Management Report:

Improvements Are Needed in IRS's Internal Controls and Compliance with Laws and Regulations

GAO-10-565R: Published: Jun 28, 2010. Publicly Released: Jun 28, 2010.

Additional Materials:

Contact:

Cheryl E. Clark
(202) 512-9521
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The purpose of this report is to present internal control and compliance issues identified during our audit of IRS's financial statements as of, and for the fiscal year ending, September 30, 2009, for which we do not already have any recommendations outstanding. Although not all of these issues were discussed in our report on the results of our fiscal year 2009 financial statement audit, they all warrant IRS management's attention.

During our audit of IRS's fiscal year 2009 financial statements, we identified several internal control issues and a compliance issue not addressed by previous recommendations. These issues include the following: 1) IRS's reported balances for taxes receivable and other unpaid tax assessments were not supported by its core general ledger system for tax-administration-related transactions. 2) IRS did not always credit or accurately credit trust fund recovery penalty payments received from one taxpayer to all related taxpayers as required by the Internal Revenue Manual (IRM), resulting in errors in taxpayer accounts. 3) IRS's transaction file of "pre-posted" tax revenue, which was supposed to largely reconcile the difference between IRS's aggregate tax revenue receipts recorded in its general ledger and the detailed-level tax revenue receipts recorded in its master file, was not accurate. 4) IRS did not establish adequate internal controls over its complex process for allocating operation support costs to the programs reported on its statement of net cost. 5) IRS did not always review duplicate refund transcripts, which identify potentially duplicate or erroneous refunds, prior to issuing the refunds as required by the IRM. 6) IRS's service center campuses (SCCs) did not acknowledge the quantity of unprocessable items the lockbox banks shipped to them, even in cases where there were discrepancies between the quantity of unprocessable items the lockbox bank recorded on the transmittal form and the quantity that the SCC actually received. 7) IRS's SCC and field office physical security analysts did not always accurately complete audit management checklists used to assess the physical security and emergency preparedness controls in place at their sites. 8) IRS's taxpayer assistance center group managers did not always accurately assess the status of operational and security controls at their locations. 9) SCC and field office contractors who are provided routine, unescorted, unsupervised physical access to IRS facilities containing taxpayer receipts and information were not required to and did not receive annual security awareness training. 10) IRS's SCC unit security representatives, who are responsible for maintaining security over one of IRS's key tax processing systems, did not always receive or timely complete required initial and refresher training on carrying out their security responsibilities. 11) IRS's employees did not always complete annual mandatory briefing requirements in fiscal years 2008 and 2009. 12) IRS staff did not always confirm or obtain documentation of confirmation with the end user of a purchased product or service that the item was satisfactorily received before entering receipt and acceptance of the good/service into the procurement system. 13) IRS did not always timely deobligate excess obligated funds after the related goods or services were delivered and the remaining funds for those purchases were no longer needed. 14) IRS did not always ensure that upward and downward adjustments to prior-year obligation transactions were properly reported for financial statement reporting purposes. 15) IRS did not comply with requirements in its annual appropriations act. We are making 41 recommendations that, if effectively implemented, should address the internal control and compliance issues we identified. These recommendations are intended to bring IRS into conformance with its own policies, the Standards for Internal Control in the Federal Government, or both, as well as to help ensure IRS's compliance with its appropriations act requirements. We provided IRS with a draft of this report and obtained its written comments. In its comments, IRS agreed with all but three of our 41 recommendations and described actions it had taken, underway, or planned to take to address the control weaknesses described in this report.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the IRM to require CIO to promptly provide service center campuses an acknowledgment of receipt for each Form 3210 transmittal related to a duplicate refund transcript sent to them by a service center campus for review.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS revised the Internal Revenue Manual to include procedures for Central Insolvency Operation to timely provide acknowledgment of receipt for Form 3210 related to duplicate refund transcripts to the service center campuses.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the IRM to require service center campuses to verify that an acknowledgment of receipt has been received from Central Insolvency Operation (CIO) for 100 percent of the Form 3210 transmittals related to duplicate refund transcripts they have forwarded to CIO for review.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS revised the Internal Revenue Manual to include procedures for verifying acknowledgments received from Central Insolvency Operation for duplicate refund transcripts at service center campuses.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the IRM to require service center campuses to resolve any instances in which an acknowledgment of receipt for a Form 3210 transmittal related to duplicate refund transcripts is not received.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS revised the Internal Revenue Manual to include procedures to resolve instances in which acknowledgment of receipt for a Form 3210 has not been received.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to require service center campuses to acknowledge unprocessable items with receipts received from lockbox banks.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS updated the Internal Revenue Manual and the Lockbox Document Transmittal form instructions to require service center campuses to acknowledge unprocessable items with receipts received from lockbox banks.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish procedures to track service center campus acknowledgments of unprocessable items with receipts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: In January 2012, IRS updated the Lockbox Processing Guidelines to require banks to retain all lockbox document transmittals and acknowledgments for a 1-year period. The banks are to have these documents available for review upon request. The update also requires the banks to call IRS if the faxed acknowledgment is not received by a specified time.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish procedures to monitor the process used by service center campuses and lockbox banks to acknowledge and track transmittals of unprocessable items with receipts. These procedures should include monitoring discrepancies and instituting appropriate corrective actions as needed.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: During 2012, IRS revised its procedures for monitoring the process used by service center campuses and lockbox banks to acknowledge and track transmittals of unprocessable items with receipts by performing discretionary reviews, ad hoc unannounced reviews, or both, depending on each lockbox bank's performance. However, at all three of the service center campuses we visited during the fiscal year 2012 audit, we found that differences between the count of unprocessable items with remittances listed on the lockbox document transmittals were not always recorded on the lockbox data collection instrument. We will continue to monitor the progress of IRS's corrective actions.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to review the audit management checklist for clarity and revise the assessment questions as appropriate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On November 29, 2010, IRS's Agency-Wide Shared Services Physical Security and Emergency Preparedness (PSEP) revised the physical security audit management checklist (AMC) assessment questions to more clearly identify which questions were relevant to the type of IRS facility being reviewed. During our fiscal year 2011 financial statement audit, we reviewed the 2011 AMC and verified that each assessment question clearly noted the type of IRS facility to which the question applied.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to issue written guidance to accompany the audit management checklist that explains the relevance of the questions and the methods that should be used to assess and test the related controls.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On November 29, 2010, IRS's Agency-Wide Shared Services Physical Security Emergency Preparedness (PSEP) incorporated instructions for completing the audit management physical security checklist and included them in the revision for use during calendar year 2011. We verified during our fiscal year 2011 financial statement audit that the PSEP audit management physical security checklist contained a detail set of instructions for completing the checklist.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the cost allocation desk guide to better document the cost allocation process. This should include ensuring that all key processing steps are included and identifying the key sources of input data and the controls necessary to help ensure their reliability.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and revised the cost allocation desk guide on January 29, 2010, to better document the cost allocation process. We reviewed IRS's revised cost allocation desk guide and noted that it now contained work instructions/job aids that included key processing steps, key sources of input data, and controls to ensure reliability throughout the cost allocation process.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to update the desk procedures governing the comparison of general ledger tax revenue receipts to the master files to ensure that the procedures reflect the current process and controls.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On December 21, 2010, IRS updated the desk procedures governing the general ledger to master files comparison to ensure that it reflects the most current process and controls. In addition, we were informed by CFO officials that these procedures would be revisited periodically to ensure they remain current.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the existing methodology for extracting the pre-posted revenue component of the comparison to ensure that non-tax revenues and tax revenue transactions already posted to the master files are properly excluded.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS revised its methodology for extracting the pre-posted revenue component of its general ledger to master files comparison. This revised methodology appropriately ensures that non-tax revenues and tax revenue transactions already posted to the master files are properly excluded.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to review the results of IRS's unpaid assessments compensating statistical estimation process to identify and document instances where systemic limitations in Custodial Detailed Data Base (CDDB) resulted in misclassifications of account balances which, in turn, resulted in inaccuracies in the amounts of reported unpaid assessments.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS has identified specific account modules that were misclassified as a result of systemic limitations. However, it has not yet documented the various systemic limitations in CDDB that cause the misclassification of account balances. During our fiscal year 2012 audit, we and IRS continued to identify misclassified unpaid assessments account modules resulting from CDDB systemic limitations. These CDDB limitations caused IRS to record multibillion-dollar adjustments to the year-end CDDB-generated gross taxes receivable balance in order to produce a reliable number for external reporting on its balance sheet for fiscal year 2012. We will continue to monitor IRS's actions to address this recommendation.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to research and implement programming changes to allow CDDB to more accurately classify such accounts among the three categories of unpaid tax assessments.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: IRS is in the process of implementing numerous programming changes to improve Custodial Detailed Data Base's accuracy in classifying accounts among the three categories of unpaid tax assessments. We will continue to monitor IRS's corrective actions to address this recommendation.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to research and identify control weaknesses resulting in inaccuracies or errors in taxpayer accounts that affect the financial reporting of unpaid tax assessments.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: During fiscal year 2012, we and IRS continued to identify misclassified unpaid assessments accounts resulting from IRS processing errors or delays. IRS compiled a report listing the misclassifications of account balances requiring corrections. However, IRS has not identified the underlying control deficiencies that impaired its ability to prevent or timely detect inaccuracies or errors in taxpayer accounts. We will continue monitor IRS's actions to determine whether it is identifying the underlying control weaknesses that result in inaccuracies or errors in taxpayer accounts that materially affect its financial reporting of unpaid tax assessments.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to, once IRS identifies the control weaknesses that result in inaccuracies or errors that affect the financial reporting of unpaid tax assessments, implement control procedures to routinely prevent, or to detect and correct, such errors.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: During fiscal year 2012, we and IRS continued to identify misclassified unpaid assessments accounts that resulted in errors and inaccuracies in taxpayer accounts. IRS compiled a report listing the errors identified in its unpaid assessment estimation process. However, IRS has not yet identified the control weaknesses that resulted in these errors and has therefore not implemented corrective actions to routinely prevent, or detect and correct similar errors in taxpayer accounts. We will continue to monitor IRS's actions to determine whether IRS implements appropriate corrective actions to routinely prevent, or detect and correct, errors in taxpayer accounts.

    Recommendation: To ensure that TFRP payments are always and accurately credited to all related parties when received, the Commissioner of IRS should direct the appropriate IRS officials to revise the IRM to provide specific requirements for supervisors to review the accuracy of credit transactions related to TFRP payments processed through the Automated Trust Fund Recovery (ATFR) system. This guidance should provide specific areas to review and list the ATFR system reports that can facilitate supervisory reviews.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS revised its Internal Revenue Manual to provide specific requirements for supervisors to review the accuracy of credit transactions related to trust fund recovery penalty payments processed through the Automated Trust Fund Recovery system.

    Recommendation: To ensure that TFRP payments are always and accurately credited to all related parties when received, the Commissioner of IRS should direct the appropriate IRS officials to formalize and implement the quarterly reviews of TFRP payment transactions to monitor compliance with IRM requirements.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS formalized and implemented quarterly reviews of trust fund recovery penalty payment transactions to monitor compliance with the Internal Revenue Manual requirements.

    Recommendation: To ensure that TFRP payments are always and accurately credited to all related parties when received, the Commissioner of IRS should direct the appropriate IRS officials to develop procedures to analyze the results of the quarterly reviews so that specific factors causing the errors are identified.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS developed procedures to analyze the results of its quarterly trust fund recovery penalty payment transaction reviews to identify specific factors causing errors.

    Recommendation: To ensure that TFRP payments are always and accurately credited to all related parties when received, the Commissioner of IRS should direct the appropriate IRS officials to develop procedures to address the factors causing errors in the processing of TFRP payment transactions identified through the analyses of the quarterly review results.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS developed procedures to address the factors causing errors in the processing of trust fund recovery penalty payment transactions.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to provide training to physical security analysts responsible for completing the audit management checklist to help ensure that checklist questions are answered appropriately and accurately.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On December 15, 2010, IRS's Territory Managers certified to their Area Directors that all physical security specialists had received Audit Management Checklist training. As part of our follow up to our status of recommendations work during our fiscal year 2011 financial statement audit, we verified that IRS conducted training for all Physical Security Specialists responsible for the completion of the Audit Management Checklist.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish and document the minimum frequency for how often the audit management checklist should be completed at each service center campus and field office.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On July 27, 2010 IRS's Physical Security and Emergency Preparedness (PSEP) revised its Standard Operating Procedures (SOP) 09-0011 to establish a minimum frequency for completing the physical security audit management checklist (AMC) at service center campuses and field office locations. During our fiscal year 2011 financial statement audit, we reviewed the physical security AMC and verified that service center campuses are required to complete the checklist on a quarterly basis, while field offices and other IRS locations must complete the checklist when visited for compliance reviews, risk assessments, or other physical security related reviews.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to reevaluate and, as necessary, revise the aging criteria for the Aging Unliquidated Obligation reviews so that unliquidated obligations are reviewed sooner in order to detect and deobligate excess obligations in a timely manner.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and stated that it has revised the aging criteria for the fiscal year 2010 Aging Unliquidated Obligation reviews from 300 days to 240 days to review a broader scope of unliquidated obligations sooner. During the FY 2010 financial audit, GAO confirmed that IRS: 1)re-evaluated the aging criteria for AUO reviews, and 2)revised the aging criteria for obligations from over 300 days to over 240 days.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to provide technicians and supervisors who are responsible for recording and reviewing obligation transactions with training on the proper use of manually linked obligation transactions to reinforce IRS's existing policy requiring that transactions be recorded accurately to the upward and downward adjustments of prior-year obligation accounts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and stated that it (1) revised its process for manually linking obligations, updated the related procedures, and provided additional training to technicians and supervisors in October 2009 and (2) revised its processes in March 2010 to include a second level review of all linked obligations at the time of the actual linking. During the FY 2010 financial audit, GAO reviewed the updated policies and procedures, evaluated the design and operating effectiveness of related IRS controls, and confirmed IRS's stated actions. GAO did not find any exceptions that were related to this issue during the FY 2010 and FY 2011 financial audits.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to develop controls to improve the linked obligation transaction review process to detect and correct erroneous links between unrelated upward and downward adjustments of prior-year obligation transactions in a timely manner.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and stated that it (1) revised its process for manually linking obligations, updated the related procedures, and provided additional training to technicians and supervisors in October 2009 and (2) revised its processes in March 2010 to include a second level review of all linked obligations at the time of the actual linking. During the FY 2010 financial audit, GAO reviewed the updated policies and procedures, evaluated the design and operating effectiveness of related IRS controls, and confirmed IRS's stated actions. GAO did not find any exceptions that were related to this issue during the FY 2010 and FY 2011 financial audits.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish a formal funds control process to set aside amounts for tax law enforcement and related support activities, as required by annual appropriations acts.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Not Implemented

    Comments: In FY 2010, IRS disagreed with this recommendation related to its compliance with the fiscal year 2009 appropriations act Tax Law Enforcement set-aside requirements. IRS stated that (1) it fully funded tax law enforcement activities and met the intent of the 2009 legislation; (2) GAO's characterization of the fiscal year 2009 appropriations act was incorrect; (3) it disagreed with GAO's characterization of its April 2010 analysis; and (4) its failure to comply with the appropriations act requirement was not attributable to a lack of internal controls to monitor and ensure compliance. IRS provided a detailed explanation of its position in its response to GAO's report. GAO disagrees with all of these points, and explained why in its analysis of IRS's response to the report. GAO also believes that this recommendation, coupled with the other recommendations GAO made in the report related to compliance with Appropriations Act requirements, if effectively implemented, will assist IRS in ensuring it has the processes and controls in place to minimize the risk of a reoccurrence of the issue that gave rise to these recommendations. In FY 2011, the Tax Law Enforcement Appropriations set-aside requirements were not included in the FY 2011 Continuing Appropriations Act; therefore there are no similar set-aside requirements in FY 2011. Because our recommendation is contingent on set-aside requirements that are included in the appropriations act; and such a requirements were not included in the FY 2011 appropriations act, we are closing this recommendation.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish a policy to periodically monitor throughout the year the amount of different appropriations accounts attributed to the set-aside to assess IRS's progress toward complying with the requirement.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Not Implemented

    Comments: In FY 2010, IRS disagreed with this recommendation related to its compliance with the fiscal year 2009 appropriations act requirements. IRS stated that (1) it fully funded tax law enforcement activities and met the intent of the 2009 legislation; (2) GAO's characterization of the fiscal year 2009 appropriations act was incorrect; (3) it disagreed with GAO's characterization of its April 2010 analysis; and (4) its failure to comply with the appropriations act requirement was not attributable to a lack of internal controls to monitor and ensure compliance. IRS provided a detailed explanation of its position in its response to GAO's report. GAO disagrees with all of these points, and explained why in its analysis of IRS's response to the report. GAO also believes that this recommendation, coupled with the other recommendations GAO made in the report related to compliance with Appropriations Act requirements, if effectively implemented, will assist IRS in ensuring it has the processes and controls in place to minimize the risk of a reoccurrence of the issue that gave rise to these recommendations. In FY 2011, during the FY 2010 audit, we confirmed that IRS established a process to periodically monitor its progress toward achieving compliance with the Tax Law Enforcement set-aside requirements. However, in FY 2011, the Tax Law Enforcement Appropriations set-aside requirements were not included in the FY 2011 Continuing Appropriations Act; therefore there are no similar set-aside requirements in FY 2011. Because our recommendation is contingent on set-aside requirements that are included in the appropriations act; and such requirements were not included in the FY 2011 appropriations act, we feel our recommendation is no longer relevant.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to, based on the results of its periodic assessments, take action to allocate the required amount of appropriations to tax law enforcement and related support activities to comply with the set-aside requirement.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Not Implemented

    Comments: In FY 2010, IRS disagreed with this recommendation related to its compliance with the fiscal year 2009 appropriations act Tax Law Enforcement set-aside requirements. IRS stated that (1) it fully funded tax law enforcement activities and met the intent of the 2009 legislation; (2) GAO's characterization of the fiscal year 2009 appropriations act was incorrect; (3) it disagreed with GAO's characterization of its April 2010 analysis; and (4) its failure to comply with the appropriations act requirement was not attributable to a lack of internal controls to monitor and ensure compliance. IRS provided a detailed explanation of its position in its response to GAO's report. GAO disagrees with all of these points, and explained why in its analysis of IRS's response to the report. GAO also believes that this recommendation, coupled with the other recommendations GAO made in the report related to compliance with Appropriations Act requirements, if effectively implemented, will assist IRS in ensuring it has the processes and controls in place to minimize the risk of a reoccurrence of the issue that gave rise to these recommendations. In FY 2011, the Tax Law Enforcement Appropriations set-aside requirements were not included in the FY 2011 Continuing Appropriations Act; therefore there are no similar set-aside requirements in FY 2011. Because our recommendation is contingent on set-aside requirements that are included in the appropriations act; and such requirements were not included in the FY 2011 appropriations act, we are closing this recommendations.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the IRM and cost allocation desk guide to require appropriate segregation of duties within the cost allocation process.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and updated its cost allocation desk guide on January 29, 2010 and the Internal Revenue Manual (IRM) relating to Managerial Cost Accounting on June 8, 2010, to require appropriate segregation of duties within the cost allocation process. We reviewed the revised IRM and cost allocation desk guide and noted it now required segregation of duties when creating, executing, and reconciling monthly cost allocation cycles. During our fiscal year 2010 audit, we observed that IRS implemented these new requirements. IRS segregated the duties of cost accountants during its edit check processes (which occur between executing cycle runs) by having a cost accountant other than the one executing the edit check verify that the cycle ran successfully.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to revise the IRM and cost allocation desk guide to require timely, documented supervisory reviews at key process points to help prevent and detect cost allocation processing errors.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and updated its cost allocation desk guide on January 29, 2010 and the Internal Revenue Manueal (IRM) relating to Managerial Cost Accounting on June 8, 2010, to require timely, documented supervisory reviews at key process points. Specifically, we reviewed the revised IRM and cost allocation desk guide and noted it now requires documented supervisory reviews when creating, executing, and reconciling monthly cost allocation cycles. During our fiscal year 2010 audit, we observed that IRS implemented these new requirements. Specifically, the supervisor reviewed and signed off on completed cycle-run steps within the cycle-run spreadsheet before the cost accountants proceeded to the next step.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to reiterate IRS's policy for staff to indicate in WebRTS during final receipt and acceptance that the payment is a final payment to close out a contract or purchase order to help ensure any remaining obligated funds are deobligated in a timely manner.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS agreed with GAO's recommendation and stated that it issued a Web Request Tracking System (WebRTS) broadcast e-mail to all WebRTS users on June 2, 2010, to reinforce the use of the receipt and acceptance final flag to ensure timely closure of obligations. During the FY 2010 financial audit, GAO reviewed the WebRTS broadcast e-mail message and noted that it does reinforce the use of the receipt and acceptance final flag to ensure timely closure of obligations.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish procedures requiring COs/COTRs to obtain and retain written documentation from end users confirming receipt and acceptability of purchased goods or services prior to entering acknowledgment of receipt and acceptance in Web Request Tracking System (WebRTS).

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We confirmed that IRS updated the Receipt and Acceptance Handbook in March 2010 to include the requirement to obtain and retain documentation to support receipt and acceptance before entering the acknowledgment in WebRTS. However during our fiscal year 2010 audit, we found eight instances in which the contracting officer's technical representative did not either obtain or retain written documentation confirming receipt of the service from the end user prior to entering receipt and acceptance. Of these eight instances, three occurred following IRS's update to its guidance. Consequently, while we are closing this recommendation for the action taken, we have made two new recommendations under GAO-12-683R to help improve staff compliance with the requirement.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish procedures requiring IRS's Human Capital Office, Leadership, Education and Delivery Services (HCO LEADS) or their designee to periodically monitor each business unit's progress in complying with mandatory briefing requirements.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS has established procedures for business units to monitor their progress in complying with mandatory briefing requirements. In addition, we verified that in fiscal year 2011, IRS distributed various completion statistics of mandatory briefing requirements to designated business unit points of contact, including Human Resource directors.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish policies requiring documented managerial reviews of completed audit management checklists. These reviews should document (1) the time and date of the review, (2) the name of the manager performing the review, (3) the supporting documentation reviewed, (4) any problems identified with the responses on the checklists, and (5) corrective actions to be taken.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On July 27, 2010, IRS's Physical Security and Emergency Preparedness (PSEP) office modified the PSEP Standard Operating Procedure (SOP) 09-0011, PSEP Audit Activity Management Program, requiring documented managerial reviews of completed physical security audit management checklists. During our fiscal year 2011 financial statement audit we verified that IRS's PSEP office did modify the physical security audit management checklist policy requiring documented managerial reviews of completed physical security audit management checklist to include (1) the time and date of the review, (2) the name of the manager performing the review, (3) the supporting documentation reviewed, (4) any problems identified with the responses on the checklists, and (5) corrective actions to be taken.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to review the taxpayer assistance centers (TAC) Security and Remittance Review Database (TSRRD) for clarity and revise review questions as appropriate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: We verified that IRS reviewed the TSRRD questions for clarity and as a result revised several of them in January 2011.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to provide training to TAC group managers to assist with their understanding of the TSRRD review questions and related objectives. This training should be provided on an ongoing basis to account for changes in TSRRD questions and for newly hired or appointed TAC group managers.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS included guidance on how to use the taxpayer assistance centers (TAC) Security and Remittance Review Database (TSRRD) in the 2010 and 2011 Filing Season Readiness (FSR) Workshop and TAC managers certified to their Territory Managers on January 14, 2011 that they had completed this training. In addition, we did not identify any TAC managers during our FY 2011 internal control testing visits who had not received this training.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish policies that require territory managers or a manager at least one level above the group manager to periodically review the information entered into the TSRRD for accuracy and completeness prior to the results being forwarded to Field Assistance Office headquarters management. This review should be signed and documented, and include (1) the time and date of the review, (2) the name of the manager performing the review, (3) the task performed during the review, (4) any problems or questions identified, and (5) planned corrective actions.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: In January 2011, IRS revised the Internal Revenue Manual (IRM) to require that territory managers review the information input by group managers into the TAC Security Remittance Review Database (TSRRD) prior to sending it to Field Assistance headquarters. During our fiscal year 2011 financial statement audit, we reviewed the IRM and verified it requires a documented Territory Manager review of information input by group managers into TSRRD, including the Territory Manager's signature, date of review, problems addressed, and corrective actions planned.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to analyze the various contractor access arrangements and establish a policy that requires security awareness training for all IRS contractors who are provided unescorted physical access to its facilities or taxpayer receipts and information.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Open

    Comments: During our fiscal year 2012 testing at all nine field offices and two of the service center campuses, we observed that contractors with staff-like access to IRS space were not required to receive security awareness training. IRS performed a risk assessment and identified contractors with unescorted workspace access (i.e. janitors, cleaning personnel, building maintenance personnel, and repair personnel) as posing a moderate risk, and has plans to require security awareness training for these contractors. We will continue to evaluate IRS's actions.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to designate management responsibility and establish a process for monitoring compliance with and enforcing the IRM requirement for all USRs to complete (1) the required initial USR training prior to assuming their responsibilities, and (2) annual refresher training each year thereafter.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: In December 2010, IRS designated management responsibility and established a process for monitoring compliance with and enforcing the Internal Revenue Manual training requirement for all service center campus Unit Security Representatives (USR). IRS completed its review of the initial and refresher USR training course content and implemented a revised refresher course on the Enterprise Learning Management System for all USRs. IRS also developed and implemented a reporting capability to identify USRs that fail to comply with the initial and annual training requirements. In January 2011, IRS began distributing the monthly reports on non-compliance to the USR managers. We verified that IRS established a process for monitoring compliance with USR training requirements and designated management to enforce compliance.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to update USR training manuals to ensure they reflect current security policies and procedures.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: On December 15, 2009, IRS's Integrated Data Retrieval System (IDRS) Project Management Office launched two new Enterprise Learning Management System Interactive online training courses for all IDRS Unit Security Representatives (USR) to incorporate current security policies and procedures. During GAO's audit of IRS's fiscal year 2010 financial statements, we verified that IRS has updated the USR training manuals in December 2009 thus satisfying the tenets of this recommendation. GAO will, however, continue to monitor IRS's updates and improvements to ensure that training manuals reflect current security policies and procedures during future audits of IRS's financial statements.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish a process to periodically review and update service center campus Unit Security Representative (USR) training materials as appropriate.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS indicated that it performs a review of USR training courses at least annually and, if required, updates the training course and materials. In December 2010, IRS completed its review of the initial and refresher USR training course content and implemented a revised refresher course on the Enterprise Learning Management System for all USRs. We verified that IRS included language in the IRM that requires review of the USR training materials at least annually by the end of each calendar year to ensure they reflect current security policies and procedures.

    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to establish controls over the cycle run spreadsheet to help minimize the risk of error or omission. At a minimum, this should include assigning a unique, sortable identifier to each row in the spreadsheet and implementing controls to promptly and accurately record the status of processing steps in a manner that ensures each cycle run is performed and is performed in the proper sequence.

    Agency Affected: Department of the Treasury: Internal Revenue Service

    Status: Closed - Implemented

    Comments: IRS established procedures and controls over the master version of the cycle-run spreadsheet to minimize the risk of error or omission on May 6, 2010, such as establishing a unique cycle identifier to identify the cycle run order, and supervisory reviews and other validations to ensure cycles are performed in the proper order. While IRS chose not to assign a unique, sortable identifier to each row in the spreadsheet, the implementation of supervisory reviews at key processing steps helped to ensure that each cycle run was performed and performed in the proper sequence and thus met the intent of our recommendation.

    Aug 11, 2014

    Jul 29, 2014

    Jul 22, 2014

    Jul 18, 2014

    Jul 7, 2014

    Jul 2, 2014

    Jun 13, 2014

    May 30, 2014

    May 20, 2014

    Apr 21, 2014

    Looking for more? Browse all our products here