All Reports

This narrative report is a follow-up to our fiscal year (FY) 2017 Federal Information Security Modernization Act (FISMA) submission to the Office of Management and Budget to provide findings and recommendations related to PBGC's information security programWe contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by FISMA.

The Office of Inspector General issued an audit report on internal control over financial reporting for the Single-Employer and Multiemployer Program Funds administered by the Pension Benefit Guaranty Corporation (PBGC).This report provides a more detailed discussion of the specifics underlying the unmodified opinion on internal control over financial reporting reported in the internal control deficiencies section of the combined Independent Auditor’s Report dated November 15, 2017 (AUD-2018-4/FA-17-119-1).

The Office of Inspector General issued the audit of PBGC's Financial Statement Closing Package for Fiscal Year 2017 and 2016.The financial statements and accompanying notes contained in the closing package were prepared for the purpose of complying with the requirements of the U.S. Department of the Treasury's Financial Manual (TFM) Volume I, Part 2, Chapter 4700 for the purpose of providing financial information to the U.S. Department of the Treasury and U.S. Government Accountability Office to use in preparing and auditing the Financial Report of the U.S.

The Office of Inspector General issued the audit of the financial statements of the Single-Employer and Multiemployer Program Funds administered by the Pension Benefit Guaranty Corporation (PBGC) as of and for the years ended September 30, 2017 and 2016 finding:1. The financial statements were presented fairly, in all material respects, in conformity with accounting principles generally accepted in the United States of America.

This Risk Advisory is to report our concerns regarding control weaknesses within the MyPBAweb application. The suggestions contained in this Risk Advisory do not constitute formal auditrecommendations.

During the financial statement audit, we assessed PBGC’s information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. Current year testing found weaknesses in the areas of vulnerability management, software support, authentication, malicious traffic detection, and data protection. This report includes seven new and three repeat recommendations.

We found that for FY 2017, second quarter submission, PBGC generally complied with DATA Act requirements for completeness, timeliness, quality, and accuracy of the data, including implementation and use of the government-wide financial data standards established by OMB and Treasury. However, we identified some inconsistencies, omissions and errors, which caused the information available to the public and Congress on Beta.USAspending.gov to not fully reflect PBGC’s operations.

During the period April 1, 2017 through September 30, 2017, we:(1) Closed 11 audit recommendations and issued 9 new audit recommendations. The total number of open audit recommendations is 84.(2) Issued the following reports:(a) FY 2016 Improper Payments Evaluation. PBGC complied with improper payment requirements and financial assistance and contractor payment streams were not susceptible to significant improper payments.(b) Administrative Expenses for Insolvent Multiemployer Plans.

We found that PBGC premium exemption determinations can be improved with additional supporting documentation. For the 19 plans we reviewed, 13 of the exemptions lacked documentation supporting the plan’s basis for exemption. We further found that team leaders did not always review coverage exemptions, as required. Lastly, we identified three substantial owner exemptions, granted by PBGC, that require further review.