This is the accessible text file for GAO report number GAO-14-70 entitled 'Inspectors General: A Sample of the Treasury IG for Tax Administration's Audits Were Generally Consistent with Standards, but Additional Review Could Address Exceptions' which was released on May 30, 2014. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to the Chairman, Committee on Finance, U.S. Senate: May 2014: Inspectors General: A Sample of the Treasury IG for Tax Administration's Audits Were Generally Consistent with Standards, but Additional Review Could Address Exceptions: GAO-14-70: GAO Highlights: Highlights of GAO-14-70, a report to the Chairman, Committee on Finance, U.S. Senate. Why GAO Did This Study: Congressional committees and IRS rely on TIGTA's work to help improve the government's tax programs. GAO was asked to review the quality of audits issued by TIGTA. GAO's objectives were to determine the extent that TIGTA's (1) audit plans were consistent with CIGIE standards for planning and provided audit coverage of IRS and (2) audit policies and procedures were consistent with Government Auditing Standards, and a sample of audits were consistent with these standards and TIGTA's policies. To address these objectives, for fiscal year 2012, GAO compared TIGTA's audit plans with CIGIE's Quality Standards for Federal Offices of Inspector General and reviewed documentation related to TIGTA's audit coverage. GAO also compared TIGTA's policies with selected requirements of Government Auditing Standards and compared a random, nongeneralizable sample of 20 TIGTA audits to selected requirements of the standards and TIGTA's policies. What GAO Found: The Treasury Inspector General for Tax Administration's (TIGTA) strategic audit plan for fiscal years 2009 through 2014 and annual audit plan for fiscal year 2012 were consistent with the Council of the Inspectors General on Integrity and Efficiency's (CIGIE) planning guidance, including consideration of risk and coordination. TIGTA's plans included priorities related to risks; the concerns of stakeholders, including Internal Revenue Service (IRS) executives; coordination with GAO and the Congress; and consideration of the prevention and detection of fraud threats to IRS. GAO also determined that the 94 audit reports issued by TIGTA during fiscal year 2012 were either specifically identified in TIGTA's fiscal year 2012 annual plan or were consistent with audit issues covered by the plan. In addition, TIGTA's audits provided oversight of IRS's major programs and activities, high-risk areas identified by GAO, and the agency's management challenges as determined by TIGTA. TIGTA's audit policies and procedures are contained in its Operations Manual. GAO found that TIGTA's audit policies and procedures were consistent with selected requirements of Government Auditing Standards. Also, GAO's review of a random, nongeneralizable sample of 20 TIGTA audits completed in fiscal year 2012 found that the audits were generally consistent with selected requirements of Government Auditing Standards and TIGTA's policies and procedures, with the following exceptions. * The audits GAO sampled were consistent with auditing standards for documented supervision, but not all of the audit documentation had documented supervisory review within 30 days of completion as required by TIGTA's Operations Manual. Specifically, 9 of the 20 reports had a total of 86 audit documents with supervisory review documented after the 30-day requirement. Exceptions to TIGTA's policy on the timeliness of documented supervisory review of audit documentation had been previously identified by both TIGTA's internal quality assurance reviews and the most recent peer review performed by another office of inspector general. TIGTA has taken steps to reinforce adherence to the audit documentation policy that if properly implemented should help to ensure timely documented supervisory review. * In two audit reports, specific statements were not fully supported by sufficient evidence. In one instance, TIGTA reported using a judgmental sample of IRS organizations, which cannot be projected to the population, as support for a conclusion about the relative ability of IRS organizations to implement best practices. In another instance, TIGTA did not have sufficient evidence in the report and audit documentation to support the reported potential for $21 billion in fraudulent tax refunds because of identity theft and the reported cost savings that could result from its audit recommendation. TIGTA's policies and procedures do not include a review of audit reports by staff members trained in the use of statistics and related data analyses. Such a review by qualified individuals would help to ensure that the conclusions are reported correctly and supported by sufficient evidence as specified by auditing standards. What GAO Recommends: To help ensure audit conclusions are reported correctly and supported by sufficient evidence, GAO recommends that TIGTA develop and implement policies and procedures requiring a review of draft audit reports by individuals trained and qualified to assess the use of statistical and related data analyses. In comments on a draft of this report, the TIGTA Inspector General agreed with GAO's recommendation, but disagreed that specific TIGTA report conclusions were not fully supported. GAO reaffirmed its findings. View [hyperlink, http://www.gao.gov/products/GAO-14-70]. For more information, contact Beryl H. Davis at (202) 512-2623 or davisbh@gao.gov. [End of section] Contents: Letter: Background: TIGTA's Planning Process Was Consistent with CIGIE Standards and Provided Audit Coverage of IRS: TIGTA's Audit Policies and Sampled Reports Were Generally Consistent with Standards, but Additional Review Could Address Exceptions: Conclusions: Recommendation for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Sample of 20 Audit Reports Issued by TIGTA in Fiscal Year 2012 Selected for Review: Appendix III: Comments from the Treasury Inspector General for Tax Administration: Appendix IV: GAO Contact and Staff Acknowledgments: Figures: Figure 1: TIGTA Organization Chart: Figure 2: Fiscal Year 2012 Audit Reports Issued by TIGTA's Business Units: Figure 3: Audit Coverage of Divisions and Offices Responsible for IRS's Major Programs and Activities in Fiscal Year 2012: Figure 4: High-Risk Areas Addressed by TIGTA's Fiscal Year 2012 Audits: Figure 5: IRS's Management Challenges Addressed by Fiscal Year 2012 Audits: Abbreviations: CIGIE: Council of the Inspectors General on Integrity and Efficiency: GSA: General Services Administration: IG: Inspector General: IRS: Internal Revenue Service: OIG: Office of the Inspector General: TIGTA: Treasury Inspector General for Tax Administration: [End of section] United States Government Accountability Office: GAO: 441 G St. N.W. Washington, DC 20548: May 16, 2014: The Honorable Ron Wyden: Chairman: Committee on Finance: United States Senate: Dear Mr. Chairman: The Internal Revenue Service (IRS) administers the nation's tax laws and collects the revenues that fund most of the federal government's operations and public services. For fiscal year 2012, IRS collected over $2.5 trillion in tax revenue and reported processing more than 237 million tax returns. The Inspector General Act of 1978 (IG Act) created offices of inspectors general (IG) at major departments and agencies to prevent and detect fraud and abuse in their departments' and agencies' programs and operations; conduct and supervise independent audits and investigations; and recommend policies to promote economy, efficiency, and effectiveness.[Footnote 1] The Treasury Inspector General for Tax Administration (TIGTA) was established by the Internal Revenue Service Restructuring and Reform Act of 1998, which amended the IG Act to include an independent IG to provide oversight of IRS's activities, programs, and offices.[Footnote 2] Congressional committees and IRS rely on TIGTA's work to help make decisions to improve the effectiveness and efficiency of the government's tax programs. This report responds to your request that we review the quality of audits issued by TIGTA. Specifically, our objectives were to determine the extent to which TIGTA's (1) audit planning process was consistent with quality standards[Footnote 3] established by the Council of the Inspectors General on Integrity and Efficiency (CIGIE),[Footnote 4] and whether the resulting audits addressed IRS's major programs and activities, high-risk areas, and management challenges, and (2) audit policies and procedures were consistent with selected requirements of Government Auditing Standards, and whether a sample of TIGTA's audits were consistent with selected requirements of Government Auditing Standards and TIGTA's policies and procedures.[Footnote 5] To review TIGTA's audit planning process, we compared TIGTA's 6-year strategic plan for fiscal years 2009 through 2014 and its fiscal year 2012 annual plan with requirements of CIGIE's quality standards for planning to determine if they were consistent. To determine the extent of TIGTA's audit coverage, we compared the results of TIGTA's fiscal year 2012 audits with the divisions and offices responsible for IRS's major programs and activities, high-risk areas, and management challenges. To determine whether TIGTA's audit policies and procedures as provided in its Operations Manual[Footnote 6] were consistent with requirements[Footnote 7] in Government Auditing Standards, we focused on those requirements that are most likely to have a direct bearing on the quality of the audit documentation used to support the findings, conclusions, and recommendations in audit reports, as well as requirements for independence and quality control and assurance. [Footnote 8] In addition, we reviewed a random, nongeneralizable sample of 20 audits from a total of 94 audits issued by TIGTA's four business units in its Office of Audit during fiscal year 2012 and their underlying documentation to identify support for the reported findings, conclusions, and recommendations, and determine whether the audits were consistent with selected requirements of Government Auditing Standards and TIGTA's audit policies and procedures. For additional details on our scope and methodology, see appendix I. We conducted this performance audit from January 2013 to May 2014 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We obtained comments on a draft of this report from the TIGTA Inspector General, which are reprinted in appendix III. A summary of the Inspector General's comments and our response are presented in the Agency Comments and Our Evaluation section of this report. Background: IRS completes its mission through four operating divisions: (1) Wage and Investment, (2) Large Business and International, (3) Small Business/Self-Employed, and (4) Tax Exempt and Government Entities. Additional offices provide IRS and taxpayer support, including the Office of Chief Counsel, the Taxpayer Advocate Service, Criminal Investigation, Appeals, and the Return Preparer Office. TIGTA is placed organizationally within the Department of the Treasury (Treasury) and reports directly to the Secretary of the Treasury, but functions independently from all other offices and bureaus of the department. The IG Act requires that IG offices, including TIGTA, perform audits in compliance with Government Auditing Standards established by the Comptroller General. These standards provide a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and to help improve government operations and services. In addition, the standards provide the foundation for government auditors to lead by example in the areas of independence, transparency, accountability, and quality through the audit process. Also, CIGIE's Quality Standards for Offices of Inspector General provides general standards for the IGs, including TIGTA, to follow for effective planning. As illustrated in figure 1, TIGTA consists of the Office of the Inspector General (OIG) and the offices of Audit, Investigations, Inspections and Evaluations, Mission Support, and Information Technology; the Chief Counsel; and the IG's Counselor. The Office of Audit includes four business units and a support unit for Management Planning and Workforce Development. The business units address audits of the corresponding IRS functions for tax-exempt organizations, information technology, compliance and enforcement operations, and returns processing and account services. Figure 1: TIGTA Organization Chart: [Refer to PDF for image: organization chart] Top level: Inspector General, Principal Deputy Inspector General: * Chief Counsel; * Counselor. Second level: reporting to Inspector General, Principal Deputy Inspector General: * Office of Audit: - Management Services and Exempt Organizations; - Security and Information Technology; - Management Planning and Workforce Development; - Compliance and Enforcement Operations; - Returns Processing and Account Services; * Office of Inspections and Evaluations; * Mission Support; * Office of Investigations; * Office of Information Technology. Source: TIGTA. [End of figure] TIGTA's policies and procedures include guidance on measuring the monetary accomplishments of audit reports through outcome measures, which are defined by the IG Act to include any savings amounts and additional measures of quantifiable impact defined by TIGTA. The IG Act requires IG offices, including TIGTA, to provide semiannual reports to the Congress on their activities. These reports include any potential savings amounts resulting from recommendations that funds be put to better use.[Footnote 9] TIGTA's policies encourage auditors to quantify the impact of reported issues and the magnitude of recommended corrective actions through outcome measures, including funds to be put to better use, that assess the impact or value that audits have on tax administration or business operations. According to TIGTA's policies and procedures, outcome measures are to be quantifiable to the maximum extent possible, linked directly to the audit findings based on transaction or case analyses or statistical projections, and expressed in monetary or other measurable units. In fiscal year 2012, TIGTA had total budgetary resources of approximately $155 million and full-time equivalent staff of 807. TIGTA reported having 271 audit staff on board at the end of fiscal year 2012 with the remaining staff in investigative, administrative, and specialist positions. For fiscal year 2012, TIGTA issued 94 audit reports that reported approximately $22 billion in potential savings to the government based on the reports' recommendations and about $584 million in additional quantifiable impact. About $21 billion, or approximately 95 percent of TIGTA's reported potential savings for fiscal year 2012, came from one report.[Footnote 10] In fiscal years 2010 and 2011, TIGTA reported potential savings from audits of $2.8 billion and $7.4 billion, respectively. TIGTA's Planning Process Was Consistent with CIGIE Standards and Provided Audit Coverage of IRS: TIGTA's planning process was consistent with the general standards in CIGIE's Quality Standards for Federal Offices of Inspector General, and provided audits that addressed IRS's major programs and activities, high-risk areas, and management challenges. CIGIE's quality standards serve as an overall quality framework for managing, operating, and conducting the work of the offices of inspectors general and include general standards on planning and coordinating their efforts. Specifically, the CIGIE standards include a planning system that assesses the nature, scope, and inherent risks of agency programs and operations and includes a methodology and process for identifying and prioritizing agency programs and operations as potential subjects for audit. In addition, the methodology should be designed to use the most effective combination of OIG resources, including previous OIG work and input from OIG staff. Also, the CIGIE standards state that through coordination, the OIG should consider the plans of other organizations both internal and external to the agency and develop a strategy to identify the causes of fraud, waste, abuse, and mismanagement. Consistency with CIGIE's Quality Standards for Planning: We determined that TIGTA's audit planning process was consistent with CIGIE's standards based on its use of (1) risk assessments; (2) prioritization of audit subjects; (3) coordination with other organizations; and (4) attention to potential fraud, waste, and abuse. In addition, we determined that the 94 audit reports issued by TIGTA during fiscal year 2012 were either specifically identified in TIGTA's fiscal year 2012 annual audit plan or were consistent with audit issues and areas covered by the plan. To develop its 6-year strategic plan for fiscal years 2009 through 2014, TIGTA's Office of Audit used a risk-assessment strategy within its core business units. TIGTA identified the major risks facing IRS, prioritized the risks, and included both risk-based and mandated audits in the strategic plan. TIGTA's strategic plan is an overall guide that provides focus and contributes to the results of the annual planning process. For example, TIGTA's annual audit plan for fiscal year 2012 was developed based on identified risks, stakeholder concerns, and follow-up reviews of previously audited areas with significant control weaknesses. To receive input for both the strategic and annual plans, TIGTA kept apprised of operating conditions and emerging issues through coordination throughout Treasury. To illustrate, staff in the Office of Audit maintained liaison and working contact with applicable IRS staff at the IRS Oversight Board, the National Taxpayer Advocate, and additional Treasury offices through meetings and electronic mail correspondence, which resulted in specific requests for audits.[Footnote 11] TIGTA's strategic plan and annual audit plan also included input from stakeholders external to Treasury. For example, TIGTA coordinates its audits with GAO and congressional staff and is a member of CIGIE, which considers issues common to all federal IGs. The Inspector General has also participated as a member of the Comptroller General's Domestic Working Group, which considers oversight issues throughout the federal government.[Footnote 12] As a result of input from IRS and Treasury officials and from external stakeholders, TIGTA's strategic plan for fiscal years 2009 through 2014, and its annual audit plan for fiscal year 2012, include new provisions established by health care reform legislation, the acceleration of globalization of tax issues, high-risk areas identified by GAO, and major management and performance challenges faced by IRS. In addition, TIGTA's strategic plan and the annual audit plan for fiscal year 2012 both included as priorities (1) the improvement of IRS operations by detecting and deterring fraud, waste, and abuse or misconduct by IRS employees and (2) the protection of IRS resources and employees from external threats to tax administration. Both the strategic and annual audit plan addressed issues associated with IRS operations, including the detection and investigation of fraud and electronic crime, such as phishing,[Footnote 13] with the fraudulent use of the IRS name and symbols; procurement fraud; and taxpayer privacy violations. Audit Coverage of IRS: We determined that for fiscal year 2012, TIGTA provided audit coverage of IRS's major programs and activities, high-risk areas as reported by GAO, and management challenges as identified by TIGTA. IRS program coverage. During fiscal year 2012, TIGTA's Office of Audit provided audit coverage of the divisions and offices responsible for IRS's major programs and activities through its four business units for (1) Returns Processing and Account Services, (2) Compliance and Enforcement Operations, (3) Management Services and Exempt Organizations, and (4) Security and Information Technology Services. Figure 2 illustrates the number of audit reports issued by each TIGTA business unit in fiscal year 2012. Figure 2: Fiscal Year 2012 Audit Reports Issued by TIGTA's Business Units: [Refer to PDF for image: horizontal bar graph] Number of audit reports: Compliance and Enforcement Operations: 29; Returns Processing and Account Services: 28; Management Services and Exempt Organizations: 22; Security and Information Technology: 15. Source: GAO analysis of TIGTA semiannual report information. [End of figure] The audits completed by TIGTA's business units addressed programs and activities in each major IRS division and office to a varying degree during fiscal year 2012, as shown in figure 3. Figure 3: Audit Coverage of Divisions and Offices Responsible for IRS's Major Programs and Activities in Fiscal Year 2012: [Refer to PDF for image: vertical bar graph] Number of reports: Wage and Investment: 29; Small Business and Self-Employed: 27; Chief Technology Officer: 15; Operations Support/Services and Enforcement: 15; Tax Exempt & Government Entities: 9; Human Capital Officer: 6; Return Preparer Office/Whistleblower Office: 6; Chief Financial Officer: 5; Criminal Investigations: 4; Large Business and International: 3; Privacy, Government Liason and Disclosure: 2; Taxpayer Advocate Service: 2; Appeals Officer: 2; General Counsel: 2. Source: GAO analysis of TIGTA's fiscal year 2012 audit reports. Note: TIGTA issued a total of 94 audit reports in fiscal year 2012 that either addressed a single IRS division or office or several divisions and offices. Consequently, the total audits listed for coverage of IRS components is greater than 94. [End of figure] For example, 29 audits addressed the Wage and Investment Division while 3 audits addressed issues affecting the Large Business and International Division. TIGTA officials stated that the relatively low number of audit reports that addressed the activities of the Large Business and International Division was due to the more complex nature of the audits and the additional time needed to complete the audit work. TIGTA provided a listing of additional audits of the Large Business and International Division that were ongoing during fiscal year 2012 but were completed in the next fiscal year.[Footnote 14] High-risk coverage. TIGTA's fiscal year 2012 audit reports provided oversight coverage of IRS's high-risk areas identified by GAO. Since 1990, we have periodically reported on government operations that we have designated as high risk because of their greater vulnerabilities to fraud, waste, abuse, and mismanagement as well as challenges to economy, efficiency, or effectiveness. In February 2011, we reported two high-risk areas that apply specifically to IRS and three additional high-risk areas that apply to IRS and other federal agencies and departments government-wide.[Footnote 15] Specific to IRS, we reported that the enforcement of tax laws is vital to ensuring that all owed taxes are paid, which in turn can promote voluntary compliance by giving taxpayers confidence that others are paying their fair share. This high-risk area includes IRS's efforts to ensure payment both of unpaid taxes known to IRS and unpaid taxes IRS has not detected. Another high-risk area specific to IRS during our review period was business systems modernization, which is a multibillion dollar highly complex effort that involves the development and delivery of a number of modernized tax administration and internal management systems, including financial management, as well as core infrastructure projects that are intended to replace the agency's aging business and tax processing systems.[Footnote 16] Government-wide high-risk areas identified by GAO that also apply to IRS are (1) protecting the federal government's information systems and the nation's cyber critical infrastructure, (2) managing real property, and (3) strategic human capital management. Federal information security has been on the high-risk list since 1997, with cyber critical information protection added in 2003. Regarding real property, federal agencies continue to face long-standing problems, such as overreliance on leasing, excess and underutilized property, and issues related to protecting federal facilities. Strategic human capital management also remains a high-risk area because of a need to address current and emerging critical skills gaps that are undermining agencies' abilities to meet their vital missions. As shown in figure 4, TIGTA's fiscal year 2012 audits addressed these high-risk areas. Figure 4: High-Risk Areas Addressed by TIGTA's Fiscal Year 2012 Audits: [Refer to PDF for image: vertical bar graph] Number of audit reports: Enforcement of tax laws: 50; IRS business systems modernization: 9; Protecting information systems and cyber infrastructures: 5; Strategic human capital management: 3; Managing federal real property: 1. Source: GAO analysis of TIGTA's fiscal year 2012 audit reports. [End of figure] Management challenges coverage. TIGTA's fiscal year 2012 audit reports provided oversight coverage of major management challenges. The federal IGs began the identification of management challenges in 1997 at the request of Members of the Congress, who asked the IGs to identify the most serious management problems within their respective agencies and departments. This began a yearly process that continues as a result of the Reports Consolidation Act of 2000.[Footnote 17] The act requires executive agencies to include their IGs' lists of significant management challenges in their annual performance and accountability reports to the President, the Office of Management and Budget, and the Congress. This information is reported by Treasury in its annual agency financial report, which includes IRS's management challenges as identified by TIGTA.[Footnote 18] A number of our high-risk areas are the same as, or similar to, the IRS management challenges identified by TIGTA for fiscal year 2012. These include the high-risk area of enforcement of tax laws, which is similar to the TIGTA-identified management challenges of tax compliance initiatives and fraudulent claims and improper payments. In addition, TIGTA ranked the security of taxpayer data as the top IRS management challenge and identified IRS's business systems modernization as a management challenge, which are consistent with the high-risk areas of protecting government information and IRS business systems modernization. In addition, strategic human capital management is a high-risk area across the federal government and was identified by TIGTA as a management challenge at IRS. Additional management challenges identified by TIGTA that are not directly included as high- risk areas are (1) providing quality taxpayer service, (2) taxpayer protection and rights, (3) achieving efficiencies and cost savings, and (4) the globalization of the international financial system. Figure 5 shows the number of audits TIGTA provided for the management challenges it identified in fiscal year 2012. Figure 5: IRS's Management Challenges Addressed by Fiscal Year 2012 Audits: [Refer to PDF for image: vertical bar graph] Number of audit reports: Tax compliance initiatives: 26; Fraudulent claims and improper payments: 17; Providing quality taxpayer service operations: 14; Taxpayer protection and rights: 13; Modernization of IRS: 9; Security for taxpayer data and employees: 9; Achieving program efficiencies and cost savings: 7; Implementing major tax law changes: 6; Human capital: 4; Globalization: 0. Source: GAO analysis of TIGTA's fiscal year 2012 audit reports. Note: TIGTA issued a total of 94 audit reports in fiscal year 2012 that either addressed a single management challenge or more than one management challenge. Consequently, the total audits listed for coverage of IRS's management challenges is greater than 94. [End of figure] All management challenges were addressed by TIGTA's fiscal year 2012 audits except for globalization issues. However, TIGTA did complete an audit of globalization issues in fiscal year 2011,[Footnote 19] and had five ongoing audits related to these issues during fiscal year 2012.[Footnote 20] In addition, TIGTA planned to address additional globalization issues in eight audits included in the fiscal year 2013 annual audit plan. TIGTA's Audit Policies and Sampled Reports Were Generally Consistent with Standards, but Additional Review Could Address Exceptions: TIGTA's audit policies and procedures were consistent with selected requirements of Government Auditing Standards that we determined are most likely to have a direct bearing on the quality of the audit documentation used to support the findings, conclusions, and recommendations in audit reports, as well as requirements for independence and quality control and assurance. Also, our review of a random, nongeneralizable sample of 20 TIGTA audit reports issued in fiscal year 2012 found that they were generally consistent with Government Auditing Standards and TIGTA's policies and procedures, with some exceptions. (See app. II for a listing of the sampled audit reports.) Specifically, while the sampled audits were consistent with the requirements of Government Auditing Standards for documented supervisory review, not all of these sampled audits fully met TIGTA's policy for the timely documentation of supervisory sign-off. Also, two audit reports had specific statements that were not fully supported by sufficient, documented evidence. TIGTA's body of audit work completed in fiscal year 2012 consisted of performance audits.[Footnote 21] Government Auditing Standards define performance audits as audits that provide findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteria. Performance audits provide objective analysis to assist management and those charged with governance and oversight in using the information to improve program performance and operations, reduce costs, facilitate decision making by parties with responsibility to oversee, initiate corrective action, and contribute to public accountability. Government Auditing Standards provide generally accepted government auditing standards for financial audits, performance audits, and attestation engagements--which can cover a broad range of objectives. These standards are principle based and intended to be general in nature and, as such, permit flexibility in developing and implementing policies and procedures for ensuring adherence with the standards. TIGTA's Operations Manual provides policies and procedures for the audit staff to follow in order to perform their work consistent with professional auditing standards, including specific paragraphs from Government Auditing Standards, as well as guidance on these standards to help ensure compliance. Our review focused on selected requirements of the standards related to independence; quality control and assurance; audit planning; internal control; obtaining sufficient, appropriate evidence; data reliability; elements of a finding; documentation; reporting auditor's compliance with auditing standards; and reporting views of responsible officials. For each requirement we reviewed, we found corresponding sections and guidance in TIGTA's Operations Manual. In addition, for each sampled audit we were able to identify the extent of the documented support for each of the selected requirements as well as the actions taken by TIGTA to help ensure compliance with Government Auditing Standards. Independence: Government Auditing Standards require that in all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, must be independent.[Footnote 22] TIGTA's Operations Manual cites this specific requirement and states that if TIGTA is to be effective, it must be independent and its opinions, conclusions, judgments, and recommendations must be viewed as being impartial by knowledgeable third parties. TIGTA's policy requires compliance with the conceptual framework approach to independence as contained in Government Auditing Standards. One of TIGTA's specific procedures to help ensure independence requires each professional staff member to acknowledge his or her responsibility to report any current or future independence impediment by annually completing the Office of Audit's Personal Impairment Form. We confirmed that each TIGTA staff member required to do so had signed the form in fiscal year 2012 acknowledging responsibility to report any independence impairments regarding audits of IRS, which was consistent with auditing standards and TIGTA's policies and procedures. Quality Control and Assurance: Quality control and assurance standards require an audit organization to establish and maintain a system of quality control that is designed to provide reasonable assurance that the organization and its personnel comply with professional standards and applicable legal and regulatory requirements, and have an external peer review performed by reviewers independent of the audit organization at least once every 3 years.[Footnote 23] TIGTA's Operations Manual requires timely supervisory review of audit documentation to help ensure compliance with auditing standards, internal quality assurance reviews of each TIGTA business unit every 3 years, and an external peer review of TIGTA's audit operations every 3 years by another federal OIG. Based on our review of 20 sampled reports, all had documented supervision consistent with auditing standards. However, not all audit documentation supported that supervisory review had occurred within 30 days of completion of the audit documents as required by TIGTA's Operations Manual. Specifically, 9 of the 20 reports had a total of 86 audit documents with supervisory review documented after the 30-day requirement. Nevertheless, all the audit documentation indicated that supervisory review occurred prior to the report issue date.[Footnote 24] Exceptions to TIGTA's policy on the timeliness of documented supervisory review of audit documentation had been previously identified by TIGTA's internal quality assurance reviews and the most recent peer review performed by another IG office. TIGTA completed four internal quality assurance reviews during fiscal years 2011 and 2012 that covered all four of the business units in the Office of Audit to determine each unit's level of compliance with professional standards. Each report concluded that the audit activities were conducted in compliance with auditing standards but had recommendations to strengthen adherence to TIGTA's policies and procedures. Specifically, all four reviews made recommendations for more timely documentation of supervisory review within the time frames provided by TIGTA's audit policies and procedures. The corrective actions by each business unit varied from emphasizing better implementation of TIGTA's policies and procedures through memorandums, to certification by audit supervisors of their review and quality checklists to help ensure that the audit documentation adheres to office guidance. In addition, the General Services Administration Office of Inspector General (GSA OIG) performed a peer review of TIGTA's audit quality for the year ended March 31, 2012, and issued its report--with a rating of pass--on September 25, 2012.[Footnote 25] The GSA OIG reported that four audits contained 322 instances where the audit documentation had documented supervisory review in a time frame beyond the 30-calendar- day review requirement in TIGTA's policies and procedures. The GSA OIG recommended that TIGTA reinforce the importance of timely preparation and review of audit documentation supporting the audit in conformance with its stated policy. TIGTA agreed with the recommendation and added to the corrective actions already taken to address the recommendations from TIGTA's internal quality assurance reviews mentioned above. TIGTA's continued actions to address the peer review recommendation, if effectively implemented, should help to ensure that audit documentation will receive the required timely documentation of supervision in accordance with its stated supervisory review policy. Audit Planning: Auditing standards require a written audit plan for each audit. The form and content of the written audit plan may vary among audits and may include an audit strategy, audit program, project plan, or other appropriate documentation of key decisions about the audit objectives, scope, and methodology and the auditor's basis for those decisions. [Footnote 26] TIGTA's Operations Manual also requires that audit plans be documented and include the objectives, scope, and methodology. For the 20 TIGTA audits included in our review, the documented audit plans were located in the audit documentation and addressed the objectives, scope, and methodology for each audit. Internal Control: Auditing standards on internal control require auditors to obtain an understanding of internal controls that are significant within the context of the audit objectives.[Footnote 27] TIGTA's Operations Manual includes guidance to auditors that when evaluating internal controls, significant weaknesses found are to be considered deficiencies and identified in the audit report. In addition, controls that were reviewed should be identified to the extent necessary to clearly present the objectives, scope, and methodology of the audit. Our review of the 20 TIGTA audit reports found that each report identified the internal controls significant to the objectives of the audit and any weaknesses identified. Obtaining Sufficient, Appropriate Evidence: The fieldwork standards for performance audits require auditors to obtain sufficient, appropriate evidence to provide a reasonable basis for their findings and conclusions. In addition, the reporting standards state that auditors should describe in their report limitations or uncertainties with the reliability or validity of evidence if significant to the findings and conclusions, and if such disclosure is necessary to avoid misleading the report users.[Footnote 28] Both auditing standards and TIGTA's Operations Manual state that auditors should plan for sufficient, appropriate evidence to achieve the objectives of the audit. In addition, both state that auditors should perform and document an overall assessment of collective evidence to support the findings and conclusions, and include the results of any specific assessment to conclude on the validity and reliability of specific evidence. Also, both auditing standards and TIGTA's policies state that when reporting the scope of the audit, auditors should describe the audit work conducted to accomplish the audit objectives and should report any significant constraints imposed on the audit by data limitations or scope impairments. TIGTA's policies also encourage auditors to quantify the impact of reported issues and the magnitude of recommended corrective actions through outcome measures to the maximum extent possible. Within our sample of TIGTA's audit reports and the related audit documentation, TIGTA's audits generally had sufficient and appropriate evidence to provide a reasonable basis for the reported findings, conclusions, and recommendations with the exception of two audit reports that had specific reported conclusions that were not consistent with requirements regarding evidence in Government Auditing Standards. In the first instance, a TIGTA report addressing the IRS process used to integrate new employees reported, among other issues, that the process could be improved if additional measures and analyses were included in IRS's new employee questionnaire.[Footnote 29] We found sufficient and appropriate evidence to support this conclusion. However, an additional statement in the report concluded that some organizations within IRS had implemented best practices to integrate new employees better than others. According to the report and supporting audit documentation, this conclusion was based on the results of a questionnaire that was sent to a judgmental sample of new employees in different IRS organizations. A judgmental sample is a nonstatistical sample, the results of which cannot be used to project to the population. According to TIGTA's Operations Manual, these results cannot be projected or generalized to make such a conclusion. TIGTA officials stated that the report incorrectly stated that a judgmental sample was used when the sample was actually representative of the different IRS organizations and that the statement regarding their relative ability to implement best practices was appropriate. However, the audit documentation did not support that the sample was in fact representative of the population. In the second report, TIGTA reported that approximately 1.5 million tax returns with refunds in excess of $5.2 billion for tax year 2010 had characteristics of prior tax returns found to be fraudulent because of identity theft.[Footnote 30] TIGTA's audit documentation provided sufficient evidence to support this conclusion. However, neither the report nor the audit documentation included sufficient evidence to fully support additional report conclusions that IRS (1) potentially issued $5.2 billion in fraudulent tax refunds because of identity theft, (2) could potentially issue about $21 billion in fraudulent tax refunds resulting from identity theft as adjusted by IRS's efforts over the next 5 years to better eliminate fraudulent returns, and (3) could potentially save $21 billion in funds to be put to better use if TIGTA's recommendations were implemented. TIGTA's report and audit documentation did not provide information on the extent to which the identified tax returns with such characteristics can be expected to be fraudulent or the extent to which the possible fraud could be attributed to identity theft. The report did use "potential" to refer to the report conclusions regarding the extent of undetected identity theft, but did not describe why this was only potential or what factors may limit the full amount of identity theft from being known. Also, without knowing the extent to which fraud characteristics associated with prior tax returns can successfully predict future fraudulent tax returns because of identity theft, the reported potential amount of $21 billion resulting from identity theft cannot be reliably estimated. In addition, the report title--There Are Billions of Dollars in Undetected Tax Refund Fraud Resulting from Identity Theft--stated the reported information as a certainty while, as discussed above, the reported dollar amount of identity theft was not sufficiently supported by evidence. The report title, therefore, was inconsistent with the body of the report and could cause users of the report to assume that billions of dollars in undetected identity theft fraud had actually been identified. In its semiannual report for the period, TIGTA reported the $21 billion amount as "funds to be put to better use." This amount was then included in the total accumulated "funds to be put to better use" reported by all the federal IGs in CIGIE's annual Progress Report to the President Fiscal Year 2012.[Footnote 31] For fiscal year 2012, CIGIE reported approximately $62 billion in "funds to be put to better use," which are potential cost savings resulting from efficiencies recommended by all the federal statutory IG offices. TIGTA's reported amount of $21 billion made up about a third of this total. TIGTA's Operations Manual includes a required review process specifying review by TIGTA management and quality assurance officials directed at ensuring that the audit findings and conclusions are reported correctly. Both of the TIGTA reports we identified as not having sufficient evidence to fully support reported conclusions had followed TIGTA's report review process. However, neither TIGTA's review of these reports nor the Operations Manual included specific procedures for a detailed review of the draft audit reports by individuals trained and qualified to assess the validity and reliability of report statements, findings, and conclusions derived from statistical and other related data analyses. Such individuals could help to ensure that the results are properly reported, including any limitations or uncertainties, and report statements are fully supported by sufficient and documented evidence. Data Reliability: Auditing standards state that auditors should assess the sufficiency and appropriateness of computer-processed information regardless of whether this information is provided to auditors or auditors independently extract it. The assessment of the sufficiency and appropriateness of computer-processed information includes considerations regarding the completeness and accuracy of the data for the intended purposes.[Footnote 32] TIGTA's Operations Manual states that if computer-processed data are used or included in the audit report, the report must discuss the reliability of the data and report the scope and results of any assessment. The Operations Manual also requires that the data sources and the methods used to determine data reliability be clearly stated in each report. Also, if data reliability could not be determined, or was not established to the extent normally desired, the report should contain a clear statement to that effect, including the impact on the audit results. Each of the 20 TIGTA reports that we reviewed contained information on the extent of reliance on computer-processed data and a discussion of the reliability of the data. Elements of a Finding: Auditing standards state that auditors should plan and perform procedures to develop the elements of a finding necessary to address the audit objectives. In addition, if auditors are able to sufficiently develop the elements of a finding, they should develop recommendations for corrective action if they are significant within the context of the audit objectives.[Footnote 33] TIGTA's Operations Manual also requires that all elements of a finding be fully developed and documented. These include the criteria, condition, cause, and effect. In our review of the sample of 20 TIGTA audits we were able to identify the elements of each finding in both the final audit reports and the audit documentation. In addition, TIGTA made recommendations in each audit report where findings were developed. Documentation: Auditing standards require auditors to prepare documentation related to planning, conducting, and reporting for each audit. In addition, auditors should prepare audit documentation in sufficient detail to enable an experienced auditor, having no previous connection to the audit, to understand from the audit documentation the nature, timing, extent, and results of audit procedures performed, the audit evidence obtained and its source and the conclusions reached, including evidence that supports the auditors' significant judgments and conclusions.[Footnote 34] TIGTA's Operations Manual requires the preparation of orderly records that support the audit process from planning to the issuance of documents. These records are to include, but are not limited to, evidence that supports the adequacy of review and development of findings resulting from audit testing. With the exception of the two TIGTA reports that did not provide audit documentation that was consistent with auditing standards as discussed earlier, we found that the audit reports in our sample had adequate documentation to support the reported findings, conclusions, and recommendations. Reporting Auditor's Compliance with Auditing Standards: Auditing standards state that when auditors comply with the requirements of all applicable audit standards, they should include an unmodified compliance statement in the audit report to indicate that they performed the audit in accordance with standards.[Footnote 35] TIGTA's Operations Manual also requires that a statement that the audit was conducted in accordance with generally accepted government auditing standards be included in the report. Each audit report in our sample included the required compliance statement. Reporting Views of Responsible Officials: Auditing standards state that auditors should obtain and report the views of responsible officials of the audited entity concerning the findings, conclusions, and recommendations included in the audit report as well as any planned corrective actions.[Footnote 36] TIGTA's Operations Manual requires auditors to include the views of the auditee concerning the findings, conclusions, recommendations, and corrective actions in the report. In addition, TIGTA requires a synopsis of the management response as well as a complete copy of management's response to the draft report in all final reports where appropriate. Each audit report in our sample of 20 TIGTA audits included the complete comments of the responsible officials for each unit, office, or program audited when provided. In addition, where TIGTA's audits had findings with recommendations, a synopsis of the responsible officials' comments and recognition of improvements made to address any corrective actions were included in the reports. Conclusions: TIGTA maintained a planning process that provided audit coverage of IRS's major programs and activities, high-risk areas, and management challenges. In addition, TIGTA's audit policies and procedures were consistent with the provisions of auditing standards we reviewed, and a random, nongeneralizable sample of TIGTA audit reports were generally consistent with these standards and TIGTA's policies as provided by its Operations Manual. However, even though TIGTA's documentation of supervisory review was consistent with auditing standards, it was not always in compliance with its own timeliness requirements. TIGTA was in the process of taking several corrective actions in this area based on similar findings from its internal review process as well as recommendations from an external peer reviewer that if implemented properly should help to correct the identified weaknesses. We also identified two audits where the documented evidence did not fully support reported conclusions. TIGTA's final review of these two audit reports did not include an expert in the use of statistics and related data analyses, and TIGTA's Operations Manual does not require such a review. Including an expert in statistics and related data analyses during the quality review process for draft audit reports could help ensure that all reported conclusions are accurately reported and fully supported by sufficient and documented evidence as required by auditing standards. Recommendation for Executive Action: To help ensure that audit report conclusions are reported correctly and supported by sufficient evidence, we recommend that the Treasury Inspector General for Tax Administration develop and implement policies and procedures requiring a detailed review of draft audit reports by individuals trained and qualified to assess the statistical and related data analyses used to support the reported findings and conclusions. Agency Comments and Our Evaluation: In comments on a draft of this report, the TIGTA Inspector General concurred with our recommendation and agreed to develop policies to provide guidance on the circumstances in which a statistician should be consulted. The Inspector General plans to develop and implement this guidance to include a review of the presentation of information in draft reports based on sampling or other statistical methods, depending on the complexity. We believe this emphasis on additional policies is responsive to our recommendation. The Inspector General disagreed with our conclusion that TIGTA's audit report on identity theft and related audit documentation did not fully support the reported potential amount of tax refunds over 5 years because of identity theft as well as the reported $21 billion in potential cost savings that could result from the audit recommendation. In addition, the Inspector General stated that we did not raise any concerns or have any substantive discussions with TIGTA regarding the extensive analysis that TIGTA performed to ensure that the tax returns identified had a high likelihood of fraud involving identity theft until after the conclusion of our fieldwork. Based on our review of the audit documentation for TIGTA's report, we agree that TIGTA performed an extensive analysis to identity tax returns that had the characteristics of prior identity theft frauds. In addition, our report states that TIGTA's audit documentation provided sufficient evidence to support the number and dollar amount of tax returns with characteristics of prior tax returns found to be fraudulent because of identity theft. Consequently, TIGTA's analysis to identify tax returns with such characteristics required little discussion. However, while the audit documentation supported a conclusion that the tax returns identified by TIGTA had these characteristics, we had extensive discussions with TIGTA's audit staff throughout our review regarding the lack of audit documentation to support (1) the extent that the identified tax returns with such characteristics can be expected to be fraudulent, (2) the extent that the possible fraud could be attributed to identity theft, and (3) that the tax returns with such characteristics could result in a potential savings of approximately $21 billion in funds to be put to better use if the report's recommendations were implemented. Neither our discussions with the audit staff nor the Inspector General's comments to our draft report provided additional information to fully support these reported conclusions. Therefore, we continue to believe that TIGTA lacked sufficient evidence to fully support these statements, and we reaffirm our findings and conclusions. As agreed with your office, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time we will send copies to the Secretary of the Treasury, the Commissioner of the IRS, the Treasury Inspector General for Tax Administration, the OMB Deputy for Management, other congressional committees, and interested parties. In addition, this report will be available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-2623 or davisbh@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made key contributions to this report are listed in appendix IV. Sincerely yours, Signed by: Beryl H. Davis: Director: Financial Management and Assurance: [End of section] Appendix I: Scope and Methodology: To review the Treasury Inspector General for Tax Administration's (TIGTA) planning process, we obtained the guidance on planning in the Quality Standards for Federal Offices of Inspector General, October 2003, established by the Council of the Inspectors General on Integrity and Efficiency. We identified the planning guidance for inspectors general (IG) offices related to risk assessment and coordination and compared these requirements to TIGTA's strategic plan for fiscal years 2009 through 2014 and annual audit plan for fiscal year 2012. To determine the extent of audit coverage, we reviewed the titles and objectives of all audit reports issued by TIGTA during 2012 and compared them to the divisions and offices responsible for the Internal Revenue Service's major programs and activities as identified in TIGTA's Operations Manual, high-risk areas identified by GAO for the period covering fiscal year 2012, and management challenges identified by TIGTA for fiscal year 2012 as reported in semiannual reports to the Congress. To determine whether TIGTA's audit policies and procedures as provided in its Operations Manual were consistent with requirements in Government Auditing Standards, we focused on those standards that are most likely to have a direct bearing on the quality of the audit documentation used to support the conclusions, findings, and recommendations in audit reports. Specifically, we selected for our review the following general, fieldwork, and reporting standards for performance audits: independence; quality control and assurance; planning; internal control; obtaining sufficient, appropriate evidence; data reliability; elements of a finding; documentation; statement of compliance with standards; and obtaining views of officials. We compared the selected requirements of these standards with the policies and procedures contained in TIGTA's Operations Manual. To determine whether TIGTA's audits were consistent with the policies and procedures in its Operations Manual and with selected provisions of Government Auditing Standards, we reviewed a random, nongeneralizable sample of 20 audits from the total of 94 audits issued by TIGTA's four business units in its Office of Audits during fiscal year 2012 (see app. II). The overall sample included audit reports from each of TIGTA's four business units with a random sample of 5 audits from each unit. For each sampled audit report, we compared the selected requirements of Government Auditing Standards and TIGTA's Operations Manual with the information in the audit report and in the related audit documentation for each sampled audit. This included the supporting audit documentation for the report findings, conclusions, and recommendations and the criteria, condition, cause, and effect in each sampled audit report. In addition, for the independence standard we reviewed TIGTA's policies and procedures for documenting the assertion of independence by each auditor and obtained the documented assertions for fiscal year 2012, which is the most recently completed full year of audit activity for our review. For the quality control and assurance standard, in addition to a review of the audit documentation, we obtained an understanding of the information in the internal quality review reports completed by TIGTA of its own audit operations and the external peer review completed by another IG office. In addition, we obtained an understanding of the process used by TIGTA to review the quality of draft audit reports before they are issued. [End of section] Appendix II: Sample of 20 Audit Reports Issued by TIGTA in Fiscal Year 2012 Selected for Review: Treasury Inspector General for Tax Administration. Eliminating the Automatic Mailing of Tax Packages Achieved Significant Savings, Although Some Taxpayers Were Burdened. 2012-40-008. Washington, D.C.: December 13, 2011. Treasury Inspector General for Tax Administration. Procedures Need to Be Updated to Ensure Proper Determinations of Tax Relief for Taxpayers Affected by Disasters. 2012-40-015. Washington, D.C.: February 16, 2012. Treasury Inspector General for Tax Administration. Improvements Are Needed to Ensure the Business Master File Case Creation Nonfiler Identification Process Is Working Effectively. 2012-30-020. Washington, D.C.: February 17, 2012. Treasury Inspector General for Tax Administration. Citibank Purchase Card and Fleet Card Rebates Were Maximized and Are Now Properly Allocated. 2012-10-031. Washington, D.C.: March 30, 2012. Treasury Inspector General for Tax Administration. Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved. 2012-20-041. Washington, D.C.: May 3, 2012. Treasury Inspector General for Tax Administration. The Exempt Organizations Function Should Take Action to Limit the Disclosure of Social Security Numbers on Publicly Available Tax-Exempt Returns. 2012- 10-046. Washington, D.C.: May 4, 2012. Treasury Inspector General for Tax Administration. Customer Account Data Engine 2 Performance and Capacity Is Sufficient, but Actions Are Needed to Improve Testing. 2012-20-051. Washington, D.C.: May 16, 2012. Treasury Inspector General for Tax Administration. The Remediation Plan Still Does Not Contain All the Necessary Actions to Address the Unpaid Assessments Material Weakness. 2012-10-069. Washington, D.C.: July 19, 2012. Treasury Inspector General for Tax Administration. There Are Billions of Dollars in Undetected Tax Refund Fraud Resulting From Identity Theft. 2012-42-080. Washington, D.C.: July 19, 2012. Treasury Inspector General for Tax Administration. Ensuring the Quality Review Process Is Consistently Followed Remains a Problem for the Volunteer Program. 2012-40-088. Washington, D.C.: July 27, 2012. Treasury Inspector General for Tax Administration. The Onboarding Process Has Improved, but Additional Steps Should Be Taken to Ensure Employees Have the Tools, Resources, and Knowledge to Be Successful and Productive. 2012-10-091. Washington, D.C.: August 6, 2012. Treasury Inspector General for Tax Administration. Fiscal Year 2012 Statutory Review of Compliance With Legal Guidelines When Issuing Levies. 2012-30-095. Washington, D.C.: August 17, 2012. Treasury Inspector General for Tax Administration. Procedures for Withdrawals and Releases of Notices of Federal Tax Lien Were Not Always Followed. 2012-30-096. Washington, D.C.: August 22, 2012. Treasury Inspector General for Tax Administration. Fiscal Year 2012 Statutory Review of Restrictions on Directly Contacting Taxpayers. 2012-30-089. Washington, D.C.: September 4, 2012. Treasury Inspector General for Tax Administration. Fiscal Year 2012 Statutory Audit of Compliance With Notifying Taxpayers of Their Rights When Requested to Extend the Assessment Statute. 2012-30-102. Washington, D.C.: September 4, 2012. Treasury Inspector General for Tax Administration. The Process for Individuals to Report Suspected Tax Law Violations Is Not Efficient or Effective. 2012-40-106. Washington, D.C.: September 10, 2012. Treasury Inspector General for Tax Administration. Deficiencies Continue to Exist in Verifying Contractor Labor Charges Prior to Payment. 2012-11-101. Washington, D.C.: September 19, 2012. Treasury Inspector General for Tax Administration. Despite Steps Taken to Increase Electronic Returns, Unresolved Modernized e-File System Risks Will Delay the Retirement of the Legacy e-File System and Implementation of Business Forms. 2012-20-121. Washington, D.C.: September 27, 2012. Treasury Inspector General for Tax Administration. Treasury Inspector General for Tax Administration - Federal Information Security Management Act Report for Fiscal Year 2012. 2012-20-114. Washington, D.C.: September 28, 2012. Treasury Inspector General for Tax Administration. Annual Assessment of the Internal Revenue Service Information Technology Program. 2012- 20-120. Washington, D.C.: September 28, 2012. [End of section] Appendix III: Comments from the Treasury Inspector General for Tax Administration: Department of The Treasury: Inspector General for Tax Administration: Washington, D.C. 20005: May 1, 2014: Via Facsimile and Electronic Mail: Beryl H. Davis, Director: Financial Management and Assurance: U.S. Government Accountability Office: 441 G Street, NW., Room 5490: Washington D.C., 20548: Dear Ms. Davis: Thank you for the opportunity to comment on the Government Accountability Office's (GAO) review of the Treasury Inspector General for Tax Administration's (TIGTA) Office of Audit. GAO's report on TIGTA's Office of Audit addressed many facets of our organization, including our planning processes, audits, supervision, independence, and quality review processes. The report concluded that our audit planning processes were consistent with quality standards and that the resulting audits addressed the Internal Revenue Service's (IRS) major programs, high-risk areas, management challenges, and the concerns of stakeholders. GAO also found that TIGTA's audit policies and procedures were consistent with Government Auditing Standards. Moreover, GAO's review of a random, non- generalizable sample of 20 TIGTA audit reports issued in Fiscal Year 2012 determined they were "generally" consistent with Government Auditing Standards and TIGTA's policies. The Office of Audit has established a rigorous quality control process to ensure conformance with Government Auditing Standards, which includes a review of all facts and presentation of those facts by TIGTA management, a detailed referencing of all facts by an auditor who is independent of the review, and a quality review of all draft and final reports to ensure clarity and conformance with reporting standards. This includes a review of the methodology used to estimate outcome measures. The effectiveness of TIGTA's quality control process was confirmed in a recent external peer review conducted by the General Services Administration's Office of Inspector General. While I generally agree with GAO's report, there are certain statements which I believe warrant clarification and some with which I disagree. Related to the section of the report on supervisory review, I believe it is important to note that GAO reviewed 7,056 workpapers contained in the 20 audits selected for review. There were 86 workpapers that GAO reported did not meet TIGTA's 30-day review policy, which, it is important to note, is more stringent than the Government Auditing Standards, but did meet the Government Auditing Standards because they were reviewed before the report was issued. As such, 99 percent of the workpaper reviews complied with our policy, and 100 percent complied with Government Auditing Standards. In the section on Obtaining Sufficient, Appropriate Evidence, GAO reported that specific statements were not fully supported by sufficient evidence in two of the twenty audit reports it reviewed. For one audit, GAO reported that one statement in the audit report concluded some organizations within the IRS had implemented best practices better than others. GAO reported that TIGTA based this conclusion on a judgmental sample which cannot be projected to the overall IRS organization. Some important context related to this sample must be noted. The sample included 402 recently hired employees that were chosen at random to receive a questionnaire soliciting their views on the new employee onboarding process. Due to changes in the IRS's workforce at the time, we worked closely with the IRS to ensure that a large number of responses were received to provide a broad perspective of employees' thoughts on the onboarding process. The sample achieved its intended purpose. However, I agree that the audit could have been more precise in describing the sample in the report. In the review of another audit, GAO asserts that TIGTA did not have sufficient evidence in the report and audit documentation to support the potential for $21 billion in fraudulent tax refunds over five years due to identity theft and the reported cost savings that could result from TIGTA's audit recommendation. We strongly disagree with GAO's conclusion. Our estimates are fully supported by ample evidence obtained from the IRS and law enforcement. In the report, GAO agreed that the returns we identified had the characteristics of confirmed identity-theft cases. During their review, the GAO team did not raise any concerns or have any substantive discussions with our audit team regarding the extensive analysis that TIGTA performed to ensure that the tax returns identified have a high likelihood of fraud involving identity theft. GAO did not raise any concerns until well after the conclusion of its fieldwork. When we pressed GAO on this issue, they conceded that they could not think of any other evidence that could have been used to provide a better estimate and that we probably used the best evidence and methods available. TIGTA provided GAO with 813 workpapers as evidence to support our estimates. The workpapers included five data analysis methodologies that document how the undetected tax returns identified have a high likelihood of fraud that involves identity theft. The characteristics we used to identify our cases were based on our analysis of thousands of tax returns involved in fraud schemes identified by the IRS and other law enforcement agencies as having been filed by identity thieves. It is worth noting that our workpapers also documented the extensive review by the IRS's Office of Research and Analysis. This office, which provides research, analytical, statistical, and technology services to IRS management, agreed that our analysis correctly identified fraudulent tax returns involving identity theft. Our analysis helped to quantify the enormous impact that undetected identity-theft tax fraud has on tax administration. Recommendations included in our report and the corrective actions taken are directly linked to The IRS improving its detection of fraudulent tax returns involving identity theft. In the year subsequent to our analysis (tax return processing year 2012), the IRS increased its detection of fraudulent identity-theft tax returns by over $4 billion. We have continued our effort to review the IRS's progress in stemming this problem. It is clear from our subsequent analysis that our recommendations have helped the IRS make substantial improvements in its tax-fraud detection efforts_ Improvements include expanded identity-theft filters, earlier use of data reported by the Social Security Administration, locks on the accounts of deceased taxpayers, and a clustering tool to identify multiple fraudulent refunds going to the same address or bank account Each of these improvements has prevented a substantial amount of this type of fraud. For example, since becoming operational in processing year 2013, the IRS clustering tool has identified 395,468 fraudulent tax returns and prevented the issuance of approximately $1.3 billion of improper refunds as of March 3, 2014. These improvements will continue to help the IRS in stemming this growing threat to our Nation's system of tax administration. Our response to GAO's recommendation is attached. If you have any questions, please contact me or a member of your staff may contact Mr. Michael McKenney, Acting Deputy Inspector General far Audit, at (202) 622-5916. Sincerely, Signed by: J. Russell George: Inspector General: Attachment: GAO Recommendation and TIGTA Response (GAO-14-70): GAO Recommendation: To help ensure that audit report conclusions are reported correctly and supported by sufficient evidence, we recommend that the Treasury Inspector General for Tax Administration develop and implement policies and procedures requiring a detailed review of draft audit reports by individuals trained and qualified to assess the statistical and related data analysis used to support the reported findings and conclusions. TIGTA Response: TIGTA makes extensive use of professional statistical support in the course of planning and conducting our audits, including during the reporting phase. Nonetheless, we agree that developing policies to provide guidance on the circumstances in which a statistician should be consulted would be beneficial. This includes a review of the presentation of information in draft reports based on sampling or other statistical methods, depending on its complexity. We plan to develop and implement such guidance. In our discussions with GAO, it also appeared they were envisioning a review process similar to that of GAO's Applied Research and Methods team. Further discussion with GAO is needed to understand the criteria, methods, and expertise they employ to determine the applicability of this to our organization. [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Beryl H. Davis, (202) 512-2623 or davisbh@gao.gov: Staff Acknowledgments: In addition to the contact named above, Jackson Hufnagle (Assistant Director), Carl Barden, Jacquelyn Hamilton, Wilfred Holloway, Taya Tasse, and Clarence Whitt made key contributions to this report. [End of section] Footnotes: [1] Pub. L. No. 95-452, 92 Stat. 1101 (Oct. 12, 1978) (codified, as amended, at 5 U.S.C. App.). [2] Pub. L. No. 105-206, 112 Stat. 685, 705 (July 22, 1998). [3] Council of the Inspectors General on Integrity and Efficiency, Quality Standards for Federal Offices of Inspector General (Washington, D.C.: October 2003). [4] CIGIE was established by the Inspector General Reform Act of 2008 (Pub. L. No. 110-409, 122 Stat. 4302, Oct. 14, 2008) and consists mainly of IGs to address integrity, economy, and effectiveness issues that transcend individual government agencies, and to increase the professionalism and effectiveness of personnel in the IG offices. [5] GAO, Government Auditing Standards, July 2007 Revision, [hyperlink, http://www.gao.gov/products/GAO-07-731G (Washington, D.C.: July 2007), was superseded by Government Auditing Standards, December 2011 Revision, [hyperlink, http://www.gao.gov/products/GAO-12-331G (Washington, D.C.: December 2011), for performance audits beginning on or after December 15, 2011. [6] Treasury Inspector General for Tax Administration, Operations Manual, Section 300 (Washington, D.C.: updated through Oct. 1, 2012). [7] When referring to Government Auditing Standards, this report uses "requirement" in a manner consistent with those standards. Government Auditing Standards has two categories of requirements. For "unconditional requirements," auditors must comply in all cases where such requirement is relevant. For "presumptively mandatory requirements," auditors must comply except in certain rare circumstances under which auditors must document their justification for the departure and how alternative procedures were sufficient to achieve the intent of the requirement. See Government Auditing Standards, 2.15 and 2.16. [8] We selected requirements from Government Auditing Standards that address independence; quality control and assurance; audit planning; internal control; obtaining sufficient, appropriate evidence; data reliability; elements of a finding; documentation; reporting auditor's compliance with auditing standards; and reporting views of responsible officials. [9] The IG Act defines "recommendation that funds be put to better use" as a recommendation that funds could be used more efficiently if management of an establishment took actions to implement and complete the recommendation. 5 U.S.C. § 5(f)(4). [10] Treasury Inspector General for Tax Administration, There Are Billions of Dollars in Undetected Tax Refund Fraud Resulting From Identity Theft, 2012-42-080 (Washington, D.C.: July 19, 2012). [11] The IRS Oversight Board is an independent body charged to provide IRS with long-term guidance and direction. The board also seeks the views and insights of those who work regularly with IRS. The National Taxpayer Advocate is head of the Taxpayer Advocate Service, which is an independent organization within IRS established to help taxpayers resolve tax problems with IRS and recommend changes that will help prevent the problems. [12] The Comptroller General's Domestic Working Group was formed in 2001 to bring together federal inspectors general and state and local audit officials informally to discuss topics of mutual interest, address common concerns, and promote collaborative efforts. [13] Phishing is a digital form of social engineering that uses authentic-looking, but fake, e-mails to request information from users or direct them to a fake website that requests information. [14] Treasury Inspector General for Tax Administration, The Compliance Assurance Process Has Received Favorable Feedback, but Additional Analysis of Its Costs and Benefits Is Needed, 2013-30-021 (Washington, D.C.: Feb. 22, 2013). Treasury Inspector General for Tax Administration, Assessment of the IRS's Interpretation of Section 1302 of the Recovery Act: Qualifying Advanced Energy Project Credit, 2013- 40-059 (Washington, D.C.: Sept. 27, 2013). Treasury Inspector General for Tax Administration, The Referral Process for Examinations of Tax Returns Claiming the Foreign Earned Income Exclusion Needs to Be Improved, 2013-30-112 (Washington, D.C.: Sept. 27, 2013). Treasury Inspector General for Tax Administration, Systemic Penalties on Late- Filed Forms Related to Certain Foreign Corporations Were Properly Assessed, but the Abatement Process Needs Improvement, 2013-30-111 (Washington, D.C.: Sept. 25, 2013). Treasury Inspector General for Tax Administration, The International Campus Compliance Unit Is Improving Tax Compliance, 2013-30-113 (Washington, D.C.: Sept. 19, 2013). [15] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-11-278 (Washington, D.C.: February 2011). [16] GAO removed IRS Business Systems Modernization from its most recent high-risk list because of significant improvements. See GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-13-283 (Washington, D.C.: February 2013). [17] Pub. L. No. 106-531, 114 Stat. 2537 (Nov. 22, 2000). [18] Department of the Treasury, The Department of the Treasury Agency Financial Report Fiscal Year 2012 (Washington, D.C.: Nov. 15, 2012). [19] Treasury Inspector General for Tax Administration, The 2009 Offshore Voluntary Disclosure Initiative Increased Taxpayer Compliance, but Some Improvements Are Needed, 2011-30-118 (Washington, D.C.: September 2011). [20] Three of the five audits related to globalization were issued during fiscal year 2013: Treasury Inspector General for Tax Administration, Foreign Corporations Filing Compliance, 2013-30-111 (Washington, D.C.: September 2013); Processing of the Payments Made in Foreign Currencies, 2013-30-027 (Washington, D.C.: March 2013); and Impact of IRC Section 911 on International Tax Administration, 2013-30- 112 (Washington, D.C.: September 2013). [21] IRS's financial statements are audited annually by GAO. GAO, Financial Audit: IRS's Fiscal Years 2012 and 2011 Financial Statements, [hyperlink, http://www.gao.gov/products/GAO-13-120 (Washington, D.C.: Nov. 9, 2012), and Financial Audit: IRS's Fiscal Years 2013 and 2012 Financial Statements, [hyperlink, http://www.gao.gov/products/GAO-14-169 (Washington, D.C.: Dec. 12, 2013). [22] Government Auditing Standards, 3.02 and 3.59. [23] Government Auditing Standards, 3.82-3.107. [24] The 86 audit documents with documented supervisory review after the 30-day TIGTA requirement represented about 1 percent of the audit documents we reviewed. Also, of the 86, only 4 were used as an index to support information in the final audit reports. [25] Peer reviews of IG audit operations allow for three types of ratings: (1) pass, (2) pass with deficiencies, and (3) fail. [26] Government Auditing Standards, 6.06-6.52. [27] Government Auditing Standards, 6.16-6.22. [28] Government Auditing Standards, 6.56 and 7.15. [29] Treasury Inspector General for Tax Administration, The Onboarding Process Has Improved, but Additional Steps Should Be Taken to Ensure Employees Have the Tools, Resources, and Knowledge to Be Successful and Productive, 2012-10-091 (Washington, D.C.: Aug. 6, 2012). [30] Identity theft can occur when an individual uses another person's name and Social Security number to file a fraudulent tax return to obtain a fraudulent tax refund. [31] CIGIE, as established by the IG Reform Act of 2008, replaced the duties and functions of the President's Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency, which were originally established by executive orders. These duties include an obligation to report to the President on the activities of CIGIE. The chairpersons of CIGIE and the prior councils have met that obligation through the issuance of progress reports. [32] Government Auditing Standards, 6.66. [33] Government Auditing Standards, 6.37-6.77. [34] Government Auditing Standards, 6.79-6.85. [35] Government Auditing Standards, 7.30-7.31. [36] Government Auditing Standards, 7.32-7.38. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO's actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO's website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]