Federal Reports

Beginning in FY 2017, independent auditors have been unable to render an opinion on the consolidated financial statements of AmeriCorps and the National Service Trust. The audits resulted in disclaimers of opinion and identified numerous material weaknesses that remained uncorrected. In lieu of financial statements audits for FY 2020, the OIG engaged CliftonLarsonAllen LLP (CLA) to assess AmeriCorps’ progress in resolving two areas of material weakness: AmeriCorps’ internal control program (ICP) and the National Service Trust Liability Model.Our auditors found that AmeriCorps’ internal control program testing was substantially incomplete and that key controls in many areas could not be tested due to a combination of internal and external limitations. In addition, because AmeriCorps did not complete the planned corrective actions for significant aspects of the Trust Model, we rescoped the objectives to focus on the process by which AmeriCorps validated the underlying data about member enrollment, terms of service, and entitlement to education awards. The audit found that AmeriCorps’ review process was flawed in design and could not support its stated conclusion about the accuracy of the data used in the Trust Model.AmeriCorps agreed with our recommendations to develop policies and procedures and update narratives and testing attributes to properly reflect its current ICP operations. AmeriCorps also agreed to renew focus on the FY 2019 financial statement audit recommendations and to develop and implement a detailed corrective action plan that aligns directly to the Trust Model recommendations. In addition, AmeriCorps agreed to assess and document errors and corrections in the Trust Model. AmeriCorps Management’s Response can be found in Appendix C of the report.

We audited lender reporting of COVID-19 forbearances for Federal Housing Administration (FHA)-insured loans in the Single Family Default Monitoring System (SFDMS). We compared default reporting data from SFDMS to loan data provided by five sampled servicing lenders that serviced a third of the FHA single-family portfolio. Our audit objective was to determine whether COVID-19 forbearance data available in SFDMS were consistent with the information maintained by loan servicers. We found that COVID-19 forbearance data available in SFDMS were generally consistent with the information maintained by the loan servicers reviewed. This report contains no recommendations.

The objective of our audit was to determine the extent to which the U.S. Department of Education had processes for ensuring that Federal Student Aid’s (FSA) fiscal year (FY) 2020–2024 strategic goals, objectives, and related performance indicators were effective. FSA did not have documented processes to guide its FY 2020–2024 strategic planning and to ensure that the strategic goals, objectives, and performance indicators included in the FY 2020–2024 Strategic Plan were effective. Despite FSA not having documented processes to guide its strategic planning, the strategic goals, objectives, and majority of performance indicators included in the final FY 2020–2024 Strategic Plan are effective. All 5 strategic goals and all 15 objectives are specific, measurable, achievable, relevant, and timebound. They also align with the former Secretary's goals and guidance and the Department's FY 2018–2022 Strategic Plan.

For our final report on the audit of the U.S. Census Bureau's (the Bureau's) incident response process, our audit objective was to assess the adequacy of the Bureau's process to respond to cybersecurity incidents according to federal and U.S. Department of Commerce requirements. We found the following: I. the Bureau missed opportunities to mitigate a critical vulnerability, which resulted in the exploitation of vital servers; II. the Bureau did not discover and report the incident in a timely manner; III. the Bureau did not maintain sufficient system logs, which hindered incident investigation; IV. the Bureau did not conduct a lessons-learned session; and V. the Bureau continued operating servers that were no longer supported by the vendor.