Management Report:

Improvements Are Needed to Enhance the Internal Revenue Service's Internal Control over Financial Reporting

GAO-19-412R: Published: May 9, 2019. Publicly Released: May 9, 2019.

Additional Materials:

Contact:

Cheryl E. Clark
(202) 512-9377
clarkce@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Does the IRS get audited, too?

Every year we audit the IRS's financial statements. Our FY 2018 audit found new and continuing problems related to its internal controls over its financial reporting.

For instance, we found issues with how the IRS:

Accounts for taxes receivable—the money it estimates it will collect from taxes owed

Safeguards taxpayer information

Reviews suspicious and questionable tax returns

Problems like these could lead to misstatements in IRS's financial statements, as well as unauthorized access to taxpayer information.

We made 12 additional recommendations in this report to address these issues.

 

The sign outside of the Internal Revenue Service building.

The sign outside of the Internal Revenue Service building.

Additional Materials:

Contact:

Cheryl E. Clark
(202) 512-9377
clarkce@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During its audit of the Internal Revenue Service's (IRS) fiscal years 2018 and 2017 financial statements, GAO identified continuing control deficiencies related to IRS's accounting for federal taxes receivable and other unpaid assessments that collectively represent a significant deficiency in IRS's internal control over unpaid tax assessments as of September 30, 2018. GAO also identified new control deficiencies in IRS's internal control over financial reporting that although not considered a material weakness or significant deficiency, nonetheless, warrant IRS management's attention. These control deficiencies concern IRS's

  • nationwide strategy for safeguarding taxpayer receipts and associated information,
  • physical security policies and procedures,
  • review of visitor access logs,
  • transmission of taxpayer receipts,
  • designations of unit security representatives,
  • review of automated tax refund information prior to certification for payment,
  • review of refund schedule numbers for manual refunds, and
  • review of suspicious and questionable tax returns in Examination.

In addition, for six of the 32 recommendations from GAO's prior reports related to control deficiencies in IRS's internal control over financial reporting, GAO found that IRS implemented corrective actions during fiscal year 2018 that resolved the deficiencies, and as a result, these recommendations were closed. GAO closed one additional recommendation that related to unpaid assessments, by making a new recommendation that is better aligned with the remaining deficiencies that collectively represent a significant deficiency in internal controls over this area as of September 30, 2018. As a result, IRS currently has 37 GAO recommendations to address—the previous 25 open recommendations and the 12 new recommendations GAO is making in this report.

Why GAO Did This Study

The purpose of this report is to present those internal control deficiencies identified during GAO's audit of IRS's fiscal years 2018 and 2017 financial statements for which GAO did not already have any recommendations outstanding. This report provides new recommendations to address these internal control deficiencies and also presents the status, as of September 30, 2018, of IRS's corrective actions taken to address GAO's recommendations from its prior financial audits that remained open as of September 30, 2017.

What GAO Recommends

GAO is making 12 recommendations to address the identified control deficiencies. These recommendations are intended to improve IRS's internal controls over financial reporting as well as to bring IRS into conformance with its own policies and Standards for Internal Control in the Federal Government. IRS stated that it is committed to implementing appropriate improvements to ensure that it maintains sound financial management practices. IRS agreed with GAO's 12 new recommendations and described planned actions to address each recommendation.

For more information, contact Cheryl E. Clark at (202) 512-9377 or clarkce@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials implement the necessary actions to effectively address the two primary causes of the significant deficiency in IRS's internal control over unpaid assessments. These actions should (1) resolve the system limitations affecting the recording and maintenance of reliable and appropriately classified unpaid assessments and related taxpayer data to support timely and informed management decisions, and enable appropriate financial reporting of unpaid assessment balances throughout the year, and (2) identify the control deficiencies that result in significant errors in taxpayer accounts and implement control procedures to routinely and effectively prevent, or detect and correct, such errors. (Recommendation 19-01)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials document and implement a formal comprehensive strategy to provide reasonable assurance concerning its nationwide coordination, consistency, and accountability for internal control over key areas of physical security. This strategy should include nationwide improvements for (1) coordinating among the functional areas involved in physical security; (2) implementing and monitoring the effectiveness of physical security policies, procedures, and internal controls; and (3) ongoing communication in identifying, documenting, and taking corrective action to resolve underlying control issues that affect IRS's facilities. (Recommendation 19-02)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of Internal Revenue should ensure that appropriate IRS officials determine the reasons staff did not consistently comply with IRS's existing requirement for maintaining an emergency contact list at all of its facilities and, based on this determination, establish a process to enforce compliance with the requirement. (Recommendation 19-03)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  4. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of Internal Revenue should ensure that appropriate IRS officials establish and implement policies and procedures requiring that corrective actions be documented in the Alarm Maintenance and Testing Certification Report for malfunctioning alarms identified in the annual alarm tests. (Recommendation 19-04)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  5. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of Internal Revenue should ensure that the appropriate IRS officials establish and implement policies or procedures, or both, to provide reasonable assurance that the video surveillance systems at all IRS facilities record activity at the correct time and are properly secured. The policies or procedures should include periodic checks and adjustments, as needed, as part of the annual service and maintenance of security equipment and systems. (Recommendation 19-05)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  6. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials update and implement policies or procedures, or both, to clarify (1) who is responsible for conducting the annual review of the visitor access logs, (2) the date by which the review is to be conducted, and (3) how the review should be documented. (Recommendation 19-06)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  7. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials (1) identify the reason IRS's policies and procedures related to the transmittal forms were not always followed and (2) design and implement actions to provide reasonable assurance that SB/SE units comply with these policies and procedures. (Recommendation 19-07)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  8. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials update and implement policies or procedures, or both, to clearly define the roles and responsibilities of second-level managers and IDRS security account administrators for validating the information on USR designation forms, including specifying how the information should be validated. (Recommendation 19-08)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  9. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials update and implement procedures to clearly specify the tax refund data elements that PVS COs are required to verify before certifying the tax refunds in SPS. (Recommendation 19-09)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  10. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of Internal Revenue should ensure that the appropriate IRS officials establish and implement a review process to provide reasonable assurance that the RSNs that Data Conversion key entry operators enter into the ISRP system and post to the master files are correct. (Recommendation 19-10)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  11. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commissioner of Internal Revenue should ensure that the appropriate IRS officials implement a validity check in the ISRP system to confirm that RSNs that Data Conversion key entry operators enter into the system have the required 14 digits. (Recommendation 19-11)

    Agency Affected: Department of the Treasury: Internal Revenue Service

  12. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We recommend that the Commissioner of Internal Revenue ensure that the appropriate IRS officials update and implement policies or procedures, or both, to require that reviewers follow up with tax examiners to verify the errors that tax examiners made in working on cases related to suspicious or questionable tax returns are corrected. (Recommendation 19-12)

    Agency Affected: Department of the Treasury: Internal Revenue Service

 

Explore the full database of GAO's Open Recommendations »

May 15, 2019

Mar 29, 2019

Mar 28, 2019

Mar 26, 2019

Feb 14, 2019

Jan 31, 2019

Jan 10, 2019

Dec 7, 2018

Looking for more? Browse all our products here