This semiannual report summarizes the OIG’s activities and accomplishments for the period October 1, 2019, through March 31, 2020. The OIG issued six audit and evaluation reports and one written advisory. The OIG resolved 435 investigative inquiries.
We conducted a review to determine the U.S. Equal Employment Opportunity Commission’s (EEOC) Fiscal Year (FY) 2019 compliance with the Improper Payments Information Act of 2002 (IPIA) (Pub. L. 107-300), as amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA) (Pub. L. 111-204), the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) (Pub. L.112-248), and the Federal Improper Payments Coordination Act of 2015 (Pub. L. 114-109). Office of Management and Budget (OMB) Memorandum M-18-20, “Transmittal of Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement,” June 26, 2018 (OMB Memorandum M-18-20), sets forth guidance and requirements specifically for compliance with IPIA, IPERA, and IPERIA.
This evaluation of the Federal hearings and appeals processes of the Equal Employment Opportunity Commission (EEOC) was conducted by The Center for Organizational Excellence, Inc. and CohnReznick LLP on behalf of the EEOC Office of Inspector General (OIG). The main objective of the assessment was to help the Office of Field Programs (OFP) and Office of Federal Operations (OFO) improve the efficiency and effectiveness of the Federal hearings and appeals processes by performing a forward-looking evaluation of key activities and providing recommendations for improvements.
The evaluation team developed four key findings and eleven ideas for improvement in OFO and OFP processes. The four findings that should be addressed are:
1. The Office of Field Programs has an outdated Administrative Judge (AJ) Handbook4 with standard operating procedures (SOPs) for the hearings process that are not consistently followed by District and Field offices.
2. Organizational structures in some District and Field offices do not match the ideal structure defined by management.
3. Integrated Mission System (IMS)5 development and upgrades do not match EEOC’s reporting and tracking needs.
4. The appeals intake process consistently runs at a slower pace than needed within OFO’s Compliance and Control Division (CCD).
The Federal Managers’ Financial Integrity Act (FMFIA), P.L. 97-255, as well as the Office of Management and Budget’s (OMB) Circular No. A-123, Management Accountability and Control, establish specific requirements for management controls. Each agency head must establish controls to reasonably ensure that: (1) obligations and costs are in compliance with applicable laws; (2) funds, property and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation; and (3) revenues and expenditures applicable to agency operations are properly recorded and accounted for to permit the preparation of accounts and reliable financial and statistical reports and to maintain accountability over the assets. FMFIA further requires each executive agency head, based on an evaluation conducted in accordance with applicable guidelines, to prepare and submit a signed statement to the President and the Congress disclosing whether the agency’s system of internal accounting and administrative control fully complies with requirements established in FMFIA.
We reviewed HRK’s report and related documentation and inquired of its representatives. Our review, as differentiated from an audit in accordance with GAGAS, was not intended to enable us to express, and we do not express, opinions on EEOC’s compliance with the DATA Act or conclusions about the effectiveness of internal controls, or conclusions on compliance with laws and other matters. HRK is responsible for the attached auditors’ report dated November 8, 2019, and the conclusions expressed therein. Overall, HRK determined EEOC met the requirements of the DATA Act.
We reviewed 45 fiscal year 2018 contract files at the Equal Employment Opportunity Commission (EEOC). We found that some contract files had incomplete contract orders and were missing the Contracting Officer Representative (COR) acceptance page. In addition, progress reports were not found in any of the contract files. Although the files usually contained sub dividers and were organized, it was cumbersome to find contract administration documents in many of the folders.
We interviewed nine CORs and reviewed 20 COR contract files. We found that insufficient oversight of CORs and internal guidance contribute to incomplete COR documentation and uncertainty among CORs about how to perform their duties. We found 29 documents were missing from the files, including COR appointment letters, invoices, and progress reports. Five CORs expressed a need for more consistency among the Contracting Officers and three said they would benefit from more procedural guidance on how to perform their duties.
Lastly, we found that the Office of the Chief Financial Officer (OCFO) usually pays contractor invoices on time; however, the COR review and approval process causes significant delays. Of the 268 invoices in our sample, 56 (21 percent) were overdue. On average, OCFO paid the invoices within 9 days of the CORs approval. However, contract invoices were in the system an average of 64 days prior to the CORs approval. CORs stated that the invoice system does not notify them when vendors submit invoices, which may contribute to the payment delays. We issued five recommendations to improve EEOC’s contracts administration activities.
For Fiscal Year (FY) 2019, the U.S. Equal Employment Opportunity Commission (EEOC), Office of Inspector General (OIG) contracted with Brown & Company CPAs and Management Consultants, PLLC (Brown & Company) to conduct a performance audit of EEOC’s compliance with the provisions of the Federal Information Security Modernization Act of 2014 (FISMA). FISMA requires agencies to develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Based on the results of our performance audit, Brown & Company concluded that EEOC’s information security program is substantially compliant with the FISMA legislation and applicable Office of Management and Budget (OMB) guidance. We determined EEOC’s information security programs are effective and provide reasonable assurance of adequate security. In conducting our audit work, we identified the following four findings related to EEOC’s security practices that can be improved.
1. EEOC OIT needs to monitor security controls over SharePoint.
2. EEOC OIT needs to remediate internal vulnerabilities on its network.
3. EEOC OIT needs to enforce its mobile device management compliance policies.
4. EEOC OIT needs to develop an action plan to address the SECURE Technology Act requirements.