This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.
Semiannual Report to Congress
During this reporting period (April 1, 1997 to September 30, 1997) the Office of Inspector General (Office or OIG) issued eight audit reports. The audits reviewed: the effectiveness of the Commissionís integrity program; value engineering provisions in Commission contracts; automation of records management; development of a client server computer capability; controls on government credit cards; and financial and administrative controls in the Central and Pacific Regional Offices and the Salt Lake District Office.
Eight investigations were closed during the period. Five cases were referred to the Commission; one was also referred to the Department of Justice (which declined prosecution). A staff member involved in one of the investigations resigned from the Commission. In another case, a manager was demoted to a non-supervisory position. A referral to the Department of Justice, from an investigation completed in a prior period, resulted in a former employee (who had retired during the investigation) pleading guilty to a violation of 18 USC 1001. The employee was sentenced to probation, a fine, and community service.
Despite efforts of the Commission, information resources management (IRM) continues to experience significant problems. Specifically, systems development contracting, IRM planning, and ADP security remain problem areas. The Office of Information Technology plans to reorganize and increase the use of out-sourcing to improve its performance, while the Office of the Executive Director plans to increase senior management attention to and involvement in IRM.
Another previously reported significant problem involves controls over the collection of fees. Although the Commission has made many improvements in controls over the collection of filings fees, the overall control structure remains inadequate. This condition will remain until a new fee system, which is currently in procurement, is implemented.
The Office issued eight audit reports during the reporting period. A total of sixty-nine recommendations were made in these reports, which are further described below. Management generally concurred with the recommendations.
CLIENT SERVER AUDIT 257, SEPTEMBER 9, 1997
The Office of Information Technology (OIT) decided to move the Commission to a client server (C/S) environment to improve service to users, reflect changes in technology, and capitalize on infrastructure improvements already made. Under client server, processing is distributed between the client (i.e., personal computers) and one or more servers (mainframe or file servers).
In deploying client server applications, OIT seeks to provide Commission specific applications (by modifying off-the-shelf software or developing custom software), empower the end-user (by allowing the user to access data and generate reports), and re-engineer the Commissionís data infrastructure (by simplifying access and reducing redundancy).
OIT has recently implemented several C/S applications, including On-Track (for the Office of Administrative and Personnel Management); Administrative Proceedings and Release Log Systems (for the Office of the Secretary); and an Esperant-based version of the Case Activity Tracking System (for the Division of Enforcement).
Our objective was to evaluate OITís planning and management of client server initiatives. Rather than focusing on specific client server applications, we reviewed the underlying processes for implementing C/S. During the audit, we interviewed Commission and contractor staff, reviewed available documentation, and performed limited tests of controls.
Among other accomplishments, OIT has established client and server development branches, improved hardware and operating system software capabilities, acquired commercial off-the-shelf software, adopted communications and interface standards, and implemented several C/S applications, with more planned. OIT is also considering recommendations, from its contractor, to improve OITís efficiency and effectiveness, including additional outsourcing of services.
We made several recommendations to improve OITís planning and management of C/S initiatives. Some related specifically to C/S, while others were more general. Our recommendations included scheduling periodic meetings of the Executive Advisory Committee; implementing full life cycle costing; deciding which projects are significant and require enhanced management control; improving project planning; implementing data dictionaries; defining a data ownership policy; and considering the needs of all user offices.
CONTROLS ON CREDIT CARDS AUDIT 258, SEPTEMBER 30, 1997
Under a GSA contract, federal employees chosen by their agency can make small purchases with a government VISA card. The card is issued by the Colorado National Bank, doing business as the Rocky Mountain BankCard System (RMBCS). Using the credit card (rather than an imprest fund or a purchase order) improves government cash management and controls over small purchases.
The Office of Administrative and Personnel Management (OAPM) has issued regulations for the Commissionís credit card program (SECR 10-6). Under the regulations, the office head nominates employees who are willing to serve as cardholders. The Associate Executive Director of OAPM issues the employees a Delegation of Authority for procurement and sets spending limits. RMBCS then issues the credit card in the employeeís name. The card may only be used by the designated cardholder for official business purchases. The purchase of furniture and equipment must be approved in advance by OAPM, while ADP and telecommunications supplies and services must be approved by the Office of Information Technology.
At the end of the billing cycle, RMBCS sends a Statement Of Account to the cardholder and a summary report to the approving official. These documents show the transactions for the period. The card holder must reconcile the statement to his or her records and forward a signed copy to the approving official within two days. The approving official then certifies the statement and forwards it to the Comptroller.
OAPM has also designated an Agency Program Coordinator (APC). Among other duties, the APC acts as liaison to the RMBCS, gives instructions to approving officials and card holders on card usage and their reporting responsibilities, and follows up on disputed purchases, credits for returned items, and billing errors.
We began this audit after receiving a request from the General Services Administration seeking possible enhancements to its commercial credit card contract, which was being reissued. Our objective was to evaluate the effectiveness and efficiency of the Commissionís credit card program.
During the audit, we reviewed available documentation, tested controls and surveyed card holders. The controls tested included supervisory approval of statements of account, procedures for setting spending limits, and follow up actions on status reports by the Program Administrator. We also interviewed staff from the Comptrollerís Office, the Program Administrator and other staff in the Office of Administrative and Personnel Management (OAPM), and approving officials from the Central and Pacific Regional Offices.
We found that the Commissionís credit card program was generally efficient and effective, although some improvements in management controls are needed. Our recommendations included establishing authorized merchant categories as a spending control; reviewing the appropriateness of established purchasing limits; encouraging additional use of the card when appropriate; and enhancing the monitoring of card usage by obtaining additional reports and improving coordination.
VALUE ENGINEERING PROGRAM Audit 260, May 2, 1997
OMB Circular A-131, as revised May 21, 1993, states that value engineering (VE) is an effective technique for reducing costs, increasing productivity, and improving quality. It can be applied to hardware and software; development, production, and manufacturing; specifications, standards, contract requirements, and other acquisition program documentation; and facilities design and construction.
The Circular states that Federal agencies are to use value engineering as a management tool, where appropriate, to ensure realistic budgets, identify and remove nonessential capital and operating costs, and improve and maintain optimum quality of program and acquisition functions. Agencies are to establish and maintain value engineering programs, which are to be audited by the agenciesí Inspector General.
Our objectives were to validate the accuracy of reported value engineering savings and assess the adequacy of Commission value engineering policies, procedures, and implementation of revised Circular A-131. We were unable to validate the accuracy of reported VE savings because the Commission did not prepare required reports.
During the audit, we interviewed Commission staff and reviewed relevant documentation, including contract files.
Our audit found that the Commissionís VE program needs improvement to fully realize the benefits of VE and comply with OMB-Circular A-131. Our recommendations included inserting value engineering clauses into all appropriate contracts over $1 million; designating a senior official to implement the program; training staff in value engineering; and developing annual VE plans and reports.
AUTOMATION OF RECORD MANAGEMENT Audit 262, september 29, 1997
The National Archives and Records Administration (NARA) established requirements for the creation, maintenance, use, and disposition of electronic records (36 Code of Federal Regulations 1234, "Electronic Records Management"). Also, the Office of Management and Budget (OMB) included records management in its Circular A-130 on information resources management. A recent amendment to the Freedom of Information Act requires that agencies make records created on or after November 1, 1996 available electronically.
At the Commission, the Office of Filings and Information Services (OFIS) has primary responsibility for implementing policies and procedures concerning electronic records management. Commission guidance includes Administrative Regulation SECR 7-6 for electronic records and SECR 5-10 for electronic mail.
During the audit, we reviewed available documentation, tested controls, and interviewed staff at NARA and at Commission offices and divisions, especially the OFIS and the Office of Information Technology (OIT). Our objective was to determine if the Commission has established adequate policies and procedures for electronic records, and to identify possible enhancements to electronic records management.
We found that, for the most part, the Commission has adequate electronic records management policies and procedures. We recommended several improvements, including better coordination of records management with information resources management; establishing procedures to ensure proper disposition of unneeded electronic data; and performing periodic reviews of electronic records systems, as required.
CENTRAL REGIONAL OFFICE Audit 264, July 18, 1997
The Central Regional Office (CRO), assisted by the Salt Lake and Ft. Worth District offices, is responsible for administering Commission programs, subject to Commission oversight, in the states of Arkansas, Colorado, Kansas, Nebraska, New Mexico, North Dakota, Oklahoma, South Dakota, Texas, Utah, and Wyoming. In carrying out its responsibilities, it exercises a broad range of financial and administrative functions, including maintaining time and attendance records; procuring supplies and services; arranging for staff travel; maintaining an inventory of property; and recording budgeted and actual expenditures of the office.
The Administrative Officer (AO) is responsible for most day-to-day administrative matters, including travel, personnel, purchasing, and budgeting and accounting. The AO maintains records for these functions, while CRO timekeepers maintain time and attendance records.
We reviewed the financial and administrative controls of the CRO. Our objective was to determine whether the CROís controls were adequate, were being implemented economically and efficiently, and were in compliance with Commission policies and procedures. The audit steps included interviews with CRO administrative and financial staff and tests of controls.
The audit found that CRO controls were generally functioning adequately. We recommended certain improvements, as summarized below. The CRO should ensure that contracting officers are properly certified; all purchase orders are signed by the approving official; overtime is authorized and approved by separate officials; in-progress reviews are performed for all employees; and imprest fund cashiers are trained, among other improvements.
SALT LAKE CITY OFFICE Audit 249, September 30, 1997
The Salt Lake District Office (SLDO) has approximately fifteen staff, and provides support in carrying out Commission programs to the Central Regional Office (located in Denver, Colorado). The Central Regional Office performs certain administrative and financial functions for the SLDO, including budgeting, accounting, purchasing, and processing of personnel actions and travel vouchers. The SLDO maintains personnel files, time and attendance records, travel vouchers, and property management records, and administers its transportation subsidy program.
We reviewed the administrative controls of the Salt Lake District Office. Our objective was to determine whether the SLDO's controls were adequate and in compliance with Commission policies and procedures.
The controls we reviewed included those over travel, time and attendance, personnel, property inventory, and the imprest fund. We did not review budgeting, accounting, and purchasing since these functions generally are performed by the Central Regional Office for the SLDO. The audit steps included interviews with SLDO administrative staff and limited tests of SLDO records.
We found that the SLDOís controls were generally functioning adequately. We recommended that the SLDO should improve imprest fund procedures; use only one time and attendance log; store back-up computer tapes off-site; and enhance readiness for possible earthquakes, among other improvements.
PACIFIC REGIONAL OFFICE Audit 266, September 9, 1997
The Pacific Regional Office (PRO), assisted by the San Francisco District Office, is responsible for administering Commission programs, subject to Commission oversight, in Nevada, Arizona, California, Hawaii, and Guam. In carrying out its responsibilities, it exercises a broad range of financial and administrative functions, including maintaining time and attendance records; procuring supplies and services; arranging for staff travel; maintaining an inventory of property; and recording budgeted and actual expenditures of the office.
We reviewed the financial and administrative controls of the Pacific Regional Office. Our objective was to determine whether the PROís controls were adequate, were being implemented economically and efficiently, and were in compliance with Commission policies and procedures.
The audit steps included interviews with administrative and financial staff and tests of controls. Because of time and resource constraints, the scope of testing was more limited than it would have otherwise been.
The audit found that PRO controls were generally functioning adequately. In response to our recommendations, the PRO has taken steps to ensure that its blotter records are reconciled with the records of the Comptrollerís Office; appropriate performance plans recognize management control responsibilities; in-progress reviews are documented for all staff; and overtime is requested and approved by different officials.
COMMISSION INTEGRITY PROGRAM Audit 267, September 9, 1997
We conducted an ancillary study to a previous audit (Audit No. 250) of the Commissionís integrity programs (i.e., ethics and staff conduct). In the prior audit, we conducted sixteen workshops at the Commission headquarters and at several regional and district offices involving approximately eight percent of Commission employees.
The purpose of this ancillary study was to employ the same methodology at the remaining seven regional and district offices, and thereby gain a more complete understanding of the degree to which the Commissionís integrity objectives are being implemented. A recognized internal audit methodology (Control Self Assessment or CSA) was used in both audits to systematically collect information from staff and managers on how successfully the Commission achieves its integrity objectives.
This study confirmed the conclusions drawn from the original audit that all supporting objectives were generally being implemented, although some obstacles were impairing full implementation. We believe that, taken as a whole, the Commission is achieving its primary objective to promote high individual and agency integrity.
Perhaps the most noteworthy finding was that, with almost no exceptions, the participants indicated that they felt a personal sense of responsibility for maintaining the integrity of the Commission. This is both critical and necessary for the primary integrity objective to be realized. Most of the participants also indicated that they felt a strong sense of an ethical tradition at the Commission and that the staff live up to the Commissionís integrity expectations. Workshop participants overwhelmingly reported that integrity is a high priority at, and an integral value of, the Commission. There were also no material control weaknesses identified by any participant during the workshops. It is evident from all available evidence that Commission employees place a high premium on ethical integrity.
No significant differences among regional or district offices were evident from comparisons of their effectiveness ratings. The same holds true for comparisons between participants in this study and participants in the previous study. The experience and values of Commission staff generally appear to be aligned.
The participants in the workshops expressed a desire for better communication of policies from management; more frequent ethics training; readily accessible and understandable material concerning ethics and conduct issues; selective, responsive, and well-trained ethics advisors; and enhanced accountability for misconduct. The Office of Inspector General generally endorsed these recommendations and made numerous additional recommendations in the previous audit report. Because of the congruity of the results of this analysis with the previous audit, no additional recommendations were issued as a result of this study.
Eight investigations were closed during the period. Five cases were referred to the Commission; one was also referred to the Department of Justice (which declined prosecution). A staff member involved in one of the investigations resigned from the Commission. In another case, a manager was demoted to a non-supervisory position. An investigation completed in a prior period resulted in a former employee (who had retired during the investigation) pleading guilty to a violation of 18 USC 1001. The employee was sentenced to probation, a fine, and community service.
At the close of the period, seven investigations were pending. The pending investigations included allegations of insider trading; conflict of interest; forgery; unauthorized disclosure; impersonation; deceit; and contract irregularities. The most significant cases are described below.
Conduct Rule Violations and false statements
An investigation completed in a prior period developed evidence that a staff member had repeatedly violated Rule 5 of the Commissionís Conduct Regulation, which governs securities trading by Commission employees, and had filed numerous false reports to cover up those violations. After being notified of our investigation, the employee retired before administrative action could be taken. In response to our referral of the matter to the Department of Justice, the former employee pled guilty to one count of violating Section 1001 of Title 18 of the United State Code. The former employee was sentenced to probation, a fine, and community service.
Destruction of Evidence and Retaliation
We investigated allegations that a Commission manager had intentionally deleted computer files containing evidence of possible misconduct by the manager and that the manager retaliated against an employee for reporting the matter to the Office of Inspector General. The evidence developed was referred to management and the manager was demoted to a non-supervisory position.
unauthorized outside employment and time & attendance violations
We found evidence that a staff member began an outside business without obtaining approval. The employee had a history of time and attendance abuse and there was evidence that the employeeís work on the business interfered with the employeeís ability to perform Commission work. After being notified of our investigation, the employee resigned before administrative action could be taken.
Evidence revealed that a staff member had made several false statements concerning his/her educational and work experience on an application for promotion. The Commission is in the process of taking administrative action.
unauthorized outside employment
A professional employee admitted to his supervisor that he had continued his part-time employment, without having obtained the requisite authorization, from the time he joined the Commission staff. Our investigation disclosed that the employee was so employed almost entirely on weekends and had never obtained annual or sick leave in order to work his part-time job. The employee terminated his outside part-time employment after being confronted by his supervisor, but resumed it without obtaining the requisite authorization. A two-day suspension has been proposed.
A supervisor noted that an employee had closed numerous assignments without the required supervisory approval and retained the assignment files rather than transferring them to the appropriate file room. Also, the computerized database that tracks work assignments, reflected that the employee closed a number of matters before they had even been assigned. During our investigation, the employee admitted that he/she had fallen seriously behind in his/her work. In order to conceal the growing backlog from his/her supervisors, the employee made false entries in the database indicating that matters had been completed when in fact they had been closed without any work having been done. The employee was suspended for five days and placed on a Performance Improvement Plan.
No new significant problems were identified, based on work completed during the period. However, the client server audit (described above) reiterated that information resources management (IRM) remains a significant problem at the Commission and that senior management is not adequately addressing all facets of the problem.
Significant Problems Identified Previously
Information Resources Management
Audit and investigative work in a prior reporting period identified significant weaknesses in the Commissionís implementation of information technology. These weaknesses related to contracting for systems development, information resources planning, and ADP security.
We reported previously that the Office of Information Technology (OIT) has taken numerous positive steps to address these and other problems. Nevertheless, significant weaknesses remain, as shown by the audit of client server (Audit 257) discussed above.
The problems have proven intractable for two fundamental reasons. The Commission has not implemented mechanisms (such as a senior level information technology committee) to ensure adequate oversight of information technology investments. In addition, OITís staff collectively lack the skills needed to achieve the Commissionís IRM objectives.
Based on a study by a contractor, OIT is planning to reduce its staffing level through a reorganization, and to then out-source most of its work. The Office of the Executive Director indicated that it is improving oversight of information technology by 1) ensuring adequate oversight of information technology; 2) improving the planning, review, and budgeting process; 3) monitoring budget variances; 4) implementing many of the recommendations of the organizational assessment; and 5) more direct involvement in project development.
We will continue to monitor the Commissionís actions to address its information technology problems.
Collection of Filing Fees
Our audit of the collection of filing fees confirmed the Commissionís previous assessment that the management controls were not in material conformance with accounting standards. Although Commission management has made significant progress in correcting the most serious weaknesses, some corrective actions must await the implementation of a new computerized collection system. Until these corrective actions are implemented, the overall control structure will continue to fail to provide adequate assurance that accountability over filing fees is adequate.
Access to Information
The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.
Executive Council on Integrity and Efficiency
The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of its Financial Institutions Regulatory Committee, and serves as the ECIE representative to, and member of, the Presidentís Council on Integrity and Efficiency Inspection and Evaluation Committee.
The Counsel and Associate Counsel to the Inspector General are active members of the Presidentís Council on Integrity and Efficiency, Council of Counsels. The Council considers legal issues relevant to the Inspector General community.
computer software copyrights
During a legal review of a contract for computer software, we noted that the standard contract provisions for software under the Federal Acquisition Regulation do not adequately protect the governmentís interest. The government does not obtain the copyright for custom computer software developed by contractors at government expense. We expressed our concerns to the Chairman of the Civilian Agency Acquisition Council (which issues the Federal Acquisition Regulation), as well as the Commissionís contracting personnel.
Recommendations That Funds Be Put To Better Use
Reports with No Management Decisions
Management decisions have been made on all audit reports issued before the commencement of this reporting period (April 1, 1997).
Revised Management Decisions
No management decisions were revised during the period.
Agreement with Significant Management Decisions
The Office of Inspector General agrees with all significant management decisions regarding audit recommendations, including "Funds put to Better Use" and "Questioned Costs."