Board Report: 2013-AE-B-013 September 5, 2013
Our objective for this audit was to determine the processes for establishing, maintaining, and monitoring internal control within the Board of Governors of the Federal Reserve System (Board). We focused on internal control over the effectiveness and efficiency of operations and compliance with laws and regulations, i.e., administrative internal control. Our scope does not include internal control over financial reporting or information systems because the Board issues a management assertion on internal control over financial reporting and complies with the Federal Information Security Management Act of 2002, which requires agencies to establish and maintain an information security program to protect information and information systems.
Internal control is an integral part of managing an organization and is critical to improving organizational effectiveness and accountability. It comprises the plans, methods, and procedures used to meet the organization's mission, goals, and objectives. Internal control is the first line of defense in safeguarding assets and preventing and detecting errors and fraud and, thus, helps organizations achieve desired results through effective stewardship of public resources.
The Federal Managers' Financial Integrity Act of 1982 (FMFIA) requires that each executive agency establish internal accounting and administrative controls in compliance with standards established by the Government Accountability Office and prepare an annual statement on internal control based on an evaluation performed using Office of Management and Budget guidelines. Although the Board is not subject to FMFIA, the Board decided to voluntarily comply with the spirit and intent of FMFIA shortly after its enactment. The Board's approach to FMFIA remains unchanged.
We found that the Board's divisions have processes for establishing administrative internal control that are tailored to their specific responsibilities. These controls generally utilize best practices and are designed to increase efficiency and react to changing environments. The Board's processes for maintaining and monitoring these controls can be enhanced. Specifically, we found that the Board does not have an agency-wide process for maintaining and monitoring its administrative internal control.
Although the Board is not subject to FMFIA, the Board decided to voluntarily comply with the spirit and intent of FMFIA. The Board's approach to addressing the provisions of FMFIA does not require management to assess and monitor administrative internal control. We believe that an agency-wide process that maintains, monitors, and reports on administrative internal control can assist the Board in effectively and efficiently achieving its mission, goals, and objectives, as well as address the organizational challenges outlined in the Board's 2012--2015 strategic framework.
We recommend that the Chief Operating Officer (COO) designate responsible officials or an office to develop and implement an agency-wide policy and process to more closely follow the spirit and intent of FMFIA and develop a training program to increase staff awareness about maintaining and monitoring administrative internal control.
In its response to a draft of our report, the COO stated that the Board concurred with the recommendation's intent. The COO also stated that the Board has already implemented, or is in the process of implementing, several enhanced administrative processes. He added that, given the priorities and budgetary constraints underlying the Board's new strategic framework, Board management will evaluate whether, and in what form, an agency-wide framework makes sense and will coordinate with the Executive Committee of the Board to implement any additional requirements.
