Freddie Mac 2006 Annual Report Download - page 70

Download and view the complete annual report

Please find page 70 of the 2006 Freddie Mac annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 170

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170

processes related to the amortization of deferred premiums, discounts and deferred fees for assets held in our Retained
portfolio.
While we have made progress in our remediation eÅorts, our material weaknesses and remaining signiÑcant deÑciencies
will continue to pose signiÑcant risks to our Ñnancial reporting processes until adequately remediated. The material
weaknesses that aÅected us through December 31, 2006 and continue to present challenges for us, as well as our related
remediation activities, are described below:
Integration among our systems, business units and external service providers. Our systems and processes related to our
operational and Ñnancial accounting systems, business units and external service providers are not adequately integrated.
This inadequate integration increases the risk of error in our Ñnancial reporting due to: (a) the potential failure to correctly
pass information between systems and processes; (b) incompatibility of data between systems; (c) incompatible systems;
or (d) a lack of clarity in process ownership. To compensate for this weakness, we have implemented mitigating controls,
including extensive manual procedures to perform data validation and Ñnancial analytics. We have also enhanced the
communication and coordination between our business units.
Our remediation eÅorts are targeted to address risks posed by (a) the hand-oÅ of data between systems, business units
and various data owners, (b) the reliance on end-user computing solutions or (c) reliance on simplifying assumptions in the
applications of our accounting policies. We have also formalized internal guidance for controls over the hand-oÅ of data at
all stages of our Ñnancial close processes, end-user computing solutions and the use of simplifying assumptions in our
accounting policies. Our remediation plans include identifying areas that require attention, evaluating our application of the
new internal guidance for the hand-oÅ of data and remediating any control deÑciencies identiÑed. We have also undertaken
an initiative to more clearly link the application of our accounting policies to our systems and our end-user computing
solutions.
We have undertaken an initiative to redesign our Ñnancial close process to make timely Ñnancial reporting possible. Our
remediation eÅorts currently focus on implementing enhancements to our current Ñnancial close process, while addressing
our objective of long-term sustainability in our processes. We have deÑned and begun monitoring performance metrics to
evaluate our progress in achieving close targets, with a focus on accuracy and timeliness.
Information technology general controls as they relate to change management. Our controls over managing the
introduction of program and data changes need improvement. Weaknesses in these controls include a lack of consistent
standards and inadequate testing of changes prior to deployment; an environment and processes that increase the diÇculties
of establishing and maintaining internal control; and issues arising from inherent system limitations.
We are implementing new change management processes so that changes to our system applications and new system
implementations are properly designed and approved, fully tested and meet the requirements of the business. We are also
focused on promoting an environment of accountability for adhering to change management processes and providing our
staÅ with the tools and training to implement system changes appropriately.
Information technology general controls as they relate to security administration, management and technology. Our
controls over information systems security administration and management functions need to improve in the following areas:
(a) granting and revoking user access rights; (b) segregation of duties; (c) monitoring user access rights; and (d) periodic
review of the appropriateness of access rights. Weaknesses in these controls could allow unauthorized users to access, enter,
delete or change data in these systems, as well as increase the possibility that entries could be duplicated or omitted
inadvertently.
Our remediation eÅorts include reviewing the design of our existing controls against industry standards, establishing new
procedures to secure data and restrict access to appropriate users, and the development of new tools to monitor access to
data and the types of access granted to speciÑc users. We are also centralizing the responsibility for granting user access to
key system applications and enhancing our automation of controls designed to prevent unauthorized or inappropriate levels
of system access.
Monitoring of results within Ñnancial operations and reporting functions. The controls we use to monitor the results of
our Ñnancial reporting process, such as the performance of Ñnancial analytics and account reconciliations, failed to identify
certain issues that required adjustments to our Ñnancial results prior to our reporting them.
Our remediation eÅorts have included a detailed evaluation and redesign of our Ñnancial analytics and reconciliation
procedures, and the implementation of regular, structured reviews of monthly Ñnancial results and accounting matters. We
are continuing to identify additional Ñnancial analytics improvements that we need to make. Additionally, we need to
continue to execute the new controls for a period of time in order to assess their eÅectiveness.
StaÇng adequacy. During 2006, we made progress in our eÅorts to build a strong management team by Ñlling several
key senior management positions. However, we must continue to recruit additional qualiÑed people into leadership and key
58 Freddie Mac