Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Tax administration systems"

    18 publications with a total of 52 open recommendations including 2 priority recommendations
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    10 open recommendations
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should implement the audit plans for the 12 systems and applications that we reviewed in the production computing environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that system administrators and security operations analysts are alerted in the event of audit processing failures.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should update information contingency plan test procedures to include updating contingency plans to reflect changes to the current operating environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that approved risk-based decisions pertaining to database configurations are based on suitable justification.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should develop, document, and implement the use of detailed procedures to facilitate the periodic review and analysis of audit records for its financial systems.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should develop an enterprise-wide system owner procedural document to control critical mainframe operating system commands.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should regularly update configuration standards and guidelines for network devices to incorporate recommendations from industry leaders, security agencies, and key practices from IRS partners to address known vulnerabilities applicable to IRS's environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should implement a compliance verification application, or other appropriate process, to ensure configuration policies are comprehensively tested on the mainframe.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that all known significant audit findings and recommendations related to financial reporting, which includes those in GAO's public and limited official use only reports, that directly relate to the objective of A-123 internal control tests are reviewed and monitored.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should identify and review service organizations' listing of user controls that are deemed relevant and test those controls to appropriately draw conclusions about the operating effectiveness of controls.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities, consistent with IRS's process for prioritizing operations support priorities, which addresses (1) prioritization and comparison of IT assets against each other, (2) criteria for making selection and prioritization decisions, and (3) ensuring IRS executives' final funding decisions on IT proposals are based on IRS's prioritization process.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS stated that it had several process improvements underway that would impact its documentation of policies and procedures for prioritizing business systems modernization activities. The agency committed to addressing the recommendation by December 2017.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to modify existing processes for Foreign Account Tax Compliance Act (FATCA) and Return Review Program (RRP) for measuring work performed by IRS staff to incorporate best practices, including accounting for actual work performed and using the level of effort measure sparingly.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS reported that it was continuing to examine methods for modifying existing processes to measure work performed by IRS staff for the Foreign Account Tax Compliance Act and Return Review programs. We are monitoring IRS's efforts as part of an ongoing review of the agency's information technology operations.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to report on actual costs and scope delivery at least quarterly for the Customer Account Data Engine 2 and the Affordable Care Act Administration. For these investments, IRS should develop metrics similar to FATCA and RRP.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS began reporting on actual costs and scope delivery at least quarterly using metrics similar to FATCA and RRP and provided the quarterly reports for fiscal year 2016 and the first two quarters of fiscal year 2017 to GAO. As of September 2017, the agency had not implemented the recommendation for the Affordable Care Act Administration investment because it did not see the benefit in doing so given that development work was minimal. We are following up with IRS on this as part of an ongoing review of the agency's information technology operations.
    Director: Clark, Cheryl E
    Phone: (202) 512-9377

    12 open recommendations
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish a process to prevent Employment Operations staff from allowing potential employees to enter on duty without favorable determinations of suitability by Personnel Security adjudicators.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In December 2015, the HCO developed a process and revised procedures in an attempt to improve the monitoring of Employment Operations office decisions to reasonably assure that new employees do not enter on duty before prescreening adjudications are completed and approved by Personnel Security adjudicators. However, during our fiscal year 2016 audit, we identified IRS employees who entered on duty without completed or approved suitability adjudication determinations. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish a policy and procedures requiring IRS officials to review and address situations in which it is later discovered that an employee deemed unsuitable for employment during the prescreening process was erroneously allowed to enter on duty.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: While IRS responded that it established a policy and procedures, it did not provide documentation to sufficiently demonstrate that the policy and procedures were implemented. During our fiscal year 2016 audit, we identified an instance where an employee was allowed to enter on duty and it was subsequently discovered that this employee was deemed unsuitable for employment during the prescreening process. IRS did not provide additional documentation to demonstrate that its procedures had been carried out for this employee. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to develop and provide training, on a recurring basis, to all Facilities Management and Security Services specialists and managers involved in the duress alarm validation and testing process to reinforce the related policies and procedures.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, in February 2016, AWSS developed and provided training on duress alarm validation and testing to FMSS specialists and managers. However, during our June 2016 field office audit testing, we found that the FMSS specialists responsible for the physical security at the sites we visited had not received training on duress alarm validation and testing. Further, our testing identified instances where (1) duress alarm testing did not include all duress alarms, (2) documented validations of the duress alarm inventory were not completed timely or available to individuals (FMSS and non-FMSS staff) before each test was conducted, and (3) descriptions of the duress alarm inventory used by the security specialist to conduct testing were labeled incorrectly. During follow up discussions with IRS officials, we were informed that FMSS specialists were not fully evaluating alarm test results and adhering to established procedures for monitoring those tests. We will continue to evaluate IRS's efforts to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement a policy requiring recurring training for TAC group and territory managers on their TSRRD responsibilities, including detailed instructions for completing responses to questions in TSRRD and for reviewing TSRRD submissions for accuracy and completeness. This training should be updated for changes in TSRRD questions over time and be provided to new TAC group and territory managers soon after they are hired or appointed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that during fiscal year 2017, the Wage and Investment organization will incorporate into the IRM its new training policy requiring training for TAC group and territory managers on their TSRRD responsibilities, including specific instructions for completing questions in TSRRD and for reviewing TSRRD submissions. According to IRS, this training will be provided on a recurring basis to account for changes in TSRRD questions and newly hired or appointed TAC group and territory managers. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to determine the reason(s) why staff did not always comply with IRS's established policies and procedures related to initiating, monitoring, and reviewing the monitoring of manual refunds and, based on this determination, establish a process to better enforce compliance with these requirements.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that by September 2017, it will determine the reasons for staff noncompliance with established policies and procedures related to initiating, monitoring, and reviewing the monitoring of manual refunds, and based on this determination, establish a process to better enforce compliance with these requirements. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to enhance the training program provided to COs to address all the job responsibilities related to certifying manual refunds for payment, including the required review of supporting documentation for manual refunds.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS stated that in February 2016, it provided a refresher course to COs as part of their annual training to address their responsibilities related to certifying manual refunds. However, based on our review of the refresher course materials, the course did not address our recommendation to enhance the training program. For example, the materials did not provide guidelines on how to perform the required reviews related to certifying manual refunds. As a result, during our fiscal year 2016 audit, we continued to find instances where the COs did not comply with the review requirements. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to identify the cause of and implement a solution for dealing with the periodic backlogs of ICO inventory that is hampering the performance of quality reviews.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS efforts to address this recommendation are ongoing. IRS stated that by September 2017, it will identify a cause of and implement a solution for dealing with the periodic backlogs of ICO inventory. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish policies for (1) how long an asset can remain in missing status before it is removed from P&E reported on the financial statements and (2) how long assets can go unverified during the annual inventory process before they are identified as missing in the property management system.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's IT organization issued AM064, Asset Management Policy Directive to Identify Uncertified Class A and Class B Assets as Missing in KISAM, effective October 1, 2016. The directive states that in accordance with the annual Hardware Asset Management Inventory Certification Plan, assets that are not verified or certified for more than two inventory cycles should be identified as missing in IRS's property management system. It further states that the property management system should be updated by the end of the first quarter of the fiscal year after an asset meets the "missing" criterion. In November 2016, IRS's CFO organization developed the Missing Assets Financial Reporting Assessment procedure, which states that assets in missing status for 1 year or more should be removed from the P&E reported on IRS's financial statements. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement procedures to reasonably assure that missing assets are timely removed from the financial statements when applicable.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In November 2016, IRS's CFO organization established the Missing Assets Financial Reporting Assessment procedure, which included procedures for identifying assets that have been in missing status in the property management system for 1 year or more and removing them from the P&E reported on the financial statements. As this procedure was established after the end of fiscal year 2016, we will evaluate IRS's implementation of this procedure during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate officials to establish and implement monitoring procedures designed to reasonably assure that the key detailed information for tangible capitalized P&E is properly recorded and updated in the KISAM system.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's IT organization established SOP FY17-01, Asset Management Program Monitoring and Review, effective October 1, 2016. The SOP details the IRS Asset Management Group's procedures for conducting a quarterly review on a sample of asset records and transactions in KISAM to verify the accuracy and completeness of key KISAM data elements and correct any discrepancies found. In September 2016, IRS issued AWSS-01-0916-0001, Interim Guidance for IRM 1.14.4, Personal Property Management, to require the FMSS territory manager or section chief to perform quarterly sample reviews of non-IT assets in KISAM to verify that key data elements are complete and updated. As these procedures were established after we conducted our internal control testing in fiscal year 2016, we will evaluate IRS's implementation of these procedures during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate officials to design a process to reasonably assure the adequacy of detailed supporting information for tangible P&E amounts recorded in the general ledger.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's actions to address this recommendation are ongoing. According to IRS, by September 2017, its CFO organization will implement a P&E subsidiary ledger, and will design and implement processes based on the subsidiary ledger that will reasonably assure the adequacy of detailed supporting information for tangible P&E amounts recorded in the general ledger. We will assess IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement detailed written procedures for calculating future lease payments for noncancelable operating leases that are reported in the notes to the financial statements. The procedures should (1) include steps for considering any ad hoc clauses that may have specific termination dates and (2) include a requirement for supervisory review to provide reasonable assurance of the accuracy of future lease payment amounts for noncancelable operating leases.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In October 2016, IRS established procedures for calculating future lease payments for noncancelable operating leases that are reported in the notes to its financial statements. The procedures included (1) steps for considering any ad hoc clauses that may have specific termination dates and (2) a requirement for supervisor review to provide reasonable assurance of the accuracy of future lease payment amounts for noncancelable operating leases. As these actions occurred after the end of fiscal year 2016, we will evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: In addition to implementing our previous recommendations, to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue should update system and application audit plans based on the current version of referenced policies and guidelines and when significant changes are made to a system or application.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: The IRS concurred with the recommendation and stated that it plans to implement it. Subsequent to IRS informing us that it has taken action on this recommendation, we plan to evaluate their implementation of this recommendation as part of the audit of IRS's FY 2017 financial statements.
    Recommendation: In addition to implementing our previous recommendations, to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue should update the security plan for systems that provide network infrastructure services to IRS personnel and information systems to reflect changes to the operating environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: On March 28, 2017, IRS officials informed us of the actions they were taking to address this recommendation. Upon receiving information from IRS, we plan to evaluate IRS's implementation of this recommendation as part of the audit of IRS's FY 2017 financial statements.
    Director: James R. McTigue, Jr.
    Phone: (202) 512-9110

    2 open recommendations
    Recommendation: To improve taxpayer service amid declining budgets and increased responsibilities, Congress should consider requiring the Secretary of the Treasury to develop a comprehensive customer service strategy in consultation with the Commissioner of Internal Revenue that (1) determines appropriate telephone and correspondence levels of service, based on service provided by the best in business and customer expectations; and (2) thoroughly assesses which services IRS can shift to self-service options.

    Agency: Congress
    Status: Open

    Comments: As of March 2017, no legislative action had been taken.
    Recommendation: To improve performance management of taxpayer services, the Secretary of the Treasury should update the Department's performance plan to include overage rates for handling taxpayer correspondence as a part of Treasury's performance goals.

    Agency: Department of the Treasury
    Status: Open

    Comments: In May 2017, Treasury officials told us that they plan to include correspondence data as part of Treasury's fiscal year 2018 annual performance plan and fiscal year 2016 annual performance report. They expect it to be available online before Summer 2017.
    Director: James R. McTigue, Jr.
    Phone: (202) 512-9110

    2 open recommendations
    Recommendation: To further encourage whistleblowers to provide information to IRS about serious tax noncompliance and to protect whistleblowers, Congress should consider legislation that would provide protections for tax whistleblowers against retaliation from their employers.

    Agency: Congress
    Status: Open

    Comments: On March 29, 2017, the Senate Finance Committee introduced the IRS Whistleblower Improvements Act of 2017, which would provide anti-retaliation protections for whistleblowers who bring information on tax noncompliance to IRS. The act would provide protections for employees from discharge, demotion, suspension, threats, harassment, or any other discrimination in reprisal for lawful actions to provide information to the IRS or to participate in a judicial action taken by the IRS relating to an alleged underpayment of tax or violation of tax laws. On April 20, 2016, the Senate Finance Committee approved provisions to improve the IRS's whistleblower program and protect tax whistleblowers from retaliation from their employers. The provision extends anti-retaliation provisions to IRS whistleblowers that are presently afforded to whistleblowers under the False Claims Act and Sarbanes-Oxley. However, no action passed on this Senate bill in the 114th congress. We will continue to monitor legislative action in this area.
    Recommendation: The Commissioner of Internal Revenue should direct the Whistleblower Office Director to establish a process to ensure whistleblower addresses are being properly updated in E-TRAK to ensure the WO does not send whistleblower mail to outdated or incorrect addresses. This process could include developing a change of address form specific to whistleblowers and including a blank copy of it in every correspondence with whistleblowers or referencing the importance of updating the WO with any address change in every correspondence with whistleblowers.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In a January 29, 2016 letter, the IRS Deputy Commissioner for Services and Enforcement said that the Whistleblower Office will emphasize in education materials, fact sheets, and other communications with whistleblowers the importance of whistleblowers providing updates to the IRS of any address changes, along with reminders of how to submit address changes to the Whistleblower Office. In August and September of 2016, IRS revised templates for standard letters sent to whistleblowers reminding them of the importance of updating their addresses with the Whistleblower Office and providing direction for how to do so. IRS also published a fact sheet for whistleblowers, which is available on www.irs.gov, that also provides information on how whistleblowers should notify the Whistleblower Office of any address change. As of February 2017, IRS had not taken action to establish a process to ensure that address changes are being properly updated in E-TRAK and that mail is being sent only to the correct address. We will continue to follow-up with IRS on this recommendation.
    Director: Kingsbury, Nancy R
    Phone: (202) 512-2700

    3 open recommendations
    including 2 priority recommendations
    Recommendation: In addition to implementing our previous recommendations, to effectively implement key elements of the IRS information security program, the Commissioner of Internal Revenue should ensure contractors receive security awareness training within 5 business days of being granted access to an IRS information system.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: During the audit of IRS' FY 2017 financial statements, IRS indicated that it had not yet implemented this recommendation. When IRS indicates that it has implemented this recommendation, we will review its actions.
    Recommendation: In addition to implementing our previous recommendations, to effectively implement key elements of the IRS information security program, the Commissioner of Internal Revenue should ensure that control testing methodology and results fully meet the intent of the control objectives being tested.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: During the audit of IRS's FY 2017 financial statements, IRS indicated that it has not completed these actions. When IRS indicates that it has implemented the recommendation, we will evaluate the effectiveness of its actions.
    Recommendation: In addition to implementing our previous recommendations, to effectively implement key elements of the IRS information security program, the Commissioner of Internal Revenue should update the remedial action verification process to ensure actions are fully implemented.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: During the audit of IRS's FY 2017 financial statements, IRS indicated that it has not completed actions to implement the recommendation. When IRS indicates that it has implemented the recommendation, we will evaluate the effectiveness of its actions.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the reliability and reporting of investment performance information and management of selected major investments, the Commissioner of the IRS should direct the Chief Technology Officer to modify reporting of the Affordable Care Act Administration testing status to senior management to include a comprehensive report on all impacted systems--including an explanation for why impacted systems were not tested at a particular level--and ensure this reporting is aligned with the manner in which testing is being performed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS disagreed with this recommendation at the time we made it stating that it followed a rigorous risk-based process for planning the tests of ACA-impacted systems, including the types and levels of testing, and that it had comprehensive reporting for the filing season 2015 release, which included ACA impacted systems. However, as noted in our report, our review of ACA Testing Review Checkpoint reports and filing season reports, which officials stated were used to provide comprehensive reports to senior managers, did not identify the status of testing for all systems impacted by ACA Releases 5.0 and 6.0. We therefore concluded that the recommendation was still valid. As of July 2017, IRS had not changed its position. We will be following up with the agency to discuss the recommendation.
    Director: James R. White
    Phone: (202) 512-9110

    3 open recommendations
    Recommendation: Congress should consider providing the Secretary of the Treasury with the regulatory authority to lower the threshold for electronic filing of W-2s from 250 returns annually to between 5 to 10 returns, as appropriate.

    Agency: Congress
    Status: Open

    Comments: As of September 2017, no legislation has been enacted. Lowering the threshold would help the Internal Revenue Service prevent identity theft refund fraud by enhancing its ability to verify the employment information reported on tax returns before issuing refunds. Additionally, lowering the threshold would reduce the Social Security Administration's administrative costs of processing W-2 information.
    Recommendation: To provide timely, accurate, and actionable feedback to all relevant lead-generating third parties, the Commissioner of Internal Revenue should provide aggregated information on (1) the success of external party leads in identifying suspicious returns and (2) emerging trends (pursuant to section 6103 restrictions).

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of March 2017, the Internal Revenue Service (IRS) had taken steps to address GAO's August 2014 recommendation -- including developing timeliness metrics for managing leads and holding six feedback sessions with financial institutions participating in the External Leads Program -- but had not provided documentation that the agency is providing meaningful feedback to external parties. In November 2015, IRS reported that it had developed a database to track leads submitted by financial institutions and the results of those leads. IRS also stated that it had held six sessions with financial institutions to provide feedback on external leads provided to IRS. These quarterly feedback sessions contained various types of information, including overall statistics for the External Leads Program, individual statistics tailored to a specific external party, and solicitations for how to improve the program. In December 2015, IRS officials stated that the agency sent a customer satisfaction survey asking financial institutions for feedback on the external leads process and was considering other ways to provide feedback to financial institutions. In August 2016, an industry group representing financial institutions reported that IRS had not begun providing meaningful feedback to financial institutions that are providing leads to IRS. In March 2017, IRS officials told us they were holding more frequent, monthly, feedback sessions with financial institutions. GAO will follow up with financial institutions to understand the extent to which IRS's feedback has been timely and is actionable. Without accurate, timely, and actionable feedback, the more than 600 external parties participating in the External Leads Program do not know if the leads they provide to IRS are useful and they may not be able to assess their success in identifying identity theft refund fraud or improve their detection tools.
    Recommendation: To provide timely, accurate, and actionable feedback to all relevant lead-generating third parties, the Commissioner of Internal Revenue should develop a set of metrics to track external leads by the submitting third party.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of March 2017, the Internal Revenue Service (IRS) had taken steps to address GAO's August 2014 recommendation --including developing timeliness metrics for managing leads and holding six feedback sessions with financial institutions participating in the External Leads Program -- but had not provided documentation that the agency is providing meaningful feedback to external parties. In November 2015, IRS reported that it had developed a database to track leads submitted by financial institutions and the results of those leads. IRS also stated that it had held six sessions with financial institutions to provide feedback on external leads provided to IRS. These quarterly feedback sessions contained various types of information, including overall statistics for the External Leads Program, individual statistics tailored to a specific external party, and solicitations for how to improve the program. In December 2015, IRS officials stated that the agency sent a customer satisfaction survey asking financial institutions for feedback on the external leads process and was considering other ways to provide feedback to financial institutions. In August 2016, an industry group representing financial institutions reported that IRS had not begun providing meaningful feedback to financial institutions that are providing leads to IRS. In March 2017, IRS officials told us they were holding more frequent, monthly, feedback sessions with financial institutions. GAO will follow up with financial institutions to understand the extent to which IRS's feedback has been timely and is actionable. Without accurate, timely, and actionable feedback, the more than 600 external parties participating in the External Leads Program do not know if the leads they provide to IRS are useful and they may not be able to assess their success in identifying identity theft refund fraud or improve their detection tools.
    Director: Mctigue Jr, James R
    Phone: (202) 512-7968

    2 open recommendations
    Recommendation: Congress should consider expanding the mandate for partnerships and corporations to electronically file their tax returns to cover a greater share of filed returns.

    Agency: Congress
    Status: Open

    Comments: No legislation enacted as of March 2017. Current law requires entities that file more than 250 returns during a year or partnerships with more than 100 partners to file electronically. A bill has been introduced in Congress, S. 3178, which would gradually lower the threshold to 20 returns. Requiring greater digitization of tax return information, as GAO suggested in May 2014, would help the Internal Revenue Service identify which partnership and S corporation tax returns would be most productive to examine. Improving IRS's selection of partnership and S corporation returns to examine would also benefit compliant taxpayers whose returns may otherwise be selected for examination. Further, expanded e-filing would reduce IRS's tax return processing costs.
    Recommendation: While IRS works to improve the quality of its Schedule K-1 data, the Commissioner of Internal Revenue should develop a plan for conducting testing or other analysis to determine whether the improved Schedule K-1 data, perhaps combined with other IRS information about businesses and taxpayers, could be used more effectively to ensure compliance with the reporting of flow-through income.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS stated that it understands the objective of this recommendation and, at such time that resources are available to enhance capabilities, it would consider the proposed methodology of advanced testing. However, based on current and anticipated budget constraints, it does not expect its plans to change in the near future.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: To effectively implement key components of the IRS information security program, the Commissioner of Internal Revenue should update access request policies and procedures to ensure that they contain sufficiently detailed information of access requests and access assignments to facilitate effective review and verification of appropriate access privileges.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: At the beginning of GAO's audit of IRS' FY 2017 financial statements, IRS indicated that it had not yet implemented this recommendation. When IRS indicates that it has implemented this recommendation, we will review its actions.
    Director: Clark, Cheryl E
    Phone: (202)512-9377

    3 open recommendations
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to perform a risk assessment to determine the appropriate level of Integrated Data Retrieval System (IDRS) access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, a risk assessment was performed to determine the appropriate level of IDRS access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities. However, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to, based on the results of the risk assessment, update the Internal Revenue Manual (IRM) accordingly to specify the appropriate level of IDRS access that should be allowed for (1) remittance perfection technicians and (2) all other employee groups with IDRS access that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to restrict the use of certain IDRS command codes for remittance perfection technicians. In addition, in May 2016, IRS reassessed the risks at its TACs, including the specific risks and mitigating factors associated with allowing TAC employees to process taxpayer remittances and to adjust taxpayer accounts. However, IRS did not update the IRM to reflect the conclusions from the risk assessment related to TAC employees. Further, during our fiscal year 2016 audit, we identified a group of employees at an SCC who handle hard-copy taxpayer receipts and related sensitive taxpayer information and can make adjustments to taxpayer accounts. Based on the information obtained, it is unclear whether the risks associated with these employees were considered in a risk assessment. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to establish procedures to implement the updated IRM, including required steps to follow to prevent (1) remittance perfection technicians and (2) all other employee groups that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities from gaining access to command codes not required as part of their designated job duties.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As a result of its risk assessment efforts thus far, IRS updated the IRM to include procedures to restrict the use of certain IDRS command codes for remittance perfection technicians. However, the IRM has not been updated based on the results of the risk assessment related to TAC employees and, if applicable, other employees who have access to sensitive command codes and handle hard-copy taxpayer receipts and related sensitive information as part of their job duties. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Director: White, James R
    Phone: (202)512-5594

    2 open recommendations
    Recommendation: Congress may wish to consider instituting a penalty on non-material advisor promoters for failing to provide investor lists to IRS within a specified time period when requested, comparable to the 20-business-day requirement for material advisors.

    Agency: Congress
    Status: Open

    Comments: As of August 2017, we have not identified legislative action in the 114th or 115th Congress or any enacted legislation since 2011 amending section 6111 (disclosure of reportable transactions including the definition of a material advisor), section 6112 (requirement to keep lists of investors) or section 6708 (imposing the penalty for failure to maintain and provide lists to IRS).
    Recommendation: To improve reporting on the results of examinations on ATAT issues, the Commissioner of Internal Revenue should separately track the tax amounts recommended, assessed, and collected between ATAT issues and non-ATAT issues.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS has taken steps to check whether taxpayers filed all required ATAT-related disclosure obligations, but has not taken steps to track examination results for ATAT versus non-ATAT issues, as GAO recommended in May 2011. In July 2012, IRS told GAO that although it agreed with GAO's May 2011 recommendation, resource and capability constraints preclude it from capturing information in this way. In February 2013, IRS implemented a new indicator and matching process to regularly review whether taxpayers are meeting their ATAT-related filing obligations. Additionally, IRS developed a procedure to evaluate the completeness of ATAT-related disclosure forms and follow up on incomplete forms as necessary and updated the Internal Revenue Manual to reflect these changes. Developing and implementing these new processes and procedures will provide IRS with additional information for determining whether the disclosures are made as required and are complete. However, as of August 2017, IRS did not plan on taking any further actions on tracking examination results.
    Director: White, James R
    Phone: (202)512-5594

    1 open recommendations
    Recommendation: To ensure that IRS can adequately enforce certain tax provisions, Congress may wish to consider providing IRS with MEA to use tax return information from previous years to ensure that taxpayers do not improperly claim credits or deductions in excess of lifetime limits where applicable.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, Congress had not yet provided IRS with math error authority (MEA) to use tax return information from previous years to ensure that taxpayers do not improperly claim credits or deductions in excess of lifetime limits.
    Director: White, James R
    Phone: (202)512-5594

    2 open recommendations
    Recommendation: To understand the scope of the business nonfiler population, the Commissioner of Internal Revenue should estimate the magnitude of business nonfiling among businesses registered with IRS, using data from its operational files to select cases for further investigation. Based on the results of this work IRS should develop a tax gap estimate for the impact of business nonfiling insofar as doing so is cost-effective.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of August 2017, IRS said it did not plan to develop a partial estimate of the business nonfiler rate, as we recommended in August 2010. IRS reported that funding would likely be unavailable for it to do so using operational data. According to IRS, its existing operational data on business nonfilers are sufficient. However, even a partial estimate could give IRS additional information that would be useful in its strategic planning and help it determine what priority it should place on this type of noncompliance.
    Recommendation: To monitor the performance of business nonfiler activities, the Commissioner of Internal Revenue should set a deadline for developing data that can be used to measure the performance of the BMF CCNIP and its business nonfiler compliance activities overall.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS has determined that it does not have the necessary data that could be used to measure its business nonfiler efforts across the agency and that it therefore cannot set a deadline for developing such data, as GAO recommended in August 2010. According to IRS, developing such data would be prohibitively costly. Rather, as of August 2017, IRS plans to continue to use the data at the operating division level. Without going through the process of developing performance data, IRS is unable to know what data would aid in monitoring and evaluating its business nonfiler efforts. Absent cross-agency performance data, IRS is unable to fully understand the outcomes of its business nonfiler efforts.
    Director: Clark, Cheryl E
    Phone: (202)512-9521

    1 open recommendations
    Recommendation: The IRS should direct the appropriate IRS officials to establish procedures requiring that each physical security analyst conduct a periodic documented review of the Emergency Signal History Report and emergency contact list for its respective location to ensure that (1) appropriate corrective actions have been planned for all incidents reported by the central monitoring station and (2) the emergency contact list for each location is current and includes only appropriate contacts.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS's efforts to address this recommendation are ongoing. In August 2016, IRS updated the IRM to require that (1) corrective actions are planned for all incidents reported by the central monitoring station and (2) the emergency contact list for each location is current and includes only appropriate contacts. IRS stated that in fiscal year 2017 it will update procedures and provide training to employees to help ensure that the updates to the guidance are communicated to affected employees. We will continue to evaluate IRS's corrective actions during our fiscal year 2017 audit.
    Director: White, James R
    Phone: (202) 512-5594

    1 open recommendations
    Recommendation: Given the potential for improving compliance now and in the future, Congress may wish to provide IRS with the authority to use math error checks to identify and correct returns with ineligible (1) IRA "catch-up" contributions, and (2) contributions to traditional IRAs from taxpayers over age 70-1/2.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, the Congress has not provided IRS with the math error authority to ensure that taxpayers comply with certain catch-up and contributions requirements.
    Director: Clark, Cheryl E
    Phone: (202) 512-3000

    1 open recommendations
    Recommendation: To address other issues that may exist in IRS's master files that affect penalty calculations, the Commissioner of Internal Revenue should direct appropriate IRS officials to, in instances where programs are not functioning in accordance with the intent of the IRM, take appropriate action to correct the programs so that they function in accordance with the IRM.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: According to IRS, it had substantially completed its corrective actions to address 19 penalty programming issues it had identified from its internal assessment of penalty computation programs. However, as of September 30, 2016, IRS had not provided us with supporting documentation to validate that it completed the corrective actions. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 financial statement audit.