AOIG

Performance Audit of the EEOC Commercial Charge Card Program

We recommend EEOC management update its policies and procedures to include all required safeguards and internal controls to be compliant with the Government Charge Card Abuse Prevention Act of 2012. In addition, EEOC should create a monitoring control

We recommend EEOC management update its policies and procedures to include all required safeguards and internal controls to be compliant with the Government Charge Card Abuse Prevention Act of 2012. In addition, EEOC should create a monitoring control to review the policy when changes or updates are made to federal law or Office of Management and Budget or General Services Administration guidance. (Repeat Finding)

Performance Audit of the EEOC Commercial Charge Card Program

For purchase cards, EEOC management should create a control where management reviews, on a sample basis, purchase cards transactions to ensure all obligating documents and purchase orders are in conformity with EEOC Directives Transmittal Order 360.003

For purchase cards, EEOC management should create a control where management reviews, on a sample basis, purchase cards transactions to ensure all obligating documents and purchase orders are in conformity with EEOC Directives Transmittal Order 360.003, Commercial Purchase Charge Card Program Practical User’s Guide.

Performance Audit of the EEOC Commercial Charge Card Program

For purchase cards, EEOC management should create a control where management reviews, on a sample basis, the purchase card account closure documentation to ensure it adheres to the EEOC Purchase Card Audit Finding Update Memo

For purchase cards, EEOC management should create a control where management reviews, on a sample basis, the purchase card account closure documentation to ensure it adheres to the EEOC Purchase Card Audit Finding Update Memo.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT review and remediate critical-risk, high-risk, and mediumrisk vulnerabilities in accordance with EEOC OIT's assessment of risk. If the risk is not remediated then we recommend EEOC OIT document the acceptance of the risk.

We recommend EEOC OIT review and remediate critical-risk, high-risk, and medium risk
vulnerabilities in accordance with EEOC OIT's assessment of risk. If the risk is not
remediated then we recommend EEOC OIT document the acceptance of the risk.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT provide specialized training for SharePoint administrators and users to reduce the risk of exposing sensitive information and PII.

We recommend EEOC OIT provide specialized training for SharePoint administrators
and users to reduce the risk of exposing sensitive information and PII.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT conduct a privacy impact assessment of the SharePoint system to identify privacy issues and risks associated with the security settings; and to provide recommendations to mitigate potential privacy risk.

We recommend EEOC OIT conduct a privacy impact assessment of the SharePoint
system to identify privacy issues and risks associated with the security settings; and to
provide recommendations to mitigate potential privacy risk.

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OIT review and remediate critical-risk, high-risk and moderate-risk vulnerabilities. These vulnerabilities should be resolved to avoid compromise to EEOC’s systems; or the Agency should document acceptance of the risk or reclassification of the risk