issues
Three investigative reports, making audit-like recommendations to management, were issued during the period. These reports are public and do not contain allegations, evidence, or names of subjects, but rather focus exclusively on corrective actions needed to strengthen controls. More traditional referral reports to management, Justice, etc. are also issued, as appropriate.
Processing New Employees - Ethics Training
In the course of an investigation, it became apparent that the standard processing steps for new employees were insufficient to deal with potential financial conflicts for professional fellows hired by the Commission. Because of the special nature of their relationship to the Commission, we recommended that candidates for professional fellowships be asked about certain types of outside relationships and that all positive responses be referred to the Office of Ethics Counsel for their consideration. We also recommended targeted ethics training for personnel specialists and fellows.
Management generally agreed to the recommendations and has taken steps to implement them.
Post Employment Restrictions
An investigation into an alleged violation of post employment restrictions 1 indicated that extensive expertise was needed to answer post employment questions. The practice of using Ethics Liaison Officers (within each organization) to field these questions proved unreliable. We recommended that all such questions be referred to the Office of Ethics Counsel.
Management concurred with the recommendation and instructed Ethics Liaison Officers to refer all but the simplest post employment questions to the Office of Ethics Counsel.
Contracting Internal Controls
We conducted an investigation into allegations of contract irregularities. During the investigation, several internal controls focusing on Commission contractors were observed to be deficient. We recommended a number of changes to strengthen the controls. See the Investigation Section below for more details.
Management generally concurred with the recommendations and has taken steps to implement them.
Fifteen investigations were closed during the period. Five matters investigated by the Office were referred to the Commission; one case was also referred to a U.S. Attorney. The staff involved in two of the investigations resigned from the Commission; one employee was reprimanded; three staff were reassigned. One of the matters was referred to management with recommendations for changes in management policies. The most significant cases are described below.
An Office of Inspector General investigation (and audit) contributed to Commission actions to correct serious deficiencies in a major systems development contract. As a consequence of these management actions, approximately $6 million of the contract's $12.5 million authorized funding was not spent on the contract, or was spent more effectively.
In March 1995, Commission management referred anonymous allegations about this contract to the Office. The allegations included complaints that the contract was being poorly managed and funds were being wasted. The Office then concurrently began an audit and an investigation.
Commission management began its own review of the contract while the Office's audit and investigation were ongoing. Both management and the Office found that the contract was not being properly managed, and that funds were not being effectively used. Management took numerous steps to improve contract management, both on its own initiative and at the recommendation of the Office.
In connection with this investigation, the Office investigated several staff for failure to adequately administer the internal controls assigned to them and several supervisors for failing to supervise their employees. A senior supervisor resigned at the end of the investigation and three staff were reassigned.
Evidence indicated that an employee failed to comply with applicable regulations related to an employee benefit. The Commission disqualified the employee from further receipt of that benefit.
An employee was found to have forged several documents to support a claim of injury with a private party. The employee resigned after receiving written notice of removal. A U.S Attorney declined prosecution.
At the close of the period, nine investigations were pending. The investigations included allegations of:
- False statement,
- Voucher irregularities,
- Theft of government equipment,
- Investigative misconduct,
- Unauthorized outside employment,
- Theft of government documents,
- Contract irregularities, and
- Unauthorized disclosure.
Two new significant problems were identified, based on work completed during the period.
Collection of Filing Fees
Our audit of the collection of filing fees confirmed the Commission's previous assessment that the internal controls were not in material conformance with accounting standards. It also found and reported additional specific problems and recommended corrective actions. The report also concluded that the control weaknesses with respect to separation of duties, audit trails, and access indicate that a relatively high risk existed that errors and irregularities, including fraud, could occur without being detected (i.e., detection risk).
Commission management has made significant progress in correcting the most serious weaknesses. Before the final report was issued, management redesigned the controls related to separation of duties, audit trails, and access. This Office, at the request of management, reviewed the design of those revised controls and provided "negative assurance" that we were not aware of any material weaknesses in the new design of the controls. Management advised us that it put the new controls into effect before the audit report was issued. To the extent the redesigned controls were properly implemented and are being complied with, the high level of detection risk should be significantly ameliorated.
In addition, management has made great efforts to address the other material weaknesses it found and the other findings and recommendations in the audit. Although some corrective actions must await the implementation of a new computerized collection system, management made significant improvements during our audit and reports continuing progress.
Information Resources Management
The audit and investigative work in this reporting period identified significant weaknesses in the Commission's implementation of information technology. These weaknesses relate to contracting for systems development, information resources planning, and ADP security.
The Commission has hired new management for the Office of Information Technology. That Office has taken numerous, positive steps to address these and other problems, and further steps are planned. We intend to perform follow-up work on the actions taken to address these weaknesses.
SIGNIFICANT PROBLEMS IDENTIFIED PREVIOUSLY
EDGAR Disaster Recovery
We remain very concerned that the Commission does not have adequate, tested disaster recovery plans or resources for its EDGAR system. Moreover, procedures for manual, paper backup of EDGAR, as the automated system is being phased in, have not been developed or tested. Until contingency backup plans are developed, resources obtained, and recovery procedures tested, the possible loss of this critical function remains a real and significant risk to the Commission's program operations.
The lack of a long-term disaster recovery plan for the EDGAR system had been previously reported. The Commission has indicated that the development, implementation, and testing of an automated long-term disaster recovery plan is highly contingent on funding.
ACCESS TO INFORMATION
The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.
Threats Against Commission Staff or Facilities
At the suggestion of this Office, management convened a task force to develop formal procedures for handling threats to Commission staff or facilities.
The task force developed and distributed a plan for responding to various kinds of threats. In addition, employees were advised of the immediate steps they should take upon receiving a threat or learning about a threat to another employee or Commission facility.
Executive Council on Integrity and Efficiency
The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends all ECIE meetings and is an active member of several of its committees including the Peer Review and Financial Institutions Regulatory committees.
The Counsel to the Inspector General is a member of the President's Council on Integrity and Efficiency, Council of Counsels. The Council considers legal issues relevant to the Inspector General community.
|A. For which no management decision has been made by the commencement of the reporting period||1||0||436 2|
|B. Which were issued during the reporting period||0||0||0|
|Subtotals (A + B)||1||0||436|
|C. For which a management decision was made during the reporting period||1||0||436|
|(i) dollar value of disallowed costs||0||0||38|
|(ii) dollar value of costs not disallowed||0||0||398|
|D. For which no management decision has been made by the end of the period||0||0||0|
|Reports for which no management decision was made within six months of issuance||0||0||0|
RECOMMENDATIONS THAT FUNDS BE PUT TO BETTER USE
|Number|| Dollar Value
|A. For which no management decision has been made by the commencement of the reporting period||0||0|
|B. Which were issued during the reporting period||0||0|
|Subtotals (A + B)||0||0|
|C. For which a management decision was made during the reporting period||0||0|
|(i) dollar value of recommendations that were agreed to by management||0||0|
|- based on proposed management action||0||0|
|- based on proposed legislative action||0||0|
|(ii)dollar value of recommendations that were not agreed to by management||0||0|
|D. For which no management decision has been made by the end of the reporting period||0||0|
|Reports for which management decision was made within six months of issuance||0||0|
REPORTS WITH NO MANAGEMENT DECISIONS
Management decisions have been made on all audit reports issued before the commencement of this reporting period (October 1, 1995).
REVISED MANAGEMENT DECISIONS
No management decisions were revised during the period.
AGREEMENT WITH SIGNIFICANT MANAGEMENT DECISIONS
The Office of Inspector General agrees with all significant management decisions regarding audit recommendations, including "Funds Put to Better Use" and "Questioned Costs."
1 No violation was found.
2 A contract audit questioned a net total of $435,645. After additional documentation and explanations were provided to the Contracting Officer, the Commission sustained $38,360 of the costs questioned by the auditors.