Reports: Audit

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2022 that improved its compliance with PIIA reporting requirements.

The fiscal year 2022 FISMA evaluation concluded that AmeriCorps’ information security program remains ineffective. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) mobile devices, (2) IT asset inventory management, (3) vulnerability and patch management program, (4) Personal Identity Verification (PIV) multifactor authentication, (5) performance measures, (6) security assessments and (7) contingency planning.

In accordance with the Government Charge Card Abuse Prevention Act of 2012), AmeriCorps, a Federal grant-making agency, is responsible for establishing and maintaining safeguards and internal controls for its government card program. The government card program is composed of purchase cards used by AmeriCorps personnel to purchase commercial goods and services, and travel cards used for official government travel expenses. In FY 2021, AmeriCorps transitioned its financial operations to a shared service platform offered by the Administrative Resource Center (ARC) within the U.S.

AmeriCorps has been unable to produce auditable financial statements for the last six years. This year, independent auditors again issued a disclaimer of opinion, reporting 12 material weaknesses and two significant deficiencies. Ten of the material weaknesses are recurring, four of them since FY 2017, five since FY 2018, and one since FY 2021. The auditors reported two new material weaknesses: (1) Knowledge Gap throughout Financial Management Operations and (2) Advances from Others. Further, the financial statements and accompanying notes were not in accordance with U.S.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $340 million. AmeriCorps has been unable to produce auditable financial statements for the last six years. This year, independent auditors again issued a disclaimer of opinion, reporting six material weaknesses and one significant deficiency.

AmeriCorps’ security program has not been effective in accordance with Federal Information Security Management Act (FISMA) since Fiscal Year 2017. In order to determine its current status, AmeriCorps OIG engaged an independent certified public accounting firm to conduct an internal penetration test of AmeriCorps’ network. The independent auditors tested AmeriCorps’ network to evaluate the effectiveness of its information security program and to identify areas of weakness.

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2021 that improved its compliance with PIIA reporting requirements.

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations.

Since FY 2017, independent auditors have declined to issue an opinion on AmeriCorps’ financial statements. This year, they again issued a disclaimer of opinion, reporting nine material weaknesses and one significant deficiency. Eight of the material weaknesses are recurring, three of them since FY 2017 and five since FY 2018. AmeriCorps acknowledged at the beginning of the audit that it had not made progress in addressing five of the material weaknesses and requested that they be excluded from the scope of the audit.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $356 million. Since FY 2017, independent auditors have declined to issue an opinion on the financial statements of AmeriCorps and the National Service Trust.