Skip to main content

Financial Audit: IRS's Fiscal Years 2013 and 2012 Financial Statements

GAO-14-169 Published: Dec 12, 2013. Publicly Released: Dec 12, 2013.
Jump To:
Skip to Highlights


What GAO Found

In GAO’s opinion, the Internal Revenue Service’s (IRS) fiscal years 2013 and 2012 financial statements are fairly presented in all material respects. However, in GAO’s opinion, IRS did not maintain effective internal control over financial reporting as of September 30, 2013, because of a continuing material weakness in internal control over unpaid tax assessments. GAO’s tests of IRS’s compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements detected no reportable instances of noncompliance in fiscal year 2013.

The material weakness in internal control over unpaid tax assessments was primarily caused by financial system limitations and data entry errors that rendered IRS’s system unable to readily distinguish between taxes receivable, compliance assessments, and write-offs in order to properly classify these components for financial reporting purposes. These deficiencies necessitated the use of a compensating estimation process to determine the amount of taxes receivable, the most material asset on IRS’s balance sheet. Serious control deficiencies related to unpaid tax assessments are likely to continue to exist until IRS significantly enhances the capabilities of the systems it uses to account for unpaid tax assessments, and improves controls over the recording of information in taxpayer accounts so that reliable transaction-based balances for taxes receivable can be ultimately recorded in the general ledger.

During fiscal year 2013, IRS continued to make important progress in addressing deficiencies in internal control over its financial reporting systems. However, new and continuing deficiencies in internal control that GAO identified over information security, including missing security updates, insufficient monitoring of financial reporting systems, and weak encryption for authentication, constituted a significant deficiency in IRS’s internal control. Until IRS fully addresses existing control deficiencies over its financial reporting systems, there is an increased risk that its financial and taxpayer data will remain vulnerable to inappropriate and undetected use, modification, or disclosure.

In addition to its internal control deficiencies, IRS faces significant ongoing financial management challenges associated with (1) safeguarding the large volume of sensitive hard copy taxpayer receipts and related information, and (2) its exposure to significant improper refunds from identity theft.

Why GAO Did This Study

In accordance with the authority granted by the Chief Financial Officers Act of 1990, GAO annually audits IRS’s financial statements to determine whether (1) the financial statements are fairly presented and (2) IRS management maintained effective internal control over financial reporting. GAO also tests IRS’s compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements.

IRS’s tax collection activities are significant to overall federal receipts, and the effectiveness of its financial management is of substantial interest to Congress and the nation’s taxpayers.


Based on prior financial statement audits, GAO made numerous recommendations to IRS to address internal control deficiencies. GAO will continue to monitor and will report separately on IRS’s progress in implementing prior recommendations that remain open. Consistent with past practice, GAO will also be separately reporting on the new internal control deficiencies identified in this year’s audit, and providing IRS recommendations for corrective actions to address them.

In commenting on a draft of this report, IRS stated that it would continue to increase its focus on information security and internal controls while improving financial reporting.

Full Report

Office of Public Affairs


Internal controlsChief information officersFinancial managementFinancial statementsInformation securityTaxesTaxpayers