We reviewed 45 fiscal year 2018 contract files at the Equal Employment Opportunity Commission (EEOC). We found that some contract files had incomplete contract orders and were missing the Contracting Officer Representative (COR) acceptance page. In addition, progress reports were not found in any of the contract files. Although the files usually contained sub dividers and were organized, it was cumbersome to find contract administration documents in many of the folders.
We interviewed nine CORs and reviewed 20 COR contract files. We found that insufficient oversight of CORs and internal guidance contribute to incomplete COR documentation and uncertainty among CORs about how to perform their duties. We found 29 documents were missing from the files, including COR appointment letters, invoices, and progress reports. Five CORs expressed a need for more consistency among the Contracting Officers and three said they would benefit from more procedural guidance on how to perform their duties.
Lastly, we found that the Office of the Chief Financial Officer (OCFO) usually pays contractor invoices on time; however, the COR review and approval process causes significant delays. Of the 268 invoices in our sample, 56 (21 percent) were overdue. On average, OCFO paid the invoices within 9 days of the CORs approval. However, contract invoices were in the system an average of 64 days prior to the CORs approval. CORs stated that the invoice system does not notify them when vendors submit invoices, which may contribute to the payment delays. We issued five recommendations to improve EEOC’s contracts administration activities.

For Fiscal Year (FY) 2019, the U.S. Equal Employment Opportunity Commission (EEOC), Office of Inspector General (OIG) contracted with Brown & Company CPAs and Management Consultants, PLLC (Brown & Company) to conduct a performance audit of EEOC’s compliance with the provisions of the Federal Information Security Modernization Act of 2014 (FISMA). FISMA requires agencies to develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Based on the results of our performance audit, Brown & Company concluded that EEOC’s information security program is substantially compliant with the FISMA legislation and applicable Office of Management and Budget (OMB) guidance. We determined EEOC’s information security programs are effective and provide reasonable assurance of adequate security. In conducting our audit work, we identified the following four findings related to EEOC’s security practices that can be improved.

1. EEOC OIT needs to monitor security controls over SharePoint.
2. EEOC OIT needs to remediate internal vulnerabilities on its network.
3. EEOC OIT needs to enforce its mobile device management compliance policies.
4. EEOC OIT needs to develop an action plan to address the SECURE Technology Act requirements.

The Office of Inspector General (OIG) contracted with the independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to audit the financial statements of the U.S. Equal Employment Opportunity Commission (EEOC) for fiscal years ended September 30, 2019 and 2018 to provide an opinion on internal control over financial reporting compliance with laws and other matters, and whether EEOC’s financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FMFIA