This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

Securities and Exchange Commission
Office of Inspector General

Semiannual Report to Congress
April 1, 2002 to September 30, 2002

Executive Summary

During this reporting period (April 1, 2002 to September 30, 2002) the Office of Inspector General (Office) issued seven audit reports, three audit memoranda, and one special project. These evaluations focused on the Commission rule-making process; the collection of filing fees; travel management; administration of information technology contracting; regional telecommunications security; the broker/dealer risk assessment program; Commission web security; the employee parking program; information security responsibilities of program officials; continuity of operations planning; and implementation of the Government Information Reform Security Act (GISRA) in 2002. The Audit Program and Special Project sections below describe this work further.

Sixteen investigations were closed during the period. Eleven subjects were referred to the Commission. During the period, two subjects resigned, and two subjects were counseled. One subject referred during a prior period was removed, and one subject referred during a prior period was suspended for 14 days. Seven subjects referred during the period are awaiting disposition. The Investigative Program section below describes the most significant cases.

Management of information resources was previously reported as a significant problem. During this period, the Commission continued to make improvements in its management of information resources, as described below. Our Office has implemented a series of audits and advisory services focusing on IRM. We intend to maintain our oversight of the Commission's management of information resources.

No new significant problems are being reported. No management decisions were revised during the period. The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

Audit Program

The Office issued seven audit reports and three audit memoranda during the reporting period. These documents contained a total of 89 recommendations, which are further summarized below. Management generally concurred with the recommendations, and in some cases took corrective actions during the audits.

RULEMAKING PROCESS (AUDIT NO. 347)

The Commission's rulemaking process, like that of other Federal government agencies, is intended to ensure that aspects of regulatory changes are analyzed before a change takes effect. We reviewed the process to (1) determine compliance with applicable statutes, regulations, and Commission policies by reviewing a sample of final rules; (2) evaluate internal and external communication and coordination by interviewing Commission officials and outside parties involved in rulemaking; (3) review the adequacy of rule documentation maintained by the Commission; and (4) evaluate the overall effectiveness of the Commission's rulemaking process.

We found that the Commission's rulemaking process was generally effective and in compliance with statutes, regulations and Commission policies. Also, the Commission's consideration of public comments and its communication and coordination with outside parties (e.g., the Office of Management and Budget) were effective. The files maintained by the Secretary's office were generally complete.

We suggested certain improvements to the rulemaking process. These related to cost-benefit analyses of rules; internal communication and coordination among the divisions and offices that participate in the rulemaking process; and organization and retention of supporting documentation and public comments.

Other recommendations included updating the rulemaking compliance handbook; developing a rulemaking calendar to track rules under development; and posting all comment letters on the Commission's Internet site.

COLLECTION OF FILING FEES (AUDIT NO. 348)

A prior report by our office (No. 225, dated February 1996) found material weaknesses in the management controls for the collection of filing fees. Since then, our semi-annual reports to the Congress have reported this issue as a significant problem.

Our semiannual reports have noted that the Commission has made many improvements to the management controls over filing fee collection. Final resolution of the weaknesses was expected with the implementation of a new automated filing fee system (known as Momentum), which took place in September 2001. Accordingly, we conducted a follow-up review to determine whether the material weaknesses have been corrected.

Our review did not identify any material weaknesses in the management controls over the collection of filing fees. Accordingly, we do not consider the collection process to be a significant problem now. However, we made recommendations to improve the collection process, relating to filing fee calculations and refund initiation and notification.

TRAVEL MANAGEMENT (AUDIT NO. 349)

We evaluated Commission travel management to determine whether controls were adequate, and whether the process was efficient and effective and met travelers' needs. We also reviewed the implementation of new travel software (Travel Manager).

We found that the Office of Financial Management (OFM) effectively implemented Travel Manager and that controls over travel authorizations and vouchers were generally adequate. In most respects, the travel management process was efficient and effective and in compliance with applicable guidance. Our survey of Commission travelers indicated that they have generally received good customer service. A number of individuals, who appeared to have abused their government travel cards, were referred for investigation or to OFM, depending on the materiality of the violation.

Controls over the use of the government travel card needed improvement. Our recommendations on travel cards include reducing spending and cash advance limits; using management reports to identify issues for follow-up; considering follow-up action on fifteen employees we identified who took questionable cash advances; and issuing additional guidance to staff.

Other recommendations included establishing task orders with Travel Management Centers (TMCs) for regions and districts without such agreements; requiring cardholders to initiate all account updates; improving procedures for processing disputed voucher claims; and providing employees with limited access to Travel Manager for entry of their voucher expenses.

ADMINISTRATION OF INFORMATION TECHNOLOGY CONTRACTS (AUDIT NO. 350)

The Commission has contracted most of its computer operations to outside third parties. This means that successful administration of information technology (IT) contracts is critical in providing IT support to Commission programs.

We evaluated whether IT contracts were administered in accordance with Federal acquisition policy. We found that the Offices of Information Technology (OIT), Administrative and Personnel Management (OAPM), and Financial Management (OFM) generally implemented the Federal Acquisition Regulation's (FAR) guiding principles governing the administration and management of IT contracts.

However, we found that the Commission needed to strengthen its IT contract administration processes and operating procedures to mitigate potential acquisition risks. Our recommendations included updating and establishing Commission contract administration policies and procedures; implementing and complying with procurement and contract administration guidelines prescribed by the FAR; and improving the efficiency and organizational effectiveness of the Commission's procurement and contracting operations.

REGIONAL TELECOMMUNICATIONS SECURITY (AUDIT NO. 353)

An OIG contractor performed a telecommunications vulnerability audit of the voice and data telecommunications for the Commission's eleven field offices. The objectives for this audit were to determine whether the SEC's voice and data telecommunications (phone lines) for the field offices: (1) were secure from unauthorized intrusion and misuse, (2) were vulnerable to attacks, (3) contained unknown telecommunications access points (i.e., back doors out of SEC to the Internet), and (4) had controls in place to secure digital or analog lines.

Based on its review, the contractor identified several non-material control weaknesses. It provided senior management with an oral briefing and recommended that management strengthen selected telecommunication related controls.

BROKER-DEALER RISK ASSESSMENT PROGRAM (AUDIT NO. 354)

The Risk Assessment Program in the Division of Market Regulation monitors the activities of broker-dealer affiliates to identify potential adverse effects on broker-dealers. Program staff review quarterly risk assessment filings concerning significant events that could adversely affect the broker-dealers. They also participate in monthly risk assessment meetings with large broker-dealers, provide rulemaking assistance, and participate in ad hoc projects, among other duties.

We reviewed the program to assess its overall effectiveness and identify potential improvements. During the audit, we interviewed program officials and reviewed related documentation.

We found that the effectiveness of the program has been compromised by the lack of a supervisor since October 2000. Our recommendations included appointing a supervisor for the program, reviewing its workload and priorities, using support staff more effectively, updating the program's rules, improving documentation and data back-up, and ensuring that all required filings are made.

COMMISSION WEB SECURITY (AUDIT NO. 361)

An OIG contractor performed an audit of the internal controls over the security of the Commission's public website (www.sec.gov). The audit objectives were to determine whether the SEC had designed, implemented and monitored effective security controls over the information available on the public website and the access to that website. In addition, the audit determined if the Office of Information Technology's security plan followed industry best practices guidelines.

The scope of the work included an evaluation of system security practices, focused penetration testing of the public website, and port scanning.

Based on its audit, the contractor identified several non-material control weaknesses. It provided senior management with an oral briefing and made recommendations that management document certain control objectives and related controls over web related procedures.

INDIVIDUAL EMPLOYEE PARKING PROGRAM (AUDIT MEMORANDUM 23)

We conducted a limited review of the Individual Employee Parking Program managed by the SEC Recreation and Welfare Association (RWA). The review responded to complaints about the distribution of the parking permits by RWA. Our objective was to determine if the RWA administered the program equitably.

During the review, nothing came to our attention to support the complaints about permits being issued unfairly. However, we recommended that information about the distribution procedures and the parking permit waiting list be published to allow employees to observe directly the fairness of the program's operations. We

also recommended that the RWA parking waiting list be maintained as an electronic file, and that the information in the waiting list be made publicly available within the Commission and kept up to date.

PROGRAM OFFICIALS' INFORMATION SECURITY RESPONSIBILITIES (AUDIT MEMORANDUM 24)

During our evaluation under the Government Information Security Reform Act (see the Special Project section), we found that division directors and office heads had not yet been adequately integrated into the Security Act program.

We recommended that these officials be formally assigned system security responsibilities, and that they in turn should assign the responsibility to complete mandated system security tasks to their Information Officer.

CONTINUITY OF OPERATIONS PLANNING (AUDIT MEMORANDUM 26)

We performed a survey of the Commission's Continuity of Operations Planning (COOP) in conjunction with an on-going review of the Commission's market contingency preparedness operations.

During our survey, we found that staff assigned to the Commission's COOP operations did not have a national security clearance. We recommended that the staff's job requirements be reviewed to determine whether clearances were appropriate.

In addition, several offices had not yet submitted COOP contingency plans as requested. We recommended that these offices submit the plans by October 8, 2002.

SPECIAL PROJECT

We completed one special project during the reporting period, which is described below.

2002 INFORMATION SECURITY ACT REVIEW (REPORT NO. 358)

The Government Information Security Reform Act (Security Act) requires Inspectors General to perform an annual independent evaluation of the information security program and practices of their agency. In compliance with the Security Act's requirements, we responded to specific questions from the Office of Management and Budget (OMB) concerning the Commission's information security program and practices. Our response was combined with management's responses to the OMB questions, and forwarded to OMB.

We used the results of independent evaluations completed during fiscal year 2002 (e.g., regional telecommunications security, Commission web security; and administration of information technology contracting); evaluations completed in previous years; on-going audit work; and an independent review of the steps taken by management to implement the Security Act.

Over the past twelve months, the Commission continued to make notable progress in developing, implementing, and maturing its information security program. It corrected eight of twenty-two weaknesses reported to OMB in the Plan of Actions and Milestones (POA&M) for FY 2001, and partially corrected eight of the remaining fourteen weaknesses. Moreover, several of our independent security assessments showed that selected portions of the SEC's general support systems were adequately protected from external threats.

However, additional organizational improvements within the SEC are still needed to achieve a fully mature and effective security program that fully complies with all information security mandates prescribed by the Government Information Security Reform Act (GISRA). In future periods, we intend to continue monitoring the Commission's efforts to implement these mandates.

Investigative Program

Sixteen investigations were closed during the period. Eleven subjects were referred to the Commission. During the period, two subjects resigned, and two subjects were counseled. One subject referred during a prior period was removed, and one subject referred during a prior period was suspended for 14 days. Seven subjects referred during the period are awaiting disposition. The most significant cases closed during the period are described below.

FALSE TESTIMONY

An Office investigation found evidence that a Commission staff member had given false testimony under oath to Commission officials. The investigation also disclosed that the staff member and a co-worker had removed and reviewed confidential Commission documents without authority. The Department of Justice declined prosecution and administrative action is pending.

UNAUTHORIZED DISCLOSURE OF NONPUBLIC INFORMATION

An Office investigation disclosed evidence that a Commission staff attorney had improperly released nonpublic Commission documents to an individual outside the Commission. The Department of Justice declined prosecution. The attorney resigned in lieu of removal.

RETALIATION

The Office investigated two Commission managers for retaliation in connection with a prior Office investigation. The investigation developed evidence that the managers engaged in behavior that some staff perceived as threatening. There was also evidence that one manager had questioned an employee concerning who had complained to the Office of Inspector General. Both managers were counseled.

CONFLICT OF INTEREST

The Office investigated an allegation that a Commission attorney had selectively and vindictively brought a civil action against an individual as a result of a personal conflict of interest. The evidence obtained during the investigation failed to substantiate the allegation.

TRAVEL CARD ABUSE

An audit and several Office investigations developed evidence that three Commission employees, including one supervisor, had misused their Government-issued travel cards, primarily by obtaining cash advances for personal use. Two of these employees failed to pay off their accounts on a timely basis. Administrative action is pending with respect to all three employees.

MISUSE OF COMPUTER RESOURCES

The Office investigated two Commission staff attorneys for accessing sexually explicit websites from their Commission computers. Both subjects resigned to pursue other career opportunities before the investigations were completed.

Significant Problems

No new significant problems were identified, based on the work completed during the period.

Significant Problems Identified Previously

INFORMATION RESOURCES MANAGEMENT

We previously reported information resources management (IRM) as a significant problem based on weaknesses identified in prior audits, investigations, and management studies.

Over the past six months, the Office of Information Technology (OIT) continued making progress to correct material weaknesses identified in many aspects of the Commission's management of information resources. During this reporting period, OIT contracted for an independent evaluation of its IRM policies and implementing procedures. This independent evaluation identified several IRM areas that required the development of Commission-wide policies and procedures. OIT is finalizing IRM policies and procedures in the areas of information technology capital planning investment controls; information collection; acquisition of information technology; enterprise architecture; and strategic planning.

In addition, OIT is conducting an internal business process review of its information technology project management methodology. OIT is using the results of the business process review to identify where improvements in IRM can be made within the Commission. Within the next six months, OIT plans to have an independent entity review and assess its project management methodology and practices using industry and government best practices. The results of this independent assessment will be used to strengthen IRM operating controls, processes, and procedures based on best practices.

During this period, we completed three IRM-related audits (Administration of Information Technology Contracts, Regional Telecommunications Security, and Commission Web Security); issued an audit memorandum addressing program officials' information security responsibilities; and issued a response to the Office of Management and Budget under the Government Information Security Reform Act (see above). In future periods, we intend to maintain our oversight of the Commission's management of information resources and its IRM process improvements.

Access to Information

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

Other Matters

EXECUTIVE COUNCIL ON INTEGRITY AND EFFICIENCY

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of its Financial Institutions Regulatory Committee, and serves as the ECIE member on the Integrity Committee (established by Executive Order No. 12993).

The Counsel to the Inspector General is an active member of the PCIE Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

Questioned Costs

				DOLLAR VALUE (IN THOUSANDS)
			NUMBER	UNSUPPORTED COSTS	QUESTIONED COSTS
A		For which no management decision has been made by the commencement of the reporting period	0	0	0
B		Which were issued during the reporting period	0	0	0
		Subtotals (A+B)	0	0	0
C		For which a management decision was made during the reporting period	0	0	0
	(i)	Dollar value of disallowed costs	0	0	0
	(ii)	Dollar value of costs not disallowed	0	0	0
D		For which no management decision has been made by the end of the period	0	0	0
		Reports for which no management decision was made within six months of issuance	0	0	0

Recommendations That Funds Be Put To Better Use

			NUMBER	DOLLAR VALUE (IN THOUSANDS)
A		For which no management decision has been made by the commencement of the reporting period	0	0
B		Which were issued during the reporting period	0	0
		Subtotals (A+B)	0	0
C		For which a management decision was made during the period	0	0
	(i)	Dollar value of recommendations that were agreed to by management	0	0
	-	Based on proposed management action	0	0
	-	Based on proposed legislative action	0	0
	(ii)	Dollar value of recommendations that were not agreed to by management	0	0
D		For which no management decision has been made by the end of the reporting period	0	0
		Reports for which no management decision was made within six months of issuance	0	0

Reports with No Management Decisions

Management decisions have been made on all audit reports issued before the beginning of this reporting period (April 1, 2002).

Revised Management Decisions

No management decisions were revised during the period.

Agreement with Significant Management Decisions

The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

FY 2002 OIG PERFORMANCE MEASURES

AUDITING

Strategic Goal: Identify and mitigate impediments to achieving Commission objectives (i.e., operational risks)

OBJECTIVES/STRATEGIES	OUTPUT MEASURES	OUTCOME MEASURES
1. Assess operational impediments to achieving Commission objectives A. Identify significant operational risks B. Incorporate "operational risk" as the primary audit planning criterion	Develop an enhanced qualitative evaluation capacity. Based upon an assessment of the costs/benefits of the qualitative operational risk assessment approach, the Office has assigned risk assessment responsibility for program areas to the auditors who manage those areas. The auditors are responsible for determining the methodology to be employed to assess risks in their particular program areas. The results of the risk assessments conducted by the auditors assigned to each issue area were incorporated in the Office's 2002-2003 audit plan. Number of risk assessment workshops and surveys Because of the decision to assign risk assessment responsibility to the Office's auditors, the Office did not conduct risk assessment workshops and surveys during FY 2002. The 2002-2003 annual audit plan is based primarily on risks to the achievement of Commission objectives The 2002-2003 annual audit plan includes audits that were identified by risk assessments performed by the auditors, prior audits, and Commission management and staff; audits resulting from new legislation; and audits of areas that the Office had not previously reviewed. Percentage of performance audits in high-risk programs or support functions - planned 100% of all performance audits were planned in high-risk programs or support functions. Percentage of audits, suggested by the Commission or senior management, scheduled in annual audit plans 100% of audits suggested by Commission management have been scheduled in annual audit plans.	The Commission achieves its strategic program and support objectives Commission management has an enhanced understanding of operational risks Commission management is better able to manage, share, control, transfer, avoid, or accept operational risks A risk assessment performed during FY 2001 in the Office of Information Technology served as the basis for selecting information technology (IT) audits during FY 2002. The Office's audits of Information Technology Project Management (Audit Report No. 337) and Administration of Information Technology Contracts (Audit Report No. 350) addressed significant operational risks that were identified during the Office's FY 2001 risk assessment. In connection with these audits, the Office made several recommendations designed to eliminate or reduce operational risks. These recommendations concerned management practice; communication methods; linkage of strategic direction to daily activities; and establishing, streamlining, and enforcing IT policies, practices and procedures. The Office plans to update the OIT risk assessment as necessary for use in audit planning and risk identification.
2. Mitigate operational risks and add value to Commission operations A. Conduct performance audits of operational risks in Commission programs and support functions B. Encourage independent management actions to mitigate operational risks identified	Number of audit reports (including audit memoranda and reports on management issues arising from investigations) The Office issued 16 audit reports and 4 audit memoranda during FY 2002. Jointly, these reports contained 132 recommendations for improvement in Commission operations. Percentage of performance audits directly related to high-risk programs or support functions -- conducted 100% of performance audits conducted were directly related to high-risk programs or support functions. Number of significant audit findings and recommendations The Office made a total of 98 significant audit findings and recommendations during FY 2002. Percentage of significant findings and recommendations communicated to management before obtaining formal comments on draft audit reports 100% of significant findings and recommendations were communicated to management before obtaining formal comments on draft audit reports. Percentage of audit recommendations Commission management accepts Commission management accepted 100% of the Office's FY 2002 audit recommendations on which a decision has been made. Percentage of audit recommendations the Commission implements Commission management recorded 11% of the Office's FY 2002 audit recommendations as "completed," as of October 28, 2002. However, management had not completed its updating of the audit recommendation tracking system. Management is working on implementing the recommendations that have not yet been implemented. Number of material risks reported to management In addition to the risks identified in audit reports and memoranda, the Office reported to management concerning several risks and planning opportunities presented by the Sarbanes-Oxley Act of 2002. Percentage of material operational risks identified by the Office that are subsequently mitigated by management without further Office action Management is currently working to mitigate the risks presented by the Sarbanes-Oxley Act of 2002. In addition, management implemented a recommendation made by the Office in a prior period by installing website filtering software on the SEC network. According to management, this software will prevent access to inappropriate websites from SEC computers, while maintaining a positive and productive web browsing culture for all employees. The Office anticipates that the filtering software will result in a saving of investigative resources.	The Office continued to monitor the status of significant problems identified in its Semiannual Reports to Congress, including Information Research Management (IRM). With respect to IRM, the Office found that, during FY 2002, management continued to make progress in correcting material weaknesses identified in many aspects of the Commission's management of information resources. The Office intends to maintain its oversight of IRM in future periods. In compliance with requirements of the Government Information Security Reform Act, the Office responded to questions from the Office of Management and Budget (OMB). The Office reported to OMB that, over the past twelve months, the Commission continued to make notable progress in the area of information security. However, the Office pointed out that additional organizational improvements are needed to achieve a mature security program that fully complies with all federal requirements.

FY 2002 OIG PERFORMANCE MEASURES

INVESTIGATIONS

Strategic Goal: Identify and mitigate impediments to high individual and agency integrity (i.e., integrity risks)

OBJECTIVES/STRATEGIES	OUTPUT MEASURES	OUTCOME MEASURES
1. Assess integrity risks and prevent and deter misconduct A. Conduct integrity workshops B. Issue reports to management on control deficiencies identified during investigations C. Maintain effective communications with the Office of Ethics Counsel	Develop a qualitative evaluation capacity The Office is preparing a request for a hardware/ software package to facilitate qualitative evaluation of the Commission's compliance with GAO's revised "Standards for Internal Control in the Federal Government." Number of investigative reports on management issues The Office did not issue any investigative reports on management issues during FY 2002. However, as a result of one investigation conducted during FY 2002, the audit staff prepared a draft audit memorandum concerning external database security. The draft audit memorandum contains three recommendations designed to improve external database security and prevent staff misconduct. Number of significant recommendations made to prevent or deter misconduct In the draft audit memorandum concerning external database security, the Office is making three significant recommendations designed to improve external database security and prevent staff misconduct. Number of consultations with Office of Ethics Counsel staff The Office consulted frequently during FY 2002 with the Office of Ethics Counsel concerning the Office's investigations. Further, the Ethics Counsel received copies of all investigative reports issued during FY 2002.	Commission staff readily refer allegations of misconduct to the Office Over 40% of the allegations the Office received during FY 2002 were from Commission employees or managers. This demonstrates that Commission employees continue to place a high premium on integrity and are well aware of their obligation to report fraud, waste and abuse to the proper authorities.
2. Solicit allegations of misconduct	Percentage of new employees receiving Office material soliciting allegations of misconduct 100% of new Commission employees received Office material soliciting allegations of misconduct during FY 2002. Percentage of departing employees receiving Office material soliciting allegations of misconduct 100% of departing Commission employees received Office material soliciting allegations of misconduct during FY 2002. Number of allegations of misconduct received The Office received 141 allegations of misconduct during FY 2002 (excluding misdirected phone calls, e-mails or letters that were transferred to other agency components). These allegations came from a variety of sources, including Commission management and staff, members of the public, and anonymous sources.
3. Assign allegations of misconduct timely	Number of allegations assigned (i.e., investigation, preliminary inquiry, monitoring, or transmittal to appropriate other organization without Office investigation) The allegations received were assigned as follows: 32 investigations were opened; 40 preliminary inquiries were opened; 25 referrals were made to management or other Commission components; 4 referrals were made to the Office's auditors for inquiry or audit planning; and 8 referrals were made outside the Commission. With regard to the remaining allegations, no action was considered necessary or additional information was requested from the complainant. Percentage of allegations assigned within 3 workdays of receipt 89% (126 of 141) of allegations received during FY 2002 were assigned or otherwise resolved within 3 workdays of receipt.
4. Investigate allegations objectively, competently, and timely, and refer violations appropriately	Number of preliminary inquiries conducted The Office completed 36 preliminary inquiries during FY 2002 (including two that were opened in FY 2001). Two investigations were opened as the result of preliminary inquiries. Seven preliminary inquiries led to referrals to management or other Commission components; three preliminary inquiries led to referrals to other agencies. One preliminary inquiry was referred to the Office's audit staff for follow-up. Four preliminary inquiries remained pending at the end of FY 2002. Percentage of preliminary inquiries completed within one month Of the preliminary inquiries completed during FY 2002, 89% (32 of 36) were completed within one month. Number of investigations conducted Three investigations were pending at the beginning of FY 2002. The Office closed 23 investigations during FY 2002. Twelve investigations remained pending at the end of FY 2002. Percentage of investigations in which the rights of subjects, complainants, and witnesses were adequately protected The rights of subjects, complainants and witnesses were adequately protected in 100% of the investigations conducted during FY 2002. Subjects were provided with written notice of their rights before being asked to provide evidence. In addition, where complainants requested confidentiality, every effort was made to comply with these requests. Percentage of investigations completed within 6 months 91% (21 of 23) of investigations closed during FY 2002 were completed within 6 months. Number of allegations investigated The Office investigated a total of 28 allegations during FY 2002. In addition, 50 other allegations were reviewed during preliminary inquiries completed during FY 2002. Number of subjects investigated The Office investigated a total of 31 subjects during FY 2002. In addition, 54 other subjects were involved in preliminary inquiries completed during FY 2002. Number of investigations in which the evidence failed to substantiate the allegations The evidence failed to substantiate the allegations in nine investigations closed during FY 2002. Two investigations were closed because the subjects resigned for unrelated reasons. In addition, 27 preliminary inquiries were closed because the allegation appeared to lack merit, there was insufficient evidence to pursue the matter further, or the matter became moot. Number of referrals to the Commission The Office referred 12 cases to the Commission during FY 2002. These cases included evidence of false statements, forgery, misuse of computer resources, travel card abuse, unauthorized disclosure of nonpublic information, retaliation, harassment, misuse of government vehicle, and time and attendance abuse. Number of referrals to the Department of Justice The Office referred four cases to the Department of Justice during FY 2002. These cases involved evidence of false statements, forgery, travel card abuse and unauthorized disclosure of nonpublic information. Prosecution was declined in all of these matters. Number of personnel actions or convictions resulting from investigations As a result of Office investigations conducted during FY 2002, one employee was removed, two employees resigned, one employee was suspended, one employee received alternative discipline, and two employees were counseled. In addition, two employees resigned and one employee was counseled in connection with matters referred during FY 2001. Six matters remained pending at the end of FY 2002.	Commission staff have an enhanced understanding of desired and prohibited conduct Commission program operations are enhanced by the public's trust in Commission staff The Commission's integrity objective (i.e., to promote high individual and agency integrity) is achieved The Commission continues to have a high degree of individual and agency integrity. Prior Office work performed in this area identified no material weaknesses and found that Commission employees placed a high premium on integrity.

FY 2002 OIG PERFORMANCE MEASURES

REPORTING

Strategic Goal: Keep the Chairman and Congress fully and currently informed of Office activities and significant issues

OBJECTIVES/STRATEGIES	OUTPUT MEASURES	OUTCOME MEASURES
1. Report to Congress	Semiannual reports (SARs) comply with all reporting requirements of the Inspector General Act Both SARs for FY 2002 complied with all reporting requirements of the Inspector General Act. Percentage of audit reports summarized in the SARs 100% of the audit reports and audit memoranda issued during the reporting period were summarized in the SARs for FY 2002. Percentage of significant investigations summarized in the SARs 100% of significant investigations were summarized in the SARs for FY 2002. Office performance is reported annually in every other SAR Office performance for FY 2002 is being reported in the SAR for the second half of FY 2002. Number of testimonies, meetings, or other communications with the Congress or its staff The Inspector General and Office staff had meetings and telephone calls with Congressional staff concerning a variety of issues. As requested, the Inspector General provided Congress with copies of the Office's audit reports concerning the collection of filing fees and the rulemaking process. In addition, based upon a Congressional mandate, the Office provided a written report to Congress regarding Commission compliance with a statutory requirement that agencies give priority to the location of new offices in rural areas.	The Congress is fully and currently informed of office activities and material issues The Office strives to keep the Congress fully and currently informed of Office activities and material issues through its SARs and other efforts. In particular, during FY 2002, the Office kept Congress apprised of the Office's audits concerning the collection of filing fees and the rulemaking process.
2. Report to the Chairman and Commission management	Number of meetings with, and reports to, the Chairman or senior Commission management on the Office's activities and significant issues The Inspector General provided written monthly reports to the Chairman on Office activities and had periodic contacts with the Chairman's staff. In addition, the Inspector General and Office staff routinely met with senior Commission management on the Office's activities and significant issues. Number of Inspector General Advisory Committee meetings conducted In FY 2002, the Inspector General met quarterly with the Inspector General Advisory Committee. Members of the Inspector General Advisory Committee include the Chief of Staff, the Executive Director, the General Counsel, and the Director of the Division of Enforcement. At these meetings, the Inspector General brought significant issues and developments to the Advisory Committee's attention. Advisory Committee members also voiced their concerns and priorities during these meetings.	The Chairman and senior Commission management are fully and currently informed of office activities and material issues Through the monthly reports to the Chairman, the quarterly Inspector General Advisory Committee meetings and other periodic briefings, the Chairman and senior management are adequately informed on a timely basis of Office activities and significant issues arising from those activities.

FY 2002 OIG PERFORMANCE MEASURES

WORK QUALITY

Strategic Goal: Continuously improve Office staff, work products, and administration

OBJECTIVES/STRATEGIES	OUTPUT MEASURES	OUTCOME MEASURES
1. Arrange for triennial peer reviews	Arrange for a peer review of the audit program The Office has arranged for the OIG of the Board of Governors of the Federal Reserve System to conduct a peer review of the Office's audit program in 2003. Number of peer reviews of other OIGs conducted by Office staff The Office completed a peer review of the National Archives and Records Administration OIG in January 2002.	The Congress, Commission, and public have confidence in the competence and professionalism of our staff The Office has received favorable comments on the competence and professionalism of its staff from several sources both inside and outside of the Commission.
2. Obtain input from clients and Commission management on the value of Office activities	Percentage of audit clients surveyed The Office solicited comments from audit customers on each audit report issued by the Office during FY 2002. All of the feedback received was positive. Percentage of investigative clients surveyed The Office requested client feedback on all investigative reports issued during FY 2002. All of the feedback received was positive. Customer feedback is used to improve Office products and services The Office reviews and evaluates all comments received in an effort to enhance the Office's audit and investigative programs.	Office staff, operations, and administration are more efficient and effective The Office constantly strives to improve its efficiency and effectiveness. During FY 2002, the auditors assumed responsibility for identifying and assessing operational risks in their program areas. These risk assessment efforts have led to an increased audit focus on areas of significant operational risk, as is reflected in the 2002-2003 audit plan.
3. Maintain and improve the technical proficiency of Office staff 3. Maintain and improve the technical proficiency of Office staff (CONTINUED)	Percentage of audit staff who meet or exceed the Government Auditing Standard's training requirements 100% of the audit staff members met or exceeded the Government Auditing Standard's training requirements. Percentage of legal staff who maintain Bar memberships and obtain training to keep current professionally The Office currently has one attorney, who maintains Bar memberships and attends periodic professional training in subjects pertinent to the Office. Percentage of audit staff who have professional certification The Inspector General, the Deputy Inspector General and four of the five auditors have professional certifications. Number of professional certifications maintained The Office's eight staff members have a total of 15 professional certifications and six advanced degrees.	The Office is committed to the education and training of its staff to ensure that staff maintain their skills, are aware of new developments and are able to adapt to changes in the environment in which the Commission operates. Staff members generally exceed the minimum CPE requirements. As a result of the Office's commitment to education and training, Office staff are perceived as competent professionals who are qualified to achieve the Office's mission.

FY 2002 OIG PERFORMANCE MEASURES

GOVERNMENT-WIDE ISSUES

Strategic Goal: Participate with the IG Community in addressing government-wide issues

OBJECTIVES/STRATEGIES	OUTPUT MEASURES	OUTCOME MEASURES
1. Actively participate in ECIE/PCIE activities	Participation in bi-monthly ECIE meetings The Office participated in 100% of the ECIE meetings during FY 2002. Participation in PCIE Council of Counsel's (CCIG) meetings The Office participated in approximately 70% of the CCIG meetings during FY 2002. In addition, the counsel participated with other Inspector General counsel in a workshop presentation at a federal employee conference on dispute resolution issues. Participation in joint PCIE/ECIE meetings The Office participated in all joint ECIE/PCIE meetings, including the annual Inspector General retreat. Participation in other ECIE or PCIE Committees The Inspector General is a member of the Integrity Committee of the PCIE and ECIE. Pursuant to executive order, the Integrity Committee reviews and investigates administrative allegations against Inspectors General and other senior staff. The Inspector General attended all Integrity Committee meetings during FY 2002. In addition, the Inspector General met monthly with the financial regulatory agency Inspector General committee during FY 2002.	The Office benefits from the resolution of government-wide issues and the transfer of audit and investigative techniques and knowledge Through its participation in PCIE/ECIE and CCIG activities, the Office continues to obtain valuable information concerning Congressional interests, new government policies, and the impact of new laws and court decisions. The Office timely incorporates Congressional and administration policies and concerns into its operations During FY 2002, the Office incorporated Congressional concerns into two audits (addressing the collection of filing fees and the rulemaking process) that were of particular interest to Congress.
2. Participate in organizations that directly contribute to the IG community	Number of professional organizations and activities related to Office work in which staff participate Staff are members of and participate in the activities of several professional organizations, including the Institute of Internal Auditors (IIA), Association of Government Accountants (AGA), Association of Directors of Investigations, Information Systems Audit and Control Association, and American Institute of Certified Public Accountants. During FY 2002, the Inspector General made presentations on audit topics at the IIA international conference and the AGA national conference.	Congress and OMB recognize benefits from ECIE/PCIE activities The IG Community has achieved considerable results, which are described in the PCIE/ECIE Annual Report.

MANAGEMENT RESPONSE OF
THE SECURITIES AND EXCHANGE COMMISSION
ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL
FOR THE PERIOD APRIL 1, 2002 THROUGH SEPTEMBER 30, 2002

INTRODUCTION

The Semiannual Report of the Inspector General (IG) of the Securities and Exchange Commission (SEC) was submitted to the Chairman on October 31, 2002 as required by the Inspector General Act of 1978, as amended. The report has been reviewed by the Chief of Staff, General Counsel, Executive Director, and Director of the Division of Enforcement. The management response is based on their views and consultation with the Chairman.

The management response is divided into four sections to reflect the specific requirements listed in Section 5(b) of the Inspector General Act of 1978, as amended.

Section I
Comments Keyed to Significant Sections of the IG Report

A. Audit Program

During the reporting period, the IG issued seven audit reports and three audit memoranda. Management generally concurred with the findings and recommendations in the IG's reports, and in some cases took corrective actions during the audits.

In addition to audits performed by the agency's IG, the General Accounting Office (GAO) actively reviewed program and administrative functions of the SEC. A complete listing of all GAO audit activity involving the SEC is attached as Appendix A.

B. Response to Significant Problems

No new problems were reported.

C. Response to Significant Problems Previously Identified

The IG's Semiannual Report continues to identify information resources management as a significant problem. SEC management is working aggressively to make improvements in this area (see the IG's Semiannual Report for a description of actions taken during this period).

D. IG Recommendations Concerning Use of Funds

None.

E. Reports with No Management Decisions

Management decisions have been made on all audits issued prior to the beginning of the reporting period (April 1, 2002).

F. Revised Management Decisions

No management decisions were revised during the reporting period.

SECTION II
Disallowed Costs
As of September 30, 2002

	Number	Dollar Value (in thousands)
A. For which final action has not been taken by the commencement of the reporting period	0	$0
B. On which management decisions were made during the reporting period	0	$0
(Subtotal A+B)	0	$0
C. For which final action was taken during the reporting period	0	$0
(i) Recovered by management	0	$0
(ii) Disallowed by management	0	$0
D. For which no final action has been taken by the end of the reporting period	0	$0

SECTION III
Funds Put to Better Use
As of September 30, 2002

SECTION IV
Open Audit Reports Over One Year Old
As of September 30, 2002

Audit #	Audit Title	Issued	Funds Put to Better Use (in thousands)	Questioned Costs (in thousands)	Reason Final Action Not Taken
130	Management of the Center	11/18/89	$0	$0	A number of policies and procedures are being documented and adopted. However, the process has been slowed by a shortage of agency staff.
143	Information Resources Management	3/27/91	$0	$0	Same as above.
159	Audit of Local Area Networks	2/16/93	$0	$0	The remaining pending recom- mendation concerns the imple- mentation of prior audit and contractor recommendations. Each of the prior recommendations is being addressed under its original report.
220	IRM Planning Execution and	3/26/96	$0	$0	See explanation for audit #130.
243	SECOA Local Area Network	3/21/97	$0	$0	See explanation for audit #130.
250	Enhancing Excellence-- Integrity Program	1/22/97	$0	$0	A collective bargaining agreement has been reached between the SEC and the union. Policies are being developed.
253	Administrative Proceedings	11/7/97	$0	$0	Adjudicatory conference will be held once there is an experience factor to measure the overall results of the NASD's revised disciplinary procedures.
257	Client Server	9/9/97	$0	$0	See explanation for audit #130.
260	Value Engineering	5/2/97	$0	$0	Value engineering plans are being Program developed.
269	Database Administration	1/5/98	$0	$0	See explanation for audit #130.
271	Property System	9/25/98	$0	$0	SEC property regulations have been revised and will soon be issued in final.
273	Review of Investment Company Filings	6/26/98	$0	$0	Implementation of the one remaining recommendation is contingent upon funding decisions.
274	Year 2000-Internal Systems (OIT)				The recommendations are being addressed under the original audit report.
275	Year 2000-EDGAR	12/21/99	$0	$0	See explanation for audit #274.
282	Year 2000-Internal Systems (Non-OIT)	12/21/99	$0	$0	See explanation for audit #274.
293	Y2K Status Report-- January 1999	1/25/99	$0	$0	See explanation for audit #250.
296	UNIX Security	9/14/99	$0	$0	See explanation for audit #130.
298	Commission Review of Periodic Reports	2/23/2000	$0	$0	Management is attempting to identify review goals that include areas such as quality and complexity of reviews in addition to number of reviews.
299	Data Backup Procedures	3/31/2000	$0	$0	See explanation for audit #130.
308	EDGAR Hardship Exemptions	3/30/2000	$0	$0	The recommendations are being considered in connection with the next EDGAR modernization rulemaking initiative.
309	Telecommunication Vulnerabilities	3/31/2000	$0	$0	See explanation for audit #130.
312	Year 2000 Audits Summary Closing Report	12/21/99	$0	$0	See explanation for audit #130.
314	Payroll Conversion	9/22/2000	$0	$0	Policies are being developed and the agency's intranet is being expanded.
318	FOIA Process	3/23/2001	$0	$0	See explanation for audit #273.
320	General Computer Controls	12/26/2000	$0	$0	See explanation for audit #130.
327	General Computer Controls-Regions	2/28/2001	$0	$0	See explanation for audit #130.
330	Real Property Leasing	5/31/01	$0	$0	The leasing regulation is being updated. The expected completion date is the 2nd quarter of FY03.
M11	Part-time Employment Program	10/21/98	$0	$0	See explanation for audit #250.
M12	Control of Computer Equipment	12/29/98	$0	$0	See explanation for #271.
M14	Contingency Testing	3/15/99	$0	$0	See explanation for audit #130.
G317	Use of Personal Resources	12/14/2000	$0	$0	See explanation for audit #130.

APPENDIX A

General Accounting Office Audit Activity
Involving the Securities and Exchange Commission

Reports Issued During the Reporting Period

245 Electronic Government: Challenges to Effective Adoption of the Extensible Markup Language, GAO-02-327 (April 2002)

2. Securities Markets: Competition and Multiple Regulators Heighten Concerns About Self-Regulation, GAO-02-362 (May 2002)

3. SEC Enforcement: More Actions Needed to Improve Oversight of Disgorgement Collections, GAO-02-771 (July 2002)

4. SEC Operations: Implications of Alternative Funding Structures, GAO-02-864 (July 2002)

5. Catastrophe Insurance Risk: The Role of Risk-Linked Securities and Factors Affecting their Use, GAO-02-941 (September 2002)

6. Private Pensions: Participants Need Information on the Risks of Investing in Employer Securities and the Benefits of Diversification, GAO-02-943 (September 2002)

Audits in Progress as of September 30, 2002

1. Exchange Outages. A review of four separate market outages that occurred in June 2001 at the New York Stock Exchange, Nasdaq Stock Market, and International Securities Exchange.

2. Financial Statement Audit Requirements. A review of whether financial statement audit requirements should be expanded to include certain agencies that are not required to have annual financial statement audits under the Chief Financial Officers Act or other laws.

3. Enterprise Architectures. A review of enterprise architectures across the Federal Government.

4. Fraudulent Tax Schemes. A review of the IRS's efforts to ensure that fraudulent tax schemes are identified and properly dealt with and that taxpayers fulfill their tax obligations. While most of the work is being conducted at IRS, GAO was asked to look into how IRS coordinates its efforts to combat tax schemes with other relevant federal enforcement agencies such as the SEC, DOJ, and FTC.

5. Earnings Restatements. A study centered on the quality of financial reporting in the U.S. and financial restatements between 1997 and 2000.

6. Security of Federal Buildings. A review to determine the roles, responsibilities, and funding of each department/agency in the security of federal facilities (office buildings and postal facilities).

7. Financial Markets Response to September 11 & Market Outages. A study of the September 11 attacks on the functioning of the U.S. financial markets.

8. Privacy Act. A review of agency's compliance with the Privacy Act of 1974.

9. Nasdaq and NYSE Listing Programs. A review of Nasdaq and NYSE listing programs and the SEC's oversight of these programs.

10. Section 10(a) Reporting Update. A study to update GAO's February 2000 report, Securities Exchange Act: Review of Reporting Under Section 10A".

11. Employment Discrimination Arbitration. A review of employment and discrimination arbitration cases at the NYSE and NASD.

12. Reference Rates. A study of the reference rate that single-employer defined benefit pension plans must use, by law, to limit or set discount rates in ERISA minimum and full funding, lump sum, and PBGC variable rate premium calculations.

13. Electricity Market. A study of information on electricity currently collected by federal agencies, the ways in which this information is shared among federal agencies and with the public, the ways in which this information is used in formulating and evaluating public policy, and additional information that might be needed to provide oversight of the electricity market.

14. Fines Collection. A study to evaluate the steps SEC has taken to implement GAO's recommendations in the report entitled, Securities and Exchange Commission and Commodity Futures Trading Commission: Most Fines Collected, but Improvements Needed in the Use of Treasury's Collection Service.

15. Cyber-threats. A study of the steps financial services firms are taking to prevent or respond to potential cyberthreats, including cyber-terrorism, and to document relevant supervisory and regulatory policies and actions.

16. Tying. A review of the policies and procedures that banking regulators use to prevent and identify cases of illegal tying.

17. Farmer Mac. A review of the financial stability of Farmer Mac, including issues related to its operations and financial disclosures.

http://www.sec.gov/about/oig/audit/semoct02.htm