Management Report: Improvements Needed in IRS's Internal Controls

IRS re-emphasized this policy by e-mail to Background Investigations Coordinators and Personnel Officers on September 30, 2002, and during a conference call on October 9, 2002. In addition, the Personnel Security and Investigations staff created and distributed an Excel file that calculates the date when fingerprint results expire. IRS staffs have received instructions on how to use the spreadsheet and to annotate Case Closing documentation. As a result, Personnel Offices are enforcing the 180-day policy for fingerprint results. During its fiscal year 2003 financial audit, GAO noted only five instances in over 12,000 hires where individuals were hired with fingerprint results over 180-days old.

During 2002, FMS issued an amendment to the courier Memorandum of Understanding (MOU), which included the requirement that all courier employees satisfy the basic investigation, including a Federal Bureau of Investigation (FBI) fingerprint and name check. All ten IRS campuses now have a contact responsible for submitting paperwork to the National Background Investigations Center (NBIC) and ensuring courier employees are granted clearance. During 2003, IRS required NBIC to provide monthly status reports of the campus compliance with this requirement. Finally, during fiscal year 2006, all courier MOUs and NBIC reports were received monthly, enabling IRS to identify problems and issues more quickly. During our fiscal year 2006 audit, we found no instances in which updated courier service contracts did not contain the requirements for background and fingerprint checks, and conclude that IRS's actions have effectively addressed this recommendation.

IRS reported that its Security Review Team reviews monthly compliance with the courier requirements. For the five campuses where IRS holds the courier contract, the Security Review Team was required to verify the campus has a valid insurance certificate valued at $1 million. For the five campuses with FMS negotiated agreements, FMS drafted a memorandum to the financial institutes advising them to regularly provide a copy of the insurance certificates to IRS. The 2003 LPG included this procedure in Section 2.8.4.1. The campus now has a bonded courier who is delivering the deposits to the depository on a daily basis. All procedures are in place to provide a copy of the $1 million dollar insurance binder to all campuses and headquarters on an annual basis. During the fiscal year 2004 audit, GAO verified that IRS had established procedures to verify that courier services are adhering to the standards established for them by IRS, including the requirement that the courier service have insurance coverage. This was also included in the 2004 LPG. GAO found no instances in which the required proof of insurance was not available during its fiscal year 2004 visits to four SPCs and four lockbox banks.

IRS reported that on February 6, 2004, IRS issued information alert W&I-IA-2002-63-2004 specifying the items that are prohibited from the secure receipt processing areas and requiring that employees use clear plastic bags to transport small items not carried on their person in and out of the secure areas. First line managers or a designated representative conduct, at minimum, monthly random reviews of employee compliance with all security policies as they relate to personal belongings in the secure receipt processing areas. In addition, Campus Security Review Teams conduct monthly reviews to ensure compliance with these procedures. These procedures were added via Information Alerts to Internal Revenue Manuals pertaining to the secure receipt processing areas. GAO did not find any instances of inappropriate personal belongings in receipt processing areas at the four SPCs it visited during its fiscal year 2004 IRS financial statement audit.

IRS's Taxpayer Assistance Center (TAC) procedures now prohibit storing of personal items with any taxpayer related documents. These procedures further prohibit storing taxpayer receipts in the same storage container with employee personal items. IRS also requires that personal items and taxpayer related documents must not be stored in the same container under the same locking device. We verified that IRS prohibits its employees from storing personal belongs with any taxpayer related documents.

IRS reported that additional guidance was issued to Submission Processing field employees on February 28, 2005, reinforcing the importance of ensuring that Submission Processing candling procedures and policies are followed. The Internal Revenue Manual (IRM) 3.10.72 has been revised to specify precise candling methods, as well as specific illumination measures of light. In addition, new requirements were implemented to turn large envelopes that cannot be easily opened on all three sides, inside out. This requirement is part of the campus monthly security reviews. All findings are shared with Submission Processing field directors. Local management continues to remind employees of the importance of candling of envelopes on a regular basis through individual and group meetings to ensure compliance with this requirement. GAO verified that the IRM has been updated to provide specific instructions regarding the candling processes for different types of mail processed by service center campuses

IRS reported that the Internal Revenue Manual (IRM) 3.10.72 now has procedures prohibiting a single employee from performing the final candling in a remote location. This requirement is part of the campus monthly security reviews. All findings are shared with Submission Processing field directors. Local management continues to remind employees of candling requirements through individual and group meetings to ensure compliance with this requirement. GAO verified that IRS had established and implemented procedures prohibiting a single employee from performing final candling in a remote location. In addition, GAO did not identify any instances in which final candling were performed by only one individual.

IRS reported that it included guidelines in its fiscal year 2003, Field Assistance Operating Procedures (FAOP), stating that all Taxpayer Assistance Centers will accept all standard forms of payments from customers including checks, money orders, and cash. GAO verified that IRS included this guideline in its fiscal year 2003 FAOP.

IRS reported that it monitored adherence to the policy of accepting cash payments during operational reviews conducted in fiscal year 2004. No discrepancies were identified. The Director, Field Assistance, granted an exception to the requirement of accepting cash payments in some Taxpayer Assistance Centers (TACs) with two or fewer persons. These are locations where the volume of cash payments received is minimal. TACs have agreements with other functions to accept cash payments, or financial institutions nearby, making conversion easy for the taxpayers. The IRS revised the IRM in fiscal year 2004 to reflect these exceptions. During the fiscal year 2004 audit, GAO found that IRS had monitored adherence to its policy of accepting cash payments. GAO did not identify any issues regarding IRS refusing to accept cash payments of taxes.