Reports: Audit

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, to estimate the rate and amount of improper payments in agency programs, and to report on their actions to reduce and recover those payments.

The evaluation of AmeriCorps grants awarded to the Maine Commission for Community Service (the Commission) and one of its 14 subgrantees (LearningWorks) identified questioned Federal costs of $254,014, questioned match costs of $592,737, and compliance findings, covering the three years beginning January 1, 2016.

The information security program of the Corporation for National and Community Service, now called AmeriCorps, remains Not Effective and has shown little progress over the past four years. While AmeriCorps has demonstrated some improvement on configuration management, key areas of organization-wide risk management strategy, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management have remained stagnant at a low level of maturity.

The audit of a CNCS Social Innovation Fund award to Youthprise and four of its six subgrantees (Amherst H. Wilder Foundation, MIGIZI Communications, Sauk-Rapids Rice, and Guadalupe Alternative Programs) identified questioned Federal costs of $626,099, questioned match costs of $990,137, and compliance findings. These costs tested were incurred between August 1, 2016 and June 30, 2018. Most of the questioned costs identified were associated with (1) Youthprise improperly awarding sole-source contracts; and (2) subgrantees’ timekeeping deficiencies.

Despite continuing work to improve its Improper Payments Elimination and Recovery Act (IPERA) compliance program, the Corporation for National and Community Service (CNCS) did not meet three of the six IPERA compliance criteria, unchanged from FY 2018. Specifically, CNCS was unable to reliably estimate the amount or the rate of improper payments in the AmeriCorps State and National Program, the Foster Grandparent Program (FGP), the Senior Companion Program, and the Retired and Senior Volunteer Program (RSVP).

The information security program of the Corporation for National and Community Service (CNCS) has been assessed as not effective with little progress over the past three years. While security training remains an area of strength at CNCS, performance in this area is outweighed by the substantial risks resulting from the continuing control weaknesses in configuration management, identity, and access management, and data protection and privacy.

For the third year in a row, an independent audit of CNCS’s consolidated Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS cured none of the ten material weaknesses and two significant deficiencies from the prior year audit. Three of the material weaknesses and one significant deficiency were first identified in the FY 2017 audit. In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.

For the third year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS cured none of the three material weaknesses and one significant deficiency, which were first identified in the FY 2017 audit. In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.

The audit of an AmeriCorps grant awarded directly from the Corporation for National and Community Service (CNCS) to the St. Bernard Project (SBP) identified questioned Federal costs of $53,490, questioned match costs of $51,246, and compliance findings. These costs were incurred between April 1, 2016, and March 31, 2018. Most of the questioned costs were due to (1) inadequate payroll records, (2) untimely National Service Criminal History Checks (NSCHCs), and (3) an unallowable fine. SBP concurred with most of the findings and questioned costs and began taking corrective actions.

The Digital Accountability and Transparency Act of 2014 (DATA Act) requires Federal agencies to submit quarterly financial and award data for publication on USASpending.gov. The Office of Management and Budget and Department of Treasury established standards for Federal agencies to use 57 data elements in reporting its financial and award information. The DATA Act also requires the Office of Inspector General (OIG) of each Federal agency to audit a statistically valid sample of the data elements that support the data submitted by its Federal agency.