This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

1994 Semiannual Report to Congress
October 1994

EXECUTIVE SUMMARY

During this reporting period (April 1, 1994 to September 30, 1994) the Office of Inspector General completed eight audits and fourteen investigations.

Consistent with our evolving strategic plan that emphasizes evaluations of program operations, we concentrated audit resources on those areas. This work included audits of the integrity of the Investment Adviser/Investment Company database, confidential treatment of filing data, investor complaints and inquiries received by the Commission, and the delegation of Commission authority to investigate and litigate.

The Office also conducted audits of program and administrative controls in a Commission field office and the management controls over commercial databases used by the Commission. Two contract closeout audits were also completed. The Office also performed a survey of the Legal Services program.

We referred two matters to the Department of Justice. One case involved time and attendance abuse. The other matter concerned the use of government frequent flyer miles for personal trips.

The Office referred four matters to the Commission. Of these four, management reassigned a manager to a non-supervisory position and formally reprimanded another staff member; the other two matters are pending. In addition, a senior official resigned from the Commission during an investigation.

As part of an effort to "reinvent" the Inspector General function, auditors were empowered with increased responsibility for strategic planning. Their work will provide the basis for the Office's long-term strategic and annual audit plans. Performance standards were revised to recognize the enhanced strategic planning responsibilities, as well as audit outcomes (e.g., the significance of audit recommendations made) rather than audit processes. The Investment Management Program is the only program not assigned to an auditor at this time, due to resource constraints.

After an analysis of audit processes, report writing was centralized, on a pilot basis. This change promises to materially speed the completion of audits and reduce the total amount of resources needed. Previously, we were able to convert a secretarial position to an auditor position because of office automation efficiencies. This change streamlined operations and is enhancing Office productivity.

AUDIT PROGRAM

The Office issued eight audit reports, as well as several investigative recommendations, during the reporting period. Forty-five recommendations were made in these reports, which are further described below. Management generally concurred with the recommendations.

Integrity of the ADV Database

Audit 207, April 6, 1994

The ADV database contains data from the forms ADV filed by investment advisers (IA). Forms ADV are used to register the IAs and contain identification and descriptions of their work. The database is an on-line mainframe system used by the Division of Investment Management (IM) and the regional/district (field) offices to identify IAs registered with the Commission, target them for inspection, and compile statistics about them.

The audit was limited in scope and only reviewed anticipated changes to the ADV database and form ADV. Our objective was to determine if the planned revisions will improve the accuracy, completeness, and usefulness of the data in the ADV database.

The audit steps included interviews with Commission staff and a review of related policies and procedures. Since the audit was of limited scope, we did not perform a review of internal controls or compliance with applicable laws or regulations. The audit work was performed between January and February 1994.

We found that the planned revisions should improve the future accuracy, completeness, and usefulness of the ADV data. Recommendations to improve the current system included additional directions for reporting address changes and assets under management, and correction of multiple and missing records.

Authority to Investigate and Litigate

Audit 196, August 16, 1994

Commission securities investigators need authority from the Commission to open a formal investigation or to conduct civil litigation. To obtain this authority, the staff prepare an action memorandum. The memorandum is reviewed within the region or the Division of Enforcement, then by relevant divisions, and finally by the Commission.

From May 1993 to March 1994, we conducted an audit of the authorization process. We began the audit after several staff told us during a previous audit that the process should be streamlined.

Our objectives were to determine if the controls over authorizations were achieving their objectives efficiently, and whether enhancements were appropriate. During the audit, we interviewed Commission staff, reviewed the processing of a judgement sample of action memoranda, and examined other relevant reports and documents.

We found that the authorization process is basically sound. Action memoranda are reviewed by numerous staff in several offices, which helps ensure high quality memoranda, and decision recommendations that are well supported. However, the process can be rather slow, and should be made more efficient.

During the audit, the Commission took a number of significant steps to streamline processing of investigations and related authorizations. These included quarterly reviews of the status of pending investigations; delegating litigation authority to the Director of the Division of Enforcement in subpoena enforcement actions; processing requests for formal orders of investigation by one Commissioner rather than by the whole Commission (i.e., as Duty Officer matters rather than seriatim); requiring the divisions to submit comments on action memoranda in fourteen days; and setting a maximum limit of twenty pages for action memoranda.

To a large extent, the Commission's actions addressed the primary concerns identified in our audit. We commend the Commission for taking prompt corrective action.

We recommended several additional enhancements to the processing of investigations including: analyzing the utility and cost-effectiveness of video-conferencing to enhance policy communication; enforcing or revising existing time standards for opening an investigation; and establishing a data base of prior action memoranda and related guidance on the local and wide area networks.

Mitchell Systems Contract Close-out

Audit 199, March 30, 1994

Between fiscal years 1988-92, American Management Systems (AMS) provided the Commission with ADP systems development and support services under a sub-contract with Mitchell Systems, a Commission contractor. During this period, AMS claimed costs of $395,033.

After auditing Mitchell Systems earlier, Cotton & Company, an independent CPA firm, audited AMS costs under a task order issued by our office. The second audit report, issued during the period, questioned costs of $44,417. The Contracting Officer accepted the audit findings as a basis for negotiations with AMS. The Contracting Officer has not yet reached a final decision on the questioned costs.

Controls Over Commercial Databases

Audit 201, June 10, 1994

External databases provide information to nearly every Commission office. They are used for legal research, analysis of the securities industry, and a variety of other purposes. The databases are accessed through several means, including personal computers on the local area network, dedicated terminals, compact disks, and magnetic tapes.

The Office of Information Technology (OIT) has overall responsibility for database expenditures. OIT estimated that in fiscal year 1994 the Commission would spend $2.9 million on fifty-three databases, over half of it for LEXIS/NEXIS and Westlaw. OIT, the Office of Administrative and Personnel Management (OAPM), and designated database contacts in each Commission office share responsibility for implementing controls over databases.

Between September 1993 and February 1994, we performed an audit of the external databases. Our objective was to determine whether access and usage controls over these databases were adequate. During the audit, we interviewed Commission staff, reviewed available documentation, and conducted a survey of users. Because of resource constraints, we limited our detailed review to LEXIS/NEXIS.

We found that controls over LEXIS/NEXIS need to be improved to ensure that only authorized users have access, and usage is appropriate. In particular, password controls were not adequate.

Six digits of the seven digit passwords were used as the billing code and were printed on LEXIS/NEXIS invoices. Passwords were not periodically changed, and were not always promptly deactivated when employees separated. In addition, a number of employees received multiple passwords or shared group passwords.

One cause of these findings was the lack of clear guidance defining organizational responsibilities. In addition, Mead Data Central's (the LEXIS/NEXIS vendor) security procedures were not adequate.

Additional controls to prevent inefficient usage of data bases should also be implemented. For example, OIT identified one instance in which the Commission was charged $5,835 for a data search which could have been performed without charge under a flat rate billing method.

During the audit, OAPM, in consultation with OIT and this Office, took several steps to enhance security over LEXIS/NEXIS. It deleted passwords for over 150 former Commission staff and worked with Mead Data Central to delete partial passwords from invoices and change all LEXIS/NEXIS passwords. OAPM is also developing guidance for use of the system. We commend OAPM and OIT for their efforts.

Investor Complaints and Inquiries

Audit 202, September 29, 1994

As a follow-up to a prior audit, we evaluated the Commission's consumer complaint function. The prior audit found significant problems with this function, including a backlog of complaints; personnel management issues; and insufficient coordination with the regions and divisions. During the audit, we surveyed certain Commission staff and a limited number of investors; reviewed available documentation, and tested management controls.

Our audit found that additional enhancements were needed to provide efficient, effective service to investors. In particular, the level of service to be provided to investors needed to be better defined. Upgraded service may require changing the level of education and experience required of consumer specialists.

Other enhancements needed include: centralizing management and coordination of complaint processing; better integrating the Office of Consumer Affairs with the programs; developing comprehensive written policies and procedures; recording complaints consistently and efficiently; making the tracking system for complaints more useful; and updating consumer education materials.

During the audit, the Commission took several steps to enhance complaint processing. It transferred the Office of Consumer Affairs to the Office of the Secretary, where it can be better integrated with Commission programs. The Commission also initiated a Consumer Affairs Advisory Committee to address various investor related issues. In addition, an interim management team reviewed complaint processing, and implemented several enhancements. The audit team coordinated its efforts with those of the interim management team (e.g., briefing the team on audit findings and recommendations during the course of the audit).

More recently, the Commission announced a major new consumer affairs initiative. The change will fundamentally change the role of the Commission with respect to individual investors. We commend the Commission for all its efforts.

Confidential Treatment of Filing Data

Audit 203, August 17, 1994

Between September 1993 and May 1994, the Office of Inspector General conducted an audit of management controls over confidential treatment (CT) requests processed in fiscal year 1993. Confidential treatment is granted by the Division of Corporation Finance (Division) if a company shows that disclosure to third parties of proprietary information filed with the Commission would cause it competitive harm.

Our review found that the Division is generally effective in ensuring that confidential treatment is granted according to the applicable rules. However, management controls over the process, especially over the security of the files and their contents, should be improved.

We recommended that the Division develop uniform policies and procedures for processing requests and strengthen security and organization of files. We also suggested that user guidance be issued for CT tracking systems maintained by the Division and the Office of the Secretary, and that staff time on CT requests be charged consistently. In addition, the Division should obtain disclosure of information after the confidential treatment period has expired.

The Division and Office of the Executive Director generally concurred with our recommendations. In fact, the Division has already issued updated procedures for processing confidential treatment requests. These Division-wide procedures address the security of the request materials, timeliness of processing, data entry responsibilities, documentation of the request files, and processing responsibilities. The procedures also list common processing problems and provide suggested solutions. We commend the Division for its responsiveness and commitment to effective management controls.

Space Renovation Contracting

Audit 210, September 29, 1994

The Commission leased space in 1992 at 7 World Trade Center in New York City from Silverstein Development Corporation. The lease included a Tenant Work Agreement (TWA) of $5,561,231 to cover the costs of improvements to the office space.

Cotton & Company, CPAs, performed an audit of the TWA costs under a task order issued by our office. The audit found questioned costs of $7,655, and unresolved costs of $207,389. The Contracting Officer is currently in negotiations with Silverstein to resolve these costs.

Philadelphia District Office

Audit 211, September 29, 1994

In May and June 1994, we performed an audit of administrative and program controls in the Philadelphia District Office (PDO). Our objective was to evaluate whether the controls adequately safeguarded assets, were economically and efficiently maintained, and were in compliance with Commission policies and procedures. During the review, we interviewed PDO staff and conducted limited tests of its records.

The controls we reviewed generally provided reasonable assurance that assets were safeguarded adequately, that operations were conducted economically and efficiently, and that they were in compliance with Commission policies and procedures. In addition, the Administrative Officer and program managers appeared competent and conscientious in carrying out their duties.

We made several recommendations to enhance controls. These included conducting periodic audits of transit subsidy records; making the sign-in log a seriatim recording; and timely reconciling blotter records with the Comptroller's records. Purchasing files should include determinations of price reasonableness and evidence of a market search. In addition, the performance plans of managers should reflect management control responsibilities.

Management generally concurred with our findings and recommendations. The PDO has begun implementing corrective actions.

Investigative Recommendations

Based on findings from an investigation, we recommended that the staff of a particular office be given training in time and attendance procedures. For a reasonable period after the training, the Office of the Comptroller should closely monitor the office's compliance with the time and attendance procedures.

INVESTIGATIVE PROGRAM

Fourteen investigations were closed during the period. The Office referred two of the matters to the Department of Justice and four matters to Commission management. The most significant cases are described below.

Investigative Misconduct

Last November, a subject in a Commission securities investigation maintained that he was seriously misled by a Commission staff attorney. The staff attorney allegedly utilized an exhibit from which crucial handwritten notes had been redacted. Our investigation developed physical evidence that directly and conclusively invalidated the allegation.

Unauthorized Disclosure

A financial publication reported that it had obtained a copy  of a document that was non-public at the time of its  disclosure. During our investigation, a senior official  resigned before administrative action could be considered.

Frequent Flyer Milage Abuse

Eight employees used frequent flyer miles earned fully or partially from government travel for personal travel. In response to our preliminary findings, the Commission last year completed a major modification of related controls, including establishing a tracking system for frequent flyer miles. This action should substantially strengthen controls to prevent future abuses. The Commission is waiting for guidance from the Department of Justice before considering administrative action. The Office of Inspector General is continuing to work with Commission management and the Department of Justice to develop a feasible approach for possible future investigations of such conduct.

Time & Attendance Abuse

A Commission manager allegedly failed to record significant absences from the office over an extended period of time. Our investigation developed evidence that supported the allegations, as well as mitigating factors.

At the close of the period, fifteen investigations were pending. The investigations involve allegations of:

• Conflict of interest,

• Receipt of a bribe,

• Unauthorized disclosure of non-public documents,

• Insider trading,

• Theft,

• Whistleblower retaliation,

• Outside employment,

• Failure to maximize lease benefits,

• Intellectual property infringement,

• Procurement irregularities, and

• Investigative misconduct.

SIGNIFICANT PROBLEMS

No new significant problems were identified during this reporting period.

SIGNIFICANT PROBLEMS IDENTIFIED PREVIOUSLY

As previously reported, the Commission does not have a long-term disaster recovery plan for the Electronic Data Gathering and Retrieval (EDGAR) system. A long-term automated solution to disaster recovery will become increasingly necessary as essentially all filers will eventually use EDGAR. The Commission is currently considering architectural changes to EDGAR that it believes will provide significant disaster recovery advantages.

In the short term, electronic filers would be asked to file manually, in the event of a computer disaster. Given the relatively small number of EDGAR filers currently, this alternative appears adequate for the time being. At some point, however, as filers are phased onto EDGAR, the Commission will lose its ability to process all filings in paper form. It is critical that the Commission have a tested computer backup for EDGAR before that point is reached.

Our recommendation, that the Commission develop an EDGAR disaster recovery plan after the EDGAR architectural decisions are made, remains.

ACCESS TO INFORMATION

The Office of Inspector General has received access to all information required to carry out its activities. No reports to the Chairman, concerning refusal of such information, were made during the period.

OTHER MATTERS

Office Administration

As part of an effort to "reinvent" the Inspector General function, auditors were empowered with increased responsibility for planning their own work. Revised performance standards of the audit staff now emphasize audit outcomes (e.g., the significance of audit recommendations made), rather than audit processes. These standards also recognize the auditors' enhanced strategic planning responsibilities (see below).

After an analysis of audit processes, report writing was centralized, on a pilot basis. This change promises to materially speed the completion of audits and reduce the total amount of resources needed. Previously, we were able to convert a secretarial position to an auditor position because of office automation efficiencies. This change streamlined operations and is enhancing Office productivity.

Future plans for improving Office productivity include:

• Establishing a library of audit and Semiannual Reports  to Congress on the Commission's Wide and Local Area  Networks, and

• Maintaining Office procedures ("Administrative  Issuances") in an electronic library to facilitate  updating and access by Office staff.

Strategic Planning

In response to audit recommendations from the General Accounting Office to all Designated Federal Entity OIGs (AIMD 94-39), the Office is in the process of revising its strategic planning process. The planning revisions are being integrated with the "reinvention" of the Office through staff empowerment.

Each auditor was assigned one program and one support function (issue areas) to coordinate. Within their issue areas, the auditors are responsible for the strategic planning analysis. Because of their intimate contact with the issue areas, they are the best situated to assess audit risks. Moreover, because the auditors are now responsible for both planning (doing the right audits) and execution (doing the audits right), they are held accountable for audit outcomes (e.g., significant recommendations).

The auditors are now completing the first steps in the strategic planning process. After revising the audit universe, they will integrate it with the risk assessments completed last year and other pertinent information. These audit risk assessments of each program and support function will form the basis of the strategic planning process.

Based on their knowledge of their issue areas, the auditors, with Office management, are also developing an audit strategy for each program and support function. The program specific strategies will be consistent with the overall Office strategy, previously announced.

Using the issue area strategies and audit risk assessments, one or more audit proposals will be drafted for each element in the universe. Each proposal will include: background, scope and objective, discussion of the audit risk, audit criteria, audit approach (i.e., substantive audit steps), expected benefits, and resources required. The ranking of these proposals will form the basis of the Office's long-term strategic and annual audit plans for the issue areas.

The audit proposals will be summarized to identify resource requirements to carry out each of the audit strategies. Due to restrictions in the Appropriations Act (31 U.S.C. 1108.(e)), concerning the submission of appropriation estimates to Congress without a request, this analysis will not be forwarded to Congress. It will, however, be used for supporting our budget requests to the Chairman.

The Inspector General community, through PCIE and ECIE committees, is developing performance measures to evaluate OIG progress. The appropriate measures will be adopted by this Office as they become available.

The Investment Management Program (a major program within the Commission) is not assigned to an auditor at this time due to resource constraints. Audit risks in the program will be assessed as soon as possible.

Comments on Legislation

At the request of the Chairmen of the Legislation and National Security and Commerce, Consumer, and Monetary Affairs subcommittees of the House Committee on Government Operations, we provided extensive comments on proposed amendments to the Inspector General and Whistleblower Protection Acts.

Executive Council on Integrity and Efficiency

The Office actively participates in the activities of the Executive Council on Integrity and Efficiency (ECIE). The Inspector General attends all ECIE meetings and is an active member of several of its committees including the Peer Review and Financial Institutions Regulatory committees. He also serves as the ECIE representative to the PCIE Audit Committee - Training Subcommittee.

The Counsel to the Inspector General is Vice-Chair of the President's Council on Integrity and Efficiency, Council of Counsels. The Council considers legal issues relevant to the Inspector General community.

QUESTIONED COSTS

		Number	Dollar Value (in thousands)
			Unsupported	Questioned
			Costs	Costs
A.	For which no management decision has been made by the commencement of the reporting period	1	37	[ 0 ]
B.	Which were issued during the reportingperiod	2	0	[ 52 ]
	Subtotals (A + B)	3	37	[ 52 ]
C.	For which a management decision was made during the reporting perperiod	0	0	[ 0 ]
	(i) dollar value of disallowed costs	0	0	[ 0 ]
	(ii) dollar value of costs not disallowed	0	0	[ 0 ]
D.	For which no management decision has been made by the end of the reporting period	3	37	[ 52 ]
	Reports for which no management decision was made within six months of issuance	0	0	[ 0 ]

RECOMMENDATIONS THAT FUNDS BE PUT TO BETTER USE

		Number	Dollar Value (in thousands)
A.	For which no management decision has been made by the commencement of the reporting period	0	0
B.	Which were issued during the reportingperiod	0	0
	Subtotals (A + B)	0	0
C.	For which a management decision was made during the reporting period	0	0
	(i) dollar value of recommendations that were agreed to by management	0	0
	- based on proposed management action	0	0
	- based on proposed legislative action	0	0
	(ii) dollar value of recommendations that were not agreed to by management	0	0
D.	For which no management decision has been made by the end of the reporting period	0	0
	Reports for which no management decision was made within six months of issuance	0	0

REPORTS WITH NO MANAGEMENT DECISIONS

Management decisions have been made on all audit reports issued before the commencement of this reporting period (April 1, 1994).

REVISED MANAGEMENT DECISIONS

No management decisions were revised during the period.

AGREEMENT WITH SIGNIFICANT MANAGEMENT DECISIONS

The Office of Inspector General agrees with all significant management decisions.

October 31, 1994

Honorable Arthur Levitt, Jr.
Chairman
Securities and Exchange Commission
Washington, D.C. 20549

Dear Chairman Levitt:

Attached is the Semiannual Report to Congress of the Commission's Office of Inspector General for the six month period ending September 30, 1994. During this reporting period, the Office completed eight audits and closed fourteen investigations.

Consistent with our evolving strategic plan that emphasizes evaluations of program operations, we concentrated audit resources on those areas. This work included audits of the integrity of the Investment Adviser/Investment Company database, confidential treatment of filing data, investor complaints and inquiries, and the delegation of Commission authority to investigate and litigate.

We referred two matters to the Department of Justice. In one case, concerning time and attendance abuse, an Assistant United States Attorney declined prosecution. The other matter, involving the use of government frequent flyer miles for personal trips, is pending at the Department of Justice.

As part of an effort to "reinvent" the Inspector General function, auditors were empowered with increased responsibility for strategic planning and auditing. Performance standards were revised to recognize their enhanced strategic planning responsibilities, as well as audit outcomes (e.g., the significance of audit recommendations made) rather than audit processes. The Investment Management Program is the only program not assigned to an auditor at this time, due to resource constraints.

The continued support and cooperation of the Commission is greatly appreciated.

Sincerely,

Walter Stachnik
Inspector General

Attachment

*** Last Update 3/27/95 (twg) ***

http://www.sec.gov/about/oig/audit/semi9410.htm