Federal Reports

For Fiscal Year (FY) 2019, the U.S. Equal Employment Opportunity Commission (EEOC), Officeof Inspector General (OIG) contracted with Brown & Company CPAs and ManagementConsultants, PLLC (Brown & Company) to conduct a performance audit of EEOC’s compliancewith the provisions of the Federal Information Security Modernization Act of 2014 (FISMA).FISMA requires agencies to develop, document, and implement an agency-wide informationsecurity program to provide information security for the information and information systems thatsupport the operations and assets of the agency, including those provided or managed by anotheragency, contractor, or other source.

The Office of the Inspector General audited the effectiveness of the Tennessee Valley Authority’s (TVA) implementation of a new identity and access management (IAM) solution. We found the TVA project team has effectively implemented the IAM program and related projects. TVA expanded the IAM program to include additional user access management tools and processes, which included privileged identity management. We identified documentation concerns regarding privileged identity management that were (1) communicated to the project management team during the audit and (2) addressed by TVA management prior to completion of rollout.

During fiscal year 2019, we reviewed package scanning procedures at 25 Postal Service delivery units to determine if employees were properly scanning packages. During our audits, we found that Postal Service employees were not always following package scanning procedures at 21 of the 25 units. Customers rely on accurate scan data to track their packages in real time. When employees do not scan mailpieces correctly, customers are unable to determine the actual status of their packages. By improving scanning operations, management can potentially improve mail visibility, increase customer satisfaction, and enhance the customer experience and the Postal Service brand.

The Child Care and Development Block Grant Act (CCDBG Act) of 2014 added new requirements for States that received funding from the Child Care and Development Fund (CCDF) to conduct comprehensive criminal background checks on staff members and prospective staff members of childcare providers every 5 years. Criminal background check requirements apply to any staff member who is employed by a childcare provider for compensation or whose activities involve the care or supervision of children or unsupervised access to children.

For a covered outpatient drug to be eligible for Federal reimbursement under the Medicaid program's drug rebate requirements, manufacturers must pay rebates to the States for the drugs. However, a prior OIG audit found that States did not always invoice and collect all rebates due for drugs administered by physicians.

This is a review of NEA's Information Security profile including system security controls. Due to security concerns, this information is not published on the internet. You can obtain a copy of the memorandum through a freedom of information act request at the following link: https://www.arts.gov/freedom-information-act-guide.