Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Agreed-upon procedures"

    1 publication with a total of 3 open recommendations
    Director: Clark, Cheryl E
    Phone: (202)512-9377

    3 open recommendations
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to perform a risk assessment to determine the appropriate level of Integrated Data Retrieval System (IDRS) access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, a risk assessment was performed to determine the appropriate level of IDRS access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities. However, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to, based on the results of the risk assessment, update the Internal Revenue Manual (IRM) accordingly to specify the appropriate level of IDRS access that should be allowed for (1) remittance perfection technicians and (2) all other employee groups with IDRS access that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to restrict the use of certain IDRS command codes for remittance perfection technicians. In addition, in May 2016, IRS reassessed the risks at its TACs, including the specific risks and mitigating factors associated with allowing TAC employees to process taxpayer remittances and to adjust taxpayer accounts. However, IRS did not update the IRM to reflect the conclusions from the risk assessment related to TAC employees. Further, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to establish procedures to implement the updated IRM, including required steps to follow to prevent (1) remittance perfection technicians and (2) all other employee groups that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities from gaining access to command codes not required as part of their designated job duties.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to include procedures to restrict the use of certain IDRS command codes for remittance perfection technicians. However, the IRM has not been updated based on the results of the risk assessment related to TAC employees and, if applicable, other employees who have access to sensitive command codes and handle hard-copy taxpayer receipts and related sensitive information as part of their job duties. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.