Add the SEC to the list of entities that failed their internal control obligations this past year. At the same time that William Donaladson was resigning his position as Chairman of the SEC, he had also just received this report regarding his own accounting and internal control practices from the GAO. It seems that justice has its own irony sometimes.
The GAO reports that for the fiscal year ended September 30, 2004 the SEC's financial data was presented fairly in all material respects. The report then goes on to state:
"However, because of material internal control weaknesses in the areas of recording and reporting disgorgements and penalties, preparing financial statements and related disclosures, and information security, in GAO's opinion, SEC did not maintain effective internal control over financial reporting as of September 30, 2004."
Discouraging news in a year when the SEC was collecting record amounts of penalties and disgorgements from so many corporate offenders. The GAO goes on to report that beside the lack of control over these funds, some of which should be finding their way back into the accounts of defrauded investors, the SEC simply has inadequate policies and proceduress to assure that their financial accounting is accurate.
"SEC prepared its first complete set of financial statements for fiscal year
2004 and made significant progress during the year in building a financial
reporting structure for preparing financial statements for audit. However,
GAO identified inadequate controls over SEC's disgorgements and civil
penalties activities, increasing the risk that such activities will not be
completely, accurately, and properly recorded and reported for
management's use in its decision making. In addition, GAO identified
inadequate controls over SEC's financial statement preparation process
including a lack of sufficient documented policies and procedures, support,
and quality assurance reviews, increasing the risk that SEC management
will not have reasonable assurance that the balances presented in the
financial statements and related disclosures are supported by SEC's
underlying accounting records."
This whole internal control issue must be harder than it sounds. For corporations, one of the most perplexing and expensive issues that they have had to deal with to try and comply with the Sarbanes-Oxley Act has been documenting and controlling their information systems. The GAO had this glowing report on the SEC's shortcomings.
"GAO also found that SEC has not effectively implemented information
system controls to protect the integrity, confidentiality, and availability of its
financial and sensitive data, increasing the risk of unauthorized disclosure,
modification, or loss of the data, possibly without detection. The risks
created by these information security weaknesses are compounded because
the SEC does not have a comprehensive monitoring program to identify
unusual or suspicious access activities."
Well misery loves company and as I plow through my own internal control documentation headaches, I can only hope that there are at least a few people back in our Capitol that are losing nights and weekends with their families, but somehow I doubt it.