Recommendation: We recommend that the Director, DCMA, in collaboration with the Director, DCAA, develop a mechanism to monitor and assess whether contractor business systems reviews are being completed in a timely manner. (Recommendation 1)

Agency: Department of Defense: Defense Contract Management Agency
Status: Open

Comments: DCMA concurred with our recommendation and the department notified us in March 2019 that collaboration between DCMA and DCAA to develop a mechanism to increase oversight and improve management of contractor business system audits and determinations had begun. In September 2019, DCMA and DCAA provided lists of the business system reviews planned to be conducted during fiscal year 2020, showing that the data needed for oversight of all CBS reviews is available between the two agencies. Further, an April 2019 DCMA memorandum indicated that DCAA data on planned reviews for fiscal years 2019 and 2020 had been transferred to DCMA and that administrate contracting officers were to conduct risk assessments to identify additional reviews for DCAA to complete in the future. In August 2020, DCMA and DCAA specified the sources of the data provided earlier; DCAA data is collected through its strategic workload and resource initiative and inputted into the DCAA Management Information System while DCMA business system review data continues to be maintained by the functional offices responsible for those reviews. Both agencies stated that progress against planned reviews is tracked and status is reported to management at regular intervals. DCMA also noted a series of new tools designed to enhance surveillance of contractor business systems and implementation of corrective actions. These steps indicate progress towards increased insight into both the completion CBS review and the follow-up that occurs afterward. However It remains unclear to what extent data sharing between DCAA and DCMA to support CBS review planning has been formalized and will continue or the extent to which DCMA headquarters uses this data to assess implementation of its policies for the conduct of CBS reviews.

Recommendation: To improve the reliability of the information presented in the CFS budget statements, the Secretary of the Treasury should direct the Fiscal Assistant Secretary, working in coordination with the Controller of OMB's Office of Federal Financial Management, to establish and implement effective procedures for reporting amounts in the CFS budget statements that are fully consistent with the underlying information in significant federal entities' audited financial statements and other financial data.

Agency: Department of the Treasury
Status: Open
Priority recommendation

Comments: As of the completion of our fiscal year 2019 audit of the consolidated financial statements of the U.S. government (CFS), this recommendation remained open. Treasury continued to develop its budget deficit/surplus and cash reconciliation procedures. Specifically, Treasury performed a preliminary analysis on several federal entities' implementation of the new Statement of Federal Financial Accounting Standards No. 53, Budget and Accrual Reconciliation (BAR), and noted inconsistencies in the way each entity populated line items in the BAR. Treasury and OMB provided additional guidance for the BAR in OMB Circular No. A-136 and on the Treasury U.S. Standard General Ledger website, including a BAR crosswalk template. However, additional work is needed to reconcile line items to audited federal entity financial statements. We will follow-up on progress made by Treasury and OMB as part of our fiscal year 2020 CFS audit.

Recommendation: To improve the reliability of the information presented in the CFS budget statements, the Secretary of the Treasury should direct the Fiscal Assistant Secretary, working in coordination with the Controller of OMB's Office of Federal Financial Management, to establish and implement effective procedures for identifying and reporting all items needed to prepare the CFS budget statements.

Agency: Department of the Treasury
Status: Open
Priority recommendation

Comments: As of the completion of our fiscal year 2019 audit of the consolidated financial statements of the U.S. government (CFS), this recommendation remained open. Treasury continued to make improvements in fiscal year 2019 by implementing procedures, publishing guidance, and developing new transaction codes to improve the accounting for and reporting of General Fund transactions and balances that Treasury uses to compute the budget deficit reported in the consolidated financial statements. However, additional work is needed in determining the appropriate presentation for the reconciling items, which could affect the line items included. We will follow-up on progress made by Treasury and OMB as part of our fiscal year 2020 CFS audit.

Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to perform a risk assessment to determine the appropriate level of Integrated Data Retrieval System (IDRS) access that should be granted to employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities.

Agency: Department of the Treasury: Internal Revenue Service
Status: Open

Comments: IRS's actions to address this recommendation are ongoing. In October 2019, the functions within the Small Business/Self-Employed organization completed risk assessments to determine the appropriate level of Integrated Data Retrieval System (IDRS) access that should be granted to the employees who handle hard-copy taxpayer receipts and related sensitive taxpayer information as part of their job responsibilities. In addition, IRS officials stated that during fiscal year 2020, the Taxpayer Advocate Service organization, in coordination with the Information Technology organization, as necessary, will complete a risk assessment of all employee groups that handle hard-copy taxpayer receipts and related sensitive taxpayer information to determine the most appropriate level of IDRS access.

Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to, based on the results of the risk assessment, update the Internal Revenue Manual (IRM) accordingly to specify the appropriate level of IDRS access that should be allowed for (1) remittance perfection technicians and (2) all other employee groups with IDRS access that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities.

Agency: Department of the Treasury: Internal Revenue Service
Status: Open

Comments: IRS's actions to address this recommendation are ongoing. IRS officials stated that by October 2020, the Small Business/Self-Employed, Taxpayer Advocate Service, and Tax Exempt & Government Entities organizations will work with the Information Technology organization, as necessary, to ensure that the applicable Internal Revenue Manual section(s) are revised for any policy changes on (1) risk mitigation, including specifying the appropriate level of Integrated Data Retrieval System access that should be allowed and (2) risk acceptance for affected employee groups, as needed.

Recommendation: The Acting Commissioner of Internal Revenue should direct the appropriate IRS officials to establish procedures to implement the updated IRM, including required steps to follow to prevent (1) remittance perfection technicians and (2) all other employee groups that handle hard-copy taxpayer receipts and related sensitive information as part of their job responsibilities from gaining access to command codes not required as part of their designated job duties.

Agency: Department of the Treasury: Internal Revenue Service
Status: Open

Comments: IRS's actions to address this recommendation are ongoing. IRS officials stated that by October 2020, the Small Business/Self-Employed, Taxpayer Advocate Service, and Tax Exempt & Government Entities organizations will work with the Information Technology organization, as necessary, to establish procedures to prevent affected employees from gaining access to command codes not required as part of their designated job duties, as needed.

Recommendation: The Commissioner of the IRS should direct the appropriate IRS officials to revise the post orders for the service center campuses (SCC) and lockbox bank security guards to include specific procedures for timely reporting exterior lighting outages to SCC or lockbox bank facilities management. These procedures should specify (1) whom to contact to report lighting outages and (2) how to document and track lighting outages until resolved.

Agency: Department of the Treasury: Internal Revenue Service
Status: Open

Comments: IRS's actions to address this recommendation are ongoing. IRS officials stated that during fiscal year 2020, Facilities Management and Security Services (FMSS) will update the Internal Revenue Manual to reflect the necessary guidance for service center guards and FMSS physical security specialists to know (1) whom the guards are to contact to report lighting outages and (2) how lighting outages are to be documented and tracked until resolved.