Management Report:

Improvements Needed in IRS's Internal Controls

GAO-05-247R: Published: Apr 27, 2005. Publicly Released: Apr 27, 2005.

Additional Materials:

Contact:

Cheryl E. Clark
(202) 512-9521
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In November 2004, we issued our report on the results of our audit of the Internal Revenue Service's (IRS) financial statements as of, and for the fiscal years ending, September 30, 2004 and 2003, and on the effectiveness of its internal controls as of September 30, 2004. We also reported our conclusions on IRS's compliance with significant provisions of selected laws and regulations and on whether IRS's financial management systems substantially comply with requirements of the Federal Financial Management Improvement Act of 1996. A separate report on the implementation status of recommendations from our prior IRS financial audits and related financial management reports, including this one, will be issued shortly. The purpose of this report is to discuss issues identified during our fiscal year 2004 audit regarding internal controls that could be improved for which we do not currently have any recommendations outstanding. Although not all of these issues were discussed in our fiscal year 2004 audit report, they all warrant management's consideration.

During our fiscal year 2004 audit, we identified a number of internal control issues that adversely affected safeguarding of tax receipts and information, refunds to taxpayers, and lien resolutions. These issues concern (1) enforcement of IRS contractor background investigation policies, (2) omission of certain provisions related to contingency plans and taxpayer privacy in lockbox bank service contracts, (3) verification of lockbox bank deposits, (4) procedures for handling taxpayer receipts and information by couriers, (5) safeguarding sensitive systems and equipment in lockbox banks, (6) candling procedures, (7) monitoring and verifying recording and transmittal of taxpayer receipts and information, (8) controls over automated refund disbursements, (9) controls over authorization of manual refunds, and (10) resolution of liens with manually calculated interest or penalties. These issues increase the risk that (1) taxpayer receipts and information could be lost, stolen, misused, or destroyed; (2) improper refunds to taxpayers could be disbursed; and (3) liens could be released before taxpayers have paid the full amount of interest or penalties due.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: IRS should specify in the IRM how to properly verify interest and penalties for accounts with liens with manually calculated interest or penalties.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS conducted a study of accounts containing manually calculated interest or penalties and determined that the manually calculated amounts were insignificant. Consequently, IRS reprogrammed its Automated Lien System (ALS) to automatically release liens once the taxpayer's account was full paid. During GAO's audit of IRS's fiscal year 2007 financial statements, it obtained and reviewed a computer extract showing that taxpayer accounts containing manually calculated interest or penalty are no longer being held up from automated lien release.

    Recommendation: IRS should formulate a policy to require that critical utility or security controls not be located in areas requiring frequent access.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS stated that its Mission Assurance (MA) and Security Services (SS) units worked with the Business Operating Divisions (BOD) and Procurement to formulate policy guidelines. The Lockbox Policy Guidelines, dated 01/10/06, have been revised. Lockbox Security Guide (LSG) 2.2.1 Main Utility Feeds, includes physical protection of all utilities against accidental or intentional disruption of services. Exterior utilities will be physically protected with bollards, fencing, or similar obstruction to prevent destruction. Where critical controls relative to utility feeds and security systems are located in rooms or areas frequented by contract employees, there must be continuous closed-circuit television (CCTV) coverage as well as tamper proof devices on those controls such as fencing, locks or other protections. LSG 2.2.2.12 page 18(5) has been revised to state that to prevent unauthorized access to control panels or critical systems, keys must be secured and controlled. GAO verified that the revisions to the LSG require physical protection of all main utility feeds against accidental or intentional disruptive of service. While the LSG does not require that critical utility or security controls not be located in areas requiring frequent access, the LSG does require that frequently accessed areas where utility feeds are present must be continuously monitored with CCTV coverage as well as tamper proof devices installed on those controls such as fencing, locks, or other protections, and therefore, meets the objective of the recommendation.

    Recommendation: IRS should develop alternative back-up plans that are consistent with IRS courier policies and procedures to address instances in which only one courier reports for transport of taxpayer receipts or information, such as requiring that a service center or lockbox bank employee accompany the courier to the depository.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the 2005 Lockbox Processing Guidelines (LPG) 4.2.3.1 "Courier Contingency Plan" was updated on July 18, 2005, (effective Aug. 29, 2005) to include a plan that ensures the security of receipts if courier requirements are not met, or the courier contractor is unable to send suitable replacement couriers in time to meet the bank's deposit deadline. Submission Processing campuses submitted contingency plans in May 2005, which outline what deposit managers are to do in the event that couriers are unable to transport a deposit in the event of non-compliance with contract requirements, vehicle breakdown, or other reasons. In addition, the implementation of the Courier Daily Checklist in April 2005 has continued to work smoothly. During its fiscal year 2005 audit, GAO verified that IRS had updated its LPG for lockbox banks and submitted contingency plans for service center campuses, which outline what to do if couriers are unable to transport a deposit in the event of non-compliance with contract requirements.

    Recommendation: IRS should periodically verify that contractors entrusted with taxpayer receipts and information offsite adhere to IRS procedures.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS's Submission Processing revised the Lockbox Security Guidelines (LSG) in 2007 to require periodic verification that couriers adhere to IRS policy while transporting taxpayer receipts and information. Specifically, IRS stated that at service center campuses (SCC), IRS ensures couriers sign, date, and notate the time of pick up on form 10160, Receipt for Transport of IRS Deposit, and ensure the form is date and time stamped at the time of drop off at the financial institution. Each campus reviews the form and notates any time discrepancies. IRS stated that any discrepancies found will prompt the campus to (1) question the couriers, (2) record the finding in the Courier Incident Log, and (3) use their discretion to make a determination whether or not it is necessary to trail the couriers. GAO verified that IRS revised its LSG to include provisions for periodic verification that couriers adhere to IRS procedures for transporting taxpayer receipts and information. GAO also noted that procedures were established at the campuses involving the review of the returned Form 10160.

    Recommendation: IRS should provide a written reminder to courier contractors of the need to adhere to all courier service procedures.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: In February 2007, IRS's Submission Processing issued an annual reminder memorandum to all courier contractors. In addition, the lockbox banks security team verified that all lockbox bank sites issued similar memorandums reminding them that they must adhere to all of the courier service security procedures in the Lockbox Security Guidelines (LSG). GAO verified that IRS issued reminder memorandums to the service center campus (SCC) and lockbox bank couriers.

    Recommendation: IRS should better enforce the LPG requirement that lockbox bank couriers annotate the time of delivery on receipts for deposits of taxpayer remittances.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Lockbox Processing Guidelines (LPG) 4.2.3.1.8, Receipt for Transport of IRS Lockbox Bank Deposit Form, was updated on January 1, 2005, to require lockbox bank couriers to annotate the time of delivery of receipts for deposits of taxpayer remittances. New Security Performance Measures have been developed to measure and rate each site's overall adherence to security guidelines and provides incentives/disincentives accordingly. Mission Assurance and Financial Management Service security support the Lockbox Policy and Procedures Program Office in conducting security reviews. Reviews will rate each site's compliance to physical, personnel, courier, and Information Technology security. Security Performance Measures is scheduled to be fully implemented by January 2006. To further prepare for filing season each year, each bank is now required to certify that it is adhering to security guidelines. During its fiscal year 2005 audit, GAO verified that IRS updated the LPG to require that couriers annotate the time of delivery of receipts for deposits of taxpayer remittances. Further, GAO did not find any instance during its fiscal year 2005 testing in which the courier did not annotate the time the courier received the deposit from the bank personnel.

    Recommendation: IRS should revise the LPG to require that deposit receipts for taxpayer remittances be time- and date-stamped.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Lockbox Processing Guidelines (LPG) were updated on January 1, 2005--LPG 4.2.3.1.8, Receipt for Transport of IRS Lockbox Bank Deposit Form--to require the courier service employee to return the form to the lockbox site on the next business day, ensuring the following information is completed on the form: the depository bank employee's name and signature, the date the deposit was received by the depository, and the time the deposit was received by the depository. During its fiscal year 2005 audit, GAO verified that IRS updated the LPG to require that deposit receipts for taxpayer remittances include the time and date of receipt by the depository institution.

    Recommendation: IRS should revise the LPG to require that (1) lockbox couriers promptly return deposit receipts to the lockbox banks following delivery of taxpayer remittances to depositories and (2) lockbox banks promptly review the returned deposit receipts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that its Lockbox Policy and Procedures Section updated the Lockbox Processing Guidelines (LPG) on January 1, 2005--LPG 4.2.3.1.8, Receipt for Transport of IRS Lockbox Bank Deposit Form, which requires the lockbox site to receive back by the next business day the original completed Receipt for Transport of IRS Lockbox Bank Deposit Form with the bank representative's name and signature and date and time the deposit was received by the depository. Each day the lockbox site must reconcile the Receipt for Transport of IRS Lockbox Bank Deposit Form(s) to ensure receipt of dedicated service (e.g., the time between release to the courier and the release to the bank is not in excess). If discrepancies are found, the lockbox field coordinator should be notified immediately. During its fiscal year 2005 audit, GAO verified that IRS updated the LPG to require that (1) lockbox couriers return, on the next business day, deposit receipts to the lockbox banks following delivery of the taxpayer remittances to depositories, and (2) lockbox banks promptly review, on a daily basis, the returned deposit receipts.

    Recommendation: IRS should review lockbox bank courier and shredding contracts to ensure that they address all privacy-related criteria and include clear reference to privacy-related laws and regulations.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Lockbox Processing Guidelines (LPG) 4.2.3(2)--Courier Services, which require lockbox banks to ensure all bonded courier/armored car agreements address all privacy-related criteria and include clear reference to privacy-related laws and regulations, were updated on January 1, 2005. Effective January 1, 2006, in addition to the above requirement, the Lockbox Security Guidelines (LSG) 2.17.6 (2)(a) added the requirement that all lockbox banks ensure shred company contracts contain clear reference to the privacy-related laws and regulations. In October 2005, the Lockbox Policy and Procedures team reviewed and confirmed that all courier and shred contracts contained all privacy related criteria. Banks must submit their contracts to the Lockbox Policy and Procedures team for their review by October 1st of each year. The courier contract is also reviewed by the IRS and Financial Management Service security staff during the on-site courier security review. During its fiscal year 2005 audit, GAO verified that the courier and shredding contracts had the required privacy-related language and related provisions set forth in the Privacy Act of 1974. In addition, GAO verified that the LSG requires lockbox banks to ensure that all bonded courier agreements contain privacy-related language and reminds couriers of their responsibility to not disclose taxpayer information.

    Recommendation: IRS should revise the LPG to specify that courier contingency plans be available at the lockbox banks.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Lockbox Processing Guidelines (LPG) 4.2.3.1(1) were updated on June 30, 2005, to state that all banks must maintain a signed copy of the courier contingency plan on-site. During its fiscal year 2005 audit, GAO verified that IRS revised the LPG to specify that courier contingency plans be available at lockbox banks.

    Recommendation: IRS should review lockbox bank courier contingency plans to help ensure that they incorporate all contingencies specified in the "Lockbox Processing Guidelines" (LPG).

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that contingency plans were provided by all lockbox sites by March 31, 2005, and were part of the Filing Season Readiness (FSR) Plan. The Lockbox Processing Guidelines (LPG) 4.2.3.1 states "the contingency plan must cover labor disputes, employee strikes, inclement weather, natural disasters, traffic accidents, and unforeseen events." The lockbox coordinators reviewed the contingency plans to ensure that these issues were addressed. The lockbox coordinators interpreted the contingency plans to be complete; for example, the coordinators may have viewed contingencies covering natural disasters as sufficient to address inclement weather even though the term "inclement weather" was not specifically stated in the plan. GAO disagreed, citing continued areas of deficiencies. In September 2005, the Financial Management Service (FMS) and IRS security team conducted an additional review of each site's courier contingency plans to ensure compliance. Their review indicated that in order to increase consistency and ensure the plans are clearly documented, strengthening of the contingency plan requirements was necessary. The 2006 Lockbox Security Guidelines (LSG) 2.7 (1) and (2) includes clarification of the requirements for the courier contingency plans. Review of the contingency plans to ensure incorporation of all of the requirements is now assigned to the IRS/FMS security team as part of the on-site courier contingency review. GAO verified that IRS and FMS jointly reviewed the lockbox bank courier contingency plans and as a result included language in the LSG clarifying that before courier contracts are implemented, couriers must provide a disaster contingency plan to the lockbox bank addressing specific contingencies.

    Recommendation: IRS should require that courier contracts call for couriers to submit contingency plans to lockbox banks.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that it updated the Lockbox Processing Guidelines (LPG) 4.2.3.1, Courier Contingency Plan, on January 1, 2005, to require that prior to implementation of the contract, the courier service must provide the lockbox with a disaster contingency plan. The contingency plan must cover labor disputes, employee strikes, inclement weather, natural disasters, traffic accidents, and unforeseen events. During its fiscal year 2005 audit, GAO verified that IRS updated the LPG to require that courier service contractors must provide the lockbox bank with a disaster contingency plan.

    Recommendation: IRS should require that background investigation results for contractors (or evidence thereof) be on file where necessary, including at contractor worksites and security offices responsible for controlling access to sites containing taxpayer receipts and information.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS's Program, Planning, and Policy Office finalized and issued a revision to the Internal Revenue Manual (IRM). The revision requires, among other things, that an interim or final background investigation letter must be retained and filed in the identification media file for each contractor. GAO verified that IRS finalized and issued the revision to its IRM and, during its audit of IRS's fiscal year 2008 financial statements, it found no exceptions in its review of documentation of background investigations of contract staff.

    Recommendation: IRS should enforce its existing requirement that appropriate background investigations be completed for contractors before they are granted staff-like access to service centers.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS's Program, Planning, and Policy Office finalized and issued a revision to the Internal Revenue Manual (IRM). The revision specifies that red photo ID cards may be issued to IRS contract employees who have a daily need on a continuing basis to be on site at a facility over a period of time, and who have been granted interim or final staff-like access to a facility/work area with sensitive systems or information, but that before such an ID card may be issued, the contracting officer's technical representative must provide the Physical Security Office with a copy of the Personnel Security background completion.

    Recommendation: IRS should require lockbox bank management to position closed-circuit television cameras to enable monitoring of secured areas containing sensitive systems or controls.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS stated that its Mission Assurance unit has developed and incorporated a close-circuit television (CCTV) evaluation matrix into the security review process ensuring that critical areas and assets are monitored. The January 1, 2007, Lockbox Security Guide (LSG) was revised under (CCTV Cameras) LSG 2.2.2.13.1 (6) and it states that Pan, Tilt, Zoom (PTZ) cameras shall be installed in mail sorting, mail delivery, mail extraction, exceptions processing and certified mail processing areas to ensure sites have the capability to observe, monitor, and record mail extraction activity and to assist in monitoring. Also, the LSG requires that the IRS security controls, equipment, and utilities must be locked to prevent tampering and that keys will be controlled and limited to authorized bank employees. Mission Assurance also included key and combination controls and management as part of its review process at the banks. GAO verified that the LSG requires physical protection of all main utility feeds against accidental or intentional disruption of service. While the LSG does not require that critical utility or security controls not be located in areas requiring frequent access, the LSG does require that frequently accessed areas where utility feeds are present must be continuously monitored with CCTV coverage, as well as tamper proof devices installed on those controls such as fencing, locks, or other protections, and therefore, effectively addresses the issues that gave rise to the recommendation.

    Recommendation: IRS should periodically monitor lockbox banks' adherence to the LPG requirement that keys be kept in secured containers within the secured perimeter.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Lockbox Security Guidelines (LSG) were revised and published on January 1, 2006. The LSG requires strict control of keys, panels, and access to rooms and areas that contain facility utilities and controls. Lockbox banks are monitored and reviewed to ensure compliance to the policy. The Lockbox Physical Security Checklist includes checks to verify compliance to the policy. Five lockbox reviews have been conducted subsequent to publication of the LSG, and IRS has not observed any instances of this finding at any of the sites reviewed. During its fiscal year 2005 audit, GAO verified that IRS periodically monitored adherence to this requirement during IRS's lockbox bank security reviews.

    Recommendation: IRS should assess technologies that may be exempt from the visual inspection requirement to determine whether they are acceptable methods of satisfying candling objectives and, if so, add such technologies to the LPG list of accepted candling methods.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that its Lockbox Policy and Procedures staff determined that current technologies are not exempt from the candling requirement and added to the 2005 Lockbox Processing Guidelines (LPG) 3.2.8(1) that envelopes opened (either manually or by OPEX) on three or more sides must be candled once on the candling tables. All other envelopes must be candled twice on the candling tables. GAO noted that IRS's determination that current technologies are not exempt from the candling requirement, and the additional LPG guidelines added and verified by GAO during its fiscal year 2005 audit, meet the objective of this recommendation.

    Recommendation: IRS should specify in the Internal Revenue Manual (IRM) that staff members are not to review their own command code profiles.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS updated its procedures in September 2007 to prohibit employees from reviewing their own profile or any other report data pertaining to themselves. During GAO's audit of IRS's fiscal year 2007 financial statements, it found no instances of IRS staff members reviewing their own command codes.

    Recommendation: IRS should enforce the requirement that command code profiles be reviewed at least once annually.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: During GAO's audit of IRS's fiscal year 2007 financial statements, it verified that IRS issued a "Hot Topic" memorandum to its staff in January 2007 and again in March 2007, as a reminder to adhere to the existing process of enforcing the requirement that command code profiles be reviewed at least once annually. Additionally, during its visits to IRS sites as part of its fiscal year 2007 audit, GAO found that at both of the IRS service centers it visited, the command code profiles were reviewed at least once annually. IRS's enforcement of the annual review of command code profiles reduces the risk of errors or fraud and the improper disbursement of manual refunds.

    Recommendation: IRS should enforce requirements for documenting monitoring actions and supervisory review.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS's efforts to address this recommendation are ongoing. IRS reported that it is conducting sample reviews and addressing the causes of any documentation lapses, clarifying supervisor review guidance, and emphasizing training for managers and staff. However, GAO found that IRS's actions to date have not been fully effective in addressing the issue that gave rise to this recommendation. During GAO's audit of IRS's fiscal year 2013 financial statements, GAO continued to find instances where the documentation requirements for monitoring actions and for supervisory review were not followed. GAO will continue to evaluate the effectiveness of IRS's actions during its audit of IRS's fiscal year 2014 financial statements.

    Recommendation: IRS should enforce requirements for monitoring accounts and reviewing monitoring of accounts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS's efforts to address this recommendation are ongoing. IRS reported that it is conducting reviews of the refund monitoring process, and has updated its training and guidance in the IRM to address required refund monitoring. However, GAO found that IRS's actions to date have not been fully effective in addressing the issue that gave rise to this recommendation. During GAO's audit of IRS's fiscal year 2013 financial statements, GAO continued to find instances where the manual refund initiators did not follow the requirements for monitoring accounts to prevent duplicate refunds. GAO also found that some of the supervisors did not verify that manual refund initiators were following proper procedures for monitoring manual refunds. GAO will continue to evaluate the effectiveness of IRS's actions during its audit of IRS's fiscal year 2014 financial statements.

    Recommendation: IRS should enforce documentation requirements relating to authorizing officials charged with approving manual refunds.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that in September 2008, it created a standard authorization Form 14031 for all offices to use. In addition, IRS stated that it continued to issue its annual solicitation memorandum for authorized officials approving manual refunds. GAO verified that the Form 14031 was standardized and properly documented IRS officials charged with approving manual refunds. GAO also verified that the annual solicitation memorandum provided information to enforce documentation requirements.

    Recommendation: IRS should assess options to prevent the generation or disbursement of refunds associated with accounts with unresolved Automated Underreporter Program (AUR) discrepancies, including placement of a freeze or hold on all such accounts, until the AUR review has been completed.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS issued a "Hot Topic" memorandum to its staff on January 25, 2007, which added procedures to check for cases that can be identified as an AUR payment and research the taxpayer's account on the Integrated Data Retrieval System (IDRS) for CP 2000 Indicators. During GAO's audit of IRS's fiscal year 2007 financial statements, it confirmed that IRS updated its procedures to prevent the generation or disbursement of refunds associated with AUR accounts. GAO also verified that the procedures were in place requiring employees to conduct IDRS research after receiving an unidentified remittance to determine if there is an open account that allows for posting of the remittance.

    Recommendation: IRS should require evidence of managerial review of recording, transmittal, and receipt of acknowledgments of taxpayer receipts and information.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: GAO verified that IRS established procedures which require Small Business and Self-Employed to review the recording, transmittal, and receipt of acknowledgments of the document transmittal forms.

    Recommendation: IRS should establish a procedure for SB/SE field office units to track Document Transmittal forms and acknowledgements of receipt of Document Transmittal forms.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS stated that procedures have been established, updated, and incorporated into its Internal Revenue Manual (IRM), and hard copies were shipped to all applicable employees on September 15, 2006. GAO verified that IRS established procedures requiring its Small Business and Self-Employed employees to track document transmittal forms and to acknowledge receipt for these forms.

    Recommendation: IRS should enforce the requirement that a Document Transmittal form listing the enclosed Daily Report of Collection Activity forms be included in transmittal packages, using such methods as more frequent inspections or increased reliance on error reports compiled by the service center teller units receiving the information.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS's efforts to address this recommendation are ongoing. IRS reported that it is performing a review in three collection field areas to assess their use of the document transmittal Form 3210 to ensure compliance with the Internal Revenue Manual (IRM). By October 2014, IRS plans to use the results of this review to determine further actions that may be needed to close this recommendation.

    Recommendation: IRS should establish policies and procedures to require appropriate segregation of duties in Small Business/Self-Employed (SB/SE) units of field offices with respect to preparation of Payment Posting Vouchers, Document Transmittal forms, and transmittal packages.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS performed a process analysis of SB/SE remittance processing practices as outlined in the IRM in which it concluded that the current level of segregation of duties in the remittance process maintains an acceptable risk.

    Recommendation: IRS should establish guidelines and a testing requirement to ensure satisfactory lighting conditions for effective candling.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that the Internal Revenue Manual (IRM) 3.10.72.6.2 (2) (a) requires that all candling equipment on both initial and final candling tables shall be adjusted as necessary to maintain maximum envelope recognition. Maximum envelope recognition is determined by the measurement of foot candles through use of a light meter. Minimum reading on the light meter should be 174. The testing of the candling equipment should be completed twice annually for Individual Master File sites and quarterly for Business Master File sites. Testing will be completed prior to peak time-frames. Management or a designated employee will complete the candling equipment review log to verify lights are meeting minimum requirements. Light meters are available and testing has been completed at all submission processing centers to ensure requirements are met. Sorting table vendors have been contacted and are aware of this requirement and are adjusting all new tables that are purchased to ensure they are in compliance. During its fiscal year 2005 audit, GAO verified that IRS revised its IRM to include guidelines for testing lighting conditions for candling equipment.

    Recommendation: IRS should clarify the LPG to eliminate confusion about the number of candlings required for different extraction methods.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that it updated the 2005 Lockbox Processing Guidelines (LPG) 3.2.8, Candling, to require that envelopes opened (either manually or by OPEX) on three or more sides must be candled once on the candling tables. All other envelopes must be candled twice on the candling tables. GAO verified that IRS updated the LPG to clarify requirements concerning the number of candlings.

    Recommendation: IRS should conduct an assessment of the costs and benefits of relying on only one candling when using certain automated equipment.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS reported that Wage and Investment (W&I) determined that a cost benefit analysis was not necessary because it previously assessed the candling function on the automated equipment. To provide additional risk mediation, W&I revised the Lockbox Processing Guidelines (LPG) under section 3.2.8 (1) to require that envelopes opened (either manually or by OPEX equipment) on three or more sides must be candled once on the candling tables. W&I will monitor adherence during site reviews. IRS's determination that current technologies are not exempt from the candling requirement or the additional LPG guidelines added, verified during GAO's fiscal year 2005 audit, meets the objective of this recommendation.

    Jul 29, 2014

    Jul 22, 2014

    Jul 18, 2014

    Jul 7, 2014

    Jul 2, 2014

    Jun 13, 2014

    May 30, 2014

    May 20, 2014

    Apr 21, 2014

    Apr 17, 2014

    Looking for more? Browse all our products here