Home » Fannie Mae Annual Reports » 2005 Annual Report - page 187

Fannie Mae 2005 Annual Report Download - page 187

Download and view the complete annual report

Please find page 187 of the 2005 Fannie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

the continuation of numerous material weaknesses in our control environment, our application of GAAP, our

financial reporting process, and our information technology applications and infrastructure as of December 31,

2005. Further, management identified the continuation of other material weaknesses as of December 31, 2005

in our independent model review process, treasury and trading operations, pricing and independent price

verification processes, wire transfer controls, and a new material weakness related to multifamily lender loss

sharing modifications.

Because of the material weaknesses described below, management has concluded that our internal control over

financial reporting was not effective as of December 31, 2005. Our independent registered public accounting

firm, Deloitte & Touche LLP, has issued an audit report on management’s assessment of our internal control

over financial reporting, expressing an unqualified opinion on management’s assessment and an adverse

opinion on the effectiveness of our internal control over financial reporting as of December 31, 2005. This

report is included on page 193 below.

Description of Material Weaknesses as of December 31, 2005

Control Environment

We did not maintain an effective control environment related to internal control over financial reporting.

Specifically, we identified the following material weaknesses in our control environment as of December 31, 2005:

•Accounting Policy

We lacked a written, comprehensive set of GAAP-compliant financial accounting policies and a

formalized process for determining, monitoring, disseminating, implementing and updating our accounting

policies and procedures.

•Enterprise-Wide Risk Oversight

We did not maintain a properly staffed, comprehensive and independent risk oversight function.

Specifically, our risk oversight function lacked enterprise-wide coordination, dedicated senior leadership

and sufficient staffing. Comprehensive risk policies did not exist, and existing policies applicable to each

business unit required enhancement.

•Internal Audit

We did not maintain an effective and independent Internal Audit function. Internal Audit did not maintain a

sufficient complement of personnel with an appropriate level of accounting and auditing knowledge,

experience and training to effectively execute an appropriate audit plan. In addition, our Internal Audit

function lacked clarity regarding its risk assessment process, communications and audit plans. Our ineffective

Internal Audit function adversely affected our ability to adequately identify our control weaknesses.

•Human Resources

Our human resources function did not have clear enterprise-wide coordination, which resulted in

ineffective definition and communication of employee roles and responsibilities. In addition, training and

performance evaluations were not always effective. As a result, we did not have a sufficient number of

qualified staff, clear job descriptions, and appropriate policies and procedures relating to human resources.

Lines of delegated authority were not always clear.

•Information Technology Policy

We did not maintain and clearly communicate information technology policies and procedures. This

weakness contributed to our inadequate internal control over financial reporting systems.

•Policies and Procedures

We did not maintain adequate policies and procedures related to initiating, authorizing, recording,

processing and reporting transactions. This lack of documentation led to (a) inconsistent execution of

182