An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
This report presents the results of our independent performance audit of the U.S. EqualEmployment Opportunity Commission’s (EEOC) information security program and practices inaccordance with the Federal Information Security Modernization Act of 2014 (FISMA). FISMArequires Federal agencies, including EEOC, to have an annual independent evaluation performedof their information security programs and practices to determine the effectiveness of suchprograms and practices, and to report the results of the evaluation to the Office of Managementand Budget (OMB) and the Department of Homeland Security (DHS). The EEOC Office ofInspector General (OIG) contracted with Harper, Rains, Knight & Company, PA (HRK) to conducta performance audit of EEOC’s information security program and practices for Fiscal Year (FY)2023.
What We Looked AtTo prevent Government agencies from making improper payments, the Do Not Pay (DNP) Initiative (the Initiative) requires the agencies to verify recipients’ eligibility to receive payments in the U.S. Department of the Treasury’s (Treasury) Working System databases before the release of Federal funds. The Initiative is authorized and governed by the Payment Integrity Information Act (PIIA) of 2019 and an Office of Management and Budget (OMB) memorandum. As part of the Initiative, the Treasury’s Bureau of the Fiscal Service (BFS) developed the DNP Business Center, which provides agencies with a variety of ways to review recipients’ eligibility in the databases prior to award and payment. In fiscal year 2021, the Department of Transportation (DOT) made approximately $96 billion in payments to grant recipients, State and local governments, businesses, and individuals in support of DOT’s mission. While we have annually audited DOT’s compliance with PIIA, we have not assessed the Department’s compliance with the Initiative. Therefore, we initiated this audit to assess the Department’s internal controls for assuring compliance with the Initiative. What We FoundWe identified two internal control weaknesses that result in DOT’s lack of compliance with the Initiative. First, the Department lacks policies and procedures to ensure ineligible recipients do not receive payments. Also, DOT is not using the DNP portal for pre-payment checks as OMB guidance and PIIA require. Our RecommendationsWe made two recommendations to help strengthen the Department’s internal controls to comply with the Initiative. OST concurred with our recommendations. We consider the recommendations resolved but open pending completion of planned corrective actions.
The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year.In addition, it sets forth the OIG’s formal process for identifying priority issues and managing its workload and resources for FY 2024. Since 2014, the NRC OIG has also been assigned to serve as the OIG for the Defense Nuclear Facilities Safety Board. A separate document contains the OIG’s Annual Plan for our work pertaining to that agency.
