U.S. Equal Employment Opportunity Commission Office of Inspector General Semiannual Report to the U.S. Congress October 1, 2014–March 31, 2015 Milton A. Mayo Jr. Inspector General EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THIS PAGE INTENTIONALLY LEFT BLANK 2 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT OIG VISION Effective, efficient and accountable management of Agency programs, operations and personnel. OIG MISSION To detect and prevent waste, fraud, and abuse, and promote economy, efficiency, and effectiveness in the programs and operations of the Equal Employment Opportunity Commission. 3 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THIS PAGE INTENTIONALLY LEFT BLANK 4 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT CONTENTS Message from the Inspector General ………………………………………...…6 Executive Summary …………………………………………………………….7 Introduction ……………………………………………………………………..8 The Audit and Evaluation Program ……………………………………………10 Completed Projects New and Ongoing Audit and Evaluation Projects Audit Follow-up The Investigation Program …………………………………………………….25 Investigations Ongoing Investigative Activity Other OIG Program Activities ………………………………………….……..26 Appendixes…………………………………………………………………… 27 Appendix I. Final OIG Audit and Evaluation Reports Appendix II. Index of Reporting Requirements Appendix III. Single Audit Act Reports 5 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THIS PAGE INTENTIONALLY LEFT BLANK =MCTOR GENERAL 6 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Message from the Inspector General In accordance with the Inspector General Act of 1978, as amended, I herewith submit the semiannual report for the period October 1, 2014, through March 31, 2015, which summarizes the major activities of our office for the reporting period. Section 5 of the Inspector General Act requires the Chair to transmit this report to the appropriate committees or subcommittees of Congress within 30 days of its receipt. During this period, the Office of Inspector General (OIG) issued 4 final audit/evaluation reports, completed 1 investigation, and received 333 investigative inquiries, of which 134 were charge processing issues, 132 were Title VII complaints, and 30 were investigative allegations. We remain resolute in our commitment to our mission and the U.S. Equal Employment Opportunity Commission’s efforts to achieve justice and equality in the workplace. We would like to take this opportunity to welcome the Honorable Charlotte A. Burrows to the Commission. We appreciate the support and cooperation of Chair Jenny Yang, the Commissioners, and the employees of the Commission. Respectfully, Milton A. Mayo Jr. Inspector General April 30, 2015 7 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT EXECUTIVE SUMMARY This semiannual report is issued by the Equal Employment Opportunity Commission’s (EEOC’s) Office of Inspector General (OIG) pursuant to the Inspector General Act of 1978, as amended. It summarizes the OIG’s activities and accomplishments for the period October 1, 2014, through March 31, 2015. During this period, the OIG issued 5 final audit/evaluation reports, completed 1 investigation, and received 333 investigative inquiries, of which 134 were charge processing issues, 132 were Title VII complaints, and 30 were investigative allegations. The OIG’s completed, newly initiated, and ongoing audit, evaluation, and investigative projects include the following: Harper, Rains, Knight & Company, P.A. (HRK), audited the financial statements of EEOC for fiscal year (FY) 2014 and issued an unmodified opinion on the FY 2014 financial statements. In its Report on Internal Control over Financial Reporting, HRK noted two areas involving internal control that were considered to be significant deficiencies: (1) the lack of sufficient controls over supporting documentation for personnel expenses, and (2) a lack of controls over financial management. Brown & Company CPAs, PLLC (Brown & Company), conducted and independent evaluation of EEOC’s compliance with the provisions of the Federal Information Security Management Act of 2002 (FISMA). FISMA requires agencies to develop, document, and implement an agency-wide information security program to provide security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Agency policy directive EEOC Order 195.001 Management Accountability and Controls requires the OIG to annually provide a written advisory to the head of the Agency regarding whether the management control evaluation process complied with OMB guidelines. The OIG issued its annual report to the Chair on November 14, 2014, validating the Agency’s compliance with the Federal Managers’ Financial Integrity Act of 1982 (FMFIA). Ongoing investigations continue in several field offices involving ethics violations, conflicts of interest, fraud, mismanagement, falsification of government records, and impersonation of a Federal official, misuse of travel and purchase cards, and theft. 8 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT INTRODUCTION The Equal Employment Opportunity Commission The Equal Employment Opportunity Commission (EEOC) is the Federal agency responsible for enforcement of Title VII of the Civil Rights Act of 1964, as amended; the Equal Pay Act of 1963; the Age Discrimination in Employment Act of 1967; Section 501 of the Rehabilitation Act of 1973 (in the Federal sector only); Title I of the Americans with Disabilities Act of 1990 and Americans with Disabilities Act Amendments Act of 2008; the Civil Rights Act of 1991; the Lilly Ledbetter Fair Pay Act of 2009; and the Genetic Information Nondiscrimination Act of 2008 (P.L. 110-233 Stat 881), also referred to as GINA. These statutes prohibit employment discrimination based on race, sex, color, religion, national origin, age, disability, or genetic information. The EEOC is also responsible for carrying out Executive Order 12067, which promotes coordination and minimizes conflict and duplication among Federal agencies that administer statutes or regulations involving employment discrimination. The EEOC is a bipartisan commission composed of five presidentially appointed members, including a Chair, a Vice Chair, and three Commissioners. The Chair is responsible for the administration and implementation of policy and for the financial management and organizational development of the Commission. The Vice Chair and the Commissioners equally participate in the development and approval of the policies of the EEOC, issue charges of discrimination where appropriate, and authorize the filing of lawsuits. Additionally, the President appoints a General Counsel, who is responsible for conducting litigation under the laws enforced by the Commission. The Office of Inspector General The U.S. Congress established the OIG at the EEOC through the 1988 amendments to the Inspector General Act of 1978, which expanded the authority of designated Federal entities to create independent and objective OIGs. Under the direction of the Inspector General (IG), the OIG meets this statutory responsibility by conducting and supervising audits, evaluations, and investigations relating to the programs and operations of the Agency; providing leadership and coordination; and recommending policies for activities designed to promote economy, efficiency, and effectiveness in the administration of programs and operations. In October 2008, Congress passed the Inspector General Reform Act of 2008, which generally buttressed the independence of IGs, increased their resources, and held them more accountable for their performance. The IG is an independent EEOC official, subject to the general supervision of the Chair, who provides overall leadership for the OIG. The IG must not be prevented or prohibited by the Chair or any other EEOC official from initiating, carrying out, or completing any audit, investigation, evaluation, or other inquiry or from issuing any report. 9 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT The IG provides overall direction, coordination, and leadership to the OIG; is the principal advisor to the Chair in connection with all audit and investigative matters relating to the prevention, identification, and elimination of waste in any EEOC program or operation; and recommends the proper boundaries of audit and investigation jurisdiction between the OIG and other EEOC organizations. The IG also develops a separate and independent annual budget for the OIG; responds directly to inquiries from the public, Congress, or the news media; and prepares press releases, statements, and other information about the OIG’s activities. The Deputy Inspector General (DIG) serves as the alter ego of the IG and participates fully in policy development and in management of the diverse audit, investigation, evaluation, and support operations of the OIG. The Counsel to the Inspector General (CIG) is the sole legal advisor in the OIG. The CIG provides day-to-day guidance to the OIG’s investigation team and is the primary liaison with Agency legal components and the Department of Justice. In addition to these positions, the OIG staff includes a chief technology officer, an evaluator, two auditors, two criminal investigators, an administrative specialist, and a confidential support assistant. In January 2015, the Administrative Specialist retired from federal service. This brings the total of vacant positions within the OIG to 3, including the Deputy Inspector General and Staff Auditor positions. Efforts are underway to fill all OIG vacancies during this fiscal year. Work currently under way includes the following: FY 2015 Audit of the Consolidated EEOC Financial Statements Evaluation of Outreach and Education Evaluation of Litigation Open Government and Transparency Progress Review Cooperative Audit Resolution and Oversight Initiative (CAROI) 10 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THE AUDIT AND EVALUATION PROGRAM The Audit and Evaluation Program supports the OIG’s strategic goal of improving the economy, efficiency, and effectiveness of EEOC programs, operations, and activities. COMPLETED PROJECTS Audit of the EEOC’s Fiscal Year 2014 Financial Statements (OIG Report No. 2014-01-FIN) The independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK), audited the financial statements of the EEOC for FY 2014. HRK issued an unmodified opinion on EEOC’s FY 2014 financial statements. In the firm’s Report on Internal Control over Financial Reporting, HRK noted two areas involving internal control and its operation that were considered to be significant deficiencies: (1) the lack of sufficient controls over supporting documentation for personnel expenses, and (2) a lack of sufficient controls over financial management. In the Report on Compliance with Applicable Laws and Regulations, HRK noted no instances of noncompliance with laws and regulations applicable to the Agency. The report was issued by the OIG on November 17, 2014. Management Letter Report for FY 2014 Financial Statement Audit (OIG Report No. 2014- 02-FIN) On January 13, 2015, the OIG issued the Management Letter Report for the FY 2014 financial statement audit prepared by Harper, Rains, Knight & Company, P.A. (HRK). Internal control weaknesses were identified in the following areas: Inaccurate and incomplete property information Capital assets policies and procedures need to be updated Lack of supporting documentation for charge cards Charge card transaction approval Nonpayroll expenses Noncompliance with OMB Circular A-136 Zero object class transactions HRK recommended the following: 11 EEOC should monitor and enforce its policies and procedures over sensitive property. EEOC should monitor these controls to ensure that the controls remain adequate and Page continue to operate effectively. OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT EEOC should update its policies and procedures to correctly state their current process for capital assets. EEOC should monitor and enforce its policies and procedures over record retention for purchase and travel card transactions. EEOC should monitor these controls to ensure that the controls remain adequate and continue to operate effectively. Additionally, management should enforce penalties, such as disciplinary action, including restitution to the government and/or dismissal. EEOC should implement and monitor controls to ensure that approving officials’ review and approval is documented for each purchase and travel card transaction. The policy or procedure should establish an appropriate period of time for retention of records, monitoring by the purchase card program manager, and appropriate disciplinary actions for noncompliance. EEOC should follow its guidelines for all expense transactions and develop an assessment of EEOC’s internal control process in order to proactively manage internal controls and get the most from them. EEOC should implement procedures to ensure that it has read and implemented all Federal guidance issued through the year. Management agreed with the findings and recommendations. Audit procedures will be performed in FY 2015 to determine whether EEOC’s corrective action plans adequately address the recommendations. Agency Compliance with the Federal Managers’ Financial Integrity Act Agency policy directive EEOC Order 195.001 Management Accountability and Controls requires the OIG to annually provide a written advisory to the head of the Agency regarding whether the management control evaluation process complied with OMB guidelines. The OIG issued its annual report to the Chair on November 14, 2014, validating the Agency’s compliance with the Federal Managers’ Financial Integrity Act (FMFIA). To make this determination, the OIG reviewed the following: Assurance statements submitted by headquarters and district office directors attesting that their systems of management accountability and control were effective and that use of resources under their control was consistent with the Agency’s mission and in compliance with the laws and regulations set out in FMFIA All functional area summary tables and functional area reports submitted by headquarters and field offices The Office of Research, Information, and Planning’s (ORIP’s) FY 2014 FMFIA 12 Assurance Statement and Assurance Statement Letter, with supporting documents Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT The OIG concluded that the Agency’s management control evaluation was conducted in accordance with OMB’s standards and concurred with ORIP’s assertion that the Agency had no material weaknesses during the reporting cycle. Report to Congress on Open and Unimplemented Inspector General Recommendations During this reporting period, the OIG responded to congressional requests for information from the U.S. Senate Committee on Homeland Security and Governmental Affairs and the U.S. House of Representatives Committee on Oversight and Government Reform. Both requests related to the number of EEOC OIG’s open and unimplemented recommendations. In our March 25, 2015, response to the U.S. Senate Committee on Homeland Security and Governmental Affairs, we reported a total of 49 open and unimplemented recommendations as of our latest semiannual report dated September 30, 2014. Management agreed with our recommendations, and there were no potential cost savings. There were no investigations involving GS-15 level or above employees involving misconduct not previously reported on, no instances of whistleblower retaliation, and no budgetary constraints to limit the capabilities of the IG office or instances where the Agency resisted or objected to oversight activities or delayed access to information. The OIG will continue to work with Agency management to resolve and close all open and unimplemented recommendations. Federal Information Security Management Act of 2002 For FY 2014, the EEOC OIG contracted with Brown & Company CPAs, PLLC (Brown & Company), to conduct an independent evaluation of EEOC’s compliance with the provisions of the Federal Information Security Management Act of 2002 (FISMA). FISMA requires agencies to develop, document, and implement an agencywide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Based on the results of the evaluation, Brown & Company concluded that the agency has made positive strides in addressing information security weaknesses; however, the agency still faces challenges to fully implement information security requirements as stipulated in various federal guidelines and mandates. This report contains 19 FISMA findings with 19 recommendations concerning issues as follows: Development of a risk assessment at the organization and mission-business level to include field offices 1. Development of a risk assessment at the organization and mission-business level to include field offices 2. Updating system-level risk assessment report 13 3. Improvement to Bring Your Own Device (BYOD) program Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT 4. Improvement to privacy notifications on the EEOC official website and alerts when visitors are directed to nongovernment websites 5. Improvement to virtual private network configuration settings for password length 6. Implementation of encryption to protect digital backup media during transport 7. Updating policies and procedures to include EEOC’s response time for security alerts 8. Updating policies and procedures to include file integrity process for detecting unauthorized changes to software, firmware, and information 9. Improvement to monitoring laptops issued to employees for disaster recovery and ensuring that patches and updates are installed for operating systems, antivirus software, and other security applications 10. Implementation of background checks for student interns to ensure that international visas are current 11. Improvement to the security awareness training program to ensure that all personnel in field offices who use information systems receive annual training 12. Development of policies and procedures to properly manage physical security access cards 13. Implementation of full device encryption or container-based encryption for mobile laptops 14. Development of Continuity of Operations Plan for field offices 15. Development of a telecommuting policy that meets FISMA requirements 16. Development of policies and procedures for managing shared group accounts 17. Improvement to account management procedures that includes disabling inactive accounts as required 18. Improvement to physical access control to the data center and technology storage room 19. Resolution of high and medium vulnerabilities identified from the internal vulnerability assessment 14 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT NEW AND ONGOING AUDIT AND EVALUATION PROJECTS FY 2015 Audit of the Consolidated EEOC Financial Statements The EEOC entered into a new agreement, with a multi-year option, to engage an independent certified public accountant to conduct the FY 2015 financial statement audit. Harper, Rains, Knight & Co., P.A. (HRK), was selected to perform the audit for FY 2015. The financial statement audit of the EEOC is required by the Accountability of Tax Dollars Act of 2002. HRK will be responsible for issuing an audit opinion, which will be included in the Agency’s 2015 Performance and Accountability Report. Additionally, the auditor will issue a management letter report identifying any internal control weaknesses shortly thereafter. Fieldwork is expected to begin early third quarter. Evaluation of Outreach and Education The objective of this evaluation is to assess the efficiency and effectiveness of EEOC’s Outreach and Education program. In this reporting period, the contractor (Urban Institute) gathered and analyzed information and produced a draft report, which was issued for comment on March 19, 2015. The evaluation will determine ways in which the management and conduct of outreach and education can become more effective and efficient. The evaluation will generally assess outreach and education efforts, focusing on areas where gains in efficiency and effectiveness may be obtained. Key evaluation objectives are listed below in order of probable complexity: 1. Determine how outreach and education efforts are organized and managed at EEOC. 2. Determine the financial, human, and other resources used in EEOC’s outreach and education efforts. In particular, measure the financial and other resources used for education and for outreach efforts, and assess how this information could be useful to EEOC and stakeholders. 3. Determine how EEOC establishes and accomplishes its outreach and education objectives, goals, and performance measures. 4. Determine what EEOC can learn from other organizations regarding management of outreach and education. 5. Determine how EEOC should improve its organization, management, and delivery of outreach and education. The final report will be issued in the third quarter of FY 2015. 15 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Evaluation of Litigation The objective of this evaluation, to be performed by a contractor, is to identify key areas of EEOC’s litigation planning, management, and related activities. The evaluation will summarize litigation program efforts, recommending areas for further study that could lead to gains in efficiency and effectiveness for the litigation program. In this reporting period, OIG gathered background information and held the initial customer meeting with the General Counsel. OIG briefed the General Counsel on the evaluation and obtained input for the Statement of Work (e.g., help in determining objectives and potential areas of focus). In the third quarter of 2015, OIG plans for its acquisition service provider to issue a Statement of Work and award a contract. The work will be completed by the second quarter 2016. Open Government and Transparency Progress Review On December 8, 2009, the OMB issued Memorandum M-10-06, known as the Open Government Directive (OGD). It requires executive agencies to take specific actions to implement the three principles of transparency, participation, and collaboration that form the cornerstone of open government set forth by the President. During the previous reporting period, we indicated that we would issue a progress report on the EEOC’s Open Government activities. That report will issue in the fourth quarter of FY 2015. Cooperative Audit Resolution and Oversight Initiative In this reporting period, the OIG adopted the Cooperative Audit Resolution and Oversight Initiative (CAROI) as a permanent method to resolve outstanding audit and evaluation recommendations. In the next reporting period, the OIG plans to report on our progress in implementing CAROI on several open recommendations from multiple audits/evaluations that were completed in 2014. OIG Technology Infrastructure The OIG has implemented its own information technology infrastructure to support its Audit, Investigative, and Administrative information technology requirements. The infrastructure is cloud based and is hosted by a Federal Risk and Authorization Management Program (FedRAMP)-approved cloud provider. This is currently in the final stages of beta testing, with plans to fully migrate to the new infrastructure during the third quarter of fiscal year 2015. OIG Website The OIG’s newly designed Web site (oig.eeoc.gov) was launched on March 29, 2015. This site is a new tool for the OIG that will assist in our ability to provide (1) greater transparency in the operations of the OIG by enhancing access to audit and evaluation reports and other public 16 documents; (2) an improved electronic portal for the public to use in reporting fraud, waste, and abuse; and (3) a medium to implement the use of social media to enhance our ability to reach and Page inform our stakeholders about the OIG’s vision, mission, and operations. OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT AUDIT FOLLOW-UP Audit follow-up is an integral part of good management and is a shared responsibility of Agency management officials and auditors. Corrective action taken by management to resolve findings and recommendations is essential to improving the effectiveness and efficiency of Agency operations. Section 5(a)(1) of the Inspector General Act of 1978, as amended, requires that semiannual reports include a summary description of significant problems, abuses, and deficiencies relating to the Agency’s administration of programs and operations disclosed by the OIG during the reporting period. Four new reports were issued during this reporting period (October 1, 2014– March 31, 2015); three of those reports contained findings. Reports Issued During This Reporting Period Fiscal Date Year Report Number Report Title Issued 2015 2014-01-FIN Audit of the EEOC’s FY 2014 Financial Statements 11/17/14 2015 2014-02-FIN FY 2014 Financial Statement Audit Management 01/13/15 Letter 2015 2014-08-EOIG FY 2014 Federal Information Security Management 12/16/14 Act 2015 2014-06-AIC FY 2014 Agency Compliance with FMFIA 11/14/14 As required by Section 5(a)(3) of the Inspector General Act of 1978, as amended, semiannual reports shall provide an identification of each significant recommendation described in previous semiannual reports on which corrective action has not been completed. OIG staff met with Agency follow-up officials in March 2015. The OIG is reporting 12 reviews with a total of 52 open recommendations for this reporting period. The following table shows those recommendations for which corrective actions have not been completed. 17 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Recommendations Pending Corrective Actions from Previous Reporting Periods Fiscal Date Year Report Number Report Title Issued 2014 2013-08-PSA Performance Audit of the Agency’s 9/4/14 Personnel Security Program Identify all headquarters and field offices where classified national security information is safeguarded, handled, processed, reproduced, transmitted, transported, or destroyed. Identify all EEOC employees with o current or prior access to classified national security information; o a current adjudicated security clearance and the sponsoring agency, if applicable; and o special access or interim clearance and the sponsoring agency, if applicable. Develop and implement policies and procedures to address the safeguarding, transfer, storage, or disposal of classified information. The policy should include the requirements for Memorandums of Understanding (MOUs) between agencies. Designate a senior agency official to direct and administer the program in accordance with Executive Order 13526 and 32 CFR Parts 2001 and 2003. This senior agency official/office must be provided the resources and authority to achieve compliance with the requirements associated with the Classified National Security Information program. Implement a formalized training program for individuals who use classified information as a part of their duties. If an external agency is to assume the responsibility of training these individuals, this agreement should be documented in an MOU. Perform and document an assessment/evaluation of current classified information practices and safeguarding at headquarters and field offices to determine any noncompliances. Immediate corrective action should be taken to address any noncompliances noted. Incorporate a review of controls over classified information in EEOC’s annual FMFIA process. Complete risk designations for the remaining estimated 194 EEOC covered positions. Complete and begin any outstanding reinvestigations as required by the CFR. 18 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Adhere to EEOC policy and Federal requirements pertaining to reinvestigations. EEOC should follow their internal policy until further guidance is provided by the Office of Personnel Management (OPM). Update the policy for the Federal Personnel Payroll System with a timeline and implement the revised standard. Review all employee Electronic Official Personnel File (e-OPF)s to ensure proper inclusion of the employee’s Certificate of Investigation (COI) and, in instances where the documentation is missing, insert the COI. Report any outstanding EEOC adjudication decisions to the OPM, and going forward adhere to the 90-day timeline. Develop and implement a procedure to maintain relevant evidence documenting that the EEOC has informed OPM of the adjudication decisions it has made. Explore and document the decision on using alternative staffing options, such as contract employees or part-time employees, or obtaining an employee on detail in order to become current on risk designations, reinvestigations, Federal Personnel Payroll System (FPPS), COIs, and adjudication reporting. Update and implement comprehensive policies and procedures for physical security. These policies and procedures should include but not be limited to o providing training for the Financial Cloud Solutions (FSC) member or designee at each field office location at least annually; o developing and implementing a field office on-site security assessment program that includes performing assessments and/or spot checks of field office security measures by the Office of the Chief Financial Officer (OCFO) on a rotational basis as it relates to Interagency Security Committee requirements; and o assisting and ensuring field offices correct noted security weaknesses or document acceptance of risk where EEOC has determined corrective action will not be taken. Revise the field office self-assessment checklist to include facility security and credentialing information. Immediately correct any known weaknesses. If EEOC determines not to correct a noted weakness, EEOC should document this analysis and their acceptance of the associated risk. Increase coordination between OCFO and the Office of Federal Programs (OFP) to improve field office security posture, awareness and training to ensure compliance with applicable EEOC orders and guides; Facility Security Committees: An ISC Standard, dated January 1, 2012, second edition; and other applicable Interagency Security 19 Committee Standards. Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Date Year Report Number Report Title Issued 2014 2013-FIN-01 FY 2013 Financial Statement Audit 12/16/13 Open Recommendations: EEOC should update and revise the manner in which it controls the maintenance of its official personnel files. Additionally, management should perform a thorough review of its employees’ personnel files to ensure that documentation is current and complete. (Repeat finding from 2012) Fiscal Date Year Report Number Report Title Issued 2014 2013-02-FIN FY 2013 Financial Statement Management 1/31/14 Letter Report Open Recommendations: EEOC should work toward prompt resolution of these differences as this is an essential component of financial data integrity, and its absence compromises the integrity of the financial reporting. EEOC management should consistently review and approve all documents as prescribed by its policies and procedures. Policies and procedures should be reviewed and updated to ensure they reflect the most current protocol. EEOC should ensure that its property records contain accurate and complete property information. A review of property records and property inventory should be conducted at least annually, but preferably semiannually. EEOC should establish and implement controls to prevent waste, fraud, and misuse in the credit card program. On an annual basis, EEOC should review and update the Charge Card Program Guide for substantial changes. Additionally, EEOC should monitor the controls to ensure that they are working effectively. 20 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Date Year Report Number Report Title Issued 2014 2013-05-FISMA FY 2013 Federal Information Security 12/10/13 Management Act Report Open Recommendations: The OIG recommends that the EEOC Office of Information Technology (OIT) define the configuration items (hardware/software inventory) for the information system within the Configuration Management Plan. The OIG recommends that OIT should document the hardware/software inventory in the Configuration Management Plan or provide a direct reference to where the current hardware/software inventory lists are located. The OIG recommends that the EEOC Office of the Chief Financial Officer, Central Services Division, update EEOC Order 370-002 Security Plan to reflect consideration of updated authorities. The OIG recommends that the EEOC OIT implement multifactor authentication for remote access. The OIG further recommends that the EEOC use multifactor authentication where one of the factors is provided by a device separate from the computer gaining access. (Repeat finding from 2008) The OIG recommends that the OIT ensure all configuration change request forms are signed to document review and approval. The OIG recommends that the EEOC OIT include an option box or a check box in the Change Request forms for emergency changes to ensure the Change Configuration Board (CCB) approvers have enough information pertaining to the type of change request. The OIG recommends that the EEOC Office of Chief Human Capital Officer work with EEOC Headquarters’ Administrative Officers and District Directors regarding (1) implementing procedures to ensure compliance with EEOC Order 501.006 Clearance Procedures and (2) implementing procedures to ensure that all separated/terminated EEOC employees complete the EEOC Exit Questionnaire and EEOC Form 470, Contractor and Employee Clearance Record. Fiscal Date Year Report Number Report Title Issued 2013 2012-09-REV Review of Evaluations 04/09/13 Open Recommendations: 21 EEOC should further standardize intake procedures across field offices. Page EEOC should document criteria for determining Category C charges. OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT EEOC should continue efforts to develop a national approach for addressing and eliminating systemic discrimination. EEOC should continue to review the range of information obtained during intake interviews and review the manner in which the intake information is stored in the Integrated Mission System (IMS). EEOC should investigate the merits of expanding the information it obtains related to employee hiring and terminations. Fiscal Date Year Report Number Report Title Issued 2013 2012-01-FIN FY 2012 Financial Statement Audit Report 11/16/12 Open Recommendations: EEOC should document and monitor implementation of all complementary user control considerations. (Repeat finding from 2010) Fiscal Date Year Report Number Report Title Issued 2013 2012-03-FISMA FY 2012 Federal Information Security 11/14/12 Management Act Report Open Recommendations: EEOC management should revise the Agency’s policy to correctly reflect the entire severity rating list published by the U.S. Computer Emergency Readiness Team (US- CERT). Fiscal Date Year Report Number Report Title Issued 2013 2012-02-FIN FY 2012 Financial Statement Management 12/19/12 Letter Report Open Recommendations: EEOC should implement stringent reconciliation and resolution procedures for reconciliation of management reports and subledgers to FCS general ledger data. 22 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Date Year Report Number Report Title Issued 2013 2012-10-PMEV Evaluation of EEOC’s Performance Measures 03/21/13 Open Recommendations: EEOC should expand the new Strategic Enforcement Plan (SEP) requirement for quarterly reviews. EEOC management would likely benefit considerably from the implementation of quarterly data-driven reviews such as those required by large Federal agencies. EEOC should provide its Commissioners and managers with easy access to relevant disaggregation of outcome values. Outcome data would be broken out by such characteristics as priority level, industry, and key characteristics of charging parties. Fiscal Date Year Report Number Report Title Issued 2013 2012-08-PURCH Performance Audit of EEOC Charge Card 03/28/13 Program Open Recommendations: EEOC should perform further analysis on the government charge card operations to identify the controls to be implemented in compliance with OMB directives. Specifically, the EEOC must review and update the identification of procedures performed using the new accounting system FCS as well as the current duties of personnel interacting with the system. The EEOC should meet with all process lead personnel to determine what controls are or should be in place to ensure that fraud, waste, abuse, and misuse are not present in the charge card program. The EEOC should identify all requirements in OMB Circular A-123, Appendix B, and determine the procedures necessary to comply with the requirements and ensure that policies and procedures are reviewed on an annual basis, or more frequently if substantial changes have occurred in EEOC’s systems or laws and regulations have been issued. This will help to ensure that policies and procedures are appropriate for the current environment. EEOC should develop a system to (1) identify and track all charge card activity, including open accounts, closed accounts, cardholder approver levels, and cardholder training; (2) perform an evaluation of service providers’ controls over the charge card program to ensure that controls are appropriate and operating effectively; and (3) monitor all controls, whether performed at EEOC or at a service provider, at least 23 annually, to ensure that controls remain adequate and continue to operate effectively. Page EEOC should develop policies and procedures to identify and track all cardholder- required training. Documentation should be maintained following National Archives and OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Records Administration (NARA) requirements for cardholders who have successfully completed training requirements. EEOC should develop controls over the retention of application documents for charge card accounts. EEOC should monitor controls over transaction approval, whether performed at EEOC or at a service provider. EEOC should implement policies and procedures regarding record retention for purchase and travel card transactions. EEOC should develop and implement policies to require reviews of total cardholder activity to ensure compliance with monthly spending authority for all cardholders. Documentation of authority to exceed cardholders’ spending limits should be maintained by management. Penalties for exceeding authorized spending limits should be established and enforced. EEOC should develop and implement policies and procedures to use data mining to monitor charge card activity. Fiscal Date Year Report Number Report Title Issued 2008 2008-03-AMR Oversight of Federal Agency Reporting 09/26/08 Management Directive 715 (MD-715) and Related Topics Open Recommendations: EEOC should require Federal agencies to submit Part G of their Equal Employment Opportunity assessment with their annual EEOC Management Directive MD-715 submissions. Fiscal Date Year Report Number Report Title Issued 2008 2007-11- Performance Audit of the Equal Employment 08/26/08 RFPERF Opportunity Commission’s Education, Training, and Technical Assistance Program Revolving Fund 24 Open Recommendations: Page EEOC should approve the establishment of the EEOC Training Institute Steering OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Committee. EEOC should update the Revolving Fund Business Plan to reflect the Agency’s strategic direction, vision, and goals over the next three to five years. EEOC should seek professional assistance to develop a more effective budgeting method to project financial information in order to plan training events and monitor goals. As required by Section 5(a)(10) of the Inspector General Act of 1978, as amended, semiannual reports shall include a summary of each audit report issued before the start of the reporting period for which no management decision has been made by the end of the reporting period. The OIG has no audit or evaluation reports that were issued before the reporting period began for which no management decision has been made. 25 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THE INVESTIGATION PROGRAM The Investigation Program supports the OIG’s strategic goal to focus limited investigative resources on issues that represent the greatest risk and offer the maximum opportunity to detect and prevent fraud, waste, and abuse in EEOC programs and operations. Investigative Inquires Received October 1, 2014–March 31, 2015 Allegations Number Charge Processing 134 Other Statutes 37 Title VII 132 Mismanagement 1 Ethics Violations 8 Backgrounds 7 Theft 1 Threats 1 Fraud 3 Other Criminal Allegations 6 Congressional Inquiries 3 Total 333 26 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT INVESTIGATIONS Fraudulent Settlement Agreement The OIG investigated an allegation involving an EEOC Settlement Agreement used as a financial instrument to obtain an advance payment on the settlement amount. The investigation revealed that the settlement agreement document was fraudulent. The signatures of agency employees and agency seal had been forged on the document. Using an OIG subpoena, the investigation revealed the money ($35,000.00) obtained from the lender was deposited into an account at JPMorgan Chase Bank in Madison, Wisconsin, into an account under the name of Staff on Demand. Bank records established that the subject of the investigation was the owner of the account. Our investigation of the subject revealed a prior history of convictions for state theft charges and federal tax code violations. Other convictions associated with this individual include mail fraud, false statements, false claims, and bank fraud. These convictions and others involved the use of and the creation of numerous fraudulent documents to commit the crimes. It was determined that the subject of this investigation is currently serving time in a Federal correction institute for three counts of Fraud with Identification Documents and one count of Fraudulent Statements in the Application of a Passport. The subject was sentenced and is not scheduled for release until September 2016. The OIG referred this matter to the Federal Bureau of Investigation, the Wisconsin Field Office, located in Milwaukee, Wisconsin. ONGOING INVESTIGATIVE ACTIVITY The OIG has ongoing investigations in several field offices involving ethics violations, conflicts of interest, fraud, mismanagement, falsification of government records, impersonation of a Federal official, misuse of travel and purchase cards, misuse of computers, misuse of position and threats against the Agency. OTHER OIG PROGRAM ACTIVITIES Peer Review of EEOC OIG Audit Function The Federal Trade Commission (FTC) OIG conducted a peer review of the system of quality control for EEOC OIG’s audit function for FY 2014. The modified peer review report, which was issued on December 8, 2014, noted that the EEOC OIG’s established policies and procedures for the audit function as of March 31, 2014, were current and consistent with 27 applicable professional standards as stated, and no recommendations were included. Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT APPENDIX I. FINAL OIG AUDIT AND EVALUATION REPORTS Questioned Funds Put Unsupported Report Title Date Issued to Better Costs Costs Use FY 2014 FISMA Report 12/16/14 $0 $0 $0 Agency Compliance with the Federal Managers’ Financial 11/14/14 $0 $0 $0 Integrity Act (FMFIA) FY 2013 Financial Statement 11/17/14 $0 $0 $0 Audit of the EEOC Report on Open and Unimplemented OIG 3/25/15 $0 $0 $0 Recommendations to Congress FY 2013 Management Letter 1/13/15 $0 $0 $0 Report APPENDIX II. INDEX OF REPORTING REQUIREMENTS Inspector General Reporting Requirements Page Act Citation Section 4(a)(2) Review of Legislation and Regulations N/A Section 5(a)(1) Significant Problems, Abuses, and Deficiencies 10–24 Recommendations with Respect to Significant Problems, Section 5(a)(2) 10–13 Abuses, and Deficiencies Significant Recommendations Included in Previous Reports Section 5(a)(3) 17–24 on Which Corrective Action Has Not Been Completed Section 5(a)(4) Matters Referred to Prosecutorial Authorities N/A Section 5(a)(5) Summary of Instances Where Information Was Refused N/A Section 5(a)(6) List of Audit Reports 27 28 Section 5(a)(7) Summary of Significant Reports 10–13 Page Section 5(a)(8) Questioned and Unsupported Costs 27 OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Section 5(a)(9) Recommendations That Funds Be Put to Better Use 27 Summary of Audit Reports Issued Before the Commencement Section 5(a)(10) of the Reporting Period for Which No Management Decision 16 Has Been Made Significant Management Decisions That Were Revised Section 5(a)(11) N/A During the Reporting Period Significant Management Decisions with Which the Office of Section 5(a)(12) N/A Inspector General Disagreed 29 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT APPENDIX III. SINGLE AUDIT ACT REPORTS The Single Audit Act of 1984 requires recipients of Federal funds to arrange for audits of their activities. Federal agencies that award these funds must receive annual audit reports to determine whether prompt and appropriate corrective action has been taken in response to audit findings. During the reporting period, the OIG received no single audit reports issued by public accounting firms concerning Fair Employment Practice Agencies (FEPAs) that have work-sharing agreements with EEOC. Thus, no audit findings for the FEPAs involved EEOC funds. 30 Page OIG Semiannual Report to Congress October 1, 2014–March 31, 2015 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT EEOC-OIG The Hotline The EEOC Hotline Program was established for Agency employees, other Government employees, contractors, and the general public to report fraud, waste, abuse, or wrongdoing by phone, e-mail, or by mail. What Should you Report You should report any concern you may have over a situation in which EEOC is the potential victim of fraudulent acts by employees, contractors, or others. It includes any violations of laws, rules, regulations, gross mismanagement, gross waste or misappropriation of funds, and abuses of authority OIG Hotline Contact Information Call: EEOC-OIG Hotline Toll-free 1-800-849-4230 E-Mail: INSPECTOR.GENERAL@EEOC.GOV Write: Equal Employment Opportunity Commission Office of Inspector General PO Box 77067 Washington, DC 20013-7067 31 Page Identities of Writers, E-mailers, and Callers are always Fully Protected OIG Semiannual Report to Congress October 1, 2014–March 31, 2015
Semi-annual report: Oct-Mar 2015
Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2015-04-30.
Below is a raw (and likely hideous) rendition of the original report. (PDF)