U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Reports: Audit

FISCAL Year 2023 Federal Information Security Modernization Act Evaluation of AmeriCorps

Report Number
OIG-EV-23-08

The fiscal year 2023 FISMA evaluation concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2023. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) Inventory management, (2) vulnerability and patch management program, (3) unsupported software, (4) authorization packages, (5) incident response plan, (6) logging and (7) contingency planning.

Inspection / Evaluation

Performance Audit of AmeriCorps Seniors Grantees’ Financial Management Systems

Report Number
OIG-AR-23-06

The audit of 15 AmeriCorps Seniors grantees found that their financial management systems did not comply with Federal regulations and grant terms and conditions. As a result of these deficiencies, we identified $268,627 in questioned Federal costs and $377,199 in non-compliant match costs reported on AmeriCorps grants. AmeriCorps waived match requirements for AmeriCorps Seniors grants during the COVID-19 pandemic, which was within our audit scope, so we could not question the $377,199 in unsupported match costs.

Audit

Performance Audit of AmeriCorps’ Compliance with the Payment Integrity Information Act of 2019 (PIIA) for Fiscal Year 2022

Report Number
AR-23-05

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2022 that improved its compliance with PIIA reporting requirements.

Audit

Fiscal Year 2022 Federal Information Security Modernization Act (FISMA) Evaluation of AmeriCorps

Report Number
OIG-EV-23-03

The fiscal year 2022 FISMA evaluation concluded that AmeriCorps’ information security program remains ineffective. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) mobile devices, (2) IT asset inventory management, (3) vulnerability and patch management program, (4) Personal Identity Verification (PIV) multifactor authentication, (5) performance measures, (6) security assessments and (7) contingency planning.

Inspection / Evaluation

Performance Audit of AmeriCorps' Charge Card Program for Fiscal Year 2021

Report Number
OIG-AR-23-04

In accordance with the Government Charge Card Abuse Prevention Act of 2012), AmeriCorps, a Federal grant-making agency, is responsible for establishing and maintaining safeguards and internal controls for its government card program. The government card program is composed of purchase cards used by AmeriCorps personnel to purchase commercial goods and services, and travel cards used for official government travel expenses. In FY 2021, AmeriCorps transitioned its financial operations to a shared service platform offered by the Administrative Resource Center (ARC) within the U.S.

Audit

Audit of AmeriCorps’ Fiscal Year 2022 Consolidated Financial Statements

Report Number
OIG-AR-23-01

AmeriCorps has been unable to produce auditable financial statements for the last six years. This year, independent auditors again issued a disclaimer of opinion, reporting 12 material weaknesses and two significant deficiencies. Ten of the material weaknesses are recurring, four of them since FY 2017, five since FY 2018, and one since FY 2021. The auditors reported two new material weaknesses: (1) Knowledge Gap throughout Financial Management Operations and (2) Advances from Others. Further, the financial statements and accompanying notes were not in accordance with U.S.

Audit

Audit of AmeriCorps’ Fiscal Year 2022 National Service Trust Fund Financial Statements

Report Number
OIG-AR-23-02

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $340 million. AmeriCorps has been unable to produce auditable financial statements for the last six years. This year, independent auditors again issued a disclaimer of opinion, reporting six material weaknesses and one significant deficiency.

Audit

AmeriCorps’ Penetration Testing and Phishing Campaign Evaluation

AmeriCorps’ security program has not been effective in accordance with Federal Information Security Management Act (FISMA) since Fiscal Year 2017. In order to determine its current status, AmeriCorps OIG engaged an independent certified public accounting firm to conduct an internal penetration test of AmeriCorps’ network. The independent auditors tested AmeriCorps’ network to evaluate the effectiveness of its information security program and to identify areas of weakness.

Inspection / Evaluation

Performance Audit of AmeriCorps’ Compliance with the Payment Integrity Information Act of 2019 (PIIA) for Fiscal Year 2021

Report Number
OIG-AR-22-04

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2021 that improved its compliance with PIIA reporting requirements.

Audit

Fiscal Year 2021 Federal Information Security Modernization Act Evaluation of AmeriCorps

Report Number
OIG-EV-22-03

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations.

Inspection / Evaluation