A recent report by the Government Accountability Office found that approximately 50 percent of the SEC’s internal supervisory controls, which are used by management to ensure agency processes are complete and consistent, have deficiencies.
The SEC’s offices, including the Office of Compliance Inspections and Examinations, Division of Corporation Finance and Division of Enforcement, set up a working group after the passage of Dodd-Frank that developed a framework for internal supervisory controls to ensure that staff procedures are consistent with policies and with federal internal control standards.
Recent incidences of securities fraud have prompted concerns about the SEC’s internal controls used to ensure staff carries out their work completely and in accordance with procedure and policy. Under Dodd-Frank, the SEC is required to annually assess and report on internal supervisory controls, and the GAO is required to review the SEC’s structure for internal supervisory controls applicable to working office staff.
The GAO report found that of the 60 internal supervisory controls tested, 27 controls lacked accurate description of control activity to reflect policy or practice, complete and consistent documentation demonstrating execution of the control and clearly defined control activities.
While the deficiencies did not prevent management from detecting whether office activities are conducted completely or in accordance with policy, similarities in the nature of deficiencies suggest that management should re-direct its attention to the operation and design of internal supervisory controls.
The GAO recommended that the SEC “make certain that existing internal supervisory controls and any developed in the future have clearly defined activities and clear and readily available documentation demonstrating execution of the activities.”