The Office of Inspector General (OIG) contracted with the independent certified public accounting
firm of Harper, Rains, Knight & Company, P.A. (HRK) to conduct a performance audit of EEOC’s
information security program and practices in accordance with the Federal Information Security
Modernization Act of 2014 (FISMA). The contract required HRK conduct the audit in accordance
with U.S. generally accepted government auditing standards (GAGAS) contained in Government
Auditing Standards, issued by the Comptroller General of the United States.
The objective of this performance audit was to assess the effectiveness of the EEOC’s information
security program and practices for the period October 1, 2020 through September 30, 2021. HRK
found that EEOC has established and maintained an effective information security program and
practices, consistent with applicable guidance. HRK has identified areas of improvement in the
form of findings and recommendations. EEOC’s management was given the opportunity to review
the draft report. Management’s responses are included in the report.