Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

Peer Review: System Review Report on the Federal Deposit Insurance Corporation Office of Inspector General Audit Organization

This is the accessible text file for FDIC OIG Peer review report entitled 'UNITED STATES RAILROAD RETIREMENT BOARD OFFICE OF INSPECTOR GENERAL, System Review Report, dated November 14, 2016' .

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possbile. Accessibility features, such as descriptions of tables,

footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

UNITED STATES RAILROAD RETIREMENT BOARD

OFFICE OF INSPECTOR GENERAL, System Review Report

November 14, 2016

Fred W. Gibson, Jr. Acting Inspector General Office of Inspector General Federal Deposit Insurance Corporation 3501 Fairfax Drive, Arlington, VA 22201

Dear Mr. Gibson:

We have reviewed the system of quality control for the audit organization of the Federal Deposit Insurance Corporation Office of Inspector General (FDIC OIG) in effect for the year ended March 31, 2016. A system of quality control encompasses the FDIC OIG's organizational structure and the policies adopted and procedures established to provide it with reasonable assurance of conforming with Government Auditing Standards. The elements of quality control are described in Government Auditing Standards. The FDIC OIG is responsible for establishing and maintaining a system of quality control that is designed to provide FDIC OIG with reasonable assurance that the organization and its personnel comply with professional standards and applicable legal and regulatory requirements in all material respects. Our responsibility is to express an opinion on the design of the system of quality control and FDIC OIG's compliance therewith based on our review.

Our review was conducted in accordance with GovernmentAuditing Standards and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Guide for Conducting Peer Reviews of the Audit Organizations of Federal Offices of Inspector General. During our review, we interviewed FDIC OIG personnel and obtained an understanding of the nature of the FDIC OIG's audit organization and the design of FDIC OIG's system of quality control sufficient to assess the risks implicit in its audit organization. Based on our assessments, we selected audits and administrative files to test for conformity with professional standards and compliance with FDIC OIG's system of quality control. The audits selected represented a reasonable cross-section of FDIC OIG's audit organization, with emphasis on higher-risk audits. Prior to concluding the peer review, we reassessed the adequacy of the scope of the peer review procedures and met with FDIC OIG management to discuss the results of our review. We believe that the procedures we performed provide a reasonable basis for our opinion.

In performing our review, we obtained an understanding of the system of quality control for the FDIC OIG's audit organization. In addition, we tested compliance with FDIC OIG's quality control policies and procedures to the extent we considered appropriate. These tests covered the application of FDIC OIG's policies and procedures on selected audits. Our review was based on selected tests; therefore, it would not necessarily detect all weaknesses in the system of quality control or all instances of noncompliance with it.

There are inherent limitations in the effectiveness of any system of quality control, and, therefore, noncompliance with the system of quality control may occur and not be detected. Projection of any evaluation of a system of quality control to future periods is subject to the risk that the system of quality control may become inadequate because of changes in conditions, or because the degree of compliance with the policies or procedures may deteriorate.

Enclosure 1 to this report identifies the FDIC OIG offices that we visited and the audits that we reviewed.

In our opinion, the system of quality control for the audit organization of FDIC OIG in effect for the year ended March 31, 2016, has been suitably designed and complied with to provide FDIC OIG with reasonable assurance of performing and reporting in conformity with applicable professional standards in all material respects. Audit organizations can receive a rating of pass, pass with deficiencies, or fail. The FDIC OIG has received an External Peer Review rating of pass.

As is customary, we have issued a letter dated November 14, 2016 that sets forth findings that were not considered to be of sufficient significance to affect our opinion expressed in this report.

In addition to reviewing its system of quality control to ensure adherence with GovernmentAuditing Standards, we applied certain limited procedures in accordance with guidance established by the CIGIE related to FDIC OIG's monitoring of audits performed by Independent Public Accountants (IPAs) under contract where the IPA served as the auditor. It should be noted that monitoring of audits performed by IPAs is not an audit and, therefore, is not subject to the requirements of Government Auditing Standards. The purpose of our limited procedures was to determine whether FDIC OIG had controls to ensure IPAs performed contracted work in accordance with professional standards. However, our objective was not to express an opinion and accordingly, we do not express an opinion, on FDIC OIG's monitoring of work performed by IPAs.

We made certain comments related to FDIC OIG's monitoring of audits performed by IPAs that are included in the above referened letter dated November 14 2016.

Sincerely,

Martin J. Dickman Inspector General

Enclosures

Enclosure 1

Scope and Methodology

We tested compliance with FDIC OIG audit organization's system of quality control to the extent we considered appropriate. These tests included a review of three of six audit reports issued during the period April 1, 2015, through March 31, 2016, and semiannual reporting periods September 30, 2015 and March 31, 2016. We also reviewed the most recent internal quality control reviews performed by FDIC OIG.

In addition, we reviewed FDIC OIG's monitoring of audits performed by IPAs where the IPA served as the auditor during the period April 1, 2015 through March 31, 2016. During the period, FDIC OIG contracted for the audit of its agency's Fiscal Year 2015 FDIC's Information Security Program. The FDIC OIG also contracted for certain other audits that were to be performed in accordance with Government Auditing Standards.

We visited the FDIC OIG's office located in Arlington, Virginia.

Federal Deposit Insurance Corporation Office of Inspector General Audits Reviewed:

[Table]

Row 1 Report No.: AUD-15-007 Report Date: September 3, 2015 Report Title: Material Loss Review of Doral Bank, San Juan, Puerto Rico

Row 2 Report No.: AUD-15-008 Report Date: September 16, 2015 Report Title: FDIC's Role in Operation Choke Point & Supervisory Approach to Institutions that Conducted Business with Merchants Associated with High Risks Activities

Row 3 Report No.: AUD-15-010 Report Date: September 30, 2015 Report Title: The FDIC's Travel Card Program

[End of table]

Federal Deposit Insurance Corporation Office of Inspector General Audit Quality Control Reviews Reviewed:

[Table]

Row 1 Report No.: QCR-15-001 Report Date: June 15, 2015 Report Title: Quality Control Review of GAGAS Assignments 2013/2014

Row 2 Report No.: QCR-16-001 Report Date: April 14, 2016 Report Title: Quality Control Review of GAGAS Assignments 2015

[End of table]

Federal Deposit Insurance Corporation Office of Inspector General Monitoring Files for Contracted Audits Reviewed:

[Table]

Row 1 Report No.: AUD-16-001 Report Date: October 28, 2015 Report Title: Audit of the Federal Deposit Insurance Corporation's Information Security Program 2015

[End of table]

[End of Peer review report]

Print Print
Close