Skip to Main Content

Semiannual Report to Congress: April 1, 2003 to September 30, 2003

This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

Securities and Exchange Commission Office of Inspector General

Semiannual Report to Congress
April 1, 2003 to September 30, 2003

During the second half of fiscal year 2003, the Office of Inspector General assisted the Commission to:

  • Improve the process for issuing deficiency letters as a result of compliance examinations,
     
  • Strengthen controls to ensure the timely receipt and review of reports of changes in independent accountants,
     
  • Enhance the integrity of the Commission and its staff by investigating allegations of misconduct,
     
  • Reduce the risk of identity theft by preventing Social Security numbers from inclusion in the EDGAR system,
     
  • Enhance the effectiveness of the review process for applicants subject to a statutory disqualification,
     
  • Assess security risks to Commission access control systems and implement appropriate controls,
     
  • Protect its computers and data from security threats and comply with the Federal Information Security Management Act,
     
  • Clarify legal requirements associated with a temporary clerical services contract,
     
  • Strengthen the financial management of the Commission's Recreation and Welfare Association, and
     
  • Assure the effectiveness of regional/district office administrative controls.

Executive Summary

During this period (April 1, 2003 to September 30, 2003), the Office of Inspector General (Office) issued six audit reports, four audit memoranda, one investigative memorandum on management issues, and one special project report. These evaluations focused on the statutory disqualification review process; the compliance examination deficiency letter process; financial management in the Commission's Recreation and Welfare Association; administrative controls in the Southeast Regional Office, the Boston District Office, and the San Francisco District Office; the Commission's information technology security program under the Federal Information Security Management Act; facility access control systems; rural relocation policy (follow-up); Social Security numbers in the EDGAR system; reports of changes in independent accountants; and a temporary clerical services contract.

Twelve investigations were closed during the period. Seven subjects were referred to the Commission. One subject was suspended, and one subject was counseled. In addition, three subjects referred during a prior period were suspended. Five subjects referred during the period are awaiting disposition.

Information resources management (IRM) has been previously reported as a significant problem. During this period, the Commission continued to improve its management of these resources. Nonetheless, we intend to maintain our audit focus in this important area.

An audit completed in the last period found that Commission financial management controls for fiscal year 2002 were effective in all material respects except for controls over property accountability, accounting and control of disgorgements, information system and security program controls, and the Disgorgement and Penalties Tracking System. Accordingly, we reported these exceptions, taken together, as a significant problem in our last Semiannual Report. Several high-level task forces are currently working to correct these weaknesses. We commend the Commission for initiating prompt corrective actions and its continuing efforts to strengthen its financial management controls.

No management decisions were revised during the period. The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

Audit Program

The Office issued six audit reports, four audit memoranda, one investigative memorandum on management issues, and one special project report during the reporting period. These documents contained a total of 27 recommendations, which are further summarized below. Management generally concurred with the recommendations, and in many cases took corrective actions during the audits.

STATUTORY DISQUALIFICATION REVIEW PROCESS (AUDIT NO. 363)

Market participants who engage in certain types of misconduct are subject to statutory disqualification and must undergo a Commission review to enter or continue working in the securities industry.

Our objective was to evaluate whether the Division of Market Regulation's (MR) review process ensured that only appropriate applications were approved. We also sought to identify possible enhancements to the review process.

Overall, we found MR's review of applications to be in compliance with the Exchange Act. Its decisions on applications appeared appropriate. We also found that the process was thorough and effective.

To increase efficiency, we recommended that MR consider limiting or discontinuing its review of applications based on offenses unrelated to the securities industry. We also recommended that MR enhance its application log, ensure it meets required time frames for reviewing applications, update its policies and procedures and consider eliminating input of duplicative information into a Commission database.

COMPLIANCE EXAMINATION DEFICIENCY LETTER PROCESS (AUDIT NO. 364)

The Office of Compliance Inspections and Examinations (OCIE) and the field offices administer the Compliance Examination Program. In most cases, the Program issues a deficiency letter to the registrant after an examination.

Our audit objective was to evaluate the effectiveness and efficiency of the deficiency letter process.

We found that the process was generally functioning effectively and efficiently. We made several recommendations to improve the process, including: disseminating common deficiencies routinely and systematically, improving OCIE's liaison oversight of broker-dealer examinations, clarifying staff guidance concerning appropriate action when violations are unclear, and enhancing examination procedures.

SEC RECREATION AND WELFARE ASSOCIATION FINANCIAL MANAGEMENT (AUDIT NO. 368)

The Recreation and Welfare Association (RWA) promotes employee welfare through several activities, including employee parking, sale of Commission memorabilia, and social events (e.g., ice cream socials). These activities have been generally limited to headquarters and Operations Center staff. We evaluated RWA's financial management, and followed-up on financially related recommendations made in a prior audit (No. 346).

We found that the financial management of the RWA has improved. RWA has enhanced its separation of duties and documentation of the inventory. It has obtained a business credit card (rather than using the Treasurer's personal card). RWA now requires participants to pay their monthly parking fees by electronic funds transfer, which is more secure than a personal check. Our audit also acted as a control over financial management (formerly, RWA's books were not audited).

We recommended several additional improvements, including: establishing an annual budget; implementing a plan to bring revenues in balance with expenditures; enhancing controls over the donation of memorabilia items, and discontinuing the sale of identification card holders.

SOUTHEAST REGIONAL OFFICE (AUDIT NO. 369); BOSTON DISTRICT OFFICE (AUDIT NO. 370); SAN FRANCISCO DISTRICT OFFICE (AUDIT NO. 374)

The Southeast Regional Office (SERO), the Boston District Office (BDO), and the San Francisco District Office (SFDO) exercise a broad range of financial and administrative functions, including maintaining time and attendance records; procuring supplies and services; arranging for staff travel; maintaining an inventory of property; and recording budgeted and actual expenditures of the office.

We conducted a limited audit of the financial and administrative controls of the SERO, the BDO, and the SFDO. The audit procedures were limited to interviewing their staff, reviewing supporting documentation, and conducting limited tests of transactions. The purpose of the audit was to provide the Commission with negative assurance that the internal controls were adequate, implemented economically and efficiently, and in compliance with Commission policies and procedures.1

Our limited review indicated that the controls of these three field offices were generally adequate, implemented economically and efficiently, and in compliance with Commission policies and procedures. We discussed some non-material findings and informal recommendations with their management.

In addition, we recommended that the BDO obtain door locks and remind its staff to safeguard non-public information in common areas. We recommended that the SFDO contact the Office of Administrative and Personnel Management (OAPM) to request limited delegations for its staff of purchasing authority for court reporting services. Finally, we recommended that OAPM inform all Commission regional and district offices that this delegation of purchasing authority is available.

FEDERAL INFORMATION SECURITY MANAGEMENT ACT (REPORT 375)

The Federal Information Security Management Act of 2002 (FISMA) requires Inspectors General to perform an annual independent evaluation of the information security program and practices of their agency. In compliance with the Act's requirements, we responded to specific questions from the Office of Management and Budget (OMB) concerning the Commission's information security program and practices. Our response, which was drafted by an OIG contractor, was combined with management's responses to the OMB questions, and forwarded to OMB.

We used the results of independent evaluations completed during fiscal year 2003 and previous years; on-going audit work; and an independent review of the steps taken by management to implement the Act.

In FY 2003, the Commission achieved several milestones towards implementing an entity-wide security program. Noteworthy milestones include:

  • Receiving an increase in FY 2003 budgetary appropriations, thereby enabling budget dollars to be earmarked for certification and accreditation, security training materials, and disaster recovery planning efforts; and
     
  • The approval of technical bulletins establishing the Information Resource Management and IT Security program policy, procedures, and responsibilities for use throughout the entire agency.

While progress has been made, additional effort is needed to further enhance the Commission's security posture and to implement a sound and compliant information security program. We communicated three additional significant deficiencies in the Commission's security program:

  • The Commission has not fully implemented and maintained a Plan of Actions and Milestones (POA&M) process to capture and track a comprehensive listing of security weaknesses for each system;
     
  • Although a vacancy announcement has been posted, the Chief Information Officer position has been vacant since October 2002, with the Associate Director for the Office of Filings and Information Services fulfilling this role in an acting capacity; and
     
  • IT security costs have not been properly identified by project, tracked, and reported.

In future periods, we intend to continue monitoring the Commission's efforts to implement the requirements of FISMA.

FACILITY ACCESS CONTROL SYSTEMS (AUDIT MEMORANDUM 29)

Commission headquarters and six of the regional and district offices use a variety of facility access control systems (ACSs), acquired from several different vendors. The ACSs are used to control physical access to Commission facilities. Staff and authorized contractors are assigned access privileges based on their job responsibilities.

We examined whether the ACS systems complied with Commission regulations. We recommended that the Office of Administrative and Personnel Management inventory all Commission access control systems, assess their security risks, and implement appropriate systems security controls. We also recommended that the ACSs be reclassified in the Commission's financial accounting system records.

RURAL RELOCATION POLICY — FOLLOW-UP (AUDIT MEMORANDUM 30)

In a prior audit memorandum (Audit Memorandum 22), we recommended that the Office of Administrative and Personnel Management (OAPM) establish and maintain policies and procedures giving first priority to the location of new offices and other facilities in rural areas, as required by the Rural Development Act of 1972 (RDA). In February 2003, Public Law 108-7 required the Office of Inspector General in each agency to again report on compliance with this RDA requirement.

We found that OAPM had not yet developed policies and procedures to implement our prior recommendation. We recommended that within 90 days from the date of this memorandum, OAPM should implement the recommendation, and should comply with the RDA requirement and applicable policies and procedures when deciding on the location of Commission offices and other facilities.

SOCIAL SECURITY NUMBERS IN EDGAR (AUDIT MEMORANDUM 31)

We found that Social Security numbers were being made available on the Internet in Form 13D filings posted on the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, contrary to Commission policy. Misappropriation of publicly available Social Security numbers has been associated with identity theft and fraud.

We recommended that either the instructions on Form 13D be clarified, or the request for IRS numbers on the form be deleted. We also recommended the Commission eliminate Social Security numbers in filings already posted to EDGAR, if feasible and cost effective.

REPORTS OF CHANGES IN INDEPENDENT ACCOUNTANTS (AUDIT MEMORANDUM 32)

The Securities Exchange Act of 1934 and Commission rules require public companies (registrants) to file change reports whenever they end their relationship with their accountants, to explain the circumstances surrounding the change. Registrants must file these reports within five business days of the end of the relationship.

We reviewed management controls of the Division of Corporation Finance and the Office of the Chief Accountant that ensure the timely receipt and review of the change reports. We recommended several improvements to the controls, including developing timeframes for follow-up on delinquent reports; developing review goals; considering alternatives for organizing the review function; clarifying the priority of these reviews; and improving change report data in the Division's tracking system (FACTS).

TEMPORARY CLERICAL SERVICES CONTRACT (PRELIMINARY INQUIRY 03-25)

We reviewed allegations about a contract for temporary clerical services. The contract was issued to a non-profit company under the National Industries for the Blind/National Industries for the Severely Disabled (NIB/NISH) program and was significantly more expensive than the prior GSA schedule contract (approximately $200,000 versus $100,000).

The complaints centered on a disagreement concerning whether government regulations required the use of the NIB/NISH program in the particular instance.

We recommended that the Office of General Counsel prepare a legal opinion to resolve this issue of contract law.

Investigative Program

Twelve investigations were closed during the period. Seven subjects were referred to the Commission. One subject was suspended, and one subject was counseled. In addition, three subjects referred during a prior period were suspended. Five subjects referred during the period are awaiting disposition. The most significant cases closed during the period are described below.

MISUSE OF COMPUTER RESOURCES

Office investigations developed evidence that two attorneys had violated Commission policy by using Commission computers and e-mail in support of a personal private business. We also obtained evidence that the attorneys used official time to conduct their private business and that these activities may have interfered with the performance of their official duties. Administrative action is pending.

In another investigation, we found evidence that an employee misused his Commission computer to access sexually explicit websites and misused official time. The employee was suspended for seven days.

POST-EMPLOYMENT VIOLATION

An Office investigation developed evidence that a former senior Commission official may have violated 18 U.S.C. §207(c)'s one year prohibition against communications with a senior employee's former agency by submitting a comment letter on a proposed rulemaking. The matter was referred civilly to the Department of Justice and is pending.

IMPROPER INFLUENCE

The Office investigated allegations that Commission attorneys were improperly influenced by outside sources and acted for improper motives during the conduct of a securities fraud investigation. The evidence obtained during the investigation failed to substantiate the allegations.

TRAVEL CARD ABUSE

An investigation developed evidence that a Commission employee had misused a Government-issued travel card to obtain airline tickets at the government rate for personal use, and to pay for other personal expenses. Administrative action is pending.

IMPROPER RECEIPT OF BENEFIT

We developed evidence that a Commission employee improperly continued to receive transit subsidy benefits after obtaining a worksite parking permit. We further obtained evidence that, at the time these benefits were received, the employee falsely certified that the employee was not in possession of a worksite parking permit. Prosecution was declined, and administrative action is pending.

Significant Problems

No new significant problems were identified during the period.

Significant Problems Identified Previously

FINANCIAL MANAGEMENT SYSTEMS CONTROLS

An OIG contractor completed an audit of Commission financial management systems controls during a prior period (Audit No. 362). The audit found that Commission financial management controls for fiscal year 2002 were effective in all material respects 2 except for three material weaknesses and one material non-conformance. The exceptions concerned property accountability, accounting and control of disgorgements, information system and security program controls, and the Disgorgement and Penalties Tracking System. We reported that, taken together, these financial management exceptions are a significant problem for the Commission.

Management concurred with our recommendations to strengthen these financial controls, and several high-level task forces are taking actions to correct the weaknesses. GAO will review the corrective actions taken by the task forces as part of its audit of the Commission's financial statements.

We commend the Commission for its prompt actions to address the identified weaknesses in financial management systems controls.

INFORMATION RESOURCES MANAGEMENT

Since April 1996, we have reported information resources management (IRM) as a significant problem based on weaknesses identified in audits, investigations, and management studies. IRM weaknesses of continuing concern include information systems security; information technology (IT) capital planning; IT investment control and decision-making; administration of IT contracts; IT project management; and strategic management of IT human capital.

Over the past six months, the Office of Information Technology (OIT) continued making progress to correct material weaknesses identified in many aspects of the Commission's management of information resources under the direction of an Acting Chief Information Officer (CIO). During this reporting period, OIT:

  • Recommended closure of 19 audit recommendations addressing weaknesses in the areas of computer-related general controls, data backup procedures, contingency planning, security of external databases, password management, and performance-based contracting techniques;
     
  • Published 3 security technical bulletins addressing information security incidence response, virus and malicious software detection and prevention, and enterprise backup of electronic data;
     
  • Drafted several SEC-wide regulations addressing the establishment and use of electronic mail boxes and the Commission's email system;
     
  • Continued to facilitate the operation and activity of the Commission's Information Officers Council in selecting and prioritizing Commission IT investments; and
     
  • Took steps to hire personnel to fill some of the IT management and staff vacancies within the Office of Information Technology.

During this period, we issued an audit memorandum on facility access control systems (No. 29). We also issued a response to the Office of Management and Budget under the Federal Information Security Management Act (see above). Reviews of IT capital decision-making, IT contractor billings, and the Commission's enterprise architecture are ongoing. We intend to maintain our oversight of the Commission's management of information resources in future periods.

Access to Information

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

Other Matters

STRATEGIC PLAN

During this reporting period, we issued a revised Strategic Plan for the Office for fiscal years 2003 - 2007. The plan describes the Office's goals and objectives and presents strategies that the Office will use to achieve its objectives.

These strategic revisions are the outcome of the direct participation of Office staff, feedback from clients, and our experience with the previous plan that covered calendar years 1999 - 2003. We expect to revise the plan as appropriate.

As described in the plan, the Office is maintaining a risk-based approach to its work. This has allowed the Office to evolve from an appraisal activity focusing on controls into a program of integrated risk assessment and mitigation, conducted in concert with Commission management.

Our vision directly ties the Office's goals and objectives to the Commission's strategic and performance plans:

"Increase the likelihood that Commission objectives are achieved"

To accomplish this vision, we have adopted the following goals:

  • Mitigate operational impediments to achieving Commission goals and objectives,
     
  • Promote individual and agency integrity, and
     
  • Deliver cost-effective, quality service.

The revised plan in available on www.ignet.gov.

AUDIT OF COMMISSION FINANCIAL STATEMENTS

Under the Accountability of Tax Dollars Act of 2002, the Commission is now required to prepare audited financial statements. The Office of Management and Budget has waived this requirement for fiscal years 2002 and 2003. The U.S. General Accounting Office has agreed to perform the initial financial audits. Our Office is evaluating how future audits will be performed.

EXECUTIVE COUNCIL ON INTEGRITY AND EFFICIENCY

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of its Financial Institutions Regulatory Committee, and serves as the ECIE member on the Integrity Committee (established by Executive Order No. 12993).

The Counsel to the Inspector General is an active member of the PCIE Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

Questioned Costs

        DOLLAR VALUE
        (IN THOUSANDS)
      NUMBER UNSUPPORTED
COSTS
QUESTIONED
COSTS

A

 

For which no management decision has been made by the commencement of the reporting period

0 0 0

B

 

Which were issued during the reporting period

0 0 0
   

Subtotals (A+B)

0 0 0

C

 

For which a management decision was made during the reporting period

0 0 0
 

(i)

Dollar value of disallowed costs

0 0 0
 

(ii)

Dollar value of costs not disallowed

0 0 0

D

 

For which no management decision has been made by the end of the period

0 0 0
   

Reports for which no management decision was made within six months of issuance

0 0 0

Recommendations That Funds Be Put To Better Use

      DOLLAR
NUMBER
VALUE
(IN THOUSANDS)

A

 

For which no management decision has been made by the commencement of the reporting period

0 0

B

 

Which were issued during the reporting period

0 0
   

Subtotals (A+B)

0 0

C

 

For which a management decision was made during the period

0 0
 

(i)

Dollar value of recommendations that were agreed to by management

0 0
 

-

Based on proposed management action

0 0
 

-

Based on proposed legislative action

0 0
 

(ii)

Dollar value of recommendations that were not agreed to by management

0 0

D

 

For which no management decision has been made by the end of the reporting period

0 0
   

Reports for which no management decision was made within six months of issuance

0 0

Reports with No Management Decisions

Management decisions have been made on all audit reports issued before the beginning of this reporting period (April 1, 2003).

Revised Management Decisions

No management decisions were revised during the period.

Agreement with Significant Management Decisions

The Office of Inspector General agrees with all significant management decisions regarding audit recommendations.

1 Negative assurance means that no material internal control weaknesses came to our attention during our limited audit.

2 Based on criteria established under the Federal Managers Financial Integrity Act (FMFIA).



MANAGEMENT RESPONSE OF
THE SECURITIES AND EXCHANGE COMMISSION
ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL
FOR THE PERIOD APRIL 1, 2003 THROUGH SEPTEMBER 30, 2003

Introduction

The Semiannual Report of the Inspector General (IG) of the Securities and Exchange Commission (SEC) was submitted to the Chairman on October 31, 2003 as required by the Inspector General Act of 1978, as amended. The report has been reviewed by the Managing Executive for Operations, Executive Director, General Counsel, and Director of the Division of Enforcement. The management response is based on their views and consultation with the Chairman.

The management response is divided into four sections to reflect the specific requirements listed in Section 5(b) of the Inspector General Act of 1978, as amended.

Section I

Comments Keyed to Significant Sections of the IG Report

A. Audit Program

During the reporting period, the IG issued six audit reports, four audit memoranda, one investigative memoranda, and one special project report. Management generally concurred with the findings and recommendations in the IG's reports.

In addition to audits performed by the agency's IG, the General Accounting Office (GAO) actively reviewed program and administrative functions of the SEC. A complete listing of all GAO audit activity involving the SEC is attached as Appendix A.

B. Response to Significant Problems

None identified.

C. Response to Significant Problems Previously Identified

The IG's Semiannual Report discusses two significant problems that were previously identified. An update on each problem follows.

Financial Management System Controls. The IG's Semiannual Report continues to identify the financial management exceptions reported in both the SEC's Federal Manager's Financial Integrity Act certification and a contractor's audit of Commission financial management system controls as a significant problem for the Commission. The SEC is addressing all of the audit recommendations as it completes preparation for fiscal 2004 audited financial statements. The recommendations to strengthen internal controls and financial reporting on sensitive and accountable property have been fully implemented. The SEC continues to implement a multi-year program to bring its information system security program into compliance with all relevant statutory and regulatory requirements. As part of the preparations for the financial statement audit, the general support systems and financial systems will be certified and accredited in early calendar 2004. Finally, the SEC's Division of Enforcement has integrated the system for tracking all disgorgements and penalties arising from SEC enforcement cases into its case tracking system. Program and financial management staffs currently continue to enter data into the new system. Additional data entry and testing of the system and management controls will be required in fiscal 2004.

Information Resources Management. SEC management is continuing to work aggressively to make improvements in this area. Please see the Inspector General's Semiannual Report for a description of our efforts during the reporting period.

D. IG Recommendations Concerning Use of Funds

None.

E. Reports with No Management Decisions

Management decisions have been made on all audits issued prior to the beginning of the reporting period (April 1, 2003).

F. Revised Management Decisions

No management decisions were revised during the reporting period.


SECTION II
Disallowed Costs
As of September 30, 2003
     
Number
Dollar Value
(in thousands)
A. For which final action has
not been taken by the
commencement of the
reporting period
0 $0

B. On which management decisions
were made during the reporting
period
0 $0

  (Subtotal A+B) 0 $0

C. For which final action was
taken during the reporting
period
0 $0

  (i) Recovered by management 0 $0

  (ii) Disallowed by management 0 $0

D. For which no final action has
been taken by the end of the
reporting period
0 $0


SECTION III
Funds Put to Better Use
As of September 30, 2003

    Number Dollar Value
(in thousands)
A. For which final action has
not been taken by the
commencement of the
reporting period
0 $0
B. On which management decisions
were made during the reporting
period
0 $0
C. For which final action was
taken during the reporting period
0 $0
  (i) Dollar value of recom-
mendations that were
agreed to by management
0 $0
  (ii) Dollar value of recom-
mendations that management
has subsequently concluded
should/could not be
implemented or completed
0 $0
D. For which no final action has been
taken by the end of the reporting period
0 $0

SECTION IV
Open Audit Reports Over One Year Old
As of September 30, 2003

Audit # Audit Title Issued Funds Put to
Better Use
(in thousands)
Questioned Costs
(in thousands)
Reason Final Action Not Taken
220 IRM Planning and Execution 3/26/1996 $0 $0 Policy development and implementation are continuing. However, the process has been slowed by a shortage of agency resources.

243 SECOA Local Area Network 3/21/1997 $0 $0 Certification and accreditation activities are in progress. Policies and procedures are being documented and adopted.

250 Enhancing Excellence-- Integrity Program 1/22/1997 $0 $0 The heavy personnel workload in the last several years delayed implementation of several recommendations. Policies and procedures are now being developed.

253 Administrative Proceedings 11/7/1997 $0 $0 An adjudicatory conference will be held once there is an experience factor to measure the overall results of the NASD's revised disciplinary procedures.

257 Client Server 9/9/1997 $0 $0 The IT Capital Planning Committee is considering changes to the capital planning process.

269 Database Administration 1/5/1998 $0 $0 This audit will be satisfied with the completion of the enterprise data resource database structure. The targeted completion date is September 2004.

293 Y2K Status Report--January 1999 1/25/1999 $0 $0 Implementation of the one remaining recommendation is on hold until the new Chief Information Officer is hired.

298 Commission Review of Periodic Reports 2/23/2000 $0 $0 Management is attempting to identify review goals that include areas such as quality and complexity of reviews in addition to number of reviews.

299 Data Backup Procedures 3/31/2000 $0 $0 A contractor has been retained to review security issues. The contractor is reexamining the pending recommendations in light of the current security environment.

308 EDGAR Hardship Exemptions 3/30/2000 $0 $0 The recommendations are being considered in connection with the next EDGAR modernization rulemaking initiative.

309 Telecommunication Vulnerabilities 3/31/2000 $0 $0 Periodic assessments to determine compliance with revised policy are planned for the 2nd quarter of 2004.

314 Payroll Conversion 9/22/2000 $0 $0 SEC staff consulted with DOI to determine whether the remaining recommendation can be implemented in a meaningful way. A link will be estab- lished to the DOI web page.

320 General Computer Controls 12/26/2000 $0 $0 See explanation for audit #220.

327 General Computer Controls-Regions 2/28/2001 $0 $0 See explanation for audit #220.

329 GPRA Performance Reports 3/20/2002 $0 $0 The Commission is in the process of revising its GPRA Strategic Plan.

330 Real Property Leasing 5/31/2001 $0 $0 The leasing regulation is being updated. Also, the SEC's Office of General Counsel is reviewing the applicability of the Public Buildings Act to the SEC.

333 Sensitive Information Follow-up 3/8/2002 $0 $0 Most of the recommendations have been implemented. Currently, efforts are underway to enhance orientation briefing material and to purchase and install high capacity shredders in appropriate SEC locations.

337 IT Project Management 1/24/2002 $0 $0 An integrated project management tracking and control process is being established. The targeted completion date is June 2004.

346 Commission Oversight of NAFI 3/7/2002 $0 $0 Various alternatives are being explored to determine the most efficient approach to overseeing and structuring the SEC Recreation and Welfare Association.

M14 Contingency Testing 3/15/1999 $0 $0 See explanation for audit #220.

M22 Rural Office Location Policy 3/28/2002 $0 $0 The SEC is complying with the Rural Development Act. A formal policy document is being finalized for issuance during the 2nd quarter of FY2004.

G317 Use of Personal Resources 12/14/2000 $0 $0 See explanation for audit #220.

G335 Public Transportation Subsidy Program 9/27/2001 $0 $0 The Public Transportation Subsidy Regulation is being revised.

APPENDIX A

General Accounting Office Audit Activity
Involving the Securities and Exchange Commission

Reports Issued During the Reporting Period

1. Electricity Restructuring: Action Needed to Address Emerging Gaps in Federal Information Collection, GAO-03-586 (June 2003)

2. Mutual Funds: Greater Transparency Needed in Disclosures to Investors, GAO-03-763 (June 2003)

3. Securities Investor Protection: Update on Matters Related to the Securities Investor Protection Corporation, GAO-03-811 (July 2003)

4. Public Accounting Firms: Mandated Study on Consolidation and Competition, GAO-03-864 (July 2003)

5. SEC and CFTC Fines Follow-up: Collection Programs Are Improving, But Further Steps Are Warranted, GAO-03-795 (July 2003)

6. Securities and Exchange Commission: Preliminary Observations on SEC's Spending and Strategic Planning, GAO-03-969T (July 2003)

7. Employment Disputes: Recommendations to Better Ensure that Securities Arbitrators are Qualified, GAO-03-790 (August 2003)

8. Accounting Firm Consolidation: Selected Large Public Company Views on Audit Fees, Quality, Independence, and Choice, GAO-03-1158 (September 2003)

9. Securities and Exchange Act: Review of Reporting Under Section 10A, GAO-03-982R (September 2003)

Audits in Progress as of September 30, 2003

1. Nasdaq and NYSE Listing Programs (250075). A review of Nasdaq and NYSE listing programs and the SEC's oversight of these programs.

2. Reference Rates for Defined Benefit Pension Plans (130140). A study of the reference rate that single-employer defined benefit pension plans must use, by law, to limit or set discount rates in ERISA minimum and full funding, lump sum, and PBGC variable rate premium calculations.

3. Tying Practices at Large Banks (250099). A review of the potential for large banks with investment bank affiliates (commercial banks) to engage tying activities in violation of Section 106 of the Bank Holding Company Act and/or violate Section 23B of the Federal Reserve Act.

4. Farmer Mac Oversight (250095). A review to obtain information on the financial stability of Farmer Mac; its corporate governance; its compensation policy, including the granting of stock options; the non-voting status of its class C stock; and its fulfillment of its congressionally established mission.

5. Rotation of Registered Public Accounting Firms (194182). A study of the potential effects of requiring the mandatory rotation of registered public accounting firms.

6. Expected Rates of Return (130217). A study of the expected rates of returns for private sector defined benefit pension plans.

7. National Money Laundering Strategy (250117). A study focusing on the regulatory aspects of the 2002 National Money Laundering Strategy, specifically, the coordination among financial regulatory agencies and law enforcement institutions.

8. Environmental Disclosures (360299). A review regarding disclosure of environmental information under the securities regulations.

9. Securitization (250103). A review regarding the securitization of economic development loans and the development of secondary markets for these securities.

10. Insurance Marketplace (250112). A study of the issues and problems that senior citizens are facing in the insurance marketplace as they try to manage their retirement assets and income. Of particular concern are the regulatory challenges created as financial institutions introduce new "hybrid" types of products into the marketplace that cross industry lines (e.g., products with insurance and securities features to them).

11. Business-Owned Life Insurance (250121). A review of life insurance purchased and owned by businesses, banks, or trusts. Specifically, a review of the uses of such policies, reporting requirements, and oversight, as well as alternative means of obtaining such policies' benefits.

12. Enterprise Architectures (310248). A government-wide review of agencies' progress with implementing enterprise architectures.

13. Financial Services Regulation Structure and Processes (250151). A review of the structure and processes-capital requirements, supervision, and reliance on transparency, and market discipline-of financial services regulation in the United States.

14. SEC Operations II (250138). A review of the SEC's efforts to address issues raised in the GAO reports, Securities and Exchange Commission: Human Capital Challenges Require Management Attention (GAO-01-947) and SEC Operations: Increased Workload Creates Challenges (GAO-02-302).

15. Fannie Mae (194335). A review of Fannie Mae's financial statements and any related issues raised during Fannie Mae's financial audits, supervisory examinations, or other internal or Board-directed studies.

16. Follow-up on Potential Terrorist Attacks (250126). A review of the progress made by financial regulators and market participants in readying the U.S. markets to minimize damage and recover from terrorist attacks.

17. Federal Contractors (450245). A study of those corporations among the top 100 publicly traded federal contractors that have subsidiaries in tax haven countries.

18. Proxy Voting (130243). A study of proxy voting and fiduciary obligations under ERISA.