This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

Securities and Exchange Commission Office of Inspector General

Semiannual Report to Congress
October 1, 2002 to March 31, 2003

During the first half of fiscal year 2003, the Office of Inspector General assisted the Commission to:

• Assure the effectiveness of preparedness plans and operations for dealing with market operational contingencies,
   
• Ensure the accountability of taxpayer dollars by enhancing financial management internal control,
   
• Strengthen the process for selecting members for the Public Company Accounting Oversight Board,
   
• Enhance the effectiveness of the primary full disclosure system in supporting staff disclosure reviews,
   
• Improve the effectiveness of its enforcement of Internet securities frauds and deterrence of recidivists,
   
• Protect its computers and data from security threats and comply with the Government Information Security Reform Act,
   
• Assess the effectiveness of its bankruptcy program and strengthen the oversight of SRO fee applications,
   
• Enhance the integrity of the Commission and its staff by investigating allegations of misconduct,
   
• Improve the personnel guidance it provides to its staff, and
   
• Assure the effectiveness of regional/district office administrative practices.

Executive Summary

During this period (October 1, 2002 to March 31, 2003), the Office of Inspector General (Office) issued eight audit reports and three audit memoranda. These evaluations focused on EDGAR utility to Commission staff; the Enforcement Internet Program; the Bankruptcy Program; purchase cards; market contingency preparedness; deterring securities recidivism; financial management system controls; administrative controls in the Philadelphia District Office; security of external databases; NRSI password management; and personnel guidance. The Office also provided technical assistance and support to the General Accounting Office in its review of the Public Company Accounting Oversight Board selection process.

Thirteen investigations were closed during the period. Nine subjects were referred to the Commission. One subject resigned; another was suspended. One subject received a written reprimand, and another an oral reprimand. In addition, two subjects referred during a prior period resigned, three were suspended, one received alternative discipline, and one received a written reprimand. Five subjects referred during the period are awaiting disposition.

Information resources management (IRM) has been previously reported as a significant problem. During this period, the Commission continued to improve its management of these resources. Nonetheless, we intend to maintain our audit focus in this important area.

We are reporting an additional significant problem for the first time. An audit completed this period found that Commission financial management controls for fiscal year 2002 were effective in all material respects except for controls over property accountability, accounting and control of disgorgements, information system and security program controls, and the Disgorgement and Penalties Tracking System. Management has established several high-level task forces to correct these weaknesses. We commend the Commission for initiating prompt corrective actions to strengthen the financial management controls.

No management decisions were revised during the period. The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

Audit Program

The Office issued eight audit reports and three audit memoranda during the reporting period. These documents contained a total of 50 recommendations, which are further summarized below. Management generally concurred with the recommendations, and in some cases took corrective actions during the audits.

The Office also provided technical assistance and support to the General Accounting Office in its review of the Public Company Accounting Oversight Board selection process.

EDGAR UTILITY TO COMMISSION STAFF (AUDIT 351)

The Commission's Electronic Data Gathering, Analysis and Retrieval (EDGAR) system receives, stores and distributes electronic filings submitted to the Commission in accordance with securities laws and rules. Because the EDGAR system is the Commission's primary source of corporate filings, it is a critical part of the Full Disclosure program.

We evaluated the utility of the EDGAR system to Commission staff. We surveyed and interviewed Commission staff and reviewed relevant documentation.

Staff responding to our survey generally rated EDGAR as useful or very useful, as the system allows them to electronically search, retrieve, assign and store electronic filings. As an analytical tool, however, EDGAR has limited value to the staff.

We found that the EDGAR system cannot extract financial statement information to automate the selection of filings for review, identify financially troubled companies or analyze financial statement information during reviews. Moreover, it cannot compare original and amended filings to show changes resulting from filing review comments. We also found that during the recent EDGAR modernization, the Commission did not consistently follow IT capital investment acquisition best practices.

We recommended that EDGAR's financial analysis capability be enhanced. In addition, future EDGAR projects should follow best practices ( e.g. , business process analyses, review by the Information Technology Capital Planning Committee, use of performance-based contracting techniques). We also recommended correction of data inconsistencies between EDGAR and a predecessor system (the Entity Filings and Fee System or EFFS).

ENFORCEMENT INTERNET PROGRAM (AUDIT 352)

The Internet Enforcement Program (IEP) consists of the Office of Internet Enforcement (OIE) in the Division of Enforcement (Enforcement) and Internet Branches in most field offices and Enforcement. The branches pursue Internet-related cases, as well as traditional cases.

OIE has six major responsibilities related to securities fraud on the Internet:

• Identifying surveillance areas,
   
• Formulating investigative procedures,
   
• Providing strategic and legal guidance to Enforcement staff nationwide,
   
• Conducting Internet investigations and prosecutions,
   
• Training Commission staff and outside agencies, and
   
• Serving as a resource on Internet matters for the entire Commission.

The number of Internet-related cases has generally increased since fiscal year 1995.

We evaluated the effectiveness and efficiency of the IEP's analysis of Internet-related intelligence, and its deterrence and educational efforts. During the audit, we interviewed staff from the Commission, the National Association of Securities Dealers, and the Federal Trade Commission. We also reviewed relevant documentation and performed other procedures.

We found that the EIP is generally functioning effectively and efficiently. However, we made several recommendations to improve the program. These include enhancing communication regarding the quality of referrals, opening preliminary investigations timely, and improving the consistency of Litigation Releases.

BANKRUPTCY PROGRAM (AUDIT 355)

Chapter 11 of the US Bankruptcy Code grants the Commission authority to participate in bankruptcy proceedings. Generally, the Commission's role in a bankruptcy consists of participating in legal issues that affect public investors, reviewing the disclosure documents to determine if the company is disclosing to investors and creditors the information they need to know to make informed decisions, and ensuring that stockholders are represented by an official committee, if appropriate.

Staff from the Midwest, Northeast, and Pacific Regional Offices and the Atlanta District Office implement the bankruptcy program. The Office of the General Counsel's (OGC) Appellate Litigation and Bankruptcy Group supervise their work.

We reviewed the bankruptcy program to determine the status of previous audit recommendations and identify possible improvements to the program. During the audit, we interviewed Commission staff, U.S. Trustees, bankruptcy attorneys, and staff at the Securities Investor Protection Corporation. We also reviewed available documentation.

We found that the bankruptcy program was effective overall. The Commission implemented several of the recommendations from a prior OIG audit in 1995. However, certain issues discussed in the prior report remain today. These include the program staff's desire to obtain increased delegated authority and additional financial analysts or accountants to review financial statements. The program staff feel these steps would enhance the program's effectiveness. The Office of General Counsel (OGC) continues to explore these issues.

Program staff recently began monitoring Securities Investor Program Corporation (SIPC) cases. We recommended that senior program officials issue guidance to program staff regarding their role in reviewing fee applications. We also recommended that the Division of Market Regulation request that SIPC require the attorneys and trustees hired during these proceedings to submit more detailed and timely fee applications.

To enhance communication among Commission staff, we also recommended that OGC staff resume quarterly meetings with other Commission offices and divisions to discuss SIPC issues.

PURCHASE CARDS (AUDIT 357)

Under a General Services Administration (GSA) contract with the Mellon Bank, Commission employees selected by their supervisor are authorized to make small purchases (in most cases, up to $2500) with a government purchase card issued to them. The Office of Administrative and Personnel Management has issued regulations for the Commission's purchase card program (SECR 10-6).

This audit followed-up on a prior OIG review (OIG 258, issued September 30, 1997), and also responded to recent reports of abuse of purchase card privileges at other agencies. Our objectives were to determine whether program management was efficient and effective, and controls were functioning as intended.

During the audit, we reviewed controls related to program management, spending limits, and supervisory review. We scanned purchase card transactions processed between January and June 2002, using Merchant Category codes to attempt to identify any apparent misuse of the cards. We also interviewed selected cardholders and approving officials, as well as staff from the Office of Administrative and Personnel Management (OAPM) and the Office of Financial Management.

We found that the Commission's purchase card program was generally efficient and effective, and management controls were functioning as intended. Also, we did not identify any instances of apparent misuse of the cards (e.g., unauthorized and potentially fraudulent purchases of items such as jewelry or clothing).

We recommended that OAPM assign program management a higher priority. Our other recommendations included providing additional small purchase training; requiring cardholders placing multiple orders to obtain quotations from more than one supplier; canceling inactive cards; correcting the billing address of cardholders as appropriate; requiring cardholders to notify the property officer when accepting delivery of accountable property; and considering establishing bulk commitments for micro purchases.

MARKET CONTINGENCY PREPAREDNESS (AUDIT 359)

We evaluated the Commission's preparations for responding to contingencies that could affect the markets such as natural or man-made disasters, operational difficulties and market volatility. The scope of the review included the Division of Market Regulation's (Division) response to the events of September 11, 2001, and the Division's Automation Review Program (ARP) for Self-Regulatory Organizations (SROs) and other inspected entities. ¹

During the audit, we reviewed available documentation and observed operations and communications in the Commission's MarketWatch room. We also interviewed Commission staff and officials at selected SROs, Electronic Communications Networks (ECNs), clearing corporations and other inspected entities.

We found that since September 11, 2001, the Commission has taken several steps to enhance its capabilities for responding to contingencies, and further enhancements were planned. The ARP program has also made several meaningful recommendations, to better ensure that inspected entities were prepared to respond to various contingencies. Although progress was being made, inspected entities have not implemented all ARP recommendations relating to contingency preparedness.

We recommended that MR consider sending ARP staff to the entities that ARP inspects to observe and become more familiar with their operations. We also recommended that MR explore ways to ensure requested information from the entities that ARP oversees is forthcoming.

DETERRING SECURITIES RECIDIVISM (AUDIT 360)

We reviewed the effectiveness of Enforcement's existing procedures to deter recidivism. We also examined whether "best practices" from other federal agencies would be feasible at the Commission.

During the audit, we interviewed staff from the Commission, the National Association of Securities Dealers, and the following federal agencies: the Department of Justice, Environmental Protection Agency, Commodities Futures Trading Commission, Federal Trade Commission, Federal Communications Commission, and the Equal Employment Opportunity Commission. We also reviewed recent Enforcement actions and supporting documentation, among other procedures.

We found that while the Commission does not have a formal recidivism program, it uses some procedures that might deter recidivism. Based on our audit work, we identified some methods and concepts that Enforcement management could potentially implement to further deter recidivism, which would enhance investor protection.

We discussed our observations with senior Enforcement management. They are considering whether any of the procedures would be practical to implement.

FINANCIAL MANAGEMENT SYSTEMS CONTROLS (AUDIT 362)

An OIG contractor reviewed the Commission's financial management systems controls, based on criteria in the Federal Managers Financial Integrity Act (FMFIA). The contractor found that the controls for fiscal year 2002 were effective in all material respects under the FMFIA criteria, except for three material weaknesses and one material non-conformance.

The exceptions concerned property accountability, accounting and control of disgorgements, information system and security program controls, and the Disgorgement and Penalties Tracking System. We believe that, taken together, these financial management exceptions are a "significant problem" for the Commission.

Management concurred with our recommendations to strengthen these financial controls, and has established several high-level task forces to correct them. We commend management for promptly initiating corrective actions to strengthen the controls. The General Accounting Office will review the corrective actions as part of its future audit of the Commission's financial statements.

PHILADELPHIA DISTRICT OFFICE (AUDIT 366)

The Philadelphia District Office (PDO) assists the Northeast Regional Office in administering Commission programs. In carrying out its responsibilities, the PDO exercises a broad range of financial and administrative functions, including maintaining time and attendance records; procuring supplies and services; arranging for staff travel; maintaining an inventory of property; and recording budgeted and actual expenditures of the office.

We conducted a limited audit of the financial and administrative controls of the PDO. The audit procedures were limited to interviewing PDO staff, reviewing supporting documentation, and conducting limited tests of transactions. The purpose of the audit was to provide the Commission with negative assurance that the internal controls were adequate, implemented economically and efficiently, and in compliance with Commission policies and procedures. ²

During our limited audit, we identified one material issue. We recommended that the PDO issue an enhanced emergency plan. In addition, we recommended that the Office of Administrative and Personnel Management provide updated guidance on emergency plans to field offices.

Otherwise, our limited review indicated that the PDO's controls were generally adequate, implemented economically and efficiently, and in compliance with Commission policies and procedures. We discussed some non-material findings and informal recommendations with PDO's management.

SECURITY OF EXTERNAL DATABASES (AUDIT MEMORANDUM 25)

Based on information provided by the Commission's Library, we learned that the Dow Jones Interactive account of a former Commission employee had incurred extensive charges. The account had not been cancelled timely when the employee left the agency. Subsequently, we identified four former employees with active Lexis/Nexis accounts (Lexis/Nexis, like Dow Jones, is an external database used by many Commission employees).

The Office of Information Technology issued updated Operating Procedures for Lexis/Nexis that should help address this problem. In addition, the Library developed a proposal to further improve password management for external databases such as Lexis/Nexis. The proposal includes training of users, and development of policies and procedures for password management. To implement the proposal, additional staff will be required, according to the Library.

We recommended that the Office of Information Technology inform administrative contacts (who will be responsible for adding and canceling users) about the updated procedures for external database password management. We also recommended that the Library (under the Office of the Secretary) make a budget request for the staff.

NRSI PASSWORD MANAGEMENT (AUDIT MEMORANDUM 27)

We performed audit work to validate an allegation that Commission staff shared Name Relationship Search Inquiry (NRSI) passwords. NRSI is a cross-referencing application that provides users the capability to obtain filings information contained in a number of Commission automated information systems.

We determined that unauthorized users can gain access to the NRSI system and other Commission systems (such as the Electronic Data Gathering, Analysis, and Retrieval or EDGAR system) because of weak password security controls, and user noncompliance with established access control and security policies.

We recommended issuance of written guidance to Commission staff, a mandatory one-time password change for certain NRSI and EDGAR accounts, deletion of NRSI accounts of former employees, and streamlining and automating the processes governing user access to Commission automated systems.

PERSONNEL GUIDANCE (AUDIT MEMORANDUM 28)

We reviewed the status of Commission personnel guidance, and found that many chapters in the guidance (the Personnel Policy and Procedures or POPPS Manual) need updating. The heavy personnel workload in the last several years (including the implementation of pay parity and the negotiation and implementation of a collective bargaining agreement with the Commission's union) has delayed revision of the Manual.

To date, current information on several personnel topics has been updated and posted to the Commission's Intranet. In addition, the Collective Bargaining Agreement, in its entirety, is available on the Intranet .

The Office of Administrative and Personnel Management (OAPM), which is responsible for personnel guidance, plans to develop a comprehensive set of personnel policies for SEC staff that will be user friendly and easily accessible. This guidance (which will replace the POPPS Manual), will be posted on the Intranet and contain links to relevant outside sites ( e.g. , to the website of the Office of Personnel Management).

In the meantime, OAPM plans to continue use of the POPPS Manual supplemented as appropriate by the Collective Bargaining Agreement until the new guidance is developed. We recommended that OAPM implement its plan to issue updated personnel guidance, and establish timeframes for completion of the guidance. We also recommended that OAPM inform Commission employees regarding its plans and the personnel guidance they should use.

PCAOB SELECTION PROCESS (GAO-03-339)

On October 31, 2002, at the request of the Commission, the Office of Inspector General initiated a review of the selection process used to select members of the Public Company Accounting Oversight Board (PCAOB), established under the Sarbanes-Oxley Act. The scope of our review was to assess claims concerning the integrity of the process and to conduct a separate evaluation of the efficiency and effectiveness of the selection process.

Shortly after the initiation of our work, the Congress asked the General Accounting Office (GAO) to review the same selection process. We met with GAO and discussed the scope and timing of the respective reviews of the PCAOB selection process and possible duplication of effort. Consistent with the requirement of Section 4(c) of the Inspector General Act (that Inspectors General coordinate and cooperate with GAO to avoid duplication), we agreed to provide technical assistance and other support to GAO's review.

We provided full cooperation to the GAO effort. Besides providing GAO with the work product of our review completed to date, we assigned the Office's two most senior staff to work with the GAO review team.

GAO issued its report on December 19, 2002. It recommended that the Commission define and reach agreement on a documented appointment process, set selection criteria, develop a vetting process and complete necessary reviews before appointments, and make greater use of technology to perform background checks on candidates. The full report is available at WWW.GAO.GOV (Report GAO-03-339). After reviewing the GAO report, we concluded that GAO's review was comprehensive and that no further action by our Office was required.

Investigative Program

Thirteen investigations were closed during the period. Nine subjects were referred to the Commission. During the period, one subject resigned, one subject was suspended, one subject received a written reprimand, and one subject received an oral reprimand. Two subjects referred during a prior period resigned, three were suspended, one received alternative discipline, and one received a written reprimand. Five subjects referred during the period are awaiting disposition. The most significant cases closed during the period are described below.

THEFT OF GOVERNMENT PROPERTY

The Office investigated allegations that a Commission employee had stolen Commission property on several occasions. While the Office's investigation was pending, the subject resigned, after removal was proposed. In addition, the subject pled guilty to two criminal misdemeanor counts of theft. It was also alleged that another Commission employee assisted in the thefts. This employee resigned, and criminal charges are pending.

THREATS

An Office investigation developed evidence that a staff member had made threatening remarks to co-workers and had engaged in other harassing, disrespectful, and abusive conduct. Administrative action is pending.

CONFLICT OF INTEREST

The Office investigated an allegation that a Commission attorney had applied for a position with an entity, while working on a matter pertaining to the entity. The evidence obtained during the investigation failed to substantiate the allegation.

TRAVEL CARD ABUSE

An Office investigation developed evidence that a Commission employee had misused a Government-issued travel card by obtaining cash advances for personal use. In addition, the employee often exceeded the cash advance limit and failed to make timely payments on the account. Administrative action is pending.

MISUSE OF COMPUTER RESOURCES

Office investigations found evidence that three Commission employees had misused Commission computer resources. Administrative action is pending with respect to all three employees. In addition, two other Commission employees under investigation for similar offenses resigned to pursue other career opportunities before the investigations were completed.

Significant Problems

FINANCIAL MANAGEMENT SYSTEMS CONTROLS

A contractor audit of Commission financial management systems controls completed this period (Audit No. 362, described above) found that Commission management controls for fiscal year 2002 were effective in all material respects ³ except for three material weaknesses and one material non-conformance. The exceptions concerned property accountability, accounting and control of disgorgements, information system and security program controls, and the Disgorgement and Penalties Tracking System. We believe that, taken together, these financial management exceptions are a "significant problem" for the Commission.

Management concurred with our recommendations to strengthen these financial controls, and has established several high-level task forces to correct them. GAO will review the corrective actions as part of its future audit of the Commission's financial statements.

We commend the Commission for its prompt actions to address the identified weaknesses in financial management systems controls.

Significant Problems Identified Previously

INFORMATION RESOURCES MANAGEMENT

Since April 1996, we have reported information resources management (IRM) as a significant problem based on weaknesses identified in audits, investigations, and management studies. IRM weaknesses of continuing concern include information systems security; information technology (IT) capital planning; IT investment control and decision-making; administration of IT contracts; and project management.

Although IRM continues to present challenges to Commission managers and staff, significant improvements have been made. For example, since April 1996, the Office of Information Technology (OIT) has taken corrective action on 139 audit recommendations to improve IRM managerial, operational, and technical processes and controls.

Over the past six months, under the direction of an Acting Chief Information Officer (CIO), OIT continued making progress to correct material weaknesses identified in many aspects of the Commission's management of information resources. During this reporting period, OIT:

• Established an information systems security task force to address systemic information systems security weaknesses;
   
• Facilitated the operation and activity of the Commission's Information Officers Council in selecting and prioritizing Commission IT investments;
   
• Established a Project Review Board, which is comprised of senior OIT managers, to more closely evaluate effective use and allocation of IT resources;
   
• Completed a business process review of project management and defined project managers' roles, responsibilities, and skill sets; and
   
• Documented the major project management processes, controls, communication channels, and work products.

In addition, OIT acquired additional staff to assist in information resources management policy development and implementation. OIT issued Commission-wide regulations addressing policy on the use of personal digital assistant (PDA) devices, and development, implementation, and maintenance of the Commission's enterprise architecture (EA). OIT also drafted eight Commission-wide regulations that are pending approval, which address IRM activities such as enterprise backup of electronic data, IRM program management, and project management.

During this period, we issued reports on Commission financial management systems controls (Audit 362) and EDGAR utility to Commission staff (Audit 351). We also issued audit memoranda addressing security of external databases (No. 25) and password management (No. 27). Reviews of IT capital decision-making and facility access control systems are ongoing. In future periods, we intend to maintain our oversight of the Commission's management of information resources and its IRM process improvements.

Access to Information

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

Other Matters

AUDIT OF COMMISSION FINANCIAL STATEMENTS

In response to the Accountability of Tax Dollars Act of 2002, we arranged for an audit of the Commission's financial statements. The U.S. General Accounting Office has agreed to perform the financial audit. We held joint meetings with GAO and the Office of Financial Management to facilitate the initiation of the audit work. We plan to reimburse GAO for this audit work.

We also briefed Commission senior managers on the results of the audit of Financial Management System Controls (Audit 362, discussed above) and recommended the formation of high-level task forces to address the material weaknesses and non-conformance reported in that audit. Management responded and immediately established five task forces. Each task force prepared a project plan, which has been shared with the GAO audit team, and is proceeding to address the financial control weakness assigned to it.

PEER REVIEW

The Executive Council on Integrity and Efficiency assigned the Office of Inspector General of the Board of Governors of the Federal Reserve System (Board OIG) to perform a quality assurance review (peer review) of our audit program during this reporting period. The Board OIG concluded that our audit operations were generally carried out in conformance with Government Auditing Standards.

The Board OIG made several suggestions to enhance our audit program. We plan to incorporate the suggestions in our Audit Manual and Strategic Plan (currently being updated).

EXECUTIVE COUNCIL ON INTEGRITY AND EFFICIENCY

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of its Financial Institutions Regulatory Committee, and serves as the ECIE member on the Integrity Committee (established by Executive Order No. 12993).

The Counsel to the Inspector General is an active member of the PCIE Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

Questioned Costs

				DOLLAR VALUE (IN THOUSANDS)
			NUMBER	UNSUPPORTED COSTS	QUESTIONED COSTS
A		For which no management decision has been made by the commencement of the reporting period	0	0	0
B		Which were issued during the reporting period	0	0	0
		Subtotals (A+B)	0	0	0
C		For which a management decision was made during the reporting period	0	0	0
	(i)	Dollar value of disallowed costs	0	0	0
	(ii)	Dollar value of costs not disallowed	0	0	0
D		For which no management decision has been made by the end of the period	0	0	0
		Reports for which no management decision was made within six months of issuance	0	0	0

Recommendations That Funds Be Put To Better Use

			NUMBER	DOLLAR VALUE (IN THOUSANDS)
A		For which no management decision has been made by the commencement of the reporting period	0	0
B		Which were issued during the reporting period	0	0
		Subtotals (A+B)	0	0
C		For which a management decision was made during the period	0	0
	(i)	Dollar value of recommendations that were agreed to by management	0	0
	-	Based on proposed management action	0	0
	-	Based on proposed legislative action	0	0
	(ii)	Dollar value of recommendations that were not agreed to by management	0	0
D		For which no management decision has been made by the end of the reporting period	0	0
		Reports for which no management decision was made within six months of issuance	0	0

Reports with No Management Decisions

Management decisions have been made on all audit reports issued before the beginning of this reporting period (October 1, 2002).

Revised Management Decisions

No management decisions were revised during the period.

Agreement with Significant Management Decisions

The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

1 We issued a separate audit memorandum (No. 26) on our review of the Commission's Continuity of Operations Plan.

2 Negative assurance means that no material internal control weaknesses came to our attention during our limited audit.

3 Based on criteria established under the Federal Managers Financial Integrity Act (FMFIA).

MANAGEMENT RESPONSE OF
THE SECURITIES AND EXCHANGE COMMISSION
ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL
FOR THE PERIOD OCTOBER 1, 2002 THROUGH MARCH 31, 2003

Introduction

The Semiannual Report of the Inspector General (IG) of the Securities and Exchange Commission (SEC) was submitted to the Chairman on April 30, 2003 as required by the Inspector General Act of 1978, as amended. The report has been reviewed by the Managing Executive for Operations, General Counsel, Executive Director, and Director of the Division of Enforcement. The management response is based on their views and consultation with the Chairman.

The management response is divided into four sections to reflect the specific requirements listed in Section 5(b) of the Inspector General Act of 1978, as amended.

Section I
Comments Keyed to Significant Sections of the IG Report

A. Audit Program

During the reporting period, the IG issued eight audit reports and three audit memoranda. Management generally concurred with the findings and recommendations in the IG's reports.

In addition to audits performed by the agency's IG, the General Accounting Office (GAO) actively reviewed program and administrative functions of the SEC. A complete listing of all GAO audit activity involving the SEC is attached as Appendix A.

B. Response to Significant Problems

The IG's Semiannual Report identifies the financial management exceptions reported in both the SEC's Federal Manager's Financial Integrity Act (FMFIA) certification and a contractor's audit of Commission financial management system controls as a new significant problem for the Commission. Since the FMFIA letter and audit report were issued, several high-level multi-divisional task forces have been working aggressively to remedy the weaknesses. The task forces have developed work plans that demonstrate both the extent of the challenges and their plans for meeting them. Action is already underway in many instances.

C. Response to Significant Problems Previously Identified

The IG's Semiannual Report continues to identify information resources management as a significant problem. SEC management is working aggressively to make improvements in this area (see the IG's Semiannual Report for a description of actions taken during this period).

D. IG Recommendations Concerning Use of Funds

None.

E. Reports with No Management Decisions

Management decisions have been made on all audits issued prior to the beginning of the reporting period (October 1, 2002).

F. Revised Management Decisions

No management decisions were revised during the reporting period.
 

SEC Management Response to
Semiannual IG Report
October 1, 2002 - March 31, 2003

SECTION II
Disallowed Costs
As of March 31, 2003

		Number	Dollar Value (in thousands)
A.	For which final action has not been taken by the commencement of the reporting period	0	$0
B.	On which management decisions were made during the reporting period ( Subtotal A+B)	0   0	$0   $0
C.	For which final action was taken during the reporting (i) Recovered by management (ii) Disallowed by management	0 0  0	$0 $0  $0
D.	For which no final action has been taken by the end of the reporting period	0	$0

SEC Management Response to
Semiannual IG Report
October 1, 2002 - March 31, 2003

SECTION III
Funds Put to Better Use
As of March 31, 2003

		Number	Dollar Value (in thousands)
A.	For which final action has not been taken by the commencement of the reporting period	0	$0
B.	On which management decisions were made during the reporting period	0	$0
C.	For which final action was taken during the reporting period	0	$0
	(i) Dollar value of recommendations that were agreed to by management	0	$0
	(ii) Dollar value of recommendations that management has subsequently concluded should/could not be implemented or completed	0	$0
D.	For which no final action has been taken by the end of the reporting period	0	$0

SEC Management Response to
Semiannual IG Report
October 1, 2002 - March 31, 2003

SECTION IV
Open Audit Reports Over One Year Old
As of March 31, 2003

Audit #	Audit Title	Issued	Funds Put to Better Use (in thousands)	Questioned Costs(in thousands)	Reason Final Action Not Taken
130	Management of the Data Center	11/18/89	$0	$0	Policy development and implementation are continuing. Four policy documents were issued during the reporting period. However, the process has been slowed by a shortage of agency resources.
143	Information Resources Management	3/27/91	$0	$0	Same as above.
159	Audit of Local Area Networks	2/16/93	$0	$0	The remaining pending recommendation concerns the implementation of prior audit and contractor recommendations. Each of the prior recommendations is being addressed under its original report.
220	IRM Planning and Execution	3/26/96	$0	$0	See explanation for audit #130.
243	SECOA Local Area Network	3/21/97	$0	$0	Certification and accreditation activities are in progress. Policies and procedures are being documented and adopted..
250	Enhancing Excellence--Integrity Program	1/22/97	$0	$0	The heavy personnel workload in the last several years (including the implementation of pay parity and negotiation and implementation of a collective bargaining agreement with the union) delayed implementation of several recommendations. Policies and procedures are now being developed..
253	Administrative Proceedings	11/7/97	$0	$0	An adjudicatory conference will be held once there is an experience factor to measure the overall results of the NASD's revised disciplinary procedures.
257	Client Server	9/9/97	$0	$0	See explanation for audit #130.
269	Database Administration	1/5/98	$0	$0	See explanation for audit #130.
271	Property System	9/25/98	$0	$0	The remaining property issues will be completed as part of the work done preparing for the SEC's 2003 audited financial statements.
274	Year 2000-Internal Systems (OIT)	12/21/99	$0	$0	The recommendations are being addressed under the original audit report.
275	Year 2000-EDGAR	12/21/99	$0	$0	See explanation for audit #274.
282	Year 2000-Internal Systems (Non-OIT)	12/21/99	$0	$0	See explanation for audit #274.
293	Y2K Status Report--January 1999	1/25/99	$0	$0	Implementation of the one remaining recommendation is on hold until the new Chief Information Officer is hired.
296	UNIX Security	9/14/99	$0	$0	Performance plans are being reviewed. Security-related responsibilities are being incorporated where appropriate.
298	Commission Review of Periodic Reports	2/23/2000	$0	$0	Management is attempting to identify review goals that include areas such as quality and complexity of reviews in addition to number of reviews.
299	Data Backup Procedures	3/31/2000	$0	$0	A contractor has been retained to review security issues. The contractor will reexamine the pending recommendations in light of the current security environment.
308	EDGAR Hardship Exemptions	3/30/2000	$0	$0	The recommendations are being considered in connection with the next EDGAR modernization rulemaking initiative.
309	Telecommunication Vulnerabilities	3/31/2000	$0	$0	A revised policy document is expected to be issued in June 2003.
314	Payroll Conversion	9/22/2000	$0	$0	The DOI payroll system has undergone changes. SEC staff are consulting with DOI to determine whether the remaining recommendation can be implemented in a meaningful way.
320	General Computer Controls	12/26/2000	$0	$0	Several policy documents are in the final stages of review/approval.
327	General Computer Controls-Regions	2/28/2001	$0	$0	See explanation for audit #320.
329	GPRA Performance Reports	3/20/2002	$0	$0	GPRA requires strategic plans to be revised every 3 years. The next revision should be completed by the fall of 2003.
330	Real Property Leasing	5/31/2001	$0	$0	The SEC's leasing regulation is being updated. In addition, the agency's Office of General Counsel is expected to issue an opinion on the applicability of the Public Buildings Act to the SEC in June 2003.
333	Sensitive Information Follow-up	3/8/2002	$0	$0	See explanation for audit #299.
337	IT Project Management	1/24/2002	$0	$0	An integrated project management tracking and control process is being established. The targeted completion date is June 2004.
346	Commission Oversight of NAFI	3/7/2002	$0	$0	Various alternatives are being explored to determine the most efficient approach to overseeing and structuring the SEC Recreation and Welfare Association.
M12	Control of Computer Equipment	12/29/98	$0	$0	See explanation for #271.
M14	Contingency Testing	3/15/99	$0	$0	See explanation for audit #130.
M22	Rural Office Location Policy	3/28/2002	$0	$0	Policy and procedures are being documented.
G317	Use of Personal Resources	12/14/2000	$0	$0	See explanation for audit #130.
G335	Public Transportation Subsidy Program	9/27/2001	$0	$0	The Public Transportation Subsidy Regulation is being revised. The regulation will be issued in conjunction with other administrative regulations that are subject to the labor-management contract.

APPENDIX A

General Accounting Office Audit Activity
Involving the Securities and Exchange Commission

Reports Issued During the Reporting Period

1. Financial Statement Restatements: Trends, Market Impacts, Regulatory Responses, and Remaining Challenges , GAO-03-138 (October 2002)

2. Building Security: Security Responsibilities for Federally Owned and Leased Facilitie s, GAO-03-8 (October 2002)

3. Securities and Exchange Commission: Actions Needed to Improve Public Company Accounting Oversight Board Process , GAO-03-339 (December 2002)

4. Critical Infrastructure Protection: Efforts of the Financial Services Sector to Address Cyber Threats , GAO-03-173 (January 2003)

5. Potential Terrorist Attacks: Additional Actions Needed to Better Prepare Critical Financial Market Participants , GAO-03-251 (February 2003)

6. Investment Banks: The Role of Firms and Their Analysts with Enron and Global Crossing, GAO-03-511 (March 2003)

Audits in Progress as of March 30, 2003

1. Nasdaq and NYSE Listing Programs (250075). A review of Nasdaq and NYSE listing programs and the SEC's oversight of these programs.

2. Section 10(a) Reporting Update (194142). A study to update GAO's February 2000 report, Securities Exchange Act: Review of Reporting Under Section 10A" (AIMD-00-54R).

3. Employment Discrimination Arbitration (130174). A review of employment and discrimination arbitration cases at the NYSE and NASD.

4. Reference Rates for Defined Benefit Pension Plans (130140). A study of the reference rate that single-employer defined benefit pension plans must use, by law, to limit or set discount rates in ERISA minimum and full funding, lump sum, and PBGC variable rate premium calculations.

5. Electricity Market (360242). A study of information on electricity currently collected by federal agencies, the ways in which this information is shared among federal agencies and with the public, the ways in which this information is used in formulating and evaluating public policy, and additional information that might be needed to provide oversight of the electricity market.

6. Follow-up on Fines (250092). A study to evaluate the steps SEC has taken to implement GAO's recommendations in the report entitled, Securities and Exchange Commission and Commodity Futures Trading Commission: Most Fines Collected, but Improvements Needed in the Use of Treasury's Collection Service (GAO-01-900).

7. Tying Practices at Large Banks (250099). A review of the potential for large banks with investment bank affiliates (commercial banks) to engage tying activities in violation of Section 106 of the Bank Holding Company Act and/or violate Section 23B of the Federal Reserve Act.

8. Farmer Mac Oversight (250095). A review to obtain information on the financial stability of Farmer Mac; its corporate governance; its compensation policy, including the granting of stock options; the non-voting status of its class C stock; and its fulfillment of its congressionally established mission.

9. Consolidation of Public Accounting Firms (250104). A study of the factors that have led to the consolidation of public accounting firms since 1989; the present and future impact of reduced competition on capital formation and securities markets; problems, if any, faced by companies due to reduced competition; and the extent to which federal and state regulations impede competition.

10. Rotation of Registered Public Accounting Firms (194182). A study of the potential effects of requiring the mandatory rotation of registered public accounting firms.

11. Expected Rates of Return (130217). A study of the expected rates of returns for private sector defined benefit pension plans.

12. National Money Laundering Strategy (250117). A study focusing on the regulatory aspects of the 2002 National Money Laundering Strategy, specifically, the coordination among financial regulatory agencies and law enforcement institutions.

13. Mutual Fund Fees (250128). A review to follow-up on GAO's June 2000 report entitled, Mutual Fund Fees: Additional Disclosure Could Encourage Price Competition (GGD-00-126).

14. Environmental Disclosures (360299). A review regarding disclosure of environmental information under the securities regulations.

15. Follow-up on SIPC (250105). A review to assess the steps SEC and SIPC have taken to implement GAO's recommendations in the report, Securities Investor Protection: Steps Needed to Better Disclose SIPC Policies to Investors (GAO-01-653), and to obtain information on excess SIPC insurance coverage of broker-dealers.

16. Securitization (250103). A review regarding the securitization of economic development loans and the development of secondary markets for these securities.

17. Insurance Marketplace (250112). A study of the issues and problems that senior citizens are facing in the insurance marketplace as they try to manage their retirement assets and income. Of particular concern are the regulatory challenges created as financial institutions introduce new "hybrid" types of products into the marketplace that cross industry lines ( e.g. , products with insurance and securities features to them).

18. Business-Owned Life Insurance (250121). A review of life insurance purchased and owned by businesses, banks, or trusts. Specifically, a review of the uses of such policies, reporting requirements, and oversight, as well as alternative means of obtaining such policies' benefits.

19. Enterprise Architectures (310248). A government-wide review of agencies' progress with implementing enterprise architectures.