Management Report:

Improvements Needed in IRS's Internal Controls

GAO-03-562R: Published: May 20, 2003. Publicly Released: May 21, 2003.

Additional Materials:

Contact:

Steven J. Sebastian
(202) 512-9521
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In November 2002, we issued our report on the results of our audit of the Internal Revenue Service's (IRS) financial statements as of and for the fiscal years ending September 30, 2002 and 2001, and on the effectiveness of its internal controls as of September 30, 2002. We also reported our conclusions on IRS's compliance with significant provisions of selected laws and regulations and on whether IRS's financial management systems substantially comply with requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA). A separate report on the implementation status of recommendations from our prior IRS financial audits and related financial management reports will be issued shortly. The purpose of this report is to discuss issues identified during our fiscal year 2002 audit regarding accounting procedures and internal controls that could be improved for which we do not presently have any recommendations outstanding.

During fiscal year 2002, IRS had a number of internal control issues that affected financial reporting, which includes safeguarding of assets. These issues concern policies and procedures related to (1) employee fingerprint records, (2) enforcement of courier service standards, (3) taxpayer receipt processing areas, (4) candling, (5) acceptance of tax payments in cash, and (6) structuring of installment agreements. Each of these control weaknesses posed added risks of losses, nonpayment of taxes, or potential burden to taxpayers.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: IRS re-emphasized this policy by e-mail to Background Investigations Coordinators and Personnel Officers on September 30, 2002, and during a conference call on October 9, 2002. In addition, the Personnel Security and Investigations staff created and distributed an Excel file that calculates the date when fingerprint results expire. IRS staffs have received instructions on how to use the spreadsheet and to annotate Case Closing documentation. As a result, Personnel Offices are enforcing the 180-day policy for fingerprint results. During its fiscal year 2003 financial audit, GAO noted only five instances in over 12,000 hires where individuals were hired with fingerprint results over 180-days old.

    Recommendation: To further reduce IRS's risk of hiring unsuitable employees to handle and process taxpayer receipts and data, IRS should enforce its policy of a 180-day expiration period for fingerprint check results when an individual enters on duty.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  2. Status: Closed - Implemented

    Comments: During 2002, FMS issued an amendment to the courier Memorandum of Understanding (MOU), which included the requirement that all courier employees satisfy the basic investigation, including a Federal Bureau of Investigation (FBI) fingerprint and name check. All ten IRS campuses now have a contact responsible for submitting paperwork to the National Background Investigations Center (NBIC) and ensuring courier employees are granted clearance. During 2003, IRS required NBIC to provide monthly status reports of the campus compliance with this requirement. Finally, during fiscal year 2006, all courier MOUs and NBIC reports were received monthly, enabling IRS to identify problems and issues more quickly. During our fiscal year 2006 audit, we found no instances in which updated courier service contracts did not contain the requirements for background and fingerprint checks, and conclude that IRS's actions have effectively addressed this recommendation.

    Recommendation: IRS should confirm with the Financial Management Service (FMS) that IRS' requirements for background and fingerprint checks for courier services are met regardless of whether IRS or FMS negotiates the service agreeement.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  3. Status: Closed - Implemented

    Comments: IRS reported that its Security Review Team reviews monthly compliance with the courier requirements. For the five campuses where IRS holds the courier contract, the Security Review Team was required to verify the campus has a valid insurance certificate valued at $1 million. For the five campuses with FMS negotiated agreements, FMS drafted a memorandum to the financial institutes advising them to regularly provide a copy of the insurance certificates to IRS. The 2003 LPG included this procedure in Section 2.8.4.1. The campus now has a bonded courier who is delivering the deposits to the depository on a daily basis. All procedures are in place to provide a copy of the $1 million dollar insurance binder to all campuses and headquarters on an annual basis. During the fiscal year 2004 audit, GAO verified that IRS had established procedures to verify that courier services are adhering to the standards established for them by IRS, including the requirement that the courier service have insurance coverage. This was also included in the 2004 LPG. GAO found no instances in which the required proof of insurance was not available during its fiscal year 2004 visits to four SPCs and four lockbox banks.

    Recommendation: IRS should establish procedures to verify that courier services are adhering to the standards established for them by IRS, including the requirement that the courier services have insurance coverage.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  4. Status: Closed - Implemented

    Comments: IRS reported that on February 6, 2004, IRS issued information alert W&I-IA-2002-63-2004 specifying the items that are prohibited from the secure receipt processing areas and requiring that employees use clear plastic bags to transport small items not carried on their person in and out of the secure areas. First line managers or a designated representative conduct, at minimum, monthly random reviews of employee compliance with all security policies as they relate to personal belongings in the secure receipt processing areas. In addition, Campus Security Review Teams conduct monthly reviews to ensure compliance with these procedures. These procedures were added via Information Alerts to Internal Revenue Manuals pertaining to the secure receipt processing areas. GAO did not find any instances of inappropriate personal belongings in receipt processing areas at the four SPCs it visited during its fiscal year 2004 IRS financial statement audit.

    Recommendation: IRS should enforce consistent implementation of its policy limiting personal belongings in receipt processing areas at service center campuses.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  5. Status: Closed - Implemented

    Comments: IRS's Taxpayer Assistance Center (TAC) procedures now prohibit storing of personal items with any taxpayer related documents. These procedures further prohibit storing taxpayer receipts in the same storage container with employee personal items. IRS also requires that personal items and taxpayer related documents must not be stored in the same container under the same locking device. We verified that IRS prohibits its employees from storing personal belongs with any taxpayer related documents.

    Recommendation: IRS should prohibit the storage of employees' personal belongings with cash payments and receipts at IRS's taxpayer assistance centers.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  6. Status: Closed - Implemented

    Comments: IRS reported that additional guidance was issued to Submission Processing field employees on February 28, 2005, reinforcing the importance of ensuring that Submission Processing candling procedures and policies are followed. The Internal Revenue Manual (IRM) 3.10.72 has been revised to specify precise candling methods, as well as specific illumination measures of light. In addition, new requirements were implemented to turn large envelopes that cannot be easily opened on all three sides, inside out. This requirement is part of the campus monthly security reviews. All findings are shared with Submission Processing field directors. Local management continues to remind employees of the importance of candling of envelopes on a regular basis through individual and group meetings to ensure compliance with this requirement. GAO verified that the IRM has been updated to provide specific instructions regarding the candling processes for different types of mail processed by service center campuses

    Recommendation: IRS should revise its candling procedures to specify the precise candling methods to be used based on the dimensions of the mail processed and the extraction method used for both the first and the final candling.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  7. Status: Closed - Implemented

    Comments: IRS reported that the Internal Revenue Manual (IRM) 3.10.72 now has procedures prohibiting a single employee from performing the final candling in a remote location. This requirement is part of the campus monthly security reviews. All findings are shared with Submission Processing field directors. Local management continues to remind employees of candling requirements through individual and group meetings to ensure compliance with this requirement. GAO verified that IRS had established and implemented procedures prohibiting a single employee from performing final candling in a remote location. In addition, GAO did not identify any instances in which final candling were performed by only one individual.

    Recommendation: IRS should establish the implement procedures prohibiting a single employee from performing the final candling in a remote location.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  8. Status: Closed - Implemented

    Comments: IRS reported that it included guidelines in its fiscal year 2003, Field Assistance Operating Procedures (FAOP), stating that all Taxpayer Assistance Centers will accept all standard forms of payments from customers including checks, money orders, and cash. GAO verified that IRS included this guideline in its fiscal year 2003 FAOP.

    Recommendation: IRS should determine which taxpayer assistance centers do not accept payment of taxes in cash and issue a memorandum reminding them of the requirement that cash be accepted.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  9. Status: Closed - Implemented

    Comments: IRS reported that it monitored adherence to the policy of accepting cash payments during operational reviews conducted in fiscal year 2004. No discrepancies were identified. The Director, Field Assistance, granted an exception to the requirement of accepting cash payments in some Taxpayer Assistance Centers (TACs) with two or fewer persons. These are locations where the volume of cash payments received is minimal. TACs have agreements with other functions to accept cash payments, or financial institutions nearby, making conversion easy for the taxpayers. The IRS revised the IRM in fiscal year 2004 to reflect these exceptions. During the fiscal year 2004 audit, GAO found that IRS had monitored adherence to its policy of accepting cash payments. GAO did not identify any issues regarding IRS refusing to accept cash payments of taxes.

    Recommendation: IRS should establish a mechanism to periodically review adherence to this policy.

    Agency Affected: Department of the Treasury: Internal Revenue Service

 

Explore the full database of GAO's Open Recommendations »

Dec 16, 2014

Nov 19, 2014

Sep 22, 2014

Sep 18, 2014

Aug 11, 2014

Jul 29, 2014

Jul 22, 2014

Jul 18, 2014

Jul 7, 2014

Jul 2, 2014

Looking for more? Browse all our products here