For the third year in a row, an independent audit of CNCS’s National Service Trust Fund Fiscal Year 2019 financial statements resulted in a disclaimer of opinion, the worst possible outcome for a financial statement audit. CNCS cured none of the three material weaknesses and one significant deficiency, which were first identified in the FY 2017 audit. In short, CNCS’s financial statements were unauditable and CNCS was unable to support some of its largest transactions and liabilities. The financial statements published by CNCS likely contain widespread material errors and should not be relied upon.Key audit findings were: Disclaimer of Opinion: CNCS was unable to provide adequate evidential matter to support a significant number of transactions and account balances due to inadequate processes and controls to support transactions and estimates and incomplete records to support accounting for transactions in accordance with the generally accepted accounting principles. The independent auditors were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. In addition, CNCS did not provide the documentation necessary for the auditors to assess the accuracy and completeness of certain year-end balances. Material weaknesses and significant deficiency in CNCS’s internal control over financial reporting included:o Material Weaknesses:Internal Controls Program: The system of internal controls failed to identify numerous and pervasive material weaknesses that the auditors found in financial reporting and in specific material line items on the financial statements; Financial System and Reporting: CNCS’s financial reporting was hindered by limitations in its financial system and the timing and difficulties arising from insufficient accounting staff and inadequate internal controls; Trust Obligations and Liability Model: There were inconsistencies between the assumptions used and how those assumptions were applied in the estimation of the Trust obligations and liabilities. The revised Trust model used to establish the liability included calculation errors and lacked quality controls, which impair significantly the accuracy of the reported liability; o Significant Deficiency:Information Technology Security Controls: Auditors found new and recurring weaknesses in the information security program with respect to configuration management, access control and security management. An instance of noncompliance with provisions of laws and regulations with respect to Single Audits, which could have a direct and material effect on financial statement accounts and disclosures. CNCS did not adequately monitor the effectiveness of nor fully develop performance metrics to track the CNCS single audit monitoring process.The audit report made 37 recommendations to CNCS, including immediate corrective actions to address pervasive material weaknesses and significant deficiency.CNCS’s response asserts that it has “invested significant time and effort . . . responding to previous audit recommendations” and “continues to demonstrate its commitment to improving financial management reporting and operations.” Though stating that CNCS “partially concurs with the conditions and recommendations in the report,” CNCS did not respond to specific findings. The sole exception concerns the National Service Trust, where CNCS’s response reflects a misunderstanding of the auditors’ concern, which CNCS-OIG will remedy. Finally, CNCS notes that it will be migrating to shared services for accounting at the beginning of FY 2021 and “will incorporate [the auditors’] recommendations where appropriate.”The independent accounting firm of CliftonLarsonAllen LLP, performed the audit of the CNCS’s National Service Trust Fund FY 2019 financial statements, under contract with CNCS-OIG.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
10 | No | $0 | $0 | ||
Develop comprehensive policies and procedures for the financial statements preparation process and related internal controls. The policies and procedures should address, among other subjects: | |||||
10a | No | $0 | $0 | ||
The process to determine and document CNCS’s balance fluctuation expectations. Expectations should be documented based on a combination of internal and external operating factors, and program and financial relevant information available. | |||||
10b | No | $0 | $0 | ||
The materiality threshold used to determine significant balance fluctuations that require further research should be more conservative than that used by external auditors. | |||||
10c | Yes | $0 | $0 | ||
Detailed process to research significant balance fluctuations. CNCS should research and explain all significant balance fluctuations at the account and transaction level. Maintain and have the supporting documentation readily available. | |||||
10d | No | $0 | $0 | ||
Research and retain supporting documents required for any identified account balance differences derived from its abnormal balance review or the tie point analysis. | |||||
10e | Yes | $0 | $0 | ||
Address fatal and non-fatal Government-wide Treasury Account Symbol Trial Balance edit failures. | |||||
10f | No | $0 | $0 | ||
Address all balance differences and retain supporting documentation of related research. | |||||
10g | No | $0 | $0 | ||
Document and maintain support for all prior period adjustments and changes to Net Position accounts, Cumulative Result of Operations, and Unexpended Appropriations. (repeat) | |||||
11 | No | $0 | $0 | ||
Monitor outstanding balances resulting from financial system configuration issues and fix these issues prior to data migration to the future shared service provider (Department of Treasury’s Administrative Resource Center) in FY 2021. While waiting to transition, CNCS should strengthen its current trial balance review including tie-point analysis and review of abnormal balances. (modified repeat) | |||||
12 | No | $0 | $0 | ||
Coordinate with the future shared service provider to ensure that its accounting platform is compatible with CNCS’s operations and the type of accounting transactions that the CNCS process. (new) | |||||
13 | No | $0 | $0 | ||
Develop a plan to clean up CNCS’s balances prior to migration to the shared service provider’s system (Department of Treasury’s Administrative Resource Center). The plan should include coordination with the future service provider to review CNCS balances in detail to ensure they are properly supported and can be mapped into the Administrative Resource Center’s platform. Maintain all documentation regarding meeting minutes and any mapping of account balances developed as part of the migration effort. (new) | |||||
16 | No | $0 | $0 | ||
Validate and ensure standard vouchers/journal vouchers are properly supported, documented, and are readily available for examination. (modified repeat) | |||||
17 | No | $0 | $0 | ||
Strengthen coordination between Accounting and Financial Management Services and the Office of Budget to ensure that transactions are recorded accurately and timely. (modified repeat) | |||||
18 | No | $0 | $0 | ||
Develop and implement policies and procedures for the standard vouchers/journal vouchers (SV/JV) process that include: | |||||
18a | No | $0 | $0 | ||
Tracking the sequence of SVs/JVs for completeness; | |||||
18b | No | $0 | $0 | ||
Appropriate use of SVs/JVs; | |||||
18c | Yes | $0 | $0 | ||
Determining and maintaining relevant documentation to support each SV/JV; | |||||
18d | No | $0 | $0 | ||
Use of specific and accurate SV/JV descriptions; and | |||||
18e | Yes | $0 | $0 | ||
Timely review and approval of SVs/JVs for accuracy and propriety. (modified repeat) | |||||
21 | No | $0 | $0 | ||
Complete the Trust Accounting Handbook to clearly reflect the assumptions used in the Trust Obligation and Liability Model and the Monthly Obligation and Liability Calculator, including establishing control activities; finalize materiality thresholds applied; update accounting transactions, and clearly identify periods when adjustments will be made regardless of materiality. (new) | |||||
22 | No | $0 | $0 | ||
Develop for a more standardized, secure, and automated method to estimate the Trust obligations and Trust Service Award Liability that ensures minimal human errors. As part of the ongoing CNCS’s transition to shared service, coordinate with the service provider to determine methods that would enhance the security and quality of the existing estimation models. (new) | |||||
23 | No | $0 | $0 | ||
Strengthen controls to ensure the Trust modeling is performed by trained personnel to: | |||||
23a | No | $0 | $0 | ||
Conduct detailed analysis and validation of data sources. | |||||
23b | No | $0 | $0 | ||
Review and ensure the reasonableness of assumptions used and document the rationale behind estimation assumptions. | |||||
23d | No | $0 | $0 | ||
Compare estimates with subsequent results to assess the reliability of the assumptions and data used to develop estimates. | |||||
24 | No | $0 | $0 | ||
Document and implement policies and procedures to include the following: | |||||
24a | No | $0 | $0 | ||
Establish a thorough and robust quality control process to ensure that the Trust Obligation and Liability Model (TOLM) and Monthly Obligation and Liability Calculator (Calculator) are reviewed by qualified CNCS personnel prior to relying on its outputs to record transactions. All errors identified for which management ultimately decided against making updates to the TOLM or Calculator should be documented along with an explanation as to how management arrived at the final decision; | |||||
24b | No | $0 | $0 | ||
Perform monthly reviews and reconciliations of the recorded new and outstanding obligations to ensure the accounting information is valid and proper; | |||||
24c | Yes | $0 | $0 | ||
Review obligation amounts to ensure amounts accurately reflect the status of the obligation; | |||||
24d | No | $0 | $0 | ||
Review obligations to verify that amounts, timeframe (i.e., grant dates are correctly reflected in the obligation); | |||||
24f | No | $0 | $0 | ||
Perform complete reconciliations of all outstanding obligations monthly, and ensure any discrepancies identified are promptly researched and resolved. (repeat) | |||||
25 | No | $0 | $0 | ||
Coordinate with the Office of the Chief Risk Officer (OCRO) to properly identify the National Service Trust Fund’s financial reporting risks and incorporate those risks into the OCRO’s annual testing of key controls. (modified repeat) | |||||
26 | No | $0 | $0 | ||
Develop a succession plan to ensure the required expertise is available in anticipation of planned employee turnover, particularly with respect to the complex trust calculations. CNCS needs to: | |||||
26a | No | $0 | $0 | ||
Train, mentor, and work to retain qualified employees; | |||||
26b | No | $0 | $0 | ||
Cross-train employees so that knowledge of the model will reside with multiple staff rather than with one person; and | |||||
59 | No | $0 | $0 | ||
Enforce the agency-wide information security program across the enterprise and improve performance monitoring to ensure controls are operating as intended at all facilities. (repeat) | |||||
60 | No | $0 | $0 | ||
Strengthen and refine the process for communicating CNCS facility-specific control deficiencies to CNCS facility personnel, and coordinate remediation of the control deficiencies. (repeat) | |||||
61 | No | $0 | $0 | ||
Strengthen and refine the process for holding system owners and information system security officers accountable for remediation of control deficiencies and ensuring that the appropriate security posture is maintained for CNCS information systems. (repeat) | |||||
62 | No | $0 | $0 | ||
Strengthen and refine the process for holding contractors accountable for remediation of control deficiencies in CNCS information systems. (repeat) | |||||
63 | No | $0 | $0 | ||
Implement all detailed recommendations in the FY 2019 FISMA Evaluation report. (repeat) | |||||
70 | No | $0 | $0 | ||
Develop, implement and document procedures to identify all CNCS grantees that are required to submit single audit reports with their due dates. (new) | |||||
71 | No | $0 | $0 | ||
Develop, implement and document procedures on timely follow-up for those grantees whose audits have become past due, and to ascertain why report submission was late, when the audit report will be submitted to the Federal Audit Clearinghouse, and what corrective action has been taken to prevent a report submission delay in future. (new) | |||||
72 | No | $0 | $0 | ||
Develop a practice to capture the single audit data to assess the effectiveness of the single audit report submission for all its grantees. (new) | |||||
73 | No | $0 | $0 | ||
Develop, implement and document procedures for implementing Office of Budget and Management (OMB) approved single audit report submission extensions, so that OMB approved extension approvals are documented and tracked as part of the single audit monitoring process. (new) | |||||
74 | No | $0 | $0 | ||
Update the Single Audit Resolution Policy to: Reflect the current monitoring process to track all audit findings related to CNCS-funded grants, and Address CNCS’s responsibilities as the cognizant/oversight agency and how these responsibilities would be carried out. (new) | |||||
75 | No | $0 | $0 | ||
Develop and implement procedures to monitor the effectiveness of the single audit monitoring process in accordance with the Uniform Grant Guidance, 2 Code of Federal Regulation §200.513 Responsibilities, (a) (3) (iv), related to monitoring the effectiveness of single audit findings follow-up and the effectiveness of single audits in improving grantee accountability and in their use by CNCS in making award decisions. (new) | |||||
23c | Yes | $0 | $0 | ||
Consider changes in conditions or programs that require further research and analysis. Update the assumptions when necessary. | |||||
24e | Yes | $0 | $0 | ||
Ensure obligations are sufficiently supported (i.e., by documentary evidence); and | |||||
26c | Yes | $0 | $0 | ||
Implement a peer review process to carry out the necessary quality control reviews of the Trust Obligation and Liability Model and the Monthly Obligation and Liability Calculator. (repeat) |