The Internal Revenue Service has new deficiencies in its internal controls over financial reporting, according to a new
During an audit of the IRS’s fiscal years 2014 and 2013 financial statements, the GAO identified a number of new internal control deficiencies in several areas that contributed to the IRS's continuing material weakness in internal control over unpaid tax assessments as of Sept. 30, 2014.
The IRS’s controls over penalty assessments were not operating effectively to reasonably assure the accuracy of the penalties recorded in taxpayers' accounts, according to the report. The GAO noted that this increases the risk of errors in the IRS’s financial statements and could burden taxpayers who are assessed higher amounts in penalties than they actually owe, or result in lost revenue to the federal government when taxpayers are assessed lower penalty amounts than they actually owe.
The GAO also found that the IRS’s corrective action plan was not enough to reasonably assure that system control deficiencies contributing to a material weakness in unpaid tax assessments would be effectively addressed. The GAO noted that this increases the risk that the IRS’s efforts to address numerous control issues affecting the reporting of unpaid assessment amounts and the resultant material weakness will be hampered.
In addition, the GAO identified other new deficiencies in the following areas as of Sept. 30, 2014:
Transmission of taxpayer receipts and information: The IRS’s managerial review controls were not effectively designed or implemented to provide reasonable assurance that taxpayer receipts and information sent from taxpayer assistance centers were received by the intended submission processing centers. These deficiencies increase the risk that the IRS will not promptly prevent or detect loss of, theft of, or unauthorized access to taxpayer receipts and related sensitive information.
The IRS revealed a massive data breach this week in which identity thieves were able to gain access to 104,000 tax returns by using the IRS’s Get Transcript application (see
Unauthorized access awareness training for contractors: The IRS did not consistently enforce its policies and procedures requiring that contractors receive unauthorized access awareness training prior to gaining unescorted access to IRS facilities, according to the report. This deficiency increases the risk of unauthorized disclosure, loss, or theft of taxpayer receipts and related sensitive information, the GAO noted.
Candling procedures at receipt processing facilities: The IRS did not adequately enforce its “candling” policies and procedures at certain receipt processing facilities. This increases the risk of inadvertent loss or destruction of taxpayer receipts and information.
Capitalization of internal use software costs: The IRS did not have sufficient controls in place to reasonably assure that it properly and consistently capitalized certain internal use software costs in accordance with federal accounting standards. This increases the risk of the IRS misstating assets and expenses in its financial statements, according to the GAO.
Recording property and equipment acquisitions: The IRS’s controls were not effectively designed to reasonably assure that asset purchases were properly recorded in its asset management systems, said the report. These deficiencies increase the risk of misstatements to its financial statements and the risk of undetected loss or theft of assets, and jeopardize the integrity of the information that IRS management uses for decision making.
The GAO found the IRS had completed corrective actions on 20 of the 51 recommendations from its prior financial audits and other financial management-related work that remained open at the beginning of the fiscal year 2014 audit. As a result, the IRS currently has 42 GAO recommendations to address, including the previous 31 open recommendations and the 11 new recommendations the GAO is making in this report.
In response, IRS Commissioner John Koskinen pointed out that the GAO report acknowledged the IRS’s progress in addressing the agency’s financial management challenges and agreed to close 20 prior-year financial management recommendations. “We continue to make significant progress in addressing internal control deficiencies and financial management as evidenced by 15 consecutive years of clean audit opinions on our financial statements,” he wrote. “During fiscal year 2014, IRS strengthened its processes and controls over manual refunds, tax receipts tracking at Taxpayer Assistance Centers, excise tax certifications, cost allocations, personnel actions, and installment agreement user fees, allowing for the closure of several older recommendations.”
