Skip to main content

Management Report: Improvements Are Needed to Enhance the Internal Revenue Service's Internal Control over Financial Reporting

GAO-18-393R Published: May 07, 2018. Publicly Released: May 07, 2018.
Jump To:
Skip to Highlights

Highlights

What GAO Found

During its audit of the Internal Revenue Service's (IRS) fiscal years 2017 and 2016 financial statements, GAO identified a new control deficiency involving the timely correction and posting of tax transactions to taxpayer accounts that contributed to IRS's continuing material weakness in internal control over unpaid assessments as of September 30, 2017. GAO also identified another new deficiency related to the monitoring of internal control activities for safeguarding taxpayer receipts and associated information. Although not considered material weaknesses or significant deficiencies, these new deficiencies nonetheless warrant IRS management's attention.

GAO is making 2 new recommendations to address the control deficiency that contributed to IRS's continuing material weakness in internal control over unpaid assessments and 3 new recommendations to address the control deficiency related to monitoring of internal control activities for safeguarding taxpayer receipts and associated information. Further, GAO found that IRS had completed corrective action on 14 of the 41 recommendations from its prior financial audits that remained open as of September 30, 2016. As a result, IRS currently has 32 GAO recommendations to address--the previous 27 open recommendations and the 5 new recommendations GAO is making in this report. 

Why GAO Did This Study

The purpose of this report is to present those internal control deficiencies identified during GAO's audit of IRS's fiscal years 2017 and 2016 financial statements for which GAO did not already have any recommendations outstanding. This report provides new recommendations to address these internal control deficiencies and also presents the status, as of September 30, 2017, of IRS's corrective actions taken to address GAO's recommendations from its prior financial audits that remained open as of September 30, 2016.

Recommendations

 

GAO is making five recommendations related to the new control deficiencies. These recommendations are intended to improve IRS's internal controls over financial reporting as well as to bring IRS into conformance with its own policies and Standards for Internal Control in the Federal Government. IRS stated that it is committed to implementing appropriate improvements to ensure that it maintains sound financial management practices. IRS agreed with GAO's five recommendations and described planned actions to address each recommendation.

Recommendations for Executive Action

Agency Affected Recommendation Status
Internal Revenue Service The Acting Commissioner of Internal Revenue should ensure that the appropriate IRS officials research and determine why IRS's existing policies and procedures intended to timely follow up on, resolve, and record unpostable transactions were not fully effective in achieving these objectives. (Recommendation 18-01)
Closed – Implemented
As of September 30, 2019, all operating divisions involved with this recommendation researched and determined the reasons why its existing policies and procedures intended to follow-up on, resolve, and record its unpostable transactions were not fully effective in achieving these objectives and have taken corrective actions to resolve the identified unpostable transactions. IRS's actions sufficiently address our recommendation.
Internal Revenue Service The Acting Commissioner of Internal Revenue should ensure that the appropriate IRS officials, based on IRS's research and determination, design and implement the corrective actions necessary to reasonably assure that IRS effectively resolves and records unpostable transactions in a timely manner, including establishing clearly defined time frames in the Internal Revenue Manual (IRM) by which the IRS operating divisions should correct unpostable transactions and appropriate related oversight and review processes. (Recommendation 18-02)
Closed – Implemented
In fiscal year 2020, IRS provided its updated policies and procedures for the effective resolution and timely recording of unpostable transactions. IRS's corrective actions address our recommendation.
Internal Revenue Service The Acting Commissioner of Internal Revenue should ensure that the appropriate IRS officials develop and implement policies in the IRM for conducting and monitoring the Submission Processing internal control review. These policies should include or be accompanied by procedures to (1) assess and update the review questions and cited IRM criteria to reasonably assure they align with the controls under review; (2) periodically evaluate and document a review of the error threshold methodology to assess its current validity based on changes to the operating environment; (3) report findings identified in the Findings and Corrective Actions Report; and (4) assess and monitor (a) safeguarding internal control activities across all work shifts, particularly during peak seasons, (b) safeguarding internal control activities for the appropriate use and destruction of hard copy taxpayer information, and (c) the results of relevant functional level reviews. (Recommendation 18-03)
Closed – Implemented
During fiscal years 2019 and 2020, IRS established and implemented policies and procedures for conducting and monitoring the Submission Processing internal control review, which we verified during our fiscal year 2022 testing. As a result, we conclude that IRS's actions sufficiently address our recommendation.
Internal Revenue Service The Acting Commissioner of Internal Revenue should ensure that the appropriate IRS officials develop and implement policies in the IRM for conducting and monitoring the Audit Management Checklist review. These policies should include or be accompanied by procedures for IRS management responsible for establishing policies related to safeguarding controls to (1) periodically monitor the results of the review; (2) clarify the minimum requirements for how frequently the review should be completed at its various facilities while considering factors that may affect the most appropriate timing of these reviews, such as changes in personnel, operational processes, or information technology; and (3) reasonably assure that corrective actions for all identified deficiencies are tracked until fully implemented. (Recommendation 18-04)
Closed – Implemented
During fiscal year 2020, IRS officials made the decision to deem the Audit Management Checklist (AMC) obsolete. The Facilities Management and Security Services (FMSS) organization made this decision based on an analysis that determined the safeguarding controls monitored by the AMC were addressed in other existing physical security reviews, such as the Facility Security Assessment (FSA) and its Addendum (FSAA). IRS's policies and procedures include requirements for conducting the FSA and FSAA reviews and monitoring related corrective actions. IRS's actions address the intent of our recommendation.
Internal Revenue Service The Acting Commissioner of Internal Revenue should ensure that the appropriate IRS officials develop and implement policies in the IRM for conducting and monitoring the All Events History Report review. These policies should include or be accompanied by procedures for IRS management responsible for establishing policies related to safeguarding controls to (1) periodically monitor the results of the review and (2) reasonably assure that corrective actions for all identified deficiencies are tracked until fully implemented. (Recommendation 18-05)
Closed – Implemented
During fiscal years 2018 and 2019, IRS established policies and procedures for conducting and monitoring the All Events History Report (AEHR) review, and updated those policies in fiscal year 2021 to address our recommendation. During fiscal year 2022, we tested IRS's implementation of these policies and procedures, and found no exceptions. As a result, we conclude that IRS's actions sufficiently address our recommendation.

Full Report

Office of Public Affairs

Topics

Financial reportingFinancial statementsInformation resources managementInternal controlsPolicies and proceduresRisk assessmentUnauthorized accessTaxpayersTaxpayer informationCompliance oversight