Reports: Audit

Since Fiscal Year (FY) 2017, AmeriCorps has not obtained an audit opinion on its financial statements. In FY 2021, independent auditors found nine material weaknesses and one significant deficiency, resulting in a total of 73 recommendations. In addition, each of AmeriCorps Office of Inspector General’s (OIG) annual Federal Information Security Modernization Act of 2014 (FISMA) evaluations since FY 2017 concluded that AmeriCorps’ cybersecurity and privacy program is ineffective. AmeriCorps has made little progress in implementing the 41 FISMA recommendations.

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually. AmeriCorps implemented corrective actions in FY 2021 that improved its compliance with PIIA reporting requirements.

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $356 million. Since FY 2017, independent auditors have declined to issue an opinion on the financial statements of AmeriCorps and the National Service Trust.

Since FY 2017, independent auditors have declined to issue an opinion on AmeriCorps’ financial statements. This year, they again issued a disclaimer of opinion, reporting nine material weaknesses and one significant deficiency. Eight of the material weaknesses are recurring, three of them since FY 2017 and five since FY 2018. AmeriCorps acknowledged at the beginning of the audit that it had not made progress in addressing five of the material weaknesses and requested that they be excluded from the scope of the audit.

AmeriCorps submits quarterly grant and procurement award data for publication on USASpending.gov as required by the Digital Accountability and Transparency Act of 2014 (DATA Act). The Office of Management and Budget (OMB) and Department of Treasury (Treasury) established standards for Federal agencies to use 59 data elements in reporting its financial and award information. Periodically, the AmeriCorps Office Inspector General (OIG) audits the agency’s spending data to assess its completeness, accuracy, timeliness, and quality, as well as its adherence to the government-wide data standards.

Beginning in FY 2017, independent auditors have been unable to render an opinion on the consolidated financial statements of AmeriCorps and the National Service Trust. The audits resulted in disclaimers of opinion and identified numerous material weaknesses that remained uncorrected.

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, to estimate the rate and amount of improper payments in agency programs, and to report on their actions to reduce and recover those payments.

The information security program of the Corporation for National and Community Service, now called AmeriCorps, remains Not Effective and has shown little progress over the past four years. While AmeriCorps has demonstrated some improvement on configuration management, key areas of organization-wide risk management strategy, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management have remained stagnant at a low level of maturity.

The audit of a CNCS Social Innovation Fund award to Youthprise and four of its six subgrantees (Amherst H. Wilder Foundation, MIGIZI Communications, Sauk-Rapids Rice, and Guadalupe Alternative Programs) identified questioned Federal costs of $626,099, questioned match costs of $990,137, and compliance findings. These costs tested were incurred between August 1, 2016 and June 30, 2018. Most of the questioned costs identified were associated with (1) Youthprise improperly awarding sole-source contracts; and (2) subgrantees’ timekeeping deficiencies.