Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Financial audits"

    8 publications with a total of 38 open recommendations
    Director: Clark, Cheryl E
    Phone: (202)512-9377

    10 open recommendations
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to develop and implement a process to reasonably assure that IRS operating divisions and the information technology (IT) organization effectively coordinate with the Chief Financial Officer (CFO) organization when making programming changes to information systems affecting financial reporting.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by December 2017, the Information Technology (IT) organization, in collaboration with the Chief Financial Officer (CFO) organization, will develop and implement a process to reasonably assure that IRS operating divisions and the IT organization effectively coordinate with the CFO organization when making programming changes to information systems affecting financial reporting. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to research and determine the reason the IT organization did not follow IRS policy to thoroughly test programming changes related to the automation of specific penalty abatement procedures to reasonably assure that they worked as intended before implementation. Based on this determination, the IRS Commissioner should direct the appropriate IRS officials to establish a process to better ensure compliance with existing policies for testing programming changes, including the use and review of the Applications Development transmittal checklist when developing program changes and retention of test results.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by June 2018, the IT organization will research IRS policies and practices for testing programming changes to determine what modifications may be needed to reasonably assure programming changes work as intended before implementation. Based on this research, the IT organization will update the affected policies and implement any related process changes, as needed. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to strengthen the process for reasonably assuring that the Internal Revenue Manual (IRM) is reviewed annually to align with the current control procedures and guidance being implemented by agency personnel. This should include a mechanism for reasonably assuring that program owner directors (1) review their respective program control activities and related guidance annually and timely update the IRM as needed, (2) document their reviews, and (3) utilize interim guidance and supplemental guidance correctly for their intended purposes.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by March 2018, the Research, Applied Analytics and Statistics organization will strengthen the process to reasonably assure that all IRMs are reviewed annually to align with the current control procedures and guidance being implemented by IRS personnel. This will include a mechanism to reasonably assure that program owner directors (1) review their respective program control activities and related guidance annually, and update the IRM timely, if needed; (2) document their reviews; and (3) use interim guidance and supplemental guidance correctly for their intended purposes. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to ensure that the respective Agency-Wide Shared Services IRM and supplemental guidance related to the frequency of performing (1) emergency/alarm contact-list validation, (2) duress alarm inventory validation, and (3) federal security risk assessments are consistent.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, the Agency-Wide Shared Services (AWSS) organization updated SOP-17-0002, Alarm Notification, Testing and Maintenance, to synchronize the frequency of performing (1) emergency/alarm contact-list validation; (2) duress alarm inventory validation; and (3) federal security risk assessments, with revised IRM 10.2.14.9, Methods of Providing Protection, Detection Equipment, and IRM 10.2.11.2.5 (3), Facility Security Risk Management. We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to update the respective (1) Privacy, Governmental Liaison and Disclosure and (2) CFO IRM sections related to the definition of the tax gap to align with the current understanding followed by IRS personnel.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that in April 2017, the CFO organization updated IRM 1.34.1.2 (124) Revenue Accounting, Definitions and Acronyms, to align the tax gap definition with the current understanding followed by IRS personnel. Further, by February 2018, the Privacy, Governmental Liaison and Disclosure organization will remove the tax gap definition from IRM 11.4.1.3.1.2, Tax Gap Initiatives. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise the applicable IRM sections pertaining to manual refunds to require employees to verify the validity of the digital signatures on the manual refund request forms and the manual refund signature authorization forms.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by March 2018, the Wage and Investment (W&I) organization will revise the applicable IRM manual refund sections to require that employees validate the digital signatures on the manual refund request forms and the manual refund signature authorization forms. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise system access rights in Human Resources (HR) Connect to prevent HR assistants within the Employment Operations office from approving and releasing pay-related personnel actions to the National Finance Center (NFC).

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, the Human Capital Office (HCO) revised system access rights in HR Connect to prevent the Employment Operations Office HR assistants from approving and releasing pay-related personnel actions to the National Finance Center (NFC). We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise the HR Connect HR User Profiles Desk Guide to clearly indicate that HR assistants within the Employment Operations office should not be granted access to approve and release pay-related personnel actions to NFC.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, HCO revised the HR Connect HR User Profiles Desk Guide to clearly indicate that the Employment Operations Office HR assistants should not be granted access to approve and release pay-related personnel actions to NFC. We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement procedures to periodically review the process for determining the intragovernmental costs and costs with the public for each major program reported in the notes to the financial statements to provide reasonable assurance that these amounts are reliable and fairly presented.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by February 2018, the CFO organization will establish and implement procedures to review periodically the process for determining intragovernmental and public costs for each major program reported in the notes to the financial statements, providing reasonable assurance that these amounts are reliable and presented fairly. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to provide clear guidelines as to what events constitute removal from IRS premises and the disposal date that should be recorded in its inventory system, either through an update of the IRM or other property and equipment-related desk guides.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by December 2017, the AWSS organization will provide clear guidelines on events that constitute removal of trackable property and equipment assets from IRS premises, and the disposal date that should be recorded in its inventory system, either by updating the IRM or the property and equipment-related desk guides. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Director: Malenich, J Lawrence
    Phone: (202) 512-3406

    5 open recommendations
    Recommendation: To provide reasonable assurance that the property, equipment, and software transactions are properly tracked and capitalized or expensed as appropriate, the Director of CFPB should direct the program offices to require vendors to provide detailed invoices with costs broken out by project.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: During our fiscal year 2016 audit, we continued to find control deficiencies over CFPB's accounting for its property, equipment, and software. CFPB was still in the process of working with its Office of Procurement and program offices to require more detailed invoices with costs broken out by project. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Recommendation: To provide reasonable assurance that the property, equipment, and software transactions are properly tracked and capitalized or expensed as appropriate, the Director of CFPB should direct the Chief Financial Officer to update OCFO's financial records to include costs by project.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: Although CFPB took actions to attempt to address this recommendation, as of September 30, 2016, there were still some unidentified costs in the OCFO's financial records. In addition, our fiscal year 2016 audit continued to identify deficiencies over the recording of property, equipment, and software costs. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Recommendation: The Director of CFPB should direct the Office of Technology and Innovation's Chief Information Officer to develop and document training materials that are consistent with CFPB's policies and procedures and provide training to employees, on a recurring basis, on how to conduct inventory of electronic equipment and how to update and maintain accurate inventory records.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: During our fiscal year 2016 audit, we continued to find incomplete and inaccurate information in CFPB's inventory records. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Recommendation: The Director of CFPB should direct the Chief Financial Officer and Chief Information Officer to develop and implement procedures that require coordination between the OCFO and the Office of Technology and Innovation to provide reasonable assurance that the records maintained by both divisions are accurate, consistent, complete, and comparable for inventory and accounting purposes.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: During our fiscal year 2016 audit, we continued to find incomplete and inaccurate information in CFPB's inventory records. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Recommendation: The Director of CFPB should direct the Chief Financial Officer to design and implement effective procedures over the preparation of CFPB financial statements and note disclosures, including procedures such as completing the FAM 2010 and 2020 checklists at fiscal year-end, to provide reasonable assurance that the financial statements as of fiscal year-end are prepared in accordance with GAAP and note disclosures are adequate.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: During our fiscal year 2016 audit, we continued to find errors and inconsistent disclosures in CFPB's financial statements, some of which resulted in post-closing adjusting entries. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Director: Clark, Cheryl E
    Phone: (202) 512-9377

    12 open recommendations
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish a process to prevent Employment Operations staff from allowing potential employees to enter on duty without favorable determinations of suitability by Personnel Security adjudicators.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In December 2015, the HCO developed a process and revised procedures in an attempt to improve the monitoring of Employment Operations office decisions to reasonably assure that new employees do not enter on duty before prescreening adjudications are completed and approved by Personnel Security adjudicators. However, during our fiscal year 2016 audit, we identified IRS employees who entered on duty without completed or approved suitability adjudication determinations. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish a policy and procedures requiring IRS officials to review and address situations in which it is later discovered that an employee deemed unsuitable for employment during the prescreening process was erroneously allowed to enter on duty.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: While IRS responded that it established a policy and procedures, it did not provide documentation to sufficiently demonstrate that the policy and procedures were implemented. During our fiscal year 2016 audit, we identified an instance where an employee was allowed to enter on duty and it was subsequently discovered that this employee was deemed unsuitable for employment during the prescreening process. IRS did not provide additional documentation to demonstrate that its procedures had been carried out for this employee. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to develop and provide training, on a recurring basis, to all Facilities Management and Security Services specialists and managers involved in the duress alarm validation and testing process to reinforce the related policies and procedures.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, in February 2016, AWSS developed and provided training on duress alarm validation and testing to FMSS specialists and managers. However, during our June 2016 field office audit testing, we found that the FMSS specialists responsible for the physical security at the sites we visited had not received training on duress alarm validation and testing. Further, our testing identified instances where (1) duress alarm testing did not include all duress alarms, (2) documented validations of the duress alarm inventory were not completed timely or available to individuals (FMSS and non-FMSS staff) before each test was conducted, and (3) descriptions of the duress alarm inventory used by the security specialist to conduct testing were labeled incorrectly. During follow up discussions with IRS officials, we were informed that FMSS specialists were not fully evaluating alarm test results and adhering to established procedures for monitoring those tests. We will continue to evaluate IRS's efforts to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement a policy requiring recurring training for TAC group and territory managers on their TSRRD responsibilities, including detailed instructions for completing responses to questions in TSRRD and for reviewing TSRRD submissions for accuracy and completeness. This training should be updated for changes in TSRRD questions over time and be provided to new TAC group and territory managers soon after they are hired or appointed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that during fiscal year 2017, the Wage and Investment organization will incorporate into the IRM its new training policy requiring training for TAC group and territory managers on their TSRRD responsibilities, including specific instructions for completing questions in TSRRD and for reviewing TSRRD submissions. According to IRS, this training will be provided on a recurring basis to account for changes in TSRRD questions and newly hired or appointed TAC group and territory managers. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to determine the reason(s) why staff did not always comply with IRS's established policies and procedures related to initiating, monitoring, and reviewing the monitoring of manual refunds and, based on this determination, establish a process to better enforce compliance with these requirements.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that by September 2017, it will determine the reasons for staff noncompliance with established policies and procedures related to initiating, monitoring, and reviewing the monitoring of manual refunds, and based on this determination, establish a process to better enforce compliance with these requirements. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to enhance the training program provided to COs to address all the job responsibilities related to certifying manual refunds for payment, including the required review of supporting documentation for manual refunds.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS stated that in February 2016, it provided a refresher course to COs as part of their annual training to address their responsibilities related to certifying manual refunds. However, based on our review of the refresher course materials, the course did not address our recommendation to enhance the training program. For example, the materials did not provide guidelines on how to perform the required reviews related to certifying manual refunds. As a result, during our fiscal year 2016 audit, we continued to find instances where the COs did not comply with the review requirements. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to identify the cause of and implement a solution for dealing with the periodic backlogs of ICO inventory that is hampering the performance of quality reviews.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that by September 2017, it will identify a cause of and implement a solution for dealing with the periodic backlogs of ICO inventory. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish policies for (1) how long an asset can remain in missing status before it is removed from P&E reported on the financial statements and (2) how long assets can go unverified during the annual inventory process before they are identified as missing in the property management system.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's IT organization issued AM064, Asset Management Policy Directive to Identify Uncertified Class A and Class B Assets as Missing in KISAM, effective October 1, 2016. The directive states that in accordance with the annual Hardware Asset Management Inventory Certification Plan, assets that are not verified or certified for more than two inventory cycles should be identified as missing in IRS's property management system. It further states that the property management system should be updated by the end of the first quarter of the fiscal year after an asset meets the "missing" criterion. In November 2016, IRS's CFO organization developed the Missing Assets Financial Reporting Assessment procedure, which states that assets in missing status for 1 year or more should be removed from the P&E reported on IRS's financial statements. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement procedures to reasonably assure that missing assets are timely removed from the financial statements when applicable.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In November 2016, IRS's CFO organization established the Missing Assets Financial Reporting Assessment procedure, which included procedures for identifying assets that have been in missing status in the property management system for 1 year or more and removing them from the P&E reported on the financial statements. As this procedure was established after the end of fiscal year 2016, we will evaluate IRS's implementation of this procedure during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate officials to establish and implement monitoring procedures designed to reasonably assure that the key detailed information for tangible capitalized P&E is properly recorded and updated in the KISAM system.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's IT organization established SOP FY17-01, Asset Management Program Monitoring and Review, effective October 1, 2016. The SOP details the IRS Asset Management Group's procedures for conducting a quarterly review on a sample of asset records and transactions in KISAM to verify the accuracy and completeness of key KISAM data elements and correct any discrepancies found. In September 2016, IRS issued AWSS-01-0916-0001, Interim Guidance for IRM 1.14.4, Personal Property Management, to require the FMSS territory manager or section chief to perform quarterly sample reviews of non-IT assets in KISAM to verify that key data elements are complete and updated. As these procedures were established after we conducted our internal control testing in fiscal year 2016, we will evaluate IRS's implementation of these procedures during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate officials to design a process to reasonably assure the adequacy of detailed supporting information for tangible P&E amounts recorded in the general ledger.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's actions to address this recommendation are ongoing. According to IRS, by September 2017, its CFO organization will implement a P&E subsidiary ledger, and will design and implement processes based on the subsidiary ledger that will reasonably assure the adequacy of detailed supporting information for tangible P&E amounts recorded in the general ledger. We will assess IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement detailed written procedures for calculating future lease payments for noncancelable operating leases that are reported in the notes to the financial statements. The procedures should (1) include steps for considering any ad hoc clauses that may have specific termination dates and (2) include a requirement for supervisory review to provide reasonable assurance of the accuracy of future lease payment amounts for noncancelable operating leases.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In October 2016, IRS established procedures for calculating future lease payments for noncancelable operating leases that are reported in the notes to its financial statements. The procedures included (1) steps for considering any ad hoc clauses that may have specific termination dates and (2) a requirement for supervisor review to provide reasonable assurance of the accuracy of future lease payment amounts for noncancelable operating leases. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Director: Dalkin, James R
    Phone: (202) 512-3133

    1 open recommendations
    Recommendation: The U.S. Securities and Exchange Commission should direct the COO and CFO to implement controls, such as periodic reviews of asset dispositions, to help reasonably assure that SEC's procedures for the preparation and maintenance of documentation related to the disposition of assets are consistently implemented and that any deviations from established procedures are documented.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: SEC Officials are still working on corrective actions as of the end of fiscal year 2016. We will follow up on this recommendation during our fiscal year 2017 SEC financial statement audit.
    Director: Clark, Cheryl E
    Phone: (202) 512-9377

    2 open recommendations
    Recommendation: The Commissioner of Internal Revenue should direct the appropriate IRS officials to establish and implement policies and procedures requiring a review process to reasonably assure that the accounts related to deceased taxpayers are only reopened for valid refunds.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In January 2016, IRS automated the process of locking deceased taxpayer accounts during its year-end processing. However, during our fiscal year 2016 audit, we continued to find instances in which IRS employees reopened deceased taxpayer accounts and disbursed invalid refunds. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Commissioner of Internal Revenue should direct the appropriate IRS officials to establish and implement policies and procedures that require monitoring to reasonably assure that accounts related to deceased taxpayers that have been reopened are timely closed after processing the refund.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In January 2016, IRS automated the process of locking accounts related to deceased taxpayers during its year-end processing. However, during our fiscal year 2016 audit, we continued to find instances in which IRS employees reopened deceased taxpayer accounts to process refunds and did not close them timely. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Director: Malenich, J Lawrence
    Phone: (202) 512-3406

    2 open recommendations
    Recommendation: The CFPB should direct the Chief Financial Officer to design and implement control procedures that require coordination between the Office of Procurement and other program offices at the time of capitalization to ensure that property and equipment costs, including costs associated with internal-use software, are properly capitalized or expensed as appropriate.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: Although CFPB took actions to attempt to address this recommendation, as of September 30, 2016, it was still in the process of implementing additional corrective actions. In addition, our fiscal year 2016 audit continued to identify deficiencies over the recording of property, equipment, and software costs. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Recommendation: The CFPB should direct the Chief Financial Officer to strengthen the design and implementation of control procedures to require, as part of the Office of the Chief Financial Officer's quarterly review procedures, review of underlying supporting documents, including tracking schedules, invoices, and obligating documents, to ensure that property and equipment transactions are properly identified and capitalized or expensed as appropriate.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: As of September 30, 2016, we continued to find that the Office of the Chief Financial Officer's review was not always effective in timely detecting and correcting classification errors between costs that should be capitalized and costs that should be expensed. We will continue to evaluate CFPB's actions to address this recommendation during our fiscal year 2017 financial statement audit.
    Director: Clark, Cheryl E
    Phone: (202) 512-9377

    3 open recommendations
    Recommendation: The Commission should direct the appropriate officials to establish and implement written policies and procedures requiring timely and continuous supervisory review of all financial transactions.

    Agency: American Battle Monuments Commission
    Status: Open

    Comments: In the Commission's fiscal year 2016 Independent Auditor's Report, the auditor reported that the Commission resolved the material weakness related to not effectively reviewing financial transactions to ensure that they were accurate, valid, complete, and recorded in the appropriate accounting period. We contacted the agency to ask for further information on the policy and process for supervisory review of financial transactions, but no response was received within the established deadline for us to conduct our follow up. Therefore, because we were not able to verify that related policies and procedures were established and implemented, we will follow up on this open recommendation at a later date.
    Recommendation: To improve its monitoring of internal control, the Commission should direct the appropriate officials to establish and implement written policies and procedures for planning and conducting the Commission's annual assessment of internal control over financial reporting as required by OMB A-123. The policies and procedures should include; (1) documenting an understanding of its internal control environment, which entails such elements as the tone at the top, ethical standards, and personnel management, which can have a significant effect on how the organization functions and the integrity of its financial accounting and reporting; (2) documenting its assessment of the risk of material misstatement to its financial statements; (3) establishing and documenting its internal control objectives and related internal control activities in place to meet those objectives; (4) documenting the tests to be performed and the results of each test, clearly identifying exceptions and resulting deficiencies; and (5) establishing a corrective action plan for all identified deficiencies that specifies how and when each deficiency will be corrected, and assigning responsibility for its effective and timely resolution.

    Agency: American Battle Monuments Commission
    Status: Open

    Comments: In the Commission's fiscal year 2016 Independent Auditor's Report, the auditor continued to report that the Commission did not have an adequate process for monitoring the design and operating effectiveness of its internal control to identify, evaluate, and correct internal control deficiencies. For example, the Commission did not document its OMB A-123 approach for assessing its internal control, or provide sufficient, appropriate evidence to support its conclusions on the effectiveness of its internal control activities. The Commission responded that it will continue to implement an enterprise-wide system of controls and monitor and report on those controls in compliance with FMFIA. During fiscal year 2017, the Commission informed us that they issued a related policy, however, their independent auditor continues to identify this area as a material weakness. Therefore, we will follow up on this open recommendation at a later date.
    Recommendation: To improve its monitoring of internal control, the Commission should direct the appropriate officials to establish and implement written policies and procedures for monitoring the activities of the external service organizations that perform significant aspects of the Commission's financial transaction processing and reporting, including implementing relevant complementary user entity controls identified by the service auditors.

    Agency: American Battle Monuments Commission
    Status: Open

    Comments: In the Commission's fiscal year 2015 Independent Auditor's Report, the auditor continued to report that the Commission did not adequately document and monitor the effectiveness of internal controls at the service organizations that performed significant aspects of its financial transaction processing and reporting, including processing its federal employee payroll transactions, reconciling its fund balance with Treasury, and preparing its annual financial statements. Specifically, ABMC did not evaluate the service organizations' service auditor reports that contained information on the service organizations' controls and the effectiveness of those controls, and did not consider the impact of the findings and conclusions contained in the service auditor reports on the effectiveness of its internal control. Further, ABMC did not design and implement appropriate complementary user entity controls that were identified by the service auditors. The Commission stated that it will continue to implement an enterprise-wide system of controls and monitor and report on those controls in compliance with FMFIA during fiscal year 2017. Therefore, we will follow up on this open recommendation at a later date.
    Director: Clark, Cheryl E
    Phone: (202)512-9377

    3 open recommendations
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to perform a risk assessment to determine the appropriate level of Integrated Data Retrieval System (IDRS) access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, a risk assessment was performed to determine the appropriate level of IDRS access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities. However, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to, based on the results of the risk assessment, update the Internal Revenue Manual (IRM) accordingly to specify the appropriate level of IDRS access that should be allowed for (1) remittance perfection technicians and (2) all other employee groups with IDRS access that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to restrict the use of certain IDRS command codes for remittance perfection technicians. In addition, in May 2016, IRS reassessed the risks at its TACs, including the specific risks and mitigating factors associated with allowing TAC employees to process taxpayer remittances and to adjust taxpayer accounts. However, IRS did not update the IRM to reflect the conclusions from the risk assessment related to TAC employees. Further, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to establish procedures to implement the updated IRM, including required steps to follow to prevent (1) remittance perfection technicians and (2) all other employee groups that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities from gaining access to command codes not required as part of their designated job duties.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to include procedures to restrict the use of certain IDRS command codes for remittance perfection technicians. However, the IRM has not been updated based on the results of the risk assessment related to TAC employees and, if applicable, other employees who have access to sensitive command codes and handle hard-copy taxpayer receipts and related sensitive information as part of their job duties. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.