Management Report:

Improvements Are Needed to Enhance the Internal Revenue Service's Internal Controls and Operating Effectiveness

GAO-12-683R: Published: Jun 25, 2012. Publicly Released: Jun 25, 2012.

Additional Materials:

Contact:

Cheryl E. Clark
(202) 512-3000
clarkce@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During our audit of IRS’s fiscal year 2011 financial statements, we identified new internal control deficiencies in the following areas:

  • Monitoring Information Systems Material to Financial Reporting. IRS management had not performed sufficient monitoring of internal control over information systems material to financial reporting to determine whether such control was affected by any deficiencies in internal control that either individually or collectively constitute a material weakness that had not previously been reported, in accordance with Office of Management and Budget requirements. This was primarily because (1) IRS had not yet fully implemented key components of its information security program in fiscal year 2011; (2) IRS’s monitoring of its systems focused primarily on Federal Information Security Management Act and related National Institute of Standards and Technology requirements, which were not intended to provide assurance over the integrity of financial reporting; and (3) IRS has a previously identified material weakness in information security that still existed in fiscal year 2011 which rendered it unnecessary for IRS to support an assertion indicating that the related internal controls were effective.
  • Tax Revenue Comparison. IRS did not always evaluate or resolve unusual variances identified in its comparison of tax revenue recorded in its general ledger to detailed tax revenue transactions recorded in its master files. In addition, although there was managerial review of the comparison as required by IRS’s procedures, the reviewer did not question these variances. These conditions existed primarily because IRS’s procedures did not instruct the preparer or the reviewer to evaluate and resolve significant or unusual variances that could indicate processing or other errors that would render the revenue data unreliable.
  • Treasury Forfeiture Fund Reimbursable Revenue. IRS improperly recorded anticipated revenue from the Department of the Treasury Forfeiture Fund (TFF) rather than actual revenue earned, contrary to federal accounting standards. IRS is reimbursed from the TFF for its tax enforcement expenditures and consequently should record the reimbursements as reimbursable revenue. However, in fiscal year 2011, IRS improperly recorded reimbursable revenue and the related accounts receivable from the TFF for expenditures it had not yet incurred. According to IRS, this occurred because the unit responsible for tax enforcement erroneously included both actual and estimated future expenditures in the amount it reported to IRS accounting staff that record TFF revenue and the related accounts receivable, and the accounting staff were not aware that all of the expenditures had not been incurred at the time it recorded the revenue and receivable.
  • Physical Security Reviews. IRS’s service center campus (SCC) and field office physical security personnel did not always properly or timely (1) complete the audit management checklists used to assess the physical security controls in place at these sites and (2) document supervisory reviews of completed checklists. This occurred primarily because IRS lacked procedures requiring centralized monitoring to detect whether analysts were properly completing such checklists and whether managers were timely and properly documenting their reviews of the completed checklists.
  • Integrated Data Retrieval System Access. Two clerks in the campus support unit at one SCC improperly had the ability to make adjustments to a taxpayer’s account through the Integrated Data Retrieval System while also maintaining physical possession of hard-copy receipts in the course of their payment processing duties. Consequently, they had the potential to misappropriate a payment and alter the taxpayer’s account to conceal the theft. This occurred because IRS procedures did not specifically prohibit access to such system commands for certain campus support employees who were responsible for processing payments, and thus, IRS procedures did not require monitoring these particular employees’ system accesses.
  • Monthly Rent Bill Allocation. The rent processing administrator was responsible for performing all of the key steps involved in allocating costs from the rent bill without any supervisory review and could edit lease data entered by another staff member without any independent review. This occurred because IRS did not have policies or procedures that required a supervisory review or proper segregation of duties over the rent allocation process.
  • Graphic Database Interface System Quarterly Reviews. IRS field managers did not always sufficiently document or accurately summarize the results of their quarterly reviews of employee locations recorded in IRS’s Graphic Database Interface system (GDI). This occurred because IRS did not have sufficiently detailed written procedures for documenting the GDI quarterly reviews nor require supervisory review of the reported results.
  • Leasehold Improvement Disposal Estimate. IRS incorrectly calculated its leasehold improvement disposal estimate, which resulted in understatements to leasehold improvement expenses and accumulated depreciation. In addition, supervisors responsible for reviewing the disposal calculations did not identify these errors. These conditions existed because IRS did not have procedures to assess the completeness and accuracy of the data extracted from GDI used in the calculation and supervisors had competing work demands which hindered them from identifying these errors.
  • Verification of End-user Receipt of Goods and Services. IRS staff did not always confirm, or obtain documentation of confirmation, with the end user of the satisfactory receipt of a purchased product or service before entering receipt and acceptance of the good/service into the procurement system. This occurred because IRS staff were not always aware of the requirement to obtain and document end-user receipt confirmation and IRS did not perform any monitoring for compliance.
  • Patient Protection and Affordable Care Act Expenses. IRS did not always identify expenses related to the implementation of the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act (collectively referred to as PPACA) and timely determine whether to charge individual PPACA-identified expenses to the PPACA appropriation established within the Department of Health and Human Services or to one of IRS’s own appropriations. This occurred because employees did not always charge time spent on PPACA to the proper codes, supervisors did not ensure their employees’ time was appropriately coded, and IRS lacked an adequate process to timely review all PPACA-coded expenses to determine which appropriation to charge before fiscal year-end.
  • Time Card Approvals. Employee time cards were not always approved by a manager before being transmitted to the National Finance Center for processing and payment. This occurred because managers did not follow IRS’s procedures to electronically sign employees’ time cards, IRS did not have procedures requiring payroll staff to centrally review time cards to ensure all time cards were signed before submitting them for payment, and IRS’s payroll system did not have an edit check to prevent unsigned electronic time cards from being submitted for payment.
  • Employee Within-Grade Pay Increases. IRS did not always (1) make timely decisions on granting or denying within-grade increases (WGIs) in pay to employees with below fully successful ratings as required by IRS policies and procedures, and (2) timely grant WGIs to such employees if warranted. This occurred primarily because IRS did not have a central monitoring process in place to ensure that managers made and timely carried out all WGI-required actions for employees with below fully successful performance ratings and that such employees subsequently entitled to receive a WGI, were granted it.
  • Recycled Payroll Errors. IRS did not timely research and resolve recycled errors– payroll transactions with data errors that prevented them from automatically posting to IRS’s general ledger— resulting in recycled errors that had accumulated for over 7 years without being resolved. These errors accumulated because IRS did not have procedures requiring timely research and correction of such errors.

These deficiencies increase the risk that IRS may not prevent or promptly detect andcorrect (1) weaknesses in its internal control over its information systems material to financial reporting; (2) errors in dollar amounts recorded in the master files and general ledgers; (3) physical security deficiencies at its SCCs and field offices; (4) loss, theft, or misappropriation of hard-copy taxpayer receipts; (5) errors in the allocation of space-related expenses; (6) premature payments to vendors before goods or services were received and receipt confirmed; (7) misidentified PPACA expenses; (8) payroll errors; and (9) improper or delayed within-grade pay increases. In addition, the control deficiencies identified resulted in overstatements to Treasury Forfeiture Fund reimbursable revenue and accounts receivable, and understatements to leasehold improvement disposal expenses, accumulated depreciation, payroll expenses, and payroll liabilities.

Why GAO Did This Study

In November 2011, we issued our report on the results of our audit of the financial statements of the Internal Revenue Service (IRS) as of, and for the fiscal years ending, September 30, 2011, and 2010, and on the effectiveness of its internal control over financial reporting as of September 30, 2011. We also reported our conclusions on IRS’s compliance with selected provisions of laws and regulations and on whether IRS’s financial management systems substantially comply with the requirements of the Federal Financial Management Improvement Act of 1996. In March 2012, we issued a report on information security issues identified during our fiscal year 2011 audit, along with associated recommendations for corrective actions.

The purpose of this report is to present internal control deficiencies identified during our audit of IRS’s fiscal year 2011 financial statements for which we do not already have any recommendations outstanding. Although most of these deficiencies were not discussed in our report on the results of our fiscal year 2011 financial statement audit because they were not considered material weaknesses or significant deficiencies, they nonetheless warrant IRS management’s attention.

What GAO Recommends

This report provides 30 recommendations to address the internal control deficiencies we identified. We will issue a separate report on the status of IRS’s implementation of the recommendations from our prior IRS financial audits and related financial management reports, as well as this one.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement an edit control in IRS's time card system to identify and prevent the processing of time cards that have not been electronically signed.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: Per IRS, it developed and implemented a new Single Entry Time Reporting (SETR) system functionality that requires electronic signatures for all timecards. IRS officials stated that this edit check, implemented in August 2012, now prevents SETR from transmitting unsigned time and attendance records to the National Finance Center. Managers are now required to review and electronically sign time and attendance records for all employees in SETR by the close of the pay period. We will confirm in SETR whether the edit check effectively prevented the transmission of unsigned time and attendance records to the National Finance Center during our fiscal year 2013 audit.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to design and implement procedures specifying the review steps required to identify and research all transactions identified with a PPACA internal order number in the agency’s expense files to confirm that they are PPACA-related expenses and, if so, to ensure that they are charged to the PPACA appropriation where appropriate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish a mechanism for monitoring compliance with the existing requirement for employees and timekeepers to charge labor time spent on PPACA projects to the PPACA accounting code, such as through issuing periodic alerts, providing training and guidance, and/or having managers perform periodic reviews of employee labor time charges.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS established procedures for Corporate Budget to periodically monitor Patient Protection and Affordable Care Act (PPACA) related expenses. IRS's FY 2012 Year-End Responsibilities and Cutoff Dates instructions state that Corporate Budget will be monitoring PPACA charges and coordinating with business units to ensure that PPACA charges posted to direct accounts are moved to PPACA accounts prior to the fiscal year-end deadline. IRS also issued PPACA time charging guidance that outlines instructions for employees to record labor time worked on PPACA activities to the PPACA accounting code. We did not find any issues related to PPACA postings during our fiscal year 2012 audit.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish a mechanism to periodically monitor CO/COTR compliance with the requirement to obtain and document end user confirmation of receipt prior to entering receipt and acceptance to the procurement system.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS implemented a new process that requires staff from the Chief Financial Officer's office to perform an annual review of receipt and acceptance transactions to verify that contracting officer's representatives obtained and retained sufficient documentation of end user confirmation prior to inputting receipt and acceptance into the procurement system. During our fiscal year 2012 audit, we reviewed documentation from IRS's review and did not note any discrepancies.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to provide training to contracting officer’s technical representative (COs/COTRs) on their specific procedural requirements for obtaining and maintaining end user documentation of receipt and acceptance of the good or service prior to entering acknowledgement of receipt and acceptance in the procurement system.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement the revised January 2012 procedures requiring preparation and review of leasehold improvement disposal calculations quarterly.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS implemented the revised January 2012 procedures requiring quarterly preparation and review of leasehold improvement calculations. During our fiscal year 2012 audit, we verified that the quarterly disposal calculations and the supporting documentation provided were reviewed.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement the revised January 2012 procedures requiring comparison of the leases used in the prior year with the current year leases to help ensure that expired leases have not been extended and thus, are only counted once in the disposal estimates.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish procedures to require the Office of Financial Reporting (OFR) to ensure that extracted GDI data used to calculate the leasehold improvement disposal estimate is complete and accurate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS revised the Instructions for Calculating Leasehold Improvement Disposals to include procedures requiring the Office of Financial Reporting to ensure that extracted Graphic Database Interface system data used to calculate the disposal estimate is complete and accurate.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish mechanisms to monitor the implementation of and compliance with the revised policy established in October 2011 that requires field CAFM program managers to maintain GDI Quarterly Review documentation, including GDI validation walkthrough sheets and GDI Quarterly Review certifications.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to revise existing written procedures to require supervisory review of the Computer-Aided Facilities Management (CAFM) Quarterly Review Certifications and Statistics against the GDI validation walkthrough sheets.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS's revised procedures require supervisory review of the Quarterly Review Certifications against the Graphic Database Interface system validation walkthrough sheets.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish a policy requiring an independent review of changes made by the rent processing administrator to non-GSA lease data in GDI.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS updated its policy to require a review of non-General Services Administration (GSA) lease data in Graphic Database Interface system to ensure that there are no unexpected changes. We did not identify any exceptions related to non-GSA lease data during our fiscal year 2012 testing.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement the September 2011 revised policy that requires an independent review of the rent check summary report to help ensure that the monthly rent allocation process is properly completed.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS implemented new procedures requiring an independent review of the rent check summary report. We did not note any discrepancies in IRS's monthly rent allocation process during our fiscal year 2012 testing.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update the Internal Revenue Manual (IRM) to specify steps to be followed to prevent campus support clerks as well as any other employees who process payments through the electronic check presentment system from making adjustments to taxpayer accounts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS updated the Internal Revenue Manual to require managers to use the Automated Command Code Access Control System to ensure that all employees who process payments through the electronic check presentment system have the appropriate command code restriction in their Integrated Data Retrieval System (IDRS) profile. However, during our fiscal year 2012 audit, we found several instances where IRS employees who had the capability to process paper checks electronically through the electronic check presentment system (Remittance Strategy for Paper Check Conversion) had access to sensitive IDRS command codes. IRS reported that it is analyzing the effect of the lack of segregation of duties in instances where staffing levels may not permit proper segregation of duties. By December 2014, IRS plans to identify appropriate actions to mitigate risks in the taxpayer assistance centers that exceed acceptable levels based on this analysis.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish procedures requiring Physical Security and Emergency Preparedness (PSEP) headquarters to centrally monitor compliance with the audit management checklist process to ensure that (1) PSEP analysts timely complete their physical security reviews using the proper audit management checklists and (2) territory managers timely review and properly document their reviews of completed audit management checklists.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS reported that in October 2012, it updated the Audit Management Checklist Standard Operating Procedures to require the Audit Management Program Office to perform reviews on a quarterly basis. The reviews will ensure that (1) territory offices complete the audit management checklist at campuses on a quarterly basis and at posts-of-duty on an annual basis using the most current checklist and (2) territory managers document their review and approval of completed checklists within 30 days of the physical security specialist's signature date. We will assess these actions during our fiscal year 2013 audit.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish requirements specifying a required time frame for territory managers to perform the required review and approval of completed audit management checklists.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS updated the Audit Management Checklist Standard Operating Procedures to include the requirement that territory managers review and approve completed checklists within 30 days of the physical security specialist's signature date.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish and document procedures for ensuring that recorded reimbursable revenue, transfers in without reimbursement, and accounts receivable from the TFF conform to federal accounting standards.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS developed, implemented and documented a direct charge reimbursable process for the Treasury Forfeiture Fund (TFF) mandatory reimbursable program. During our fiscal year 2012 audit tests, we confirmed that IRS no longer recorded anticipated revenue for the TFF Mandatory program, but instead recorded actual revenue after the end of each month. However, it did not record or accrue revenue for the last month of the fiscal year, understating fiscal year 2012 revenues. The Chief Financial Officer organization is currently working with the Department of the Treasury to implement a new U.S. Standard General Ledger posting model in fiscal year 2013 for the two TFF discretionary programs (Super Surplus and Secretary's Enforcement).

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update IRS’s procedures for comparing tax revenue recorded in the general ledger to detailed tax revenue transactions recorded in the master files to require that management reviews ensure preparers evaluate and resolve unusual or significant variances.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to revise the payroll standard operating procedures to specify steps that the human resource specialists are required to follow to ensure that each electronic time card is signed by an authorized official before the time card istransmitted to NFC for processing and payment.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS updated its DG-046 Desk Guide with specific steps for human resource specialists to centrally monitor and resolve the Non-Validated Report, which identifies organizations with unsigned timecards, at the close of each pay cycle. Human resource specialists are responsible for following up with managers to ensure that all electronic time cards are signed by an authorized official before transmission to the National Finance Center.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to revise the payroll standard operating procedures to require that the designated proxy for a manager required to approve time cards be at an equivalent or higher level as the manager, consistent with the IRM.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS has stated that it does not agree with this recommendation and does not plan to take further action. IRS stated that the execution of a proxy makes the approver equivalent to the initiator and therefore does not require that the designated proxy be at an equivalent or higher level than the employee's manager. As a result, a lower-level employee, who may have not had proper training, can be delegated as an acting supervisor for purposes of approving time cards. However, as discussed in our report (see GAO-12-683R), we believe that IRS's current procedures of delegating do not establish adequate internal control over the payroll approval process; are inconsistent with its own policies and delegation orders; and put IRS at increased risk of improperly paying employees, not meeting pay-related legal and regulatory requirements, and improperly accounting for payroll expenses.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to incorporate in the planned 2012 policy change requiring the manager or designated proxy to sign the electronic time card before transmitting payroll records to NFC the requirement that the designated proxy be at an equivalent or higher level than the employee's manager.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS has stated that it does not agree with this recommendation and does not plan to take further action. IRS stated that the execution of a proxy makes the approver equivalent to the initiator and therefore does not require that the designated proxy be at an equivalent or higher level than the employee's manager. As a result, a lower-level employee, who may have not had proper training, can be delegated as an acting supervisor for purposes of approving time cards. However, as discussed in our report (see GAO-12-683R), we believe that IRS's current procedures of delegating do not establish adequate internal control over the payroll approval process; are inconsistent with its own policies and delegation orders; and put IRS at increased risk of improperly paying employees, not meeting pay-related legal and regulatory requirements, and improperly accounting for payroll expenses.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to design and implement procedures specifying the review steps required to identify and research all transactions identified with a PPACA internal order number in the agency's expense files to confirm that they are PPACA-related expenses and, if so, to ensure that they are charged to the PPACA appropriation where appropriate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS established procedures designed to identify and research Patient Protection and Affordable Care Act (PPACA) transactions in the agency's expense files and to transfer expenses as appropriate to the PPACA appropriation. During our fiscal year 2012 detail testing of both payroll and nonpayroll expenses, we did not identify any exceptions related to IRS charging PPACA expenses to an inappropriate appropriation.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to provide training to contracting officer's technical representative (COs/COTRs) on their specific procedural requirements for obtaining and maintaining end user documentation of receipt and acceptance of the good or service prior to entering acknowledgement of receipt and acceptance in the procurement system.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS conducted receipt and acceptance training workshops in April 2012 for contracting officer's representatives. IRS's receipt and acceptance reference guides describe the required steps that users and managers must take to obtain and maintain end user documentation of receipt and acceptance. We did not identify any exceptions related to the lack of documentation of end user confirmation of goods/services during our fiscal year 2012 testing.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement the revised January 2012 procedures requiring comparison of the leases used in the prior year with the current year leases to help ensure that expired leases have not been extended and thus, are only counted once in the disposal estimates.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS implemented the revised January 2012 procedures requiring comparison of prior year leases with current year leases. During our fiscal year 2012 audit we validated that expired leases were not extended and were only counted once in the disposal estimate.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish mechanisms to monitor the implementation of and compliance with the revised policy established in October 2011 that defines the type of errors that should be captured on the CAFM Quarterly Review Certifications to help ensure that field CAFM program managers consistently compile the errors found in their quarterly reviews for compilation in the overall CAFM Quarterly Review Statistics.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: As part of IRS's annual Graphic Database Interface system program review process, Real Estate and Facilities Management now conducts a formal review of error counts on the Quarterly Review Certifications to ensure that program managers consistently compile errors across various territories. Additionally, we did not identify any instances of Computer-Aided Facilities Management program managers inconsistently compiling errors found in their fiscal year 2012 quarterly reviews.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish mechanisms to monitor the implementation of and compliance with the revised policy established in October 2011 that requires field CAFM program managers to maintain GDI Quarterly Review documentation, including GDI validation walkthrough sheets and GDI Quarterly Review certifications.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS's revised procedures require the Graphic Database Interface system (GDI) program analyst, the National Computer-Aided Facilities Management (CAFM) program manager, or both, to compile each territory's submission of Quarterly Review documentation and to provide advice, consultation, and advocacy for the implementation of the revised policy requiring field CAFM program managers to maintain the Quarterly Review documentation. We did not identify any instances of missing or incomplete documentation during our fiscal year 2012 second quarter review of IRS's GDI Quarterly Review.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update IRS's procedures for comparing tax revenue recorded in the general ledger to detailed tax revenue transactions recorded in the master files to require that management reviews ensure preparers evaluate and resolve unusual or significant variances.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS stated that in October 2012 it updated its revenue reconciliation desktop procedures to require a review and signoff by the manager or a management official to ensure that preparers evaluate and resolve significant or unusual variances. We will evaluate these actions during our fiscal year 2013 audit.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update IRS's procedures for comparing tax revenue recorded in the general ledger to detailed tax revenue transactions recorded in the master files to (1) establish minimum criteria defining a significant or unusual variance and (2) specify the steps required to effectively evaluate and resolve these variances.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS stated that in October 2012 it updated its revenue reconciliation desktop procedures for comparing tax revenue recorded in the general ledger to detailed tax revenue transactions recorded in the master files. The revised procedures established the minimum criteria for defining significant or unusual variances related to revenue and specify the steps required to effectively evaluate and resolve these variances. We will evaluate these actions during our fiscal year 2013 audit.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to, for any system identified as material to IRS's financial reporting process which is controlled by an external service provider, establish policies and procedures requiring and defining a routine, documented process for coordinating with the service provider to appropriately monitor related internal control. This may entail establishing an agreement with each service provider to allow IRS personnel the access to either (1) the system concerned, as necessary to perform appropriate monitoring of internal control over financial reporting; or (2) periodic reports prepared in accordance with SSAE No. 16 documenting the results of monitoring performed by the service provider.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS agreed with our recommendations and stated that it would take the following action by December 2013: For all externally controlled financial systems that are identified as material to the financial statements, establish procedures for coordinating an internal control review with service providers and develop policies and procedures to document and routinely report on reviews of external providers' adherence to IRS's internal control objectives. IRS's proposed actions, if successfully carried out, should address the intent of our recommendations. We will evaluate IRS's progress and the effectiveness of its actions during future audits.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish and document an inventory of the specific systems involved in IRS's financial reporting process, including (1) describing what role each system plays in the financial reporting process, (2) concluding whether each system is considered to be material to financial reporting and why, and (3) denoting whether each system is controlled by IRS or by an external service provider and, if the latter, identifying the service provider.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS agreed with our recommendations and stated that it would take the following actions by December 2013: modify its listing of systems involved in the financial reporting process to include (1) a description of the role each system plays, (2) whether the system is considered material to the financial statements, and (3) whether the system is controlled by IRS or by an external service provider and, if the latter, identify the service provider. We will evaluate IRS's progress and the effectiveness of its actions during future audits.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish and document procedures for payroll staff to research and correct recycled errors from payroll processing on a regular and timely basis.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS has established the Error Correction Process requiring payroll analysts to research and make adjustments to correct recycled errors found during payroll processing every 2 weeks. Additionally, in the fourth quarter of fiscal year 2012, we found that the recycled error balance significantly decreased from the fiscal year 2011 balance.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish procedures for HR specialists to track and monitor supervisory actions taken for employees with less than fully successful ratings that have a within-grade pay increase due date within 90 days to include specific required steps for timely granting a within-grade pay increase to such employees who were not given a 60-day notification letter.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS developed a matrix outlining steps for human resource specialists to take to remind managers to properly issue a 60-day notification letter to each employee with a less than fully successful rating who is due a within-grade increase. However, the matrix does not specify what actions need to be taken by human resource specialists to ensure that within-grade pay increases are timely granted to such employees who were not given a 60-day notification letter.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish procedures for HR specialists to track and monitor supervisory actions taken for employees with less than fully successful ratings that have a within-grade pay increase due date within 90 days to include specific required steps for following-up with managers to ensure the managers properly issue the employees a 60-day notification letter providing them an opportunity to improve their performance, make a timely determination on releasing or denying a within-grade pay increase, and properly carry out the requirements necessary to support the decision made.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS developed a matrix outlining steps for human resource specialists to take to remind the managers to properly issue a 60-day notification letter to each employee with a less than fully successful rating who is due a within-grade increase. The matrix also included the steps required for human resource specialists and Labor Relations to properly carry out the requirements necessary after a decision to deny or release the within-grade increase has been made. IRS stated that it also made revisions to Standard Operating Procedure 293-07, Rev. 3, to clarify and define steps for human resource specialists to assist managers in completing the process timely. However, neither the revised Standard Operating Procedure nor the matrix specifies what actions need to be taken by human resource specialists or Labor Relations if the managers do not respond to the reminders or do not make timely decisions on within-grade pay increases.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to remind managers of their responsibilities, procedures, and required timeframes for either granting or denying a within-grade pay increase for employees with below fully successful ratings, such as by providing alerts in HR Connect when a manager enters a less than fully successful rating or providing training to remind them of their responsibilities.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS issued procedures to remind managers of their responsibilities and required timeframes for granting or denying within-grade pay increases for employees with below fully successful ratings, and issued a Leaders' Alert to remind managers of their responsibilities and where to locate appropriate procedures.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to implement an edit control in IRS’s time card system to identify and prevent the processing of time cards that have not been electronically signed.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to incorporate in the planned 2012 policy change requiring the manager or designated proxy to sign the electronic time card before transmitting payroll records to NFC the requirement that the designated proxy be at an equivalent or higher level than the employee’s manager.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update IRS’s procedures for comparing tax revenue recorded in the general ledger to detailed tax revenue transactions recorded in the master files to (1) establish minimum criteria defining a significant or unusual variance and (2) specify the steps required to effectively evaluate and resolve these variances.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish policies and procedures with respect to any external financial reporting system IRS personnel themselves do not directly monitor that specify required steps to routinely review periodic reports prepared by service providers’ auditors in accordance with SSAE No. 16, including steps to document (1) an assessment of whether a review’s scope, methodology, and timing is appropriate to satisfy IRS’s objectives; (2) any control deficiencies disclosed in the report, and an assessment of their materiality to IRS’s financial reporting process and related risks; and (3) any compensating internal controls needed to mitigate any actual or potential effects of identified deficiencies upon IRS’s internal and external financial reports resulting from any (a) material weakness, or (b) significant shortcoming in the scope, methodology, or timing of any SSAE No. 16 report reviewed relative to IRS’s internal control objectives.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish policies and procedures with respect to any external financial reporting system IRS personnel themselves do not directly monitor that specify required steps to routinely review periodic reports prepared by service providers' auditors in accordance with SSAE No. 16, including steps to document (1) an assessment of whether a review's scope, methodology, and timing is appropriate to satisfy IRS's objectives; (2) any control deficiencies disclosed in the report, and an assessment of their materiality to IRS's financial reporting process and related risks; and (3) any compensating internal controls needed to mitigate any actual or potential effects of identified deficiencies upon IRS's internal and external financial reports resulting from any (a) material weakness, or (b) significant shortcoming in the scope, methodology, or timing of any SSAE No. 16 report reviewed relative to IRS's internal control objectives.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS agreed with our recommendations and stated that it would take the following actions by December 2013. IRS stated that it would modify its listing of systems involved in the financial reporting process to include (1) a description of the role each system plays, (2) whether the system is considered material to the financial statements, and (3) whether the system is controlled by IRS or by an external service provider and, if the latter, identify the service provider. For all systems identified as material to IRS's financial reporting process, IRS stated that it would enhance existing policies and procedures to appropriately monitor internal controls over the automated systems operated by IRS personnel to include performing periodic and routine examinations of the financial systems that authorize, process, transmit, or report material financial transactions; such reviews will use multidisciplinary teams consisting of automated systems specialists and accounting and reporting experts. IRS will develop policies and procedures using the financial systems monitoring process to determine whether the internal controls over these automated systems are in place and operating effectively. In addition, for all externally controlled financial systems that are identified as material to the financial statements, IRS stated that it would establish procedures for coordinating an internal control review with service providers and develop policies and procedures to document and routinely report on reviews of external providers' adherence to IRS's internal control objectives. IRS's proposed actions, if successfully carried out, should address the intent of our recommendations. We will evaluate IRS' progress and the effectiveness of its actions during future audits.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish mechanisms to monitor the implementation of and compliance with the revised policy established in October 2011 that defines the type of errors that should be captured on the CAFM Quarterly Review Certifications to help ensure that field CAFM program managers consistently compile the errors found in their quarterly reviews for compilation in the overall CAFM Quarterly Review Statistics.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to, for any system identified as material to IRS’s financial reporting process which is controlled by an external service provider, establish policies and procedures requiring and defining a routine, documented process for coordinating with the service provider to appropriately monitor related internal control. This may entail establishing an agreement with each service provider to allow IRS personnel the access to either (1) the system concerned, as necessary to perform appropriate monitoring of internal control over financial reporting; or (2) periodic reports prepared in accordance with SSAE No. 16 documenting the results of monitoring performed by the service provider.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to enhance existing policies and procedures pertaining to monitoring internal control over the automated systems operated by IRS personnel to specifically provide for routine, documented monitoring of the specific internal controls within its financial reporting systems that are intended to ensure the integrity of the data reported in the financial statements and other financial reports. This monitoring process should (1) involve both automated systems specialists and individuals with expertise in accounting and reporting, as appropriate, (2) encompass the specific automated internal controls that affect the authorizing, processing, transmitting, or reporting of material financial transactions, and (3) be designed to determine whether these internal controls are in place and operating effectively.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS agreed with our recommendations and indicated that it would take the following actions by December 2013: for all systems identified as material to IRS's financial reporting process and operated by external service providers, enhance existing policies and procedures to appropriately monitor internal controls over the automated systems to include performing periodic and routine examinations of the financial systems that authorize, process, transmit, or report material financial transactions; such reviews will use multidisciplinary teams consisting of automated systems specialists and accounting and reporting experts. IRS also indicated that it will develop policies and procedures using the financial systems monitoring process to determine whether the internal controls over these automated systems are in place and operating effectively. We will evaluate IRS's progress and the effectiveness of its actions during future audits.

    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to establish and document an inventory of the specific systems involved in IRS’s financial reporting process, including (1) describing what role each system plays in the financial reporting process, (2) concluding whether each system is considered to be material to financial reporting and why, and (3) denoting whether each system is controlled by IRS or by an external service provider and, if the latter, identifying the service provider.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Apr 21, 2014

    Apr 17, 2014

    Apr 8, 2014

    Feb 19, 2014

    Dec 18, 2013

    Nov 6, 2013

    Sep 23, 2013

    Jul 1, 2013

    Jun 17, 2013

    Looking for more? Browse all our products here