Skip to Main Content

Semiannual Report to Congress: October 1, 2001 to March 31, 2002

This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

Securities and Exchange Commission
Office of Inspector General

Semiannual Report to Congress
October 1, 2001 to March 31, 2002

Executive Summary

During this reporting period (October 1, 2001 to March 31, 2002) the Office of Inspector General (Office) issued eight audit reports and one audit memorandum. These evaluations focused on performance reports under the Government Performance and Results Act; data integrity in the Enforcement Program's Case Activity Tracking System; a follow-up audit on management controls over sensitive information; printing and publications; information technology project management; administrative controls in the Pacific Regional Office and the Fort Worth District Office; Commission oversight of its non-appropriated funding instrumentality (the Employee Recreation and Welfare Association); and rural office location policy. The Audit Program section below describes this work further.

Seven investigations were closed during the period. Three subjects were referred to the Commission. During the period, one subject was removed and another subject (referred in a prior period) resigned. A third subject agreed to alternative discipline (3 days LWOP) and a subject (referred in a prior period) was counseled. Two subjects, referred to Commission management during this and a prior period, are awaiting disposition. The Investigative Program section below describes the significant cases further.

No new significant problems are being reported, and we are closing three previously reported significant problems, based on strengthened management controls.

In a prior period, we reported controls over disgorgement1 waivers as a significant problem, based on our audit. The Division of Enforcement has taken actions to improve the waiver process. It has issued written procedures on waivers and is using an external database to check information in waiver requests. It also hired a contractor to identify further improvements in its waiver procedures. We no longer believe disgorgement waivers to be a significant problem.

We also previously reported the safeguarding of sensitive information as a significant problem. Since then, management has established a task force to implement corrective actions, issued an agency-wide policy, and hired a consultant to assist in a comprehensive review of the matter. The Commission has implemented the consultant's most significant recommendations. Our follow-up audit (reported this period) found that safeguarding sensitive information is no longer a significant problem.

Another previously reported significant problem involved lack of adequate controls over the collection of fees. Since first reported, statutory changes have eliminated many of the fees most at risk. Moreover, Commission management has made significant progress in correcting the most serious weaknesses. A new automated filing fee system was implemented during the prior period. Our audit of filing fees (ongoing) found that controls over fee collections are now generally adequate.

Management of information resources was also previously reported as a significant problem. During this period, the Commission has continued to make improvements in its management of information resources, as described below. Our Office is implementing a series of audits and advisory services focusing on information technology. We intend to maintain our oversight of the Commission's management of information resources.

No management decisions were revised during the period. The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

Audit Program

The Office issued eight audit reports and one audit memoranda during the reporting period. These documents contained a total of 44 recommendations, which are further summarized below. Management generally concurred with the recommendations.

GPRA PERFORMANCE REPORTS (AUDIT NO. 329)

The Government Performance and Results Act of 1993 (GPRA) requires government agencies to submit annual performance reports to the Congress concerning progress toward goals and objectives included in the agencies' performance plans. The reports compare actual performance to planned goals, explain unmet goals and assess the impact of current performance on future performance levels.

Our audit sought to determine whether the Commission prepared its FY 1999 performance report in accordance with GPRA requirements and maintained adequate supporting information for selected performance measures. During the audit, we interviewed staff, reviewed supporting documentation, and performed tests of selected records.

We found that the Commission's performance reports generally complied with the GPRA. However, we recommended actions for nine of eleven performance measures reviewed to ensure that reported measures materially agreed with the supporting records. We noted similar discrepancies in a previous audit (Audit 283, issued March 16, 1999). We also recommended that the Office of Financial Management improve the link between GPRA objectives, strategies, goals and measures.

CATS 2000 DATA (AUDIT NO. 331)

The Case Activity Tracking System (CATS) is used by the Enforcement Program to record enforcement data and to create management reports. The system tracks investigations, matters under inquiry (MUIs), and other enforcement-related data. A new version of CATS was implemented in June 1999, primarily because the prior system was not year 2000 compliant.

We reviewed the reliability (i.e., the timeliness, accuracy, and completeness) of selected CATS data. The audit scope included investigations, MUIs, administrative proceedings (APs), and civil actions. We interviewed Commission staff and performed tests of data reliability, including a review of supporting documentation for several judgmental samples of cases.

We found that the timeliness, accuracy and completeness of data in CATS need improvement. Our recommendations include issuing guidance to staff, periodically reviewing system data, and correcting data errors.

During the audit, the Enforcement Program (Program) established a Steering Committee to improve CATS data reliability. Also, the Program, the Office of Information Technology (OIT), and the Office of the Secretary (OS) are considering updating CATS with certain data from OS's computer systems, through an automated interface.

SENSITIVE INFORMATION FOLLOW-UP (AUDIT NO. 333)

We conducted a follow-up audit of the security of sensitive information. A previous audit (Audit 277, issued May 3, 1999) on sensitive information found that management controls over this information could be improved. In response, Commission management established a task force to implement corrective actions, issued agency-wide policies and procedures (SECR 23-2, Safeguarding Non-Public Information), and hired a contractor to review overall Commission security. The contractor's recommendations related to protecting information are being implemented, as appropriate.

Our audit objectives were to determine whether the management controls over sensitive information with respect to Commission staff and contractors were adequate, and to assess compliance with the controls. Our assessment of compliance focused on market sensitive information (e.g., possible mergers), since this information has a high risk of misuse. During the audit, we interviewed and observed Commission staff, conducted research on best practices used by others (e.g., law and brokerage firms) to protect sensitive information, and reviewed available documentation, among other procedures.

Our audit determined that the Commission's controls over sensitive information are now generally adequate. In addition, the Commission is implementing additional security measures in response to the terrorist attacks of September 11, 2001.

We recommended further enhancements to the controls over sensitive information, including more door locks and shredders, additional staff training, periodic compliance reviews, and enhanced protection of information stored on computers and paper.

PRINTING AND PUBLICATIONS (AUDIT NO. 335)

The Office of Administrative and Personnel Management (OAPM) is primarily responsible for Commission printing and publications. Commission regulation SECR1-2 describes internal printing and publication procedures.

Our audit of printing and publications sought to determine whether procedures were efficient and effective, and complied with applicable guidance. During the audit, we reviewed relevant documentation, identified and tested management controls, interviewed staff from the Commission and the Government Printing Office, and observed activities in the Publishing Branch, among other procedures.

We found that printing and publications were generally efficient, effective and in compliance with applicable guidance. Our recommended enhancements include: distributing an electronic version of the SEC Docket (estimated annual savings of approximately $150,000); modifying publication procedures for forms; enhancing supervisory controls over the Publications Section; and enhancing tracking of the Publishing Branch's workload, and increasing its storage capacity.

INFORMATION TECHONOLOGY PROJECT MGM'T (AUDIT NO. 337)

We reviewed the project management practices of the Office of Information Technology (OIT). The review sought to determine whether OIT's management of information technology projects was adequate, and in compliance with applicable laws and regulations. Among other procedures, we reviewed project management guidance; interviewed OIT staff; and evaluated documentation from a sample of eight projects.

We found that OIT project management practices were generally adequate, and in compliance with most aspects of recently enacted laws and regulations.

We recommended several improvements, including: testing the operational effectiveness of approved project management policies and procedures before mandating their use; establishing a project management regulation for certain projects; establishing tracking and oversight controls for monitoring contractor performance; and implementing a performance-based acquisition analysis process.

PACIFIC REGIONAL OFFICE (AUDIT NO. 342)

The Pacific Regional Office (PRO), with approximately 135 full-time staff, carries out the Commission's programs, subject to Commission oversight, in Alaska, Arizona, California, Guam, Hawaii, Idaho, Montana, Nevada, Oregon and in the state of Washington. The PRO's administrative officer and staff perform a broad range of financial and administrative functions, including purchasing, travel, time and attendance, and budgeting.

We conducted a limited audit of selected financial and administrative controls in the PRO. The purpose of the audit was to provide the Commission with negative assurance2 that the internal controls were adequate, being implemented economically and efficiently, and in compliance with Commission policies and procedures. Audit procedures included interviewing PRO staff, reviewing supporting documentation, and conducting limited tests of transactions in fiscal year 2001.

We made recommendations to enhance PRO's property management. We also informally discussed a number of non-material findings and recommendations with PRO management, during the audit. Otherwise, no material weaknesses in the office's financial and administrative controls came to our attention.

FORT WORTH DISTRICT OFFICE (AUDIT NO. 345)

The Fort Worth District Office (FWDO) assists the Central Regional Office in Denver, CO, in carrying out the Commission's programs, subject to Commission oversight, in Arkansas, Colorado, Kansas, Nebraska, New Mexico, North Dakota, Oklahoma, South Dakota, Texas, Utah and Wyoming. The FWDO exercises a broad range of financial and administrative functions, including: time and attendance; purchasing; travel arrangements; property management; and budgeting.

We conducted a limited audit of selected financial and administrative controls in the FWDO. The purpose of the audit was to provide the Commission with negative assurance3 that the internal controls were adequate, being implemented economically and efficiently, and in compliance with Commission policies and procedures. Audit procedures included interviewing FWDO staff, reviewing supporting documentation, and conducting limited tests of transactions.

We recommended measures to enhance office security (e.g., by periodically changing door pass codes and reminding its staff to safeguard non-public information in common areas). We also informally discussed a number of non-material findings and recommendations with FWDO management. Otherwise, no material weaknesses in the office's financial and administrative controls came to our attention.

COMMISSION OVERSIGHT OF NAFI (AUDIT NO. 346)

Employees in numerous agencies have established non-appropriated funding instrumentalities (NAFI) to promote employee welfare and morale. As their name implies, these organizations typically do not receive appropriated funds, but instead are dependent on member dues and revenues from their activities.

Established in 1964, the Commission's NAFI, the Recreation and Welfare Association (RWA), promotes employee welfare through several activities, including employee parking, sale of Commission memorabilia, social events (e.g., ice cream socials), and short-term loans to employees. These activities have been generally limited to headquarters staff.

The objective of our review was to determine if Commission oversight of its NAFI was adequate, and related management controls were appropriate and operating as intended. During the audit, we reviewed available documentation, interviewed Commission and RWA staff, and obtained information on NAFI oversight at several federal agencies, among other procedures.

We found that Commission oversight and management controls for its NAFI needed to be improved. Among other steps, we recommended that the Office of Administrative and Personnel Management issue guidance describing its oversight responsibilities; develop and execute a memorandum of understanding or other agreement with the RWA; require RWA to enhance its financial controls; and discuss with RWA ways to enhance its management structure and effectiveness.

RURAL OFFICE LOCATION POLICY (AUDIT MEMORANDUM 22)

In Section 601 of the Rural Development Act (RDA) of 1972 (7 U.S.C. sec. 2204b-1), Congress required agencies to establish and maintain policies and procedures giving first priority to the location of new offices and other facilities in rural areas.

Section 647 of the Treasury and General Government Appropriations Act (Public Law 107-67, enacted November 12, 2001) required the Office of Inspector General in each agency to prepare a report to the Congress describing the agency's compliance with this requirement.

Based on our discussions with Commission staff, we found that the Commission has not implemented the RDA requirement.4 Accordingly, we recommended that the Office of Administrative and Personnel Management develop policies and procedures to comply with the applicable provisions of Section 601 of the RDA.

Investigative Program

Seven investigations were closed during the period. Three subjects were referred to the Commission.

During the period, one subject was removed and another subject (referred in a prior period) resigned. A third subject agreed to alternative discipline (3 days LWOP) and a subject (referred in a prior period) was counseled. Two subjects, referred to Commission management during this and a prior period, are awaiting disposition. The most significant cases closed during the period are described below.

MISUSE OF COMPUTER RESOURCES

An Office investigation disclosed evidence that a Commission staff attorney had used a government computer to visit sexually explicit websites on the Internet. The staff member took three days of leave without pay pursuant to an alternative discipline agreement.

Another investigation developed evidence that a Commission employee had used a government computer to send and receive sexually explicit and suggestive e-mail, and visit similarly inappropriate Internet websites. We obtained evidence that the employee had engaged in these activities after receiving several warnings. Administrative action is pending.

An investigation completed in a prior period found evidence that a Commission manager had used a government computer to visit sexually explicit websites on the Internet. The subject resigned after removal was proposed during this period. We also referred the matter to the Department of Justice, where it is pending.

FORGERY, FALSE STATEMENTS AND WELFARE FRAUD

The Office's investigation found evidence that a Commission employee had forged insurance checks that the employee knew were stolen from the lobby of the building in which the employee worked. We also found evidence that the employee made false statements to the Commission, made fraudulent claims, and misused Commission resources for personal purposes. The Department of Justice declined prosecution and the employee was removed.

RACISM AND INTIMIDATION

The Office investigated an allegation that Commission managers had engaged in racist and intimidating behavior towards a member of the public who had filed a registration statement for an initial public offering with the Commission. The evidence obtained during our investigation failed to substantiate the allegation.

Significant Problems

No new significant problems were identified, based on the work completed during the period.

Significant Problems Identified Previously

DISGORGEMENTS

In a prior reporting period, we completed an audit of disgorgements in enforcement cases. We found that improvements could be made to the disgorgement waiver process to achieve greater assurance that waivers were justified.

The Division of Enforcement concurred and has taken actions to improve the waiver process. It issued updated written procedures relating to waivers, hired a contractor to identify further improvements, and is using an external database to verify information submitted in waiver requests, as well as to identify omitted information.

Based on our continuing work in the Enforcement Program, we believe that the changes made have sufficiently addressed the problems we originally reported, and that controls over disgorgement waivers are no longer a significant problem.

SENSITIVE INFORMATION

In a previous period, we reported the safeguarding of sensitive information as a significant problem. Since then, management established a task force to implement corrective actions, issued agency-wide policy, and hired a security consultant to assist in a more comprehensive review of overall security. The Commission has implemented the consultant's most significant recommendations.

Our follow-up audit on controls over sensitive information (reported this period) found that safeguarding of sensitive information is no longer a significant problem.

COLLECTION OF FILING FEES

Since 1996 we have identified the Commission's collection of filing fees as a significant problem. Since then, statutory changes have eliminated many of the fees most at risk. Moreover, Commission management has made significant progress in correcting the most serious weaknesses. A new fee system, designed to have adequate financial controls, was implemented in the prior period.

Our audit of filing fees (ongoing) found that controls over fee collections are now generally adequate. We no longer believe that the collection of filing fees is a significant problem.

INFORMATION RESOURCES MANAGEMENT

We previously identified information resources management as a significant problem based on prior audits, investigative work, and management studies that identified significant weaknesses in many aspects of the Commission's management of information resources.

Over the past six months, the Office of Information Technology (OIT) continued making significant improvements in many aspects of the Commission's management of information resources. During this period, OIT requested closure of 15 of 66 open audit recommendations. In addition, OIT established additional IRM oversight and control processes, by:

  • Assigning specific responsibility and completion target dates to appropriate OIT staff to implement open audit recommendations within their areas of technical expertise,
     
  • Monitoring the status of all open audit recommendations monthly,
     
  • Establishing and approving a formal policy for preparing and approving Securities and Exchange Commission Regulations (SECRs) and supporting Technical Bulletins covering information technology (IT) matters,
     
  • Drafting new IRM policies and procedures and moving previously drafted IRM policies and procedures through the formal approval process,
     
  • Performing internal compliance reviews of IT operations,
     
  • Requesting timely input from the Office of Inspector General (OIG) on various IRM and IT issues,
     
  • Reviewing audit reports addressed to SEC program offices outside of OIT to proactively identify, address, and resolve potential IRM and IT issues, and
     
  • Working proactively with the OIG to clarify specific actions needed to eliminate IRM as a significant problem over the next twelve months.

OIT's accomplishments during this reporting period are noteworthy, and demonstrate a strong commitment to implement and maintain an effective IRM program within the Commission.

During this period, we completed an audit of IT project management. Reviews of the security over the Commission's public web site, administration of IT contracts and regional telecommunications security are ongoing. In the recent past, we have completed a Control Self Assessment of OIT, a Business Process Review of IT Capital Decision-Making, and several IT audits. In future periods, we intend to maintain our oversight of the Commission's management of information resources.

Access to Information

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

Other Matters

EXECUTIVE COUNCIL ON INTEGRITY AND EFFICIENCY

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of its Financial Institutions Regulatory Committee, and serves as the ECIE member on the Integrity Committee (established by Executive Order No. 12993).

The Counsel to the Inspector General is an active member of the PCIE Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

Questioned Costs

       
DOLLAR VALUE
(IN THOUSANDS)
      NUMBER UNSUPPORTED
COSTS
QUESTIONED
COSTS
A   For which no management decision has been made by the commencement of the reporting period 0 0 0
B   Which were issued during the reporting period 0 0 0
    Subtotals (A+B) 0 0 0
C   For which a management decision was made during the reporting period 0 0 0
  (i) Dollar value of disallowed costs 0 0 0
  (ii) Dollar value of costs not disallowed 0 0 0
D   For which no management decision has been made by the end of the period 0 0 0
    Reports for which no management decision was made within six months of issuance 0 0 0

Recommendations That Funds Be Put To Better Use

  NUMBER DOLLAR VALUE
(IN THOUSANDS)
A   For which no management decision has been made by the commencement of the reporting period 0 0
B   Which were issued during the reporting period 1 150
    Subtotals (A+B) 1 150
C   For which a management decision was made during the period 1 150
  (i) Dollar value of recommendations that were agreed to by management 1 150
  - Based on proposed management action 1 150
  - Based on proposed legislative action 0 0
  (ii) Dollar value of recommendations that were not agreed to by management 0 0
D   For which no management decision has been made by the end of the reporting period 0 0
    Reports for which no management decision was made within six months of issuance 0 0

Reports with No Management Decisions

Management decisions have been made on all audit reports issued before the beginning of this reporting period (October 1, 2001).

Revised Management Decisions

No management decisions were revised during the period.

Agreement with Significant Management Decisions

The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

1 Disgorgements represent ill-gotten gains (or losses avoided) resulting from individuals violating the federal securities laws. The Commission seeks disgorgement to ensure that securities law violators do not profit from their illegal activity. When appropriate, the disgorged funds are returned to injured investors.

2 Negative assurance means that no material internal control weaknesses came to our attention during our limited audit.

3 Negative assurance means that no material internal control weaknesses came to our attention during our limited audit.

4 In a July 2001 report (GAO-01-805), the General Accounting Office found that only 5 of the 13 cabinet departments it contacted had a policy to implement RDA.

MANAGEMENT RESPONSE OF THE SECURITIES AND EXCHANGE COMMISSION ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL FOR THE PERIOD OCTOBER 1, 2001 THROUGH MARCH 31, 2002

Introduction

The Semiannual Report of the Inspector General (IG) of the Securities and Exchange Commission (SEC) was submitted to the Chairman on April 30, 2002 as required by the Inspector General Act of 1978, as amended. The report has been reviewed by the Chief of Staff, General Counsel, Executive Director, and Director of the Division of Enforcement. The management response is based on their views and consultation with the Chairman.

The management response is divided into four sections to reflect the specific requirements listed in Section 5(b) of the Inspector General Act of 1978, as amended.

Section I

Comments Keyed to Significant Sections of the IG Report

A. Audit Program

During the reporting period, the IG issued eight audit reports and one audit memorandum. Management generally concurred with the findings and recommendations in the IG's reports.

In addition to audits performed by the agency's IG, the General Accounting Office (GAO) actively reviewed program and administrative functions of the SEC. A complete listing of all GAO audit activity involving the SEC is attached as Appendix A.

B. Response to Significant Problems

No new problems were reported.

C. Response to Significant Problems Previously Identified

In prior Semiannual Reports, the IG identified the disgorgement waiver process, collection of filing fees, safeguarding sensitive information, and information resources management as significant problem areas. During this reporting period, the IG confirmed management's assertion that the disgorgement waiver process, collection of filing fees, and safeguarding sensitive information are no longer significant problem areas.

The IG's Semiannual Report continues to identify information resources management as a significant problem. SEC management is working aggressively to make improvements in this area (see the IG's Semiannual Report for a description of actions taken during this period).

D. IG Recommendations Concerning Use of Funds

On February 4, 2002, the IG issued a report concerning printing and publications. The report cited approximately $150,000 that could be saved annually, if the SEC Docket were distributed to the staff electronically. SEC management is implementing this recommendation.

E. Reports with No Management Decisions

Management decisions have been made on all audits issued prior to the beginning of the reporting period (October 1, 2001).

F. Revised Management Decisions

No management decisions were revised during the reporting period.

SECTION II
Disallowed Costs
As of March 31, 2002

Number Dollar Value
(in thousands)
A. For which final action has not been taken by the commencement of the reporting period 0 $0
B. On which management decisions were made during the reporting period 0 $0
(Subtotal A+B) 0 $0
C. For which final action was taken during the reporting period 0 $0
(i) Recovered by management 0 $0
(ii) Disallowed by management 0 $0
D. For which no final action has been taken by the end of the reporting period 0 $0

SECTION III
Funds Put to Better Use
As of March 31, 2002

Number Dollar Value
(in thousands)
A. For which final action has not been taken by the commencement of the reporting period 0 $0
B. On which management decisions were made during the reporting period 1 $150,000
C. For which final action was taken during the reporting period 1 $150,000
(i) Dollar value of recom- mendations that were agreed to by management 1 $150,000
(ii) Dollar value of recom- mendations that management has subsequently concluded should/could not be implemented or completed 0 $0
D. For which no final action has been taken by the end of the reporting period 0 $0

SECTION IV
Open Audit Reports Over One Year Old
As of March 31, 2002

Audit # Audit Title Issued Funds Put to
Better Use
(in thousands)
Questioned Costs
(in thousands)
Reason Final Action Not Taken
130 Management of the Data Center 11/18/89 $0 $0 A number of policies and procedures are being documented and adopted. However, the process has been slowed by a shortage of agency staff.
143 Information Resources Management 3/27/91 $0 $0 Same as above.
159 Audit of Local AreaNetworks 2/16/93 $0 $0 The remaining pending recom- mendation concerns the imple- mentation of prior audit and contractor recommendations. Each of the prior recommendations is being addressed under its original report.
220 IRM Planning andExecution 3/26/96 $0 $0 See explanation for audit #130.
238 International TelephoneService 8/27/96 $0 $0 The one remaining pending recom- mendation focuses on the review of telephone records. SEC management is continuing consultations with agency's General Counsel's Office. The recommendation is expected to be satisfied by the end of June 2002.
243 SECOA Local Area Network 3/21/97 $0 $0 See explanation for audit #130.
250 Enhancing Excellence-- Integrity Program 1/22/97 $0 $0 A substantial number of the recommendations have been implemented. Several policy documents are on hold until union contract issues are resolved.
253 Administrative Proceedings 11/7/97 $0 $0 An adjudicatory conference will be held once there is an experience factor to measure the overall results of the NASD's revised disciplinary procedures.
257 Client Server 9/9/97 $0 $0 See explanation for audit #130.
260 Value Engineering Program 5/2/97 $0 $0 Value engineering plans are being developed for the next fiscal year.
269 Database Administration 1/5/98 $0 $0 See explanation for audit #130.
271 Property System 9/25/98 $0 $0 A new infrastructure unit has been created. The unit's roles and responsi- bilities with respect to deployment of new technology assets, managing physical moves of computer equipment and maintaining an inventory of tech- nology assets are being defined.
272 Commission Review of SRO Rules 7/14/98 $0 $0 The SEC's IT Capital Planning Committee consolidated several requests for optical disk systems into an agency- wide package. Efforts are underway to identify a solution that meets several needs.
273 Review of Investment Company Filings 6/26/98 $0 $0 A contractor completed a require- ments analysis. The operating division is awaiting the final definition of the requirements before requesting modifi- cation of the EDGAR system.
274 Year 2000-Internal Systems (OIT) See explanation for audit #159.
275 Year 2000-EDGAR 12/21/99 $0 $0 See explanation for audit #159.
282 Year 2000-Internal Systems (Non-OIT) 12/21/99 $0 $0 See explanation for audit #159.
293 Y2K Status Report-- January 1999 1/25/99 $0 $0 See explanation for audit #250.
296 UNIX Security 9/14/99 $0 $0 See explanation for audit #130.
298 Commission Review of Periodic Reports 2/23/2000 $0 $0 Management is attempting to identify review goals that include areas such as quality and complexity of reviews in addition to number of reviews.
299 Data Backup Procedures 3/31/2000 $0 $0 See explanation for audit #130.
308 EDGAR Hardship Exemptions 3/30/2000 $0 $0 The recommendations are being considered in connection with the next EDGAR modernization rulemaking initiative.
309 Telecommunication Vulnerabilities 3/31/2000 $0 $0 The issue of establishing an audit system for SEC telephone activity is under review by the agency's Office of General Counsel. Corrective actions are expected to be completed in June 2002.
327 Year 2000 Audits- Summary Closing 12/21/99 $0 $0 See explanation for audit #130.
313 Integrity Programs 2/23/2001 $0 $0 Guidance is expected to be issued during the next six months.
314 Payroll Conversion 9/22/2000 $0 $0 See explanation for audit #250.
318 FOIA Process 3/23/2001 $0 $0 A new e-FOIA processing system is being developed.
323 Clearance Process 9/29/2000 $0 $0 A substantial number of the recom- mendations have been implemented. Guidance to supplement the clearance regulation will be issued during the next three months.
327 General Computer Controls-Regions 2/28/2001 $0 $0 See explanation for audit #130.
M11 Part-time Employment Program 10/21/98 $0 $0 See explanation for audit #250.
M12 Control of Computer Equipment 12/29/98 $0 $0 See explanation for #271.
M14 Contingency Testing 3/15/99 $0 $0 See explanation for audit #130.
G314 Voluntary Contributions 8/8/2000 $0 $0 Guidance is expected to be issued during the next six months.
G317 Use of Personal Resources 12/14/2000 $0 $0 See explanation for audit #130.

APPENDIX A

General Accounting Office Audit Activity

Involving the Securities and Exchange Commission

Reports Issued During the Reporting Period

1. Securities and Exchange Commission: Human Capital Challenges Require Management Attention (GAO-01-947, Sept. 2001)

2. Anti-Money Laundering: Efforts in the Securities Industry (GAO-02-111, Oct. 2001)

3. Securities Regulation: Improvements Needed in the Amex Listing Program (GAO-02-18, Nov. 2001)

4. Securities Operations: Update on Actions Taken to Address Day Trading Concerns (GAO-02-20, Nov. 2001)

5. Regulatory Reform: Compliance Guide Requirement Has Had Little Effect on Agency Practices (GAO-02-172, Dec. 2001)

6. SEC Operations: Increased Workload Creates Challenges (GAO-02-302, Mar. 2002)

Audits in Progress as of March 31, 2002

1. SRO Structure. A study of the effect of changes in the securities and futures markets on the self-regulatory structure.

2. Exchange Outages. A review of four separate market outages that occurred in June 2001 at the New York Stock Exchange, Nasdaq Stock Market, and International Securities Exchange.

3. Financial Statement Audit Requirements. A review of whether financial statement audit requirements should be expanded to include certain agencies that are not required to have annual financial statement audits under the Chief Financial Officers Act or other laws.

4. Extensible Markup Language. A review of federal activities and plans for implementing the Extensible Markup Language.

5. Enterprise Architectures. A review of enterprise architectures across the Federal Government.

6. Fraudulent Tax Schemes. A review of the IRS's efforts to ensure that fraudulent tax schemes are identified and properly dealt with and that taxpayers fulfill their tax obligations. While most of the work is being conducted at IRS, GAO was asked to look into how IRS coordinates its efforts to combat tax schemes with other relevant federal enforcement agencies such as the SEC, DOJ, and FTC.

7. Catastrophe Risk. A study of the potential for alternative financial market mechanisms to address catastrophe risks.

8. Earnings Restatements. A study centered on the quality of financial reporting in the U.S. and financial restatements between 1997 and 2000.

9. 401K's/Enron. A study to describe situations in which employees suffered substantial retirement fund losses because of declines in value of company stock and any actions taken by the Department of Labor and SEC and to outline the number of U.S. retirement plans invested in company stock.

10. Security of Federal Buildings. A review to determine the roles, responsibilities, and funding of each department/agency in the security of federal facilities (office buildings and postal facilities).

11. SEC Disgorgement. A review of actions taken by SEC in response to recommendations made in GAO's 1994 report, Securities Enforcement: Improvements Needed in SEC Controls Over Disgorgement Cases.

12. Financial Markets Response to September 11 & Market Outages. A study of the September 11 attacks on the functioning of the U.S. financial markets.

13. Self-Funding. A study of the consequences of converting the SEC to a self-funded financial regulator.

14. Privacy Act. A review of agency's compliance with the Privacy Act of 1974.