This audit report contains the Annual Financial Statement of the Federal Bureau of Prisons (BOP) for the fiscal years (FY) ended September 30, 2008, and September 30, 2007. Under the direction of the Office of the Inspector General (OIG), KPMG LLP performed the audit, which resulted in an unqualified opinion on the FY 2008 financial statements. An unqualified opinion means that the financial statements present fairly, in all material respects, the financial position and results of the entity’s operations in conformity with U.S. generally accepted accounting principles. For FY 2007, the BOP also received an unqualified opinion on its financial statements (OIG Report No. 08-09).
KPMG LLP also issued reports on internal control over financial reporting, and on compliance and other matters. The auditors identified one significant deficiency in the Independent Auditors’ Report on Internal Control over Financial Reporting, which has been reported annually since FY 2002. The significant deficiency relates to vulnerabilities identified in the BOP’s information system controls environment. Specifically, improvements are needed in the BOP’s logical access controls and system software general controls. No instances of non-compliance with laws and regulations or other matters were identified during the audit.
The OIG reviewed KPMG LLP’s reports and related documentation and made necessary inquires of its representatives. Our review, as differentiated from an audit in accordance with U.S. generally accepted government auditing standards, was not intended to enable us to express, and we do not express, an opinion on the BOP’s financial statements, conclusions about the effectiveness of internal control, conclusions on whether the BOP’s financial management systems substantially complied with the Federal Financial Management Integrity Act of 1996, or conclusions on compliance with laws and regulations. KPMG LLP is responsible for the attached auditors’ reports dated November 5, 2008, and the conclusions expressed in the reports. However, our review disclosed no instances where KPMG LLP did not comply, in all material respects, with U.S. generally accepted government auditing standards.