MEMORANDUM
TO: Naomi C. Earp
Chair
FROM: Aletha L. Brown
Inspector General
SUBJECT: Agency Compliance with the Federal Managers Financial Integrity Act
(OIG Report No. 2006-09-AIC)
The Federal Managers’ Financial Integrity Act (FMFIA), P.L. 97-255, as well as the Office of Management and Budget’s (OMB) Circular A-123, Management Accountability and Control, establish specific requirements with regard to management controls. Accordingly, each agency head must establish controls to reasonably ensure that: (1) obligations and costs are in compliance with applicable laws; (2) funds, property and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation; and (3) revenues and expenditures applicable to agency operations are properly recorded and accounted for, in order to permit the preparation of reliable financial and statistical reports, as well as to maintain accountability over the assets. FMFIA further requires each executive agency head, on the basis of an evaluation conducted in accordance with applicable guidelines, to prepare and submit a signed statement to the President disclosing that their agency’s system of internal accounting and administrative controls fully comply with requirements established in FMFIA.
On October 31, 2006, the Office of Research, Information and Planning (ORIP) submitted EEOC’s Fiscal Year 2006 Federal Managers’ Financial Integrity Act Assurance Statement to the President, to the Office of Inspector General (OIG) for review. Agency regulation, EEOC Order 195.001, Internal Control Systems requires this office to annually provide a written advisory to the Chair on whether the management control evaluation process complied with OMB guidelines. To make this determination OIG reviewed: (1) assurance statements submitted by headquarters and district directors attesting that their systems of management accountability and control were effective and that resources under their control were used consistent with the agency’s mission and in compliance with the laws and regulations set out in the FMFIA of 1982; (2) all functional area summary tables, and functional area reports; and (3) ORIP’s Fiscal year 2006 Federal Managers’ Financial Integrity Act Assurance Statement and Assurance Statement Letter, with attachments. Based on our independent assessment of this year’s process, OIG is pleased to advise you that the Agency’s management control evaluation was conducted in accordance with OMB’s standards.
Further, based on the results of audits, evaluations, and investigations conducted by OIG during Fiscal Year 2006, OIG concurs with ORIP’s assertion that a material weakness was found in the Agency’s Information Security Program. This weakness resulted from our independent evaluation of the Agency’s implementation of Federal Information Security Management Act of 2002 (FISMA)for FY 2006 which disclosed a significant deficiency in its Information Security Program. Based upon recent revisions to the Office of Management and Budget guidance (Circular A-123), the Agency is required to identify a FISMA significant deficiency as a FMFIA material weakness.
While there were no other material weaknesses reported, it is important to note that as reported in the September 30, 2006 Semiannual Report to Congress, the OIG completed an investigation on a security breach/information loss which was not included in FY 2006 FMFIA reports.[1]
Finally, regarding the disclosure of several incidents of financial non-conformance noted in Attachment 4 of the Assurance Statement Letter, OIG concludes that these non-conformances were corrected during the fiscal year.
[1] OIG Agents conducted an investigation into the allegation that after the former New Orleans Office was vacated due to Hurricane Katrina, case files and other personal information, including confidential information, were left open to public access. OIG Agents traveled to New Orleans and secured the old office space and materials. The information and other materials were released to Agency Officials for appropriate disposal and relocation from the site. After advising Agency Officials, the Office of Information Technology (OIT) reported the alleged breach of information to the United States Computer Emergency Readiness Team (US CERT), under the Department of Homeland Security.
This page was last modified on December 7, 2006
