oversight

Semi-annual report: Oct-Mar 2014

Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2014-04-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

U. S. Equal Employment
Opportunity Commission




  Office of Inspector General




  Semiannual Report to Congress

  October 1, 2013–March 31, 2014

                    Milton A. Mayo Jr.
                    Inspector General
                       OIG VISION
    Agents Igniting Change and Fostering Accountability,
       Effectiveness, and Efficiency in Government




                     OIG MISSION
 The OIG’s mission is to detect and prevent waste, fraud, and
abuse and to promote economy, efficiency, and effectiveness in
               Agency programs and operations.
CONTENTS


A Message from the Inspector General                                          4

Executive Summary                                                            5

Introduction                                                                  7

The Audit and Evaluation Program                                             10
Completed Projects
New and Ongoing Audit and Evaluation Projects
Audit Follow-up

The Investigation Program                                                    23
Investigative Inquiries
Completed Investigative Activities
Ongoing Investigative Activity

Other OIG Program Activities                                                 24

Appendixes                                                                   25
Appendix I. Final Office of Inspector General Audit and Evaluation Reports
Appendix II. Index of Reporting Requirements
Appendix III. Single Audit Act Reports
This page intentionally left blank
                        Equal Employment Opportunity Commission



                                 A MESSAGE FROM
                            THE INSPECTOR GENERAL




In accordance with the Inspector General Act of 1978, as amended, I herewith submit
the semiannual report for the period October 1, 2013, through March 31, 2014, which
summarizes the major activities of our office for the reporting period. Section 5 of the
Inspector General Act requires the Chair to transmit this report to the appropriate
committees or subcommittees of Congress within 30 days of its receipt.

During this period, the Office of Inspector General (OIG) issued five final
audit/evaluation reports, completed one investigation, and received 284 investigative
inquiries, of which 114 were charge processing issues, 124 were Title VII complaints,
and 46 were other investigative allegations.

The OIG staff remains resolute in our commitment to our mission and the U.S. Equal
Employment Opportunity Commission’s efforts to achieve justice and equality in the
workplace.

As always, we appreciate the support and cooperation of Chair Jacqueline A. Berrien,
the Commissioners, and employees of the Commission.

Respectfully,




Milton A. Mayo Jr.
Inspector General
April 30, 2014




4
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

EXECUTIVE SUMMARY

This semiannual report is issued by the Equal Employment Opportunity Commission’s
(EEOC’s) Office of Inspector General (OIG) pursuant to the Inspector General Act of
1978, as amended. It summarizes the OIG’s activities and accomplishments for the
period October 1, 2013, through March 31, 2014.

During this period, the OIG issued five final audit/evaluation reports, completed one
investigation, and received 284 hotline inquiries, of which 114 were charge processing
issues, 124 were Title VII complaints, and 46 were investigative allegations.

The OIG’s completed, newly initiated, and ongoing audit, evaluation, and investigative
projects include the following:

     Harper, Rains, Knight & Company, P.A. (HRK), audited the financial statements
      of EEOC for fiscal year (FY) 2013 and issued an unmodified opinion on the FY
      2013 financial statements. In its Report on Internal Control over Financial
      Reporting, HRK noted one area involving internal control that was considered to
      be a significant deficiency. This included the lack of sufficient controls over
      supporting documentation for personnel expenses.

     In connection with the FY 2013 financial statement audit, HRK issued a
      management letter that identified several areas where internal controls should be
      strengthened. The Management Letter Report was issued on January 31, 2014.

     Brown & Company completed the OIG’s independent evaluation of the Agency’s
      information technology security program and compliance with the Federal
      Information Security Management Act of 2002 (FISMA) for FY 2013. Brown &
      Company concluded that the Agency has made positive strides over the last year
      in addressing information security weaknesses and continues to make progress in
      becoming fully FISMA compliant. However, the Agency still faces challenges in
      fully implementing information security requirements.

     The OIG reported to the Office of Management and Budget (OMB) on the
      Agency’s progress in implementing recommendations relating to the Agency’s
      charge card program. In accordance with the audit and reporting requirements of
      the Charge Card Abuse Prevention Act of 2012 (Charge Card Act), the OIG
      noted that none of the 10 recommendations from the FY 2013 performance audit
      of the charge card program had been implemented.

     HRK began the FY 2014 financial statement audit of the EEOC. An entrance
      conference was held on March 6, 2014. This year represents the final option


5
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                       Equal Employment Opportunity Commission

       year of the OIG’s contract with HRK, and the OIG is preparing a new request
       for proposals to obtain bids to conduct the 2015 financial statement audit.

     The OIG carried out a performance audit of the Agency’s personnel security
      program to ensure that EEOC has implemented personnel security policies and
      procedures that are in accordance with Office of Personnel Management
      guidelines and the Code of Federal Regulations.

     Ongoing investigations continue in several field offices involving ethics
      violations, conflicts of interest, fraud, mismanagement, falsification of
      government records, and impersonation of a Federal official, misuse of travel
      and purchase cards, and theft.




6
                  OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

INTRODUCTION

The Equal Employment Opportunity Commission

The Equal Employment Opportunity Commission (EEOC) is the Federal agency
responsible for enforcement of Title VII of the Civil Rights Act of 1964, as amended;
the Equal Pay Act of 1963; the Age Discrimination in Employment Act of 1967;
Section 501 of the Rehabilitation Act of 1973 (in the Federal sector only); Title I of the
Americans with Disabilities Act of 1990 and Americans with Disabilities Act
Amendments Act of 2008; the Civil Rights Act of 1991; the Lilly Ledbetter Fair Pay
Act of 2009; and the Genetic Information Nondiscrimination Act of 2008 (P.L. 110-233
Stat 881), also referred to as GINA. These statutes prohibit employment discrimination
based on race, sex, color, religion, national origin, age, disability, or genetic
information.

The EEOC is also responsible for carrying out Executive Order 12067, which promotes
coordination and minimizes conflict and duplication among Federal agencies that
administer statutes or regulations involving employment discrimination.

The EEOC is a bipartisan commission composed of five presidentially appointed
members, including a Chair, a Vice Chair, and three Commissioners. The Chair is
responsible for the administration and implementation of policy and for the financial
management and organizational development of the Commission. The Vice Chair and
the Commissioners equally participate in the development and approval of the policies
of the EEOC, issue charges of discrimination where appropriate, and authorize the
filing of lawsuits. Additionally, the President appoints a General Counsel, who is
responsible for conducting litigation under the laws enforced by the Commission.

The Office of Inspector General

The U.S. Congress established the Office of Inspector General (OIG) at the EEOC
through the 1988 amendments to the Inspector General Act of 1978, which expanded
the authority of designated Federal entities to create independent and objective OIGs.
Under the direction of the Inspector General (IG), the OIG meets this statutory
responsibility by conducting and supervising audits, evaluations, and investigations
relating to the programs and operations of the Agency; providing leadership and
coordination; and recommending policies for activities designed to promote economy,
efficiency, and effectiveness in the administration of programs and operations.




7
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

In October 2008, Congress passed the Inspector General Reform Act of 2008, which
generally buttressed the independence of IGs, increased their resources, and held them
more accountable for their performance. The OIG is under the supervision of the IG, an
independent EEOC official subject to the general supervision of the Chair. The IG must
not be prevented or prohibited by the Chair or any other EEOC official from initiating,
carrying out, or completing any audit, investigation, evaluation, or other inquiry or
from issuing any report.

The IG provides overall direction, coordination, and leadership to the OIG; is the
principal advisor to the Chair in connection with all audit and investigative matters
relating to the prevention, identification, and elimination of waste in any EEOC
program or operation; and recommends the proper boundaries of audit and investigation
jurisdiction between the OIG and other EEOC organizations. The IG also develops a
separate and independent annual budget for the OIG; responds directly to inquiries from
the public, Congress, or the news media; and prepares press releases, statements, and
other information about the OIG’s activities.

The Deputy Inspector General (DIG) serves as the alter ego of the IG and participates
fully in policy development and in management of the diverse audit, investigation,
evaluation, and support operations of the OIG.

The Counsel to the Inspector General (CIG) is the sole legal advisor in the OIG. The
CIG provides day-to-day guidance to the OIG’s investigation team and is the primary
liaison with Agency legal components and the Department of Justice.

In addition to these positions, the OIG staff includes a chief technology officer, an
evaluator, two auditors, two criminal investigators, an administrative specialist, and a
confidential support assistant.

The OIG was recently granted authority to hire and is currently recruiting to fill the
positions of the DIG and a staff auditor. It is anticipated that these positions will be
filled during the third quarter of FY 2014.

During this reporting period, the OIG continued updating its information technology
infrastructure. All aspects of our infrastructure development are documented in our
Information Technology Work Plan (ITWP). The ITWP links directly with the
office’s Information Technology Strategic Plan. The ITWP will guide OIG efforts in
planning future IT evaluation and audit projects as well as internal OIG IT
infrastructure initiatives.




8
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

The OIG strategically incorporates technology to improve its business processes,
practices, planning, collaboration, and products rather than adopting new and
emerging technologies simply because they are deemed to be on the leading edge.

Work currently under way includes the following:

     The OIG’s newly designed website is in the final phase of development. The
      new website will be used as a mechanism to provide: (1) greater transparency
      in the operations of the OIG by enhancing access to audit and evaluation
      reports and other public documents; (2) an improved electronic portal for the
      public to use in reporting fraud, waste, and abuse; and (3) a medium to
      implement the use of social media to enhance our ability to reach and inform
      our stakeholders about the OIG’s vision, mission, and operations. The website
      is currently under final design review and testing. The launch of the new
      website is scheduled for the fourth quarter of FY 2014.

     The OIG is transferring its information systems into a Federal Risk and
      Authorization Management Program (FedRAMP)-approved cloud. We are in
      the initial phases of choosing a contractor to migrate our systems to the cloud.
      Planning for this endeavor is scheduled to be completed by June 2014, and full
      implementation should be completed by the first quarter of fiscal year 2015.

     Work on the implementation of OIG’s automated audit tracking system
      (AutoAudit) has been put on hold until OIG completes its infrastructure
      migration.




9
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                          Equal Employment Opportunity Commission



                   THE AUDIT AND EVALUATION PROGRAM

                   The Audit and Evaluation Program supports the OIG’s strategic goal
                   of improving the economy, efficiency, and effectiveness of EEOC
                   programs, operations, and activities.



COMPLETED PROJECTS

Audit of the EEOC’s Fiscal Year 2013 Financial Statements (OIG Report No. 2013-
FIN-01)

The independent certified public accounting firm of Harper, Rains, Knight &
Company, P.A. (HRK), audited the financial statements of the EEOC for FY 2013.
HRK issued an unmodified opinion on EEOC’s FY 2013 financial statements. In the
firm’s Report on Internal Control over Financial Reporting, HRK noted one area
involving internal control and its operation that was considered to be a significant
deficiency. This included the lack of sufficient controls over supporting documentation
for personnel expenses. In the Report on Compliance with Applicable Laws and
Regulations, HRK noted no instances of noncompliance with laws and regulations
applicable to the Agency. The report was issued by the OIG on December 16, 2013.

Management Letter Report for FY 2013 Financial Statement Audit (OIG Report No.
2013-02-FIN)

On January 31, 2014, the OIG issued the Management Letter Report for the FY 2013
financial statement audit prepared by Harper, Rains, Knight & Company, P.A. (HRK).
Internal control weaknesses were identified in the following areas:

        Lack of sufficient controls over supporting documentation for personnel expenses
        Inaccurate reconciliation of data
        Inaccurate recording of depreciation
        Lack of documented management review
        Budget object class misclassifications
        Inaccurate and incomplete property information
        Deficiencies in EEOC’s charge card policies and procedures and internal
         controls

HRK recommended the following:



10
                     OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission

      EEOC should update its controls over the maintenance of its official personnel
       files. Additionally, management should perform a thorough review of
       employees’ personnel files to ensure that documentation is current and complete.

      EEOC should work toward prompt resolution of these differences, as this is an
       essential component of financial data integrity, and its absence compromises the
       integrity of the financial reporting.

      EEOC should update the FCS software to calculate depreciation on a monthly
       basis.

      EEOC management should consistently review and approve all documents as
       prescribed by its policies and procedures.

      EEOC should discontinue its use of a “zero” object class when recording
       transactions.

      EEOC should ensure that its property records contain accurate and complete
       property information. A review should be conducted at least annually, but
       preferably semiannually.

      EEOC should determine controls to prevent waste, fraud, and misuse in the
       credit card program. On an annual basis, EEOC should review and update the
       Charge Card Program Guide for substantial changes. Additionally, EEOC should
       monitor the controls to ensure that they are working effectively.

Management agreed with the findings and recommendations. HRK will perform
procedures in FY 2014 to determine whether EEOC’s corrective action plans
adequately address the recommendations.

Independent Evaluation of EEOC’s Compliance with the Provisions of the Federal
Information Security Management Act of 2002
For FY 2013, the EEOC OIG contracted with Brown & Company CPAs, PLLC, to
conduct an independent evaluation of EEOC’s compliance with the provisions of the
Federal Information Security Management Act of 2002 (FISMA). FISMA requires
agencies to develop, document, and implement an agency-wide information security
program to protect the information and information systems that support the operations
and assets of the agency, including those provided or managed by another agency,
contractor, or other source.
Based on the results of its evaluation, Brown & Company concluded that the Agency
has made positive strides over the last year in addressing information security


11
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission

weaknesses and continues to make progress in becoming fully FISMA compliant.
However, the Agency still faces challenges in fully implementing information
security requirements as stipulated in various federal guidelines and mandates. Brown
& Company listed in its report the following areas of concern:

      Implementation of a continuous monitoring policy and procedures
      Improvement to the physical access security controls for headquarters and the
       alternate telecom site
      Improvement to the configuration management policies and procedures
      Implementation of multifactor authentication for physical and logical access
      Resolution of internal vulnerability assessment results

Agency Compliance with the Federal Managers’ Financial Integrity Act

Agency policy directive EEOC Order 195.001 Management Accountability and
Controls requires the OIG to annually provide a written advisory to the head of the
Agency regarding whether the management control evaluation process complied with
OMB guidelines. The OIG issued its annual report to the Chair on December 11, 2013,
validating the Agency’s compliance with the Federal Managers’ Financial Integrity Act
(FMFIA). To make this determination, the OIG reviewed the following:

            Assurance statements submitted by headquarters and district office
             directors attesting that their systems of management accountability and
             control were effective and that use of resources under their control was
             consistent with the Agency’s mission and in compliance with the laws and
             regulations set out in FMFIA
            All functional area summary tables and functional area reports submitted
             by headquarters and field offices
            The Office of Research, Information and Planning’s (ORIP’s) FY 2013
             FMFIA Assurance Statement and Assurance Statement Letter, with
             supporting documents

The OIG concluded that the Agency’s management control evaluation was conducted in
accordance with OMB’s standards and concurred with ORIP’s assertion that the Agency
had no material weaknesses during the reporting cycle.

Report on Agency Progress in Implementing Charge Card Abuse Prevention Act of
2012

In accordance with the audit and reporting requirements of the Charge Card Abuse
Prevention Act of 2012 (Charge Card Act), on January 30, 2014, the OIG reported to
OMB that none of the 10 recommendations from OIG’s performance audit of the charge


12
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                       Equal Employment Opportunity Commission

card program (Report No. 2012-08-PURCH) had been closed. The OIG intends to
conduct additional testing during the FY 2014 financial statement audit and work with
the Agency’s audit follow-up official to address these recommendations.

NEW AND ONGOING AUDIT AND EVALUATION PROJECTS

FY 2014 Audit of the Consolidated EEOC Financial Statements

The OIG contracted with Harper, Rains, Knight & Company, P.A., to perform the
2014 financial statement audit of EEOC, which is required by the Accountability of Tax
Dollars Act of 2002. An entrance conference was held on March 6, 2014. Fieldwork is
ongoing, and issuance of the audit opinion is expected by November 15, 2014, to meet
OMB’s deadline and be included in the Agency’s 2014 Performance and Accountability
Report. Additionally, the auditor will issue a Management Letter Report identifying any
internal control weaknesses shortly thereafter.

Improper Payments Reporting for FY 2013

The OIG has requested information from EEOC management to assist in identifying
and reporting erroneous or improper payments relating to FY 2013. The Improper
Payment Information Act (IPIA) of 2002, as amended by the Improper Payments
Elimination and Recovery Act (IPERA) of 2010, requires agencies to estimate and
report on improper payments, and agency actions to reduce them, to the President and
Congress. This year, IPERA requires the OIG to determine and report, by April 15,
2014, whether the Agency is in compliance with IPIA.

Cooperative Audit Resolution and Oversight Initiative

The OIG continued work on its Cooperative Audit Resolution and Oversight Initiative
(CAROI), launched in 2012, and continues to achieve improvements in its relationship
with the auditees and Agency audit follow-up officials. These improvements have
resulted in the closure of a number of unresolved audit recommendations, better
communication among participants in the Audit Follow-up Program, improved accuracy
in audit follow-up reporting, and better overall implementation of the audit follow-up
process. An advisory report on CAROI, originally scheduled for the third quarter of
FY 2013, is now planned for the third quarter of FY 2014.

Open Government and Transparency Progress Review

On December 8, 2009, OMB issued Memorandum M10-06, known as the “Open
Government Directive” (OGD). It requires executive agencies to take specific actions to
implement the three principles of transparency, participation, and collaboration that


13
                  OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

form the cornerstone of open government set forth by the President. On July 15, 2011,
the OIG issued a management advisory on EEOC’s Open Government activities. The
OIG’s progress review focuses on EEOC Open Government and related activities from
July 16, 2011, to the present. During September 2013, EEOC circulated, within the
Agency, a draft update to its Open Government Plan. Once the OIG has reviewed the
final plan, we will issue our progress report.

Evaluation of Outreach and Education

The objective of this evaluation is to assess the efficiency and effectiveness of EEOC’s
Outreach and Education program. The OIG met with key headquarters personnel who
are knowledgeable about Outreach and Education and gathered background information
about the program. The OIG will award a contract for the evaluation, with work to
commence the fourth quarter of FY 2014.


Performance Audit of the Agency’s Personnel Security Program.
The OIG is conducting a performance audit of the Agency’s personnel security
program. The objective of this audit is to ensure that EEOC has implemented a
personnel security program that adheres to the policies and procedures required by the
Office of Personnel Management and the Code of Federal Regulations. The OIG
contracted with Williams Adley & Company–DC, LLP, to conduct the performance
audit, and a final report will be issued during the fourth quarter of FY 2014.

Windows XP Security and Desktop Migration
Microsoft Windows XP is the official operating system for the Agency’s computers. On
April 8, 2014, Microsoft will discontinue its support of XP. Entities still using
Windows XP after that date will no longer receive support from Microsoft for security
updates that protect computers from unauthorized attacks, harmful viruses, etc. The
EEOC plans to continue using Windows XP until the fall 2014, at which time it is
scheduled to complete its migration to the Windows 7 operating system, which is
supported by Microsoft. During the interim, the Agency’s Office of Information
Technology (OIT) plans to implement compensating security controls to minimize the
risk of the Agency’s continued use of the Windows XP operating system. The OIG is
conducting a review of the OIT’s progress associated with the migration to Windows 7,
and the implementation of those compensating security controls for Windows XP.




14
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission



AUDIT FOLLOW-UP

Audit follow-up is an integral part of good management and is a shared responsibility of
Agency management officials and auditors. Corrective action taken by management to
resolve findings and recommendations is essential to improving the effectiveness and
efficiency of Agency operations.

Section 5(a)(1) of the Inspector General Act of 1978, as amended, requires that
semiannual reports include a summary description of significant problems, abuses, and
deficiencies relating to the Agency’s administration of programs and operations
disclosed by the OIG during the reporting period. Five new reports were issued during
this reporting period (October 1, 2013–March 31, 2014); three of those reports
contained findings.

                     Reports Issued During This Reporting Period

     Fiscal Year   Report Number                Report Title                  Date Issued
        2013        2013-FIN-01              FY 2013 Financial                12/16/2013
                                           Statement Audit of the
                                                   EEOC
        2013         2013-02-FIN           FY 2013 Management                 01/31/2014
                                                Letter Report
        2013       2013-05-FISMA          FY 2013 FISMA Report                12/05/2013
        2013       2014-01-CARD          Report to OMB on Agency              01/30/2014
                                         Progress in Implementing
                                             Charge Card Abuse
                                           Prevention Act of 2012
        2013         2013-07-AIC          Agency Compliance with              12/11/2013
                                           the Federal Managers’
                                           Financial Integrity Act
                                                  (FMFIA)

As required by Section 5(a)(3) of the Inspector General Act of 1978, as amended,
semiannual reports shall provide an identification of each significant recommendation
described in previous semiannual reports on which corrective action has not been
completed. OIG staff met with Agency follow-up officials in March 2014. The OIG is
reporting a total of 13 reviews with a total of 37 open recommendations for this
reporting period. The following table shows those recommendations for which
corrective actions have not been completed.




15
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                               Equal Employment Opportunity Commission

        Recommendations for Which Corrective Actions Have Not Been Completed

     Fiscal
     Year       Report Number                         Report Title                           Date Issued
     2013        2012-09-REV                     Review of Evaluations                       04/09/2013

                                          Open Recommendations:
             EEOC should further standardize intake procedures across field offices.
             EEOC should document criteria for determining Category C charges.
             EEOC should continue efforts to develop a national approach for addressing systemic
              discrimination.
             EEOC should continue to review the range of information obtained during intake
              interviews and how it is stored in IMS.
             EEOC should investigate the merits of expanding the information it obtains related to
              hiring and terminations.


     Fiscal
     Year       Report Number                         Report Title                           Date Issued
     2013         2012-01-FIN        FY 2012 Financial Statement Audit Report                11/16/2012

                                  Open Recommendations:
        EEOC should update controls over maintenance of personnel files and perform a
         thorough review of employees’ personnel files to insure that documentation is current
         and complete.
        EEOC should document and monitor implementation of all complementary user
         control considerations.
        EEOC should implement stringent reconciliation and resolution procedures for the
         reconciliation of management reports and sub-ledgers to FCS general ledger data.



     Fiscal
     Year       Report Number                         Report Title                           Date Issued
     2013           2012-03-            FY 2012 Federal Information Security                 11/14/2012
                     FISMA                   Management Act Report

                                    Open Recommendations:
        EEOC should implement multifactor authentication for network access to non-
         privileged and privileged accounts.


16
                        OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                           Equal Employment Opportunity Commission

        EEOC management should ensure that all network users have read and signed
         acknowledgment of receipt of the Information Security Responsibilities of EEOC
         System Users and that forms are managed in a centralized location.
        EEOC management should revise the Agency’s policy to correctly reflect the entire
         severity rating list published by the United States Computer Emergency Readiness
         Team (US-CERT).


     Fiscal
     Year     Report Number                        Report Title                           Date Issued
     2013      2012-02-FIN        FY 2012 Financial Statement Management                  12/19/2012
                                               Letter Report

                                  Open Recommendations:
        EEOC should document and monitor implementation of all complementary user
         control considerations.
        EEOC should implement stringent reconciliation and resolution procedures for
         reconciliation of management reports and sub-ledgers to FCS general ledger data.
        EEOC should calculate and record depreciation in FCS on a monthly basis.


     Fiscal
     Year     Report Number                        Report Title                           Date Issued
     2013     2012-10-PMEV       Evaluation of EEOC’s Performance Measures                03/21/2013

                                      Open Recommendations:
        EEOC should expand the new Strategic Enforcement Plan (SEP) requirement for
         quarterly reviews to include not only SEP progress reflected in the latest EEOC
         performance reports. EEOC management would likely benefit considerably from the
         implementation of quarterly data-driven reviews such as those required by large
         Federal agencies.
        EEOC should provide Commissioners and managers with easy access to relevant
         disaggregation of outcome values. Outcome data would be broken out by such
         characteristics as priority level, industry, and key characteristics of charging parties.


     Fiscal
     Year     Report Number                        Report Title                           Date Issued
     2013       2012-08-           Performance Audit of EEOC Charge Card                  03/28/2013
                PURCH                            Program


17
                     OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission




                                     Open Recommendations:
        EEOC should perform further analysis on the government charge card operations to
         identify all the controls that should be implemented per OMB directives, including
         the identification of procedures performed using the new accounting system (FCS) as
         well as the current duties of personnel interacting with the system. Specifically,
         EEOC should meet with all process lead personnel to determine what controls are or
         should be in place to ensure that fraud, waste, abuse, and misuse are not present in
         the charge card program; identify all requirements in OMB Circular A-123,
         Appendix B, and determine the procedures necessary to comply with the
         requirements; and ensure that policies and procedures are reviewed on an annual
         basis, or more frequently if substantial changes have occurred in EEOC’s systems or
         laws and regulations have been issued, to ensure that policies and procedures are
         appropriate for the current environment.
        EEOC should develop a system to (1) identify and track all charge card activity,
         including open accounts, closed accounts, cardholder approver levels, and
         cardholder training; (2) perform an evaluation of service providers’ controls over the
         charge card program to ensure that controls are appropriate and operating
         effectively; and (3) monitor all controls, whether performed at EEOC or at a service
         provider, at least annually, to ensure that controls remain adequate and continue to
         operate effectively.
        EEOC should develop policies and procedures to identify and track all cardholder-
         required training. Documentation should be maintained following National Archives
         and Records Administration (NARA) requirements for cardholders who have
         successfully completed training requirements.
        EEOC should develop controls over the retention of application documents for
         charge card accounts.
        EEOC should monitor controls over transaction approval, whether performed at
         EEOC or at a service provider.
        EEOC should implement policies and procedures regarding record retention for
         purchase and travel card transactions.
        EEOC should improve controls over the closure of charge card accounts. The
         Purchase Card Program Manager should maintain documentation of all account
         closures, electronically or in hard copy, including the name of the DRM or the
         Agency’s Organizational Program Coordinators who received the employee’s charge
         card, the date the card was turned in, the date of card destruction, and the date
         confirmation of account closure was received from the charge card vendor.
        EEOC should develop and implement policies to require reviews of total cardholder
         activity to ensure compliance with monthly spending authority for all cardholders.
         Documentation of authority to exceed cardholders’ spending limits should be


18
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                           Equal Employment Opportunity Commission

         maintained by management. Penalties for exceeding authorized spending limits
         should be established and enforced.
        EEOC should develop and implement policies and procedures to use data mining to
         monitor charge card activity.
        EEOC should consider supplementing the listing of disallowed merchant category
         codes used by the charge card vendor with additional disallowed codes based on
         EEOC’s policies on purchase and travel expenses.


     Fiscal
     Year     Report Number                       Report Title                           Date Issued
     2012       2011-05-        Federal Information Security Management Act              11/17/2011
                 FISMA                             Report

                                    Open Recommendations:
        EEOC should implement multifactor authentication for network access to non-
         privileged and privileged accounts.


     Fiscal
     Year        Report                           Report Title                           Date Issued
                Number
     2010     2010-04-FIN            FY 2010 Financial Statement Audit                   02/07/2011
                                        Management Letter Report

                                     Open Recommendations:
        EEOC should implement and document the implementation of all applicable client
         control considerations provided by the service provider. The documentation should
         be readily available for review and shared with all relevant EEOC offices.


     Fiscal
     Year     Report Number                       Report Title                           Date Issued
     2010       2010-07-        Federal Information Security Management Act              11/01/2010
                 FISMA                             Report

                                Open Recommendations:
        EEOC should implement multifactor authentication.




19
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission

     Fiscal
     Year     Report Number                       Report Title                           Date Issued
     2009      2009-05-FIN          FY 2009 Financial Statement Audit            01/12/2010
                                         Management Letter Report
        EEOC should ensure that all users’ accounts are assigned to a unique individual;
         ensure that all data network and e-mail accounts are created and authorized in
         accordance with EEOC policies and procedures; disable network and e-mail accounts
         that have not been used within 30 days, as mandated by the Office of Information
         Technology’s (OIT’s) controls for creating, changing, and terminating system
         accounts policy; ensure that all offices comply with the required annual user account
         confirmation procedures listing within the EEOC OIT policy on creating, changing,
         and terminating system accounts. (Finding repeated in FY 2010 management letter.)
        EEOC should update the network vulnerability scan policies and procedures to
         ensure that the volume of medium- and high-risk vulnerabilities identified as a result
         of scanning is in accordance with industry standards. (Finding repeated in FY 2010
         management letter.)
        EEOC management should develop and implement policies and procedures for
         outsourced applications to ensure that application security violations are
         appropriately reviewed and reported. (Finding repeated in FY 2010 management
         letter.)



     Fiscal      Report
     Year       Number                        Report Title                 Date Issued
     2008     2008-12-AEP     FY 2008 Independent Audit of EEOC Privacy     09/30/2008
                                               Program
                                    Open Recommendations:
        EEOC should continue with the planned action to implement two-factor
         authentication together with the implementation of badges per Homeland Security
         Presidential Directive 12.



     Fiscal      Report
     Year        Number                        Report Title                              Date Issued
     2008     2008-03-AMR         Oversight of Federal Agency Reporting                  09/26/2008
                                 Management Directive 715 (MD-715) and
                                              Related Topics
                                    Open Recommendations:


20
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                           Equal Employment Opportunity Commission

        EEOC should require Federal agencies to submit Part G of their Equal Employment
         Opportunity assessment with their annual MD-715 submissions.


     Fiscal
     Year     Report Number                       Report Title                           Date Issued
     2008       2007-11-         Performance Audit of the Equal Employment         08/26/2008
                RFPERF              Opportunity Commission’s Education,
                                 Training, and Technical Assistance Program
                                                Revolving Fund
                                      Open Recommendations:
        EEOC should approve the establishment of the EEOC Training Institute Steering
         Committee.
        EEOC should update the Revolving Fund Business Plan to reflect the Agency’s
         strategic direction, vision, and goals over the next three to five years.
        EEOC should seek professional assistance to develop a more effective budgeting
         method to project financial information in order to plan training events and monitor
         goals.

As required by Section 5(a) (10) of the Inspector General Act of 1978, as amended,
semiannual reports shall include a summary of each audit report issued before the start
of the reporting period for which no management decision has been made by the end of
the reporting period. The OIG has no audit or evaluation reports that were issued
before the reporting period began for which no management decision has been made.




21
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
             Equal Employment Opportunity Commission



     THE INVESTIGATION PROGRAM

     The Investigation Program supports the OIG’s strategic goal of
     focusing limited investigative resources on issues that represent the
     greatest risk and offer the maximum opportunity to detect and prevent
     fraud, waste, and abuse in EEOC programs and operations.


                  INVESTIGATIVE INQUIRIES


               Investigative Inquires Received
               October 1, 2013–March 31, 2014

               Allegations                   Number


     Charge Processing                                   114

                                                          32
     Other Statutes

     Title VII                                           124

     Mismanagement                                         2

     Ethics Violations                                     1

     Backgrounds                                           1

     Theft                                                 2

     Threats                                               0

     Fraud                                                 5

     Other Criminal Allegations                            1

     Congressional Inquiries                               2

     Total                                               284




22
       OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission



COMPLETED INVESTIGATIVE ACTIVITIES

Purchase Card Fraud

The OIG completed the investigation of an employee who made personal purchases
using a government Citibank purchase card. During the investigation, the OIG found
that beginning on or about November 23, 2011, and continuing through August 28,
2013, the employee, while acting in her official capacity, purchased American Express
Gift Cards with the government purchase card under the pretence of paying for
authorized Agency litigation services. The employee used fraudulent obligation
documents, invoices, and receipts to cover up a scheme to defraud EEOC of $59,000.
Over the course of the employee’s scheme, she used government funds to purchase a
total of 23 American Express Gift Cards, which were used to make payments on a
timeshare, vacations, a car, phone service, and storage, as well as numerous local retail
purchases.

The employee has been charged with theft/embezzlement of $59,000 from the EEOC
purchase card program. The employee is awaiting arraignment, indictment, and trial.
The OIG is referring this matter to the EEOC’s Office of General Counsel (OGC) for
civil remedies to recover the funds.

ONGOING INVESTIGATIVE ACTIVITY

The OIG has ongoing investigations in several field offices involving ethics violations,
conflicts of interest, fraud, mismanagement, falsification of government records,
impersonation of a Federal official, misuse of travel and purchase cards, theft of
government property, misuse of computers, and threats against the Agency.




23
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                       Equal Employment Opportunity Commission

OTHER OIG PROGRAM ACTIVITIES

Peer Review of EEOC Audit Organization

The National Labor Relations Board (NLRB) Office of Inspector General completed a
peer review of the audit organization of the EEOC OIG for the three-year period ended
March 31, 2011. The EEOC OIG received a rating of “pass,” which is the highest
peer-review rating, signifying that the EEOC OIG’s system of quality control was
suitably designed to provide reasonable assurance of performing and reporting in
conformity with applicable professional standards. A copy of the NLRB system review
report is available on our Website at http://www.eeoc.gov/eeoc/oig//peer_review.cfm.
The audit organization of the EEOC OIG will be undergoing its next peer review
during the third quarter of FY 2014. The review will be conducted by the U.S. Postal
Regulatory Commission.




24
                  OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission



APPENDIX I. FINAL OFFICE OF INSPECTOR GENERAL AUDIT AND
EVALUATION REPORTS


                                                                    Funds Put
                                                   Questioned                      Unsupported
          Report Title            Date Issued                        to Better
                                                     Costs                            Costs
                                                                        Use

     FY 2013 FISMA Report           12/05/13                  $0             $0             $0

Agency Compliance with the
Federal Managers’ Financial
  Integrity Act (FMFIA)             12/11/13                  $0             $0             $0

 FY ’13 Financial Statement
    Audit of the EEOC               12/16/13                  $0             $0             $0

 Report to OMB on Agency
 Progress in Implementing
    Charge Card Abuse
  Prevention Act of 2012           1/30/2014                  $0             $0             $0

 FY ’13 Management Letter
         Report                    1/31/2014                  $0             $0             $0




25
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission

APPENDIX II. INDEX OF REPORTING REQUIREMENTS


Inspector General
                                       Reporting Requirements                             Page
   Act Citation

Section 4(a)(2)      Review of Legislation and Regulations                               N/A
Section 5(a)(1)      Significant Problems, Abuses, and Deficiencies                      10–24
                     Recommendations with Respect to Significant Problems,
Section 5(a)(2)                                                            10–13
                     Abuses, and Deficiencies
                     Significant Recommendations Included in Previous
Section 5(a)(3)      Reports on Which Corrective Action Has Not Been 16–21
                     Completed
Section 5(a)(4)      Matters Referred to Prosecutorial Authorities                       N/A
Section 5(a)(5)      Summary of Instances Where Information Was Refused                  N/A
Section 5(a)(6)      List of Audit Reports                                               25
Section 5(a)(7)      Summary of Significant Reports                                      10–13
Section 5(a)(8)      Questioned and Unsupported Costs                                    25
Section 5(a)(9)      Recommendations That Funds Be Put to Better Use                     25
                     Summary of Audit Reports Issued Before the
Section 5(a)(10)     Commencement of the Reporting Period for Which No 22
                     Management Decision Has Been Made
                     Significant Management Decisions That Were Revised
Section 5(a)(11)                                                        N/A
                     During the Reporting Period
                     Significant Management Decisions with Which the
Section 5(a)(12)                                                     N/A
                     Office of Inspector General Disagreed




26
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                        Equal Employment Opportunity Commission

APPENDIX III. SINGLE AUDIT ACT REPORTS

The Single Audit Act of 1984 requires recipients of Federal funds to arrange for audits
of their activities. Federal agencies that award these funds must receive annual audit
reports to determine whether prompt and appropriate corrective action has been taken
in response to audit findings. During the reporting period, the OIG reviewed three audit
reports issued by public accounting firms concerning Fair Employment Practice
Agencies (FEPAs) that have work-sharing agreements with EEOC. There were no audit
findings for the FEPAs that involved EEOC funds.

                           SINGLE AUDIT ACT REPORTS

 State of Colorado (Revised), June 30, 2012            State of Wisconsin, June 30, 2012

 State of Alaska (Revised), June 30, 2012




27
                   OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
          Equal Employment Opportunity Commission




              This page intentionally left blank




28
     OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
                         Equal Employment Opportunity Commission




     EEOC-OIG The Hotline

     The EEOC Hotline Program was established for Agency employees, other
     Government employees, contractors, and the general public to report fraud, waste,
     abuse, or wrongdoing by phone, e-mail, or by mail.

     What Should you Report

     You should report any concern you may have over a situation in which EEOC is
     the potential victim of fraudulent acts by employees, contractors, or others. It
     includes any violations of laws, rules, regulations, gross mismanagement, gross
     waste or misappropriation of funds, and abuses of authority


     OIG Hotline Contact Information


                           Call:
                           EEOC-OIG Hotline
                           Toll-free 1-800-849-4230


                          E-Mail:
                          INSPECTOR.GENERAL@EEOC.GOV



                          Write:
                          Equal Employment Opportunity Commission
                          Office of Inspector General
                          PO Box 77067
                          Washington, DC 20013-7067

       Identities of Writers, E-mailers, and Callers are always Fully Protected



29
                    OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014
          Equal Employment Opportunity Commission




30
     OIG Semiannual Report to Congress   October 1, 2013–March 31, 2014