Federal Election Commission

Office of Inspector General -- Semiannual Report

Period ending September 30, 1999



If you require the entire printed version of this report, contact the Office of Inspector General, Federal Election Commission, 1050 First Street NE, Washington, DC 20463 or call Dorothy Maddox-Holland, Special Assistant, phone: (202) 694-1015, fax: (202) 501-8134, or e-mail: dmaddox@fec.gov.


Executive Summary

This report is submitted pursuant to the Inspector General Act of 1978, as amended, and includes a summary of the Office of Inspector General’s (OIG) activities for the period April 1, 1999 through September 30, 1999.

A significant amount of available OIG resources have been committed to the Y2K issue, not only during this reporting period, but during the past calendar year.  The main focus of this report will be on that effort.

During this reporting period, a real-time audit was conducted on the agency’s Y2K effort resulting in nine constructive recommendations.  However, issuance of the audit report did not end OIG involvement.   We immediately followed up and tracked the agency’s progress in implementing our audit recommendations, and continue to evaluate and report on the agency’s Y2K progress as regularly reported by the FEC to OMB.  In addition, an OIG review for Y2K renovation of the agency’s embedded chip technology has been scheduled during the next reporting period.

We have continued to keep the Commissioners and management apprised of agency progress in the Y2K area by a series of advisory memorandums.  In an advisory memorandum dated April 20, 1999, the OIG identified two high risk conditions relating to the agency’s Y2K renovation efforts.  In another memorandum dated July 20, 1999, the OIG identified conditions which continue to pose a high risk to the FEC.  Further details concerning these memorandums can be found in the Y2K section of this report.

As a consequence of our audit report and advisory letters, the IG and the Director of Data Systems Development Division (DSDD) were subsequently asked to give testimony before the FEC Commissioners, appraising agency progress in the Y2K renovation project.  The Director of DSDD expressed confidence that under his leadership the agency’s Y2K problems would be fully resolved.   Contrary to the positive assurance expressed by the Director of DSDD, the IG reported that based on evidence gathered during the Y2K audit, along with results from a follow-up evaluation, the FEC remains highly vulnerable to the Y2K problem.

The Commissioners showed particular concern for the degree of assurance the agency’s Y2K project could provide that our computer systems and related technology will be prepared for January 1, 2000.  The Commissioners have scheduled another open discussion regarding the Y2K issue for November 10, 1999.  Details concerning the original hearing can be found in the Y2K section of this report.  The OIG will continue to monitor the Commissions progress in addressing its Y2K responsibilities.

Also during this reporting period, follow-up work was done on three audits and two cash counts of the FEC’s imprest fund were performed.  The audit and follow-up work are summarized below:

Audit of Agency Year 2000 (Y2K) Renovations - OIG 98-08: The primary objectives of the audit were to 1) verify the reported progress of the FEC’s Y2K renovation project; and 2) evaluate compliance with applicable laws & regulations.  Agency progress was evaluated using OMB’s milestone dates and GAO’s methodology.  The Y2K team was regularly updated on all project risk identified during the audit fieldwork and provided specific recommendations to reduce exposure to those risks.

During the audit agency computer systems were identified, assigning the highest priority to those systems which transfer data and systems that receive electronic data from outside sources.  The audit assessed the risk associated with the Y2K renovation of the computer systems within these critical areas and recommendations were offered which we felt would reduce the agency’s exposure to the Y2K problem.

We found, among other things, that the agency’s computer hardware, 3rd party software, and supporting communications network were not yet Y2K compliant.  In addition, while system renovation work and unit testing had been performed, other testing on the agency’s most important computer system had yet to be completed.

Based on the audit work, we concluded that the progress reported by the FEC is consistent with the actual Y2K project results achieved.   However, there are still major issues to be addressed before the Commission can be Y2K compliant.

The audit report contained nine constructive recommendations for project improvement.  Details concerning this audit are discussed in the Y2K section of this report.

 

Follow-up work on the audit of the Commission’s Management of Computer Software - OIG 98-05, was conducted during this reporting period.  The original audit report was released March 1999.  The primary objectives of the audit were to 1) verify that the Commission’s computer software was in compliance with applicable copyright laws and Commission policies and procedures; 2) determine that adequate policies and procedures are in place to prevent unauthorized software use by Commission employees; and 3) ensure that adequate controls are in place to detect and prevent computer viruses.  The original report contained one finding and three recommendations.

We inspected documents and contacted the Data Systems Development Division (DSDD) in order to determine whether corrective action has been taken to resolve the audit finding and recommendations.  Based on our review of documents and correspondence with the DSDD staff, we found that DSDD has not completely resolved two of the three audit recommendations contained in our original report.   Details of the follow-up work are discussed in the Audit Follow-up section of this report.

 

Follow-up work on the audit of the FEC Property Management (Computer Inventory) - OIG 97-03, was conducted during this reporting period.  The original audit was released January 1998.  The primary objectives of the audit were to 1) identify and evaluate the adequacy of internal controls over desktop and laptop computers; and 2) evaluate the procedures in place to ensure that computer equipment having an acquisition cost over $5,000 is capitalized and that there is documentation to support the unit cost of computers under $5,000.

We inspected documents and contacted the Data Systems Development Division in order to determine whether corrective action has been taken to resolve the audit findings and recommendations.  Based on our review of documents and correspondence with the DSDD staff, we found that although some action had been taken by the DSDD to correct the weaknesses cited in our report, the action taken was not sufficient enough to resolve the audit findings.  Details of the follow-up work are discussed in the Audit Follow-up section of this report.

 

Follow-up work on the audit of the Review of the Commission’s Employee Appraisal Process - OIG 97-02, was conducted during this reporting period.  The original audit was released January 1998.  The primary objectives of the audit were to 1) determine whether the Commission’s Employee Appraisal Process was in compliance with applicable Federal Regulations and Commission Personnel instructions; and 2) determine whether the Commission’s monetary incentive process is in compliance with applicable Federal Regulations and Commission Personnel Instructions.

The original report contained four audit recommendations.  After follow-up work was completed, it was discovered that one recommendation had been implemented, leaving three recommendations open.  We would like to note that the Personnel office has had a significant staff turnover in the past two years.  The current Director of Personnel has been working on the remaining open recommendations.  Details of the follow-up work, as well as the status of the remaining open recommendations, are discussed in the Audit Follow-up section of this report.

Also during this reporting period, a peer review of the office was conducted by the Appalachian Regional Commission, Office of Inspector General.  The objectives of the peer review were to 1) determine whether an effective internal quality control system had been established in the office; and 2) established policies and procedures and applicable Government Auditing Standards, as promulgated by the Comptroller General of the United States (GAO), are being followed in practice.

The review concluded that a system of internal controls is in place and operating effectively and that the audits performed by the office are being carried out in accordance with GAO Government Auditing Standards.   Details concerning the peer review are discussed in the Additional Office of Inspector General Activity section of this report.