October 31, 1996
The Honorable Robert Pitofsky
Chairman
Federal Trade Commission
Sixth Street & Pennsylvania Avenue, N.W.
Washington, D.C. 20580
Dear Chairman Pitofsky:
The attached report covers the Office of Inspector General's (OIG) activities for the second half of fiscal year l996, and is submitted according to Section 5 of the Inspector General Act of l978, as amended. The Act requires that you submit this report, with your Report of Final Action, to the appropriate Congressional committees on, or before, November 30, l996.
During this reporting period the OIG issued two audit reports covering the agency's redress administration office and employee use of government-issued charge cards. Field work was also completed on two additional audits dealing with the security of the agency's automated management activities. Further, the OIG closed seven investigations while opening another three cases.
As in the past, I appreciate management's support during this reporting period, and I look forward to working with you in our ongoing efforts to promote economy and efficiency in agency programs.
Sincerely,
Frederick J. Zirkel
Inspector General
TABLE OF CONTENTS
TRANSMITTAL
INTRODUCTION
AUDIT ACTIVITIES
Completed Audits
Summary of Findings for Audit Reports Issued During the Current Period
Audits in which Field Work is Complete
Audits in which Field Work is in Progress
Investigative Summary
Investigations Closed During the Current Period
Obstructions and Unauthorized Disclosures
Employee Misconduct and Ethical Violations
Other Cases
Matters Referred for Prosecution
Significant Management Decisions
Access to Information
Internet Access
Audit Resolution
Review of Legislation
Contacting the Office of Inspector General
TABLES
Table I: Summary of Inspector General Reporting Requirements.
Table II: Inspector General Issued Reports With Questioned Costs.
Table III: Inspector General Issued Reports With Recommendations That Funds Be Put To Better Use
INTRODUCTION
The Federal Trade Commission (FTC) seeks to assure that the nation's markets are competitive, efficient, and free from undue restrictions. The FTC also seeks to improve the operation of the marketplace by ending unfair and deceptive practices, with emphasis on those practices that might unreasonably restrict or inhibit the free exercise of informed choic<e by consumers. The FTC relies on economic analysis to support its law enforcement efforts and to contribute to the economic policy deliberations of Congress, the Executive Branch and the public.
To aid the FTC in accomplishing its consumer protection and antitrust missions, the Office of Inspector General (OIG) was provided five (5) workyears and a budget of $472,700 for fiscal year 1996.
AUDIT ACTIVITIES
For this semiannual period, the OIG issued two audit reports, completed field work on two other audits, and initiated preliminary work on a financial statement audit of agency-wide activities for fiscal year 1997. Aspects of each of these audits are discussed below.
For this semiannual period, the OIG issued two audit reports, completed field work on two other audits, and initiated preliminary work on a financial statement audit of agency-wide activities for fiscal year 1997. Aspects of each of these audits are discussed below.
Completed Audits
96-032 Review of the Redress Administration Office's Oversight of Contractors
96-033 Review of FTC Compliance with the Government-Issued American Express Charge Card Program
Summary of Findings for Audit Reports Issued During the Current Period
The OIG's audit report, Review of the Redress Administration Office's Oversight of Contractors (AR 96-032), identifies internal control weaknesses with two redress contractors that could, if left unchecked by the agency's Redress Administration Office (RAO), lead to the misappropriation of redress funds. Specifically, the OIG noted that one individual at each of the contractor sites was in control of all or most of the major functions associated with claims notification, eligibility determination, claims disbursement, and reporting redress activity. This lack of separation of duties puts the individual in a position to both perpetrate and conceal irregularities in the normal course of his/her duties. Thus, the individual could simply add or substitute a name on a claimant list, resulting in a fraudulent redress payment that would be difficult, if not impossible, under current procedures for the FTC to detect. Also, the contractors provided cumulative monthly summaries to the RAO, but in different formats, making contractor performance difficult to compare. For one contractor, we could not initially identify from a review of its monthly reports the amount or disposition of funds this company managed for the agency.
To address these findings, the OIG recommended that the RAO randomly cross-check cancelled checks against the original claimant lists for distributions with significant per claimant dollar amounts, i.e., over $1,000. Names appearing on cancelled checks that are not on the claimant lists would immediately be suspect and require RAO followup. We also recommended that the RAO standardize the reporting format to display financial data that is easy to understand and follow, and that facilitates both external reporting and the identification of errors.
In the audit report, Review of FTC Compliance with the Government-Issued American Express Charge Card Program (AR 96-033), the OIG reviewed the card-related activities of 596 employees covering a six-month period ending December 31, 1995. FTC staff uses the "AMEX" card to make purchases totalling approximately $1 million annually. This review was undertaken based on a request directed to all federal inspectors general by Representative William Clinger, Chairman, House Committee of Government Reform and Oversight.
The audit revealed that 14 percent of all transactions made during the review period were for personal use, and that 18 percent of all employees who used their AMEX card during the six-month period made at least one personal transaction with the card. The vast majority of employees only occasionally used their AMEX card for personal use, although three percent of staff habitually used the card to make personal purchases. The OIG also found that employees who use the AMEX card for personal transactions are almost two and one-half times more likely to become delinquent (past due by 60 days or more) on their AMEX bill than employees who use their cards for official government travel only. Finally, our review revealed weaknesses in the agency's controls over card distribution to current employees, and card cancellation for employees leaving the agency.
To address these findings and to improve program compliance, the OIG made four recommendations which, collectively, have resulted in the agency taking a more proactive approach to managing the AMEX program.
Audits in which Field Work is Complete
In the prior semiannual period, the OIG reported that an audit survey of the agency's automated management activities was in progress. This survey included a review of pertinent policies and procedures, interviews with agency systems managers, and a physical inspection of computer facilities and hardware. We identified strengths and weaknesses in organization and administration, access controls, operations, business resumption planning, and other areas associated with the information management function. We then briefed management on our survey results. The OIG also identified two areas: access controls and business resumption planning, which we believed merited a more detailed review.
During this reporting period, the OIG completed a comprehensive review of computer systems security (access controls) and service continuity practices and policies (business resumption planning) at the FTC. As a result of this effort, the OIG will issue two audit reports and one technical appendix covering our findings in these areas.
97-034 Review of the Federal Trade Commission's Computer Systems Security
The objective of this review was to assess whether controls in place are adequate to prevent unauthorized access to FTC information systems. The OIG performed a penetration test of the agency's computer system. This was a three-part evaluation that involved (a) external probes via the Internet to the agency's firewall, (b) external probes through dial-in modems, and (c) internal probes of the network from within the FTC. The OIG developed a profile of individuals most likely to attempt to penetrate agency systems, and performed the penetration test from their perspective, i.e., using tools and techniques available to our hypothetical intruders.
The OIG also reviewed password cancellation procedures for employees leaving the agency, and compared departure dates with password cancellation dates for those employees with access to the FTC network and the Prime computer.
97-035 Review of the Federal Trade Commission's Computer Service Continuity Policies and Procedures
The objective of this review was to determine whether the agency has taken adequate preventative measures to minimize potential service interruptions. The OIG reviewed the agency's computer security program to determine whether it adequately addresses service-related vulnerabilities and reflects the current FTC network configuration.
Audits in which Field Work is in Progress
97-XXX Audit of the Federal Trade Commission's Financial Statements for the Fiscal Year Ending September 30, 1997
The objectives of this audit are to determine whether the agency's financial statements fairly present the financial position of the agency, results of operations, and cash flows or changes in financial position in conformity with generally accepted accounting principles. The principal financial statements to be audited for fiscal year 1997 include: (a) Statement of Financial Position, (b) Statement of Operations and Changes in Net Position, (c) Statement of Cash Flows, (d) Statement of Budgetary Resources and Actual Expense, and (e) Notes to Financial Statements.
INVESTIGATIVE ACTIVITIES
The Inspector General is authorized by the IG Act to receive and investigate matters of fraud, waste and abuse occurring within FTC programs and operations. Matters of possible wrongdoing usually come to the OIG in the form of allegations or complaints from a variety of sources, including FTC employees, other government agencies and the general public.
Reported incidents of possible fraud, waste and abuse might give rise to administrative, civil or criminal investigations. OIG investigations might also be initiated based on wrongdoing by firms or individuals outside the agency when there is an indication that they are or were involved in activities intended to adversely affect the outcome of an agency enforcement action. Because this type of wrongdoing strikes particularly hard at the integrity of the FTC's consumer protection and antitrust law enforcement missions, the OIG places a high priority on investigating it.
In conducting investigations over the past several years, the OIG has sought assistance from, and worked jointly with, other law enforcement agencies, including the Federal Bureau of Investigation (FBI), the Postal Inspection Service, the U.S. Secret Service, the Internal Revenue Service, other OIGs, and state and local police departments.
Investigative Summary
During this reporting period the OIG received 22 new allegations of possible wrongdoing. Of these 22 allegations and complaints received by the OIG, eight (8) involved matters which the OIG determined were the responsibility of agency program components and, were therefore, referred to FTC enforcement staff for appropriate disposition. One (l) allegation was referred to another agency OIG for action. The OIG also closed ten (10) of the remaining 13 referrals without action. The three (3) remaining allegations led to the initiation of OIG investigations.
Following is a summary of the OIG's investigative activities for the six-month period ending September 30, 1996. The OIG opened three (3) new investigations during this reporting period, and closed seven (7) cases:
Cases pending as of March 31, 1996 ............................. 7
Plus: New cases ................................................ +3
Less: Cases closed ............................................. -7
Cases pending as of September 30, 1996......................... 3
Investigations Closed During the Current Period
1. Obstructions & Unauthorized Disclosures (3)
During this reporting period the OIG closed three (3) cases involving the possible obstruction of agency enforcement proceedings or the disclosure of nonpublic FTC information.
The first OIG investigation closed during the period was initiated in a prior reporting period and was based on evidence of a possible disclosure of nonpublic information by an FTC employee to a reporter for a major newspaper. A newspaper story identified the subjects of several nonpublic FTC enforcement cases involving the Franchise Rule.
The OIG closed this case after being unable to develop any evidence to indicate that any FTC employee had intentionally disclosed nonpublic information to a news reporter. The OIG did determine, however, that before the story ran, the news reporter had requested documents from the agency under the Freedom of Information Act (FOIA) on the same subject.
As a result of the reporter's request, the OIG attempted to determine if nonpublic information might have been inadvertently provided to the reporter when the agency responded to his FOIA request. The OIG found that the agency's file copy of its FOIA response contained all appropriate redactions of nonpublic information and was sent after the story ran. However, the OIG also found that a few days before the reporter was sent documents in response to his FOIA request he was provided by the agency with a copy of a senior FTC official's Congressional testimony on the subject of franchising (materials also covered by his FOIA request). The OIG found that the file copy of documents transmitted to the reporter contained exhibits with unredacted portions of the same nonpublic information that appeared in the news story. As the OIG could not conclusively determine if the file copy provided investigators accurately reflected an exact copy of the material provided to the reporter, we could not conclude that this submission was the source of the leak.
Furthermore, in the same investigation, the OIG learned that the agency, in responding to a Congressional request from a House committee, had provided a committee staffer the same nonpublic information which later appeared in the news story. Thus, another possible source of the leak was found. As the OIG was unable to develop evidence that would conclusively point to either as the source of the leak, the investigation was closed.
The second investigation closed during this period involved an apparent leak to two major newspapers of nonpublic information concerning a proposed acquisition of a prescription management business by a major pharmaceutical company and the FTC's review of that proposed acquisition. The complainant, a Wall Street broker, alleged that public disclosure of this matter had caused the stock price of an involved company to fall resulting in significant dollar losses.
The OIG opened a preliminary investigation to determine if an FTC employee, privy to the nonpublic information, had deliberately leaked information to the press to possibly enrich himself by affecting stock prices.
After consultation with staff of the Securities and Exchange Commission's Enforcement Division in which the OIG detailed the type of information available to the OIG regarding dollar losses, possible suspects, and brokers, the OIG decided to close its inquiry.
The third case closed during this reporting period involved a possible attempt by a company to obstruct an FTC enforcement action years earlier by allegedly altering documents requested by FTC enforcement staff. The plaintiff in a recent private antitrust lawsuit alleged in court documents that the defendant company had altered documents it provided to FTC enforcement staff in the late 1980s during the FTC's preliminary investigation of a possible conspiracy to split commissions in violation of antitrust laws.
During the OIG's investigation, FTC enforcement staff was provided with court papers under seal from the U.S. District Court with which the recent private action had been filed. After reviewing previously redacted information, agency staff concluded that the outcome of their investigation would have been the same even if the excised information had been provided to them at the time of their initial review of this matter. Accordingly, following the staff's review, the OIG closed its investigation.
2. Employee Misconduct & Ethical Violations (1)
During an earlier reporting period the OIG received from a complainant an allegation that an FTC enforcement attorney had recommended a receiver to a federal judge, not for substantive reasons, but rather because of that person's personal relationship to the FTC employee.
As no evidence of a conflict of interest was developed by the OIG, the case was closed. However, the "receivership recommendation process" employed by the FTC at the time the receiver was appointed by the court, again proved to be lacking.
The OIG believes that the new competitive arm's length receivership recommendation process now being used by staff would have helped to protect the enforcement attorney against this particular conflict of interest allegation.
For additional information on the receivership recommendation process, see the OIG audit report entitled, "Review of Receiver Activities and Outcomes in FTC Consumer Fraud Cases (AR 95-027).
3. Other Cases (3)
The first of three (3) other cases closed during this reporting period involved a series of allegations made by an anonymous source to the OIG that the head of a company was engaged in "Buy American Act" violations, along with possibly tax fraud and money laundering. After determining that a referral to agency staff was not appropriate and that other federal criminal law enforcement agencies were investigating the company, all OIG-received information was referred to the FBI and the case was closed.
The second case closed during this reporting period involved the possible scamming of the FTC by a private company. Information was provided to the OIG by another agency OIG which indicated that an office supply firm was involved in sending bogus invoices to government agencies for products which were not ordered and apparently had never been delivered.
The OIG, after reviewing agency accounting records and satisfying itself that the FTC was not one of the federal agencies scammed, decided to close the matter after a review of BCP files to ensure that no violation of an agency consent agreement had taken place.
The third case closed during this reporting period involved a credit card fraud scheme in which a non-agency employee who works in a facility located in the FTC headquarters building was allegedly victimized by a co-worker. Although no actual theft of the individual's credit cards occurred, someone with access to the victim's purse while working in the facility had improperly obtained and then used personal and credit card information to illegally make several mail order purchases, charging them to the victim's credit cards. The OIG determined that no FTC employee had been victimized or was responsible for any wrongdoing. Consequently, the names and location of those individuals who appear to be involved were referred by the OIG to the DC Metropolitan Police Department's fraud unit for followup.
Matters Referred for Prosecution
The OIG consulted with an Assistant United States Attorney on a public corruption case referred for criminal prosecution during an earlier reporting period.
OTHER ACTIVITIES
During this reporting period the OIG also allocated resources to activities other than conducting audits and investigations. These activities involved participating on Executive Council on Integrity and Efficiency (ECIE) committees and responding to Congressional and OMB requests for information.
Significant Management Decisions
Section 5(a)(12) of the IG Act requires that if the IG disagrees with any significant management decision, such disagreement must be reported in the semiannual report. Further, Section 5(a)(11) of the Act requires that any decision by management to change a significant, resolved audit finding must also be disclosed in the semiannual report. For this reporting period there were no significant final management decisions made on which the IG has disagreed, and management has not revised any earlier decisions on any OIG audit recommendation.
Access to Information
The IG is to be provided with ready access to all agency records, information or assistance when conducting an investigation or audit. Section 6(b)(2) of the IG Act requires the IG to report to the agency head, without delay, if the IG believes that access to required information, records or assistance has been unreasonably refused, or otherwise has not been provided. A summary of each report submitted to the agency head in compliance with Section 6(b)(2) must be provided in the semiannual report in accordance with Section 5(a)(5) of the Act.
During this reporting period, the OIG did not encounter any problems in obtaining assistance or access to agency records. Consequently, no report was issued by the IG to the agency head in accordance with Section 6(b)(2) of the IG Act.
Internet Access
The OIG has established a home page at the FTC Web Site. The OIG internet address is www.ftc.gov/oig/oighome.htm. A visitor to the OIG home page can download the OIG's more recent semiannual reports to Congress, and can also browse through a list of audit reports, identifying those of interest and ordering them via an E-mail link to the OIG. In addition to this resource of information about the OIG, visitors are also provided a link to other federal organizations and offices of inspector general.
Audit Resolution
As of the end of this reporting period, all OIG audit recommendations for reports issued in prior periods have been resolved. That is, management and the OIG have reached agreement on what actions need to be taken. Furthermore, the OIG is planning to conduct a survey in the next reporting period to determine if all resolved recommendations have been implemented in accordance with management representations made to the agency's audit resolution official.
Review of Legislation
Section 4(a)(2) of the IG Act authorizes the IG to review and comment on any proposed legislation or regulations relating to the agency or affecting the operations of the OIG. During this reporting period, the OIG responded to requests from the agency's Office of General Counsel, and from OMB, PCIE and ECIE.
Contacting the Office of Inspector General
Employees and the public are encouraged to contact the OIG regarding any incidents of possible fraud, waste or abuse occurring within FTC programs and operations. The main OIG telephone number is (202) 326-2800. To report suspected wrongdoing, employees and the public should call the OIG's chief investigator directly on (202) 326-2581. A confidential or anonymous message can be left 24 hours a day.
The OIG is located in room 494 of the FTC Headquarters Building at Sixth Street and Pennsylvania Avenue, N.W., Washington, D.C. 20580. Office hours are from 8:30 a.m. to 5:30 p.m., Monday through Friday, except federal holidays.
SUMMARY OF INSPECTOR GENERAL |
||
IG Act |
Reporting |
Page(s) |
Section 4(a)(2) | Review of legislation and regulations | 9 |
Section 5(a)(l) | Significant problems, abuses and deficiencies | 1 |
Section 5(a)(2) | Recommendations with respect to significant problems, abuses and deficiencies | 1 |
Section 5(a)(3) | Prior significant recommendations on which corrective actions have not been made | 9 |
Section 5(a)(4) | Matters referred to prosecutive authorities | 8 |
Section 5(a)(5) | Summary of instances where information was refused | 8 |
Section 5(a)(6) | List of audit reports by subject matter, showing dollar value of questioned costs and funds put to better use | 1 |
Section 5(a)(7) | Summary of each particularly significant report | 1 |
Section 5(a)(8) | Statistical tables showing number of reports and dollar value of questioned costs | 11 |
Section 5(a)(9) | Statistical tables showing number of reports and dollar value of recommendations that funds be put to better use | 12 |
Section 5(a)(l0) | Summary of each audit issued before this reporting period for which no management decision was made by the end of the reporting period | 9 |
Section 5(a)(11) | Significant revised management decisions | 8 |
Section 5(a)(12) | Significant management decisions with which the Inspector General disagrees | 8 |
INSPECTOR GENERAL ISSUED REPORTS |
|||
Number |
Dollar Value |
||
Questioned |
Unsupported |
||
A. For which no management decision has been made by the commencement of the reporting period | 0 | 0 | [0] |
B. Which were issued during the reporting period | 0 | 0 | [0] |
Subtotals (A + B) | 0 | 0 | [0] |
C. For which a management decision was made during the reporting period | 0 | 0 | [0] |
(i) dollar value of disallowed costs | 0 | 0 | [0] |
(ii) dollar value of cost not disallowed | 0 | 0 | [0] |
D. For which no management decision was made by the end of the reporting period | 0 | 0 | [0] |
Reports for which no management decision was made within six months of issuance | 0 | 0 | [0] |
INSPECTOR GENERAL ISSUED REPORTS |
||
Number |
Dollar Value (in thousands) |
|
A. For which no management decision has been made by the commencement of the reporting period | 0 | 0 |
B. Which were issued during this reporting period | 0 | 0 |
C. For which a management decision was made during the reporting period | 0 | 0 |
(i) dollar value of recommendations that were agreed to by management | 0 | 0 |
- based on proposed management action | 0 | 0 |
- based on proposed legislative action | 0 | 0 |
(ii) dollar value of recommendations that were not agreed to by management | 0 | 0 |
D. For which no management decision has been made by the end of the reporting period | 0 | 0 |
Reports for which no management decision was made within six months of issuance | 0 | 0 |