Federal Reports

Independent auditors have declined to issue an opinion on AmeriCorps’ financial statements for the ninth year. They issued a disclaimer of opinion reporting 11 material weaknesses and two significant deficiencies and added three new recommendations. The auditors, however, verified that AmeriCorps took appropriate actions to close 5 of the 77 prior year recommendations. As a result of this audit, there are now 75 open recommendations.

All eleven of the material weaknesses are recurring, three of them since FY 2017, five since FY 2018, one since FY 2021, and two since FY 2022. AmeriCorps included in its Annual Management Report a Statement of No Assurance, acknowledging that its system of internal controls does not currently provide the necessary level of assurance towards the effectiveness of internal control over operations, reporting, and compliance. This is the sixth consecutive year that AmeriCorps has issued a No Assurance statement. 

AmeriCorps acknowledged the disclaimer of opinion and expressed concurrence to eight material weaknesses and two significant deficiencies. However, AmeriCorps did not concur with three material weaknesses. AmeriCorps did not specify which material weaknesses it agreed or disagreed with in its response to the report. AmeriCorps’ response is included in its entirety in Exhibit D of the audit report. The 75 recommendations will remain open until corrective actions have been fully implemented.

The National Service Trust holds the funds set aside to pay the education awards of national service members who successfully complete their service terms. Responsibility for the education awards that have been earned or will be earned in the near future is the largest liability on AmeriCorps’ financial statements at $278 million. 

AmeriCorps has been unable to produce auditable financial statements for the last nine years. This year, independent auditors issued another disclaimer of opinion, reporting five material weaknesses and one significant deficiency and added two new recommendations. The auditors, however, verified that AmeriCorps took appropriate actions to close 4 of the 32 prior year recommendations. As a result of this audit, there are now 30 open recommendations. 

KPMG LLC conducted an annual independent audit to determine the effectiveness of the DOI’s FY 2025 FISMA programs and practices.

Memorandum to the Chairman of the Railroad Retirement Board regarding OIG's fiscal year 2025 risk assessments for the Government Charge Card abuse Prevention Act of 2012.                

The VA OIG conducts information security inspections to assess whether VA facilities meet federal security requirements. The OIG followed up on an inspection it conducted at the VA Beckley Healthcare System in West Virginia in 2023.
During this follow-up inspection, the OIG identified substantial progress in addressing prior recommendations, and some continued deficiencies in configuration management, security management, and access controls.

For configuration management, the team identified one deficiency over vulnerability remediation: the healthcare system did not meet required timelines for addressing critical vulnerabilities and lacked necessary remediation plans, leaving outdated software on numerous systems. Additionally, the OIG identified several unique high and critical vulnerabilities within the network that were not reflected in the agency’s standard vulnerability reports.

The healthcare system had deficiencies in three security management controls: a special-purpose system lacked authorization to operate; a special-purpose system had inappropriate security categorizations; and staff had administrative access and a lack of separation of duties for managing a pharmacy inventory system.

Finally, the healthcare system had deficiencies in physical controls restricting access to computer rooms, although the facility was addressing these deficiencies. The team also found that the facility was not monitoring the destruction of temporary records as required.

The OIG made three recommendations to the assistant secretary of information and technology, who also serves as the chief information officer, and two recommendations to the Beckley VA Medical Center director. VA concurred with four recommendations and did not concur with one. Nevertheless, the OIG noted VA provided sufficient evidence of implementation for four of the recommendations (including the one VA did not concur with) and considers those recommendations closed. The OIG will monitor implementation of the remaining recommendation.

Why We Did This Report

The OIG conducted this audit to determine whether the EPA appropriately identified and resolved improper payments during its annual review of the State Revolving Fund Program.
 

Summary of Findings

The EPA did not appropriately identify unknown and improper payments or properly track them for reporting and resolution, which resulted in the Agency’s regions underreporting unknown and improper payments by approximately $54.4 million for fiscal year 2022 and $8.8 million for fiscal year 2023 for the transactions we reviewed.

Semiannual Report to Congress, highlighting the activities and accomplishments of the U.S. AbilityOne Commission Office of Inspector General from April 1, 2025, through September 30, 2025.