U.S. Equal Employment Opportunity Commission Office of Inspector General Semiannual Report to the U.S. Congress April 1, 2016–September 30, 2016 Milton A. Mayo Jr. Inspector General EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT 1 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT OIG VISION Effective, efficient and accountable oversight of Agency programs, operations, and personnel. OIG MISSION To detect and prevent waste, fraud, and abuse and promote economy, efficiency, and effectiveness in the programs and operations of the Equal Employment Opportunity Commission. 2 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Contents Message from the Inspector General …………………………………………... 5 Executive Summary …………………………………………………………… 6 Introduction …………………………………………………………………… 8 The Audit and Evaluation Program …………………………………………… 10 Completed Projects New and Ongoing Audit and Evaluation Projects Audit Follow-up The Investigation Program ……………………………………………………. 25 Investigative Inquiries Completed Investigative Activities Ongoing Investigative Activities Appendixes ……………………………………………………………………. 28 Appendix I. Final OIG Audit and Evaluation Reports Appendix II. Index of Reporting Requirements Appendix III. Single Audit Act Reports Appendix IV. Peer Review Reporting 3 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT THIS PAGE INTENTIONALLY LEFT BLANK 4 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Message from the Inspector General In accordance with the Inspector General Act of 1978, as amended, I submit this semiannual report for the period April 1, 2016, through September 30, 2016. This report summarizes the major activities of the U.S. Equal Employment Opportunity Commission’s (EEOC), Office of Inspector General (OIG) for this reporting period. Section 5 of the Inspector General Act of 1978 as amended, requires the Chair to transmit this semiannual report to the appropriate committees or subcommittees of the U.S. Congress within 30 days of its receipt. As an office, we continue to work closely with Agency stakeholders to improve dialogue, to promote innovation by identifying solutions to problems, and to foster continuous improvement. Through the use of the Cooperative Audit Resolution and Oversight Initiative (CAROI), our office has achieved significant results, including improved communication with program offices. Because of improved communications with program offices, the OIG has become more successful in its role in the resolution of outstanding recommendations. We conducted a quality control review of the U.S. International Trade Commission’s (ITC), OIG audit organization. Our review found that the ITC OIG Audit organization’s system of quality control was consistent with standards specified in the audit quality control guidelines. Our Senior Auditor and Evaluator were recognized by the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Training Institute for outstanding contributions. Staff members were recognized for: (1) participation in the curriculum development for the Intermediate Auditor Training Program; and (2) work as a lecturer for the Inspection and Evaluation Fundamentals Training Program. Furthermore, one of our Criminal Investigators participated on a multi-agency investigative team, and received a 2016 Public Service Award from the United States Attorney's Office, Eastern District of Virginia, Alexandria Division, for her role in the corruption investigation of Global Computer Enterprises, Inc. (GCE) of Reston, Virginia. Finally, on May 19 and 20, 2016, we co-hosted, with the Tennessee Valley Authority OIG, the annual CIGIE Inspectors General Conference in Richmond Virginia. As co-hosts we chose a different format from those of previous conferences in an attempt to initiate and foster a more interactive and collaborative conference environment. Additionally, we sought to create opportunities for follow-up training during the year. The three-day conference brought together over sixty federal Inspectors General who worked together in interactive sessions to analyze and discuss various cross-cutting issues that face the 21st century IG community. A follow-up session with this group is scheduled to be held on November 2, 2016. We remain committed to our mission and the U.S. Equal Employment Opportunity Commission’s efforts to achieve Justice and Equality in the Workplace. As always, we appreciate the support and cooperation of Chair Jenny Yang, the Commissioners, and employees of the Commission. Milton A. Mayo Jr. Inspector General 5 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Executive Summary This semiannual report is issued by the Equal Employment Opportunity Commission’s (EEOC’s) Office of Inspector General (OIG) pursuant to the Inspector General Act of 1978, as amended. It summarizes our activities and accomplishments for the period April 1, 2016, through September 30, 2016. During this period, our office issued five final audit/evaluation reports, completed two investigations, and received 382 hotline inquiries, of which 177 were charge processing issues, 105 were complaints related to Title VII of the Civil Rights Act of 1964, as amended, and 100 were other investigative allegations. Our completed, newly initiated, and ongoing audit, evaluation, and investigative projects include the following: Completed Audit/Evaluation Work A report that assessed the Agency’s litigation efforts, focusing on areas where gains in efficiency and effectiveness could be obtained. A report that the Agency complied with the Improper Payments Information Act of 2002, as amended by the Improper Payments Elimination and Recovery Improvement Act of 2012. A report answering questions required by the Cybersecurity Act of 2015, Inspector General Requirement of Section 406 (Federal Computer Security). A report updating EEOC’s Open Government Initiative progress. A report regarding the EEOC’s Commissioner charge process. Completed Investigations Two allegations from the Office of Legal Counsel regarding possible violations of Title 18 U.S.C. §208 - Acts Affecting a Personal Financial Interest. Ongoing and Newly Initiated Work The public accounting firm of Harper, Rains, Knight & Co., P.A., is performing the Fiscal Year (FY) 2016 Financial Statement Audit of EEOC. The public accounting firm of Brown and Company, CPAs PLLC., is performing the FY 2016 Independent Evaluation Audit of the Agency’s Adherence to the Federal Information Security Modernization Act (FISMA) of 2014. Agency policy directive EEOC Order 195.001, Management Accountability and Controls, requires that our office provide an annual written advisory to the Chair 6 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT regarding whether the management control evaluation process complied with Federal Managers’ Financial Integrity Act (FMFIA) of 1982 requirements. OIG has ongoing investigations in several field offices involving such matters as ethics violations, conflicts of interest, misuse of position, mismanagement, false statements, and falsification of government records. Also, in an ongoing effort to promote the importance of audit follow-up, our office and the Office of the Chief Financial Officer (OCFO) made a joint presentation to Agency program managers concerning audit follow-up and its importance in building relationships to improve key Agency programs. The presentation focused on: Defining and providing an explanation regarding the importance of audit follow-up and audit resolution; Mapping the audit follow-up and resolution process; Communicating everyone’s role in the audit follow-up and resolution process; and Understanding the importance regarding how open communication and conflict resolution can assist in implementing recommendations. As part of this presentation the benefits of the Cooperative Audit Resolution Oversight Initiative (CAROI) were discussed, along with dialogue promoting innovation in identifying solutions to problems and fostering continuous improvement of the audit process. 7 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Introduction The Equal Employment Opportunity Commission The Equal Employment Opportunity Commission (EEOC) is the Federal agency responsible for enforcement of Title VII of the Civil Rights Act of 1964, as amended; the Equal Pay Act of 1963; the Age Discrimination in Employment Act of 1967; Sections 501 and 505 of the Rehabilitation Act of 1973 (in the Federal sector only); Title I of the Americans with Disabilities Act of 1990 and the Americans with Disabilities Act Amendments Act of 2008; Sections 102 and 103 of the Civil Rights Act of 1991; the Lilly Ledbetter Fair Pay Act of 2009; and the Genetic Information Nondiscrimination Act of 2008 (P.L. 110-233 Stat. 881), also referred to as GINA. These statutes prohibit employment discrimination based on race, sex, color, religion, national origin, age, disability, or genetic information. EEOC is also responsible for carrying out Executive Order 12067, which promotes coordination and minimizes conflict and duplication among Federal agencies that administer statutes or regulations involving employment discrimination. EEOC is a bipartisan commission composed of five presidentially appointed members, which include a Chair, a Vice Chair, and three Commissioners. The Chair is responsible for the administration and implementation of policy and for the Commission’s financial management and organizational development. The Vice Chair and the Commissioners equally participate in developing and approving EEOC policies, issuing charges of discrimination where appropriate, and authorizing the filing of lawsuits. In addition, the President appoints a General Counsel, who is responsible for conducting litigation under the laws enforced by the Commission. The Office of Inspector General The U.S. Congress established the Office of Inspector General (OIG) at EEOC through the 1988 amendments to the Inspector General Act of 1978. These amendments expanded the authority of designated Federal entities to create independent and objective OIGs. Under the direction of the Inspector General (IG), the OIG meets this statutory responsibility by conducting and supervising audits, evaluations, and investigations relating to Agency programs and operations. The OIG provides leadership, coordination and recommends policies for activities designed to promote economy, efficiency, and effectiveness in administering programs and operations. In October 2008, Congress passed the Inspector General Reform Act of 2008, which generally buttressed the independence of IGs, increased their resources and held them more accountable for their performance. The OIG is under the supervision of the IG, an independent EEOC official subject to general supervision by the Chair. The IG must not be prevented or prohibited by the Chair or any other EEOC official from initiating, carrying out, or completing any audit, investigation, evaluation, or other inquiry or from issuing any report. The IG provides overall direction, coordination, and leadership to the OIG; is the principal advisor to the Chair in connection with all audit and investigative matters relating to the prevention, identification, and elimination of waste in any EEOC program or operation; and recommends the proper boundaries of audit and investigation jurisdiction between the OIG and other EEOC organizations. The IG also develops a separate and independent annual budget for 8 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT the OIG; responds directly to inquiries from the public, Congress, or the news media; and prepares press releases, statements, and other information about the OIG’s activities. The Deputy Inspector General serves as the IG’s alter ego and participates fully in policy development and in management of the OIG’s diverse audit, investigation, evaluation, and support operations. The Counsel to the Inspector General is the sole legal advisor in the OIG, providing day-to-day guidance to the OIG’s investigation team, and is the primary liaison with Agency legal components and the Department of Justice. In addition to these positions, the OIG staff includes a chief technology officer, an evaluator, two auditors, two criminal investigators, and an administrative specialist. Currently the Deputy Inspector General and Confidential Support Assistant positions are vacant. 9 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT The Audit and Evaluation Program The Audit and Evaluation Program supports the OIG’s strategic goal of improving the economy, efficiency, and effectiveness of EEOC programs, operations, and activities. Completed Projects Compliance with the Improper Payments Elimination and Recovery Improvement Act of 2012 On May 11, 2016, our office reported that the EEOC complied with the Improper Payments Information Act of 2002, as amended by the Improper Payments Elimination and Recovery Improvement Act of 2012. The Agency conducted an Agency-wide risk assessment of vendor and travel payments made in FY 2015. In addition, the Agency relied on internal controls currently in place and indicated it would use the U.S. Treasury’s FedDebt System to recapture any potential improper payments. Evaluation of Litigation On July 8, 2016, our office issued a report that assessed the Agency’s litigation efforts, focusing on areas where gains in efficiency and effectiveness could be obtained. This evaluation was conducted under contract with the Urban Institute. The report contained twenty-one recommendations in the areas of priority setting, relationships and collaboration, performance management, measurement, analysis and data use, and administrative issues. Critical recommendations included: Provide more guidance regarding the field attorneys’ expected role in the priority charge handling procedures, including how systemic cases fit into operational directives; Develop a process for tracking compliance with injunctive relief contained in consent decrees; Pilot annual district office work plans to update priorities based on current national and local conditions and track progress toward Strategic Enforcement Plan and District Complement Plan goals; Encourage each regional attorney and district director to annually review the data on the status of pending charges and litigation, the resolution of charges and litigation over the prior year, staff workloads, any expected changing local and national conditions, and develop a district performance plan for the coming year; and 10 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Expand efforts to identify and share best practices in areas such as: (1) how to strengthen collaboration between attorneys and investigators; (2) ways for attorneys and investigators to analyze performance measurement data; (3) ways to follow up on compliance with consent decrees and conciliations; and (4) steps to make reasonably accurate projections of workload for the forthcoming year. Cybersecurity Information Sharing Act of 2015 Inspector General Requirement On August 12, 2016, our office issued a report in response to the requirements of the Cybersecurity Information Sharing Act of 2015, Section 406 (Federal Computer Security). Section 406 required that no later than 240 days after the enactment of the Act, each agency Inspector General would submit to their appropriate committees of jurisdiction in the Senate and the House of Representatives a report which included information regarding the Federal computer systems of the covered agency. Review of EEOC’s Commissioner Charge Process On September 19, 2016, our office issued a report to a member of Congress regarding the EEOC’s Commissioner charge process. In January 2016, we received a formal request to conduct a review of the Agency’s enforcement tactics regarding a specific Commissioner charge. In response, we reviewed: (1) how and why Commissioner charges are filed; (2) requirements and guidelines regarding a Commissioner charge; and (3) the various stages of the Commissioner charge process. In addition, we reviewed the circumstances that led to the filling of the Commissioner charge and if the process used by the Agency followed policies and procedures. Our review of key documents, EEOC’s Compliance Manual, charge data information and statistics, and information obtained through interviews with key stakeholders resulted in a conclusion that the process used by the Agency, concerning the charge in question, was consistent with procedures for filing a Commissioner charge. Open Government and Transparency Progress Review On September 30, 2016, our office issued a progress review on EEOC’s Open Government Initiatives. Our review determined that EEOC completed several Open Government activities while making substantial progress on others. Completed work includes: (1) developing a system allowing charging parties to view the status of their charge online; (2) increasing dialogue with the public; (3) posting information in plain language on HTTPS://EEOC.GOV; and (4) implementing key government-to-government electronic transactions. Areas where substantial progress was achieved include: (1) posting of private sector employer data; (2) implementing a digital charge system; and (3) updating the Open Government web page. 11 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT New and Ongoing Audit and Evaluation Projects FY 2016 Audit of the Consolidated EEOC Financial Statements The public accounting firm of Harper, Rains, Knight & Co., P.A., is performing the FY 2016 Financial Statement Audit of EEOC. The auditor’s opinion will be included in the Agency’s FY 2016 Performance and Accountability Report. In addition, the auditors will issue a management letter report identifying internal control weaknesses. FY 2016 Independent Evaluation of the Agency’s Adherence to the Federal Information Security Modernization Act The public accounting firm of Brown and Company, CPAs PLLC., is performing the FY 2016 Independent Evaluation Audit of the Agency’s adherence to the Federal Information Security Modernization Act (FISMA of 2014). A final report, with corresponding CyberScope submission, is planned to be issued in November 2016. Agency Compliance with the Federal Managers’ Financial Integrity Act Agency policy directive EEOC Order 195.001, Management Accountability and Controls, requires that an annual written advisory be provided to the Chair regarding the Agency’s management control evaluation process. Our advisory will report whether the Agency’s management control evaluation process was conducted in accordance with Federal Managers’ Financial Integrity Act (FMFIA) guidelines. Results will be included in the FY 2016 Performance and Accountability Report. 12 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Audit Follow-Up Audit follow-up is an integral part of good management and is a shared responsibility of Agency management officials and auditors. Corrective action taken by management to resolve findings and recommendations is essential to improving the effectiveness and efficiency of Agency operations. Section 5(a)(1) of the Inspector General Act of 1978, as amended, requires that semiannual reports include a summary description of significant problems, abuses, and deficiencies relating to the Agency’s administration of programs and operations disclosed by the OIG during the reporting period. Five new reports were issued during this reporting period (April 1, 2016– September 30, 2016); one of those reports contained findings. Reports Issued During This Reporting Period Fiscal Year Report Number Report Title Date Issued 2016 2016-04-AOIG Report on Compliance with 05/11/2016 Improper Payments Elimination and Recovery Improvement Act of 2012 2016 2015-01-LIT Evaluation of Litigation 07/08/2016 2016 2016-05-EOIG Cybersecurity Information 08/12/2016 Sharing Act of 2015 Inspector General Requirement (Section 406) 2016 2016-06-COIG Review of the EEOC 09/19/2016 Commissioner’s Charge Process 2016 2016-07-EOIG Open Government and 09/30/2016 Transparency Progress Review As required by Section 5(a)(3) of the Inspector General Act of 1978, as amended, semiannual reports shall provide an identification of each significant recommendation described in previous semiannual reports on which corrective action has not been completed. OIG staff met with Agency follow-up officials in September 2016. The OIG is reporting a total of 16 reviews with a total of 67 open recommendations for this reporting period. The following table shows those recommendations for which corrective actions have not been completed. 13 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Recommendations for Which Corrective Actions Have Not Been Completed Fiscal Year Report Number Report Title Date Issued 2016 2015-01-FIN FY 2015 Financial Statement Audit 11/16/15 EEOC update its controls over the maintenance of its accounting records. EEOC update its controls over the maintenance of its official personnel files and perform a thorough review of its employees’ personnel files to ensure that documentation is current and complete. Fiscal Year Report Number Report Title Date Issued 2016 2015-02-FIN FY 2015 Financial Statement Audit 1/15//16 Management Letter Report EEOC maintain all documentation associated with its transactions and review retention procedures in place at its new service provider and develop and document retention procedures over each type of transaction entered into its financial system. EEOC perform an assessment over their internal controls surrounding retention and accuracy of obligating supporting documentation in order to ensure compliance with the Anti-Deficiency Act. EEOC perform an assessment over their internal controls surrounding payment support retention and the payment of interest on late payments in order to comply with the Prompt Payment Act. Developing an assessment of EEOC’s internal control process in order to proactively manage and update internal controls. This should minimally consist of EEOC documenting what controls are performed by their shared services provider and what controls are performed at EEOC to ensure management has a clear understanding of their responsibilities. EEOC update its controls over the maintenance of its accounting records. EEOC should ensure that all documentation, whether held by EEOC or its shared service providers, is readily available. EEOC should coordinate with its service providers to identify the type of documentation that is available for each financial transaction, where that information is located, and how long the data is available for review. This information should be 14 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT clearly documented in EEOC’s policies and procedures. Additionally, management should perform a thorough review of its files to ensure that documentation exists, is accurate, and is available for review. EEOC update its controls over the maintenance of its official personnel files. The controls currently in place are not capturing all changes to employee personnel files. EEOC should initiate new procedures to sample and review employee personnel files at least semi-annually to ensure that current documentation is included in the files. EEOC work with IBC to implement internal controls that will prohibit transactions being recorded with a “999999” default object class. Until that control is implemented, we recommend that EEOC review, at least monthly, its accounting transactions to ensure that the default object class is not utilized. The EEOC office accountable for compiling the Performance and Accountability Report (PAR) create and enforce internal deliverable milestones to ensure all OMB submission deadlines are met. These internal deliverable milestones should extend to all EEOC offices and require these offices to provide their content to EEOC’s accountable office prior to the established milestones. EEOC’s Office of the Chief Financial Officer (OCFO) should thoroughly review the final draft of the PAR prior to the submission to OMBB and the auditors in order to minimize edits required close to the PAR’s final submission deadline. This review should include a review of the financial statements against various federal reporting guidelines and checklist, such as GAO’s FAM 2020 checklist for Federal Reporting Disclosures. Fiscal Year Report Number Report Title Date Issued 2015 2015-03-EOIG Independent Evaluation of Agency 11/15/15 Adherence to the Federal Information Security Modernization Act We recommend that EEOC fully document, publish and enforce a CIO-approved organization-wide Information System Program Plan for common controls and hybrid controls across all systems and applications. We recommend the EEOC organization-wide Information System Program Plan include: o Names and contact information for the government and vendor partner personnel who are sharing responsibility for the definition and implementation of the EEOC common, hybrid, and application-specific controls. o An EEOC defined and approved population of common, hybrid and application controls. 15 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT o A Memorandum of Understanding (MOU), or similar document, that acknowledges the government’s and vendor’s responsibility for designing and implementing their assigned portions of the population of EEOC NIST 800-53 Revision 4 controls. We recommend that EEOC complete this organization-wide security program objective by publishing its approved organization-wide Information Security Program Plan population of common, hybrid, and application controls and continuously monitoring its approved common controls and hybrid controls. We recommend EEOC develop an organization-wide risk management strategy and processes to manage risk to organizational operations and assets, in accordance with NIST guidelines. We recommend EEOC develop, document, and implement a policy requiring FEPAs that collect, store, process, use and transmit EEOC data to implement information security controls that ensure data and access to data are secured. For example, the work-sharing agreement should include a clause that requires only authorized individuals access to the IMS system and that devices are updated with current system security patches and antivirus signatures before users connect to the system. We recommend that the EEOC develop special security controls for Field Offices that align with the Federal Managers’ Financial Integrity Act of 1982. In addition, we recommend the following improvements: o Assess the information systems security controls at the district, field and area offices. o Segregation of duties – Implement policies and procedure to ensure that managers do not have granting and approval rights for providing access to systems. o Segregation of duties – Implement policies and procedure to ensure managers do not have rights to both receive and store equipment. o System monitoring – Implement policies and procedure to ensure that IT staff have adequate skillsets to monitor information systems. In addition, provide annual network training. o COOP and DR – Provide IT staff COOP and DR training. o Confidentiality – Implement policies and procedures to ensure that the IT staff maintains confidentiality of sensitive data. o Network security – Install network monitoring devices and port security. o Safeguarding – Lock investigator’s office doors after hours and when the office is vacant. o Physical security (Baltimore) – Ensure that third-party security officer contractors enforce the barring notices and the ID verification procedures; and o Physical Security to Baltimore EEOC’s IT room – Ensure that only authorized EEOC personnel has access to EEOC’s field office IT facilities. 16 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT We recommend EEOC OIT implement multifactor authentication for remote access. Furthermore, we recommend EEOC use multifactor authentication where one of the factors is provided by a device separate from the computer gaining access. We recommend the EEOC: o Develop TT&E programs to test or exercise the EEOC BCP and IT DRP at the HQ and field office levels and determine their operational effectiveness. o Conduct after-action reporting that addresses issues identified during contingency/disaster recovery exercises and incorporates them into HQ and field office plan updates. o Coordinate the HQ OIT BCP and IT DRP TT&E programs with the 53 EEOC field office’s programs to ensure adequate levels of emergency preparedness and IT disaster recovery capability across EEOC. Develop and perform testing of system-specific contingency plans for the following EEOC General Support Systems and major applications: DNS; EEO-1 Survey System; DMS; and IMS. We recommend EEOC build upon existing HQ configuration management policy and procedures to deploy automated tools and procedures that accurately and completely detect, identify, and account for changes to the information system component inventory. Fiscal Year Report Number Report Title Date Issued 2015 2014-03-OE Evaluation of EEOC’s Outreach and 5/8/15 Education Program EEOC’s website needs to be updated when important events occur, perhaps in accordance with guidelines that EEOC’s Office of Communication and Legislative Affairs sets for itself. EEOC should provide analytical help to each district office to examine charge data related to its own geographic area in order to identify potential trends, opportunities, and priorities. EEOC and its district and field offices should routinely conduct follow-up through surveys with partners, perhaps three months after events. EEOC should provide resources for the regular analysis of OFP charges to provide evidence of outreach and education success—both for district and field offices and nationally. 17 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Year Report Number Report Title Date Issued 2015 2014-01-FIN FY 2014 Financial Statement Audit 11/17/14 EEOC should update its controls over the maintenance of its official personnel files. Additionally, management should perform a thorough review of its employees’ personnel files to ensure that documentation is current and complete. EEOC should implement procedures to ensure that it has a complete understanding of its service providers’ policies and procedures. Fiscal Year Report Number Report Title Date Issued 2015 2014-02-FIN FY 2014 Financial Statement Audit 1/13/15 Management Letter Report EEOC should monitor and enforce its policies and procedures over sensitive property. EEOC should monitor these controls to ensure that the controls remain adequate and continue to operate effectively. EEOC should update its policies and procedures to correctly state its current process. EEOC should monitor and enforce its policies and procedures over record retention for purchase and travel card transactions. EEOC should monitor these controls to ensure that the controls remain adequate and continue to operate effectively. Additionally, management should enforce penalties, such as disciplinary action, including restitution to the government and/or dismissal. EEOC should implement and monitor controls to ensure approving officials’ review and approval is documented for each purchase and travel card transaction. The policy or procedure should establish an appropriate period of time for retention of records, monitoring by the purchase card program manager, and appropriate disciplinary actions for noncompliance. EEOC should follow its guidelines for all expense transactions. We also recommend developing an assessment of EEOC’s internal control process in order to proactively manage internal controls and get the most from them. 18 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT EEOC should work with its service provider to implement internal controls that will catch all transactions with a zero object class. A monthly review of expense transactions will identify those with a zero object class. Fiscal Year Report Number Report Title Date Issued 2015 2014-08-EOIG FY 2014 Federal Information Security 12/16/14 Management Act Report Implementation of background checks for student interns to ensure that international visas are current. Development of policies and procedures to properly manage physical security access cards. Development of Continuity of Operations plans for field offices. Improved control over physical access to the data center and technology storage room. Fiscal Year Report Number Report Title Date Issued 2014 2013-08-PSA Performance Audit of the Agency’s 9/4/14 Personnel Security Program Identify all EEOC employees with o current or prior access to classified national security information; o a current adjudicated security clearance and the sponsoring agency, if applicable; and o special access or interim clearance and the sponsoring agency, if applicable. Develop and implement policies and procedures to address the safeguarding, transfer, storage, or disposal of classified information. The policy should include the requirements for memorandums of understanding (MOUs) between agencies. 19 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Implement a formalized training program for individuals who use classified information as a part of their duties. If an external agency is to assume the responsibility of training these individuals, this agreement should be documented in an MOU. Perform and document an assessment/evaluation of current classified information practices and safeguarding at headquarters and field offices to determine any noncompliance. Take immediate corrective action to address any noncompliance noted. Incorporate a review of controls over classified information in EEOC’s annual FMFIA process. Complete risk designations for the remaining estimated 194 EEOC covered positions. Review all employee electronic official personnel folders to ensure proper inclusion of the employee’s conflict of interest (COI) disclosure, and in instances where the documentation is missing, insert it. Explore using alternative staffing options, such as contract employees, part-time employees, or employees on detail in order to become current on risk designations, reinvestigations, the FPPS, COIs, and adjudication reporting. Document the process of deciding what type of employees to use for this work. Update and implement comprehensive policies and procedures for physical security. These policies and procedures should include but not be limited to the following: o Providing training for the Federal Supply Class member or designee at each field office location at least annually. o Developing and implementing an on-site field office security assessment program that includes performing assessments and/or spot checks of field office security measures by the OCFO on a rotational basis as it relates to Interagency Security Committee requirements. o Assisting field offices and ensuring that they correct noted security weaknesses or document acceptance of risk where EEOC has determined corrective action will not be taken. Revise the field office self-assessment checklist to include facility security and credentialing information. Immediately correct any known weaknesses. If EEOC decides not to correct a noted weakness, it should document this analysis and its acceptance of the associated risk. Increase coordination between OCFO and OFP to improve field office security posture, awareness, and training to ensure compliance with applicable EEOC orders and guides; 20 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT with Facility Security Committees: An Interagency Security Committee (ISC) Standard, second edition, dated January 1, 2012; and with other applicable ISC standards. Fiscal Year Report Number Report Title Date Issued 2014 2013-FIN-01 FY 2013 Financial Statement Audit 12/16/13 EEOC should update and revise the manner in which it controls the maintenance of its official personnel files. Additionally, management should perform a thorough review of its employees’ personnel files to ensure that documentation is current and complete. (Repeat finding from 2012) Fiscal Year Report Number Report Title Date Issued 2014 2013-02-FIN FY 2013 Financial Statement Management 1/31/14 Letter Report EEOC management should consistently review and approve all documents as prescribed by its policies and procedures. Policies and procedures should be reviewed and updated to ensure they reflect the most current protocol. EEOC should establish and implement controls to prevent waste, fraud, and misuse in the credit card program. On an annual basis, EEOC should review and update the Charge Card Program Guide for substantial changes. Additionally, EEOC should monitor the controls to ensure that they are working effectively. Fiscal Year Report Number Report Title Date Issued 2014 2013-05- FY 2013 Federal Information Security 12/10/13 FISMA Management Act Report The OIG recommends that the EEOC OIT implement multifactor authentication for remote access. The OIG further recommends that the multifactor authentication use one factor provided by a device separate from the computer gaining access. (Repeat finding from 2008) 21 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Year Report Number Report Title Date Issued 2013 2012-09-REV Review of Evaluations 04/09/2013 EEOC should further standardize intake procedures across field offices. EEOC should document criteria for determining Category C charges. EEOC should continue efforts to develop a national approach for addressing and eliminating systemic discrimination. EEOC should continue to review the range of information obtained during intake interviews and review the manner in which the intake information is stored in the Integrated Mission System. EEOC should investigate the merits of expanding the information it obtains related to employee hiring and terminations. Fiscal Year Report Number Report Title Date Issued 2013 2012-01-FIN FY 2012 Financial Statement Audit Report 11/16/2012 EEOC should document and monitor implementation of all complementary user control considerations. (Repeat finding from 2010) Fiscal Year Report Number Report Title Date Issued 2013 2012-08-PUR Performance Audit of EEOC Charge Card 03/28/2013 Program EEOC should perform further analysis on its government charge card operations to identify the controls to be implemented in compliance with OMB directives. Specifically, the EEOC must review and update the identification of procedures performed using the new accounting system (FCS) as well as the current duties of personnel interacting with the system. The EEOC should meet with all process lead personnel to determine what controls are or should be in place to ensure that fraud, waste, abuse, and misuse are not present in the charge card 22 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT program. The EEOC should identify all requirements in OMB Circular A-123, Appendix B, and determine the procedures necessary to comply with the requirements and ensure that policies and procedures are reviewed on an annual basis or more frequently if substantial changes have occurred in EEOC’s systems or if laws and regulations have been issued. This will help to ensure that policies and procedures are appropriate for the current environment. EEOC should develop a system to (1) identify and track all charge card activity, including open accounts, closed accounts, cardholder approver levels, and cardholder training; (2) perform an evaluation of service providers’ controls over the charge card program to ensure that controls are appropriate and operating effectively; and (3) monitor all controls, whether performed at EEOC or at a service provider, at least annually, to ensure that controls remain adequate and continue to operate effectively. EEOC should develop policies and procedures to identify and track all required training of cardholders. Documentation should be maintained following National Archives and Records Administration requirements for cardholders who have successfully completed training requirements. EEOC should develop controls over the retention of application documents for charge card accounts. EEOC should monitor controls over transaction approval, whether performed at EEOC or at a service provider. EEOC should implement policies and procedures regarding record retention for purchase and travel card transactions. EEOC should develop and implement policies to require reviews of total cardholder activity to ensure compliance with monthly spending authority for all cardholders. Management should maintain documentation of authority to exceed cardholders’ spending limits. Penalties for exceeding authorized spending limits should be established and enforced. EEOC should develop and implement policies and procedures to use data mining to monitor charge card activity. 23 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Fiscal Report Year Number Report Title Date Issued 2008 2008-03-AMR Oversight of Federal Agency Reporting 09/26/2008 Management Directive 715 (MD-715) and Related Topics EEOC should require Federal agencies to submit Part G of their Equal Employment Opportunity assessment with their annual EEOC Management Directive MD-715 submissions. As required by Section 5(a)(10) of the Inspector General Act of 1978, as amended, semiannual reports must include a summary of each audit report issued before the start of the reporting period for which no management decision has been made by the end of the reporting period. The OIG has no audit or evaluation reports that were issued before the reporting period began for which no management decision has been made. 24 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT The Investigation Program The Investigation Program supports the OIG’s strategic goal to focus limited investigative resources on issues that represent the greatest risk and offer the maximum opportunity to detect and prevent fraud, waste, and abuse in EEOC programs and operations Investigative Inquiries Investigative Inquires Received April 1, 2016 – September 30, 2016 Allegations Number Charge Processing 177 Other Statutes 91 Title VII 105 Mismanagement 3 Ethics Violations 1 Backgrounds 2 Theft 0 Threats 1 Fraud 0 Other Criminal Allegations 2 Congressional Inquiries 0 Total 382 25 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Completed Investigative Activities Conflict of Interest The Office of Legal Counsel referred two allegations for possible violations of Title 18 U.S.C. §208 - Acts Affecting a Personal Financial Interest, concerning two EEOC employees in performance of their respective duties. Our investigators reviewed, investigated the two allegations and determined that both employees’ actions can be classified as strictly perfunctory or administrative in nature, which means the employee made no decision, conducted no investigation, and made no determinations. Both of these matters were closed. Ongoing Investigative Activities Our office has ongoing investigations in several field offices involving such matters as ethics violations, conflicts of interest, misuse of position, mismanagement, false statements, and falsification of government records. 26 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Appendixes Appendix I. Final OIG Audit and Evaluation Reports Date Funds Put to Unsupported Report Title Questioned Costs Issued Better Use Costs Report on Compliance with Improper Payments Elimination and Recovery 5/11/16 $0 $0 $0 Improvement Act (IPERA) Evaluation of Litigation 7/8/16 $0 $0 $0 Cybersecurity Information Sharing Act of 2015 Inspector General 8/12/16 $0 $0 $0 Requirement (Section 406) Review of the EEOC Commissioner’s Charge Process 9/19/16 $0 $0 $0 Open Government and Transparency Progress Review 9/30/16 $0 $0 $0 27 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Appendix II. Index of Reporting Requirements Inspector General Reporting Requirements Page Act Citation Section 4(a)(2) Review of Legislation and Regulations N/A Section 5(a)(1) Significant Problems, Abuses, and Deficiencies 10-11 Recommendations with Respect to Significant Section 5(a)(2) 10-11 Problems, Abuses, and Deficiencies Significant Recommendations Included in Section 5(a)(3) Previous Reports on Which Corrective Action 14-24 Has Not Been Completed Section 5(a)(4) Matters Referred to Prosecutorial Authorities N/A Summary of Instances Where Information Was Section 5(a)(5) N/A Refused Section 5(a)(6) List of Audit Reports 27 Section 5(a)(7) Summary of Significant Reports 11-12 Section 5(a)(8) Questioned and Unsupported Costs 27 Recommendations That Funds Be Put to Better Section 5(a)(9) 27 Use Summary of Audit Reports Issued Before the Commencement of the Reporting Period for Section 5(a)(10) 13 Which No Management Decision Has Been Made Significant Management Decisions That Were Section 5(a)(11) N/A Revised During the Reporting Period Significant Management Decisions with Which Section 5(a)(12) N/A the Office of Inspector General Disagreed 28 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT Appendix III. Single Audit Act Reports The Single Audit Act of 1984 requires recipients of Federal funds to arrange for audits of their activities. Federal agencies that award these funds must receive annual audit reports to determine whether prompt and appropriate corrective action has been taken in response to audit findings. During the reporting period our received no audit reports issued by public accounting firms concerning FEPAs that have work-sharing agreements with EEOC. Appendix IV. Peer Review Reporting Offices of Inspectors General are required to include their peer review results as an appendix in semiannual reports to Congress in accordance with section 989C of the Dodd-Frank Wall Street Reform and Consumer Protection Act (P.L. 111-203). Peer Review of the OIG Audit Function The Federal Trade Commission (FTC), OIG conducted a peer review of the system of quality control for our office’s audit function for the period ending March 31, 2014. Their report, which was issued December 8, 2014, offered a modified opinion that our office has established policies and procedures that were current and consistent with applicable professional standards. The FTC OIG gave our office a pass rating and made no recommendations. Our next peer review will cover the period ending March 31, 2017. Peer Review of the U.S. International Trade Commission’s OIG Audit Function Our office completed a peer review of the U.S. International Trade Commission (ITC), OIG’s audit organization system of quality control for the period ending September 30, 2015. Our peer review report, issued April 18, 2016, resulted in an opinion that the system of quality control was suitably designed and provided reasonable assurance that ITC’s OIG conforms to professional standards in the performance of audits. Our office gave the ITC OIG a pass rating and made no recommendations. 29 OIG Semiannual Report April 1, 2016 – September 30, 2016 EEOC OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT 30 OIG Semiannual Report April 1, 2016 – September 30, 2016
Semiannual Report: Apr-Sep 2016
Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2016-11-01.
Below is a raw (and likely hideous) rendition of the original report. (PDF)