oversight

Semiannual Report: Apr-Sep 2016

Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2016-11-01.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

U.S. Equal Employment Opportunity Commission




          Office of Inspector General


       Semiannual Report to the U.S. Congress

             April 1, 2016–September 30, 2016




                    Milton A. Mayo Jr.
                     Inspector General
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	




                                                                1
   OIG Semiannual Report   April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	




                         OIG VISION

   Effective, efficient and accountable oversight of Agency
             programs, operations, and personnel.




                       OIG MISSION

  To detect and prevent waste, fraud, and abuse and promote
  economy, efficiency, and effectiveness in the programs and
operations of the Equal Employment Opportunity Commission.




                                                                   2
     OIG Semiannual Report    April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Contents
Message from the Inspector General …………………………………………...                  5

Executive Summary ……………………………………………………………                               6

Introduction ……………………………………………………………………                                 8

The Audit and Evaluation Program ……………………………………………                      10

Completed Projects
New and Ongoing Audit and Evaluation Projects
Audit Follow-up

The Investigation Program …………………………………………………….                         25

Investigative Inquiries
Completed Investigative Activities
Ongoing Investigative Activities

Appendixes …………………………………………………………………….                                  28
Appendix I. Final OIG Audit and Evaluation Reports
Appendix II. Index of Reporting Requirements
Appendix III. Single Audit Act Reports
Appendix IV. Peer Review Reporting




                                                                                3
         OIG Semiannual Report             April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	




             THIS PAGE INTENTIONALLY LEFT BLANK




                                                                  4
   OIG Semiannual Report     April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Message from the Inspector General

In accordance with the Inspector General Act of 1978, as amended, I submit this semiannual
report for the period April 1, 2016, through September 30, 2016. This report summarizes the
major activities of the U.S. Equal Employment Opportunity Commission’s (EEOC), Office of
Inspector General (OIG) for this reporting period. Section 5 of the Inspector General Act of 1978
as amended, requires the Chair to transmit this semiannual report to the appropriate committees
or subcommittees of the U.S. Congress within 30 days of its receipt.

As an office, we continue to work closely with Agency stakeholders to improve dialogue, to
promote innovation by identifying solutions to problems, and to foster continuous improvement.
Through the use of the Cooperative Audit Resolution and Oversight Initiative (CAROI), our
office has achieved significant results, including improved communication with program offices.
Because of improved communications with program offices, the OIG has become more
successful in its role in the resolution of outstanding recommendations.
We conducted a quality control review of the U.S. International Trade Commission’s (ITC), OIG
audit organization. Our review found that the ITC OIG Audit organization’s system of quality
control was consistent with standards specified in the audit quality control guidelines.
Our Senior Auditor and Evaluator were recognized by the Council of the Inspectors General on
Integrity and Efficiency (CIGIE) Training Institute for outstanding contributions. Staff members
were recognized for: (1) participation in the curriculum development for the Intermediate
Auditor Training Program; and (2) work as a lecturer for the Inspection and Evaluation
Fundamentals Training Program. Furthermore, one of our Criminal Investigators participated on
a multi-agency investigative team, and received a 2016 Public Service Award from the United
States Attorney's Office, Eastern District of Virginia, Alexandria Division, for her role in the
corruption investigation of Global Computer Enterprises, Inc. (GCE) of Reston, Virginia.
Finally, on May 19 and 20, 2016, we co-hosted, with the Tennessee Valley Authority OIG, the
annual CIGIE Inspectors General Conference in Richmond Virginia. As co-hosts we chose a
different format from those of previous conferences in an attempt to initiate and foster a more
interactive and collaborative conference environment. Additionally, we sought to create
opportunities for follow-up training during the year. The three-day conference brought together
over sixty federal Inspectors General who worked together in interactive sessions to analyze and
discuss various cross-cutting issues that face the 21st century IG community. A follow-up
session with this group is scheduled to be held on November 2, 2016.
We remain committed to our mission and the U.S. Equal Employment Opportunity
Commission’s efforts to achieve Justice and Equality in the Workplace. As always, we
appreciate the support and cooperation of Chair Jenny Yang, the Commissioners, and employees
of the Commission.



Milton A. Mayo Jr.
Inspector General

                                                                                               5
         OIG Semiannual Report                 April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Executive Summary
This semiannual report is issued by the Equal Employment Opportunity Commission’s
(EEOC’s) Office of Inspector General (OIG) pursuant to the Inspector General Act of 1978, as
amended. It summarizes our activities and accomplishments for the period April 1, 2016, through
September 30, 2016.
During this period, our office issued five final audit/evaluation reports, completed two
investigations, and received 382 hotline inquiries, of which 177 were charge processing issues,
105 were complaints related to Title VII of the Civil Rights Act of 1964, as amended, and 100
were other investigative allegations.
Our completed, newly initiated, and ongoing audit, evaluation, and investigative projects include
the following:
Completed Audit/Evaluation Work

      A report that assessed the Agency’s litigation efforts, focusing on areas where gains in
       efficiency and effectiveness could be obtained.

      A report that the Agency complied with the Improper Payments Information Act of 2002,
       as amended by the Improper Payments Elimination and Recovery Improvement Act of
       2012.

      A report answering questions required by the Cybersecurity Act of 2015, Inspector
       General Requirement of Section 406 (Federal Computer Security).

      A report updating EEOC’s Open Government Initiative progress.

      A report regarding the EEOC’s Commissioner charge process.

Completed Investigations

      Two allegations from the Office of Legal Counsel regarding possible violations of Title
       18 U.S.C. §208 - Acts Affecting a Personal Financial Interest.

Ongoing and Newly Initiated Work

      The public accounting firm of Harper, Rains, Knight & Co., P.A., is performing the
       Fiscal Year (FY) 2016 Financial Statement Audit of EEOC.

      The public accounting firm of Brown and Company, CPAs PLLC., is performing the FY
       2016 Independent Evaluation Audit of the Agency’s Adherence to the Federal
       Information Security Modernization Act (FISMA) of 2014.

      Agency policy directive EEOC Order 195.001, Management Accountability and
       Controls, requires that our office provide an annual written advisory to the Chair

                                                                                               6
         OIG Semiannual Report                 April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

       regarding whether the management control evaluation process complied with Federal
       Managers’ Financial Integrity Act (FMFIA) of 1982 requirements.

      OIG has ongoing investigations in several field offices involving such matters as ethics
       violations, conflicts of interest, misuse of position, mismanagement, false statements, and
       falsification of government records.

Also, in an ongoing effort to promote the importance of audit follow-up, our office and the
Office of the Chief Financial Officer (OCFO) made a joint presentation to Agency program
managers concerning audit follow-up and its importance in building relationships to improve key
Agency programs. The presentation focused on:

      Defining and providing an explanation regarding the importance of audit follow-up and
       audit resolution;
      Mapping the audit follow-up and resolution process;
      Communicating everyone’s role in the audit follow-up and resolution process; and
      Understanding the importance regarding how open communication and conflict
       resolution can assist in implementing recommendations.

As part of this presentation the benefits of the Cooperative Audit Resolution Oversight Initiative
(CAROI) were discussed, along with dialogue promoting innovation in identifying solutions to
problems and fostering continuous improvement of the audit process.




                                                                                                7
         OIG Semiannual Report                 April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Introduction
The Equal Employment Opportunity Commission
The Equal Employment Opportunity Commission (EEOC) is the Federal agency responsible for
enforcement of Title VII of the Civil Rights Act of 1964, as amended; the Equal Pay Act of
1963; the Age Discrimination in Employment Act of 1967; Sections 501 and 505 of the
Rehabilitation Act of 1973 (in the Federal sector only); Title I of the Americans with Disabilities
Act of 1990 and the Americans with Disabilities Act Amendments Act of 2008; Sections 102
and 103 of the Civil Rights Act of 1991; the Lilly Ledbetter Fair Pay Act of 2009; and the
Genetic Information Nondiscrimination Act of 2008 (P.L. 110-233 Stat. 881), also referred to as
GINA. These statutes prohibit employment discrimination based on race, sex, color, religion,
national origin, age, disability, or genetic information.
EEOC is also responsible for carrying out Executive Order 12067, which promotes coordination
and minimizes conflict and duplication among Federal agencies that administer statutes or
regulations involving employment discrimination.
EEOC is a bipartisan commission composed of five presidentially appointed members, which
include a Chair, a Vice Chair, and three Commissioners. The Chair is responsible for the
administration and implementation of policy and for the Commission’s financial management
and organizational development. The Vice Chair and the Commissioners equally participate in
developing and approving EEOC policies, issuing charges of discrimination where appropriate,
and authorizing the filing of lawsuits. In addition, the President appoints a General Counsel, who
is responsible for conducting litigation under the laws enforced by the Commission.

The Office of Inspector General
The U.S. Congress established the Office of Inspector General (OIG) at EEOC through the 1988
amendments to the Inspector General Act of 1978. These amendments expanded the authority of
designated Federal entities to create independent and objective OIGs. Under the direction of the
Inspector General (IG), the OIG meets this statutory responsibility by conducting and
supervising audits, evaluations, and investigations relating to Agency programs and operations.
The OIG provides leadership, coordination and recommends policies for activities designed to
promote economy, efficiency, and effectiveness in administering programs and operations.
In October 2008, Congress passed the Inspector General Reform Act of 2008, which generally
buttressed the independence of IGs, increased their resources and held them more accountable
for their performance. The OIG is under the supervision of the IG, an independent EEOC official
subject to general supervision by the Chair. The IG must not be prevented or prohibited by the
Chair or any other EEOC official from initiating, carrying out, or completing any audit,
investigation, evaluation, or other inquiry or from issuing any report.
The IG provides overall direction, coordination, and leadership to the OIG; is the principal
advisor to the Chair in connection with all audit and investigative matters relating to the
prevention, identification, and elimination of waste in any EEOC program or operation; and
recommends the proper boundaries of audit and investigation jurisdiction between the OIG and
other EEOC organizations. The IG also develops a separate and independent annual budget for

                                                                                                 8
         OIG Semiannual Report                  April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

the OIG; responds directly to inquiries from the public, Congress, or the news media; and
prepares press releases, statements, and other information about the OIG’s activities.
The Deputy Inspector General serves as the IG’s alter ego and participates fully in policy
development and in management of the OIG’s diverse audit, investigation, evaluation, and
support operations.
The Counsel to the Inspector General is the sole legal advisor in the OIG, providing day-to-day
guidance to the OIG’s investigation team, and is the primary liaison with Agency legal
components and the Department of Justice.
In addition to these positions, the OIG staff includes a chief technology officer, an evaluator, two
auditors, two criminal investigators, and an administrative specialist.
Currently the Deputy Inspector General and Confidential Support Assistant positions are vacant.




                                                                                                  9
         OIG Semiannual Report                  April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

                   The Audit and Evaluation Program
                   The Audit and Evaluation Program supports the OIG’s strategic goal of
                   improving the economy, efficiency, and effectiveness of EEOC programs,
                   operations, and activities.




Completed Projects
Compliance with the Improper Payments Elimination and Recovery Improvement Act of
2012

On May 11, 2016, our office reported that the EEOC complied with the Improper Payments
Information Act of 2002, as amended by the Improper Payments Elimination and Recovery
Improvement Act of 2012. The Agency conducted an Agency-wide risk assessment of vendor
and travel payments made in FY 2015. In addition, the Agency relied on internal controls
currently in place and indicated it would use the U.S. Treasury’s FedDebt System to recapture
any potential improper payments.

Evaluation of Litigation

On July 8, 2016, our office issued a report that assessed the Agency’s litigation efforts, focusing
on areas where gains in efficiency and effectiveness could be obtained. This evaluation was
conducted under contract with the Urban Institute. The report contained twenty-one
recommendations in the areas of priority setting, relationships and collaboration, performance
management, measurement, analysis and data use, and administrative issues.
Critical recommendations included:

      Provide more guidance regarding the field attorneys’ expected role in the priority charge
       handling procedures, including how systemic cases fit into operational directives;

      Develop a process for tracking compliance with injunctive relief contained in consent
       decrees;

      Pilot annual district office work plans to update priorities based on current national and
       local conditions and track progress toward Strategic Enforcement Plan and District
       Complement Plan goals;

      Encourage each regional attorney and district director to annually review the data on the
       status of pending charges and litigation, the resolution of charges and litigation over the
       prior year, staff workloads, any expected changing local and national conditions, and
       develop a district performance plan for the coming year; and



                                                                                                10
         OIG Semiannual Report                  April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

      Expand efforts to identify and share best practices in areas such as: (1) how to strengthen
       collaboration between attorneys and investigators; (2) ways for attorneys and
       investigators to analyze performance measurement data; (3) ways to follow up on
       compliance with consent decrees and conciliations; and (4) steps to make reasonably
       accurate projections of workload for the forthcoming year.

Cybersecurity Information Sharing Act of 2015 Inspector General Requirement
On August 12, 2016, our office issued a report in response to the requirements of the
Cybersecurity Information Sharing Act of 2015, Section 406 (Federal Computer Security).
Section 406 required that no later than 240 days after the enactment of the Act, each agency
Inspector General would submit to their appropriate committees of jurisdiction in the Senate and
the House of Representatives a report which included information regarding the Federal
computer systems of the covered agency.
Review of EEOC’s Commissioner Charge Process

On September 19, 2016, our office issued a report to a member of Congress regarding the
EEOC’s Commissioner charge process. In January 2016, we received a formal request to
conduct a review of the Agency’s enforcement tactics regarding a specific Commissioner charge.
In response, we reviewed: (1) how and why Commissioner charges are filed; (2) requirements
and guidelines regarding a Commissioner charge; and (3) the various stages of the Commissioner
charge process. In addition, we reviewed the circumstances that led to the filling of the
Commissioner charge and if the process used by the Agency followed policies and procedures.

Our review of key documents, EEOC’s Compliance Manual, charge data information and
statistics, and information obtained through interviews with key stakeholders resulted in a
conclusion that the process used by the Agency, concerning the charge in question, was
consistent with procedures for filing a Commissioner charge.

Open Government and Transparency Progress Review

On September 30, 2016, our office issued a progress review on EEOC’s Open Government
Initiatives. Our review determined that EEOC completed several Open Government activities
while making substantial progress on others. Completed work includes: (1) developing a system
allowing charging parties to view the status of their charge online; (2) increasing dialogue with
the public; (3) posting information in plain language on HTTPS://EEOC.GOV; and (4)
implementing key government-to-government electronic transactions. Areas where substantial
progress was achieved include: (1) posting of private sector employer data; (2) implementing a
digital charge system; and (3) updating the Open Government web page.




                                                                                               11
         OIG Semiannual Report                 April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

New and Ongoing Audit and Evaluation Projects
FY 2016 Audit of the Consolidated EEOC Financial Statements
The public accounting firm of Harper, Rains, Knight & Co., P.A., is performing the FY 2016
Financial Statement Audit of EEOC. The auditor’s opinion will be included in the Agency’s FY
2016 Performance and Accountability Report. In addition, the auditors will issue a management
letter report identifying internal control weaknesses.
FY 2016 Independent Evaluation of the Agency’s Adherence to the Federal Information
Security Modernization Act
The public accounting firm of Brown and Company, CPAs PLLC., is performing the FY 2016
Independent Evaluation Audit of the Agency’s adherence to the Federal Information Security
Modernization Act (FISMA of 2014). A final report, with corresponding CyberScope
submission, is planned to be issued in November 2016.

Agency Compliance with the Federal Managers’ Financial Integrity Act

Agency policy directive EEOC Order 195.001, Management Accountability and Controls,
requires that an annual written advisory be provided to the Chair regarding the Agency’s
management control evaluation process. Our advisory will report whether the Agency’s
management control evaluation process was conducted in accordance with Federal Managers’
Financial Integrity Act (FMFIA) guidelines. Results will be included in the FY 2016
Performance and Accountability Report.




                                                                                          12
         OIG Semiannual Report               April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Audit Follow-Up
Audit follow-up is an integral part of good management and is a shared responsibility of Agency
management officials and auditors. Corrective action taken by management to resolve findings
and recommendations is essential to improving the effectiveness and efficiency of Agency
operations.

Section 5(a)(1) of the Inspector General Act of 1978, as amended, requires that semiannual
reports include a summary description of significant problems, abuses, and deficiencies relating
to the Agency’s administration of programs and operations disclosed by the OIG during the
reporting period. Five new reports were issued during this reporting period (April 1, 2016–
September 30, 2016); one of those reports contained findings.

                      Reports Issued During This Reporting Period

     Fiscal Year     Report Number                Report Title                Date Issued
        2016         2016-04-AOIG          Report on Compliance with          05/11/2016
                                               Improper Payments
                                           Elimination and Recovery
                                            Improvement Act of 2012
         2016          2015-01-LIT           Evaluation of Litigation         07/08/2016

         2016         2016-05-EOIG         Cybersecurity Information          08/12/2016
                                             Sharing Act of 2015
                                              Inspector General
                                           Requirement (Section 406)
         2016         2016-06-COIG           Review of the EEOC               09/19/2016
                                            Commissioner’s Charge
                                                   Process

         2016         2016-07-EOIG           Open Government and              09/30/2016
                                         Transparency Progress Review

As required by Section 5(a)(3) of the Inspector General Act of 1978, as amended, semiannual
reports shall provide an identification of each significant recommendation described in previous
semiannual reports on which corrective action has not been completed. OIG staff met with
Agency follow-up officials in September 2016. The OIG is reporting a total of 16 reviews with a
total of 67 open recommendations for this reporting period. The following table shows those
recommendations for which corrective actions have not been completed.




                                                                                             13
         OIG Semiannual Report                April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Recommendations for Which Corrective Actions Have Not Been Completed

  Fiscal
  Year       Report Number                        Report Title                        Date Issued

  2016        2015-01-FIN           FY 2015 Financial Statement Audit                   11/16/15


     EEOC update its controls over the maintenance of its accounting records.

     EEOC update its controls over the maintenance of its official personnel files and perform
      a thorough review of its employees’ personnel files to ensure that documentation is
      current and complete.

  Fiscal
  Year       Report Number                        Report Title                        Date Issued

  2016        2015-02-FIN           FY 2015 Financial Statement Audit                   1/15//16
                                       Management Letter Report


     EEOC maintain all documentation associated with its transactions and review retention
      procedures in place at its new service provider and develop and document retention
      procedures over each type of transaction entered into its financial system.

     EEOC perform an assessment over their internal controls surrounding retention and
      accuracy of obligating supporting documentation in order to ensure compliance with the
      Anti-Deficiency Act.

     EEOC perform an assessment over their internal controls surrounding payment support
      retention and the payment of interest on late payments in order to comply with the
      Prompt Payment Act.

     Developing an assessment of EEOC’s internal control process in order to proactively
      manage and update internal controls. This should minimally consist of EEOC
      documenting what controls are performed by their shared services provider and what
      controls are performed at EEOC to ensure management has a clear understanding of their
      responsibilities.

     EEOC update its controls over the maintenance of its accounting records. EEOC should
      ensure that all documentation, whether held by EEOC or its shared service providers, is
      readily available. EEOC should coordinate with its service providers to identify the type
      of documentation that is available for each financial transaction, where that information
      is located, and how long the data is available for review. This information should be

                                                                                            14
           OIG Semiannual Report             April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

    clearly documented in EEOC’s policies and procedures. Additionally, management
    should perform a thorough review of its files to ensure that documentation exists, is
    accurate, and is available for review.

   EEOC update its controls over the maintenance of its official personnel files. The
    controls currently in place are not capturing all changes to employee personnel files.
    EEOC should initiate new procedures to sample and review employee personnel files at
    least semi-annually to ensure that current documentation is included in the files.

   EEOC work with IBC to implement internal controls that will prohibit transactions being
    recorded with a “999999” default object class. Until that control is implemented, we
    recommend that EEOC review, at least monthly, its accounting transactions to ensure that
    the default object class is not utilized.

   The EEOC office accountable for compiling the Performance and Accountability Report
    (PAR) create and enforce internal deliverable milestones to ensure all OMB submission
    deadlines are met. These internal deliverable milestones should extend to all EEOC
    offices and require these offices to provide their content to EEOC’s accountable office
    prior to the established milestones. EEOC’s Office of the Chief Financial Officer
    (OCFO) should thoroughly review the final draft of the PAR prior to the submission to
    OMBB and the auditors in order to minimize edits required close to the PAR’s final
    submission deadline. This review should include a review of the financial statements
    against various federal reporting guidelines and checklist, such as GAO’s FAM 2020
    checklist for Federal Reporting Disclosures.


Fiscal
Year       Report Number                       Report Title                        Date Issued

2015       2015-03-EOIG          Independent Evaluation of Agency                    11/15/15
                                Adherence to the Federal Information
                                    Security Modernization Act


   We recommend that EEOC fully document, publish and enforce a CIO-approved
    organization-wide Information System Program Plan for common controls and hybrid
    controls across all systems and applications.

   We recommend the EEOC organization-wide Information System Program Plan include:
      o Names and contact information for the government and vendor partner personnel
          who are sharing responsibility for the definition and implementation of the EEOC
          common, hybrid, and application-specific controls.
      o An EEOC defined and approved population of common, hybrid and application
          controls.


                                                                                         15
         OIG Semiannual Report             April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

       o A Memorandum of Understanding (MOU), or similar document, that
         acknowledges the government’s and vendor’s responsibility for designing and
         implementing their assigned portions of the population of EEOC NIST 800-53
         Revision 4 controls.

   We recommend that EEOC complete this organization-wide security program objective
    by publishing its approved organization-wide Information Security Program Plan
    population of common, hybrid, and application controls and continuously monitoring its
    approved common controls and hybrid controls.

   We recommend EEOC develop an organization-wide risk management strategy and
    processes to manage risk to organizational operations and assets, in accordance with
    NIST guidelines.

   We recommend EEOC develop, document, and implement a policy requiring FEPAs that
    collect, store, process, use and transmit EEOC data to implement information security
    controls that ensure data and access to data are secured. For example, the work-sharing
    agreement should include a clause that requires only authorized individuals access to the
    IMS system and that devices are updated with current system security patches and
    antivirus signatures before users connect to the system.

   We recommend that the EEOC develop special security controls for Field Offices that
    align with the Federal Managers’ Financial Integrity Act of 1982. In addition, we
    recommend the following improvements:
        o Assess the information systems security controls at the district, field and area
           offices.
        o Segregation of duties – Implement policies and procedure to ensure that managers
           do not have granting and approval rights for providing access to systems.
        o Segregation of duties – Implement policies and procedure to ensure managers do
           not have rights to both receive and store equipment.
        o System monitoring – Implement policies and procedure to ensure that IT staff
           have adequate skillsets to monitor information systems. In addition, provide
           annual network training.
        o COOP and DR – Provide IT staff COOP and DR training.
        o Confidentiality – Implement policies and procedures to ensure that the IT staff
           maintains confidentiality of sensitive data.
        o Network security – Install network monitoring devices and port security.
        o Safeguarding – Lock investigator’s office doors after hours and when the office is
           vacant.
        o Physical security (Baltimore) – Ensure that third-party security officer contractors
           enforce the barring notices and the ID verification procedures; and
        o Physical Security to Baltimore EEOC’s IT room – Ensure that only authorized
           EEOC personnel has access to EEOC’s field office IT facilities.




                                                                                           16
      OIG Semiannual Report                 April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

    We recommend EEOC OIT implement multifactor authentication for remote access.
    Furthermore, we recommend EEOC use multifactor authentication where one of the
    factors is provided by a device separate from the computer gaining access.

   We recommend the EEOC:
      o Develop TT&E programs to test or exercise the EEOC BCP and IT DRP at the
          HQ and field office levels and determine their operational effectiveness.
      o Conduct after-action reporting that addresses issues identified during
          contingency/disaster recovery exercises and incorporates them into HQ and field
          office plan updates.
      o Coordinate the HQ OIT BCP and IT DRP TT&E programs with the 53 EEOC
          field office’s programs to ensure adequate levels of emergency preparedness and
          IT disaster recovery capability across EEOC. Develop and perform testing of
          system-specific contingency plans for the following EEOC General Support
          Systems and major applications: DNS; EEO-1 Survey System; DMS; and IMS.

   We recommend EEOC build upon existing HQ configuration management policy and
    procedures to deploy automated tools and procedures that accurately and completely
    detect, identify, and account for changes to the information system component inventory.


Fiscal
Year       Report Number                         Report Title                          Date Issued

2015        2014-03-OE            Evaluation of EEOC’s Outreach and                       5/8/15
                                          Education Program


   EEOC’s website needs to be updated when important events occur, perhaps in
    accordance with guidelines that EEOC’s Office of Communication and Legislative
    Affairs sets for itself.

   EEOC should provide analytical help to each district office to examine charge data
    related to its own geographic area in order to identify potential trends, opportunities, and
    priorities.

   EEOC and its district and field offices should routinely conduct follow-up through
    surveys with partners, perhaps three months after events.

   EEOC should provide resources for the regular analysis of OFP charges to provide
    evidence of outreach and education success—both for district and field offices and
    nationally.




                                                                                             17
         OIG Semiannual Report              April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Fiscal
Year       Report Number                         Report Title                         Date Issued

2015        2014-01-FIN            FY 2014 Financial Statement Audit                    11/17/14


   EEOC should update its controls over the maintenance of its official personnel files.
    Additionally, management should perform a thorough review of its employees’ personnel
    files to ensure that documentation is current and complete.

   EEOC should implement procedures to ensure that it has a complete understanding of its
    service providers’ policies and procedures.

Fiscal
Year       Report Number                         Report Title                         Date Issued

2015        2014-02-FIN            FY 2014 Financial Statement Audit                    1/13/15
                                      Management Letter Report


   EEOC should monitor and enforce its policies and procedures over sensitive property.
    EEOC should monitor these controls to ensure that the controls remain adequate and
    continue to operate effectively.

   EEOC should update its policies and procedures to correctly state its current process.

   EEOC should monitor and enforce its policies and procedures over record retention for
    purchase and travel card transactions. EEOC should monitor these controls to ensure that
    the controls remain adequate and continue to operate effectively. Additionally,
    management should enforce penalties, such as disciplinary action, including restitution to
    the government and/or dismissal.

   EEOC should implement and monitor controls to ensure approving officials’ review and
    approval is documented for each purchase and travel card transaction. The policy or
    procedure should establish an appropriate period of time for retention of records,
    monitoring by the purchase card program manager, and appropriate disciplinary actions
    for noncompliance.

   EEOC should follow its guidelines for all expense transactions. We also recommend
    developing an assessment of EEOC’s internal control process in order to proactively
    manage internal controls and get the most from them.




                                                                                             18
         OIG Semiannual Report              April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

   EEOC should work with its service provider to implement internal controls that will
    catch all transactions with a zero object class. A monthly review of expense transactions
    will identify those with a zero object class.


Fiscal
Year       Report Number                           Report Title                        Date Issued

2015       2014-08-EOIG            FY 2014 Federal Information Security                 12/16/14
                                         Management Act Report


   Implementation of background checks for student interns to ensure that international
    visas are current.

   Development of policies and procedures to properly manage physical security access
    cards.

   Development of Continuity of Operations plans for field offices.

   Improved control over physical access to the data center and technology storage room.


Fiscal
Year       Report Number                           Report Title                        Date Issued

2014        2013-08-PSA              Performance Audit of the Agency’s                      9/4/14
                                        Personnel Security Program


   Identify all EEOC employees with

          o current or prior access to classified national security information;

          o a current adjudicated security clearance and the sponsoring agency, if applicable;
            and

          o special access or interim clearance and the sponsoring agency, if applicable.

   Develop and implement policies and procedures to address the safeguarding, transfer,
    storage, or disposal of classified information. The policy should include the requirements
    for memorandums of understanding (MOUs) between agencies.



                                                                                              19
         OIG Semiannual Report                April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

   Implement a formalized training program for individuals who use classified information
    as a part of their duties. If an external agency is to assume the responsibility of training
    these individuals, this agreement should be documented in an MOU.

   Perform and document an assessment/evaluation of current classified information
    practices and safeguarding at headquarters and field offices to determine any
    noncompliance. Take immediate corrective action to address any noncompliance noted.

   Incorporate a review of controls over classified information in EEOC’s annual FMFIA
    process.

   Complete risk designations for the remaining estimated 194 EEOC covered positions.

   Review all employee electronic official personnel folders to ensure proper inclusion of
    the employee’s conflict of interest (COI) disclosure, and in instances where the
    documentation is missing, insert it.

   Explore using alternative staffing options, such as contract employees, part-time
    employees, or employees on detail in order to become current on risk designations,
    reinvestigations, the FPPS, COIs, and adjudication reporting. Document the process of
    deciding what type of employees to use for this work.

   Update and implement comprehensive policies and procedures for physical security.
    These policies and procedures should include but not be limited to the following:

       o Providing training for the Federal Supply Class member or designee at each field
         office location at least annually.

       o Developing and implementing an on-site field office security assessment program
         that includes performing assessments and/or spot checks of field office security
         measures by the OCFO on a rotational basis as it relates to Interagency Security
         Committee requirements.

       o Assisting field offices and ensuring that they correct noted security weaknesses or
         document acceptance of risk where EEOC has determined corrective action will
         not be taken.

   Revise the field office self-assessment checklist to include facility security and
    credentialing information.

   Immediately correct any known weaknesses. If EEOC decides not to correct a noted
    weakness, it should document this analysis and its acceptance of the associated risk.

   Increase coordination between OCFO and OFP to improve field office security posture,
    awareness, and training to ensure compliance with applicable EEOC orders and guides;


                                                                                             20
      OIG Semiannual Report                 April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

      with Facility Security Committees: An Interagency Security Committee (ISC) Standard,
      second edition, dated January 1, 2012; and with other applicable ISC standards.


Fiscal
Year        Report Number                          Report Title                        Date Issued

2014         2013-FIN-01             FY 2013 Financial Statement Audit                   12/16/13

        EEOC should update and revise the manner in which it controls the maintenance of its official
         personnel files. Additionally, management should perform a thorough review of its
         employees’ personnel files to ensure that documentation is current and complete. (Repeat
         finding from 2012)


Fiscal
Year        Report Number                          Report Title                        Date Issued

2014         2013-02-FIN         FY 2013 Financial Statement Management                  1/31/14
                                              Letter Report


        EEOC management should consistently review and approve all documents as prescribed by
         its policies and procedures. Policies and procedures should be reviewed and updated to ensure
         they reflect the most current protocol.

        EEOC should establish and implement controls to prevent waste, fraud, and misuse in the
         credit card program. On an annual basis, EEOC should review and update the Charge Card
         Program Guide for substantial changes. Additionally, EEOC should monitor the controls to
         ensure that they are working effectively.

Fiscal
Year        Report Number                          Report Title                        Date Issued

2014           2013-05-            FY 2013 Federal Information Security                  12/10/13
                FISMA                    Management Act Report


        The OIG recommends that the EEOC OIT implement multifactor authentication for remote
         access. The OIG further recommends that the multifactor authentication use one factor
         provided by a device separate from the computer gaining access. (Repeat finding from 2008)



                                                                                             21
         OIG Semiannual Report                April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Fiscal
Year        Report Number                          Report Title                        Date Issued

2013         2012-09-REV                     Review of Evaluations                     04/09/2013


        EEOC should further standardize intake procedures across field offices.

        EEOC should document criteria for determining Category C charges.

        EEOC should continue efforts to develop a national approach for addressing and eliminating
         systemic discrimination.

        EEOC should continue to review the range of information obtained during intake interviews
         and review the manner in which the intake information is stored in the Integrated Mission
         System.

        EEOC should investigate the merits of expanding the information it obtains related to
         employee hiring and terminations.


Fiscal
Year        Report Number                          Report Title                        Date Issued

2013         2012-01-FIN         FY 2012 Financial Statement Audit Report              11/16/2012


        EEOC should document and monitor implementation of all complementary user control
         considerations. (Repeat finding from 2010)


Fiscal
Year        Report Number                          Report Title                        Date Issued

2013         2012-08-PUR         Performance Audit of EEOC Charge Card                 03/28/2013
                                               Program

        EEOC should perform further analysis on its government charge card operations to identify
         the controls to be implemented in compliance with OMB directives. Specifically, the EEOC
         must review and update the identification of procedures performed using the new accounting
         system (FCS) as well as the current duties of personnel interacting with the system. The
         EEOC should meet with all process lead personnel to determine what controls are or should
         be in place to ensure that fraud, waste, abuse, and misuse are not present in the charge card

                                                                                             22
         OIG Semiannual Report                April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

     program. The EEOC should identify all requirements in OMB Circular A-123, Appendix B,
     and determine the procedures necessary to comply with the requirements and ensure that
     policies and procedures are reviewed on an annual basis or more frequently if substantial
     changes have occurred in EEOC’s systems or if laws and regulations have been issued. This
     will help to ensure that policies and procedures are appropriate for the current environment.

    EEOC should develop a system to (1) identify and track all charge card activity, including
     open accounts, closed accounts, cardholder approver levels, and cardholder training; (2)
     perform an evaluation of service providers’ controls over the charge card program to ensure
     that controls are appropriate and operating effectively; and (3) monitor all controls, whether
     performed at EEOC or at a service provider, at least annually, to ensure that controls remain
     adequate and continue to operate effectively.

    EEOC should develop policies and procedures to identify and track all required training of
     cardholders. Documentation should be maintained following National Archives and Records
     Administration requirements for cardholders who have successfully completed training
     requirements.

    EEOC should develop controls over the retention of application documents for charge card
     accounts.

    EEOC should monitor controls over transaction approval, whether performed at EEOC or at a
     service provider.

    EEOC should implement policies and procedures regarding record retention for purchase and
     travel card transactions.

    EEOC should develop and implement policies to require reviews of total cardholder activity
     to ensure compliance with monthly spending authority for all cardholders. Management
     should maintain documentation of authority to exceed cardholders’ spending limits. Penalties
     for exceeding authorized spending limits should be established and enforced.

    EEOC should develop and implement policies and procedures to use data mining to monitor
     charge card activity.




                                                                                         23
     OIG Semiannual Report                April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

  Fiscal        Report
  Year          Number                           Report Title                        Date Issued

   2008      2008-03-AMR         Oversight of Federal Agency Reporting               09/26/2008
                                Management Directive 715 (MD-715) and
                                             Related Topics

          EEOC should require Federal agencies to submit Part G of their Equal Employment
           Opportunity assessment with their annual EEOC Management Directive MD-715
           submissions.

As required by Section 5(a)(10) of the Inspector General Act of 1978, as amended, semiannual
reports must include a summary of each audit report issued before the start of the reporting
period for which no management decision has been made by the end of the reporting period. The
OIG has no audit or evaluation reports that were issued before the reporting period began for
which no management decision has been made.




                                                                                          24
           OIG Semiannual Report             April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

         The Investigation Program
         The Investigation Program supports the OIG’s strategic goal to focus
         limited investigative resources on issues that represent the greatest risk
         and offer the maximum opportunity to detect and prevent fraud, waste,
         and abuse in EEOC programs and operations



                           Investigative Inquiries
                      Investigative Inquires Received
                     April 1, 2016 – September 30, 2016

                     Allegations                 Number

         Charge Processing                                177

         Other Statutes                                    91

         Title VII                                        105

         Mismanagement                                      3

         Ethics Violations                                  1

         Backgrounds                                        2

         Theft                                              0

         Threats                                            1

         Fraud                                              0

         Other Criminal Allegations                         2

         Congressional Inquiries                            0

         Total                                            382




                                                                                25
   OIG Semiannual Report               April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Completed Investigative Activities

Conflict of Interest
The Office of Legal Counsel referred two allegations for possible violations of Title 18 U.S.C.
§208 - Acts Affecting a Personal Financial Interest, concerning two EEOC employees in
performance of their respective duties. Our investigators reviewed, investigated the two
allegations and determined that both employees’ actions can be classified as strictly perfunctory
or administrative in nature, which means the employee made no decision, conducted no
investigation, and made no determinations. Both of these matters were closed.

Ongoing Investigative Activities
Our office has ongoing investigations in several field offices involving such matters as ethics
violations, conflicts of interest, misuse of position, mismanagement, false statements, and
falsification of government records.




                                                                                              26
         OIG Semiannual Report                 April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Appendixes

Appendix I. Final OIG Audit and Evaluation Reports

                       Date                         Funds Put to    Unsupported
   Report Title                 Questioned Costs
                      Issued                         Better Use        Costs

     Report on
 Compliance with
Improper Payments
  Elimination and
     Recovery         5/11/16         $0                $0               $0
 Improvement Act
     (IPERA)



   Evaluation of
    Litigation        7/8/16          $0                $0               $0



   Cybersecurity
Information Sharing
    Act of 2015
 Inspector General    8/12/16         $0                $0               $0
    Requirement
   (Section 406)



Review of the EEOC
  Commissioner’s
  Charge Process      9/19/16         $0                $0               $0



 Open Government
 and Transparency
 Progress Review      9/30/16         $0                $0               $0




                                                                              27
        OIG Semiannual Report           April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Appendix II. Index of Reporting Requirements

Inspector General
                               Reporting Requirements                    Page
   Act Citation

 Section 4(a)(2)    Review of Legislation and Regulations                N/A

 Section 5(a)(1)    Significant Problems, Abuses, and Deficiencies       10-11

                    Recommendations with Respect to Significant
 Section 5(a)(2)                                                         10-11
                    Problems, Abuses, and Deficiencies


                    Significant Recommendations Included in
 Section 5(a)(3)    Previous Reports on Which Corrective Action          14-24
                    Has Not Been Completed

 Section 5(a)(4)    Matters Referred to Prosecutorial Authorities        N/A

                    Summary of Instances Where Information Was
 Section 5(a)(5)                                                         N/A
                    Refused

 Section 5(a)(6)    List of Audit Reports                                 27

 Section 5(a)(7)    Summary of Significant Reports                       11-12

 Section 5(a)(8)    Questioned and Unsupported Costs                      27

                    Recommendations That Funds Be Put to Better
 Section 5(a)(9)                                                          27
                    Use

                    Summary of Audit Reports Issued Before the
                    Commencement of the Reporting Period for
 Section 5(a)(10)                                                         13
                    Which No Management Decision Has Been
                    Made

                    Significant Management Decisions That Were
 Section 5(a)(11)                                                        N/A
                    Revised During the Reporting Period

                    Significant Management Decisions with Which
 Section 5(a)(12)                                                        N/A
                    the Office of Inspector General Disagreed




                                                                                 28
        OIG Semiannual Report               April 1, 2016 – September 30, 2016
  EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	

Appendix III. Single Audit Act Reports
The Single Audit Act of 1984 requires recipients of Federal funds to arrange for audits of their
activities. Federal agencies that award these funds must receive annual audit reports to determine
whether prompt and appropriate corrective action has been taken in response to audit findings.
During the reporting period our received no audit reports issued by public accounting firms
concerning FEPAs that have work-sharing agreements with EEOC.

Appendix IV. Peer Review Reporting
Offices of Inspectors General are required to include their peer review results as an appendix in
semiannual reports to Congress in accordance with section 989C of the Dodd-Frank Wall Street
Reform and Consumer Protection Act (P.L. 111-203).
Peer Review of the OIG Audit Function
The Federal Trade Commission (FTC), OIG conducted a peer review of the system of quality
control for our office’s audit function for the period ending March 31, 2014. Their report, which
was issued December 8, 2014, offered a modified opinion that our office has established policies
and procedures that were current and consistent with applicable professional standards. The FTC
OIG gave our office a pass rating and made no recommendations. Our next peer review will
cover the period ending March 31, 2017.

Peer Review of the U.S. International Trade Commission’s OIG Audit Function

Our office completed a peer review of the U.S. International Trade Commission (ITC), OIG’s
audit organization system of quality control for the period ending September 30, 2015. Our peer
review report, issued April 18, 2016, resulted in an opinion that the system of quality control was
suitably designed and provided reasonable assurance that ITC’s OIG conforms to professional
standards in the performance of audits. Our office gave the ITC OIG a pass rating and made no
recommendations.




                                                                                                29
         OIG Semiannual Report                  April 1, 2016 – September 30, 2016
EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT	




                                                                30
   OIG Semiannual Report   April 1, 2016 – September 30, 2016