The Office of Inspector General (OIG) and its contractor, Williams, Adley and Company, LLP (Williams Adley), jointly performed this review in accordance with generally accepted government auditing standards. These standards require the team to plan and perform the review to obtain sufficient and appropriate evidence to provide a reasonable basis for the findings and conclusions based on the objectives of the review. We believe the evidence obtained provides a reasonable basis for our findings and conclusions, and in all material respects, meets the FISMA reporting requirements prescribed by OMB. The audit work performed during the FISMA review disclosed a significant deficiency that requires EPA to take immediate or near-immediate corrective action in establishing and maintaining an account and identity management program for user accounts that reside on the Agency's network. While we found the Agency took steps to identify inactive network accounts, EPA offices do not take appropriate action to timely disable or terminate the accounts.