This report presents the results of our independent performance audit of the U.S. Equal
Employment Opportunity Commission's (EEOC) information security program and practices in
accordance with the Federal Information Security Modernization Act of 2014 (FISMA). FISMA
requires Federal agencies, including EEOC, to have an annual independent evaluation performed
of their information security programs and practices to determine the effectiveness of such
programs and practices, and to report the results of the evaluation to the Office of Management
and Budget (OMB) and the Department of Homeland Security (DHS). The EEOC Office of
Inspector General (OIG) contracted with Harper, Rains, Knight & Company, PA (HRK) to conduct
a performance audit of EEOC's information security program and practices for Fiscal Year (FY)
2024.

The Office of Inspector General (OIG) contracted with the independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to audit the financial statements of the U.S. Equal Employment Opportunity Commission (EEOC) for fiscal years ended September 30, 2024, and 2023, and to report on EEOC's internal controls over financial reporting, and compliance with laws, regulations, contracts, and other matters. The contract required that HRK conduct the audit in accordance with U.S. generally accepted government auditing standards (GAGAS) contained in Government Auditing Standards, issued by the Comptroller General of the United States, and Office of Management and Budget (OMB) audit guidance, and U.S. Government Accountability Office/Council of the Inspectors General on Integrity and Efficiency Financial Audit Manual.

The Federal Managers’ Financial Integrity Act of 1982 (FMFIA), P.L. 97-255, as well as the Office of Management and Budget’s (OMB) Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, M-16-17 establish specific requirements for management control. Each executive agency must establish controls to reasonably ensure that: (1) obligations and costs are compliant with applicable law; (2) funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation; and (3) revenues and expenditures applicable to agency operations are properly recorded and accounted for to permit the preparation of accounts and reliable financial and statistical reports and to maintain accountability over the assets.

The Equal Employment Opportunity Commission (EEOC) is responsible for enforcing federal laws that make it illegal to discriminate against a job applicant or an employee. Many states and localities have laws prohibiting employment discrimination and have their own agencies responsible for enforcing those laws. These agencies are often referred to as Fair Employment Practices Agencies (FEPA/FEPAs). The EEOC’s Office of Field Programs (OFP) manages the State, Local, and Tribal Programs (SLTP) that provide oversight of employment discrimination cases handled by FEPAs to ensure that EEOC standards are met for those cases.

The PIIA (Public Law 116-117) aims to improve efforts to identify and reduce government-wide improper payments. Agencies are required to identify and review all programs and activities they administer that may be susceptible to significant improper payments based on guidance provided by the OMB. Payment integrity information is published with the agency's annual financial statement in accordance with payment integrity guidance in OMB Circular A-1361. The agency must also publish applicable payment integrity information required in the accompanying materials to the annual financial statement in accordance with applicable guidance. The most common accompanying material to the annual financial statements is the payment integrity information published on paymentaccurancy.gov. The agency's Inspectors General are to review payment integrity reporting for compliance and issue an annual report.

The Federal Managers' Financial Integrity Act of 1982 as well as the Office of Management and Budget's Memorandum-16-17, Circular A-123 Management responsibility for Enterprise Risk Management and Internal Control established specific requirements for management control. 

Based on the OIG's review, the agency's management control review process was conducted in accordance with applicable guidance.