So, as part of your NCM product for downloading configurations - there is an excellent tool for doing Security related checks and reporting. Take a look at Compliance. You can create a rule that searches for a string (or regex) of "username" Use a Compliance Policy to assign that rule to a group of nodes, and then create a report from the output of that policy. It is all in same tool.
You can use Compliance to search and report on pretty much any item that is in the configuration files. Strings are good for literal things, regex for finding groups of things (Interface*Fast* would get fast ethernet ports) and providing reports of # of "violations" of your rules, or, the reverse. You should find things like no call home - please tell me the configs missing it.