Federal Reports

We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by the Federal Information Security Modernization Act (FISMA). In Fiscal Year 2016, PBGC made progress improving its information security program by publishing its Information Security Risk Management Framework Process and requiring the use of PIV for authentication; however, improvements are still needed. More specifically, PBGC needed to permanently fill its risk executive position and ensure current NIST controls are fully and consistently implemented including controls over access control. The Corporation also needed to fully implement its information system continuous monitoring program. The OIG’s Report on Internal Controls Related to the Pension Benefit Guaranty Corporation’s Fiscal Year 2016 and 2015 Financial Statements Audit (AUD 2017-3/FA-16-110-2) presents additional details on the Corporation’s progress in mitigating IT control weaknesses identified in: (1) PBGC’s entity-wide security program and (2) access controls and configuration management.

EAC OIG, through the independent public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, audited EAC's financial statements for the fiscal years ended September 30, 2016, and September 30, 2015.

EAC OIG, through the independent public accounting firm of CliftonLarsonAllen LLP, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 for fiscal year 2016.