Federal Reports

The Office of Inspector General (OIG) contracted with the independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to conduct a performance audit of EEOC’s information security program and practices in accordance with the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2022. The objective of this performance audit was to assess the effectiveness of the EEOC’s information security program and practices for the period October 1, 2021, through September 30, 2022. HRK found that the EEOC has established and maintained a constantly implemented information security program and practices. HRK has identified in its report areas of improvement in the form of findings and recommendations. The OIG, along with HRK, will conduct a virtual exit conference regarding FISMA on November 16, 2022, at 2:00 pm via MS Teams where the auditors from HRK will discuss the results of the audit.

The OIG reviewed the Veterans Health Administration’s (VHA) progress in monitoring their follow-up of canceled appointments during the COVID-19 pandemic.In 2020, the OIG reported that VHA had not followed up on about 32 percent of canceled appointments. VHA then implemented the Cancelled Appointments and Consult Management Initiative and created a cancellation report to track follow-up conducted for appointments originally scheduled to occur after July 21, 2020. The report allowed tracking by types of care, by month, and cumulatively, but VHA did not use all the reporting features. VHA required facilities to meet a minimum 80 percent follow-up rate or develop corrective action plans.VHA had evidence of follow-up activity for about 87 percent of appointments originally scheduled to occur from January through July 2021. However, when the OIG team evaluated follow-up by types of care, the assessment revealed that more than one-third of specific types of care fell below 80 percent, and every facility had at least one type of care below 80 percent. The team also assessed data by month and identified seven facilities that dropped below 80 percent during June and July 2021 (not evident in cumulative reporting). Since the cancellation report’s implementation, VHA officials have not reevaluated the tracked types of activity used to determine if an appointment had been followed up.VHA implemented monitoring procedures for follow-up of canceled appointments during the pandemic, but it can strengthen its oversight by using the cancellation report to monitor follow-up by type of care and by month, as well as by reassessing the activities that determine what appointments are followed up. VHA concurred with the OIG’s two recommendations on monitoring follow-up rates and assisting facilities that fell below the established metrics, as well as reassessing what constitutes follow-up activities.

EAC OIG, through the independent public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, audited EAC’s information security program for fiscal year 2022 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The objective was to determine whether EAC implemented selected security controls for certain information systems in support of FISMA.