Independent Auditors’ Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government Auditing Standards
To the Federal Financial Institutions Examination Council:
We have audited, in accordance with auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, the financial statements of the Federal Financial Institutions Examination Council (the “Council”), as of and for the years ended December 31, 2014, and the related notes to the financial statements, which collectively comprise the Council’s basic financial statements, and have issued our report thereon dated March 17, 2015.
In planning and performing our audits of the financial statements, we considered the Council's internal control over financial reporting (“internal control”) to determine the audit procedures that are appropriate in the circumstances for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Council’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Council’s internal control.
Our consideration of internal control was for the limited purpose described in the preceding paragraph and was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and therefore, material weaknesses or significant deficiencies may exist that were not identified. However, as described in the accompanying Schedule of Findings, we identified a deficiency in internal control that we consider to be a material weakness.
A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. We consider the deficiency described in the accompanying Schedule of Findings to be a material weakness. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
As part of obtaining reasonable assurance about whether the Council’s financial statements are free from material misstatement, we performed tests of its compliance with certain provisions of laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the determination of financial statement amounts. However, providing an opinion on compliance with those provisions was not an objective of our audit, and accordingly, we do not express such an opinion. The results of our tests disclosed no instances of noncompliance or other matters that are required to be reported under Government Auditing Standards.
The Council’s response to the findings identified in our audit is described in the accompanying Schedule of Findings. The Council’s response was not subjected to the auditing procedures applied in the audit of the financial statements and, accordingly, we express no opinion on it.
The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the results of that testing, and not to provide an opinion on the effectiveness of the Council’s internal control or on compliance. This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the Council’s internal control and compliance. Accordingly, this communication is not suitable for any other purpose.
Deloitte & Touche LLP /signed/
March 17, 2015
Useful life of Internal-Use Software
As part of our 2014 audit, a material weakness was identified related to the periodic determination and review of the useful life assigned to certain internal-use software. Specifically, the useful life assigned to a portion of the Central Data Repository (“CDR”) software was not appropriately reassessed in connection with enhancements to the software which extended the expected useful life of the CDR software in accordance with accounting principles generally accepted in the United States of America and the Council’s policy. Accounting Standards Codification 350-40, Internal-Use Software, requires the capitalized costs of internal-use software to be amortized over the useful life of the software, as determined and periodically reassessed by management. The appropriate determination, review and periodic reassessment of internal-use software useful life was not performed. The material weakness identified by us resulted in 2014 amortization expense being overstated by $267,679. This misstatement was corrected by management in the 2014 financial statements.
Recommendation:
We recommend that the Council enhance its process to determine, review and periodically reassess the useful life assigned to internal-use software, including periods in which enhancements are made that extend the expected useful life of the internal-use software. The Council should implement the controls necessary to prevent, or detect and correct, misstatements that result from using improper useful life on a timely basis.
Management’s Response:
Management has routinely evaluated the CDR software’s useful life (including the associated enhancements) as evidenced by the useful life extensions in 2009 and 2013. When the most recent enhancement was placed in service in September 2014, management noted that there were only three months remaining in the life of the existing CDR software, that the book value represented approximately two percent of the total cost capitalized-to-date, and that the original asset had been depreciating for over nine years. Since the new enhancement did not significantly alter the existing asset, and given the unique circumstances surrounding the one-year extension made in 2013, management decided to allow the original asset to finish depreciating over the three months of its remaining useful life. Management agrees the internal controls over the process of evaluating internal-use software functionality and associated useful lives should be improved.
Auditors’ Response:
The Council’s controls failed to prevent or detect an error in amortization expense of $267,679, which was material to the Council’s basic financial statements; accordingly, a material weakness exists related to the periodic determination and review of the useful life assigned to internal-use software.
