skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Federal Reserve Board of Governors

Compendium of Open Recommendations - January 31, 2008

Table of Contents

Introduction

This Compendium includes a list of open recommendations made by the Office of Inspector General (OIG) of the Board of Governors of the Federal Reserve System (Board), from January 1, 2001, through January 31, 2008.

For each open recommendation included, the Compendium contains a narrative with the report title and issue date, a background summary, findings, recommendation(s), and status. The Compendium does not include those recommendations that involve sensitive security issues. In addition, it does not include any information related to OIG investigations, since our investigative reports do not contain recommendations.

We follow-up on the status of recommendations made in our audit, inspection, and evaluation reports every six months, or as the Board takes action to address a specific recommendation, and use the terms "open" and "closed" to reflect recommendation status. We classify recommendations as open if (1) Board management agrees with the recommendation and is in the process of taking corrective action or (2) division management disagrees with the recommendation and we have referred it to the appropriate Board oversight committee or administrator for a final decision. Our follow-up process includes conducting work to verify that the actions taken meet the intent of a recommendation before officially classifying it as closed. We update the status of recommendations in our semiannual reports to Congress.

Overall, we have found that Board officials take our recommendations seriously and work expeditiously to implement them. We hope that this Compendium serves as a useful tool both for Board officials and for the Members of Congress.

Back to Table of Contents

OIG Mission and Organization

Consistent with the Inspector General Act of 1978, as amended, the mission of the Board's OIG is to
  • conduct and supervise independent and objective audits, investigations, and other reviews of Board programs and operations;
  • promote economy, efficiency, and effectiveness within the Board;
  • help prevent and detect fraud, waste, and mismanagement in the Board's programs and operations;
  • review existing and proposed legislation and regulations and make recommendations regarding possible improvements to the Board's programs and operations; and
  • keep the Chairman and Congress fully and currently informed of problems.

This statutory mission is implemented through our audits, attestations, evaluations, inspections, investigations, and legal work, as described below.

Audits and Attestations

The OIG's audit and attestation activities are designed to evaluate or examine certain aspects of the economy, efficiency, and overall effectiveness of the Board's programs and operations; the presentation and accuracy of the Board's financial statements, budget data, and financial performance reports; the effectiveness of internal controls governing the Board's contracts and procurement activities; the adequacy of controls and security measures governing the Board's financial and management information systems and the safeguarding of the Board's assets and sensitive information; and the degree of compliance with applicable laws and regulations related to the Board's financial, administrative, and program operations.

Inspections and Evaluations

The Inspections and Evaluations program area encompasses OIG inspections, program evaluations, enterprise risk management activities, process design and life-cycle evaluations, and legislatively-mandated material loss reviews of failed financial institutions that the Board supervises. Inspections are generally narrowly focused on a particular issue or topic, and provide time-critical analysis that cuts across functions and organizations. In contrast, evaluations are generally focused on a specific program or function, and make heavy use of statistical and quantitative analytical techniques. Evaluations can also encompass other non-audit, preventive activities, such as system development life cycle projects and participation on task forces and workgroups.

Investigations

The Investigations program conducts criminal and administrative investigations in support of the Board's programs and operations. To effectively carry out their mission, OIG special agents possess a thorough knowledge of current federal criminal statutes and the rules of criminal procedure, as well as other rules, regulations, and court decisions governing the conduct of criminal, civil, and administrative investigations. Additionally, OIG special agents obtain authority to exercise specific law enforcement powers through a blanket deputation agreement with the Department of Justice (U.S. Marshals Service).

Legal Services

The Legal Services Program provides comprehensive legal advice, research, counseling, critical analysis, and representation in support of the OIG projects and activities (that is, OIG management, audits, attestations, investigations, inspections, evaluations and other professional and administrative functions).

This work often provides the legal basis for conclusions, findings, and recommendations in OIG reports. In addition, Legal Services keeps the Inspector General and OIG staff aware of recent developments in the law that may affect the activities of the OIG and the Board.

Back to Table of Contents

Open Recommendations: Audit of the Federal Reserve's Background Investigation Process (Issued 10/01)

Background: During 2001, the U.S. House of Representatives Committee on Financial Services, Subcommittee on Oversight and Investigations (Subcommittee) requested that the OIG perform a review of the Board's background investigation process, because it was concerned that sensitive and private financial data utilized by federal financial regulatory agencies could be improperly accessed, used, or manipulated. The Subcommittee felt that it was critical to the safety and security of the financial services industry, and to consumers' confidence in the industry's ability to protect personal financial data, that Board employees or contractors with actual or potential access to such data meet stringent security conditions. In its request, the Subcommittee asked questions relating to (1) the Board's policies for conducting, adjudicating, and documenting background investigations of prospective and current employees and contractor personnel; (2) the Board's procedures for implementing its policies; and (3) the specific manner in which the Board has implemented its background investigation procedures.

Overall, we found that the Board's policies for conducting background investigations of employees and contractors needed to be strengthened. The Board's policies governing the employee security program were outdated and had not been communicated to all staff with responsibilities for processing security clearances. As a result, the Board did not have assurance that Board divisions and the Reserve Banks were consistently identifying the type of clearance required for like positions or that all parties were aware of the requirements and their specific responsibilities. We also found that there were no documented policies outlining the Board's security requirements for contractors or contractor employees. Our review identified several contractor personnel, working with sensitive personnel information, for whom a background investigation had not been completed. In addition, we found that summer interns and temporary employees were not required to undergo a background investigation, even though these individuals may potentially have access to sensitive information. Our report contained three recommendations designed to improve the Board's background investigation program.

  1. Finding: The Board's policies and procedures for conducting background investigations are incomplete and outdated.

    Recommendation: Board management should update and clarify the current policies for employee background investigations and include the revised guidance in the Internal Administrative Procedures Manual.

    Status: Board management concurred with our recommendation and issued a new Suitability Policy in December 2007. We are in the process of conducting the follow-up work that is necessary to close this recommendation.

  2. Finding: The Board lacks established requirements or documented guidance for completing background investigations for contractors or contractor personnel.

    Recommendation: Board management should develop guidance for conducting and documenting background investigations for contractors.

    Status: Board management concurred with our recommendation and the December 2007 Suitability Policy addresses contractors. We are in the process of conducting the follow-up work that is necessary to close this recommendation.

  3. Finding: Summer interns and temporary employees generally do not require a background investigation. Further, policies and procedures are lacking regarding the requirement for conducting investigations when employees transfer between positions.

    Recommendation: Board management should develop policies and procedures for conducting background investigations for summer interns, temporary employees, and transferred employees.

    Status: Status: Board management concurred with our recommendation and the December 2007 Suitability Policy addresses summer interns and temporary employees. We are in the process of conducting the follow-up work that is necessary to close this recommendation.

Back to Table of Contents

Open Recommendations: Audit of Retirement Plan Administration (Issued 7/03)

Background: The retirement plan for employees of the Federal Reserve System (System) is a defined benefit pension plan established to provide pension benefits to eligible employees of the Federal Reserve Banks and the Board. The retirement plan consists of two benefit structures: the Benefit Structure for Employees of the Board of Governors of the Federal Reserve System Hired Prior to January 1, 1984 (the Board Benefit Structure) and the Retirement Plan for Employees of the Federal Reserve System (the Bank Plan). As of October 31, 2002, there were 485 Board staff covered by the Board Benefit Structure, and 1,207 Board staff covered by the Bank Plan.

In 2001, the OIG participated with the Reserve Bank General Auditors in an audit of the System's Office of Employee Benefits. The audit included a recalculation of pension payments from a sample of retired employees throughout the System and a verification of pension-related information for active employees. The limited work we performed in support of the audit identified several discrepancies in the pension-related information for Board employees. As a result of that effort, we decided to conduct an audit that focused more in-depth on administration of the retirement plan for Board employees.

Our objectives for the retirement plan administration audit were to document and obtain an understanding of the retirement process for Board employees; assess the effectiveness of processes for monitoring vendor contracts and vendor performance; evaluate automated system controls and confirm the accuracy of employee data; determine whether Board employees and other key stakeholders are generally satisfied with the customer service provided; and obtain an understanding and evaluate the effectiveness of the governance structure for the retirement plan.

Our review of the retirement process and vendor contract management, as well as our data verification and pension benefit recalculations, did not identify any significant control weaknesses, data discrepancies, or systemic processing errors. Although we did not identify any significant weaknesses or systemic errors, we believed that opportunities existed to strengthen the retirement plan administration and oversight. Our report contained four recommendations describing policy decisions that the Board, either through the Committee on Board Affairs or through the Board's representation on other oversight committees, needed to make to strengthen oversight and administration of the retirement plan. Since our report was issued, the Board has taken sufficient action to allow us to close three recommendations. Implementation of our final recommendation, discussed below, will help ensure that lump sum payments are appropriately considered in future pension benefit calculations.

Finding: The service provider's methodology for computing the final average salary for members of the Board Benefit Structure may result in individuals not receiving full credit for lump sum payments.

Recommendation: The Board, through its representation on the [Federal Reserve System's] Committee on Plan Administration, should modify the methodology for including lump sum payments in pension benefit calculations for members of the Board Benefit Structure.

Status: Board management concurred with our recommendation. Staff are working with the service provider to correct additional data issues that have recently been identified. They hope to resolve all outstanding issues during the first quarter of 2008.

Back to Table of Contents

Open Recommendations: Audit of the Board's Fixed Asset Management Process (Issued 5/05)

Background: We conducted this audit in response to questions raised during previous financial statement audits regarding property and equipment management and in light of inventory discrepancies and control weaknesses identified during the OIG's review of the Board's Fine Arts Program. We evaluated the controls over the receipt, recording, and disposal of fixed assets for two asset accounts and determined whether amounts recorded in the Board's general ledger for these two accounts were accurate. In addition, we identified best practices for conducting, tracking, and recording fixed asset inventories and evaluated the Board's capitalization policy. We also conducted a physical inventory of 137 items selected as part of a stratified random sample.

Overall, we found that the Board lacked a comprehensive, integrated set of policies, procedures, and internal controls for managing its fixed assets. Our report contained two recommendations designed to address issues related to policies, financial system usage, and internal controls. Since our report was issued, the Board developed a new fixed asset policy which allowed us to close our first recommendation. Implementation of our second recommendation will result in more effective controls over the Board's fixed assets and more accurate and reliable asset management and financial accounting information.

Finding: The Board does not fully utilize the property management features of its financial system or ensure that accurate, complete information is entered into the system for each asset record. In addition, we found control weaknesses in the Board's disposal process to include lack of separation of duties for the receipt, storage, and disposition of Board assets as well as insufficient asset information provided by divisions when assets are identified for disposal.

Recommendation: The Management Division should strengthen internal controls over its property management process by (a) fully implementing available functionality in the Board's financial system, (b) ensuring that sufficient descriptive information is recorded for each asset, and (c) improving controls over the disposal process.

Status: The Management Division director agreed with our recommendation and stated that accounting staff will work with information technology staff to address changes needed in the Board's financial system. The director also noted that the policy changes made in response to our recommendation that has been closed will provide the requirements for sufficient, descriptive asset information as well as improved controls over the disposal process. We plan to perform additional follow-up work to determine if the financial system changes have been implemented to address the issues identified in this recommendation.

Back to Table of Contents

Open Recommendations: Evaluation of Service Credit Computations

Background: Creditable service is a key component of the pension benefit calculation for Board employees. Creditable service includes current Board employment as well as prior service with the Federal Reserve System, the federal government, or the military. The OIG performed this evaluation to verify the accuracy of recent service credit adjustments made by Board staff, evaluate controls over the process of computing employees' creditable service toward retirement, and evaluate the accuracy of service credit information in systems maintained by the Board and the service provider.

Our recalculations showed that Management Division staff accurately calculated the service credit adjustments for the employees in our sample. Management also took steps to strengthen the service credit process by training current staff and hiring additional knowledgeable staff to perform service credit calculations, implementing a supervisory review process, and developing an employee notification letter to inform employees of the types of prior service that are creditable and the steps they must take to receive credit. However, we found that the process was manually-intensive and included multiple data transcriptions, which increases the risk of data errors. In addition, the process lacked several key controls; as a result, significant data discrepancies existed between the Board's information system and the system maintained by the service provider. During our evaluation, we also identified other opportunities to strengthen existing controls. Our briefing to the Management Division officials contained three recommendations; Management Division has taken sufficient action to allow us to close one. Implementation of the two remaining recommendations will further strengthen or enhance controls over the service credit process.

  1. Finding: Data in the Board's information system does not agree with the system maintained by the service provider.

    Recommendation: The Management Division should strengthen controls by reducing or eliminating the number of data transcriptions, requiring automated verifications from its service provider for all data transmissions, and performing periodic reconciliations between its information system and the service provider's systems.

    Status: The Management Division director agreed with our recommendation and informed us that the division plans to implement a service credit module in the Board's human resources management information system, which is scheduled to be completed during the second quarter of 2008.

  2. Finding: Employees receive "provisional" credit for prior service if their information is verifiable to independent source documents.

    Recommendation: The Management Division should provide periodic employee reminders regarding deposits/redeposits and renouncements (to include dollar amounts) to help employees with retirement-related decisions.

    Status: The Management Division director agreed with the recommendation and informed us that the Board's service provider plans to send out letters to employees in January 2008.

Back to Table of Contents

Open Recommendations: Audit of the Supervision and Regulation Function's Efforts to Implement Requirements of FISMA (Issued 9/05)

Our objectives were to evaluate (1) the policies and procedures established by the Division of Banking Supervision & Regulation and the Division of Information Technology (IT) to ensure that applications owned or operated by Reserve Banks on behalf of the Board meet FISMA's requirements; and (2) the Reserve Banks' implementation of those policies and procedures, focusing specifically on how the application inventories were compiled.

Overall, we found that the System had begun implementing FISMA's requirements for Supervision and Regulation (S&R) systems. An S&R project team conducted FISMA awareness training at the Reserve Banks, issued guidance for developing an inventory of applications, developed an application tracking mechanism, and established a process to track identified weaknesses and associated corrective actions. Based on the guidance provided, the Reserve Banks developed an initial inventory of 140 applications and completed eight security control reviews using a self-assessment questionnaire.

Notwithstanding the progress made, however, we believed that further actions were required to ensure that all information and information systems used or operated by the Reserve Banks in support of delegated S&R functions met FISMA's requirements. We found that the Reserve Banks did not follow a consistent approach to developing their application inventory, and the guidance issued to the Reserve Banks for developing the inventory was insufficient to address all security controls and properly establish system interfaces as required by FISMA. As a result, the Board lacked assurance that it had a complete and accurate inventory of all information and information systems supporting its programs and operations. We also found that guidance issued to the Reserve Banks did not thoroughly address other aspects of the Board's current information security program (such as developing security plans, testing application security controls, and implementing corrective action plans). Our report contained four recommendations designed to enhance guidance to the Reserve Banks, strengthen compliance with the legislation and the Board's security program, and establish greater consistency across the System. Since our report was issued, the Board has taken sufficient action to allow us to close three of the recommendations. Implementation of our final recommendation will help ensure that systems maintained by the Reserve Banks as part of their delegated responsibilities fully comply with the security testing requirements contained in FISMA.

Finding: Detailed testing of security controls for systems maintained and operated by the Banks on behalf of the Board has not been performed as required by FISMA.

Recommendation: The CIO should issue guidance for conducting information security reviews that includes specific requirements for control testing.

Status: The Board's revised information security program contains guidance on preparing for and conducting the certification and accreditation process. During our 2007 information security-related audit work, we found that almost all Reserve Bank systems operated on behalf of the Board had undergone the certification process, to include security control testing, and received either a full or interim authorization to operate. Our audit work at the Reserve Banks will allow us to review the certification and accreditation efforts for these third-party applications. We will also review implementation of the annual testing requirement for third-party systems (outside of the certification and accreditation process) so that we can close this recommendation.

Back to Table of Contents

Open Recommendations: Audit of the Board's Information Security Program (Issued 10/05)

FISMA requires each agency Inspector General to conduct an annual independent evaluation of the agency's information security program and practices. Our specific audit objectives, based on the legislation's requirements, were to evaluate the effectiveness of security controls and techniques for selected information systems and to evaluate compliance by the Board with FISMA and related information security policies, procedures, standards, and guidelines.

Our work showed that the Board continued to make progress in developing and implementing a structured information security program as outlined by FISMA, and our control tests did not identify any significant security control deficiencies, although we found areas where controls could be strengthened. Despite this progress, however, we found that the Board had not yet identified all information and information systems supporting its operations and assets, or fully implemented information security requirements for applications maintained by third parties. We also found that the Board's overall governance structure for information security had been ineffective in establishing, monitoring, and enforcing compliance with information security requirements. Our report contained two recommendations designed to address these issues.

  1. Finding: The Board has yet to fully identify the scope of information and information systems within the System—other than the supervision and regulation business function—to which FISMA applies. Once the inventory is established, the Board must apply the components of its information security program—to include establishing requirements for performing risk assessments, developing security plans, testing security controls, and tracking corrective actions—to those systems, as it has with Board-operated applications.

    Recommendation: The Board should identify all information and information systems supporting its operations and assets, including those at Reserve Banks and other third parties, and ensure full and timely compliance with FISMA's legislative requirements and related information security policy and guidance.

    Status: Work completed as part of our 2006 information security audit closed the first part of this recommendation, since the CIO had issued an inventory guide to provide additional guidance for classifying systems, and the ISO had worked with divisions to implement the guidance. During 2007, the ISO updated the guide and issued additional procedures for determining system types, bundling applications where appropriate, and documenting security requirements. In our opinion, the guidance provides a systematic approach for identifying and classifying systems to ensure that all Board information assets are properly identified and achieve the appropriate level of security as established by the Board's information security program. The Board also continues to report progress in certifying and accrediting information systems on the inventory. During the past year, for example, the Board completed a certification of the IT general support system (GSS). As part of the certification, the IT security staff completed a baseline control matrix for each component of the GSS (such as Windows Active Directory, UNIX, and the mainframe).

    As noted in several areas in our 2007 audit report on the Board's information security program, the Board still has work remaining to fully implement the Board's program's requirements for all systems on the inventory; therefore, we are leaving the second part of our 2005 recommendation open until this work is completed. As the ISO continues to review the inventory and further implement the bundling guidance, we will evaluate the appropriateness of any revisions to the Board's application inventory. As minor systems are bundled into a GSS or major application, the ISO will also need to ensure that controls are properly documented, implemented, and tested to provide the appropriate level of security.

  2. Finding: The Board's current FISMA governance structure has been, and will continue to be, an ineffective structure for implementing the Board's information security program. Specifically, the Board's CIO for FISMA, the Director of IT, and the ISO (an assistant IT director) lack the organizational placement and clearly defined roles to provide the authority and independence necessary to effectively establish, implement, monitor, and enforce information security requirements for all information and information systems (including systems maintained by the Reserve Bank) supporting Board programs and operations.

    Recommendation: The Board should establish full-time, independent CIO and ISO positions that have the authority to direct and enforce compliance with FISMA's requirements for all information and information systems that support Board operations and assets, including those provided by the Reserve Banks and other third parties.

    Status: In response to our audit recommendation, Board management stated that the assignment of management responsibilities was designed to facilitate the effective implementation and continued compliance with FISMA's requirements, although management recognized that the appropriate authority and controls need to be in place. As with all developing programs, management stated that the Board will continue to evaluate and make changes as appropriate to the organizational structure in light of the developments from OMB and progress on implementing the review and analysis of the inventory outlined in Recommendation 1 above. Until the work discussed above is completed, we will continue to hold this recommendation open and will reassess its status at that time.

Back to Table of Contents

Open Recommendations: Audit of the Board's Payroll Process (Issued 12/06)

Background: The Board's personnel costs are non-appropriated expenses and most federal personnel rules do not apply to the Board, since section 10 of the Federal Reserve Act authorizes the Board to establish its own rules and regulations governing the employment and compensation of its employees. The Board is, however, subject to title 5, United States Code § 5517, regarding the withholding of state, city, and county taxes from the salaries of its employees. In addition, the Board's policy is also to follow the FLSA, which prescribes the basic requirements for overtime pay.

Based on a risk analysis performed during initial audit scoping work, we focused our audit fieldwork on the Board's higher-risk core payroll processes, including the new hire process, the biweekly payroll cycle, and the processing of overtime and other types of premium pay. Our objectives were to ensure that the processes were adequately controlled, that they operated efficiently and effectively, and that they resulted in accurate pay and deduction calculations.

Our audit did not identify significant data errors, due in part, we believe, to the efforts of a conscientious, dedicated staff who collectively possess considerable knowledge about the payroll process. However, we did find that the Board's payroll processes are inappropriately controlled, relying more on people than processes to pay Board staff. As a result, payroll-related activities are labor-intensive and inefficient, characterized by multiple data transcriptions, unnecessary document hand-offs, and redundant recordkeeping. Our field work also found inadequate separation of duties; incomplete policies and procedures; and opportunities to increase the use of, and strengthen the controls over, automation. Our testing also identified compliance issues related to the payment of overtime for law enforcement personnel and the withholding of state income taxes for a defined group of employees. Our audit report contained seven recommendations designed to improve the overall efficiency and accuracy of the Board's payroll processes and ensure compliance with applicable laws and regulations.

  1. Finding: The payroll process for overtime and other forms of premium pay is manually-intensive, with multiple data transcriptions.

    Recommendation: The Management Division should redesign existing payroll processes to increase efficiency and strengthen controls by reducing or eliminating multiple data transcriptions for overtime and other types of premium pay.

    Status: The Management Division director concurred with our recommendation and agreed that there are opportunities to significantly streamline the processing of overtime and other types of premium pay. They plan to modify the human resources management information system during the first quarter of 2008.

  2. Finding: Benefit election forms may change hands up to five times (between benefits and payroll staff) before the transaction is approved and entered as a payroll deduction. In addition, we found that data entry responsibilities are misaligned between benefits and payroll staff.

    Recommendation: The Management Division should realign roles and responsibilities between payroll and benefits staff to streamline the new hire and benefits elections processes.

    Status: The Management Division director concurred with our recommendation and stated that appropriate responsibilities have been transferred from the payroll staff to the benefits staff. Once we have had an opportunity of verify these actions, we will close this recommendation.

  3. Finding: We identified additional areas where employees could directly update the human resources management information system, including direct deposit information, thereby reducing the workload on payroll/benefits staff.

    Recommendation: The Management Division should increase the use of automation to allow employees to directly update more information in the Board's payroll application.

    Status: The Management Division director concurred with our recommendation. Management Division staff have been working over the past several years to continually upgrade the automated services available to employees. An on-going project to further automate the new hire process will enhance the capabilities of employees to directly enter their personal data into the Board's human resources management information system. Work in this area is scheduled to be completed during the fourth quarter of 2008.

  4. Finding: Payroll staff are able to enter their own overtime hours into the Board's payroll application, payroll staff had access to run the software module that purges the application's audit log tables, and the dollar amounts and number of transactions on the payroll file sent to FRB Atlanta were not verified.

    Recommendation: The Management Division should enhance controls over the payroll application by (a) restricting edit access to payroll data for any payroll staff, (b) reducing edit access to audit log tables, and (c) requiring electronic verification when the payroll file is sent to FRB Atlanta.

    Status: The Management Division director concurred with the recommendation and told us that corrections have been made to prohibit payroll staff from editing their own pay; to disallow payroll staff from removing audit information; and to require the payroll supervisor to perform a verification of transmittal data to FRB Atlanta. Once we have verified these revised procedures, we will close this recommendation.

  5. Finding: The payroll section lacks sufficient, up-to-date procedures for the payroll processes that we reviewed. The Board's policy for paying overtime and premium pay is unclear and incomplete.

    Recommendation: The Management Division should (a) develop, document, and disseminate procedures for all payroll-related processes and (b) enhance the current policy regarding premium pay.

    Status: The Management Division director agreed with our recommendation and the Board's Staff Director for Management issued a new Overtime and Other Forms of Premium Pay policy in January 2008. In addition, Management Division staff is in the process of updating and/or documenting its operating procedures and processes and will forward them to the OIG when approved.

  6. Finding: Officers, Sergeants, and Lieutenants in the Law Enforcement Unit automatically receive a half hour of overtime pay for preparation time (time to get in uniform, retrieve their weapons from locked storage, etc.) However, there is no Board policy that authorizes this payment.

    Recommendation: The Management Division should establish specific guidelines for paying overtime to all law enforcement personnel and ensure that law enforcement procedures clearly describe work requirements.

    Status: The Management Division director concurred with our recommendation and the Board's Staff Director for Management issued a memo that authorized payment of overtime to law enforcement personnel for preparation time. In addition, the Board's Law Enforcement Unit updated its formal guidelines to reflect this authorization. We are in the process of conducting the follow-up work that is necessary to close this recommendation.

  7. Finding: The Board does not withhold state income taxes for employees that reside in states outside the DC metro area (Maryland, Virginia, and the District of Columbia).

    Recommendation: The Board should withhold state income taxes for employees that reside and regularly work in locations other than Maryland, Virginia, or the District of Columbia.

    Status: Board management concurred with our recommendation and recently began withholding state income taxes for applicable employees. Once we verify the Board's actions in this area, we will close this recommendation.

Back to Table of Contents

Open Recommendations: Audit of the Board's Compliance with Overtime Requirements of the Fair Labor Standards Act (Issued 3/07)

Background: In our December 2006 report on the Audit of the Board's Payroll Process, we noted a potential issue related to compliance by the Board with FLSA requirements. During the conduct of this audit, an officer in the Management Division suggested we review the programming logic used by the Board's payroll system to calculate FLSA overtime premiums. To address this issue, we performed additional audit work to determine whether the Board's payroll system correctly calculates FLSA overtime premiums and whether Board employees eligible to receive the premium have been appropriately identified in the system. Because our work focused on the processing accuracy of the Board's payroll system, we did not evaluate specific position descriptions to determine if they were appropriately classified.

We found that the software calculation for the FLSA premium is correct; however, there were instances where these payments were not processed. Our analysis also showed that nonexempt staff who receive the FLSA premium, in accordance with current Board practice, are properly identified in the payroll system. However, we identified several differences between Board policy and actual practice. Our report contained two recommendations designed to enhance controls related to FLSA processing as well as better align the Board's policies and processes with FLSA requirements.

  1. Finding: We identified several instances where the FLSA premium was not properly paid because payroll staff must manually initiate the process to compute the FLSA premium. In addition, we found that negative FLSA premiums which result from adjusting entries for related premium pay earnings are not posted to the employee's pay.

    Recommendation: The Management Division should enhance FLSA premium processing by a) establishing controls to ensure all other forms of premium pay are entered before the process is run, b) establishing controls to ensure the process is run or eliminating the manual intervention required to initiate the process, and c) correcting the system logic for processing FLSA premium adjustments.

    Status: The Management Division director concurred with the recommendation and plans to modify its human resources management information system during the first quarter of 2008.

  2. Finding: found that the Board's Premium Pay policy does not adequately describe the different methods used to calculate overtime; in addition the policy does not explain how overtime will be paid following the spirit and intent of the FLSA.

    Recommendation: Consistent with a recommendation in our report on the Audit of the Board's Payroll Process, the Management Division should revise the current policy for premium pay to a) accurately describe the methods of calculating overtime pay for all Board employees, and b) ensure the policy fully reflects the purpose of the FLSA.

    Status: The Management Division director concurred with the recommendation and stated that the Overtime and Other Forms of Premium Pay policy issued in January 2008 will address the issues identified in the recommendation. We plan to verify the Board's compliance with the new policy and will close the recommendation once we complete the follow-up work.

Back to Table of Contents

List of Abbreviations and Acronyms

BOARD Board of Governors of the Federal Reserve System
CIO Chief Information Officer
FISMA Federal Information Security Management Act of 2002
FLSA Fair Labor Standards Act
ISO Information Security Officer
IT Division of Information Technology
OIG Office of Inspector General
OMB Office of Management and Budget
NIST National Institute of Standards and Technology
S&R Supervision and Regulation
System Federal Reserve System

Back to Table of Contents

 
Last update: November 6, 2009