Federal Reports

Pursuant to the Federal Information Security Modernization Act of 2014 (FISMA), an independent external auditor, on behalf of OIG conducted an annual independent audit of AmeriCorps’ information security program and practices. The fiscal year (FY) 2025 FISMA audit concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2025. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) Cybersecurity Governance, (2) Risk and Asset Management, (3) Configuration Management, (4) Information Security Continuous Monitoring, and (5) Contingency Planning. AmeriCorps concurred with the findings and recommendations and remains committed to addressing cybersecurity risks.  AmeriCorps’ response is included in its entirety in Appendix D of the audit report. Nine new recommendations added as a result of this year’s audit and five recommendations related to prior years’ audits will remain open until corrective actions have been fully implemented.

The Office of Inspector General engaged the independent public accounting firm Harper, Rains, Knight, & Company, P.A. (HRK) to conduct the annual Federal Information Security Modernization Act (FISMA) evaluation and complete the FY 2025 Inspector General (IG) FISMA Reporting Metrics.  

The objective of the evaluation was to assess the effectiveness of the Commission's information security program and practices for FY 2025.  HRK determined the Commission’s maturity levels were consistently implemented and its information security program and practices were effective.

HRK identified one new finding with three corresponding recommendations.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

Independent auditors have declined to issue an opinion on AmeriCorps’ financial statements for the ninth year. They issued a disclaimer of opinion reporting 11 material weaknesses and two significant deficiencies and added three new recommendations. The auditors, however, verified that AmeriCorps took appropriate actions to close 5 of the 77 prior year recommendations. As a result of this audit, there are now 75 open recommendations.

All eleven of the material weaknesses are recurring, three of them since FY 2017, five since FY 2018, one since FY 2021, and two since FY 2022. AmeriCorps included in its Annual Management Report a Statement of No Assurance, acknowledging that its system of internal controls does not currently provide the necessary level of assurance towards the effectiveness of internal control over operations, reporting, and compliance. This is the sixth consecutive year that AmeriCorps has issued a No Assurance statement. 

AmeriCorps acknowledged the disclaimer of opinion and expressed concurrence to eight material weaknesses and two significant deficiencies. However, AmeriCorps did not concur with three material weaknesses. AmeriCorps did not specify which material weaknesses it agreed or disagreed with in its response to the report. AmeriCorps’ response is included in its entirety in Exhibit D of the audit report. The 75 recommendations will remain open until corrective actions have been fully implemented.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $278 million. 

AmeriCorps has been unable to produce auditable financial statements for the last nine years. This year, independent auditors issued another disclaimer of opinion, reporting five material weaknesses and one significant deficiency and added two new recommendations. The auditors, however, verified that AmeriCorps took appropriate actions to close 4 of the 32 prior year recommendations. As a result of this audit, there are now 30 open recommendations. 

KPMG LLC conducted an annual independent audit to determine the effectiveness of the DOI’s FY 2025 FISMA programs and practices.

Final OIG Letter to OMB on FTC Charge Card Risk Assessment