IRS's Fiscal Years 2018 and 2017 Financial Statements
GAO-19-150: Published: Nov 9, 2018. Publicly Released: Nov 9, 2018.
- Highlights Page:
- Full Report:
- Accessible Version:
What GAO Found
In GAO's opinion, the Internal Revenue Service's (IRS) fiscal years 2018 and 2017 financial statements are fairly presented in all material respects, and although controls could be improved, IRS maintained, in all material respects, effective internal control over financial reporting as of September 30, 2018. GAO's tests of IRS's compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements detected no reportable instances of noncompliance in fiscal year 2018.
During fiscal year 2018, IRS continued to make important progress in addressing a long-standing material weakness in internal control over unpaid assessments. These efforts included enhancing data quality and improving controls over the complex statistical process that IRS uses to estimate the amounts of taxes receivable, compliance assessments, and write-offs for financial reporting purposes. Based on the cumulative effects of these and other efforts, GAO no longer considers the remaining deficiencies to represent a material weakness. However, the remaining control deficiencies collectively are significant enough to merit attention by those charged with governance, and therefore represent a significant deficiency in internal control over unpaid assessments. Further enhancements to IRS's financial systems are needed to address continuing issues with the accuracy of tax records, enable IRS to rely on its systems to record reliable taxes receivable transaction detail, improve IRS's ability to effectively manage taxpayers' accounts, and reduce taxpayer burden.
During fiscal year 2018, IRS also continued to make progress in addressing deficiencies in internal control over its financial reporting systems. However, continuing and newly identified control deficiencies in IRS's information security placed IRS systems and data at risk. Collectively, these deficiencies represent a significant deficiency in IRS's internal control over financial reporting systems. Until IRS takes the necessary steps to address these deficiencies in controls, its financial reporting and taxpayer data will remain at increased risk of inappropriate and undetected use, modification, or disclosure.
In addition to its internal control deficiencies, IRS faces significant ongoing financial management challenges related to (1) safeguarding taxpayer receipts and associated information, (2) preventing and detecting fraudulent refunds based on identity theft, and (3) implementing the tax-related provisions of the Patient Protection and Affordable Care Act.
Why GAO Did This Study
In accordance with the authority conferred by the Chief Financial Officers Act of 1990, as amended, GAO annually audits IRS's financial statements to determine whether (1) the financial statements are fairly presented and (2) IRS management maintained effective internal control over financial reporting. GAO also tests IRS's compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements.
IRS's tax collection activities are significant to overall federal receipts, and the effectiveness of its financial management is of substantial interest to Congress and the nation's taxpayers.
What GAO Recommends
Based on prior financial statement audits, GAO made numerous recommendations to IRS to address internal control deficiencies. GAO will continue to monitor and will report separately on IRS's progress in implementing prior recommendations that remain open. Consistent with past practice, GAO will also be separately reporting on the new internal control deficiencies identified in this year's audit and providing IRS recommendations for corrective actions to address them.
In commenting on a draft of this report, IRS stated that it continues to increase its focus on information security and internal controls.
For more information, contact Cheryl E. Clark at (202) 512-3406 or firstname.lastname@example.org.