Audits, Evaluations and Reviews

The audit of a CNCS Social Innovation Fund award to Youthprise and four of its six subgrantees (Amherst H. Wilder Foundation, MIGIZI Communications, Sauk-Rapids Rice, and Guadalupe Alternative Programs) identified questioned Federal costs of $626,099, questioned match costs of $990,137, and compliance findings.  These costs tested were incurred between August 1, 2016 and June 30, 2018.  Most of the questioned costs identified were associated with (1) Youthprise improperly awarding sole-source contracts; and (2) subgrantees’ timekeeping deficiencies.  
Overall, CNCS’s proposed actions addressed our recommendations.  CNCS disagreed with five of 14 recommendations due to the grant period ending and the absence of future funding.  CNCS has committed to monitoring Youthprise’s compliance with Federal regulations for future grants – which satisfies the intent of these recommendations.

Also, Youthprise and its subgrantees took corrective actions to improve controls over monitoring contractors; implemented a new timekeeping system and engaged CNCS preferred vendors to enhance its compliance with National Service Criminal History Checks.

Despite continuing work to improve its Improper Payments Elimination and Recovery Act (IPERA) compliance program, the Corporation for National and Community Service (CNCS) did not meet three of the six IPERA compliance criteria, unchanged from FY 2018. Specifically, CNCS was unable to reliably estimate the amount or the rate of improper payments in the AmeriCorps State and National Program, the Foster Grandparent Program (FGP), the Senior Companion Program, and the Retired and Senior Volunteer Program (RSVP). Further, CNCS has not met its targets for reducing improper payments, nor has it achieved a rate of improper payments below the ten percent threshold required to comply with IPERA. The rate of improper payments in each of the four programs was higher than in FY 2018, with substantial increases in RSVP and FGP. 

CNCS has developed a vendor solution to improve grantees’ performance of required criminal history checks—the primary root cause of its improper payments—but this corrective action occurred too late to affect this year’s results. CNCS expects that use of the vendor will reduce the improper payment rates beginning in FY 2020. 

In summary, we recommend that CNCS fully implement planned programmatic corrective actions in the four programs; develop a detailed plan to establish realistic reduction targets and implement actions to reduce the improper payment rates below ten percent for FY 2020; and update its sampling and estimation methodology to ensure that its future improper payment estimates are complete and accurate.

CNCS agreed with the majority of our recommendations to improve corrective actions, reporting mechanisms, mandatory training, and the reliability of its statistical estimate, important steps toward reducing its improper payment rates in the four grant programs. CNCS disagreed with our recommendations to improve its current treatment of unmatched reporting errors and zero-dollar transactions and a desired precision based upon its anticipated improper payment rates. We adhere to our recommendations.

CNCS provided a corrective action plan to respond to the audit findings and recommendations that they concurred with, attached in Appendix D in the report. 
 

The information security program of the Corporation for National and Community Service (CNCS) has been assessed as not effective with little progress over the past three years. While security training remains an area of strength at CNCS, performance in this area is outweighed by the substantial risks resulting from the continuing control weaknesses in configuration management, identity, and access management, and data protection and privacy. For example, the CNCS network continues to be exposed to critical and high severity vulnerabilities stemming from un-patched software, improper configuration settings, and unsupported software. These types of gaps limit the protection of CNCS’s systems and data and may expose sensitive information, including Personally Identifiable Information, to unauthorized access and use.

Our report offers 33 recommendations (22 new, 3 modified, and 8 repeats), which if implemented, will assist CNCS in addressing challenges in its development of a mature and effective information security program. Also, we again recommend that CNCS complete a strategic analysis of the government-wide metrics and the weaknesses identified in this evaluation, to develop a multi-year approach designed to realize steady, measurable improvements in information security in each of the domains and security function areas. Implementing such a plan will require CNCS to allocate sufficient resources, including staffing, and to be accountable for interim milestones, in order to reach an overall effective rating.

For the third year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit.  CNCS cured none of the three material weaknesses and one significant deficiency, which were first identified in the FY 2017 audit.  

In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.  The financial statements published by CNCS likely contain widespread material errors and should not be relied upon.

Key audit findings were:

Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates and incomplete records to support accounting for transactions in accordance with the generally accepted accounting principles.  The independent auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.  In addition, CNCS did not provide the documentation necessary for the auditors to assess the accuracy and completeness of certain year-end balances.
 

Material weaknesses and significant deficiency in CNCS’s internal control over financial reporting included:

Material Weaknesses:

Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements;
 

Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from insufficient accounting staff and inadequate internal controls;
 

Trust Obligations and Liability Model: There were inconsistencies between the assumptions used and how those assumptions were applied in the estimation of the Trust obligations and liabilities.  The revised Trust model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
 

Significant Deficiency:

Information Technology Security Controls: Auditors found new and recurring weaknesses in the information security program with respect to configuration management, access control and security management.
 

An instance of noncompliance with provisions of laws and regulations with respect to Single Audits, which could have a direct and material effect on financial statement accounts and disclosures.  CNCS did not adequately monitor the effectiveness of nor fully develop performance metrics to track the CNCS single audit monitoring process.

The audit report made 37 recommendations to CNCS, including immediate corrective actions to address pervasive material weaknesses and significant deficiency.

CNCS’s response asserts that it has “invested significant time and effort . . . responding to previous audit recommendations” and “continues to demonstrate its commitment to improving financial management reporting and operations.” Though stating that CNCS “partially concurs with the conditions and recommendations in the report,” CNCS did not respond to specific findings.  The sole exception concerns the National Service Trust, where CNCS’s response reflects a misunderstanding of the auditors’ concern, which CNCS-OIG will remedy. Finally, CNCS notes that it will be migrating to shared services for accounting at the beginning of FY 2021 and “will incorporate [the auditors’] recommendations where appropriate.”

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS’s National Service Trust Fund FY 2019 financial statements, under contract with CNCS-OIG.
 

Audit of the Corporation for National and Community Service’s (CNCS) Fiscal Year 2019 Consolidated Financial Statements

For the third year in a row, an independent audit of CNCS’s consolidated Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit.  CNCS cured none of the ten material weaknesses and two significant deficiencies from the prior year audit.  Three of the material weaknesses and one significant deficiency were first identified in the FY 2017 audit.  

In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities.  The financial statements published by CNCS likely contain widespread material errors and should not be relied upon.

Key audit findings were:

Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates and incomplete records to support accounting for transactions in accordance with the generally accepted accounting principles.  The independent auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.  In addition, CNCS did not provide the documentation necessary for the auditors to assess the accuracy and completeness of certain year-end balances.

Material weaknesses and significant deficiencies in CNCS’s internal control over financial reporting included:

Material Weaknesses:   

Internal Controls Program: The system of internal controls failed to identify numerous and   pervasive material weaknesses that the auditors found in financial reporting and in specific  material line items on the financial statements;
 

Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from insufficient accounting staff and inadequate internal controls;
 

Trust Obligations and Liability Model: There were inconsistencies between the assumptions used and how those assumptions were applied in the estimation of the Trust obligations and liabilities.  The revised Trust model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability;
 

Grants Accrual Payable and Advances: CNCS excluded estimated “incurred but not reported” costs from the accrued expenses and liability for at least $23.3 million as of June 30, 2019.  It has not validated the method used to calculate the estimate as reasonable;
 

Undelivered Orders and Accounts Payable – Procurement: There were flaws in CNCS’s accounts payable accrual methodology.  It also did not have adequate internal controls to ensure the accuracy of obligated balances or to de-obligate stale and invalid obligations related to contracts and purchase orders;
 

Property and Equipment: CNCS did not timely capitalize and failed to support its Software-in-Development and tenant improvement amortization costs, including a write-off of $33.8 million dollars for an unsuccessful software development project;
 

Undelivered Orders – Grants: Auditors found significant unexplained disparities between CNCS’s accounting records and its grant records  regarding grant expenditures and grant award amounts;
 

Recoveries of Prior Year Obligations: CNCS was unable to provide any documentation to support more than half of the sampled transactions; and
 

Other Liabilities: CNCS was unable to provide any supporting documentation for approximately $2.4 million reported as of June 30, 2019.

Significant Deficiencies:

Information Technology Security Controls: Auditors found new and recurring weaknesses in the information security program with respect to configuration management, access control and security management; and
 

Accounts Receivable and Allowance for Doubtful Accounts: CNCS did not follow its Debt Management Policy by writing off Accounts Receivable items delinquent for two years or more.

An instance of noncompliance with provisions of laws and regulations with respect to Single Audits, which could have a direct and material effect on financial statement accounts and disclosures.  CNCS did not adequately monitor the effectiveness of nor fully develop performance metrics to track the CNCS single audit monitoring process.

The audit report made 75 recommendations to CNCS, including immediate corrective actions to address pervasive material weaknesses and significant deficiencies.

CNCS’s response asserts that it has “invested significant time and effort . . . responding to previous audit recommendations” and “continues to demonstrate its commitment to improving financial management reporting and operations.” Though stating that CNCS “partially concurs with the conditions and recommendations in the report,” CNCS did not respond to specific findings.  The sole exception concerns the National Service Trust, where CNCS’s response reflects a misunderstanding of the auditors’ concern, which CNCS-OIG will remedy. Finally, CNCS notes that it will be migrating to shared services for accounting at the beginning of FY 2021 and “will incorporate [the auditors’] recommendations where appropriate.”

The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS FY 2019 consolidated financial statements, under contract with CNCS-OIG.

The audit of an AmeriCorps grant awarded directly from the Corporation for National and Community Service (CNCS) to the St. Bernard Project (SBP) identified questioned Federal costs of $53,490, questioned match costs of $51,246, and compliance findings.  These costs were incurred between April 1, 2016, and March 31, 2018.  Most of the questioned costs were due to (1) inadequate payroll records, (2) untimely National Service Criminal History Checks (NSCHCs), and (3) an unallowable fine.  

SBP concurred with most of the findings and questioned costs and began taking corrective actions.  SBP implemented the CNCS’s approved vendor, Truescreen, to perform it NSCHCs.  CNCS management concurred with the recommendations and stated it will resolve the questioned costs during audit resolution.

The Digital Accountability and Transparency Act of 2014 (DATA Act) requires Federal agencies to submit quarterly financial and award data for publication on USASpending.gov. The Office of Management and Budget and Department of Treasury established standards for Federal agencies to use 57 data elements in reporting its financial and award information. The DATA Act also requires the Office of Inspector General (OIG) of each Federal agency to audit a statistically valid sample of the data elements that support the data submitted by its Federal agency. Lastly, the OIG is required to submit a publicly available report to Congress assessing the completeness, accuracy, timeliness, and quality of the data elements sampled; and the implementation and use of the Government‐wide financial data standards by the Federal agency.

The Corporation for National and Community Service (CNCS) was not in compliance with the DATA Act requirements. Its submission of the CNCS’s Fiscal Year 2019 quarter 1 financial and award data to USASpending.gov was not complete as it relates to financial and grant award data elements supporting the submission. CNCS’s financial data records contained errors in certain data elements, as some were incomplete, inaccurate or did not meet required reporting schedules.  We also continued to observe internal control issues and errors that CNCS needs to address to improve the quality of its data and comply with DATA Act requirements. CNCS management concurred with our recommendations to improve those internal control deficiencies.

The agreed-upon procedures review of AmeriCorps grant funds awarded to the Delaware Governor’s Commission on Community and Volunteer Service (DGCCVS), and two subgrantees, Division of Parks and Recreation and Reading Assist Institute, identified questioned Federal costs of $11,463, questioned match costs of $46,380, questioned education awards and interest forbearance of $8,721 and compliance findings. The costs tested were incurred between April 1, 2016, and March 31, 2018. Most of the questioned costs identified were associated with (1) food and beverages that were not adequately disclosed in the budget, and (2) full-term members who were changed to less than full-time without required DGCCVS approvals.

DGCCVS concurred with most of the compliance findings but generally disagreed with the recommended amount of questioned costs. CNCS management concurred with most of the recommendations and stated it will resolve the questioned costs during audit resolution.

We engaged a contract audit firm to conduct an audit of the VISTA grant awarded to Conservation Legacy. The auditors found 40 percent of the VISTA projects tested were not sustained, which was similar to the finding in OIG report 18-12, VISTA Program Evaluation. In that report, the Office of Inspector General recommended the Corporation for National and Community Service (CNCS) define sustainability and improve VISTA monitoring. In response to the VISTA Evaluation and in its March 11, 2019, Management Decision, CNCS concurred with these recommendations and included the corrective actions in process or completed. Therefore, there are no recommendations in this audit report.

In its response to the draft report, Conservation Legacy stated it was pleased the report did not contain findings. The grantee noted it is committed to improving the sustainability of the projects and looks forward to continuing to provide economically challenged communities with resources to help tackle pressing issues of poverty.

Despite a continuous focus on improving its Improper Payments Elimination and Recovery Act of 2010 (IPERA) compliance program, the Corporation for National and Community Service (CNCS) remains unable to reliably estimate the amount or the rate of improper payments in the AmeriCorps State and National Program (AmeriCorps), Foster Grandparent Program (FGP), Retired and Senior Volunteer Program (RSVP), and Senior Companion Program (SCP). Also, the improper payments information reported in CNCS’s fiscal year (FY) 2018 Annual Management Report is unreliable and incomplete.

CNCS implemented corrective actions to address findings noted in the FY 2017 IPERA audit report and made improvements that resulted in the elimination of certain prior-year findings. As a result of this progress, we are pleased to report that CNCS met an additional Office of Management and Budget (OMB) criterion on conducting program-specific risk assessment for IPERA compliance and fully resolved three prior audit findings in FY 2018.
However, CNCS still failed to meet three of the six OMB IPERA compliance criteria, all of which are recurring from the prior year. Specifically:

• CNCS did not properly identify improper payments, and the published improper payment estimate is not complete or accurate. Specifically, we noted issues with both the population that CNCS used to select IPERA samples and the manner in which CNCS processed the sample items.
• CNCS did not meet its annual improper payment reduction targets for the programs. In fact, the rate of improper payments for the four programs in FY 2018 was substantially higher than the rate for FY 2017.
• CNCS published an improper payment estimate that was greater than the acceptable threshold for IPERA compliance, or ten percent, for these programs.

In summary, we recommend that CNCS fully implement planned programmatic corrective actions in the AmeriCorps, FGP, RSVP, and SCP grant programs; develop a detailed plan to establish realistic reduction targets and implement actions to reduce the improper payment rates below ten percent for FY 2019; and update its sampling and estimation methodology to ensure that its future improper payment estimates are complete and accurate. Overall, CNCS agreed with our recommendations and their proposed corrective actions will address the intent of our recommendations.

The agreed-upon procedures review of AmeriCorps grant funds awarded to the Serve Guam Commission and two subgrantees, Sanctuary Incorporated and Guam Homeland Security, identified questioned Federal costs of $14,447, questioned match costs of $18,761, and compliance findings.  Most of the questioned costs identified were caused by inadequate pre-award evaluations and post-award monitoring.  The costs tested were incurred between January 1, 2016 and June 30, 2018.

The Serve Guam Commission concurred with most of the findings and is working on corrective actions.  CNCS management also concurred with most of the recommendations and stated it will resolve the questioned costs during audit resolution.

We engaged a contract audit firm to conduct an Agreed-Upon Procedures review of selected AmeriCorps grant awards issued to Conservation Legacy, to include AmeriCorps Grants awarded by CNCS and the Corps Network, a nonprofit entity that received grant awards through CNCS. The auditors did not question any claimed Federal costs, match costs, or member education awards, or identify any compliance findings.

In its response to the draft report, Conservation Legacy stated that it concurred with the AUP scope, accepted the report, and took pride in its management of Federal funds. Conservation Legacy also thanked the CNCS staff who helped ensure that its policies and procedures comply with Federal regulations and requirements. CNCS did not provide a formal response to the report but shared that it was pleased with the AUP results and the work of the CNCS and Conservation Legacy staff that contributed to the results.

The Office of Inspector General for the Corporation for National and Community Service (CNCS or the Corporation) issued a Management Alert regarding serious risks arising from CNCS’s self-imposed rapid timeline to reorganize the Corporation’s current structure and alter its core grantmaking and grant management business practices.  The reorganization to a regional structure will involve at least 40 percent turnover in grant and program staff over the next 13 months.  Executing this reorganization while simultaneously attempting much-needed reforms to CNCS’s core business infrastructure—developing information technology sufficient to support grant management; preparing and testing an effective grant risk model and aligned cost-effective monitoring activities; achieving reliable financial management, accounting and reporting; and establishing effective cybersecurity—overestimates the Corporation’s capacities, in light of its resource limitations and lack of success in prior reform attempts.

Despite the Corporation’s efforts, it has been unable to achieve these improvements over the last several years, without the added stress of a major structural overhaul.  The decision to undertake these critical infrastructure upgrades while simultaneously regionalizing grantmaking, grant management, and grant administration is unrealistic, exceeds the Corporation’s capabilities and creates a substantial risk that CNCS will not be able to achieve its mission of supporting national service.

To promote the Plan’s ultimate success and provide a suitable platform for effective, risk-based grant management and reliable financial management and reporting, we strongly recommend that CNCS delay the reorganization to a regional structure until it resolves its core infrastructure deficiencies.  CNCS disagrees with our assessment, asserts that it can manage all of the associated risks successfully and intends to proceed with the reorganization on its original schedule.

The agreed-upon procedures (AUP) review of AmeriCorps grant funds to Serve Indiana and two subgrantees, the Boys and Girls Club of Wayne County Indiana (BGCWCI) and the American Red Cross of Indiana (ARCI), identified questioned Federal costs totaling $127,090, questioned matching costs of $82,157, questioned Education Awards of $20,055 and compliance findings.  Most of the questioned costs identified were caused by inadequate financial management by BGCWCI and deficiencies with the National Service Criminal History Checks (NSCHC) by ARCI.  The costs tested were incurred between October 1, 2014 and December 31, 2017.

Serve Indiana concurred with most of the findings but generally disagreed with the recommended amount of related questioned costs.  The Corporation also concurred with most of the findings, provided a detailed plan to implement certain corrective actions, and informed CNCS-OIG that it would make an independent determination about recommended questioned costs.

From August 2014 to June 2017, the North Carolina Commission on Volunteerism and Community Service (Commission) and two of its larger subgrantees claimed $16,132,771 in federal and match expenditures under the AmeriCorps State and National program. CNCS-OIG’s Agreed-Upon Procedures review (AUP) of the claimed costs discovered that $2,040,402 ($777,219 in Federal costs and $1,086,090 in match costs, as well as an additional $176,876 in questionable education awards and $217 in accrued interest) were improper or unsupported.

We found substantial unexplained disparities between the costs reported to the Federal government and those shown on the Commission’s internal general ledgers; inadequate timekeeping practices at the Commission; failure by subgrantees to perform required end-of-term evaluations for AmeriCorps members; and insufficient criminal history checks by subgrantees that the Commission failed to discover and correct. Overall, the Commission did not provide sufficient program and financial oversight of its subgrantees, as required by grant terms and the Commission’s own monitoring policy. Finally, we found that the Commission charged the AmeriCorps grant for the salary of an employee performing unrelated duties on another grant, after that grant was exhausted.

The Commission acknowledged the importance of appropriate administrative policies and procedures and strong oversight of subrecipients. It’s comprehensive response to the draft report documented that changes responsive to our recommendations are already underway. The Corporation for National and Community Service (CNCS) agreed with the majority of the recommendations. CNCS will make its final determination for all findings after the final report is issued.