Recommendation Dashboard
Report 2018-007-AOIG - Performance Audit Report on the EEOC Charge Card Program: Fiscal Years Ending September 30 2018 and 2017
For purchase cards, the Administrative Officer (AO) or District Resources Manager (DRM) should maintain documentation of all account closures electronically or in hard copy. Documentation should include evidence of the name of the AO or DRM who received the employee's charge card, the date the card was turned in, the date the card was physically destroyed, and the date that account closure was confirmed by the Charge Card Vendor.
For travel cards, the Charge Card Program Manager (CCPM) should maintain documentation of all account closures electronically or in hard copy. Documentation should include evidence of the name of the immediate supervisor and/or servicing personnel officer who received the employee's charge card, the date the card was turned in, the date the card was cut in half, and the date that account closure was confirmed by the Charge Card Vendor. The policy or procedure should include monitoring by the CCPM and appropriate disciplinary actions for non-compliance.
Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation
We recommend the OIT review and remediate critical-risk, high-risk and moderate-risk vulnerabilities. These vulnerabilities should be resolved to avoid compromise to EEOC’s systems; or the Agency should document acceptance of the risk or reclassification of the risk
We recommend the OIT employed an automated mechanism that ensures sensitive PII is encrypted on removable mobile media.
We recommend the OCHCO and OIT conduct a baseline assessment of the EEOC’s cybersecurity workforce that includes (1) the percentage of personnel with IT, cybersecurity, or other cyber-related job functions who hold certifications; (2) the level of preparedness of other cyber personnel without existing credentials to take certification exams; and (3) a strategy for mitigating any gaps identified with appropriate training and certification for existing personnel.
Report 2017-007-AOIG - Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)
EEOC should develop a Trusted Internet Connection (TIC) program that meets OMB requirements to improve the agency’s security posture.
EEOC should conduct an e-authentication risk assessment for its digital systems and has not fully implemented multifactor authentication for logical and remote access for privileged and non-privileged users. (Repeat finding since FY 2008)
EEOC should implement an automated solution that provides a centralized, enterprise-wide view of risk across the agency.
Report 2017-006-AOIG - PERFORMANCE AUDIT OF THE COMPLIANCE WITH THE FINANCIAL AND AWARD DATA SUBMISSIONS FOR THE SECOND QUARTER FY 2017
EEOC’s Senior Accountability Officer (SAO), or their designee, should create a quarterly assurance package that includes all the necessary elements in the OMB guidance.
EEOC should perform additional reconciliations over Files C and D1 to determine the root cause of their differences, whether it is the known issue or a potential control issue with the data being submitted from the Contract Lifecycle Management (CLM) module.
Report 2017-002-EOIG - Evaluation of the EEOC’s Data Analytics Activities
Consider new approaches, such as web-enabled and cloud-based solutions, to support expanding IT infrastructure needs of both the analytics team as well as analytical product users.
Establish a data warehouse to address data retention, versioning, and reporting needs.
Invest in the generation of new metrics that quantify opportunity costs and corresponding benefits of data collection and data assurance.
Invest in modern reporting and visualization tools that allow for automated, customizable, visualization-enhanced reporting that effectively leverage a data warehouse.
Report 2016-008-EOIG - Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)
EEOC OIT should review and analyze critical, high, and medium vulnerabilities. These vulnerabilities should be resolved to avoid compromise of EEOC’s systems; or the agency should document acceptance of the risk or reclassification of the risk.
Report 2014-008-EOIG - Evaluation of Equal Employment Opportunity Commission’s (EEOC) Compliance with Provisions of the Federal Information Security Management Act of 2002 (OIG REPORT NUMBER 2012-03-FISMA
Implementation of background checks for student interns to ensure that international visas are current.
Development of policies and procedures to properly manage physical security access cards.
Report 2013-008-PSA - Performance Audit of the Agency’s Personnel Security Program
Immediately correct any known weaknesses. If EEOC determines not to correct a noted weakness, EEOC should document this analysis and their acceptance of the associated risk.
Implement a formalized training program for individuals who use classified information as a part of their duties. If an external agency is to assume the responsibility of training these individuals, this agreement should be documented in an MOU.
Develop and implement policies and procedures to address the safeguarding, transfer, storage, or disposal of classified information. The policy should include the requirements for Memorandums of Understanding between agencies.