FDICís Emergency Response Plans

September 2006
Report No. 06-021

EVALUATION REPORT

FDIC OIG, Office of Audits

Background and
Purpose of Evaluation


The Federal Emergency Management Agency (FEMA) issued Federal Preparedness Circular 65, which provides guidance for agencies in developing contingency plans that include emergency planning for the safety and security of agency personnel.

The FDICís Emergency Preparedness Program provides the FDICís emergency response policy and requires that emergency response plans (ERPs) be established in Washington Area Headquarters Offices (HQ) and in each of the regional offices. The ERPs document the FDICís procedures and structure to ensure the safety and security of all FDIC personnel during an emergency.

The FDICís Division of Administration (DOA) Security Management Section conducts periodic training and maintains a Security Web site to ensure that all staff are aware of their responsibilities during an emergency.

Our objective was to evaluate the extent of the FDICís progress in developing and implementing comprehensive ERPs. The scope of our evaluation included the FDICís HQ facilities, Dallas Regional Office, and New York Regional Office.

FDIC, Federal Deposit Insurance Corporation


Results of Evaluation


The FDICís emergency response policy provides a framework from which comprehensive ERPs have been established for HQ (including divisional ERPs for specific functional areas of concern) and the two regional offices we reviewed. In addition, the ERPs we reviewed address most of the recommended emergency response elements contained in federal agency criteria for emergency response planning. However, FDIC senior management, particularly in HQ, could do more to ďset the toneĒ regarding the importance of emergency response through more public involvement in, and support for, emergency response plans. Further, additional guidance is needed on the following aspects of the FDICís emergency response policy and the ERPs we reviewed:

  • documenting management review and approval,
  • updating ERPs on a regular basis so they remain current,
  • assigning and maintaining a current list of Floor Marshals/Wardens,
  • communicating emergency information,
  • conducting evacuation and shelter-in-place drills,
  • developing shelter-in-place procedures,
  • inventorying and maintaining emergency food and water supplies,
  • providing information on available first-aid and medical response,
  • incorporating the child care facility ERP into the HQ ERP, and
  • developing additional procedures for employees with disabilities.

This additional guidance would help the FDIC establish an emergency response policy and ERPs that assure the safety and security of FDIC personnel across a wide range of potential emergencies.

Recommendations and Management Response

We made two recommendations to strengthen the emergency response policy and the maintenance, communication, and content of the FDICís ERPs. DOA concurred with both recommendations and has planned or initiated actions that are responsive to both recommendations.


TABLE OF CONTENTS

BACKGROUND

Emergency Response Plans

FDICíS EMERGENCY RESPONSE POLICY AND PLANS

Comparison of the FDICís ERP Policy and ERPs to Other Federal Agenciesí Guidance

Senior Management Involvement and Support

Emergency Response Organization

Emergency Response Plan

ERP Communication and Awareness

Evacuation

Shelter-in-Place

First Aid

Child-Care Facilities

Disabled Persons

RECOMMENDATIONS
CORPORATION COMMENTS AND OIG EVALUATION
APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY
APPENDIX II: CORPORATION COMMENTS
APPENDIX III: MANAGEMENT RESPONSES TO RECOMMENDATIONS
TABLE:
Comparison of FDICís Policy and ERPs to Other Federal Agency Guidance

ACRONYMS 
CPO Chief Privacy Officer
BCP Business Continuity Plan
COOP Continuity of Operations
CPR Cardiopulmonary Resuscitation
DOA Division of Administration
DOL Department of Labor
DRO Dallas Regional Office
ERP Emergency Response Plan
FEMA Federal Emergency Management Agency
FPC Federal Preparedness Circular
GSA General Services Administration
HQ Washington Area Headquarters Offices
Hspd Homeland Security Presidential Directive
NYRO New York Regional Office
ODEP Office of Disability Employment Policy
OEP Occupant Emergency Program
OSHA Occupational Safety and Health Administration
SMS Security Management Section


DATE: September 22, 2006
 
MEMORANDUM TO:Arleas Upton Kea, Director
Division of Administration
 
FROM:Russell A. Rau [Electronically produced version; original signed by Russell A. Rau]
Assistant Inspector General for Audits
 
SUBJECT:FDICís Emergency Response Plans
(Report No. 06-021)
 

This report presents our evaluation of the FDICís Emergency Response Plans (ERPs) for Washington Area Headquarters Offices (HQ), the Dallas Regional Office (DRO), and the New York Regional Office (NYRO). Our objective was to evaluate the extent of the FDICís progress in developing and implementing comprehensive ERPs. The ERP documents the FDICís procedures and structure to ensure the safety and security of personnel in the event of an emergency.

Our original objective was to evaluate the extent of the FDICís progress in developing and implementing a comprehensive Emergency Operations Plan, which consists of the Business Continuity Plan (BCP) and ERPs. However, we limited the scope of this review to the ERPs, and we plan to address the BCP in a future evaluation. Our evaluation focused on internal aspects of the HQ, NYRO, and DRO emergency response policy and plans (i.e., protection and safety of FDIC employees and facilities) and not the external and interagency aspects. Additional details on our objective, scope, and methodology are provided in Appendix I.

BACKGROUND

The Federal Emergency Management Agency (FEMA) issued Federal Preparedness Circular 65 (FPC 65), Federal Executive Branch Continuity of Operations (COOP), dated June 15, 2004, to provide guidance to federal executive branch departments and agencies for use in developing emergency plans and programs for the continuity of operations. Each agency is responsible for designing, updating, and carrying out comprehensive plans that include emergency planning for the safety and security of agency personnel.

With the issuance of FDIC Circular 1500.5, FDIC Emergency Preparedness Program, on December 28, 2004, the FDIC formally established a corporate-wide program to ensure the safety and security of personnel and the continuity of business operations. Section 6.c. of the circular specifically addresses ERP responsibilities and guidelines and supports emergency preparedness planning guidance as outlined in FPC 65. Circular 1500.5 requires the FDICís HQ and regional offices to develop ERPs that document the procedures and structure for a coordinated response to an emergency and focus on mitigating injuries and the loss of life of FDIC personnel, contractors, and visitors at FDIC locations.

The Division of Administrationís (DOA) Assistant Director, Security Management Section (SMS), is responsible for the development and maintenance of emergency preparedness plans at HQ and all regional offices, to include developing an ERP and reviewing HQ and regional office ERPs for final approval by the Chief Operating Officer, or his designee.

The Assistant Director indicated that SMS is active in a number of interagency and local emergency preparedness committees and forums including:

  • the Washington Area Security Managers Association,
  • the Interagency Security Committee,
  • the Department of Homeland Security COOP Working Group,
  • monthly meetings hosted by the Joint Federal Committee,[ 1 ] and
  • quarterly meetings of the Arlington County Office of Emergency Management.

Emergency Response Plans

The HQ and regional office ERPs outline the responsibilities of all personnel during an emergency. ERPs contain information on emergency communication and notification systems and procedures for responding to different types of emergencies. SMS is responsible for developing the HQ ERP; and the DOA Regional Manager in each regional office is responsible for developing the regional office ERP. Several other FDIC divisions, including the Divisions of Finance, Supervision and Consumer Protection, Resolutions and Receiverships, and Information Technology have also established plans for specific functional areas of concern.

To ensure that information is communicated in a timely manner during an emergency, the HQ ERP includes procedures for ďSituation Rooms,Ē which are located in each HQ building and regional office. If an emergency occurs, division/office directors report to the nearest Situation Room and, through a teleconference bridge, tie into all other Situation Rooms. Directors are then able to obtain up-to-the-minute information and gain insight into the actions they must take to protect FDIC personnel.

As of July 2006, all FDIC office space in HQ and the San Francisco Regional Office is owned by the FDIC; all other regional office space is leased. Nevertheless, the FDIC is responsible for providing ERPs for its employees in both owned and leased facilities. The ERPs are available to FDIC employees on the FDIC Web site for their review. Additionally, SMS and DOA Facilities personnel conduct periodic training sessions for HQ and regional office personnel designed to ensure that all staff understand their responsibilities during an emergency, and each location periodically conducts emergency evacuation and shelter-in-place drills.[ 2 ]

FDICíS EMERGENCY RESPONSE POLICY AND PLANS

The FDICís ERP policy provides a framework from which comprehensive ERPs have been established for HQ (including divisional ERPs for specific functional areas of concern) and the two regional offices we reviewed. In addition, the ERPs we reviewed address most of the recommended emergency response elements contained in federal agency criteria for emergency response planning. However, FDIC senior management, particularly in HQ, could do more to ďset the toneĒ regarding the importance of emergency response through increased communication to employees. Further, additional guidance is needed for the following aspects of emergency preparedness in the FDICís emergency response policy and the ERPs we reviewed.[ 3 ]

  • documenting management review and approval,
  • updating ERPs on a regular basis so they remain current,
  • assigning and maintaining a current list of Floor Marshals/Wardens,[ 4 ]
  • communicating emergency information,
  • conducting evacuation and shelter-in-place drills,
  • developing shelter-in-place procedures,
  • inventorying and maintaining emergency food and water supplies,
  • providing information on available first-aid and medical response,
  • incorporating the child-care facility ERP into the HQ ERP, and
  • developing additional procedures for employees with disabilities.

This additional guidance, as well as more public senior management involvement in, support for, and emphasis on the importance of emergency response planning, would be beneficial to the FDIC in remaining prepared to protect its employees in the event of a significant incident or emergency.

Comparison of the FDICís ERP Policy and ERPs to Other Federal Agenciesí Guidance

We compared the Corporationís ERP policy and the HQ, DRO, and NYRO ERPs to the following federal agenciesí guidance:

  • FEMA guidance in FPC 65,
  • U.S. General Services Administrationís (GSA) Occupant Emergency Program Guide (OEP), including child care center guidance;
  • Occupational Safety and Health Administration (OSHA) regulations, particularly section 1910.38, Emergency Action Plans; and
  • U.S. Department of Labor (DOL), Office of Disability Employment Policy (ODEP) publication, Effective Emergency Planning: Addressing the Needs of Employees with Disabilities.

Based on our comparison, we concluded that the FDICís emergency response policy and the HQ, DRO, and NYRO ERPs include most of the elements contained in the federal agency guidance that we used as evaluation criteria but could be revised to include additional procedures and best practices.

The following table summarizes the most significant emergency response requirements contained in federal agency guidance. The remaining report sections discuss items not included in the ERP (indicated in the table as ďNoĒ) or needing improvement (indicated in the table as ďYes-NIĒ).

Comparison of FDICís Policy and ERPs to Other Federal Agency Guidance


CRITERIA

SOURCE
IS ELEMENT ADDRESSED?

ERP POLICY HQ ERP NYRO ERP DRO ERP
Senior Management Involvement and Support          
The Chief Executive should set the tone by authorizing planning to take place and directing senior management to get involved. FEMA Guidancea Yes-NI N/Ab N/A N/A
Emergency Response Organization          
An emergency organization is established, preferably following existing lines of authority. GSA Yes Yes Yes Yes
The ERP includes a sign-off sheet of the approving officials. GSA No No No No
The plan identifies responsibilities of key personnel. OSHA Yes Yes Yes Yes
Emergency organization members are designated by position rather than person. GSA Yes Yes Yes Yes
The authority and responsibilities of guards under contract are defined. GSA Yes Yes Yes Yes
Emergency Response Plan          
The ERP is updated on a regular schedule to ensure human capital information and resources remain current and key emergency response personnel are familiar with their responsibilities. FPC 65 No No Yes Yes
The ERP includes procedures for how employees should respond to different types of emergencies such as fire, chemical, explosion, weather, etc. OSHA Yes Yes Yes Yes
In leased space, the responsibilities of the owner/lessor are stated. GSA No N/A Yes Yes
ERP Communication and Awareness          
An ERP should be kept where employees can refer to it at convenient times. OSHA Yes-NI Yes-NI Yes Yes
Organizations conduct employee forums to discuss emergency procedures and solicit employee comments. FPC 65 Yes-NI Yes-NI Yes Yes-NI
Command Center          
A Command Center is established. GSA Yes Yes Yes Yes
The ERP includes circumstances and procedures for emergency organization members to report to the Command Center. GSA Yes Yes Yes Yes
IN THE EVENT OF AN EMERGENCY          
Immediate Response          
Procedures for reporting a fire or other emergency. GSA Yes Yes Yes Yes
Procedures for reporting a bomb threat. GSA Yes Yes Yes Yes
Procedures for employees who remain in FDIC facilities to operate critical plan operations. OSHA Yes Yes Yes Yes
Evacuation          
Procedures include evacuation under different types of emergencies and different evacuation routes. OSHA Yes-NI Yes-NI Yes Yes
Procedures to account for all employees after evacuation. OSHA Yes Yes Yes Yes
Shelter-in-Place          
Plans include conditions under which employees should shelter-in-place. OSHA Yes Yes Yes Yes
Shelter-in-place sites are identified. DOL-
ODEP
Yes Yes No Yes
Procedures to account for all employees during a shelter-in-place. OSHA Yes Yes Yes Yes
ERP contains guidance on food and water supplies to maintain for extended shelter-in-place situations. FPC 65 No No No No
First Aid          
The ERP includes procedures for handling serious injury or illness. GSA No Yes-NI Yes Yes-NI
The ERP explains how building occupants can obtain first aid. GSA No Yes-NI Yes Yes-NI
Child-Care Facilities          
The ERP contains an appendix specifically devoted to the child-care center. GSA No No N/A N/A
Disabled Persons          
The ERP contains procedures for evacuation or sheltering of the handicapped. GSA Yes Yes Yes-NI Yes-NI
The ERP includes procedures for persons with varying disabilities (i.e., vision, mobility, developmental, hearing). DOL-
ODEP
Yes-NI Yes-NI Yes-NI Yes-NI
Plans facilitate communication with all staff and visitors, including those who are deaf or have communication difficulties. DOL-
ODEP
Yes Yes Yes Yes
Source: Summary of OIG Analysis.
a  Emergency Management Guide for Business and Industry, FEMA 141, October 1993.
b  Not applicable.

Senior Management Involvement and Support

The Chief Executive should set the tone by authorizing planning to take place and directing senior management to get involved. FEMAís Emergency Management Guide for Business and Industry states that emergency management requires upper management support and states that ďthe chief executive should set the tone by authorizing planning to take place and directing senior management to get involved.Ē Employees in an organization must be convinced that emergency response is a high priority--and the persons generally best able to convince them are the organizationís senior managers, and in particular, the chief executive. Public support by the chief executive and other senior managers can help ensure the attention and cooperation of employees. The FDIC HQ facilities and its regional offices are located in major metropolitan areas that could be susceptible to natural disasters or terrorist attacks. As a result, the Corporation must remain vigilant in its emergency response planning.

As discussed in our report, senior management has placed a greater emphasis on emergency response in the past several years and has made progress in establishing a comprehensive emergency response policy and plans. In addition, senior management took several steps to increase awareness and preparedness, such as referencing or including initiatives related to the Emergency Preparedness Program in the FDIC Strategic Plan 2005-2010 and the 2005 and 2006 Annual Performance Plans, carrying out table top exercises that simulate likely emergency scenarios and responses, and providing Quarterly Status Reports for the Emergency Preparedness Program to the FDIC Board of Directors. Further, we saw evidence that division directors and field managers had periodically discussed ERP with their respective staffs. However, communication from senior management to FDIC employees regarding the ERPs has been infrequent. In addition, the Corporation has been slow in completing and communicating certain elements of ERPs at its new Virginia Square facility, progress could be better in completing and providing on-line training to employees, and there is increased risk that employees are becoming complacent about attending ERP training and volunteering for key ERP positions.

More public senior management involvement in, support for, and emphasis on the importance of emergency response planning would be beneficial to the FDIC in maintaining momentum and interest in the ERP so the Corporation will remain prepared to protect its employees in the event of a significant incident or emergency.

Emergency Response Organization

The ERP should include a sign-off sheet of the approving officials. GSAís OEP guidance recommends documentation of the ERP, along with the signature sheet of the approving official, indicating senior management acceptance of the plan.

The ERP is a component of the FDIC Emergency Preparedness Program and as such, should be reviewed by the Assistant Director, SMS, for final approval by the Chief Operating Officer or his designee. However, the ERP policy does not require documented approval of ERPs, and none of the ERPs we reviewed included a sign-off sheet for the approving officialís signature, indicating acceptance of the plan. As a result, the involvement of senior management in the development and approval of the ERPs we reviewed was unclear.

The HQ ERP, dated September 12, 2003, provides that the Director, DOA, acting on behalf of the Chairman of the FDIC, is responsible for enacting the ERP. The NYRO ERP, dated December 1, 2005, provides that the DOA Regional Manager (or designee) authorizes the execution of the ERP. The DRO ERP, dated January 2006, provides that the FDIC Chairman (or designee) authorizes the execution of the ERP. While management officials told us the HQ ERP was vetted through DOA senior management and the Chief Operating Officer, we did not see evidence that the appropriate senior managers approved the ERPs that we or buddies Revising the FDICís ERP policy to require the signature and date of the ERP approving official would emphasize the involvement of senior management and strengthen management control for review and approval of the ERP.

Emergency Response Plan

The ERP should be updated on a regular schedule to ensure that human capital information and resources remain current, and key emergency response personnel are familiar with their responsibilities. FPC 65 states that agency managers should (1) review regularly and update human capital information and resources to assure that the agency's policies remain current and relevant to changing environments or evolving threats and (2) develop, review, and update emergency guidelines as needed.

The FDICís ERP policy does not provide a standard timeframe for updating ERPs. Emergency contact information in the DRO and NYRO is routinely updated every 6 months; however, the HQ ERP has not been updated since September 2003. As a result, much of the information in the HQ ERP is not current in relation to the names and telephone numbers of emergency contact officials, floor marshals, and locations of rooms for sheltering-in-place. The ERP may also not reflect current guidance and best practices identified since it was last updated.

     Floor Marshal/Warden Programs. Procedures for Floor Marshal/Warden programs need improvement to ensure that an adequate number of Floor Marshals/Wardens are maintained and that they attend training to ensure they are familiar with responsibilities and emergency procedures. The FDICís ERP policy provides that ERPs should address the roles and responsibilities of Floor Marshals. As implemented at the FDIC, the Floor Marshals/Wardens are FDIC employees who have volunteered to facilitate an evacuation or shelter-in-place during an emergency and are key members of the Emergency Response Team. They are responsible for ensuring everyone on their floor is prepared for emergency situations and distributing emergency supplies and water as needed. The Floor Marshals/Wardens are also responsible for ensuring their floors are evacuated, when necessary, obtaining a head count of evacuated employees from supervisors, and reporting the results to SMS.

     HQ Floor Marshal Program. As of April 2006, the Floor Marshal Assignment listing in HQ had not been verified since the ERP was last updated in September 2003. As a result, the FDIC does not have consistent coverage of the HQ facilities because many employees have either been relocated or have left the FDIC since their initial assignment. We compared the Floor Marshal assignment listing on the FDICís Emergency Web site on April 1, 2006 with the FDICís employee directory and determined that only 53 of the 86 Floor Marshals were working on their assigned floor. Further, we found that 12 of 86 employees assigned as Floor Marshals no longer worked at the FDIC.

We also randomly selected 17 (20 percent) Floor Marshals to obtain information regarding their training, supplies, and knowledge of FDIC Emergency Web site information. SMS provided emergency supplies, including an emergency food and water kit, to all Floor Marshals. However, of the 17 Floor Marshals we interviewed, only 11 reported having the emergency food and water kit. Also, nine Floor Marshals reported that they had not attended any emergency training or briefing in over 2 years. SMS has provided two emergency training briefings in HQ since January 2004; however, attendance by Floor Marshals is not required, and SMS has not documented who attended those sessions. One of the seventeen Floor Marshals we interviewed had retired from the FDIC in April 2000 and returned as a contractor in 2004 and did not know he was still listed as a Floor Marshal. One other person responded that she had never accepted the responsibility and did not consider herself to be a Floor Marshal.

SMS staff told us that they rely on the Floor Marshals to contact them when they relocate but that this procedure is not included in the ERP. SMS was planning to update the Floor Marshal assignment listing after the relocation of the FDICís Washington employees to Virginia Square, Arlington, Virginia, in the first quarter of 2006. SMS also expressed concern that employees have not been volunteering to be Floor Marshals and is exploring other means of providing Floor Marshal coverage of the facilities, such as mandatory Floor Marshal assignments. However, DOA had not advised FDIC employees of the need for Floor Marshal volunteers.

     DRO Floor Warden Program. We found that the DRO ERP Floor Warden program was substantially current, provided specific Floor Warden duties, and included training requirements. However, we found that assigned Floor Wardens have not consistently attended ERP training as prescribed or read the ERP as required. Although the ERP provides procedures for security personnel to review the Floor Warden list on a quarterly basis, this process would be more effective if it also required the Floor Wardens to notify security personnel when they relocate to a new floor or leave the DRO.

We compared the ERP Floor Warden listing on the DRO Web site to the office locations of each Floor Warden listed in the FDIC employee directory. Of the 58 wardens assigned, 51 were correctly listed as Wardens on the floor for which they were currently assigned. Seven of the individuals were no longer on their assigned floor, and two of the seven wardens no longer worked at the DRO. The FDIC DRO Facilities Manager stated that DRO was in the process of verifying the Floor Warden listings floor by floor. DRO was contacting everyone on the list to determine whether the individuals still wanted to be a Floor Warden and was asking for volunteers on the floors where additional Floor Wardens were needed. Due to the recent downsizing in the DRO and numerous relocations of staff between floors, DRO was conducting this process once the moves had been completed.

The DRO ERP includes the responsibilities of the Floor Wardens in the event of an emergency and provides that Floor Wardens will attend training on a biannual basis. We surveyed a sample of 12 of the 58 wardens and found that only 6 of the 12 had read the ERP and only 1 had attended a briefing or other ERP training in the past year. Notwithstanding, 11 of the 12 employees we contacted were able to describe their Floor Warden responsibilities. The remaining employee was not aware that he had been assigned as a Floor Warden and indicated that he was not prepared to assume this responsibility. Additionally, 7 of the 12 employees suggested that more frequent briefings or meetings among the DRO Floor Wardens would be beneficial.

     NYRO Floor Warden Program. The NYRO ERP does not include procedures for maintaining the Floor Warden Program. Management of Floor Wardens is the responsibility of the Facilities Manager who also coordinates employee relocation for the NYRO. We found the Floor Warden assignment listing in the NYRO ERP to be current, those assigned as Floor Wardens to understand their responsibilities, and supplies to be consistently maintained. In accordance with the New York City Fire Code, Floor Wardens are required to sign a log in the main lobby of the building each day to indicate whether they are present in the event of an emergency. Further, the NYRO ERP specifically lists the duties of Floor Wardens both before and during an emergency.

The NYRO Floor Warden program includes 28 employees designated as Wardens, Deputy Wardens, Searchers, or Buddies.[ 5 ] We verified that each of those assigned to one of these positions currently worked on the floor to which they were assigned. We interviewed a random sample of 10 (35 percent) of these individuals to determine the timing of the most recent ERP briefing or training they had attended, the status of supplies they maintained, and their understanding of their duties. None had attended an FDIC-sponsored ERP briefing or training session in the past year; however, 7 of the 10 employees reported that they had attended a briefing by the New York City Fire Department. All 10 employees reported that they had the emergency supply kit provided by the FDIC, and all were able to describe their respective emergency response duties. All those we spoke to gave the NYRO ERP a good rating and indicated that all employees were cooperative. Five of the ten employees we spoke with recommended more briefings or meetings scheduled by the FDIC.

ERP Communication and Awareness

An ERP should be kept where employees can refer to it at convenient times. Federal agency guidance and FDIC Circular 1500.5 suggest that emergency information is critical to the safety of employees in an emergency. FEMA FPC 65 states that agency managers are responsible for ensuring that employees have a clear understanding of what they are to do in an emergency.

Access to the ERPs differed between HQ and the two regional offices in our evaluation. While DRO and NYRO provide the complete ERP on their respective Web sites, HQ provides only a summary of the ERP. Furthermore, although DIT has installed a Security Hot Link icon on FDIC employeesí computers, many Floor Marshals we interviewed were not aware this Hotlink exists, and employees have not been periodically reminded that the link is available.

In FDIC HQ, only a summary of the ERP is available for FDIC employees on the FDIC Web site. According to SMS personnel, the complete ERP is not maintained on the Web site because it includes the home telephone numbers of Emergency Response Team members and other detailed procedures that were determined by SMS to be unnecessary for employees in an emergency. The summary information provides evacuation procedures that employees should follow for specific building emergencies, procedures for partial evacuation with zoned alarms, locations of shelter-in-place areas and assembly areas, Floor Marshal listings, and other building-specific, critical information. SMS personnel determined that this information is critical for employees to have in an emergency. However, we identified other important information in the complete ERP that is not provided on the Emergency Web site. For example, ERP procedures for assisting individuals with disabilities and procedures for specific emergencies such as gas line ruptures; violent behavior; chemical, biological, or radiological incidents; and tornados and other severe weather are not included on the Web site.

In 2003, the Division of Information Technology installed a ďSecurity Hot LinkĒ icon on the FDICís HQ computers that provides immediate access to the FDIC Emergency Web site. The Emergency Web site provides information and additional Web sites for employees in the Washington area to obtain emergency information. The Web site includes a summary of the ERP, Emergency Preparedness Status Reports, a link to the Washington, D.C., Emergency Information Center, emergency telephone numbers, Washington Area Transit System alerts, emergency pack information, and other information related to FDIC security. The Web site can be a valuable tool for employees in the event of an emergency and to provide routine emergency awareness. However, we found that only 8 of 17 Floor Marshals were aware that the Security Hot Link existed.

SMS did not maintain information on how or when the existence of the Security Hot Link had been communicated to FDIC employees. However, we confirmed that there has been no communication to FDIC employees, since at least 2004, that the Hot link exists or that other emergency information is available. Additionally, the Security Hot Link on the NYRO computers links to information concerning HQ which could be confusing to employees not located in the Washington area in the event of an emergency. Computers at NYRO and DRO do not have a Security Hot Link to facilitate quick access to regional emergency information.

Organizations should conduct employee forums to discuss emergency procedures and solicit employee comments. FPC 65 states that employees should be encouraged to familiarize themselves with the emergency procedures in place at their agency, as well as the means of notification that an agency will use to inform and instruct employees. According to FPC 65, providing emergency information to employees on a recurring basis is an important element of emergency preparedness. Activities to support communications with employees may include:

  • convening town hall meetings;
  • communicating plans and changes, including recurring distribution of emergency guides; and
  • working with unions to support and strengthen communication activities.

Further, FDIC Circular 1500.5 states that employees are responsible for attending FDIC-sponsored training events and understanding their responsibilities during an emergency.

DOA provides periodic ERP briefings for FDIC employees. During 2005, DOA announced and conducted briefings in May and November. However, according to SMS personnel, attendance at these briefings was poor. Facilities personnel in DRO provided emergency information briefings in February 2005 and April 2006; however, only Floor Wardens were notified of the briefing in 2005. In the NYRO, the building manager provides two training sessions each year in accordance with the New York City Fire Code. NYRO facilities personnel told us that attendance is excellent during these sessions. We discussed employeesí attendance with SMS personnel who expressed their concern over the lack of employee interest in emergency preparedness, particularly at HQ. SMS personnel stated that to facilitate FDIC employee ERP awareness, they are working on a computer-based training module that will be mandatory for all FDIC employees to complete annually. SMS plans to implement the training module in November 2006.

Evacuation

Procedures should address evacuation under different types of emergencies and different evacuation routes. GSA's Occupant Emergency Program Guide provides that ERPs should include adequate drills and training to ensure a workable emergency plan. Further, OSHA recommends that drills be conducted annually. We determined that the FDIC's ERP policy does not specify the number or type of evacuation drills to be conducted at FDIC facilities. As a result, there were inconsistencies among the HQ, NYRO, and DRO drills we reviewed, and we concluded that improvements were needed.

     HQ Drills. The HQ ERP provides that evacuation drills will be conducted twice a year. However, of the six FDIC facilities in Washington, D.C., and Arlington, Virginia, two drills were conducted for only the 1776 F Street building in Washington, D.C. The other FDIC facilities in Washington had one drill during 2005, and none were conducted at the Virginia Square, Arlington, Virginia, facility. SMS personnel told us that the move to Virginia Square, beginning in November 2005, eliminated the need for conducting a second drill in 2005 at all the FDIC buildings except the F Street Building and the Main FDIC building also in Washington, D.C. Further, the regular fire drills were not conducted at Virginia Square during 2005 because the building was evacuated numerous times associated with the construction of Virginia Square Phase II.

According to the District of Columbia Office of the Fire Marshal, the D.C. Fire Code does not require that the FDIC conduct a specific number of evacuation drills. Further, we did not identify any federal requirement applicable to the FDIC for the number of evacuation drills to be conducted. According to the Director, Arlington County Virginia Emergency Operations, the Arlington County Fire Code requires two drills annually for all high-rise buildings, such as those at the FDICís Virginia Square facility.

The HQ ERP does not include evacuation drill review procedures. However, SMS supervises the HQ evacuation drills, records the date and time of the drill, and gives the drill an overall rating. SMS rated all drills conducted in 2005 as good to excellent, except for one evacuation drill conducted during March 2005 that SMS rated as poor. SMS attributed the poor rating to the time it took for employees to evacuate and a lack of cooperation by the employees. The rating form did not include any details on the evacuation or plans for taking corrective action.

     NYRO Drills. Although the NYRO ERP does not include a provision requiring a certain number of evacuation drills, NYRO conducts three such drills each year. In addition, to comply with the New York City Fire Code, the building manager hires a contractor to conduct evacuation drills in January and July each year. To document the drills conducted by the NYRO, facilities personnel complete a checklist during the evacuation to document the amount of time to evacuate each floor. Once the drill is completed, FDIC facilities personnel then send out an e mail to all staff, discussing the drill and reminding employees to check that their emergency supplies are complete, batteries are charged, and contact lists are current. We found the drills conducted at the NYRO to be fully documented by facilities personnel.

     DRO Drills. The DRO ERP requires the building manager to conduct evacuation drills annually but does not address the number of, or process for evaluating, evacuation or shelter-in-place drills. The Dallas Fire Department permits high-rise office buildings to conduct partial building evacuation fire drills, and the property manager for Pacific Place (a DRO location) conducts partial building evacuation exercises quarterly such that each floor of the building has had an evacuation drill at least once each year. During each drill, personnel from Building Security, Building Management, FDIC Security, and DOA coordinate in reviewing the success of the drill. This includes recording observations on a fire drill checklist form for each floor. For example, the form includes line items as to whether all doors were shut and whether the evacuation was performed in an orderly manner. Space is available for additional comments. Based on our review of these checklists, we determined that one evacuation drill per floor was conducted throughout 2005 at the DRO in compliance with the Dallas Fire Code.

Shelter-in-Place

ERPs should identify shelter-in-place sites and provide guidance on what food and water supplies to maintain on site for extended shelter-in-place situations. Federal agency guidance, including OSHA Standards and DOL ODEP guidance, suggests that communicating the procedures for sheltering-in-place to all building occupants prior to an actual emergency is important. In addition, the FDICís ERP policy provides that HQ and regional offices will develop ERPs that address shelter-in-place procedures for various incidents.

The NYRO has taken steps to implement shelter-in-place provisions; however, the NYRO ERP does not include specific procedures for shelter-in-place as do the Headquarters and DRO ERPs. Also, although each of the facilities we reviewed store emergency food and water for shelter-in-place, only the DRO ERP provides information on the locations where food and water are stored and procedures for their maintenance and distribution. As a result, some FDIC employees do not have all the information available to plan for emergencies and to effectively utilize emergency supplies.

      HQ Shelter-in-Place. The HQís ERP provides detailed shelter-in-place instructions, including the locations of refuge rooms and procedures for a shelter-in-place drill. Also, in each HQ building, food and water supplies are maintained in a central location in a locked cabinet. However, the location of these supplies is known only to SMS personnel and security guards. The location of food and water is not discussed on the Emergency Web site or in the ERP. SMS personnel told us that supplies would be distributed as deemed necessary in the event of a prolonged shelter-in-place situation. They further stated that they base the amount of the food and water to maintain on criteria from the American Red Cross, which recommends a 3-day supply. SMS personnel also stated that Security Personnel periodically inventory the emergency food and water supplies. However, there is no procedure in the ERP for these supplies to be inventoried to ensure that adequate supplies are maintained and their shelf life has not expired.

      NYRO Shelter-in-Place. The NYRO ERP does not provide specific shelter-in-place procedures identifying refuge rooms or procedures for maintaining food and water supplies. However, rooms for refuge have been identified, emergency packs have been distributed to all employees, and emergency food and water are maintained in a locked room along with other emergency supplies such as blankets and flashlights. Facilities personnel maintain the emergency food and water supplies based on instructions received from HQ SMS personnel in March 2003 advising them to maintain a 1-1/2 day supply for 70 percent of the building population.

      DRO Shelter-in-Place. The DRO ERP provides shelter-in-place instructions, including the locations of refuge rooms and the locations of food and water supplies. Emergency food and water supplies are maintained on each floor of the DRO facility in unlocked cabinets identified with ďEmergency SuppliesĒ signs and are located in the restroom corridors on each floor of building. Additional food and water supplies are located in the Fitness Center on the 1st Floor and in the Emergency Operations Center located on the 10th and 11th Floors. The DRO ERP provides that these supplies will be distributed by Floor Wardens and security personnel as needed. These supplies are available to all employees. DRO follows the American Red Cross guidance for a 3-day supply. In addition to the food and water supplies, these cabinets contain flashlights with rechargeable batteries. Although not required by the DRO ERP, DRO facilities personnel provided us documentation of an inventory of emergency supplies that is conducted monthly by building security personnel.

First Aid

ERPs should include procedures for handling serious injury or illness and explain how building occupants can obtain first aid. The GSA Occupant Emergency Program Guide and OSHA Emergency Action Plans and Procedures recommend that procedures be established for handling serious injury or illness. Further, the GSA OEP recommends employees be told in advance how to get first aid, including available medical resources and their location.

The ERP policy does not specifically address how first aid and medical care will be provided to employees in the event of an emergency. Of the three ERPs we reviewed, only the NYRO ERP contains information concerning the availability of first aid during an emergency. Additionally, we found that security guards in all three locations are trained in first aid, cardiopulmonary resuscitation (CPR), and use of defibulators, but this information is not included in the three ERPs.

The NYRO ERP discusses general first-aid procedures, emergency medical contact numbers, building management coordination for ambulance arrival, security guard assistance, and obtaining CPR. The HQ and DRO ERPs rely on emergency first responders (i.e., fire fighters, police officers, etc.) to provide first aid. However, emergency first responders may be delayed in an emergency due to traffic congestion or multiple affected sites. Contract security guards in HQ and DRO are also trained in first aid and CPR, but they are not addressed in the ERPs as a resource. Possible use of the contract nurses and dispensaries is also not addressed. Additionally, the FDIC has cancelled the first aid and CPR training program for FDIC employees.

SMS personnel advised us that although such information is not in the ERP, HQ employees have been notified by e mail, on the Security Web site, and in information packets provided during office relocations to call * 911 in the event of a medical emergency. DRO gives pamphlets that contain emergency telephone numbers to visitors. The pamphlets are also available in break rooms throughout the building.

Although these methods of communicating first aid information are beneficial, inclusion of all available medical resources in the ERPs would provide employees with one consistent source for emergency-related information. Also, ERPs should address scenarios for providing first aid as soon as possible in an emergency situation. Immediate medical resources should include security guards, nurses, dispensaries, CPR-certified FDIC employees, and medical supply kits that will be immediately available before the arrival of external first responders.

Child-Care Facilities

The ERP should contain an appendix specifically devoted to the child-care center. GSAís Occupant Emergency Plan guidance on child care recommends that the ERP for any child-care center be prominently mentioned in the ERP.

The FDICís ERP policy does not address whether the child-care center, located on FDIC premises, should be included in the ERP. Therefore, the HQ ERP does not include procedures for the child-care center located on FDIC premises in Washington, D.C. (the DRO and NYRO do not have child-care facilities). This situation has been complicated because the FDIC has not received a finalized Emergency Plan from the child-care centerís Board of Directors. As of July 2006, the child-care centerís Emergency Plan was still in draft Ė over 1 year after it was initiated in November 2004. Additionally, although SMS personnel are involved in fire drills conducted for the facility, the FDICís participation in the fire drill is not documented.

The FDIC building at 1776 F Street in Washington, D.C., has a child-care center on the first floor of the building off the main lobby. This center cares for approximately 80 children ranging from 6 weeks to 6 years of age. The facility is governed by a private Board of Directors and is operated by a contractor hired by the Board of Directors. According to the centerís Director, the center is licensed and inspected by the District of Columbia and, therefore, is required to follow the regulations for child-care centers in Washington, D.C.

SMS personnel stated that the child-care center is separate from the FDIC and, therefore, SMS is not involved in the child-care centerís Emergency Plan. SMS personnel stated that the goal of the child-care center Emergency Plan is to get the children and teachers out of the facility, but once they step into the lobby of the Headquarters building, they are covered within the scope of the FDIC ERP. At that point, the FDIC will determine where the children and center staff should evacuate to. However, the HQ ERP does not discuss the child-care center.

We obtained a copy of the child-care centerís draft Emergency Plan, which contains procedures to be followed in the event of an emergency. The center Director stated that the plan is still in draft because it has not been approved by the child-care center Board of Directors. A member of the Board of Directors expressed that the plan has not been approved because the Board feels that it is not sufficiently comprehensive. For example, the plan does not identify procedures in the event of a prolonged shelter-in-place. However, the plan does identify evacuation procedures and the locations for children and staff to be evacuated in the event of an emergency.

The GSA Occupant Emergency Plan guidance on child care recommends that the ERP for any child-care center be prominently mentioned in the ERP. According to GSA, this is important to ensure coordination between agency and child-care center personnel. We compared the GSA Occupant Emergency Plan guidance on child care to the FDIC child-care centerís Emergency Plan. We found that the Emergency Plan provides basic procedures to be followed in an emergency; however, the plan is lacking specific details related to the centerís location in the FDIC building. For example, the plan does not discuss the location of the child-care center in the F Street building nor provide a description of evacuation routes.

Based on our review of drill dates documented by the child-care center and interviews with SMS personnel and the Director of the child-care center, we concluded that regular monthly evacuation drills were conducted for the child-care center and that SMS personnel were involved in those drills. However, SMS did not document its participation in these drills except for a log maintained by the contractor showing the dates that drills were conducted and the time it took to evacuate the facility. The contractor log did not indicate whether the drill was fully successful; whether significant problems were encountered, such as whether children were left behind; or if plans were needed for corrective action.

We discussed our results with SMS and child-care center personnel. We were told that the child-care center Emergency Plan has not been finalized because of turnover in the child-care centerís Director position four times in the last 2 years and delays due to plan review by the child-care centerís Board of Directors. SMS personnel and child-care center personnel also stated that although the Emergency Plan has not been finalized, they have ensured through monthly drills that all child-care center staff and children are proficient in evacuating the premises and that parents are aware of the evacuation procedures. SMS personnel added that they are planning for additional procedures for the FDICís relationship with the child-care center in the update to the ERP. The FDIC will also need an emergency plan for a new child-care center to be opened in Virginia Square in October 2006.

Disabled Persons

ERPs should include procedures for the evacuation or sheltering of the handicapped and procedures for persons with varying disabilities (i.e., vision, mobility, developmental, hearing). According to federal guidance, agencies are to address the emergency preparedness needs of people with disabilities. Executive Order 13347, Individuals With Disabilities in Emergency Preparedness, dated July 22, 2004, sets forth policy that executive departments and agencies of the Federal Government consider, in their emergency preparedness planning, the unique needs of agency employees with disabilities and individuals with disabilities whom the agency serves. DOLís ODEP also issued a publication, Effective Emergency Preparedness Planning: Addressing the Needs of Employees with Disabilities, dated August 2005, which noted that emergency preparedness plans should include people with disabilities, and in order to do so effectively, organizations need to establish a process to fulfill requests from individuals with disabilities for reasonable accommodations they may need in emergency situations.

The FDICís ERP policy requires that ERPs address the special needs of the disabled, to include individuals with mobility, hearing, or visual impairments. Each of the three ERPs we reviewed instructs persons with permanent or temporary disabilities to contact their supervisor, Floor Wardens, or security personnel if assistance is required in the event of an emergency. We found that the HQ ERP also includes guidance and specific procedures for assisting persons with varying disabilities. However, such guidance and procedures are not included in the regional office ERPs and are not provided on the HQ emergency Web site. Consequently, information to assist disabled employees is not readily available for FDIC employees to plan for an emergency.

To determine whether the FDICís ERPs provide adequate procedures covering disabled employees, we reviewed ODEP-suggested guidance for elements to be included in emergency response planning for employees with disabilities. These considerations include providing procedures for assisting persons with disabilities, establishing refuge areas and areas of rescue assistance, and installing alarms for the hearing impaired and tactile signage for those with vision impairments. We concluded that, in general, the FDICís ERPs are consistent with ODEP guidance; however, the two Regional Office ERPs we reviewed did not address certain ODEP considerations. Specifically, these ERPs do not contain procedures for assisting persons with various disabilities. We did note that the HQ ERP addresses such procedures and that the DRO and the NYRO ERPs contained provisions for buddies or Floor Wardens to assist those with disabilities. However, the DRO and NYRO ERPs need to contain information for individuals with disabilities so that disabled persons have guidance allowing them to properly plan for an emergency situation.

RECOMMENDATIONS

We recommend that the Director, DOA:

  1. Work with senior FDIC executives to establish a strategy for ensuring their public support for and involvement in ERPs.

  2. Revise the ERP policy and individual ERPs, where appropriate, to address the following issues discussed in this report:

    • Documenting management review and approval of ERPs.
    • Updating ERPs on a regular basis.
    • Ensuring Floor Marshal/Warden assignments are kept current and Floor Marshals/Wardens attend periodic training.
    • Communicating ERP information to employees.
    • Implementing an annual, mandatory ERP computer-based training course.
    • Conducting evacuation drills to include a process for evaluating the drill and obtaining employee feedback.
    • Developing instructions for conducting a shelter-in-place and for the location, distribution, and maintenance of food, water, and other emergency supplies.
    • Establishing procedures for handling serious injury or illness and informing employees of procedures for obtaining medical supplies and first aid.
    • Ensuring the FDICís ERPs address coordination between the child-care facility and the FDIC before, during, and after an emergency.
    • Developing additional instructions for assisting persons with varying disabilities as is included in the HQ ERP.

CORPORATION COMMENTS AND OIG EVALUATION

The Director, DOA, provided a written response, dated September 20, 2006, to a draft of this report. DOAís response is presented in its entirety in Appendix II. DOA concurred with both of our recommendations. With respect to recommendation 1, which involved working with senior FDIC executives to establish a strategy for ensuring public support for and involvement in ERPs, we confirmed that DOAís planned actions would include efforts to increase the involvement, and visible support of senior FDIC leadership in emergency response planning.

DOAís planned and initiated actions are responsive, and we consider both recommendations resolved. However, these recommendations will remain open until we have determined that agreed-to corrective actions have been completed and are effective. Appendix III presents a summary of DOAís responses to our recommendations.


APPENDIX I

OBJECTIVE, SCOPE, AND METHODOLOGY

Our original objective was to evaluate the extent of the FDICís progress in developing and implementing a comprehensive Emergency Operations Plan, which consists of the BCP and ERPs. However, we limited the scope of this review to the ERPs. We plan to address the BCP in a future evaluation.

Our revised objective was to evaluate the extent of the FDICís progress in developing and implementing comprehensive ERPs. The FDICís ERP policy is included in FDIC Circular 1500.5, FDIC Emergency Preparedness Program, dated December 28, 2004. Our evaluation focused on internal aspects of the HQ, NYRO, and DRO ERPs (i.e., protection and safety of FDIC people and facilities) and not the external and interagency aspects. Our review also included an evaluation of Circular 1500.5, Section 6.c, which addresses ERP responsibilities and program guidelines. We conducted our evaluation from November 2005 through July 2006 in accordance with generally accepted government auditing standards.

To accomplish our objective, we performed the following:

  • Reviewed the ERPs for HQ, dated September 12, 2003; for NYRO, dated December 1, 2005; and for DRO, dated January 1, 2006.
  • Reviewed FDIC Circular 1500.5, FDIC Emergency Preparedness Program, dated December 28, 2004, which serves as the official policy for HQ and regional offices in developing, implementing, and maintaining an FDIC Emergency Preparedness Program, comprised of an ERP and BCP.
  • Reviewed the HQ ERP shown on the FDICís emergency response Web site.
  • Reviewed Circular 1500.5 and the HQ, NYRO, and DRO ERPs to determine whether they included selected items from the following federal agency guidance:
  • FEMA FPC 65 Federal Executive Branch Continuity of Operations.
  • GSA Occupant Emergency Program Guide, including child-care center guidance.
  • OSHA Standard 1910.38, Emergency Action Plans.
  • DOL-ODEP guidance, Effective Emergency Planning: Addressing the Needs of Employees with Disabilities.

We also reviewed the following guidance:

  • Presidentís Council on Integrity and Efficiency, Inspections and Evaluations Roundtable, draft, Guide for Inspectors General on the Evaluation of Agency Emergency Preparedness under the National Incident Management System Framework (revised February 7, 2006).
  • Reviewed the HQ, NYRO, and DRO emergency response programs to determine whether they include selected best practices identified from the same federal agency guidance listed above.

  • Reviewed the HQ, NYRO, and DRO ERPs and programs for the following:

  • Evacuation and shelter-in-place drills
  • Floor Warden assignments and training
  • Procedures for disabled employees
  • Food and water supplies
  • Communication of ERPs to FDIC employees
  • Coordination with other agencies
  • Security guard roles
  • First responders and first aid
  • Procedures for updating ERPs
  • Web site information
  • Child-care facilities
  • Reviewed FDIC division ERPs included in the appendix to the HQ ERP to determine whether the ERPs are up-to-date, complete, and consistent.
  • Reviewed DOA Corporate Customer Satisfaction Survey results relative to emergency response preparedness.
  • Interviewed the following individuals to gain an understanding of the HQ, NYRO, and DRO ERPs:
  • Assistant Director, SMS, DOA
  • Chief, Transportation Unit, DOA HQ
  • Securiguard Personnel
  • DOA Regional Manager, NYRO; and Corporate Services Branch managers and other personnel at the NYRO and DRO.
  • Director, FDIC child-care center
  • Board Member, FDIC child-care center

Our review did not include an assessment of the effectiveness of the HQ, NYRO, and DRO responses in the event of an actual emergency.

Internal Management Controls

We evaluated the effectiveness of controls in place for the implementation of the FDICís emergency response process. These controls included the policies and procedures for the development, approval, maintenance, and testing of the FDICís emergency response plans. In the absence of written policies, we relied on interviews and information obtained from the Assistant Director, SMS, who is responsible for the FDICís ERPs, as well as other SMS officials and NYRO and DRO representatives.

Compliance with Laws and Regulations

We identified the following various laws, regulations, presidential directives, and agency guidance that were of potential relevance to this evaluation and obtained legal guidance on their applicability to the FDIC.

  • The Homeland Security Act.
  • The Homeland Security Presidential Directives (Hspd):
  • Hspd-3 Homeland Security Advisory System, dated March 11, 2002
  • Hspd-5 Management of Domestic Incidents, dated February 28, 2003
  • Hspd-7 Critical Infrastructure Identification, Prioritization, and Protection, dated December 17, 2003
  • Hspd-8 National Preparedness, dated December 17, 2003
  • Department of Homeland Securityís National Incident Management System and National Response Plan.
  • FEMA FPC 65, Federal Executive Branch Continuity of Operations.
  • OSHA Standard 1910.38, Emergency Action Plans.
  • GSA Occupant Emergency Program Guide, including child-care center guidance.
  • DOL-ODEP publication, Effective Emergency Planning: Addressing the Needs of Employees with Disabilities.
  • Executive Order 13347, Individuals With Disabilities in Emergency Preparedness, dated July 22, 2004.

Some of the legal authorities, particularly the National Response Plan and the National Incident Management System, dealt with external or interagency aspects of emergency response planning while this evaluation focused on the internal aspects of the ERPs (protecting FDIC employees and persons on FDIC property). Areas for improving compliance with the legal authorities or guidance that pertains to the internal aspect of emergency response planning are noted throughout the report.

Regarding the legal authorities or guidance cited in the report, the FDICís policy is to be consistent with the requirements of FPC 65; the guidance from OSHA, GSA, and DOL is not binding on the FDIC, but we are presenting them as best practices for the FDIC to consider. Executive Order 13347 sets forth general policies that would be prudent for the FDIC to consider when performing its emergency-preparedness planning relative to individuals with disabilities.

Government Performance and Results Act, Computer-Based Data, and Fraud or Illegal Acts

The Government Performance and Results Act of 1993 directs federal agencies to develop a strategic plan, align agency programs and activities with concrete missions and goals, manage and measure results, and design budgets that reflect strategic missions. We confirmed that the FDIC Strategic Plan 2005-2010, FDIC 2005 Annual Performance Plan, and FDIC 2006 Annual Performance Plan include references to or initiatives related to the FDICís Emergency Preparedness Program, which we considered as part of our evaluation of managementís support for ERP.

We did not rely on the accuracy of computer-based data to perform this evaluation. Not performing assessments of computer-based data did not affect the results of our evaluation.

Our evaluation program included steps for providing reasonable assurance of detecting fraud or illegal acts, and none were detected.


APPENDIX II

Corporation Comments from the Division of Administration, page 1
[ D ]
Corporation Comments from the Division of Administration, page 2
[ D ]
Corporation Comments from the Division of Administration, page 3
[ D ]
Corporation Comments from the Division of Administration, page 4
[ D ]
Corporation Comments from the Division of Administration, page 5
[ D ]


APPENDIX III

MANAGEMENT RESPONSE TO RECOMMENDATIONS

This table presents the management responses on the recommendations in our report and the status of the recommendations as of the date of report issuance.

Rec.
Number
Corrective Action: Taken or Planned/Status Expected
Completion Date
Monetary Benefits Resolved: [ a ] Yes or No
Open or Closed [ b ]

1

FDIC senior management has taken steps to increase awareness and preparedness among FDIC staff by establishing comprehensive policy and plans, strategic planning initiatives, table top exercises and Quarterly Status Reports for the Emergency Preparedness Program. The FDIC will continue to stress to all senior managers the importance of the ERP and ask them to include emergency preparedness in their discussions at various division and office meetings as a way to increase awareness.

We also confirmed that DOAís planned actions would include efforts to increase the involvement, and visible support, of senior FDIC leadership in emergency response planning.

  October 30, 2006   $0   Yes   Open

2

DOA will take actions related to each of the areas identified in the recommendation, including:

  • documenting management review and approval of ERPs;
  • updating ERPs on a regular basis;
  • ensuring Floor Marshal/Warden assignments are kept current;
  • communicating ERP information to employees;
  • implementing an annual, mandatory ERP computer based training course;
  • conducting evacuation drills to include a process for evaluating drills and obtaining employee feedback;
  • developing instructions for conducting a shelter-in-place and for the location, distribution, and maintenance of energy and supplies;
  • establishing procedures for handling serious injury or illness and informing employees of procedures for obtaining medical supplies and first aid;
  • ensuring the FDICís ERPs address coordination between the child-care center and the FDIC; and
  • developing additional instructions for assisting persons with varying disabilities.
  October 30, 2006   $0   Yes   Open
a  Resolved Ė (1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.
(2) Management does not concur with the recommendation, but planned alternative action is acceptable to the OIG.
(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.
b  Once the OIG determines that the agreed-upon corrective actions have been completed and are effective, the recommendation can be closed.


Last updated 11/15/2006