The Federal Managers' Financial Integrity Act of 1982 as well as the Office of Management and Budget's Memorandum-16-17, Circular A-123 Management responsibility for Enterprise Risk Management and Internal Control established specific requirements for management control. 

Based on the OIG's review, the agency's management control review process was conducted in accordance with applicable guidance.

The Office of Inspector General (OIG) contracted with the independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to audit the financial statements of the U.S. Equal Employment Opportunity Commission (EEOC) for fiscal years ended September 30, 2023, and 2022, and to report on EEOC's internal controls over financial reporting, and compliance with laws, regulations, contracts, and other matters. The contract required that HRK conduct the audit in accordance with generally accepted government auditing standards (GAGAS) contained in Government Auditing Standards, issued by the Comptroller General of the United States, Office of Management and Budget (OMB) audit guidance, and U.S. Government Accountability Office/Council of the Inspectors General on Integrity and Efficiency Financial Audit Manual.

We conducted this performance audit in accordance with generally accepted government auditing standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. 
The objective of this performance audit was to assess the effectiveness of the EEOC’s information security program and practices for FY 2023. As part of our audit, we responded to the core metrics and supplemental metrics identified in the FY 2023 -2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics (IG Metrics), the associated FY 2023 Inspector General FISMA Metrics Evaluator’s Guide, and assessed the maturity levels on behalf of the EEOC OIG to be consistently implemented, which is not effective, per the IG Metrics. We also considered applicable OMB policy and guidelines, National Institute of Standards and Technology’s (NIST) standards and guidelines, and the NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). 

In September 2022, the U.S. Equal Employment Opportunity Commission (EEOC) Office of Inspector General (OIG) contracted with KAI Partners, Inc. (KAIP) to perform an evaluation of EEOC’s outward-facing customer portals. OIG instructed KAIP to evaluate how well the portals meet EEOC’s strategic needs, as well as assess key performance aspects of the portals from the perspectives of how well they assist stakeholders and how well they function as web applications.

The Office of Inspector General contracted with the certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to conduct an independent evaluation of EEOC's compliance with PIIA for FY2022. HRK determined EEOC was not compliant with PIIA annual reporting consistent with Appendix C of OMB Circulars A-123 and A-136. The Evaluation Report includes three recommendations.

To ensure that corrective action on our findings and recommendations proceed as rapidly as possible, the Office of Management and Budget issued Circular Number A-50, Audit Follow-up. EEOC Order 192.002, Audit Follow-Up Program, implements Circular Number A-50 and requires that for resolved recommendations, a corrective action work plan should be submitted within 30 days of the final audit report date describing specific tasks and completion dates necessary to implement audit recommendations. Circular Number A-50 requires prompt resolution and corrective action on audit recommendations within six months of final report issuance.