IRS Management

In February 1997, GAO issued its third series of reports updating the status of government programs at risk for waste, fraud, abuse, and mismanagement. One report in the series discussed the four long-standing high-risk areas at IRS: tax systems modernization, financial management, accounts receivable, and filing fraud. (See GAO/HR-97-8.) Another report designated five new high-risk areas, two of which have governmentwide implications and directly affect IRS operations: information security and the computer-related "Year 2000" problem. (See GAO/HR-97-9.) This testimony discusses the problems that IRS confronts in these six high-risk areas, IRS' progress in addressing them, and the steps that IRS must take to overcome them.

GAO noted that: (1) solving the problems in the high-risk areas is not an insurmountable task, but it requires sustained management commitment, accurate information systems, and reliable performance measures to track IRS' progress and provide the data necessary to make informed management decisions; (2) although GAO recognizes IRS' actions to address GAO's recommendations and respond to congressional direction, GAO remains concerned because much remains to be done to fully implement essential improvements; (3) IRS has made progress in addressing problems in financial management areas and has developed an action plan, with specific timetables and deliverables, to address the issues GAO's financial statement audits have identified; (4) to improve IRS' financial management systems and reporting, especially in accounting for revenue and the related accounts receivables, IRS will need to institute long-term solutions involving reprogramming software for IRS' antiquated systems and developing new systems as required; (5) in the last 2 years, IRS has undertaken initiatives to correct errors in its masterfile records of tax receivables, develop profiles of delinquent taxpayers, and study the effectiveness of various collection techniques; (6) IRS has also streamlined its collection process, placed additional emphasis on contacting repeat delinquents, made its collection notices more readable, and targeted compliance-generated delinquencies for earlier intervention; (7) IRS needs to implement a comprehensive strategy that involves all aspects of IRS' operations and that sets priorities, accelerates the modernization of outdated equipment and processes, and establishes realistic goals, specific timetables, and a system to measure progress; (8) IRS has introduced new controls and expanded existing controls in an attempt to reduce its exposure to filing fraud; (9) those controls are directed toward either preventing the filing of fraudulent returns or identifying questionable returns after they have been filed; (10) IRS' efforts have produced some positive results; (11) IRS does not have a proactive, independent information security group that systematically reviews the adequacy and consistency of security over IRS' computer operations; (12) IRS needs to address its information security weaknesses on a continuing basis; (13) IRS' Chief Information Officer has established a year 2000 project office with responsibility for assessing, converting, and testing IRS' computer systems; and (14) IRS cannot hope to resolve the problems in its high-risk areas without a detailed business plan and a comprehensive implementation strategy.