Federal Reports

This report includes EAC OIG’s independent assessment of the top management challenges facing EAC in fiscal year 2025.

The Office of Inspector General's annual plan outlines the work planned for the year ahead, including agency wide audits or evaluations, mandated reviews, and which posts may receive audits or evaluations.

Pursuant to the Federal Information Security Modernization Act of 2014 (FISMA), an independent external auditor, on behalf of OIG conducted an annual independent audit of AmeriCorps’ information security program and practices. The fiscal year (FY) 2024 FISMA audit concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2024. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) inventory management, (2) supply chain risk management program, (3) vulnerability and patch management program, (4) personnel screening process, (5) authorization packages, (6) logging, and (7) contingency planning. AmeriCorps did not specify the findings and recommendations with which they were in agreement or disagreement. AmeriCorps’ response is included in its entirety in Appendix IV of the audit report. The recommendations related to the seven findings will remain open until corrective actions have been fully implemented.

Independent auditors have declined to issue an opinion on AmeriCorps’ financial statements for the eighth year. They issued a disclaimer of opinion reporting 11 material weaknesses and two significant deficiencies and added three new recommendations. The auditors, however, verified that AmeriCorps took appropriate actions to close 20 of the 95 prior year recommendations. As a result of this audit, there are now 78 open recommendations.

All eleven of the material weaknesses are recurring, three of them since FY 2017, five since FY 2018, one since FY 2021, and two since FY 2022. AmeriCorps included in its Annual Management Report a Statement of No Assurance, acknowledging that its system of internal controls does not currently provide the necessary level of assurance towards the effectiveness of internal control over operations, reporting, and compliance. This is the fifth consecutive year that AmeriCorps has issued a No Assurance statement.

AmeriCorps acknowledged the disclaimer of opinion and expressed concurrence to six material weaknesses and two significant deficiencies. However, AmeriCorps did not concur with five material weaknesses. AmeriCorps did not specify with which material weaknesses it was in agreement or disagreement in its response to the report. AmeriCorps’ response is included in its entirety in Exhibit IV of the audit report. The 78 recommendations will remain open until corrective actions have been fully implemented.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $287 million.

AmeriCorps has been unable to produce auditable financial statements for the last eight years. This year, independent auditors issued another disclaimer of opinion, reporting five material weaknesses and one significant deficiency. The auditors, however, verified that AmeriCorps took appropriate actions to close 16 of the 46 prior year recommendations. The remaining 30 recommendations continue to be valid and open, seven of them in modified form. The auditors also made three new recommendations, for a total of 33.