REPORTS

All Reports can be searched for by key words using the box to the right, or by date range using the tool below. The list below is sorted beginning with the newest.

Statutory Audits

Statutory Audits

Issued on

For the third year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit.  CNCS cured none of the three material weaknesses and one significant deficiency, which were first identified in the FY 2017 audit.  

In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.  The financial statements published by CNCS likely contain widespread material errors and should not be relied upon.

Key audit findings were:

 

  • Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates and incomplete records to support accounting for transactions in accordance with the generally accepted accounting principles.  The independent auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.  In addition, CNCS did not provide the documentation necessary for the auditors to assess the accuracy and completeness of certain year-end balances.
     
  • Material weaknesses and significant deficiency in CNCS’s internal control over financial reporting included:

o    Material Weaknesses:

  • Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements;
     
  • Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from insufficient accounting staff and inadequate internal controls;
     
  • Trust Obligations and Liability Model: There were inconsistencies between the assumptions used and how those assumptions were applied in the estimation of the Trust obligations and liabilities.  The revised Trust model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
     

o    Significant Deficiency:

  • Information Technology Security Controls: Auditors found new and recurring weaknesses in the information security program with respect to configuration management, access control and security management.
     
  • An instance of noncompliance with provisions of laws and regulations with respect to Single Audits, which could have a direct and material effect on financial statement accounts and disclosures.  CNCS did not adequately monitor the effectiveness of nor fully develop performance metrics to track the CNCS single audit monitoring process.

The audit report made 37 recommendations to CNCS, including immediate corrective actions to address pervasive material weaknesses and significant deficiency.

CNCS’s response asserts that it has “invested significant time and effort . . . responding to previous audit recommendations” and “continues to demonstrate its commitment to improving financial management reporting and operations.” Though stating that CNCS “partially concurs with the conditions and recommendations in the report,” CNCS did not respond to specific findings.  The sole exception concerns the National Service Trust, where CNCS’s response reflects a misunderstanding of the auditors’ concern, which CNCS-OIG will remedy. Finally, CNCS notes that it will be migrating to shared services for accounting at the beginning of FY 2021 and “will incorporate [the auditors’] recommendations where appropriate.”

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS’s National Service Trust Fund FY 2019 financial statements, under contract with CNCS-OIG.
 

 

Issued on

Audit of the Corporation for National and Community Service’s (CNCS) Fiscal Year 2019 Consolidated Financial Statements

For the third year in a row, an independent audit of CNCS’s consolidated Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit.  CNCS cured none of the ten material weaknesses and two significant deficiencies from the prior year audit.  Three of the material weaknesses and one significant deficiency were first identified in the FY 2017 audit.  

In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.  The financial statements published by CNCS likely contain widespread material errors and should not be relied upon.
Key audit findings were:

•    Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates and incomplete records to support accounting for transactions in accordance with the generally accepted accounting principles.  The independent auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.  In addition, CNCS did not provide the documentation necessary for the auditors to assess the accuracy and completeness of certain year-end balances.

•    Material weaknesses and significant deficiencies in CNCS’s internal control over financial reporting included:

   Material Weaknesses:   

  • Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific     material line items on the financial statements;
     
  • Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from insufficient accounting staff and inadequate internal controls;
     
  • Trust Obligations and Liability Model: There were inconsistencies between the assumptions used and how those assumptions were applied in the estimation of the Trust obligations and liabilities.  The revised Trust model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
     
  • Grants Accrual Payable and Advances: CNCS excluded estimated “incurred but not reported” costs from the accrued expenses and liability for at least $23.3 million as of June 30, 2019.  It has not validated the method used to calculate the estimate as reasonable;
     
  • Undelivered Orders and Accounts Payable – Procurement: There were flaws in CNCS’s accounts payable accrual methodology.  It also did not have adequate internal controls to ensure the accuracy of obligated balances or to de-obligate stale and invalid obligations related to contracts and purchase orders;
     
  • Property and Equipment: CNCS did not timely capitalize and failed to support its Software-in-Development and tenant improvement amortization costs, including a write-off of $33.8 million dollars for an unsuccessful software development project;
     
  • Undelivered Orders – Grants: Auditors found significant unexplained disparities between CNCS’s accounting records and its grant records  regarding grant expenditures and grant award amounts;
     
  • Recoveries of Prior Year Obligations: CNCS was unable to provide any documentation to support more than half of the sampled transactions; and
     
  • Other Liabilities: CNCS was unable to provide any supporting documentation for approximately $2.4 million reported as of June 30, 2019.

o    Significant Deficiencies:

  • Information Technology Security Controls: Auditors found new and recurring weaknesses in the information security program with respect to configuration management, access control and security management; and
     
  • Accounts Receivable and Allowance for Doubtful Accounts: CNCS did not follow its Debt Management Policy by writing off Accounts Receivable items delinquent for two years or more.

 

  • An instance of noncompliance with provisions of laws and regulations with respect to Single Audits, which could have a direct and material effect on financial statement accounts and disclosures.  CNCS did not adequately monitor the effectiveness of nor fully develop performance metrics to track the CNCS single audit monitoring process.

The audit report made 75 recommendations to CNCS, including immediate corrective actions to address pervasive material weaknesses and significant deficiencies.

CNCS’s response asserts that it has “invested significant time and effort . . . responding to previous audit recommendations” and “continues to demonstrate its commitment to improving financial management reporting and operations.” Though stating that CNCS “partially concurs with the conditions and recommendations in the report,” CNCS did not respond to specific findings.  The sole exception concerns the National Service Trust, where CNCS’s response reflects a misunderstanding of the auditors’ concern, which CNCS-OIG will remedy. Finally, CNCS notes that it will be migrating to shared services for accounting at the beginning of FY 2021 and “will incorporate [the auditors’] recommendations where appropriate.”

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS FY 2019 consolidated financial statements, under contract with CNCS-OIG.

 

Issued on

The Digital Accountability and Transparency Act of 2014 (DATA Act) requires Federal agencies to submit quarterly financial and award data for publication on USASpending.gov. The Office of Management and Budget and Department of Treasury established standards for Federal agencies to use 57 data elements in reporting its financial and award information. The DATA Act also requires the Office of Inspector General (OIG) of each Federal agency to audit a statistically valid sample of the data elements that support the data submitted by its Federal agency. Lastly, the OIG is required to submit a publicly available report to Congress assessing the completeness, accuracy, timeliness, and quality of the data elements sampled; and the implementation and use of the Government‐wide financial data standards by the Federal agency.

The Corporation for National and Community Service (CNCS) was not in compliance with the DATA Act requirements. Its submission of the CNCS’s Fiscal Year 2019 quarter 1 financial and award data to USASpending.gov was not complete as it relates to financial and grant award data elements supporting the submission. CNCS’s financial data records contained errors in certain data elements, as some were incomplete, inaccurate or did not meet required reporting schedules.  We also continued to observe internal control issues and errors that CNCS needs to address to improve the quality of its data and comply with DATA Act requirements. CNCS management concurred with our recommendations to improve those internal control deficiencies.

Issued on

Despite a continuous focus on improving its Improper Payments Elimination and Recovery Act of 2010 (IPERA) compliance program, the Corporation for National and Community Service (CNCS) remains unable to reliably estimate the amount or the rate of improper payments in the AmeriCorps State and National Program (AmeriCorps), Foster Grandparent Program (FGP), Retired and Senior Volunteer Program (RSVP), and Senior Companion Program (SCP). Also, the improper payments information reported in CNCS’s fiscal year (FY) 2018 Annual Management Report is unreliable and incomplete.

CNCS implemented corrective actions to address findings noted in the FY 2017 IPERA audit report and made improvements that resulted in the elimination of certain prior-year findings. As a result of this progress, we are pleased to report that CNCS met an additional Office of Management and Budget (OMB) criterion on conducting program-specific risk assessment for IPERA compliance and fully resolved three prior audit findings in FY 2018.
However, CNCS still failed to meet three of the six OMB IPERA compliance criteria, all of which are recurring from the prior year. Specifically:

  • CNCS did not properly identify improper payments, and the published improper payment estimate is not complete or accurate. Specifically, we noted issues with both the population that CNCS used to select IPERA samples and the manner in which CNCS processed the sample items.
  • CNCS did not meet its annual improper payment reduction targets for the programs. In fact, the rate of improper payments for the four programs in FY 2018 was substantially higher than the rate for FY 2017.
  • CNCS published an improper payment estimate that was greater than the acceptable threshold for IPERA compliance, or ten percent, for these programs.

In summary, we recommend that CNCS fully implement planned programmatic corrective actions in the AmeriCorps, FGP, RSVP, and SCP grant programs; develop a detailed plan to establish realistic reduction targets and implement actions to reduce the improper payment rates below ten percent for FY 2019; and update its sampling and estimation methodology to ensure that its future improper payment estimates are complete and accurate. Overall, CNCS agreed with our recommendations and their proposed corrective actions will address the intent of our recommendations.

 

Issued on

The Corporation for National and Community Service, Office of Inspector General (CNCS-OIG) presents its Fall 2019 Semiannual Report, covering the six-month period of April 1, 2019 – September 30, 2019.

Issued on

We have determined that the Corporation for National and Community Service’s (CNCS’s) information security program is NOT EFFECTIVE.  CNCS has in place the basic information technology policies, procedures and system security documentation needed for effective cybersecurity.  To progress beyond the current maturity level, the Corporation must consistently implement and monitor security controls. We continued to find severe vulnerabilities on the network. CNCS has still not fully implemented baseline security configuration settings specific to the existing information technology environment.  Further, CNCS has not implemented multifactor authentication for information system users and administrators. These gaps limit the protection of CNCS systems and data, and may expose sensitive information, including Personally Identifiable Information (PII), to unauthorized access and use.

The independent IG report offers 25 recommendations to assist CNCS in strengthening its information security program and reach an Effective rating.  CNCS should undertake a strategic analysis of the government-wide metrics and the weaknesses identified in this evaluation, to develop a multi-year approach designed to realize steady, measurable improvements in information security in each of the component areas.  Implementing such a plan will require CNCS to allocate sufficient resources, including staffing, and to be accountable for interim milestones in order to reach an overall Effective rating.

Issued on

For the second year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2018 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS did not cure the three material weaknesses and one significant deficiency identified in the FY 2017 audit. This year, the auditors reported another new material weakness.

 

In layman’s terms, the financial statements were unauditable and likely subject to pervasive material errors. CNCS’s financial transaction recording, processing and reporting are not sufficiently reliable to produce reliable financial statements.

 

Key audit findings were:

  • Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support accounting for transactions in accordance with generally accepted accounting principles. We were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.
     
  • Four material weaknesses and one significant deficiency in CNCS’s internal control over financial reporting. These issues included:
     
    • Material Weaknesses:
      • Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements;
         
      • Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from a system upgrade, accounting staff turnover, and inadequate internal controls;
         
      • Trust Fund Unpaid Obligations: CNCS significantly overstated its Trust obligation balance and obligated substantially more than is necessary to pay its anticipated liabilities; and
         
      • Trust Service Award Liability: The model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
         
    • Significant Deficiency:
      • Information Technology Security Controls: There were new and continued control weaknesses in the information security program that need to be addressed in configuration management, access control and security management.

We made 45 recommendations to CNCS. The recommendations include immediate corrective actions to address pervasive material weaknesses and significant deficiency.

 

CNCS responds that it “does not entirely concur” with the findings and recommendations, but does not specify its disagreements or the basis for them. CNCS provides various reasons aned explanations for the difficulties that it encountered, but the auditors have not audited and cannot validate these explanations.

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS’s National Service Trust Fund FY 2018 financial statements, under contract with CNCS-OIG.

Issued on

For the second year in a row, an independent audit of CNCS’s consolidated Fiscal Year 2018 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS did not cure the four material weaknesses and one significant deficiency identified in the FY 2017 audit. This year, the auditors reported six additional material weaknesses and another significant deficiency.

 

In layman’s terms, the financial statements were unauditable and likely subject to pervasive material errors. CNCS’s financial transaction recording, processing and reporting are not sufficiently reliable to produce reliable financial statements.

 

Key audit findings were:

  • Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support accounting for transactions in accordance with generally accepted accounting principles. We were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.
     
  • Ten material weaknesses and two significant deficiencies in CNCS’s internal control over financial reporting. These issues included:
     
    • Material Weaknesses:
      • Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements;
         
      • Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from a system upgrade, insufficient accounting staff and inadequate internal controls;
         
      • Trust Fund Unpaid Obligations: CNCS significantly overstated its Trust obligation balance and obligated substantially more than is necessary to pay its anticipated liabilities;
         
      • Trust Service Award Liability: The model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
         
      • Grants Accrual Payable and Advances: Key assumptions underlying this estimate are not validated and properly documented based on historical data analysis and grantees’ actual spending patterns;
         
      • Undelivered Orders and Accounts Payable – Procurement: CNCS did not have adequate internal controls to ensure the accuracy of obligated balances and to de-obligate stale and invalid obligations related to contracts and purchase orders;
         
      • Property and Equipment: CNCS did not timely capitalize its Internal Use Software at interim financial reporting periods;
         
      • Undelivered Orders – Grants: There were unexplained disparities between various grant and financial management systems within CNCS regarding grant expenditures and grant award amounts; grants were not timely closed-out;
         
      • Recoveries of Prior Year Obligations: CNCS was unable to provide any documentation to support about one-third of the sampled transactions; and
         
      • Other Liabilities: CNCS was unable to provide any supporting documentation for approximately $14 million of the $20 million balance reported as of June 30, 2018.
         
    • Significant Deficiencies:
       

      • Information Technology Security Controls: There were new and continued control weaknesses in the information security program that need to be addressed in configuration management, access control and security management; and
         
      • Accounts Receivable and Allowance for Doubtful Accounts: CNCS did not follow its Debt Management Policy by writing off Accounts Receivable items delinquent for two years or more.

 

We made 70 recommendations to CNCS. The recommendations include immediate corrective actions to address pervasive material weaknesses and significant deficiencies.

 

CNCS responds that it “does not entirely concur” with the findings and recommendations, but does not specify its disagreements or the basis for them. CNCS provides various reasons and explanations for the difficulties that it encountered, but the auditors have not audited and cannot validate these explanations.

 

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS fiscal year 2018 consolidated financial statements, under contract with CNCS-OIG.

Issued on

CNCS has devoted significant resources to improving cybersecurity over the past few years, with meaningful progress.  Although its information security program is not yet sufficiently mature, it can reach effectiveness with continued effort and investment.

Achieving effectiveness will require attention to weaknesses that pose significant risks to information security.  Our 2017 evaluation found inadequacies in risk management, configuration management, identity and access management, information security continuous monitoring, and contingency planning.  Enforcement of information security is inconsistent across the enterprise, with field components remaining especially vulnerable. These continuing vulnerabilities leave CNCS operations and assets at risk of unauthorized access, misuse and disruption. Our report offers 34 recommendations to address the identified weaknesses and assist CNCS in strengthening its information security program.  Eight of the recommendations relate to prior findings that have not been completely addressed by CNCS. 

Issued on

We issued a disclaimer of opinion on the consolidated financial statements of the Corporation for National and Community Service (CNCS) as of September 30, 2017 and for the year then ended. Key audit findings were:

  • CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support transactions in accordance with generally accepted accounting principles. Auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion (disclaimer);
  • Four material weaknesses (Financial Reporting; Trust Fund Unpaid Obligations; Trust Service Award Liability Model; Grants Accrual Payable and Advance) and one significant deficiency (Information Technology Security Controls) in CNCS’s internal control over financial reporting;
  • No instances of noncompliance with applicable provisions of laws, regulations, contracts, and grant agreements.

Had the scope of the auditors work been sufficient to enable them to express an opinion on the CNCS consolidated financial statements, other material weaknesses or significant deficiencies, or noncompliance or other matters may have been identified and reported.

Issued on

CNCS did not fully comply with the DATA Act due to weaknesses in its existing financial reporting system (internal control over source systems) and internal control weaknesses within financial reporting, data management, and data reporting processes.  CNCS did not submit complete, timely, quality, and accurate financial and award data for the FY 2017 second quarter.  The Corporation continues to grapple with the implementation challenges previously reported in the readiness review, as well as new challenges identified by this performance audit.

Issued on

For the sixth consecutive year, the Corporation for National and Community Service (CNCS or the Corporation) did not comply with the Improper Payments Elimination and Recovery Act of 2010, as amended (IPERA), applicable Executive Orders and authoritative implementation guidance from Office of Management and Budget (OMB) in assessing and reporting in its FY 2016 Agency Financial Report (AFR) information concerning improper payments in CNCS programs. The Corporation has acknowledged that it did not meet its obligations in this area.

Issued on

This memorandum summarizes the results of our readiness review of the implementation of the Digital Accountability and Transparency Act of 2014 (DATA Act) at the Corporation for National and Community Service (the Corporation or the Agency). The objective of this review was to assess the Corporation's efforts and implementation plans to report financial and payment data in accordance with the requirements of the DATA Act. The Office of Inspector General (CNCSOIG) conducted this review between May 2016 and October 2016.

Issued on

The Corporation for National and Community Service (the Corporation or CNCS) has made significant progress in addressing the information security and privacy weaknesses identified in last year’s Federal Information Security Modernization Act of 2014 (FISMA) evaluation, resolving eight of 17 findings from FY 2015 and closing 67 of 90 recommendations open from prior years. CNCS has improved and updated its policies and procedures for key security program areas, e.g., information security continuous monitoring (ISCM), risk management and Plan of Action and Milestones (POA&M) management. It has also entered into new service level agreements with the information technology (IT) contractor that manages the Corporation’s desktops, servers and network infrastructure. These improvements led evaluators to reduce the severity of two previous program weaknesses from Significant Deficiencies to Control Deficiencies. Evaluators determined that the Corporation implemented improvements to close all seven recommendations related to privacy controls for protection of personally identifiable information (PII).

Nevertheless, much work remains to make information security fully effective at CNCS. The FY 2016 FISMA evaluation uncovered two new weaknesses relating to: (1) secure configuration management policies, procedures and practices; and (2) monitoring and remediation of server backup failures. CNCS’s ISCM and Incident Response Program are rated at Level 2: Defined on a maturity scale that ranges from Level 1: Ad hoc to Level 5: Optimized. Of the 57 security metrics in the remaining areas, testing identified 25 instances of noncompliance with applicable laws, regulations and authoritative guidance governing information security.

Issued on

An audit of the Corporation for National and Community Service’s financial statements as of September 30, 2016 and 2015, found a recurrent significant deficiency in the Corporation’s internal control over financial reporting. The audit identified the causes of this repeat condition as a lack of governance and oversight, incomplete risk assessment, and inadequate monitoring processes.  There were no instances of noncompliance with applicable provisions of laws, regulations, contracts and grant agreements.  The Corporation’s financial statements presented fairly in all material respects and consistent with accounting principles generally accepted in the United States of America.