Freddie Mac 2004 Annual Report Download - page 110

Download and view the complete annual report

Please find page 110 of the 2004 Freddie Mac annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 246

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246

‚ insuÇcient documentation controls regarding roles and responsibilities related to certain data
correction activities;
technology implementation control deÑciencies, including changes in management processes that
allow access to production environments by developers; and
access by some business end-users to production databases.
In order to compensate for these material weaknesses we have had to perform extensive veriÑcation and
validation procedures to ensure our Ñnancial statements are fairly presented in accordance with GAAP. This
work began with the completion of process documentation for our controls over Ñnancial reporting and an
internal review to assess the design of internal controls over these processes. Our objective was to assess the
quality of the controls design and to initiate substantive actions to improve any design weaknesses. This eÅort
identiÑed additional material weaknesses in our controls design related to:
lack of documentation and evaluation of information technology general and application controls;
weaknesses in certain processes surrounding the accounting for security impairment; and
weaknesses in management's processes for identifying deÑciencies in controls over Ñnancial
reporting.
We undertook considerable work in 2004 to address the risks of the material weaknesses in our Ñnancial
reporting processes. This work resulted in the risks related to many weaknesses either being fully remediated
or reduced. However, as of the end of 2004, we still had several material weaknesses within our Ñnancial
reporting controls. These weaknesses must be monitored closely and compensating procedures must be
executed to ensure there is no material impact to our Ñnancial reporting. We continue to place considerable
management emphasis on the development and execution of plans to reduce and eventually eliminate the risk
associated with these remaining weaknesses. The remaining material weaknesses as of December 31, 2004
include:
end-user computing controls;
monitoring controls within Ñnancial operations;
information technology general and application controls;
management risk and control self-assessment process; and
integration between Operations and Finance.
In 2004 the focus was on improving the controls design and in addressing design weaknesses in our
Ñnancial reporting controls. We plan to remediate the existing material weaknesses described above by the end
of 2005, except for the material weakness related to integration between Operations and Finance. For this
weakness, we will apply risk reduction techniques in 2005, but do not expect to remediate fully until 2006.
Further, we are addressing other control deÑciencies that are not material weaknesses, as they still represent
risks in our control environment.
The next step in our plan is to test the operating eÅectiveness of the controls over Ñnancial reporting.
Controls testing will provide evidence that the controls are working as designed, or will indicate where we have
deÑciencies. Additionally, we are pursuing actions to fully document and test our entity-level controls and
controls over third party vendors. Entity-level controls include components such as: our Code of Conduct,
employee hotline, anti-fraud program and compliance program. Third party controls are those controls that
ensure the information and services we receive from third party vendors are well controlled and meet our
quality requirements.
There are continued risks to our Ñnancial reporting timeline as we strive to fully remediate the remaining
material weaknesses and enhance our internal control environment. As we execute testing we may also
encounter additional material weaknesses that we need to address. We manage these timeline and scope risks
through a centralized internal controls and program management oÇce with signiÑcant involvement of key
executives.
Freddie Mac
98