U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

All Reports

Office of Inspector General Assessment of AmeriCorps' Financial Statement Audit and Cybersecurity Corrective Action Plans

Report Number
OIG-SR-22-05

Since Fiscal Year (FY) 2017, AmeriCorps has not obtained an audit opinion on its financial statements. In FY 2021, independent auditors found nine material weaknesses and one significant deficiency, resulting in a total of 73 recommendations. In addition, each of AmeriCorps Office of Inspector General’s (OIG) annual Federal Information Security Modernization Act of 2014 (FISMA) evaluations since FY 2017 concluded that AmeriCorps’ cybersecurity and privacy program is ineffective. AmeriCorps has made little progress in implementing the 41 FISMA recommendations.

Review

Office of Inspector General Assessment of AmeriCorps' Financial Statement Audit and Cybersecurity Corrective Action Plans

Report Number
OIG-SR-22-05

Since Fiscal Year (FY) 2017, AmeriCorps has not obtained an audit opinion on its financial statements. In FY 2021, independent auditors found nine material weaknesses and one significant deficiency, resulting in a total of 73 recommendations. In addition, each of AmeriCorps Office of Inspector General’s (OIG) annual Federal Information Security Modernization Act of 2014 (FISMA) evaluations since FY 2017 concluded that AmeriCorps’ cybersecurity and privacy program is ineffective. AmeriCorps has made little progress in implementing the 41 FISMA recommendations.

Audit

Performance Audit of AmeriCorps’ Compliance with the Payment Integrity Information Act of 2019 (PIIA) for Fiscal Year 2021

Report Number
OIG-PA-22-04

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2021 that improved its compliance with PIIA reporting requirements.

Audit

Fiscal Year 2021 Federal Information Security Modernization Act Evaluation of AmeriCorps

Report Number
OIG-EV-22-03

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations.

Audit