Management Report
Improvements Are Needed to Enhance IRS's Internal Controls and Operating Effectiveness Gao ID: GAO-09-513R June 24, 2009In November 2008, we issued our report on the results of our audit of the Internal Revenue Service's (IRS) financial statements as of, and for the fiscal years ending, September 30, 2008, and 2007, and on the effectiveness of its internal controls as of September 30, 2008. We also reported our conclusions on IRS's compliance with significant provisions of selected laws and regulations and on whether IRS's financial management systems substantially comply with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA). Additionally, in January 2009, we issued a report on information security issues identified during our fiscal year 2008 audit, along with associated recommendations. The purpose of this report is to discuss issues identified during our audit of IRS's financial statements as of, and for the fiscal year ending, September 30, 2008, regarding internal controls that could be improved for which we currently do not have a specific recommendation outstanding. Although not all of these issues were discussed in our report on the results of our fiscal year 2008 financial statement audit, they all warrant IRS management's attention.
During our audit of IRS's fiscal year 2008 financial statements, we identified several internal control and other management issues not addressed by previous recommendations. These issues concern the following: (1) Controls over computer programs affecting penalty assessments did not ensure that the programs always functioned in accordance with IRS's policies and procedures. (2) Policies and procedures did not require that back up staff be assigned to manual refund monitoring activities when staff assigned to those functions were absent from work for an extended period of time. (3) Procedures for monitoring whether service center campus couriers entrusted with taxpayer receipts and information adhered to courier service requirements lacked adequate criteria for identifying potential deviations from those requirements. (4) Procedures did not exist for tracking, summarizing, and reporting the total number and dollar amount of taxpayer receipts collected at Taxpayer Assistance Centers (TACs). (5) Procedures governing IRS's quarterly duress alarm tests did not specifically require that all duress alarms be tested and that the emergency history report be reviewed to appropriately address reported security breaches or concerns. (6) Procedures did not exist for regularly monitoring the timeliness of purchase card approvals and following up on instances of non-compliance. (7) Controls over the use of appropriated funds did not always prevent the improper use of expired appropriations to fund current year obligations. (8) Controls over the recording of undelivered order transactions (e.g., receipt and acceptance of goods and services, adjustments to estimated obligations, or similar transactions that impact the undelivered order accounts) did not always prevent or detect errors in these accounts. (9) Full cost information to manage specific programs and activities was not readily accessible by program managers. (10) Outcome-based performance measures did not exist to assist in evaluating the effectiveness of IRS's enforcement programs and activities. These issues increase the risk that IRS may fail to prevent or timely detect (1) errors in computer-generated penalty assessments and undelivered order accounts; (2) issuance of erroneous tax refunds; (3) loss, theft, or misuse of taxpayer receipts and information; (4) improper purchase card transactions; and (5) improper use of expired funds. In addition, the lack of detailed cost and related performance measures limits management's ability to assess the effectiveness of programs and determine how best to allocate limited resources.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-09-513R, Management Report: Improvements Are Needed to Enhance IRS's Internal Controls and Operating Effectiveness
This is the accessible text file for GAO report number GAO-09-513R
entitled 'Management Report: Improvements Are Needed to Enhance IRS's
Internal Controls and Operating Effectiveness' which was released on
June 24, 2009.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
GAO-09-513R:
United States Government Accountability Office:
Washington, DC 20548:
June 24, 2009:
The Honorable Douglas H. Shulman:
Commissioner of Internal Revenue:
Subject: Management Report: Improvements Are Needed to Enhance IRS's
Internal Controls and Operating Effectiveness:
Dear Mr. Shulman:
In November 2008, we issued our report on the results of our audit of
the Internal Revenue Service's (IRS) financial statements as of, and
for the fiscal years ending, September 30, 2008, and 2007, and on the
effectiveness of its internal controls as of September 30, 2008.
[Footnote 1] We also reported our conclusions on IRS's compliance with
significant provisions of selected laws and regulations and on whether
IRS's financial management systems substantially comply with the
requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA). Additionally, in January 2009, we issued a report
[Footnote 2] on information security issues identified during our
fiscal year 2008 audit, along with associated recommendations.
The purpose of this report is to discuss issues identified during our
audit of IRS's financial statements as of, and for the fiscal year
ending, September 30, 2008, regarding internal controls that could be
improved for which we currently do not have a specific recommendation
outstanding. Although not all of these issues were discussed in our
report on the results of our fiscal year 2008 financial statement
audit, they all warrant IRS management's attention. This report
contains 16 recommendations that we are proposing IRS implement to
improve its internal controls. We will issue a separate report on the
implementation status of recommendations from our prior IRS financial
audits and related financial management reports, including this one. We
conducted our audit in accordance with U.S. generally accepted
government auditing standards.
Results in Brief:
During our audit of IRS's fiscal year 2008 financial statements, we
identified several internal control and other management issues not
addressed by previous recommendations. These issues concern the
following:
* Controls over computer programs affecting penalty assessments did not
ensure that the programs always functioned in accordance with IRS's
policies and procedures.
* Policies and procedures did not require that back up staff be
assigned to manual refund monitoring activities when staff assigned to
those functions were absent from work for an extended period of time.
* Procedures for monitoring whether service center campus couriers
entrusted with taxpayer receipts and information adhered to courier
service requirements lacked adequate criteria for identifying potential
deviations from those requirements.
* Procedures did not exist for tracking, summarizing, and reporting the
total number and dollar amount of taxpayer receipts collected at
Taxpayer Assistance Centers (TACs).[Footnote 3]
* Procedures governing IRS's quarterly duress alarm tests did not
specifically require that all duress alarms be tested and that the
emergency history report be reviewed to appropriately address reported
security breaches or concerns.
* Procedures did not exist for regularly monitoring the timeliness of
purchase card approvals and following up on instances of non-
compliance.
* Controls over the use of appropriated funds did not always prevent
the improper use of expired appropriations to fund current year
obligations.
* Controls over the recording of undelivered order transactions (e.g.,
receipt and acceptance of goods and services, adjustments to estimated
obligations, or similar transactions that impact the undelivered order
accounts) did not always prevent or detect errors in these accounts.
* Full cost information to manage specific programs and activities was
not readily accessible by program managers.
* Outcome-based performance measures did not exist to assist in
evaluating the effectiveness of IRS's enforcement programs and
activities.
These issues increase the risk that IRS may fail to prevent or timely
detect (1) errors in computer-generated penalty assessments and
undelivered order accounts; (2) issuance of erroneous tax refunds; (3)
loss, theft, or misuse of taxpayer receipts and information; (4)
improper purchase card transactions; and (5) improper use of expired
funds. In addition, the lack of detailed cost and related performance
measures limits management's ability to assess the effectiveness of
programs and determine how best to allocate limited resources.
At the end of our discussion of each of these matters in the following
sections, we make recommendations for strengthening IRS's internal
controls or processes. These recommendations are intended to bring IRS
into conformance with its own policies, the Standards for Internal
Control in the Federal Government,[Footnote 4] or both, as well as to
enhance IRS's ability to manage its resources.
In its comments, IRS agreed with all but one of our 16 recommendations
and described actions it had taken, underway, or planned to take to
address the control weaknesses described in this report. While not
explicitly agreeing or disagreeing with the one remaining
recommendation, IRS described additional considerations that guide its
resource allocation decision process. At the end of our discussion of
each of the issues in this report, we have summarized IRS's related
comments and provided our evaluation. We have also reprinted IRS's
comments in enclosure II.
Scope and Methodology:
This report addresses issues we observed during our audit of IRS's
fiscal years 2008 and 2007 financial statements. As part of our audit,
we tested IRS's internal controls and its compliance with selected
provisions of laws and regulations. We designed our audit procedures to
test relevant controls, including those for proper authorization,
execution, accounting, and reporting of transactions. To assess
internal controls related to safeguarding taxpayer receipts and
information, we visited 3 service center campuses,[Footnote 5] 3
lockbox banks,[Footnote 6] 10 TACs, and 5 field office units.[Footnote
7] We conducted our fieldwork between January 2008 and November 2008.
Further details on our audit scope and methodology are included in our
report on the results of our audits of IRS's fiscal years 2008 and 2007
financial statements.[Footnote 8] Additionally, details on our
methodology are reproduced in their entirety in enclosure I.
Penalty Calculation Programs:
IRS's controls over computer programs affecting penalty assessments did
not always ensure that the programs were designed or functioned in
accordance with the intent of established policies and procedures.
The Internal Revenue Code (IRC)[Footnote 9] grants IRS broad authority
to assess penalties against taxpayers for noncompliance with tax laws
such as failing to file a tax return, failing to pay taxes owed, or
inaccurately reporting taxes. IRS establishes the specific policies and
procedures for calculating and assessing penalties in its Internal
Revenue Manual (IRM).[Footnote 10] In accordance with the IRM, IRS's
business operating divisions work with its Modernization and
Information Technology Services to implement computerized programs
within its master files[Footnote 11] to calculate and assess penalties
against taxpayers in relation to unpaid tax assessments or violations
of the tax laws.
During our testing of a sample of taxpayer account modules[Footnote 12]
from IRS's fiscal year 2008 inventory of unpaid tax assessments,
[Footnote 13] we identified one case where IRS's penalty calculation
programs did not function in accordance with the IRM. In this case, a
taxpayer entered into an installment agreement with IRS in May 2007
that covered both the taxpayer's business and personal tax liabilities.
The taxpayer's business and personal accounts had different taxpayer
identification numbers (TINs). According to the IRM, IRS is required to
reduce the monthly rate it charges for a failure-to- pay (FTP)
penalty[Footnote 14] to one-quarter of one percent of the amount of tax
assessed in calculating the FTP penalty when an individual taxpayer
enters into an installment agreement with the IRS.[Footnote 15] IRS's
computer program recognized the installment agreement condition and
reduced the FTP penalty rate on the taxpayer's business account because
this is where the installment agreement payments were to be applied
first. However, we found that the computer program did not recognize
that the taxpayer's personal account was also covered by the
installment agreement and did not reduce the FTP penalty rate on that
account. According to IRS, this occurred because in December 2006, IRS
began using the Integrated Data Retrieval System (IDRS)[Footnote 16]
for identifying taxpayer accounts with installment agreements as
opposed to using its master files for this purpose. However, IRS did
not verify that the IDRS programs reduced the FTP penalty rate on all
of the taxpayer's accounts covered by the installment agreement.
According to IRS, it had identified this problem in July 2007 and took
action to correct the IDRS program. IRS believed it had resolved the
problem in October 2007. However, its corrective actions did not
address the unusual situation where an individual taxpayer had an
installment agreement covering multiple TINs. After we brought this
specific error to its attention, IRS researched IDRS and determined
that the remaining program error may[Footnote 17] have caused the FTP
penalties to be over-assessed against approximately 12,000 taxpayers.
[Footnote 18]
We had previously reported that IRS's controls did not ensure computer
programs affecting penalty computations were designed or functioned in
accordance with the intent of IRS's policies and procedures.[Footnote
19] In August 2007, IRS established additional procedures to
institutionalize reviews of newly implemented computer programs and
program changes affecting penalty computations to ensure they are
designed and function in accordance with the intent of IRS's policies.
The specific error we identified in 2008 relates to computer programs
that IRS had implemented before 2007 and thus, would not have been
covered by the forward looking policy. To provide this look-back
perspective for programs already in place, IRS initiated an internal
study during 2008 to identify other existing penalty programs that were
not functioning in accordance with the IRM. In our previous management
report, we had recommended that IRS 1) complete and document the
results of that review and 2) take appropriate action to correct any
programs that were not functioning in accordance with the IRM. IRS
completed its review in June 2008 and documented a listing of computer
programs affecting penalty calculations that did not conform to its
policies, but IRS had not completed corrective actions to address the
issues it identified. As a result, inaccurate penalty assessments were
made against some taxpayers.
Recommendation:
We recommend that you direct the appropriate IRS officials to correct
the IDRS computer program for identifying individual taxpayers who have
entered into an installment agreement so that except in situations
where the taxpayer did not file the tax return timely, FTP penalty
assessments made after the date of the installment agreement are
calculated using the monthly one-quarter of one percent penalty rate on
all of the taxpayer's accounts covered by the installment agreement.
IRS Comments and Our Evaluation:
IRS agreed with our recommendation and stated that it had implemented
programming changes in January 2009 so that FTP penalty assessments are
calculated at the reduced rate for all eligible installment agreements.
We will evaluate the effectiveness of IRS's programming change during
our audit of IRS's fiscal year 2009 financial statements.
Monitoring of Manual Refunds:
During our fiscal year 2008 financial audit, we found that IRS's
internal controls for processing manual refunds were not fully
effective in minimizing the risk of issuing duplicate refunds.
Specifically, we found that IRS did not have policies and procedures
for assigning back up staff to ensure that ongoing monitoring
activities were performed while staff who routinely initiate manual
refunds were absent for an extended period of time. Without designating
back up staff to perform the weekly monitoring of a taxpayer's manual
refund account, there is an increased risk that the issuance of a
duplicate refund will not be prevented.
Most refunds are generated automatically by IRS's automated systems
after the taxpayers' returns are posted to their accounts in IRS's
master files. However, in certain situations, refunds are processed
manually to expedite the refund process when it is considered to be in
the best interest of IRS and/or the taxpayer. Because a manual refund
is not generated through routine IRS automated system processing, it is
not subject to most of the automated system validity checks performed
and may be issued within a few days of initiation. However, while
manual refunds can be issued quickly, they are not posted to the
taxpayers' master file accounts until several weeks after being issued.
Conversely, automated refunds are first posted to the taxpayer's master
file account and issued to the taxpayer afterwards. The delay in
recording manual refunds to taxpayer accounts increases the potential
for erroneous or duplicate refunds because IRS's manual and automated
refund processing are not systematically coordinated to prevent
duplicate refunds from being issued.
To prevent duplicate refunds from being issued, the IRM requires manual
refund initiators, who process manual refunds, to (1) closely monitor
the taxpayer's account and (2) document their monitoring activity until
the manual refund posts to the taxpayer's master file account. When the
manual refund posts to the taxpayer's master file account, IRS's
automated system removes the credit balance from the taxpayer's
account, which prevents a duplicate automated refund from being issued.
However, throughout the period it takes for the manual refund to post,
the manual refund initiators are responsible for monitoring the
accounts for the posting of a duplicate refund generated by IRS's
automated system. Whenever manual refund initiators identify the
posting of a duplicate automated refund, they are required to take the
necessary action to stop the automated refund from actually being
issued to the taxpayer.
During our 2008 review of manual refund activities at one campus, we
found that IRS did not perform and document weekly monitoring
activities of manual refunds in one unit while the responsible manual
refund initiator was absent or on leave. We reviewed four taxpayer
accounts where a manual refund had been issued prior to our visit and
found that for one of the accounts, monitoring was not performed and
documented weekly as required by the IRM. According to the manual
refund initiator's supervisor, the employee that initiated the manual
refund went on leave after initiating the refund. However, there were
no specific IRM procedures for monitoring manual refund accounts when
initiators responsible for monitoring are absent, such as designating
staff to act as back ups to monitor manual refund accounts. As a
result, when manual refund initiators are absent more than a week,
monitoring of manual refund accounts and documenting of monitoring
activities are not conducted as required by the IRM. Consequently, IRS
faces an increased risk that duplicate refunds will not be detected and
stopped in time to prevent their disbursement.
Recommendation:
We recommend that you direct the appropriate IRS officials to add
specific requirements to the IRM to require that manual refund units
assign back up staff to perform manual refund monitoring activities
whenever a manual refund initiator is absent for an extended period of
time.
IRS Comments and Our Evaluation:
IRS agreed with our recommendation and stated it would revise the IRM
by September 2009 to require management to reassign the monitoring of
manual refunds to back up staff when employees who perform monitoring
actions on manual refund activities are out on leave one week or more.
We will verify the changes to the IRM during future audits after IRS
has updated the IRM.
Courier Monitoring at Service Center Campuses:
During our fiscal year 2008 financial audit, we found that IRS
officials were not effectively monitoring couriers while they were in
transit between service center campuses (SCC) and depository
institutions. IRS contracts with courier companies to transfer taxpayer
receipts from the SCCs to financial institutions for deposit. IRS
developed policies designed to minimize the risk of losses while
couriers are en route to the financial institutions, such as requiring
that couriers travel directly to their designated destinations without
unauthorized stops.
We previously reported instances where couriers were not always
following IRS policies for handling taxpayer receipts and
information.[Footnote 20] These instances included (1) couriers' not
always transporting taxpayer receipts and information directly to their
destinations, (2) couriers leaving their vehicles containing deposits
unattended, (3) couriers making unauthorized stops and transferring the
taxpayer receipts and information from the vehicle used to pick up the
deposit to another vehicle, and (4) solo couriers transporting taxpayer
receipts and information. In response, IRS implemented several
corrective actions including instructing SCC officials to (1) monitor
the Form 10160, Receipt for Transport of IRS Deposit, used by couriers
to document the delivery of tax payments to the depository institution
to ensure that the form included a date and time stamp and the
signature of a depository institution employee acknowledging receipt,
(2) review the Form 10160 and note any time discrepancies, and (3)
question couriers if discrepancies are identified and document this
information in the Courier Incident Log. In addition, IRS previously
communicated to us that SCC officials would use their discretion to
determine whether it is necessary to conduct surveillance on couriers
if inconsistencies are identified.[Footnote 21]
At each of the three SCCs we visited during our fiscal year 2008 audit,
we found that IRS had not (1) provided guidance to assist SCC officials
in identifying discrepancies and determining whether to initiate
procedures to trail couriers or (2) established minimum standards for
how often the trailing should occur as part of its efforts to routinely
monitor deposits entrusted to couriers off-site. Specifically, the
instruction that SCC officials use their discretion in determining
whether to trail couriers--which was not documented in any IRS
guidance--was vague regarding criteria for trailing couriers in the
event that specified time discrepancies or other inconsistencies were
noted with respect to the courier's performance. As a result, these
officials were unaware how or if they should perform this type of
monitoring activity. Consequently, the campuses lacked the necessary
means to effectively monitor adherence to the requirement that contract
couriers travel directly from the campus to the depository institution
without unauthorized or stops.
Internal control standards[Footnote 22] require that agencies establish
physical controls to secure and safeguard vulnerable assets, such as
IRS receipts and taxpayer information, and that access be limited to
authorized individuals to reduce the risk of unauthorized use or loss
to the government. In addition, internal control should be designed to
assure that ongoing monitoring occurs in the course of normal
operations. The IRM requires that SCC employees ensure that couriers do
not make any stops between the campus and the depository institution.
However, the IRM did not establish (1) criteria for determining whether
to trail couriers in the event certain time discrepancies or other
inconsistencies were noted, or (2) guidance for conducting off-site
courier surveillance. Because this criteria and guidance were not
established, the risk is increased that taxpayer receipts and
information may be lost while in the custody of contract couriers, and
that any losses that occur may not be timely detected.
Recommendations:
We recommend that you direct the appropriate IRS officials to document
in the IRM minimum requirements for:
* Establishing criteria for time discrepancies or other
inconsistencies, which if noted as part of the required monitoring of
Form 10160, Receipt for Transport of IRS Deposit, would require off-
site surveillance of couriers.
* Conducting off-site surveillance of couriers entrusted with taxpayer
receipts and information.
IRS Comments and Our Evaluation:
IRS agreed with our recommendations concerning courier monitoring at
SCCs. IRS stated that it added criteria for establishing specific time
requirements and escalation procedures to the courier instructions in
the IRM in May 2009. In addition, IRS stated that it will develop and
implement procedures for courier surveillance at submission processing
campuses and update the IRM with the courier surveillance procedures by
December 2009. We will verify the changes to the IRM during future
audits after IRS has updated the IRM.
Volume of Receipts at Taxpayer Assistance Centers:
During our fiscal year 2008 financial audit, we found that information
on the total number and dollar amount of taxpayer receipts received at
IRS's TACs was not readily available to IRS management. Specifically,
we found that IRS did not track the total number or dollar amount of
taxpayer receipts received at TACs at the individual TAC, group,
territory, area, or nationwide level. Because this financial
information was not tracked and therefore not readily available, IRS
management lacked financial information that would be useful in making
operating decisions and assessing risk at the TACs.
Internal control standards[Footnote 23] state that information should
be recorded and communicated to management and others within the entity
who need it and in a form and within a time frame that enables them to
carry out their internal control and other responsibilities. In
addition, internal control should be designed to assure that ongoing
monitoring occurs in the course of normal operations. Program managers
need financial data to determine whether they are meeting their goal of
being accountable for the effective and efficient use of resources. The
volume of receipts processed by a specific location is the type of
financial information that would be useful in making informed operating
decisions, such as determining how to effectively manage the risks
associated with receiving tax receipts and taxpayer information. For
example, TACs that receive a larger amount of cash receipts may need
more stringent physical security and procedural controls in place to
help ensure that identified risks are appropriately mitigated. Also,
the volume and amount of receipts may affect decisions on staffing
levels and service hours at the TACs. Because IRS does not track the
dollar amounts and volumes of taxpayer receipts received at TACs and
does not routinely report this information to allow for periodic
monitoring of risk, it lacks certain information which could assist in
managing the risk associated with receiving tax receipts and taxpayer
information at its TAC facilities.
Recommendation:
We recommend that you direct appropriate IRS officials to establish
procedures to track and routinely report the total dollar amounts and
volumes of receipts collected by individual TAC location, group,
territory, area, and nationwide.
IRS Comments and Our Evaluation:
IRS agreed with our recommendation and stated it will establish
procedures and, contingent on the availability of funding, design a
system to track and routinely report the total dollar amounts and
volumes of receipts collected by individual TAC location, group,
territory, area, and nationwide by October 2012. We will evaluate the
effectiveness of IRS's efforts during future audits.
Taxpayer Assistance Center Electronic Alarm System:
During our fiscal year 2008 financial audit, we found that IRS's
control procedures at the 10 TACs we visited did not ensure that all
duress alarms were tested and that related physical security issues
were monitored and appropriately addressed.
To manage the risk of physical threats to IRS employees and the assets
they safeguard, IRS maintains a system of electronic duress alarms at
key locations in its TACs. The duress alarms are linked to a staffed
central monitoring station that is responsible for notifying a
qualified first responder and contacting a designated IRS official or
officials when an alarm is set off. The activation of each alarm,
including date and time, is compiled by the central monitoring station
in an Emergency Signal History report. This report summarizes the
results of the activation of the duress alarm, even in test status, and
also details all incidents recorded by the central monitoring station,
such as activated intrusion detection alarm signals and the response of
the dispatcher. The report is available to the IRS physical security
analyst responsible for each TAC location and is sometimes used as a
tool to conduct quarterly tests of a facility's duress alarms. The IRM
requires quarterly testing of TAC duress alarms.
During our audit, we found that IRS's existing procedures did not (1)
provide reasonable assurance that quarterly tests of a facility's
duress alarms were complete, the results documented, and any findings
tracked until they are resolved; (2) require periodic documented
reviews of the central monitoring station's Emergency Signal History
reports to ensure that security activity detailed in the reports were
monitored; and (3) include a requirement to track the latest update
(calendar date) of the emergency contact list provided to the central
monitoring station in order to ensure that appropriate IRS officials
were contacted during emergencies.
Specifically, we found the following:
* At four TACs, IRS did not include all of the duress alarms in the
most recent quarterly alarm test.
* At one TAC, IRS was unable to provide evidence documenting that all
duress alarms were included in the most recent quarterly alarm test.
* At all 10 TACs we visited, there was no documented review of the (1)
Emergency Signal History reports generated by the central monitoring
station or (2) emergency contact lists provided by IRS to the central
monitoring station.
As part of our review, we asked each of the IRS officials responsible
for conducting the quarterly alarm test for the instructions used to
conduct the test. In each instance, we were informed that there were no
instructions available. Our review of four TACs revealed that a total
of five duress alarms were not included in the most recent quarterly
test. IRS's policy for conducting quarterly duress alarm tests did not
require an inventory of the duress alarms before the tests were
conducted or a reconciliation of those alarms to the test results. In
response to our findings, IRS officials told us that the alarms were
not tested because the person conducting the test was either unaware of
the alarms, overlooked the alarms, or was not informed that a new alarm
had been installed. At a fifth TAC, IRS could not provide evidence that
all alarms were tested.
In reviewing the Emergency Signal History reports, we found an instance
at one TAC where the central monitoring station dispatcher, in response
to an alarm activation, contacted an employee who no longer worked at
the location to investigate the alarm and close out the alarm
activation. In another instance, an unauthorized individual had access
to the security code and was allowed to close out an alarm activation.
Additionally, during our review of the emergency contact list at
another TAC, we noted one employee on the list who no longer worked at
that location. In each of these instances, the physical security
analysts were unaware of these issues until we brought the matters to
their attention.
Internal control standards[Footnote 24] require physical controls to
limit access to vulnerable assets and require that access to resources
and records, such as IRS receipts and taxpayer information, be limited
to authorized individuals to reduce the risk of unauthorized use or
loss to the government. Internal controls need to be clearly documented
and should appear in official procedural guidance. Also, these
standards require agencies to enforce adherence to management policies
and procedural requirements, such as management reviews, to create and
maintain records providing evidence that these controls are executed
and to assure that ongoing monitoring occurs to assess the quality of
performance over time. These monitoring controls include ongoing
management and supervisory activities, comparisons, and
reconciliations. In addition, IRS's IRM establishes security
requirements intended to minimize the potential for loss of life and
property, the disruption of services and functions, and the
unauthorized disclosure of documents and information. However, if IRS
employees responsible for conducting quarterly alarm tests or other
reviews are not provided instructions for conducting these tests and a
listing of the electronic alarms at each location, and are not
adequately documenting the results of these tests, IRS cannot be
assured that the internal controls over this activity are being
effectively carried out. This, in turn, increases the risk that IRS
will not appropriately respond in an emergency situation to protect its
employees and facilities and to safeguard taxpayer receipts and
information.
Recommendations:
We recommend that you direct appropriate IRS officials to do the
following:
* Establish procedures to ensure that an inventory of all duress alarms
is documented for each location and is readily available to individuals
conducting duress alarm tests before each test is conducted.
* Establish procedures to periodically update the inventory of duress
alarms at each TAC location to ensure that the inventory is current and
complete as of the testing date.
* Provide instructions for conducting quarterly duress alarm tests to
ensure that IRS officials conducting the test (1) document the test
results for each duress alarm listed in the inventory including date,
findings, and planned corrective action and (2) track the findings
until they are properly resolved.
* Establish procedures requiring that each physical security analyst
conduct a periodic documented review of the Emergency Signal History
Report and emergency contact list for its respective location to ensure
that (1) appropriate corrective actions have been planned for all
incidents reported by the central monitoring station and (2) the
emergency contact list for each location is current and includes only
appropriate contacts.
IRS Comments and Our Evaluation:
IRS agreed with our recommendations to enhance controls over duress
alarm testing and the monitoring actions to address physical security
issues. IRS stated that it will issue interim guidance requiring
Territory Managers to: 1) document the inventory of all duress alarms
for each location so that it is readily available to individuals
conducting duress alarm tests before each test is conducted; 2) update
the inventory of all duress alarms quarterly; 3) document the results
of the quarterly duress alarm tests, including date, findings, and
planned corrective action, and track the findings until they are
resolved; 4) ensure that the Physical Security and Emergency
Preparedness office (PSEP) representative at each facility conducts a
periodic documented review of the central monitoring station's
Emergency Signal History Report; 5) require that the PSEP
representative ensure that appropriate corrective actions are planned
for all deficiencies or incidents requiring actions reported by the
central monitoring station; and 6) require the PSEP representative to
conduct a periodic review of the emergency contact list for each
location to ensure it is current and includes only appropriate
contacts. IRS stated that it plans to revise the IRM to include all of
the above guidance by September 2009. We will verify the changes to the
IRM and evaluate the effectiveness of IRS's efforts after the changes
are fully implemented during future audits.
Purchase Card Approvals:
During our fiscal year 2008 financial audit, we found that IRS's
controls over the processing of purchase card transactions did not
adequately ensure that approving officials reviewed and approved
purchases timely. We selected a statistical sample of 80 manual and Web-
based purchase card transactions processed between October 9, 2007, and
May 8, 2008.[Footnote 25] We found that 6 of these 80 transactions had
not been approved by an approving official within IRS's required time
frames. On the basis of this work, we estimate that 7.5 percent of
total purchase card transactions processed between October 9, 2007, and
May 8, 2008 had not been approved by an approving official within IRS's
established time frames.[Footnote 26]
IRS's purchase card guide requires purchase card approving officials to
review and approve manual transactions within 3 calendar days from
receipt of the purchase cardholder's statement of account. The guide
also requires approving officials to review and approve Web-based
transactions within 10 business days of the transaction's download date
in IRS's Purchase Card Module.[Footnote 27] The six transactions we
identified were approved after these time frames and included both
manual and Web-based purchase card transactions. For example, an
approving official did not approve one Web-based transaction until 5
weeks after the transaction's download date.
Internal control standards[Footnote 28] require transactions to be
promptly recorded and authorized by persons acting within the scope of
their authority. This is the principal means of assuring that only
valid transactions are initiated or entered into.
The late approvals for these six transactions had not previously been
identified by IRS in part because IRS did not have adequate controls to
monitor for compliance with the required approval time frames. Because
IRS must pay the purchase card issuing bank on time, regardless of
whether the transactions have been approved or not, it is critical for
approving officials to review and approve these transactions timely so
that any disputed or rejected purchases can be promptly investigated
and resolved. The lack of procedures to identify and follow up on
overdue approvals compromises internal control over the purchase card
program and increases the risk of erroneous, improper, and fraudulent
purchases.
Recommendation:
We recommend that you direct appropriate IRS officials to develop,
document, and implement procedures to regularly monitor the timeliness
of purchase card approvals. This should include establishing procedures
and responsibility for identifying and following up on instances of non-
compliance with required approval timeframes.
IRS Comments and Our Evaluation:
IRS agreed with our recommendation to monitor the timeliness of
purchase card approvals and to follow up on non-compliance. IRS stated
that its Agency-Wide Shared Services (AWSS) Credit Card Services Branch
now monitors compliance with purchase card requirements through monthly
reviews. We will review the documentation and scope of these monthly
reviews and review IRS's actions to address non-compliance during our
audit of IRS's fiscal year 2009 financial statements to ensure this
issue is being appropriately addressed.
Use of Expired Appropriations:
During our fiscal year 2008 audit, we found that IRS's controls over
the use of appropriated funds did not always prevent the improper use
of expired appropriations to fund current year obligations. While
testing a statistical sample of 14 upward adjustments to prior year
obligations as of July 31, 2008, we found two instances of improper
contract actions totaling over $485,000 in which IRS improperly used
fiscal year 2007 appropriations, which had expired, to fund fiscal year
2008 procurement transactions.[Footnote 29] In both instances, the
obligation of prior year appropriations was improper, as was the
recorded upward adjustment to prior year obligations. After we brought
these matters to its attention, IRS made adjustments to correct the
errors by de-obligating fiscal year 2007 funds that were improperly
used and obligating fiscal year 2008 funds to pay for the transactions
in question. Because IRS corrected these errors, it was able to avoid
violating the Antideficiency Act, which prohibits IRS officers and
employees from obligating or expending funds in advance or in excess of
applicable appropriations.[Footnote 30] Additionally, because these
were unique situations, we concluded that projecting the exceptions to
the population of upward adjustments would be inappropriate.
In the first instance, an IRS employee used a purchase card to place
orders for calendars in October 2007, the first month of fiscal year
2008, and charged the purchase against fiscal year 2007 funds that had
been committed (or administratively reserved) in the prior fiscal year.
In accordance with the Recording Statute,[Footnote 31] IRS should not
have recorded an obligation of funds until it had a binding agreement
[Footnote 32] with another party, which occurred in fiscal year 2008
when IRS placed its order. Furthermore, because the obligation occurred
in fiscal year 2008, under the Time Statute,[Footnote 33] IRS should
have used fiscal year 2008 funds to pay for it. In the second instance,
IRS inappropriately used expired fiscal year 2007 appropriations to
fund two contract modifications, in December 2007 and again in January
2008, to acquire information technology support services for fiscal
year 2008. The original contract and the subsequent modifications
included a "Limitation of Funds"[Footnote 34] clause which made it
clear that IRS had obligated only a portion of the estimated cost of
performance under the contract and the contractor would not be paid
additional amounts unless IRS obligated additional funds to the
contract. Further, the funding modifications covered fiscal year 2008
"severable services"[Footnote 35] and therefore were new obligations
that should have been funded with fiscal year 2008 appropriations.
Internal control standards[Footnote 36] require agencies to establish
controls to assure that only valid transactions to exchange, transfer,
use, or commit resources and other events are initiated or entered
into. IRS's IRM restates the Account Closing Law that (1) new
obligations may not be incurred against expired appropriations and (2)
expired balances are available only for upward and downward adjustments
to existing obligations during the 5 years following expiration of
obligation authority.[Footnote 37] However, the IRM provides little or
no guidance to help employees distinguish between procurement actions
that constitute new obligations versus adjustments to existing
obligations as would be needed in complex situations where such
distinctions are not readily discernable. IRS had a review and approval
process in place that was designed to assure that appropriated funds
were used as intended and during their periods of availability.
However, during fiscal year 2008, this process was not fully effective
in preventing or detecting the improper use of expired appropriations
to fund IRS's current year procurement transactions. In both cases that
we identified, the actions taken by IRS personnel indicated there was a
lack of understanding about the proper uses of expired funds. As a
result, IRS faces increased risk that the appropriated funds it
receives may be improperly used in its operations after their periods
of availability have expired and that it may be unable to detect and
correct such improper acts in time to avoid violating applicable laws
and regulations that govern the use of appropriated funds.
Recommendations:
We recommend that you direct the appropriate IRS officials to revise
the IRM section related to the limited use of expired appropriations to
provide additional guidance to help employees distinguish between
procurement actions that constitute new obligations and those that
merely adjust or liquidate prior obligations that the IRS incurred
during an expired appropriation's original period of availability.
IRS Comments and Our Evaluation:
IRS agreed with our recommendation and stated that by September 2009,
it would: 1) revise the Financial Operating Guidelines section of the
IRM to provide additional guidance to clarify existing procedures
regarding the use of expired appropriations, 2) issue an Annual Close
Guidelines section of the IRM to establish year-end procedures for
expired and closing appropriations, and 3) update the Purchase Card
Handbook section of the IRM to provide guidance and procedures to
preclude the use of expired appropriations when using a purchase card.
We will verify the changes to the IRM and evaluate the effectiveness of
IRS's efforts after they are fully implemented during future audits.
Recording of Undelivered Orders Transactions:
During our fiscal year 2008 audit, we found that IRS's controls over
the recording of undelivered orders transactions did not always prevent
or detect errors that occurred in the accounts. While testing a
statistical sample of 107 undelivered orders as of August 31, 2008, we
found that IRS staff made errors that were not readily detected and
corrected in recording receipt and acceptance transactions and vendor
invoices in the undelivered orders obligation accounts. Specifically,
we found two exceptions totaling over $410,000 in which IRS recorded
duplicate receipt and acceptance entries to the undelivered orders
balances. In a third instance, IRS charged invoice amounts to an
incorrect expenditure category. Based on our testing, we estimate that
the balance of undelivered orders at the time of our testing may be
misstated by as much as $3.3 million.
In one instance, receipt and acceptance for communication services in
the amount of $1,726.18 was charged and recorded twice in the
undelivered orders account. The second recording was based on a
corrected invoice that IRS received several months after it had paid
the first invoice and was detected as a duplicate during the invoice
payment process. Although it had been identified for correction
approximately 4 months earlier, the duplicate receipt and acceptance
remained inappropriately charged against the undelivered orders balance
at the time of our testing in September 2008. In another instance,
receipt and acceptance for management support services in the amount of
$409,243.83 was charged and recorded twice to the undelivered orders
account. The duplicate receipt and acceptance was posted in March 2008;
however, it was not corrected until September 2008. In addition, we
found one instance in which IRS charged three invoices that totaled
$125,302.32 to the incorrect expenditure category of an undelivered
orders sample item. These transactions were charged to contractual
labor, an expense, but they should have been charged to alteration and
repairs, an asset. Although IRS conducted extensive reviews of its
procurement transactions during the invoice payment process and has
been successful in preventing and detecting duplicate payments, any
necessary corrective actions resulting from these reviews may not occur
for four months or longer after the recording of receipt and acceptance
against the undelivered orders balance and, therefore, errors may not
be detected and corrected in a timely manner. As a result, the
undelivered orders balance could be misstated at any given point during
the fiscal year.
Internal control standards[Footnote 38] require that transactions and
other events be accurately and timely recorded to maintain their
relevance and value to management in controlling operations and making
decisions. Control activities also help to ensure that all transactions
are completely and accurately recorded. In addition, the IRM requires
that commitments and obligations be posted timely, and financial plan
managers should make every effort to ensure that data are accurately
posted.[Footnote 39] Nonetheless, because IRS did not have effective
controls in place to ensure it properly recorded receipt and acceptance
transactions to its undelivered orders account balances and charged
obligations to correct obligation lines, IRS had less assurance that
government funds were used as intended and that financial transactions
would be accurately recorded in the accounts and reported in the
financial statements.
Recommendations:
We recommend that you direct the appropriate IRS officials to do the
following:
* Reiterate IRS's existing policy requiring that transactions be
recorded accurately to the undelivered orders obligation accounts.
* Perform existing reviews of transactions recorded in undelivered
orders obligation accounts in a more timely manner in an effort to
detect and correct errors, such as duplicate receipt and acceptance
charges, earlier in the process.
IRS Comments and Our Evaluation:
IRS agreed with our recommendations and stated that it will issue a
memorandum by June 2009 to reiterate its policy requiring that
transactions be recorded accurately to the undelivered orders
obligation accounts. IRS also stated that in December 2008, it
initiated weekly reviews of receipt and acceptance transactions to more
timely identify and correct errors. We will evaluate the effectiveness
of IRS's efforts during our audit of IRS's fiscal year 2009 financial
statements.
Full Cost Management Information:
In our fiscal year 2008 audit,[Footnote 40] we reported that IRS had
not completed the process of developing and institutionalizing the use
of full cost information for the range of its programs and activities.
The full cost[Footnote 41] of programs and activities is an essential
component of the information IRS managers need to evaluate
effectiveness and make better informed decisions about the allocation
of resources among competing demands.
Internal control standards[Footnote 42] state that for an entity to
control its operations, it must have relevant and reliable information
and its program managers must have operational and financial data to
determine whether they are meeting their goals for effective and
efficient use of resources. Federal Accounting Standards Advisory
Board's Statement of Federal Financial Accounting Standards (SFFAS) No.
4, Managerial Cost Accounting Standards and Concepts[Footnote 43]
discusses concepts and gives guidance to federal agencies on developing
and providing managerial cost data to managers. In discussing the
concept of managerial cost accounting information, the statement says
that one of the objectives of managerial cost accounting is to provide
program managers[Footnote 44] with relevant and reliable information
relating costs to programs, their activities, and composition. The
statement further says that a fundamental undertaking of managerial
cost accounting is to match costs with activities and outputs. The
statement notes several criteria for cost accounting information,
including that it be (1) developed in such a way as to ensure that it
has the ability to assist in the measurement of performance, which the
statement says is one of the purposes of managerial cost accounting;
(2) reliable and reported on a consistent basis; (3) at a reasonable
and useful level of data precision; (4) able to accommodate special
information needs of management; and (5) documented through a manual or
handbook.
IRS has recognized the importance of managerial cost accounting by
issuing its own policy on cost accounting. The policy says that one of
the criteria for IRS's managerial cost accounting is to recognize the
full cost of outputs. The policy also says that the purpose of
accumulating and tracking costs is to (1) enhance managers' ability to
measure the costs of activities within their areas of control and to
identify operational trends and variances, (2) compare costs of
producing outputs across different business operating divisions, and
(3) optimize the use of IRS's resources.
IRS also took several additional steps to institutionalize the policy
and the use of full cost data in making management decisions, including
(1) establishing an Office of Cost Accounting within its Chief
Financial Officer (CFO) organization, (2) planning for the inclusion of
the cost policy in the IRM, and (3) developing a training program to
explain the cost policy to IRS managers:
To develop full cost information for its programs, IRS has had to
develop methodologies that supplement the cost data in its cost
accounting system, the Integrated Financial System (IFS).[Footnote 45]
IFS accumulates full cost information at the cost center level,
[Footnote 46] which are low level organizational units, such as an
office within a business operating division. However, IRS cannot
generate information on the full cost of many of its various programs
and activities directly from IFS because, in many instances, the IFS
cost centers do not equate directly to the various programs and
activities that IRS undertakes. In order to establish this relationship
and produce managerially useful full cost data for program officials,
IRS conducted several cost pilot projects to develop and test
methodologies to determine the full cost of certain programs, such as
the Automated Underreporter (AUR) program. For the cost pilot projects,
IRS combined IFS cost data with data from its various workload
management systems,[Footnote 47] such as the time employees spend on
specific programs.
The cost pilot projects developed full cost information at the program
summary level but not down to the level of the activities within those
programs. For example, in the cost pilot for the Automated
Underreporter (AUR) program, IRS developed summary level full cost data
on the many AUR matching activities, but IRS could not identify the
cost of the individual matching activities[Footnote 48] that employees
undertake because IRS's workload management systems do not contain such
data. However, IRS does have data on the revenue collected as a result
of the matches. Although IRS cannot extract such work activity level
data from its current systems, SFFAS No. 4 addresses such situations by
acknowledging that in some instances agencies may have to use cost
finding techniques to develop some cost elements.
The full cost methodologies IRS developed were generally focused on
large programs and not on developing full cost data on specific
activities within these programs and their outputs.[Footnote 49]
However, the development of cost data to match against tax collections
generated by these activities and products is important. Without
comparable full cost information on its programs and activities, IRS is
missing a key component of the information necessary to measure the
effectiveness of its enforcement efforts.
The cost pilot projects have demonstrated that IRS can develop full
cost data at a program summary level, and as such, represent
significant progress. The approach used by the cost pilot projects
requires that a specific methodology be developed for each program and
would also require IRS to develop comparable specific methodologies to
develop full cost information on additional programs or activities.
Thus, continued efforts are needed to provide IRS managers the full
cost information that will allow them to better measure performance and
optimize resource allocation decisions affecting IRS's programs and
activities. Although IRS has begun to take these important steps, it
has not yet institutionalized a formal process to identify over time
the full range of programs and activities for which IRS would consider
full cost information to be useful to executives and program managers
in evaluating effectiveness and in optimizing resource allocation
decisions.[Footnote 50] We acknowledge that identifying these programs
and activities and developing full cost information for each of them
presents significant challenges and will require a sustained effort.
However, without readily available cost information for IRS's programs
and activities, IRS's executives and managers are lacking a critical
component of the range of information they need to make informed
decisions.
To date, IRS's CFO officials have provided significant leadership in
promoting cost awareness throughout IRS and developing full cost
methodologies as envisioned by SFFAS No. 4. Continued leadership from
those officials as well as the involvement of IRS's business operating
division officials is vital. SFFAS No. 4's concept is for agencies to
develop complete and robust cost accounting information on a full range
of agency outputs and products that would allow agency executives and
program managers to compare the effectiveness of various programs and
to optimize the allocation of resources among them.
Recommendations:
To facilitate routine collaboration between CFO and business operating
division officials, including program managers in achieving the goal of
making appropriate full cost information readily available to managers
and executives to support informed decision-making, we recommend that
you direct the appropriate IRS officials to do the following:
* Establish a formal, documented process for identifying over time the
full range of IRS's programs and underlying activities, outputs, and
services for which IRS believes full cost information would be useful
to executives and program managers. Such a process should (1) be
formally established and documented through policies, procedures,
guidance, meeting minutes, and other appropriate means; (2) define the
roles and responsibilities of the CFO and other business units in the
process; and (3) be focused on the goal of determining what cost
information would be useful and the most appropriate means of
developing and reporting it for both existing programs and new programs
as they are initiated.
* For each of the IRS programs, activities, outputs, and services
identified for which full cost information would be useful to IRS
executives and program managers, complete the development of full cost
methodologies to routinely accumulate and report on their full costs,
including down to the activity level where appropriate. Such full cost
data should be readily accessible to IRS program managers whenever they
are needed and should include both personnel costs based on time spent
on specific activities as well as all associated non-personnel costs
and be drawn from or reconcilable to IRS's financial accounting system.
IRS Comments and Our Evaluation:
IRS agreed with our recommendations and cited several corrective
actions taken, including having established the Cost Users Group
through which the business units identify their needs for full cost
information that would be useful to executives and program managers. In
addition, IRS stated that it would continue to develop full cost
information for each of the areas identified by the business units and
that this information will be available to IRS program managers as
needed. We will evaluate the effectiveness of IRS's efforts during
future audits.
Performance Measures for Enforcement Activities:
In our fiscal year 2008 audit,[Footnote 51] we reported that IRS had
not developed key outcome-oriented performance measures,[Footnote 52]
such as dollars collected compared to total costs, to assess the
effectiveness of its enforcement programs and activities. The IRS
includes performance measures as an integral part of its Management
Discussion and Analysis, which is required supplementary information to
its financial statements. Internal control standards discuss the need
for management to track major agency achievements and compare them to
the plans, goals, and objectives established under the Government
Performance and Results Act of 1993 (GPRA).[Footnote 53] The standards
further state that managers need to compare actual performance to
planned or expected results (goals) throughout the organization and
analyze significant differences. GPRA also discusses the need for
agencies to develop performance plans with outcome-oriented goals and
objectives.[Footnote 54]
IRS's existing performance measures, and their related goals, for its
enforcement efforts focus on process-oriented work-in-process
indicators related to discrete activities within the overall collection
effort, such as the percentage of various types of tax returns
examined, AUR coverage,[Footnote 55] criminal investigations completed,
and the number of tax returns examined and closed. While each of these
measures may serve an important operational purpose, they are not
designed to measure the contribution each of these activities makes to
the collection of unpaid taxes, nor do they compare the cost of
collection activities to the tax revenue generated. IRS does not have
such outcome-based performance measures and related goals that are
designed to assess how effective its individual enforcement programs
and activities are in collecting unpaid taxes compared to their costs.
As a result, IRS lacks an effective means by which to measure the
extent to which it is effectively utilizing its available resources to
achieve a critical aspect of its overall mission of collecting unpaid
taxes.
We have previously noted this lack of performance information. For
example, last year we reported that IRS's collection performance
measures address collection coverage and collection efficiency but not
dollars collected.[Footnote 56] We have also reported that although IRS
has made the collection of unpaid payroll taxes one of its top
priorities, it has not established measures or goals to assess its
progress in collecting or preventing the accumulation of payroll tax
debt.[Footnote 57] Additionally, we reported that IRS does not have
specific lower-level performance metrics that target collection actions
or collection results for unpaid payroll taxes and that such
performance metrics could be useful to IRS in measuring the success of
its efforts to collect or prevent the further accumulation of unpaid
payroll taxes and to formulate more effective approaches to dealing
with this compliance issue.
One reason IRS has been reluctant to use enforcement revenue data to
evaluate programs and develop performance measures is because, under
the Internal Revenue Service Restructuring and Reform Act of 1998,
[Footnote 58] IRS is prohibited from using "records of tax enforcement
results" to evaluate employees or impose or suggest production quotas
or goals for employees. However, as we pointed out in our fiscal year
2008 financial audit,[Footnote 59] the statute does not establish a
blanket prohibition on using quantity (dollar) measures to evaluate
organization performance.
Performance measures and goals for IRS's enforcement programs and
activities, including measures of the dollars collected compared to the
cost to assess and collect those dollars, are essential tools to assist
management in assessing the relative merits of its resource allocation
options. IRS has developed extensive collections data on IRS's
enforcement programs, some of which is detailed down to the activity
level. For example, IRS has data on taxes collected from it's over 60
AUR third-party matching activities, such as matching a taxpayer's
reported income against forms 1099 for dividends and interest or form W-
2 wages. This data could be used to develop performance measures, such
as return on investment and related performance goals to evaluate the
effectiveness of those activities, but as discussed in the section of
this report on "Full Cost Management Information," IRS has not
developed comparable cost data. IRS has developed return on investment
information on a limited number of programs for which it has both cost
and enforcement revenue data. However, without comparable cost and
enforcement data on its programs and activities, IRS has limited
ability to develop performance measures or related goals and to compare
the relative effectiveness of its programs and activities. We have
previously recommended that IRS extend the use of return on investment
in future budget proposals to include major enforcement programs.
[Footnote 60]
We acknowledge that IRS may face significant challenges developing data
to calculate such measures and goals. However, doing so would better
position IRS to evaluate the effectiveness of its enforcement
activities, optimize the allocation of resources among its various
programs and work activities, and provide better information with which
to defend its budget proposals. Although IRS management must consider
many factors beyond cost and collections--such as coverage,
compliance,[Footnote 61] and budgetary issues--when making resource
allocation decisions, full cost and tax collection information should
also be a critical factor. In addition, developing and tracking
performance goals against actual performance would assist IRS in
evaluating the effectiveness of its various programs and activities in
achieving IRS's mission.
Recommendation:
We recommend that you direct appropriate IRS officials to develop
outcome-oriented performance measures and related performance goals for
IRS's enforcement programs and activities that include measures of the
full cost of, and the revenue collected from, those programs and
activities (return on investment) to assist IRS's managers in
optimizing resource allocation decisions and evaluating the
effectiveness of their activities.
IRS Comments and Our Evaluation:
While not explicitly agreeing or disagreeing with our recommendation,
IRS stated that it will continue to improve the analytical tools it
uses to inform its resource decisions for major enforcement programs.
IRS noted that return on investment is but one tool that can be used to
improve resource allocation decision-making and that IRS currently uses
a broader set of tools in addition to return on investment, such as
cost/benefit analysis that incorporates a wide range of tangible and
intangible costs and benefits.
As we indicated in our report, we acknowledge that managing IRS's
overall mission of enforcing the tax laws and promoting compliance
necessitates a wide variety of information and performance measurement
tools and that measuring return on investment is but one such tool.
However, it is a critical one. While IRS has developed return on
investment information for a limited number of programs for which it
has both cost and enforcement revenue data, as we discuss in the
report, it has not done so for many of its programs and activities
where it does not currently have cost data to match against revenue
collections, and thus does not use such information to assist in making
routine resource allocation decisions. IRS's current performance
measures and goals for its enforcement activities address only non-
financial outputs, such as coverage and case closure. We believe that
IRS's lack of outcome-related performance measures and related goals
for its enforcement programs and activities that would be focused on
the return (taxes collected) and the investment (cost) limits its
ability to determine the cost-effectiveness of those programs and
activities, to evaluate their relative effectiveness, to make more
informed enforcement-related resource allocation decisions, and to
justify budget requests for its existing programs.
This report contains recommendations to you. The head of a federal
agency is required by 31 U.S.C. § 720 to submit a written statement on
actions taken on these recommendations. You should submit your
statement to the Senate Committee on Homeland Security and Governmental
Affairs and the House Committee on Oversight and Government Reform
within 60 days of the date of this report. A written statement must
also be sent to the House and Senate Committees on Appropriations with
the agency's first request for appropriations made more than 60 days
after the date of the report. Furthermore, to assure GAO has accurate,
up-to-date information on the status of your agency's actions on our
recommendations, we request that you also provide us with a copy of
your agency's statement of actions taken on open recommendations.
Please send your statement of action to me or Ted Hu, Assistant
Director, at HuT@gao.gov.
This report is intended for use by the management of IRS. We are
sending copies to the Chairmen and Ranking Members of the Senate
Committee on Appropriations; Senate Committee on Finance; Senate
Committee on Homeland Security and Governmental Affairs; and
Subcommittee on Taxation and IRS Oversight, Senate Committee on
Finance. We are also sending copies to the Chairmen and Ranking Members
of the House Committee on Appropriations and House Committee on Ways
and Means, the Chairman and Vice-Chairman of the Joint Committee on
Taxation, the Secretary of the Treasury, the Director of OMB, and the
Chairman of the IRS Oversight Board. The report is available at no
charge on GAO's Web site at [hyperlink, http://www.gao.gov].
We acknowledge and appreciate the cooperation and assistance provided
by IRS officials and staff during our audits of IRS's fiscal years 2008
and 2007 financial statements. Please contact me at (202) 512-3406 or
sebastians@gao.gov if you or your staff have any questions concerning
this report. Contact points for our Offices of Congressional Relations
and Public Affairs may be found on the last page of this
correspondence. GAO staff who made major contributions to this report
are listed in enclosure III.
Sincerely yours,
Signed by:
Steven J. Sebastian:
Director:
Financial Management and Assurance:
Enclosures - 3:
[End of section]
Enclosure I: Details on Audit Methodology:
To fulfill our responsibilities as the auditor of IRS's financial
statements, we did the following:
* We examined, on a test basis, evidence supporting the amounts and
disclosures in the financial statements. This included selecting
statistical samples of unpaid assessments, revenue, refunds, accrued
expenses, payroll, nonpayroll, property and equipment, accounts
payable, and undelivered order transactions. These statistical samples
were selected primarily to substantiate balances and activities
reported in IRS's financial statements. Consequently, dollar errors or
amounts can and have been statistically projected to the population of
transactions from which they were selected. In testing some of these
samples, certain attributes were identified that indicated deficiencies
in the design or operation of internal control. These attributes, where
applicable, can be and have been statistically projected to the
appropriate populations.
* We assessed the accounting principles used and significant estimates
made by management.
* We evaluated the overall presentation of the financial statements.
* We obtained an understanding of IRS and its operations, including its
internal control related to financial reporting (including safeguarding
assets) and compliance with laws and regulations (including the
execution of transactions in accordance with budget authority).
* We tested relevant internal control over financial reporting
(including safeguarding assets) and compliance, and evaluated the
design and operating effectiveness of internal control.
* We considered IRS's process for evaluating and reporting on internal
control and financial management systems under 31 U.S.C. § 3512 (c),
(d), commonly referred to as the Federal Managers' Financial Integrity
Act of 1982, and OMB Circular No. A-123, Management's Responsibility
for Internal Control.
* We tested compliance with selected provisions of the following laws
and regulations: Anti-Deficiency Act, as amended (31 U.S.C. §
1341(a)(1) and 31 U.S.C. § 1517(a)); Purpose Statute (31 U.S.C. §
1301(a)); Release of lien (26 U.S.C. § 6325 (a)); Interest on
underpayment, nonpayment, or extension of time for payment of tax (26
U.S.C. § 6601); Interest on overpayments (26 U.S.C. § 6611);
Determination of rate of interest (26 U.S.C. § 6621); Failure to file
tax return or to pay tax (26 U.S.C. § 6651); Failure by individual to
pay estimated income tax (26 U.S.C. § 6654); Failure by corporation to
pay estimated income tax (26 U.S.C. § 6655); General rule on deposit of
internal revenue collections (26 U.S.C. § 7809(a)); Interest penalties
under the Prompt Payment Act (31 U.S.C. § 3902(a), (b), and (f));
Limitations on discount payments under the Prompt Payment Act (31
U.S.C. § 3904); Pay and Allowance System for Civilian Employees (5
U.S.C. §§ 5332 and 5343, and 29 U.S.C. § 206); Federal Employees'
Retirement System Act of 1986, as amended (5 U.S.C. §§ 8422, 8423, and
8432(c)(1)(A)); Social Security Act of 1935, as amended (26 U.S.C. §§
3101 and 3121 and 42 U.S.C. § 430); Federal Employees Health Benefits
Act of 1959, as amended (5 U.S.C. §§ 8905, 8906, and 8909); Financial
Services and General Government Appropriations Act, 2008, Pub. L. No.
110-161, div. D, tit. I, 121 Stat. 1844 (Dec. 26, 2007); Revised
Continuing Appropriations Resolution, 2007, Pub. L. No. 110-5, §§ 101,
103, 104, 21050, 21053, 121 Stat. 8, 9, 54 (Feb. 15, 2007), which
incorporates by reference certain provisions in the Department of the
Treasury Appropriations Act, 2006, Pub. L. No. 109-115, div. A, tit.
II, 119 Stat. 2432, 2436- 7 (Nov. 30, 2005); and Revised Continuing
Appropriations Resolution, 2007, Pub. L. No. 110-5, §§ 21051, 21052,
121 Stat. 8, 54 (Feb. 15, 2007), which incorporates by reference
certain provisions in Title II of H.R. 5576 (109th Congress, June 14,
2006); Economic Stimulus Act of 2008, Pub. L. No. 110-185, 122 Stat.
613 (Feb. 13, 2008).
* We tested whether IRS's financial management systems substantially
comply with the three requirements of the Federal Financial Management
Improvement Act of 1996 (Pub. L. No. 104-208, div. A, § 101(f), tit.
VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996); (reprinted in 31.
U.S.C. § 3512 note).
[End of section]
Enclosure II: Comments from the Internal Revenue Service:
Department Of The Treasury:
Internal Revenue Service:
Commissioner:
Washington, D.C. 20224:
June 3, 2009:
Mr. Steven J. Sebastian:
Director:
Financial Management and Assurance:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Sebastian:
I am writing in response to the Government Accountability Office (GAO)
draft of the Fiscal Year (FY) 2008 Management Report titled,
Improvements Are Needed To Enhance IRS's Internal Controls and
Operating Effectiveness (GAO-09-513R). As GAO noted in the report
titled, Financial Audit: IRS's Fiscal Yews 2008 and 2007 Financial
Statements, we continue to make significant progress in addressing
remaining financial management issues and have substantially mitigated
weaknesses in internal controls.
In FY 2008, GAO determined that the remaining issues related to tax
revenue and refunds no longer constitute a material weakness, In
addition, GAO concluded that the remaining issues related to
safeguarding hard-copy taxpayer receipts and data no longer constitute
a significant deficiency because of the significant improvements in
internal controls at the submission processing centers and the lockbox
banks. I have enclosed a response which addresses each of your
recommendations.
We are committed to implementing appropriate improvements to ensure
that the IRS maintains sound financial management practices. If you
have any questions, please contact Alison Doone, Chief Financial
Officer, at (202) 622-6400.
Sincerely,
Signed by:
Douglas H. Shulman:
Enclosure:
[End of letter]
GAO Recommendations and IRS Responses to GAO FY 2008 Management Report
"Improvements Are Needed To Enhance IRS's Internal Controls and
Operating Effectiveness", GAO-09-513R:
Recommendation #1: We recommend that you direct appropriate IRS
officials to correct the Integrated Data Retrieval System (IDRS)
computer program for identifying individual taxpayers who have entered
into an installment agreement so that except in situations where the
taxpayer did not file the tax return timely, failure-to pay (FTP)
penalty assessments made after the date of the installment agreement
are calculated using the monthly one-quarter of one percent penalty
rate on all of the taxpayer's accounts covered by the installment
agreement.
Comments: We agree with this recommendation. We implemented programming
changes in January 2009 so that FTP penalty assessments are calculated
at the reduced rate for all eligible installment agreements.
Recommendation #2: We recommend that you direct appropriate IRS
officials to add specific requirements to the Internal Revenue Manual
(IRM) to require that manual refund units assign back up staff to
perform manual refund monitoring activities whenever a manual refund
initiator is absent for an extended period of time.
Comments: We agree with this recommendation. Wage and Investment (W&I)
Accounts Management will revise IRM 21.4.4.5, Other Manual Refund
Requirements, to state, "When an employee who performs monitoring
actions is out on extended leave (one week or more), management must
reassign the monitoring to a backup." Anticipated completion of the
recommendation is September 2009.
Recommendation #3: We recommend that you direct the appropriate IRS
officials to document in the IRM minimum requirements for establishing
criteria for time discrepancies or other inconsistencies, that if noted
as part of the required monitoring of Form 10160, Receipt for Transport
of IRS Deposit, would require off-site surveillance of couriers.
Comments: We agree with this recommendation. W&I Submission Processing
added criteria for establishing specific time requirements and
escalation procedures to the courier instructions in IRM 3.8.45, Manual
Deposit Process, on May 15, 2009. W&I also will update the IRM after
courier surveillance procedures are developed. Anticipated completion
of the recommendation is December 2009.
Recommendation #4: We recommend that you direct appropriate IRS
officials to document in the IRM minimum requirements for conducting
off-site surveillance of couriers entrusted with taxpayer receipts and
information.
Comments: We agree with this recommendation. The Director, Submission
Processing (SP), and Agency-Wide Shared Services (AWSS) will implement
procedures for courier surveillance at SP campuses. Anticipated
completion of the recommendation is December 2009.
Recommendation #5: We recommend that you direct appropriate IRS
officials to establish procedures to track and routinely report the
total dollar amounts and volumes of receipts collected by individual
Taxpayer Assistance Center (TAC) location, group, territory, area, and
nationwide.
Comments: We agree with this recommendation. W&I Field Assistance will
establish procedures, and contingent on available funding, design a
system to track and routinely report the total dollar amounts and
volumes of receipts collected by individual TAC location, group,
territory, area, and nationwide. Anticipated completion of the
recommendation is October 2012.
Recommendation #6: We recommend that you direct appropriate IRS
officials to establish procedures to ensure that an inventory of all
duress alarms is documented for each location and is readily available
to individuals conducting duress alarm tests before each test is
conducted.
Comments: We agree with this recommendation. The AWSS Physical Security
and Emergency Preparedness office (PSEP) will issue interim guidance
requiring Territory Managers to document the inventory of all duress
alarms for each location that is readily available to individuals
conducting duress alarm tests before each test is conducted. This
requirement will be included in the next revision of IRM 10.2.14.
Anticipated completion of the recommendation is September 2009.
Recommendation #7: We recommend that you direct appropriate IRS
officials to establish procedures to periodically update the inventory
of duress alarms at each TAC location to ensure it is current and
complete as of the testing date.
Comments: We agree with this recommendation. PSEP will issue interim
guidance requiring Territory Managers to update the inventory of all
duress alarms quarterly. This requirement will be included in the next
revision of IRM 10.2.14. Anticipated completion of the recommendation
is September 2009.
Recommendation #8: We recommend that you direct appropriate IRS
officials to provide instructions for conducting quarterly duress alarm
tests to ensure that IRS officials conducting the test (1) document the
test results for each duress alarm listed in the inventory including
date, findings, and planned corrective action and (2) track the
findings until they are properly resolved.
Comments: We agree with this recommendation. PSEP will issue interim
guidance requiring Territory Managers to document the results of the
quarterly duress alarm tests, including date, findings, and planned
corrective action, and track the findings until they are resolved. This
requirement will be included in the next revision of IRM 10.2.14.
Anticipated completion of the recommendation is September 2009.
Recommendation #9: We recommend that you direct appropriate IRS
officials to establish procedures requiring that each physical security
analyst conduct a periodic documented review of the Emergency Signal
History Report and emergency contact list for its respective location
to ensure that (1) appropriate corrective actions have been planned for
all incidents reported by the central monitoring station and (2) the
emergency contact list for each location is current and includes only
appropriate contacts.
Comments: We agree with this recommendation. PSEP will issue interim
guidance requiring Territory Managers to ensure that the PSEP
representative at each facility conduct a periodic documented review of
the central monitoring station's Emergency Signal History Report and
ensure that appropriate corrective actions are planned for all
deficiencies or incidents requiring actions reported by the central
monitoring station. The PSEP representative also will conduct a
periodic review of the emergency contact list for each location to
ensure it is current and includes only appropriate contacts. These
requirements will be included in the next revision of IRM 10.2.14.
Anticipated completion of the recommendation is September 2009.
Recommendation #10: We recommend that you direct appropriate IRS
officials to develop, document, and implement procedures to regularly
monitor the timeliness of purchase card approvals. This should include
establishing procedures and responsibility for identifying and
following up on instances on non-compliance with required approval
timeframes.
Comments: We agree with this recommendation. AWSS updated the Purchase
Card Guide (Document 9185) in February 2009 to establish required
deadlines for timely reconciliation and approval of purchase card
transactions. The AWSS Credit Card Services Branch monitors compliance
with purchase card requirements through monthly reviews.
Recommendation #11: We recommend that you direct appropriate IRS
officials to revise the IRM section related to the limited use of
expired appropriations to provide additional guidance to help employees
distinguish between procurement actions that constitute new obligations
and those that merely adjust or liquidate prior obligations that the
IRS incurred during an expired appropriation's original period of
availability.
Comments: We agree with this recommendation. The Chief Financial
Officer (CFO) will revise IRM 1.33.4, Financial Operating Guidelines,
to provide additional guidance to clarify existing procedures regarding
the use of expired appropriations. In addition, the CFO will issue IRM
1.35.15, Annual Close Guidelines, to establish year-end procedures for
expired and closing appropriations. AWSS also will update IRM 1.32.6,
Purchase Card Handbook, to provide guidance and procedures to preclude
the use of expired appropriations when using a purchase card.
Anticipated completion of the recommendation is September 2009.
Recommendation #12: We recommend that you direct appropriate IRS
officials to reiterate IRS's existing policy requiring that
transactions be recorded accurately to the undelivered orders
obligation accounts.
Comments: We agree with this recommendation. The CFO will issue a
memorandum reiterating the policy requiring that transactions be
recorded accurately to the undelivered orders obligation accounts-
Anticipated completion of the recommendation is June 2009.
Recommendation #13: We recommend that you direct appropriate IRS
officials to perform existing reviews of transactions recorded in
undelivered orders obligation accounts in a more timely manner in an
effort to detect and correct errors, such as duplicate receipt and
acceptance charges, earlier in the process.
Comments: We agree with this recommendation. In December 2008, CFO
initiated weekly reviews of receipt and acceptance transactions to more
timely identify and correct errors.
Recommendation #14: We recommend that you direct appropriate IRS
officials to establish a formal, documented process for identifying
over time the full range IRS's programs and underlying activities,
outputs, and services for which IRS believes full cost information
would be useful to executives and program managers. Such a process
should (1) be formally established and documented through policies,
procedures, guidance, meeting minutes, and other appropriate means, (2)
define the roles and responsibilities of the CFO and other business
units in the process, and (3) be focused on the goal of determining
what cost information would be useful, and the most appropriate means
of developing and reporting it for both existing programs and new
programs as they are initiated.
Comments: We agree with this recommendation. In December 2008, the CFO
Office of Cost Accounting established a Cost Users Group through which
the business units identify their needs for full cost information that
would be useful to executives and program managers. In addition, the
Collection Governance Council and the Examination Enforcement
Governance Council are working with CFO to determine relevant cost
information to support oversight of their respective areas. In August
2007, CFO established a cost accounting policy regarding CFO and
business unit roles and responsibilities related to managerial cost
accounting. The policy will be published as IRM 1.32.3, Cost Accounting
Policy. Anticipated completion of the recommendation is September 2009.
Recommendation #15: We recommend that you direct appropriate IRS
officials responsible for each of the IRS programs, activities,
outputs, and services identified for which full cost information would
be useful to IRS executives and program managers, complete the
development of full cost methodologies to routinely accumulate and
report on their full costs, including down to the activity level where
appropriate. Such full cost data should be readily accessible to IRS
program managers whenever it is needed, and should include both
personnel costs based on time spent on specific activities as well as
all associated non-personnel costs and be drawn from or reconcilable to
IRS's financial accounting system.
Comments: We agree to continue to develop full cost information for
each of the areas identified by the business units and this information
will be available to IRS program managers as needed.
Recommendation #16: We recommend that you direct the appropriate IRS
officials to develop outcome-oriented performance measures and related
performance goals for IRS's enforcement programs and activities that
include measures of the full cost of, and the revenue collected from,
those programs and activities (return on investment) to assist IRS's
managers in optimizing resource allocation decisions and evaluating the
effectiveness of their activities.
Comments: As we stated in our response to the GAO report, "IRS:
Assessment of the 2009 Budget Request and an Update on 2008 Performance
(Job Code 450651)," the IRS agrees to continue to improve the
analytical tools it uses to inform its resource decisions for major
enforcement programs. The IRS already uses cost/benefit analysis,
return on investment, evaluation of possible future scenarios, and
enterprise risk management techniques for a wide range of resource
allocations decisions, such as service and enforcement initiatives
included in the President's Budget.
It is important to understand that return on investment is but one tool
that can be used to improve resource allocation decision-making.
Currently, the IRS uses a broader set of tools, such as cost/benefit
analysis that incorporates a wide range of tangible and intangible
costs and benefits (such as equitable coverage rates for different
groups of taxpayers, enhancing respect for the law, and ensuring that
disadvantaged populations of taxpayers receive adequate levels of
service). It is not prudent to rely exclusively on return on investment
as the sole determinant of resource allocation.
[End of section]
Footnotes:
[1] GAO, Financial Audit: IRS's Fiscal Years 2008 and 2007 Financial
Statements, [hyperlink, http://www.gao.gov/products/GAO-09-119]
(Washington, D.C.: Nov. 10, 2008).
[2] GAO, Information Security: Continued Efforts Needed to Address
Significant Weaknesses at IRS, [hyperlink,
http://www.gao.gov/products/GAO-09-136] (Washington, D.C.: Jan. 9,
2009).
[3] TACs are field assistance units, located within IRS's Wage and
Investment operating division, designed to serve taxpayers who choose
to seek help from IRS in person. Services provided include interpreting
tax laws and regulations, preparing tax returns, resolving inquiries on
taxpayer accounts, receiving payments, forwarding those payments to
appropriate service center campuses for deposit and further processing,
and performing other services designed to minimize the burden on
taxpayers in satisfying their tax obligations. These offices are much
smaller facilities than service center campuses or lockbox banks, with
staffing ranging from 1 to about 35 employees.
[4] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999), contains the internal control
standards to be followed by executive agencies in establishing and
maintaining systems of internal control as required by 31 U.S.C. § 3512
(c), (d) (commonly referred to as the Federal Managers' Financial
Integrity Act of 1982).
[5] Service center campuses process tax returns and payments submitted
by taxpayers.
[6] Lockbox banks are commercial banks that operate under contract with
the Treasury's Financial Management Service to provide tax receipt
processing and deposit services on behalf of IRS.
[7] Field offices are comprised of various units located within IRS's
Small Business and Self Employed (SB/SE), Large and Mid-Size Business
(LMSB), and Tax-Exempt and Government Entities (TE/GE) operating
divisions that administer tax services to corporations, partnerships,
small businesses, state and Indian tribal governments, major
universities, community organizations, municipalities, pension funds,
and individuals with certain types of nonsalary income.
[8] [hyperlink, http://www.gao.gov/products/GAO-09-119].
[9] See 26 U.S.C. §§ 6651, 6654, 6655, 6662.
[10] See IRM, § 20.1.2, Failure to File/Failure to Pay Penalties (Apr.
25, 2008).
[11] IRS's master files contain detailed records of taxpayer accounts.
There are several master files, the most significant of which are the
individual master file, which contains tax records of individual
taxpayers, and the business master file, which contains tax records of
corporations and other businesses.
[12] A taxpayer may have multiple accounts and account modules within
IRS's master files. Each unique account is identified by a taxpayer
identification number (i.e., social security number or an employer
identification number). Each account contains unique modules identified
by the specific tax period (e.g., year, quarter) and tax type (e.g.,
excise tax, individual tax, payroll tax, etc.). Our approach to testing
penalty transactions in IRS's unpaid assessments inventory involves
selecting a sample of taxpayer account modules and verifying the
accuracy of all penalty calculations on each sampled account module.
[13] Unpaid assessments are legally enforceable claims against
taxpayers and consist of taxes, penalties, and interest that have not
been collected or abated. IRS records and retains the record of all
unpaid assessments made against taxpayers in the master files.
[14] Failure-to-pay penalty is a penalty that IRS assesses against
taxpayers when taxpayers fail to pay their outstanding tax liability by
the return due date. The failure-to-pay penalty is calculated based on
the amount of taxes outstanding in the taxpayer's account module, a
penalty rate stipulated in the IRC and IRM, and the number of months
the taxes remain unpaid. See 26 U.S.C. § 6651 and IRM § 20.1.2 (Apr.
25, 2008). The monthly FTP penalty rate generally starts at one-half of
one percent (see IRM § 20.1.2.1.2). IRS may increase the monthly rate
to one percent when the taxpayer fails to pay after repeated notices
(see IRM § 20.1.2.6 and 20.1.2.6.1).
[15] An exception to this policy occurs if the taxpayer did not file
the tax return by the due date. In such situations, IRS would not
reduce the FTP penalty rate to one-quarter of one percent even if the
taxpayer subsequently enters into an installment agreement (see IRM §
20.1.2.8).
[16] IDRS is the system that IRS uses to retrieve and adjust
information in taxpayer accounts on the master files.
[17] The computerized calculation and assessment of FTP penalties on
taxpayer accounts is affected by many factors, including whether the
taxpayer makes a payment following the tax assessment. Consequently,
IRS was unable to determine whether the approximately 12,000 taxpayers
meeting this situation had actually been assessed more FTP penalty than
prescribed by its policies.
[18] We reviewed IRS's criteria for identifying the affected taxpayers
and concur that the problem was confined to those identified by IRS.
Consequently, we did not project these errors to IRS's population of
unpaid assessments.
[19] GAO, Management Report: Improvements Needed in IRS's Internal
Controls, [hyperlink, http://www.gao.gov/products/GAO-08-368R]
(Washington, D.C.: Jun. 4, 2008) and GAO, Management Report:
Improvements Needed in IRS's Internal Controls, [hyperlink,
http://www.gao.gov/products/GAO-07-689R] (Washington, D.C.: May 11,
2007).
[20] GAO, Management Report: Improvements Needed in IRS's Internal
Controls, [hyperlink, http://www.gao.gov/products/GAO-05-247R]
(Washington, D.C.: Apr. 27, 2005).
[21] GAO, Internal Revenue Service: Status of GAO Financial Audit and
Related Financial Management Report Recommendations, [hyperlink,
http://www.gao.gov/products/GAO-08-693 (Washington, D.C.: July 2, 2008).
[22] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[23] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[24] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[25] The sample population consisted of 143,341 purchase card
transactions totaling $31 million.
[26] We are 95 percent confident that the actual percentage of purchase
card transactions not approved in a timely manner is not more that 14.3
percent.
[27] The IRS Purchase Card Guide summarizes IRS policies and procedures
relating to the use of the government purchase card. The procedures
outlined in the guide apply to all IRS business organizations. While
the guidelines may be further restricted by a business organization,
the purchase card guide policies and procedures must be followed.
[28] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[29] The IRS appropriations were available for obligation until the end
of each respective fiscal year (September 30). The funds remain in an
expired status for 5 years thereafter. 31 U.S.C. §§ 1552, 1553.
[30] 31 U.S.C. § 1341.
[31] 31 U.S.C. § 1501(a). The Recording Statute, which governs the
proper recording of obligations, requires an agency to record an
obligation of an appropriation or fund only when the agency has
sufficient documentary evidence of a binding agreement with another
party "executed before the end of the period of availability—for
specific goods to be delivered—or work or service to be provided."
[32] A binding agreement is a contract or other agreement enforceable
by law.
[33] 31 U.S.C. § 1502(a). The Time Statute, which underpins the bona
fide needs rule, authorizes agencies to use a fiscal year appropriation
only to pay for expenses "properly incurred" or contracts "properly
made" during the fiscal year for which the appropriation is available.
[34] FAR §§ 32.705-2, 52.232-22. The Federal Acquisition Regulation's
(FAR) "limitation of funds" clause imposes a cost ceiling: the task
order "specifies the amount presently available for payment by the
Government and allotted to this contract." FAR § 52.232-22(b).
[35] Services are severable when they can be divided into components
that independently provide value to meet the agency's needs as the
service is rendered.
[36] See [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[37] See IRM, §1.33.4.4.6, which restates the Account Closing Law (31
U.S.C. § 1553).
[38] See [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[39] See IRM, § 1.33.4.4.3.
[40] [hyperlink, http://www.gao.gov/products/GAO-09-119].
[41] The "full cost" of a program or activity includes all the direct
costs, including personnel time charges, and indirect costs, such as
the allocation of overhead costs, that are applicable to the program or
activity.
[42] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[43] FASAB Statement of Federal Financial Accounting Standards 4:
Managerial Cost Accounting Standards and Concepts, Version 7
(Washington, D. C.: June 30, 2008).
[44] Statement of Federal Financial Accounting Concepts No. 1,
Objectives of Federal Financial Reporting, defined "program managers"
as individuals who manage federal programs, and stated that "Their
concerns include operating plans, program operations, and budget
execution." SFFAC No. 1, par. 85.
[45] IFS is IRS's administrative accounting system, which IRS uses to
facilitate its core financial management activities, including general
ledger, budget formulation, accounts payable, accounts receivable,
funds management, cost management, and financial reporting. IFS
includes a cost module that IRS uses to facilitate the recording of
cost information for financial reporting and managerial cost accounting
purposes.
[46] IRS defines a cost center as the lowest level at which the IRS
segregates costs. Cost centers are "buckets" that capture costs where
someone has control or responsibility. Each cost center has a manager
and a head count and occupies space.
[47] IRS's workload management systems are electronic databases that
record individual employees' time charges.
[48] These activities generally consist of matching reports of income
paid to a taxpayer, such as reports of wages, dividends, interest,
etc., to the income reported on the taxpayer's income tax filing to
identify discrepancies which may indicate unpaid taxes.
[49] An exception is installment agreements. As the result of an
internal Treasury audit finding, IRS hired a contractor in late fiscal
year 2008 to develop the cost of an installment agreement to support
IRS's user fee charges. (Treasury Inspector General for Tax
Administration, Installment Agreement User Fees Were Not Properly
Calculated or Always Collected, 2008-40-113 (Washington, D.C.: May
2008.)
[50] In fiscal year 2009, IRS created an informal cost users group with
which CFO officials have worked to identify additional full cost
methodology development projects.
[51] [hyperlink, http://www.gao.gov/products/GAO-09-119].
[52] The term, "outcome-oriented performance metrics," refers to the
measurement of the end result of a work activity or series of
activities, such as the taxes collected as a result of a tax assessment
and the collection actions taken by IRS employees, such as telephone
calls to tax debtors.
[53] [hyperlink, http://www.gao.gov/products/GAO-AIMD-00-21.3.1]; GPRA,
Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).
[54] GPRA, Pub. L. No. 103-62, § 4(b), 107 Stat. 285, 287 (Aug. 3,
1993) (codified, as amended, at 31 U.S.C. § 1115(a)).
[55] Coverage is the term used by IRS to refer to the number of each
type of case that is worked, such as individual income tax, business
payroll tax, or corporate income tax.
[56] GAO, Tax Debt Collection: IRS Has a Complex Process to Attempt to
Collect Billions of Dollars in Unpaid Tax Debts, [hyperlink,
http://www.gao.gov/products/GAO-08-728] (Washington, D.C.: June13,
2008).
[57] GAO, Tax Compliance: Businesses Owe Billions in Federal Payroll
Taxes, [hyperlink, http://www.gao.gov/products/GAO-08-617] (Washington,
D.C.: July 25, 2008). Payroll taxes are amounts employers withhold from
employees' wages for federal income taxes, Social Security, and
Medicare, as well as the employer's mandatory matching contributions
for Social Security and Medicare taxes.
[58] Internal Revenue Service Restructuring and Reform Act of 1998,
Pub. L. No. 105-206, § 1204, 112 Stat. 683, 722 (July 22, 1998)
(reprinted in 26 U.S.C. § 7804 note).
[59] [hyperlink, http://www.gao.gov/products/GAO-09-119].
[60] GAO, Internal Revenue Service: Fiscal Year 2009 Budget Request and
Interim Performance Results of IRS's 2008 Tax Filing Season,
[hyperlink, http://www.gao.gov/products/GAO-08-567] (Washington, D.C.:
Mar. 13, 2008).
[61] Compliance is a term used by the IRS to indicate whether a
taxpayer has met its tax responsibilities by filing a timely tax
return, making accurate reports on those returns, and voluntarily
paying the required tax.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
