skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content

Office of Inspector General

Federal Reserve Board of Governors

Semiannual Report to Congress October 1, 2003 - March 31, 2004

Table of Contents


Seal of the Board of Governors of the Federal Reserve System BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C.  20551
OFFICE OF INSPECTOR GENERAL
April 27, 2004
 


The Honorable Alan Greenspan
Chairman
Board of Governors of the Federal Reserve System
Washington, DC 20551

Dear Chairman Greenspan:

We are pleased to present our Semiannual Report to Congress which summarizes the activities of our office for the reporting period October 1, 2003 - March 31, 2004. The Inspector General Act requires that you transmit this report to the appropriate committees of Congress within thirty days of receipt, together with a separate management report and any comments you wish to make.

Sincerely,

/signed/

Barry R. Snyder
Inspector General

Enclosure


Introduction

The mission of the Office of Inspector General (OIG), as prescribed by the Inspector General Act of 1978 (IG Act), as amended, requires that we

  • conduct and supervise independent and objective audits, investigations, and other reviews of programs and operations of the Board of Governors of the Federal Reserve System (Board);

  • promote economy, efficiency, and effectiveness within the Board;

  • help prevent and detect fraud, waste, and mismanagement in the Board's programs and operations;

  • review and make recommendations regarding possible improvements to existing and proposed legislation and regulations relating to Board programs and operations; and

  • keep the Chairman and Congress fully and currently informed of problems.

Additionally, the Federal Deposit Insurance Act, as amended, requires us to review failed financial institutions supervised by the Board that result in a material loss to the bank insurance fund and to produce, within six months of the loss, a report that includes suggestions for improving the Board's banking supervision practices. Further, through an agreement with other financial institutions regulatory agency Inspectors General charged with the same legislative requirement, we will address any relationship of Board-regulated holding companies to material losses to the fund from failed financial institutions supervised by any of these agencies.

During this reporting period, the OIG initiated a reorganization to ensure that we continue not only to provide sufficient and relevant coverage of Board programs and operations, but also to fully comply with new and more stringent standards and independence requirements for audits, investigations, and evaluations. The General Accounting Office (GAO) has substantially revised the Government Auditing Standards that guide OIG audit work and these new standards became fully effective in January 2004. This revision incorporates GAO's Independence Standard, which provides specific restrictions for audit organizations to use in performing certain non-audit or advisory services-a change that has a substantial impact on how we respond to requests from internal and external stakeholders. As a result, we have realigned our organizational structure accordingly: audits and attestations; investigations; and inspections and evaluations. In addition, consistent with Government Auditing Standards' provisions for internal quality control and external peer review, we are creating a Communications and Quality Assurance function to foster, expand, and enhance our communications protocols, products, and reports and our quality and internal control framework. The Counsel to the IG continues to have responsibility for our law and regulation review function under the IG Act.

 Office of Inspector General Organization Chart March 2004


                     OIG Staffing

Auditors
16
EDP Auditors
5
Investigators
5
Attorney
1
Administrative
2
Information Systems Analysts
2

Total Positions

31

Back to Table of Contents


Goals and Objectives

The OIG has identified three strategic goals and developed the corresponding objectives to guide our work over the next five years. For each strategic goal, we have also identified specific strategies to help achieve the underlying objectives. The exhibit below depicts the relationship of the various elements of our strategic plan, within the context of our mission and values.

Office of Inspector General Strategic Plan 2004-2007
Accessible version

Back to Table of Contents


Projects Completed during this Reporting Period

Review of Internal Control Assessments Performed During Community Bank Examinations

During the period, we completed this review which was initiated in light of the circumstances surrounding the failure of the Oakwood Deposit Bank Company (Oakwood). Our Report on the Failure of the Oakwood Deposit Bank Company showed how a trusted senior executive exploited a weak corporate-governance environment and inadequate internal-control structure to perpetrate a massive and pervasive fraud. In addition, we reported that Federal Reserve examiners did not properly apply risk-focused examination principles that would have warranted more in-depth testing when significant internal-control weaknesses had been identified.

To determine if Oakwood represented an anomaly or a systemic deficiency in examination practices, we evaluated the depth and adequacy of risk-focused internal control reviews performed during examinations of state member banks with an asset size similar to Oakwood's. To accomplish this objective, we reviewed risk-focused examination policies, procedures, and guidelines pertaining to internal control evaluations. We reviewed workpapers and reports for thirty-six safety and soundness examinations conducted by four Reserve Banks (Richmond, Chicago, Kansas City, and Minneapolis) during the period spanning August 2000 through May 2003. In addition, we interviewed staff and key examination managers at each of the four districts where workpapers were reviewed. We chose these four Federal Reserve Banks because the institutions within their districts account for 67 percent of the total assets of state member banks under $100 million. The sample of examinations we reviewed was selected judgmentally to ensure that banks of varying asset sizes and CAMELS ratings were included.

Our review of the documentation supporting the examinations indicates that examiners had performed internal-control assessments, and had appropriately applied risk-focused principles. In addition, the depth of their review was commensurate with the risk profile that the examiners established for each financial institution. However, it is important to note that our conclusions were limited to the examinations selected for our sample, and may not necessarily be reflective of all examinations conducted within the Reserve Banks we inspected.

During the course of our review, we observed that Reserve Bank managers were aware of our Report on the Failure of the Oakwood Deposit Bank Company that discussed undetected internal-control deficiencies that existed prior to the Oakwood failure. Accordingly, each of the Reserve Banks we visited had initiatives underway that we believe could offer opportunities for enhancing internal-control evaluations performed during risk-focused community bank examinations. Therefore, we suggested that the director of the Division of Banking Supervision and Regulation review and evaluate these initiatives, as well as others being pursued by Reserve Banks that we did not visit, to determine if any represent "best practices" that would be worthy of Systemwide implementation.


Audits of the Board's and the Federal Financial Institutions Examination Council's (FFIEC) Financial Statements for the Year Ended December 31, 2003

Each year, we contract for an independent public accounting firm to audit the financial statements of the Board and the Federal Financial Institutions Examination Council (FFIEC); the Board performs the accounting function for the FFIEC. KPMG LLP, our current contracted auditors, planned and performed the audits to obtain reasonable assurance about whether the financial statements are free of material misstatement. The audits included examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. The audits also included an assessment of the accounting principles used and significant estimates made by management, as well as an evaluation of overall financial statement presentation. In the auditors' opinion, the Board's and FFIEC's financial statements present fairly, in all material respects, the financial position of each as of December 31, 2003; and the results of operations and cash flows for the year then ended in conformity with accounting principles generally accepted in the United States of America.

To determine the auditing procedures needed to express an opinion on the financial statements, the auditors considered the Board's and the FFIEC's internal controls over financial reporting. Although the auditors' consideration of the internal controls would not necessarily disclose all matters that might be material weaknesses, they noted no such matters. As part of obtaining reasonable assurance about whether the financial statements are free of material misstatement, the auditors also performed tests of the Board's and the FFIEC's compliance with certain provisions of laws and regulations, since noncompliance with these provision could have a direct and material effect on the determination of the financial statement amounts. The results of the auditors' tests disclosed no instances of noncompliance required to be reported under Government Auditing Standards.


Targeted Evaluations of the Board's Emergency Preparedness Initiatives

During the period, we completed evaluations of key emergency preparedness and security enhancement initiatives that were part of the Board's response to the attacks of September 11, 2004. The objectives of our work were to evaluate the

  • Board's program to implement federal law enforcement authority grant under Section 364 of the USA Patriot Act of 2001, with a focus on the processes for selecting, deploying, and training Federal Reserve Law Enforcement Officers (FRLEO);

  • adequacy of physical access controls for the Eccles, Martin, and New York Avenue buildings and FRLEO's use of screening tools and equipment; and

  • policies, procedures, and practices used to screen the Board's visitors.

Evaluation results were presented to the Staff Director for Management and the director of the Management Division (MGT) on March 30, 2004, and both concurred with each of our recommendations. Our final report will not be made available to the public because it contains security-related information.


Follow-up on the Audit of the Federal Reserve System's Application Commitment Process

Our January 1998 Report on the Audit of the Federal Reserve System's Application Commitment Process contained five recommendations designed to improve the Federal Reserve System's efficiency and effectiveness in processing application commitments. Our initial follow-up determined that sufficient steps had been taken to close four of our recommendations. The remaining recommendation was to track all commitments in a central automated system. At the time of our initial follow-up, the Board planned to address this issue as part of an expanded automated application tracking, reporting, and document management system that was under development.

Based on our current follow-up work, we have determined that the remaining recommendation should be closed. Although the automated applications tracking system was never modified to include commitment tracking, the need for an automated tracking database for commitments has declined significantly in recent years. For example, a revision of Regulation Y broadened the scope of permissible nonbanking activities and eliminated the need to obtain commitments relating to many of these activities. In addition, a revision of the Board's Section 20 firewalls governing securities underwriting activities of bank holding company affiliates eliminated a large number of firewalls and thus reduced the number of commitments required in the application process.


Follow-Up on the Audit of the Board's Use of and Controls Over Purchase Cards

We completed follow-up work related to our May 2002 Report on the Audit of the Board's Use of and Controls Over Purchase Cards. Our audit report contained three recommendations designed to expand the use of the purchase card program and further reduce administrative burden, enhance the reconciliation process, and accurately identify current cardholders and promptly retrieve and deactivate purchase cards when they are no longer needed. Specifically, we recommended that (1) the Staff Director for Management expand the Board's purchase card program by raising the dollar threshold for small purchases, increasing cardholder credit limits, and mandating the purchase card's use by all division staff whenever possible; (2) the purchase card program coordinator periodically monitor cardholder reconciliations and provide guidance as required regarding the reconciliation process; and (3) the director of MGT develop procedures to accurately identify active purchase card accounts, and promptly deactivate and retrieve purchase cards when they are no longer needed.

Our follow-up work determined that sufficient actions have been taken or are in process to close all three recommendations. Specifically, the Staff Director for Management expanded the current program by revising the Board's Acquisition Policy to mandate use of the purchase card for low-cost, standard items that cost $2,500 or less and to encourage the use of the card for items costing between $2,500 and $5,000. In addition, MGT plans to increase monthly limits for selected cardholders to $25,000. During our follow-up work, we noted a decrease in the rate of unreconciled purchase card transactions and MGT plans to conduct periodic reviews of monthly transactions and provide reconciliation-related training when requested. MGT also implemented automated procedures to notify the purchase card coordinator when purchase card holders transfer, retire, or resign so that purchase cards can be retrieved promptly for deactivation.

Investigative Activity
During the reporting period, we opened one formal investigation and continued work on six cases that were opened during previous reporting periods. Of our seven active cases, we closed two cases that were opened from previous reporting periods.

One of the two cases closed involved the alleged violation of the Board's internet access service and other ethics violations by an employee. During the last reporting period, the OIG referred this case to a local prosecutor to determine whether it merited criminal prosecution. The U.S. Attorney's Office had declined prosecution of this investigation in favor of administrative action. The employee decided to resign their position after being notified of the Board's proposed administrative action. Our investigators also identified another employee involved in other ethics violations concerning this case. The disciplinary action taken by the Board resulted in a fourteen-day suspension without pay, a written reprimand, a lowering of the employee's annual performance rating by one rating, and counseling by management on the Board's ethics policies.

The remaining case closed involved the use of fictitious Federal Reserve documents and misrepresentations in an elaborate scheme that included the misuse of the Federal Reserve's name, logo, seal, and signatures purportedly signed by Federal Reserve senior officials. The alleged perpetrator in this case was a German citizen acting as a broker in gold investments. The investigation was referred to the Department of Justice, Criminal Division, Fraud Section, which declined prosecution due to lack of U.S. jurisdiction. This matter has since been referred to the Police Attaché, Swiss Embassy.

At the end of this reporting period, we had five active cases. Our summary statistics on investigations are provided in the table that follows:

Summary Statistics on Investigations Results for the Period of October 1, 2003, through March 31, 2004

Investigative Actions Number
 
Investigative Caseload
Investigations Opened during Reporting Period
68
  Investigations Open from Previous Period
0
  Investigations Closed during Reporting Period
41
  Total Investigations Active at End of Reporting Period
2
 
Investigative Results for this Period
  Referred to Prosecutor
2
  Referred for Audit
0
   Referred for Administrative Action
0
   Oral and/or Written Reprimand
1
   Resignations from Employment
1
 
  Terminations of Employment
0
  Suspensions
1
   Debarments
0
   Indictments
0
   Convictions
0
   Monetary Recoveries
0
   Civil Actions (Fines and Restitution)
0
   Criminal Fines: Fines & Restitution
0

Hotline Operations

Our investigators continue to address allegations of wrongdoing related to the Board's programs and operations, as well as violations of the Board's standards of conduct. During this reporting period, we received 127 complaints, of which ninety-five were from our hotline operation. Most hotline callers were consumers with complaints or questions about practices of private financial institutions. Those inquiries involved matters such as funds availability, account fees and charges, and accuracy and availability of account records. We continued to receive numerous questions concerning how to process Treasury securities and savings bonds. Other callers contacted us seeking advice about programs and operations of the Board, Federal Reserve Banks, other OIGs, and other financial regulatory agencies. We directed those inquiries to the appropriate Board offices, Reserve Banks, or federal or state agencies. We closed all but sixteen of the ninety-five hotline complaints after our initial analysis and contact with the complainants.

In addition to the hotline complaints, the investigative services program received a total of thirty-two allegations; twenty-six were referred to the OIG from Board program staff and six from other sources. As a result of those allegations, the OIG opened one investigation. In addition, we are continuing our review of fictitious instrument fraud complaints. Fictitious instrument fraud schemes are those in which promoters promise very high profits based on fictitious instruments, like the one described above, that they claim are issued, endorsed, or authorized by the System or a well-known financial institution. Our summary statistics of the hotline results are provided in the table that follows:

Summary Statistics on Hotline Results for the Period of October 1, 2003, through March 31, 2004

Investigative Actions Number
 
Complaints Referred for Investigation
  Hotline Referrals
95
  Audit Referrals
0
  Referrals from Other Board Offices
26
  Referrals from Other Sources
6
 
Proactive Efforts by OIG
  Investigations Developed by OIG
0
 
Results of all Complaints Referred and Proactive Efforts
  Resolved
111
  Pending
16
 
Total Received during Reporting Period
127


Executive Council on Integrity and Efficiency Participation

As Vice Chair of the Executive Council on Integrity and Efficiency (ECIE), the Board's IG provides leadership, vision, direction, and initiatives for the ECIE on behalf of the Council Chair (Deputy Director for Management, Office of Management and Budget (OMB)). Collectively, the members of the ECIE have continued to work with the members of the President's Council on Integrity and Efficiency (PCIE) to help improve government programs and operations.

October 12, 2003, marked the twenty-fifth anniversary of the IG Act. This occasion provided an excellent opportunity for the IG community to inform and educate others-the Congress, the agencies, and the public-about our mission, roles, and objectives. In early October, the Board's IG, in his role as ECIE Vice Chair, joined the PCIE Vice Chair, the Comptroller General, and the OMB Deputy Director for Management in testifying before the House Government Reform Subcommittee on Government Efficiency and Financial Management about progress since the enactment of the IG Act. The President of the United States met with the IG's to honor and recognize the silver anniversary of the IG Act and praised the IG community for its dedication to combating fraud, waste, and abuse in government programs and operations. In December 2003, President Bush signed a joint congressional resolution commending IGs for their efforts to prevent and detect fraud, waste, abuse, and mismanagement, and to promote economy, efficiency, and effectiveness in the federal government during the past twenty-five years. Other events to commemorate the twenty-fifth anniversary included updating and issuing the Quality Standards for Federal Offices of Inspector General and recognizing achievements and excellence in IG audits, investigations, evaluations, legal and legislative review, management, and administration during the annual awards ceremony.

The Board's IG also serves on the Comptroller General's Advisory Council on Government Auditing Standards (Yellow Book), a twenty-member group that works with the GAO to keep the auditing standards current through the issuance of revisions and guidance. With GAO's issuance of the substantially revised Government Auditing Standards, the advisory council is responding to questions and working to ensure a high degree of integrity, objectivity, and independence in audits of government entities through consistent implementation of the standards.

Ongoing Projects

Audit of the Board's Outsourcing Operations

As previously reported, we completed fieldwork on our audit of the Board's outsourcing operations and provided a draft report to management for their review and comment. Our audit objectives were to assess the Board's management of the contracts for outsourced services and to evaluate its processes for identifying and evaluating other competitive sourcing opportunities. Our draft report contains three recommendations designed to enhance the management of outsourcing contracts and the Board's overall outsourcing approach. We will incorporate management's comments into our final report which will be issued during the next reporting period.

During the course of this audit, we also identified one outsourced contract with substantial increases in contract costs as well as potential weaknesses in the contracting and contract modification process. We performed a more in-depth evaluation of the administrative controls governing this acquisition. Based on our evaluation, we have provided a second draft report with our recommendations to Board officials for comment. We will issue the final report during the next period.

Audit of Travel Manager Implementation

During 2003, the Board implemented a new travel management system (Travel Manager) to create and process travel authorizations, expense statements, and petty cash claims. The new system was designed to be an easy-to-use, browser-based program that streamlined the travel process, including reimbursement for expenses. Shortly after the new system was rolled out, however, concerns were raised that the system did not meet expectations. Board management made the decision to discontinue the use of Travel Manager in early 2004 and a working group was established to develop a set of user requirements and identify a system to meet those requirements.

We initiated an audit in late 2003 to evaluate the continued viability of Travel Manager as part of the Board's travel administration process and to identify opportunities to improve the efficiency and effectiveness of future system implementations. Work on this audit will also allow us to follow-up on our 1997 Report on the Business Process Review of Travel Administration, as several of the outstanding recommendations relate to automation requirements and process changes to enhance the efficiency of travel administration.

Review of the Board's Fine Arts Program

We have two major objectives for this review. First, we will determine if the Fine Arts Program (Program) is a good organizational "fit" where it is currently housed in the MGT, or whether the Program's effectiveness could be enhanced by placing it elsewhere within the Board. Second, we will assess the adequacy of the Program's inventory management practices including the policies, procedures, and processes for securing and preserving the Board's art collection.

During the period, we completed fieldwork which included benchmarking studies at the following organizations with art programs: the World Bank, the General Services Administration, the State Department, five Federal Reserve Banks, and a foreign central bank. We also reviewed the Program's inventory management practices, along with procedures for receiving and processing monetary and works of art donations. To determine the accuracy and completeness of the fine arts inventory, we conducted a physical inventory of selected works of art, comparing inventory records maintained by the Program's director with those supporting the Board's financial statements. In addition, we discussed the Program with its director, the MGT director, the director of the Public Affairs Office, and Board staff in the Finance and Accounting Section. We expect to issue our final report early in the next reporting period.

Review of Legislation and Regulations

As part of fulfilling our mission under the IG Act, we review existing and proposed legislative and regulatory items both as part of our routine activities and on an ad hoc basis. We routinely keep track of proposed and pending legislation and regulations by researching relevant documents and databases, reviewing lists prepared by the Board's law library, sharing information with others in the IG community, and coordinating with Board programs that also review new and proposed legislation. We then independently analyze the effect that the new or proposed legislation or regulation may have on the efficiency and effectiveness of Board programs and operations.

Review of the Board's Network Configuration Documentation

On December 17, 2002, the President signed into law the E-Government Act of 2002 (P.L. 107 347) which includes Title III, the Federal Information Security Management Act of 2002 (FISMA). FISMA permanently reauthorized the framework laid out in the Government Information Security Reform Act which expired in November 2002, including the requirement for each agency IG to conduct an annual independent evaluation of their agency's information security program and practices.

To improve the efficiency and effectiveness of the annual FISMA review process, we plan to incorporate audits throughout the year into our annual FISMA review of the Board's information security program. As the first phase of this process, we are reviewing specific aspects of the Board's program to obtain an understanding of the Board's overall information technology infrastructure. During this reporting period, our work included obtaining information pertaining to the network infrastructure configuration, the system configuration requirements for all of the Board's platforms, and the procedures to ensure adequate ongoing security monitoring and security maintenance. We interviewed Board officials and staff; requested discovery scans of the network; reviewed network diagrams, security settings and configuration documentation; and identified policies and procedures to ensure adequate and ongoing security monitoring and maintenance. Based on the results of our work, we are developing a multiyear plan of operational and technical audits and reviews that will support our overall review of the Board's information security program as required by FISMA.

OIG Application Replacement

The use of Lotus NOTES as our applications platform has allowed us to automate the majority of our core business processes. However, the original design of most of our key applications was completed in an early release of NOTES, making continued maintenance and support difficult and time consuming. Last year, we completed an assessment of the availability and usability of commercial off-the-shelf software (COTS) for meeting all OIG requirements (audits, evaluations, inspections, investigations, and management information). Based on our assessment, we acquired three COTS packages that we believe will meet our requirements. We completed the initial customization process and began testing the software in our new technology test environment. We also conducted user training on the first of the three products and we expect to bring all software into production during the second and third quarters. As part of the software roll-out, we are also reviewing and revising as required all internal policies, procedures, and processes to maximize the use of technology for implementing all related standards and guidelines.

Back to Table of Contents


Ongoing Projects

Audit of the Board's Outsourcing Operations

As previously reported, we completed fieldwork on our audit of the Board's outsourcing operations and provided a draft report to management for their review and comment. Our audit objectives were to assess the Board's management of the contracts for outsourced services and to evaluate its processes for identifying and evaluating other competitive sourcing opportunities. Our draft report contains three recommendations designed to enhance the management of outsourcing contracts and the Board's overall outsourcing approach. We will incorporate management's comments into our final report which will be issued during the next reporting period.

During the course of this audit, we also identified one outsourced contract with substantial increases in contract costs as well as potential weaknesses in the contracting and contract modification process. We performed a more in-depth evaluation of the administrative controls governing this acquisition. Based on our evaluation, we have provided a second draft report with our recommendations to Board officials for comment. We will issue the final report during the next period.

Audit of Travel Manager Implementation

During 2003, the Board implemented a new travel management system (Travel Manager) to create and process travel authorizations, expense statements, and petty cash claims. The new system was designed to be an easy-to-use, browser-based program that streamlined the travel process, including reimbursement for expenses. Shortly after the new system was rolled out, however, concerns were raised that the system did not meet expectations. Board management made the decision to discontinue the use of Travel Manager in early 2004 and a working group was established to develop a set of user requirements and identify a system to meet those requirements.

We initiated an audit in late 2003 to evaluate the continued viability of Travel Manager as part of the Board's travel administration process and to identify opportunities to improve the efficiency and effectiveness of future system implementations. Work on this audit will also allow us to follow-up on our 1997 Report on the Business Process Review of Travel Administration, as several of the outstanding recommendations relate to automation requirements and process changes to enhance the efficiency of travel administration.

Review of the Board's Fine Arts Program

We have two major objectives for this review. First, we will determine if the Fine Arts Program (Program) is a good organizational "fit" where it is currently housed in the MGT, or whether the Program's effectiveness could be enhanced by placing it elsewhere within the Board. Second, we will assess the adequacy of the Program's inventory management practices including the policies, procedures, and processes for securing and preserving the Board's art collection.

During the period, we completed fieldwork which included benchmarking studies at the following organizations with art programs: the World Bank, the General Services Administration, the State Department, five Federal Reserve Banks, and a foreign central bank. We also reviewed the Program's inventory management practices, along with procedures for receiving and processing monetary and works of art donations. To determine the accuracy and completeness of the fine arts inventory, we conducted a physical inventory of selected works of art, comparing inventory records maintained by the Program's director with those supporting the Board's financial statements. In addition, we discussed the Program with its director, the MGT director, the director of the Public Affairs Office, and Board staff in the Finance and Accounting Section. We expect to issue our final report early in the next reporting period.

Review of Legislation and Regulations

As part of fulfilling our mission under the IG Act, we review existing and proposed legislative and regulatory items both as part of our routine activities and on an ad hoc basis. We routinely keep track of proposed and pending legislation and regulations by researching relevant documents and databases, reviewing lists prepared by the Board's law library, sharing information with others in the IG community, and coordinating with Board programs that also review new and proposed legislation. We then independently analyze the effect that the new or proposed legislation or regulation may have on the efficiency and effectiveness of Board programs and operations.

Review of the Board's Network Configuration Documentation

On December 17, 2002, the President signed into law the E-Government Act of 2002 (P.L. 107 347) which includes Title III, the Federal Information Security Management Act of 2002 (FISMA). FISMA permanently reauthorized the framework laid out in the Government Information Security Reform Act which expired in November 2002, including the requirement for each agency IG to conduct an annual independent evaluation of their agency's information security program and practices.

To improve the efficiency and effectiveness of the annual FISMA review process, we plan to incorporate audits throughout the year into our annual FISMA review of the Board's information security program. As the first phase of this process, we are reviewing specific aspects of the Board's program to obtain an understanding of the Board's overall information technology infrastructure. During this reporting period, our work included obtaining information pertaining to the network infrastructure configuration, the system configuration requirements for all of the Board's platforms, and the procedures to ensure adequate ongoing security monitoring and security maintenance. We interviewed Board officials and staff; requested discovery scans of the network; reviewed network diagrams, security settings and configuration documentation; and identified policies and procedures to ensure adequate and ongoing security monitoring and maintenance. Based on the results of our work, we are developing a multiyear plan of operational and technical audits and reviews that will support our overall review of the Board's information security program as required by FISMA.

OIG Application Replacement

The use of Lotus NOTES as our applications platform has allowed us to automate the majority of our core business processes. However, the original design of most of our key applications was completed in an early release of NOTES, making continued maintenance and support difficult and time consuming. Last year, we completed an assessment of the availability and usability of commercial off-the-shelf software (COTS) for meeting all OIG requirements (audits, evaluations, inspections, investigations, and management information). Based on our assessment, we acquired three COTS packages that we believe will meet our requirements. We completed the initial customization process and began testing the software in our new technology test environment. We also conducted user training on the first of the three products and we expect to bring all software into production during the second and third quarters. As part of the software roll-out, we are also reviewing and revising as required all internal policies, procedures, and processes to maximize the use of technology for implementing all related standards and guidelines.

Back to Table of Contents


Appendix 1--Audit Reports Issued with Questioned Costs for the Period October 1, 2003, through March 31, 2004


Reports
Number
Dollar Value
Questioned Costs
Unsupported

For which no management decision had been made by the commencement of the reporting period

1
$585,630
$0

That were issued during the reporting period

0
$0
$0
For which a management decision was made during the reporting period
1
$585,630
$0

      (i)dollar value of disallowed costs
1
$585,630
$0
      (ii)dollar value of costs not disallowed
0
$0
$0
For which no management decision had been made by the end of the reporting period
0
$0
$0

For which no management decision was made within six months of issuance

0
$0
$0

Back to Table of Contents


Appendix 2--Audit Reports Issued with Recommendations that Funds be Put to Better Use for the Period April 1 through September 30, 2003



Reports Number Dollar Value

For which no management decision had been made by the commencement of the
reporting period

1
$585,630

That were issued during the reporting period

0
$0

For which a management decision was made during the reporting period

1
$585,630
       (i)dollar value of recommendations that were agreed to by management
1
$585,630
       (ii)dollar value of recommendations that were not agreed to by management
0
$0
For which no management decision had been made by the end of the reporting period
0
$0

For which no management decision was made within six months of issuance

0
$0

Back to Table of Contents


Appendix 3--OIG Audit Reports with Outstanding Recommendations



Report
No.
Audit Currently Being Tracked Issue Date Recommendations
Status of Recommendations 1
No. Mgmt.
Agrees
Mgmt.
Disagrees
Follow-up Completion Date Closed Open

A9702

Business Process Review of the Board's Travel Administration 07/97 9 9 0 01/99 1 8

A9710

Audit of the Federal Reserve System's Application Commitment Processing 01/98 5 5 0 03/04 5 0

A0004

Audit of the Board's Efforts to Implement Performance Management Principles Consistent with the Results Act 07/01 4 4 0 08/03 0 4
A0011 Audit of the Federal Reserve Board's Government Travel Card Program 01/02 5 5 0 - - -
A0107 Audit of the Federal Reserve's Background Investigation Process 10/01 3 3 0 09/03 0 3

A0109

Audit of the Board's Use of and Controls Over Purchase Cards
05/02
3 3 0 03/04 3 0

A0203

Audit of the Board's Security-Related Directed Procurements
09/02
3 2 1 -
-
-

A0208

Audit of the Board's Security-Related Directed Procurements
07/03
4 3 1 -
-
-

A0302

Audit of the Board's Information Security Program
09/03
7 7 0 - - -

Back to Table of Contents


Appendix 4--Cross-references to the Inspector General Act

Indexed below are the reporting requirements prescribed by the Inspector General Act of 1978, as amended, for the reporting period:

Section Source

4(a)(2)

Review of legislation and regulations

5(a)(1)

Significant problems, abuses, and deficiencies

5(a)(2)

Recommendations with respect to significant problems
5(a)(3) Significant recommendations described in previous Semiannual Reports on which corrective action has not been completed
5(a)(4) Matters referred to prosecutory authorities
5(a)(5) Summary of instances where information was refused

5(a)(6)

List of audit reports

5(a)(7)

Summary of significant reports

5(a)(8)

Statistical Table-Questioned Costs
5(a)(9) Statistical Table-Recommendations that Funds Be Put to Better Use
5(a)(10) Summary of audit reports issued before the commencement of the reporting period for which no management decision has been made
5(a)(11) Significant revised management decisions made during the reporting period

5(a)(12)

Significant management decisions with which the Inspector General is in disagreement

Footnotes

1. A recommendation is closed if (1) the corrective action has been taken; (2) the recommendation is no longer applicable, or (3) the appropriate oversight committee or administrator has determined, after reviewing the position of the OIG and division management, that no further action by the Board is warranted. A recommendation is open if (1) division management agrees with the recommendation and is in the process of taking corrective action or (2) division management disagrees with the recommendation and we have referred it to the appropriate oversight committee or administrator for a final decision.  Return to text


Inspector General Hotline
1-202-452-6400
1-800-827-3340

Report: Fraud, Waste or Mismanagement
Information is confidential
Caller can remain anonymous

You may also write the:
Office of Inspector General
HOTLINE
Mail Stop 300
Board of Governors of the Federal Reserve System
Washington, DC 20551

Back to Table of Contents


 
Last update: August 2, 2013