Freddie Mac 2005 Annual Report Download - page 70

Download and view the complete annual report

Please find page 70 of the 2005 Freddie Mac annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 171

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171

We currently outsource certain key functions to external parties, including processing functions for trade capture,
market risk management analytics, asset valuation, and mortgage loan underwriting. We mitigate the risk from outsourcing
by engaging in active vendor management, including establishing detailed vendor requirements, reviewing business
continuity plans, monitoring quality assurance processes and engaging third party reviews of our vendors. In addition, we use
a process of delegated underwriting for the single-family mortgages we purchase or securitize. In this process, we provide
originators with a series of mortgage underwriting guidelines and they represent and warrant to us that the mortgages sold to
us meet these guidelines. See ""Credit Risks Ì Mortgage Credit Risk Ì Mortgage Credit Risk Management Strategies Ì
Underwriting Requirements and Quality Control Standards'' and ""Institutional Credit Risk Ì Mortgage Seller/Servicers''
for information about how we mitigate the risks associated with delegated underwriting.
We are making signiÑcant investments to build new Ñnancial reporting systems and to move to more eÅective and
eÇcient business processing systems. During the transition period, however, we are more reliant on end-user computing
systems than is desirable and are challenged to deliver integrated production systems. Certain of these end-user computing
systems increase the risk of errors in some of our core operational processes and increase our reliance on monitoring
controls, which is an area where we have a material weakness in our internal control over Ñnancial reporting. They may also
limit our capacity for change. In the near term, we are mitigating this risk by improving our documentation and controls
over these systems and placing key end-user systems under the same technology controls as our production applications. We
also face challenges in the areas of system security, change management and information technology application and general
controls. See ""Internal Control over Financial Reporting'' for more information concerning internal control issues related to
our systems, both Ñnancial and non-Ñnancial reporting.
We are also exposed to the risk that our business processes could be adversely aÅected by inadequate staÇng, which
strains existing resources and increases the risk that an error or fraud will not be detected. This risk is of particular concern
for us because of high turnover rates, critical vacancies and recent changes in our senior management. We have Ñlled some
important vacancies such as General Counsel, General Auditor, Principal Accounting OÇcer, and Senior Vice President,
Enterprise Operational Risk. Our President and Chief Operating OÇcer has assumed the responsibilities of the Chief
Financial OÇcer while we conduct a search to Ñll that position. Recently, high employee turnover rates have contributed to
increased operational risk. While we have made progress in our eÅorts to build a strong management team by Ñlling several
senior positions, we need to continue to recruit additional qualiÑed people into leadership positions across the organization
in order to achieve our objectives in regard to remediation of our internal control deÑciencies.
In addition to the particular risks and challenges we are facing, we face ongoing risks that are similar to those of other
large Ñnancial institutions. For example, we are exposed to the risk that a catastrophic event, such as a terrorist event or
natural disaster, could result in a signiÑcant business disruption and an inability to process transactions through normal
business processes. To mitigate this risk, we maintain and test business continuity plans and have established backup
facilities for critical business processes and systems away from, although in the same metropolitan area as, our main oÇces.
In 2005, we began an eÅort to establish out-of-region capabilities for clearing and treasury services. However, it is not clear
that these measures will be suÇcient to respond to the full range of catastrophic events that might occur.
Internal Control over Financial Reporting
Since the revision and restatement of our Ñnancial results for 2000 through 2002, we have had to face many challenging
and complex accounting and Ñnancial reporting issues, including ongoing controls remediation and systems re-engineering
and development. We fell behind in our periodic reporting for the years ended December 31, 2002, 2003, 2004 and 2005,
and we have not yet returned to quarterly reporting. Improving internal control over Ñnancial reporting and mitigating the
risks presented by material weaknesses and other control deÑciencies in our Ñnancial reporting processes continue to be top
corporate priorities. Many of the material weaknesses and other control deÑciencies identiÑed in prior years persisted
throughout 2005 and continue to present challenges for us in 2006. In addition, we determined that some previously
identiÑed deÑciencies were more serious than originally assessed. We also identiÑed additional control deÑciencies in 2005.
While we believe we have made progress in the remediation of certain material weaknesses and other control deÑciencies
that have been identiÑed, these will continue to pose signiÑcant risks to our Ñnancial reporting process until fully
remediated. For example, in the course of completing our Ñnancial reporting processes for 2005, we discovered a number of
internal control issues that resulted in adjustments to our interim 2005 Ñnancial results.
The material weaknesses that aÅected us throughout 2005 and at the end of the year included:
Integration among our systems, business units and external service providers Ì Integration issues among our systems
and processes related to our operational and Ñnancial accounting systems, business units and external service
providers, which collectively increase the risk of error in our Ñnancial reporting due to: (a) the potential failure to
correctly pass information between systems and processes; (b) incompatibility of data between systems;
(c) incompatible systems; or (d) a lack of clarity in process ownership. To compensate for this weakness, we have
54 Freddie Mac