oversight

Report 2017-003-AOIG - DATA ACT Readiness Review Report

Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2017-03-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

               U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
                              Washington, D.C. 20507

Office of
Inspector General

                                          March 30, 2017


MEMORANDUM


TO:                 Victoria A. Lipnic
                    Acting Chair

FROM:               Milton A. Mayo, Jr.
                    Inspector General

SUBJECT:            Transmittal of Digital Accountability Transparency Act (DATA Act)
                    Readiness Review Report (OIG Report No. 2017-03-AOIG)

Attached is the Final Report on the Office of Inspector General’s DATA Act Readiness
Review.

Our review focused on EEOC efforts to complete the first four steps of the DATA Act
Implementation Playbook.

Our review determined that EEOC is on track to meet the reporting requirements of the
Digital Accountability and Transparency Act. We did include three suggestions for
management’s consideration. Also we have included management’s comments in our
report.

If you have any questions or require additional information please contact Willie
Eggleston, OIG Senior Auditor, at extension 4372.

cc:
Germaine Roseboro, Chief Financial Officer

Raj Mohan, Director of Finance and Systems Services Division

Cynthia Pierre, Chief Operating Officer

Mona Papillon, Deputy Chief Operating Officer

Jim Paretti, Special Assistant
           U.S. Equal Employment Opportunity
                       Commission
                     Office of Inspector General




  DATA ACT READINESS REVIEW REPORT




                                  1
OIG Report No. 2017-03-AOIG                        March 30, 2017
                                       Background

The Digital Accountability and Transparency Act of 2014 (The DATA Act), P.L. No.
113-101, was enacted in 2014 and among other things, requires Federal agencies report
financial and payment data in accordance with data standards established by the
Department of Treasury (Treasury) and the Office of Management and Budget (OMB).
Data from agencies will be displayed on a website available to taxpayers and policy
makers. Inspectors General are required under the DATA Act to review statistical
samples of the data submitted by their agency and report on the completeness, timeliness,
quality and accuracy of the data sampled and the use of the data standards by the agency.

In accordance with the Act, the first sets of IG reports were originally due to Congress in
November 2016. However, agencies are not required to submit spending data in
compliance with the Act until May 2017. As a result of the reporting date anomalies, the
Council of Inspectors General on Integrity and Efficiency (CIGIE) communicated with
Congress and it was agreed that Inspectors General will submit their first reports in
November 2017, a 1-year delay from the due date in the statute and subsequent reports
are required to be submitted on a 2-year cycle. Inspectors General are encouraged to
engage their agencies to obtain an understanding of agency processes, systems, and
controls and to determine steps they are taking or planning on taking to meet the
requirements of the DATA Act.

In May 2015, the OMB and Treasury issued, OMB Memorandum M-15-12, Increasing
Transparency of Federal Spending by Making Federal Spending Data Accessible,
Searchable and Reliable and The Data Act Implementation Playbook. The DATA Act
Implementation Playbook identifies eight steps agencies are to take to comply with the
DATA Act. These include:

   1. Organize team (Chief Information Officer, Budget, Accounting, etc.) and identify
      a Senior Accountable Officer
   2. Review list of DATA Act elements and participate in data definition
      standardization
   3. Inventory Agency data associated with business processes




                                             2
OIG Report No. 2017-03-AOIG                                                   March 30, 2017
   4. Design and Strategize including planning changes to systems and business
      processes to capture multi-level data (e.g. summary and detail) and prepare
      estimates for FY 2017 budget projections
   5. Execute Broker – Implement system changes and extract data (mapping of data
      from agency schema to the DATA Act schema)
   6. Test Broker Implementation (test outputs to ensure data is valid)
   7. Update Systems (establish links between programs and financial data)
   8. Submission of Data (update and refine process)



                                        Objective

   The objective of our review was to gain an understanding of the processes, systems,
   and controls which the EEOC has implemented, or plans to implement, to report
   Federal agency expenditures and linking Federal contract, loan, and grant spending
   information in accordance with the requirements of the DATA Act.



                                 Scope and Methodology

   We conducted interviews with the EEOC’s DATA Act Senior Accountable Official
   (SAO) and Office of the Chief Financial Officer (OCFO) personnel to obtain an
   understanding of the agency’s DATA Act governance structure, coordination between
   EEOC and its Federal Shared Service Provider (FSSP), the U.S. Department of
   Interior (DOI), Interior Business Center (IBC). We reviewed EEOC’s FSSP’s
   processes, and controls planned for implementation of the DATA Act. Additionally,
   we communicated with the DOI Office of Inspector General (OIG) to discuss the
   results of their DATA Act Readiness Review of IBC.

   Our fieldwork was conducted from November 2016 through January 2017.




                                           3
OIG Report No. 2017-03-AOIG                                                March 30, 2017
                                        Results
                                   Overall Conclusion

   The EEOC is heavily dependent on its FSSP, IBC, for its Data Act implementation
   and reporting. EEOC has performed some of the recommended steps from the DATA
   Act Playbook and has collaborated with IBC to ensure the accuracy and completeness
   of data to be reported on behalf of EEOC. The four steps that EEOC performed were:
   Organize team, Review Elements, Inventory Data, and Design and Strategize. The
   EEOC needs to specifically document roles and responsibilities between the EEOC
   and IBC. Additionally, EEOC should develop a comprehensive implementation plan
   at the agency level even if it is relying on its FSSP to report DATA Act information
   on its behalf. Though it appears that IBC is on track in meeting DATA Act reporting
   requirements by May 2017, according to a report issued by the DOI’s OIG in
   December 2016, EEOC has the ultimate responsibility of ensuring the accuracy,
   quality, completeness, and timeliness of the data reported on its behalf.


                     EEOC‘s DATA Act Implementation Plan/Process

   EEOC is heavily dependent on IBC for system configuration setup and testing of files
   and data elements. We reviewed EEOC’s compliance with the first 4 steps of the
   Data Act Playbook since the remaining 4 steps were in the process of being completed
   by IBC. The remaining steps will be reviewed along with EEOC data reported by
   DOI in our report due in November 2017. We used a stop light approach for
   assessing key steps of the four applicable steps identified in the DATA Act Playbook
   (i.e. Green-Action Taken by Agency, Yellow-In Progress, and Red-No Action Taken
   by Agency).

                                Step 1-Organize Team

Task                                     EEOC                          IBC
1-1 Senior Accountable        The SAO for EEOC is the
Official (SAO) Identified     Chief Financial Officer.
                              The SAO has participated in
                              government wide DATA                     N/A
                              Act updates via
                              teleconference provided by
                              both IBC and the U.S.
                              Treasury DATA Act Project

                                           4
OIG Report No. 2017-03-AOIG                                               March 30, 2017
                              Management Office.
1-2 DATA Act Workgroup        The Agency did not
                              establish a DATA Act
                              workgroup of subject matter
                              experts as suggested in the                N/A
                              DATA Act Playbook.
                              EEOC staffers involved in
                              collaborating with IBC are
                              all from the OCFO.
                              Additionally, there is no
                              representative from EEOC
                              serving on the IBC
                              workgroup.
1-3 Key Implementation        The Agency identified          IBC in its Implementation
Milestones, Tracking, Roles   agency specific milestones     Plan notes that they will be
and Responsibilities          relating to DATA Act           in partnership with their
                              implementation.                customers on all aspects of
                                                             the DATA Act.
1-4 Document Role of IBC      EEOC documented agency         EEOC is one of eight
                              specific responsibilities      agencies where IBC will be
                              versus IBC responsibilities.   reporting DATA Act
                                                             information on their behalf.


                  Step 2-Review Standard DATA Element Definitions

Task                                     EEOC                            IBC
2-1 Review List of DATA       EEOC collaborated with         IBC will ensure a clear
Act Elements                  IBC in reviewing and           understanding of each
                              discussing the DATA Act        element and how that
                              Elements.                      element relates to their
                                                             customers’ business
                                                             operations.
2-2 Participate in DATA       The SAO participated in
Act Standardization through   government wide DATA
participation in Federal      Act updates via
groups in the Federal         teleconference provided by                 N/A
community to identify         Treasury’s DATA Act
challenges concerning         Project Management Office
DATA Act requirements         and the IBC that addressed
                              DATA Act challenges.


                                            5
OIG Report No. 2017-03-AOIG                                                 March 30, 2017
     Step 3-Perform Inventory of Agency Data and Associated Business Process

            Task                           EEOC                              IBC
3-1 Create inventory of        The Agency identified          IBC created an inventory
agency data and associated     standardized elements to       list for their customers to
business processes and trace   assist IBC in identifying      identify standardized
how DATA Act elements          potential gaps. EEOC           elements. IBC is analyzing
are used                       created an inventory of        where and how these
                               agency data and business       elements are currently used
                               processes tracing how the      and if there are any gaps.
                               DATA Act elements are
                               used or identify the
                               appropriate source system
                               to extract needed data and
                               identify gaps.


                               Step 4-Design and Strategize

            Task                          EEOC                      IBC
4-1 Capture Award ID to       EEOC collaborated with
link financial data to agency IBC in capturing Award ID
management systems            to link financial data to             N/A
                              agency management
                              systems.
4-2 Develop a                 EEOC has not developed a   IBC has a DATA Act
comprehensive                 comprehensive              Implementation Plan.
implementation plan           implementation plan as
                              suggested by the DATA Act
                              Playbook. Among the tasks
                              to be included in the plan
                              are descriptions of the
                              DATA Act planning
                              process, timelines, and
                              solutions for addressing
                              gaps in agency data,
                              challenges, and risks.




                                            6
OIG Report No. 2017-03-AOIG                                                 March 30, 2017
Department of Interior’s Data Act Implementation Plan/Process on Behalf of EEOC

The DOI’s OIG issued its Independent Report on the DATA Act Readiness Review of
IBC in December 2016. The DOI Inspector General concluded that IBC was on track in
meeting the DATA Act May 2017 deadline. Additionally, we contacted DOI OIG staff
and confirmed that DOI would be reporting DATA Act information on behalf of EEOC.



               EEOC’s DATA Act Readiness for the future IG Reviews

IBC will be responsible for DATA Act implementation which includes getting all the
system configurations setup and performing tests to ensure the files will include required
DATA Act elements. Additionally, IBC will do DATA Act reporting for EEOC and will
send the reporting results to EEOC’s SAO for certification.



                                    List of Concerns

   • EEOC’s SAO did not establish a DATA Act workgroup composed of members
     from across the organization as suggested by the DATA Act Playbook. The
     purpose of a workgroup is to determine key milestones, governance structure, and
     roles and responsibilities of people and offices within the agency. During our
     fieldwork, we noted instances where the SAO and OCFO personnel could not
     confirm the extent of agency involvement in various aspects of the DATA Act
     implementation. OCFO would contact other staff members working in other
     locations and or reach out to IBC asking them to identify who at EEOC was
     involved in collaborating with DOI to ensure necessary information was provided.
     If a DATA Act workgroup had been developed, it would have been easier for the
     SAO to identify what steps EEOC staff had participated in and the roles and
     responsibilities of the staff. Further, documenting the process used provides an
     audit trail for the future and may support any succession planning efforts.

   • EEOC did not document the roles and responsibilities between EEOC and IBC.
     During our fieldwork, EEOC was not aware and could not produce a specific
     listing of the responsibilities that DOI would perform on behalf of EEOC. After
     our questioning, EEOC reached out to DOI by email and obtained an
     understanding of the shared responsibilities. Since reaching out to DOI to gain an

                                            7
OIG Report No. 2017-03-AOIG                                                  March 30, 2017
       understanding of the shared responsibilities, EEOC has created standard operating
       procedures detailing the shared responsibilities.

   • EEOC did not prepare a DATA Act Implementation Plan which serves as a
     roadmap or project plan in ensuring implementation at the agency level. EEOC is
     relying on IBC’s implementation plan.



                              Suggestions for Management

   The Office of Inspector General suggests the following:

1-1 The EEOC’s SAO establish a workgroup in accordance with the DATA Act
    Playbook to provide oversight of the DATA Act implementation.

OCFO Response: We agree that EEOC does not have a formal workgroup. However,
the Office of the Chief Financial Officer (OCFO) has a team/informal workgroup that
include the CFO, Systems Accountant, Accountants, Acquisitions program specialists,
and DRMs. We have been working with the Department of Interior/Interior Business
Center (IBC) on the DATA Act. As you know, the Acquisitions, Budget and
Financial/Accounting staff report to the CFO. This structure is uncommon in the 24 CFO
Act agencies. Therefore, a formal workgroup for these agencies is mandatory since it
would facilitate communication, coordination, and oversight among subject matter
experts from different chains of command. A workgroup for them makes for smoother
implementation of any system programming changes required for separate interfaced
systems where the systems owners are not the same. EEOC is fortunate to have the
financial and acquisitions systems integrated in Oracle Federal Financials (OFF). The
CFO is the OFF system owner.

Many guidance issued by Treasury and OMB, is intended for the CFO Act agencies.
They expect the small agencies to comply; however, they understand that resources are
limited and that not all steps/processes will be followed. We believe that EEOC met the
intent of the requirement in the Playbook.

OIG Conclusion: We still believe that establishing a DATA Act workgroup would be
beneficial to the EEOC. The purpose of a workgroup is to determine key milestones,
governance structure, and roles and responsibilities of people and offices within the
agency. It will help strengthen project management over DATA Act implementation
efforts and adequately document project activities, key decision, and progress
monitoring.


                                            8
OIG Report No. 2017-03-AOIG                                                March 30, 2017
1-4 The SAO fully documented the specific roles between the EEOC and its shared
    service provider, DOI-IBC. Also, EEOC should continue to work closely with
    DOI-IBC staying abreast of progress and any challenges that may arise prior to
    the May 2017 reporting date to ensure that the deadline is met.

OCFO Response: We agree that the responsibilities of the CFO and IBC were not
documented in writing. As noted, prior to issuance of this report, a written procedure was
prepared documenting such. However, we disagree that the Agency did not create an
inventory of agency data and business processes tracing how the DATA Act elements are
used or identify the appropriate source system to extract needed data and identify gaps.
During FY 2015, EEOC converted to the IBC instance of OFF. As part of the systems
implementation effort, we reviewed the agency data and business processes mapping
them to the Data Act elements and identifying possible gaps.

Conclusion: We Concur. OCFO did create standard operating procedures detailing the
shared responsibilities between the Agency and IBC, as well as, created an inventory of
the agency data and business processes. We requested but did not receive support that
the agency had an inventory of agency data and had traced business processes to DATA
Act elements until the receipt of the CFO’s response to our draft report. Had the SAO
developed a workgroup and documented DATA Act steps planned and completed, we
believe this information could have been provided during our initial discussions.

4-2 The EEOC also should prepare an Implementation Plan in accordance with the
    DATA Act Playbook.

OCFO Response: We agree that OCFO has not prepared an implementation plan;
however, a plan was prepared by our shared service provider (IBC) for our review and
concurrence. The IBC plan was submitted to OMB and Treasury as required. In
addition, OCFO historically has used its shared service provider’s plans for any systems
implementation efforts. If we disagree, have questions or believe that further information
is required on the plan, we communicate that to the provider. This minimizes duplicate
efforts.

Conclusion: We still believe that an internal EEOC DATA Act implementation plan that
supports the IBC implementation plan would be beneficial. Documenting the steps
required and performed by EEOC staff will ensure that an audit trail exists that can be
followed in required future DATA Act reporting efforts. Also, we remind the OCFO that
the DATA Act reporting is concerned with the accuracy and completeness of data
available to the public rather than system implementation.




                                            9
OIG Report No. 2017-03-AOIG                                                 March 30, 2017
                                                                                       Attachment


                U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
                               Washington, D.C. 20507

                                            March 17, 2017

Office of the Chief Financial Officer

MEMORANDUM


TO:               Milton A. Mayo, Jr.
                  Inspector General


FROM:             Germaine P. Roseboro
                  Chief Financial Officer

SUBJECT:          Response to the OIG Report No. 2017-03-AOIG


Below is our response to the OIG Report No. 2017-03-AOIG dated March 10, 2017.

IG: The EEOC’s SAO establish a workgroup of Subject Matter Experts in accordance with the
DATA Act Playbook to provide oversight of the DATA Act implementation.

OCFO Response: We agree that EEOC does not have a formal workgroup. However, the
Office of the Chief Financial Officer (OCFO) has a team/informal workgroup that include the
CFO, Systems Accountant, Accountants, Acquisitions program specialists, and DRMs. We have
been working with the Department of Interior/Interior Business Center (IBC) on the DATA Act.
As you know, the Acquisitions, Budget and Financial/Accounting staff report to the CFO. This
structure is uncommon in the 24 CFO Act agencies. Therefore, a formal workgroup for these
agencies is mandatory since it would facilitate communication, coordination, and oversight
among subject matter experts from different chains of command. A workgroup for them makes
for smoother implementation of any system programming changes required for separate
interfaced systems where the systems owners are not the same. EEOC is fortunate to have the
financial and acquisitions systems integrated in Oracle Federal Financials (OFF). The CFO is
the OFF system owner.

Many guidance issued by Treasury and OMB, is intended for the CFO Act agencies. They
expect the small agencies to comply; however, they understand that resources are limited and
that not all steps/processes will be followed. We believe that EEOC met the intent of the
requirement in the Playbook.

IG: The SAO fully document the specific roles between the EEOC and its shared service
provider, DOI-IBC. Also, EEOC should continue to work closely with DOI-IBC staying abreast
of progress and any challenges that may arise prior to the May 2017 reporting date to ensure that
the deadline is met.
                                                                                       Attachment




OCFO Response: We agree that the responsibilities of the CFO and IBC were not documented
in writing. As noted, prior to issuance of this report, a written procedure was prepared
documenting such. However, we disagree that the Agency did not create an inventory of agency
data and business processes tracing how the DATA Act elements are used or identify the
appropriate source system to extract needed data and identify gaps. During FY 2015, EEOC
converted to the IBC instance of OFF. As part of the systems implementation effort, we
reviewed the agency data and business processes mapping them to the Data Act elements and
identifying possible gaps.

IG: The EEOC also should prepare an Implementation Plan in accordance with the DATA Act
Playbook.

OCFO Response: We agree that OCFO has not prepared an implementation plan; however, a
plan was prepared by our shared service provider (IBC) for our review and concurrence. The
IBC plan was submitted to OMB and Treasury as required. In addition, OCFO historically has
used its shared service provider’s plans for any systems implementation efforts. If we disagree,
have questions or believe that further information is required on the plan, we communicate that
to the provider. This minimizes duplicate efforts.

Attached is a timeline for your information.



Attachment




                                                2
                                                                                       Attachment




                                                                                            ATTACHMENT

THE TIMELINE:

Steps   Task Name                                                         Begin     End             Agency
1       Organizational Change Management                                   1/5/2015   5/2/2017      EEOC/IBC
2       Review Elements                                                    1/5/2015 9/29/2015       EEOC/IBC
3       Inventory Data                                                    7/13/2015 6/30/2016       EEOC/IBC
                Build Inventory List                                       1/5/2015 9/29/2015       EEOC/IBC
                Map to DATA Act Schema                                     8/3/2015 11/18/2015      EEOC/IBC
                Final requirements - Update mapping                       4/29/2016 6/30/2016       EEOC/IBC
4       Design and Strategize                                             6/22/2016    6/22/2016 IBC
                Finalize Vendor Solutions                                 6/22/2016    6/22/2016 IBC
5       Prepare Data for Submission to the Broker                          8/1/2016     3/3/2017 EEOC/IBC
                Unique Award ID - Deliver from Oracle (patch)              8/1/2016    8/31/2016    EEOC/IBC
                Configuration Updates - Deliver from Oracle (patch)       10/3/2016   11/30/2016    EEOC/IBC
                File A, B, C Data Extract - Deliver from Oracle (patch)    1/2/2017    1/31/2017    EEOC/IBC
                Linking Financial and Management System with Award ID      9/1/2016    9/30/2016    EEOC/IBC
                Configuration Updates                                     11/1/2016   12/30/2016    IBC
                File A, B, C - Extract Development                         2/1/2017     3/3/2017    IBC
                Establish Connectivity with Data Act Broker               10/4/2016   12/30/2016    IBC
6       Test Broker Implementation                                         8/1/2016    4/14/2017    EEOC/IBC
                Test preparation                                           8/1/2016     3/3/2017    EEOC/IBC
                Unit Testing                                              11/1/2016   12/30/2016    EEOC/IBC
                Integration Testing                                        3/6/2017    3/31/2017    IBC
                Acceptance Testing                                         4/3/2017    4/14/2017    EEOC/IBC
7       Update Systems                                                    4/17/2017     5/5/2017    IBC
                Update for File A, B and C                                4/17/2017     5/5/2017    IBC
8       Submit Data                                                        5/8/2017    5/12/2017    EEOC/IBC
              Submit File A, B and C                                       5/8/2017    5/12/2017    EEOC/IBC
9       Monitor, Control and Enhance                                      5/15/2017    9/29/2017    IBC