For the second year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2018 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS did not cure the three material weaknesses and one significant deficiency identified in the FY 2017 audit. This year, the auditors reported another new material weakness. In layman’s terms, the financial statements were unauditable and likely subject to pervasive material errors. CNCS’s financial transaction recording, processing and reporting are not sufficiently reliable to produce reliable financial statements. Key audit findings were:•Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates, and incomplete records to support accounting for transactions in accordance with generally accepted accounting principles. We were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. •Four material weaknesses and one significant deficiency in CNCS’s internal control over financial reporting. These issues included: ◦Material Weaknesses:◾Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements; ◾Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from a system upgrade, accounting staff turnover, and inadequate internal controls; ◾Trust Fund Unpaid Obligations: CNCS significantly overstated its Trust obligation balance and obligated substantially more than is necessary to pay its anticipated liabilities; and ◾Trust Service Award Liability: The model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability; ◦Significant Deficiency:◾Information Technology Security Controls: There were new and continued control weaknesses in the information security program that need to be addressed in configuration management, access control and security management.We made 45 recommendations to CNCS. The recommendations include immediate corrective actions to address pervasive material weaknesses and significant deficiency. CNCS responds that it “does not entirely concur” with the findings and recommendations, but does not specify its disagreements or the basis for them. CNCS provides various reasons aned explanations for the difficulties that it encountered, but the auditors have not audited and cannot validate these explanations.The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS’s National Service Trust Fund FY 2018 financial statements, under contract with CNCS-OIG.
Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 10a | No | $0 | $0 | ||
| The process to determine and document CNCS’s balance fluctuation expectations should be based on a combination of internal and external operating factors, and program and financial relevant information available.Pending since FY 2017 | |||||
| 10b | No | $0 | $0 | ||
| The materiality threshold used to determine significant balance fluctuations that require further research should be more conservative than that used by external auditors and consistent with the materiality thresholds used by the OCRO (as part of the OCRO’s OMB Circular No. A‐123 assessment) to ensure integration and consistency between AFMS and OCRO.Pending since FY 2017 | |||||
| 10c | No | $0 | $0 | ||
| Detailed process to research significant balance fluctuations. CNCS should research and explain all significant balance fluctuations at the account and transaction level. Maintain and have the supporting documentation readily available.Pending since FY 2017 | |||||
| 10e | Yes | $0 | $0 | ||
| Research and retain supporting documents required for any identified account balance differences derived from its abnormal balance review or the tie point analysis.Pending since FY 2017 | |||||
| 10f | No | $0 | $0 | ||
| Address fatal and non‐fatal Government wide Treasury Account Symbol Trial Balance (GTAS) edit failures.Pending since FY 2017 | |||||
| 10g | No | $0 | $0 | ||
| Address all balance differences and retain supporting documentation of related research.Pending since FY 2017 | |||||
| 18 | No | $0 | $0 | ||
| Develop a plan to upgrade its financial system to include OC codes which should be associated with USSGL in accordance with OMB Circular No. A‐11.Pending since FY 2017 | |||||
| 19 | No | $0 | $0 | ||
| Provide mandatory training to CNCS accounting staff on the proper use of OC, sub general ledger accounts, and document/transaction types on all obligation and expense transactions. | |||||
| 27a | No | $0 | $0 | ||
| tracking the sequence of SVs for completeness; | |||||
| 27b | No | $0 | $0 | ||
| appropriate use of SVs; | |||||
| 27c | No | $0 | $0 | ||
| determining and maintaining relevant documentation to support each SV; | |||||
| 27d | No | $0 | $0 | ||
| use of specific and accurate SV descriptions; | |||||
| 29a | No | $0 | $0 | ||
| review obligations to verify that amounts, timeframe (i.e., grant dates are correctly reflected in the obligation) and age are accurately reflected in the status of the obligation to confirm their validity;Pending since FY 2017 | |||||
| 29b | No | $0 | $0 | ||
| ensure obligations are sufficiently supported (i.e., by documentary evidence);Pending since FY 2017 | |||||
| 29d | No | $0 | $0 | ||
| perform complete reconciliations of all outstanding obligations monthly, and ensure any discrepancies identified are promptly researched and resolved.Pending since FY 2017 | |||||
| 35 | No | $0 | $0 | ||
| Develop a succession plan to ensure the required expertise is available in the event of employee turnover. Such succession planning is key to helping CNCS continue achieving its internal and external reporting objectives. CNCS needs to:Pending since FY 2017 | |||||
| 35a | No | $0 | $0 | ||
| Train, mentor, and work to retain qualified employees;Pending since FY 2017 | |||||
| 35b | No | $0 | $0 | ||
| Institute continued cross‐training so that knowledge of the model will reside with multiple staff rather than with one person; andPending since FY 2017 | |||||
| 35c | No | $0 | $0 | ||
| Implement a peer review process to carry out the necessary quality control reviews of the TSAL model.Pending since FY 2017 | |||||
| 36 | No | $0 | $0 | ||
| Strengthen controls to ensure the TSAL modelling is performed by trained personnel to: | |||||
| 36a | No | $0 | $0 | ||
| Conduct detailed analysis and validation of data sources; | |||||
| 36b | No | $0 | $0 | ||
| Review and ensure the reasonableness of assumptions used and document the rationale behind these assumptions; | |||||
| 36c | No | $0 | $0 | ||
| Consider changes in conditions or programs that require further research and analysis. Update the assumptions when necessary; | |||||
| 36d | No | $0 | $0 | ||
| Compare estimates with subsequent results to assess the reliability of the assumptions and data used to develop estimates. | |||||
| 6040 | No | $0 | $0 | ||
| Develop a multi‐year strategy to better strategically prioritize and allocate resources to address the new and continuing weaknesses identified and work towards automation, continuous monitoring and consistent application of controls. | |||||
| 6141 | No | $0 | $0 | ||
| Enforce the agency‐wide information security program across the enterprise and improve performance monitoring to ensure controls are operating as intended at all facilities.Pending since FY 2017 | |||||
| 6242 | No | $0 | $0 | ||
| Strengthen and refine the process for communicating CNCS facility specific control deficiencies to CNCS facility personnel, and coordinate remediation of the control deficiencies.Pending since FY 2017 | |||||
| 6343 | No | $0 | $0 | ||
| Strengthen and refine the process for holding system owners and information system security officers accountable for remediation of control deficiencies and ensuring that the appropriate security posture is maintained for CNCS information systems.Pending since FY 2017 | |||||
| 6444 | No | $0 | $0 | ||
| Strengthen and refine the process for holding contractors accountable for remediation of control deficiencies in CNCS information systems.Pending since FY 2017 | |||||
| 6545 | No | $0 | $0 | ||
| Implement all detailed recommendations in the FY 2018 FISMA Evaluation report.Pending since FY 2017 | |||||
| 27e | Yes | $0 | $0 | ||
| timely review and approval of SVs; and | |||||
