The U.S. Government Accountability Office has identified significant internal control deficiencies which may adversely affect the accuracy and completeness of information used and reported by the SEC’s management.
In its letter dated April 30, 2015 to the U.S. Securities and Exchange Commission, the GAO presented additional information regarding the significant deficiencies identified in its November 2014 financial audit report.
GAO observes significant deficiencies with SEC’s accounting procedures
The GAO letter notes significant deficiencies over accounting for disgorgements and penalties. Explaining the procedure, the GAO letter points out that as part of its enforcement responsibilities, SEC issues orders and administers judgments ordering, among other things, disgorgement, civil monetary penalties, and interest against violators of federal securities laws. The SEC records an accounts receivable for the amount the violator owes, accompanied by an equal and offsetting liability to reflect the amount payable to the harmed investors or to the Treasury.
The GAO report points out that in its fiscal year 2014 audit of SEC, it identified continuing and new deficiencies, including continuing deficiencies relating to (1) insufficient procedures for ensuring funds availability before transferring disgorgement and penalty-related funds to the Treasury, (2) ineffective monitoring of disgorgement and penalty-related cases filed in courts to ensure that all cases that should be recorded as receivables are timely identified; and (3) insufficient safeguarding controls at service providers that collect SEC cash receipts, including payments from violators for disgorgement, penalties, and related interest on SEC’s behalf. The GAO report notes the SEC is in the process of taking corrective actions to address these recommendations.
GAO observes new deficiencies
Highlighting the new deficiencies relating to disgorgements and penalties, the GAO letter highlights the SEC’s controls were not effective in (1) timely and accurately recording disgorgement and penalty receivables, (2) timely and accurately recording adjustments to disgorgement and penalty receivables, and (3) reviewing disgorgement and penalty collections for errors.
Detailing its observation relating to recording of disgorgement and penalty receivables, the GAO letter notes during its fiscal year 2014 audit, it observed that SEC’s controls were not effective in providing reasonable assurance that disgorgement and penalty receivables were recorded timely and accurately in SEC’s general ledger.
As regards recording of adjustments are concerned, the GAO letter points out that during the audit, it observed that SEC didn’t have effective controls to reasonably assure timely and accurate recording of adjustments to previously recorded disgorgement and penalty receivables, such as offsets. For instance, the GAO tested a nonstatistical sample of 10 offsets and observed 1 instance where SEC didn’t record the offset in the proper period because of a lack of information sharing between OFM and the Division of Enforcement.
Highlighting the deficiency in penalty collections, the GAO letter points out that during its fiscal year 2014 audit, the SEC was not able to provide evidence that SEC staff performed a daily review of collection transactions recorded in the general ledger compared to source documentation for 9 of the 45 randomly selected collections that the GAO tested.
The GAO letter also highlights some of the other deficiencies observed including: reinvestment of disgorgement funds, maintaining ongoing accuracy of property and equipment inventory records, documenting disposal of property and equipment, ensuring existence of capitalized bulk purchases, identifying and summarizing uncorrected misstatements.
Highlighting the deficiencies in information security, the GAO letter notes during its 2014 audit, it observed that SEC didn’t consistently implement effective internal controls over its information systems operations, including those affecting financial systems that support financial reporting. Some of the key observations under information security include: the SEC not maintaining and monitoring configuration baseline standards and not consistently implementing secure configuration settings.
The GAO letter highlights that during its audit of SEC’s fiscal year 2014 financial statements, it observed that SEC took action to address many of the recommendations from its prior reports. As summarized in the tables below, SEC took action to fully address 14 of the 25 recommendations reported as open in GAO’s May 12, 2014 management report. However, the GAO points out that the 11 recommendations that remained open as of the end of its fiscal year 2014 financial statement audit relate to budgetary resources, disgorgement and penalties, nonpayroll expenses, payroll, property and equipment and information security.