A Performance Audit
An Audit Report On The Department of Savings and Mortgage Lending: A Self-directed, Semi-independent Agency
May 2017
Summary Analysis
The Department of Savings and Mortgage Lending (Department) had controls to accurately report financial and performance data and appropriately set fees and penalties.
In addition, the Department had a process for setting fees that was based on its budgetary needs. The Department also complied with requirements for the calculation of licensing and regulatory fees for the mortgage industry and the thrift industry, respectively, in fiscal years 2015 and 2016. However, the Department did not have a schedule of penalties to help ensure transparency and to aid in imposing consistent penalty amounts. The Department’s support for the enforcement actions tested did not always include an explanation regarding how the Department determined the amount of the penalty recommended in its investigative report or the amount of the penalty it actually imposed. Additionally, the Department did not have current, written policies and procedures to document its processes for budgeting, fee-setting, and imposing penalties.
Auditors also identified weaknesses related to data reliability, user access, and information technology policies and procedures that the Department should address.
The Department had effective controls that helped to ensure that the financial data tested was accurate. However, the Department should improve controls over its financial reporting process to ensure that its annual financial reports are mathematically accurate, include totals for all applicable data, and are appropriately supported by the Uniform Statewide Accounting System (USAS). In addition, the Department should strengthen its process for performing reconciliations of cash, revenue, and expenditures.
The Department had a process for setting fees that was based on its budgetary needs. The Department also complied with requirements for the calculation of licensing and regulatory fees for the mortgage industry and the thrift industry, respectively, in fiscal years 2015 and 2016. In addition, the Department followed a process guided by factors in the Texas Finance Code for imposing penalties on mortgage companies, mortgage bankers, mortgage loan servicers, and residential mortgage loan originators when they did not comply with requirements.
However, the Department did not have a schedule of penalties to help ensure transparency and to aid in imposing consistent penalty amounts. The Department’s support for the enforcement actions tested did not always include an explanation regarding how the Department determined the amount of the penalty recommended in its investigative report or the amount of the penalty it actually imposed. The Department also did not always document its reasons for issuing a formal advisory letter instead of a formal enforcement order.
Additionally, the Department did not have current, written policies and procedures to document its processes for budgeting, fee-setting, and imposing penalties.
In its reports to the Finance Commission of Texas for fiscal years 2015 and 2016, the Department reported accurate results for the two performance measures tested. The two performance measures tested were:
• Number of (State Chartered Savings Bank, or Thrift) Examinations Performed.
• Number of (Mortgage) Licensees Examined.
The Department uses the Semarca application as its system of record for activities related to the supervision and regulation of the mortgage industry, including licensee examinations, consumer complaints, and enforcement actions. The Semarca application did not have adequate application controls to ensure that only valid data was entered into that application. As a result, auditors identified numerous issues in the validity, accuracy, and completeness of the data reviewed. In addition, 3 (10 percent) of the 30 Semarca user accounts had inappropriate access based on the users’ current job responsibilities. Because of the issues discussed above, auditors concluded that the data in the Semarca application was not reliable. Having unreliable data could impair the Department’s decision making.
The Department had documented information technology policies and procedures that generally defined employees’ responsibilities for securing the Department’s information technology resources and data from unauthorized or accidental modification or disclosure. However, the Department’s information technology policies and procedures did not address certain critical processes.
Graphics, Media, Supporting documents