All Reports can be searched for by key words using the box to the right, or by date range using the tool below. The list below is sorted beginning with the newest.
Audits, Evaluations and Reviews
Audits, Evaluations and Reviews
CNCS has devoted significant resources to improving cybersecurity over the past few years, with meaningful progress. Although its information security program is not yet sufficiently mature, it can reach effectiveness with continued effort and investment.
Achieving effectiveness will require attention to weaknesses that pose significant risks to information security. Our 2017 evaluation found inadequacies in risk management, configuration management, identity and access management, information security continuous monitoring, and contingency planning. Enforcement of information security is inconsistent across the enterprise, with field components remaining especially vulnerable. These continuing vulnerabilities leave CNCS operations and assets at risk of unauthorized access, misuse and disruption. Our report offers 34 recommendations to address the identified weaknesses and assist CNCS in strengthening its information security program. Eight of the recommendations relate to prior findings that have not been completely addressed by CNCS.
The CNCS OIG contracted with CLA, LLP to review the controls put into place by the CNCS OIT to secure three internal web applications and associated infrastructure resulting in five recommendations. The objectives were to assess and report any risks that could lead to information technology security incidents, recommend improvements in the operations of the information systems, and identify gaps between the Corporation's current information security posture and industry best practices. CLA found critical application vulnerabilities, missing patches and unsupported software, incorrect documentation, and configuration weaknesses. CLA recommended that CNCS improve its patching effectiveness, update unsupported software, fully remediate configuration weaknesses and noted vulnerabilities, practice secure coding, and update its documentation.
We issued a disclaimer of opinion on the audit the National Service Trust Fund financial statements (Trust financial statements) as of September 30, 2017 and for the year then ended. CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support transactions in accordance with generally accepted accounting principles. Auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion (disclaimer).
We issued a disclaimer of opinion on the consolidated financial statements of the Corporation for National and Community Service (CNCS) as of September 30, 2017 and for the year then ended. Key audit findings were:
- CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support transactions in accordance with generally accepted accounting principles. Auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion (disclaimer);
- Four material weaknesses (Financial Reporting; Trust Fund Unpaid Obligations; Trust Service Award Liability Model; Grants Accrual Payable and Advance) and one significant deficiency (Information Technology Security Controls) in CNCS’s internal control over financial reporting;
- No instances of noncompliance with applicable provisions of laws, regulations, contracts, and grant agreements.
Had the scope of the auditors work been sufficient to enable them to express an opinion on the CNCS consolidated financial statements, other material weaknesses or significant deficiencies, or noncompliance or other matters may have been identified and reported.
CNCS did not fully comply with the DATA Act due to weaknesses in its existing financial reporting system (internal control over source systems) and internal control weaknesses within financial reporting, data management, and data reporting processes. CNCS did not submit complete, timely, quality, and accurate financial and award data for the FY 2017 second quarter. The Corporation continues to grapple with the implementation challenges previously reported in the readiness review, as well as new challenges identified by this performance audit.
Serve Washington administered $40,328,621 of AmeriCorps funds during the three years ending September 30, 2016. Serve Washington awarded subgrants to 17 organizations and was responsible for programmatic and financial oversight. No Serve Washington Commission incurred costs were questioned. An agreed-upon-procedures (AUP) did not question incurred costs by Serve Washington Commission.
However, the AUP identified improper and unsupported costs claimed by two subrecipients totaling $511,070 ($140,231 in Federal costs and $230,646 in match costs), plus an additional $136,773 in questioned education awards and $3,420 in accrued interest. The AUP also identified other deficiencies to include: (1) deficiencies with documenting claimed Federal and match costs or to ensure that the costs were allowable; (2) Failure to perform complete National Service Criminal History Checks for grant-funded staff, (3) Failure to accurately record and certify all member timesheet hours; (4) inadequate supervision of members recording teleservice and/or weekend service, and (5) non-compliance with AmeriCorps requirements for member performance evaluations.
Serve Washington concurred with some of the compliance findings. The Corporation will resolve the report’s findings and recommendations.
An agreed-upon procedures review on grant costs incurred by the Volunteer Louisiana Commission (VL) and two of its subgrantees identified questioned costs of $195,993.
The majority of the questioned costs ($194,951) were caused by deficiencies in VL’s and subgrantees’ time keeping systems, and the procedures used to conduct the National Service Criminal History Checks for their staffs. The remaining $1,042 of questioned costs stem from unsupported or unallowable costs charged to the grant. VL concurred with most of the compliance findings. The Corporation will resolve the report’s findings and recommendations.
One of the largest State Commissions, the New York State Office of National and Community Service (NYSONCS)1 administered AmeriCorps funds totaling $60,713,471 during the five years ending June 30, 2015. NYSONCS made subgrants to 51 organizations and was responsible for programmatic and financial oversight. The agreed-upon procedures (AUP) review of four of those subgrants—Blue Engine, Inc. (Blue Engine), Harlem Children’s Zone (HCZ), New York City Mayor’s Office (NYC Service), and the Service Collaborative of Western New York (TSCWNY)—found improper and unsupported costs totaling $8,294,909 ($1,263,141 in Federal costs and $6,984,056 in match costs), as well as an additional $46,069 in questionable education awards and $1,643 in accrued interest.
For the sixth consecutive year, the Corporation for National and Community Service (CNCS or the Corporation) did not comply with the Improper Payments Elimination and Recovery Act of 2010, as amended (IPERA), applicable Executive Orders and authoritative implementation guidance from Office of Management and Budget (OMB) in assessing and reporting in its FY 2016 Agency Financial Report (AFR) information concerning improper payments in CNCS programs. The Corporation has acknowledged that it did not meet its obligations in this area.
Seniors Council received grants of approximately $2 million from the Senior Companion Program (SCP) and the Foster Grandparents Program (FGP) between July 2013 and June 2015.
CNCS-OIG audited and questioned $45,546 or approximately 2.3 percent of the $2 million in Federal costs charged. The questioned costs resulted from the grantee not performing required background checks for its volunteers prior to beginning service and overstating its claimed expenditures by more than $10,000. Seniors Council also commingled funds for multiple grants and grant years, improperly drew down and misapplied Federal funds, and overstated grant expenditures on Federal Financial Reports (FFRs). Seniors Council had various compliance issues, including lack of budget-to-actual comparisons, an improper cost allocation methodology, unmet minimum volunteer service hours, and undocumented volunteers’ letter of agreements.
The initial financial management findings required immediate attention; therefore, CNCS-OIG issued a Management Alert to CNCS in July 2016. CNCS promptly adopted the recommendation to place a manual hold on further drawdowns until Seniors Council completed multiple corrective actions. Seniors Council concurred with most of the compliance findings. The Corporation will resolve the report’s findings and recommendations.
This memorandum summarizes the results of our readiness review of the implementation of the Digital Accountability and Transparency Act of 2014 (DATA Act) at the Corporation for National and Community Service (the Corporation or the Agency). The objective of this review was to assess the Corporation's efforts and implementation plans to report financial and payment data in accordance with the requirements of the DATA Act. The Office of Inspector General (CNCSOIG) conducted this review between May 2016 and October 2016.
The Corporation for National and Community Service (the Corporation or CNCS) has made significant progress in addressing the information security and privacy weaknesses identified in last year’s Federal Information Security Modernization Act of 2014 (FISMA) evaluation, resolving eight of 17 findings from FY 2015 and closing 67 of 90 recommendations open from prior years. CNCS has improved and updated its policies and procedures for key security program areas, e.g., information security continuous monitoring (ISCM), risk management and Plan of Action and Milestones (POA&M) management. It has also entered into new service level agreements with the information technology (IT) contractor that manages the Corporation’s desktops, servers and network infrastructure. These improvements led evaluators to reduce the severity of two previous program weaknesses from Significant Deficiencies to Control Deficiencies. Evaluators determined that the Corporation implemented improvements to close all seven recommendations related to privacy controls for protection of personally identifiable information (PII).
Nevertheless, much work remains to make information security fully effective at CNCS. The FY 2016 FISMA evaluation uncovered two new weaknesses relating to: (1) secure configuration management policies, procedures and practices; and (2) monitoring and remediation of server backup failures. CNCS’s ISCM and Incident Response Program are rated at Level 2: Defined on a maturity scale that ranges from Level 1: Ad hoc to Level 5: Optimized. Of the 57 security metrics in the remaining areas, testing identified 25 instances of noncompliance with applicable laws, regulations and authoritative guidance governing information security.
Why We Did This Study
The AmeriCorps National Civilian Community Corps (NCCC) is the only residential program operated by the Corporation for National and Community Service (CNCS). Enrolling up to 1200 members aged 18-24, NCCC offers an intense, team-based ten months of service.
Many of NCCC’s activities duplicate those of grantees in other programs administered by CNCS that cost significantly less per member.
CNCS’s Office of Inspector General (OIG) conducted this evaluation to assess the cost effectiveness of NCCC’s program vis-à-vis other CNCS programs with comparable activities, as well as other aspects of its performance. The evaluation focused on FYs 2012 and 2013, supplemented with limited information for FY 2014.
What We Found
Services performed by NCCC cost the taxpayers four to eight times more than the same services by CNCS’s other AmeriCorps programs. Each member’s ten months of service costs $ 29,674 (for FY 2014), more than a year’s tuition, room and board at a public university; for that sum, four individuals could obtain two-year community college degrees.
Yet, despite this substantial investment, NCCC alumni achieve no better long-term outcomes than alumni of AmeriCorps programs that cost a fraction of that amount.
NCCC is not meeting its enrollment capacity and suffers high attrition. In recent years, as many as 27 percent of NCCC members did not fulfill their ten-month service commitments. By contrast, AmeriCorps State and National (ASN) is oversubscribed, and its attrition rates are lower and declining. Moreover, NCCC lacks an effective strategy to recruit and retain disadvantaged youth, as required by statute.
NCCC does not assess programmatic performance objectively or by campus.
NCCC’s disaster deployments are inefficient, in that teams may be brought from distant locations, bypassing available teams nearby.
NCCC can do more to leverage the training of its members by improving pathways to employment and volunteering for alumni.
What We Recommend
To maximize the impact of national service, CNCS leadership and the Congress should reevaluate the appropriate balance between NCCC and other programs that cost the taxpayers substantially less for comparable service activities, and right-size NCCC accordingly.
NCCC should develop a comprehensive recruitment and retention program that does not depend on other Federal programs to refer applicants and provide better support for members experiencing difficulties. The programmatic performance of campuses needs to be assessed objectively, to promote accountability and sharing of successful strategies. Proximity and cost need to be more important in determining which teams will respond to disasters. Given the skills and training that NCCC members receive, the program could improve member outcomes through additional efforts to connect alumni to post-service employment and volunteer opportunities.
An audit of the Corporation for National and Community Service’s financial statements as of September 30, 2016 and 2015, found a recurrent significant deficiency in the Corporation’s internal control over financial reporting. The audit identified the causes of this repeat condition as a lack of governance and oversight, incomplete risk assessment, and inadequate monitoring processes. There were no instances of noncompliance with applicable provisions of laws, regulations, contracts and grant agreements. The Corporation’s financial statements presented fairly in all material respects and consistent with accounting principles generally accepted in the United States of America.
An audit of the Corporation for National and Community Service’s Trust Financial Statements as of September 30, 2016 and 2015 found that the Trust financial statements presented fairly in all material respects and consistent with accounting principles generally accepted in the United States of America.