Financial Audit: Examination of IRS' Fiscal Year 1996 Custodial Financial
Statements (Letter Report, 12/24/97, GAO/AIMD-98-18).
Pursuant to a legislative requirement, GAO examined the Internal Revenue
Service's (IRS) custodial financial statements for fiscal year (FY)
1996.
GAO noted that: (1) GAO was unable to give an opinion on the statement
of financial position because IRS could not provide adequate
documentation to support its balance of federal taxes receivable; (2)
the statement of custodial activity was reliable in all material
respects, except that sufficient evidence supporting the classification
of itemized tax collections and refunds was not available; (3) while GAO
found that total collections of federal revenue (net) and total
transfers to Treasury, net of refund appropriations, as reported on the
statement of custodial activity, are fairly presented in all material
respects in relation to the financial statements taken as a whole, the
classification of itemized collections and refunds of federal taxes
presented on the statement may not be reliable; (4) IRS management
asserted that, except for the material weaknesses identified in IRS' FY
1996 Federal Managers' Financial Integrity Act of 1982 report, internal
controls were effective in: (a) safeguarding assets; (b) assuring
material compliance with laws and regulations; and (c) assuring that
there were no material misstatements in amounts reported in the
financial statements; (5) consequently, the internal controls were not
effective in satisfying the objectives discussed during FY 1996; and (6)
material weaknesses in internal control and recordkeeping systems also
precluded the tests necessary to provide a basis for any report on
compliance with pertinent laws and regulations.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: AIMD-98-18
TITLE: Financial Audit: Examination of IRS' Fiscal Year 1996
Custodial Financial Statements
DATE: 12/24/97
SUBJECT: Accounts receivable
Financial statement audits
Tax administration
Federal agency accounting systems
Financial management
Internal controls
Accounting procedures
Financial records
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO report. Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved. Major **
** divisions and subdivisions of the text, such as Chapters, **
** Sections, and Appendixes, are identified by double and **
** single lines. The numbers on the right end of these lines **
** indicate the position of each of the subsections in the **
** document outline. These numbers do NOT correspond with the **
** page numbers of the printed product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
** A printed copy of this report may be obtained from the GAO **
** Document Distribution Center. For further details, please **
** send an e-mail message to: **
** **
** **
** **
** with the message 'info' in the body. **
******************************************************************
Cover
================================================================ COVER
Report to the Congress
December 1997
FINANCIAL AUDIT - EXAMINATION OF
IRS' FISCAL YEAR 1996 CUSTODIAL
FINANCIAL STATEMENTS
GAO/AIMD-98-18
IRS Financial Audit
(919054)
Abbreviations
=============================================================== ABBREV
CFO - chief financial officer
FMFIA - Federal Managers' Financial Integrity Act
FMS - Financial Management Service
IRS - Internal Revenue Service
OMB - Office of Management and Budget
SFFAS - Statements of Federal Financial Accounting Standards
Letter
=============================================================== LETTER
B-277111
December 24, 1997
To the President of the Senate and the
Speaker of the House of Representatives
In accordance with the Chief Financial Officers (CFO) Act of 1990, as
expanded by the Government Management Reform Act of 1994, this report
presents the results of our audit of the Custodial Financial
Statements of the Internal Revenue Service (IRS) for fiscal year
1996. The IRS Custodial Financial Statements report the financial
position and results of activities related solely to IRS' custodial
responsibilities for implementing federal tax legislation, including
collecting federal tax revenues, refunding overpayments of taxes, and
pursuing collection of amounts owed.
Accordingly, these Custodial Financial Statements do not report on
the financial position and results of operations related to the
administration of IRS as funded by appropriations and reimbursements
from other agencies, state and local governments, and the public. We
reported on the results of our audit of IRS' fiscal year 1996
Administrative Financial Statements on August 29, 1997.\1
Our report contains our opinions on (1) IRS' Custodial Financial
Statements and (2) IRS management's assertion about the effectiveness
of internal controls, along with information regarding our efforts to
test compliance with laws and regulations and a description of our
audit objectives, scope, and methodology. Also, appendix I describes
the status of IRS' efforts to implement our prior recommendations
related to the Custodial Financial Statements.
We are sending copies of this report to the Commissioner of Internal
Revenue; the Secretary of the Treasury; the Director of the Office of
Management and Budget; the Chairmen and Ranking Minority Members of
the Senate Committee on Governmental Affairs, the House Committee on
Government Reform and Oversight and its Subcommittee on Government
Management, Information and Technology; and other interested
congressional committees. Copies will be made available to others
upon request.
If you have any questions about this report, please contact Jeffrey
C. Steinhoff, Director of Planning and Reporting, at (202) 512-9450.
James F. Hinchman
Acting Comptroller General
of the United States
Letter
=============================================================== LETTER
B-277111
To the Commissioner of Internal Revenue
In accordance with the Chief Financial Officers (CFO) Act of 1990, as
expanded by the Government Management Reform Act of 1994, this report
presents the results of our audit of the Custodial Financial
Statements of the Internal Revenue Service (IRS) for fiscal year
1996. The Custodial Financial Statements report the financial
position and results of activities related solely to IRS' custodial
responsibilities for implementing federal tax legislation, including
collecting federal tax revenues, refunding overpayments of taxes, and
pursuing collection of amounts owed.\1
In our audit of IRS' fiscal year 1996 Custodial Financial Statements,
we found the following:
-- We are unable to give an opinion on the Statement of Financial
Position because IRS could not provide adequate documentation to
support its balance of federal taxes receivable. Consequently,
we were unable to determine whether the amount reported for net
federal tax receivables, which comprise over 95 percent of total
custodial assets at September 30, 1996, was fairly stated.
-- The Statement of Custodial Activity was reliable in all material
respects, except that sufficient evidence supporting the
classification of itemized tax collections and refunds was not
available. Accordingly, while we found that Total Collections
of Federal Revenue (net) and total Transfers to Treasury, Net of
Refund Appropriations, as reported on the Statement of Custodial
Activity, are fairly presented in all material respects in
relation to the financial statements taken as a whole, the
classification of itemized collections and refunds of federal
taxes presented on the statement may not be reliable.
-- IRS management asserted that, except for the material weaknesses
identified in IRS' fiscal year 1996 Federal Managers' Financial
Integrity Act of 1982 (FMFIA) report, internal controls were
effective in (1) safeguarding assets, (2) assuring material
compliance with laws and regulations, and (3) assuring that
there were no material misstatements in amounts reported in the
financial statements. The nature of these material weaknesses
was such that they affected our ability to render an unqualified
opinion on IRS' fiscal year 1996 financial statements taken as a
whole. Consequently, the internal controls were not effective
in satisfying the objectives discussed above during fiscal year
1996.
-- Material weaknesses in internal control and recordkeeping
systems, which are discussed later in this report, also
precluded the tests necessary to provide a basis to report on
compliance with pertinent laws and regulations.
--------------------
\1 Financial Audit: Examination of IRS' Fiscal Year 1996
Administrative Financial Statements (GAO/AIMD-97-89, August 29,
1997).
\1 These Custodial Financial Statements do not report on activities
related to IRS' administrative costs as funded by appropriations and
reimbursements from other agencies, state and local governments, and
the public. The annual financial results relating to these
administrative costs and funding are reported separately in IRS'
Administrative Financial Statements. Our audit report on those
statements for fiscal year 1996 was issued in August 1997. See
Financial Audit: Examination of IRS' Fiscal Year 1996 Administrative
Financial Statements (GAO/AIMD-97-89, August 29, 1997).
DISCLAIMER OF OPINION ON
STATEMENT OF FINANCIAL POSITION
------------------------------------------------------------ Letter :1
We are unable to give an opinion on the Statement of Financial
Position as of September 30, 1996, because IRS could not provide
adequate documentation to support the classification of its inventory
of unpaid assessments as federal tax receivables and compliance
assessments.
Because we were unable to determine the appropriateness of IRS'
classifications of its inventory of unpaid assessments, we were
unable to determine whether the amounts reported for net federal tax
receivables and the related allowance for doubtful accounts as
reflected on the Statement of Financial Position as of September 30,
1996, were fairly stated. Also, because of this limitation, which
affects over 95 percent of the custodial assets on the Statement of
Financial Position and which prevented us from being able to give an
opinion, we did not perform testing of other line items on the
Statement of Financial Position, such as Frozen Tax Refunds and
Credits, Tax Refunds Payable, Advances, and Commitments and
Contingencies.
As we have reported in the past\2 and as discussed in a later section
of this report, IRS lacks an accounts receivable subsidiary ledger or
other similar mechanism which routinely tracks receivables
individually from period to period. This condition requires that IRS
use alternative methods to identify the amounts to be recorded as
federal tax receivables on its financial statements. However, these
methods thus far have not provided IRS with the capability to report
accurate and supportable amounts for federal tax receivables.
Further, these methods have not provided the means necessary for IRS
to effectively manage and routinely monitor the status of amounts
owed by taxpayers. This makes it difficult to determine a reasonable
estimate of amounts deemed collectible and could minimize the amounts
IRS may ultimately be able to collect on its federal tax receivables.
--------------------
\2 See Financial Audit: Examination of IRS' Fiscal Year 1995
Financial Statements (GAO/AIMD-96-101, July 11, 1996); Financial
Audit: Examination of IRS' Fiscal Year 1994 Financial Statements
(GAO/AIMD-95-141, August 4, 1995); Financial Audit: Examination of
IRS' Fiscal Year 1993 Financial Statements (GAO/AIMD-94-120, June 15,
1994); and Financial Audit: IRS Significantly Overstated Its
Accounts Receivable Balance (GAO/AFMD-93-42, May 6, 1993).
QUALIFIED OPINION ON STATEMENT
OF CUSTODIAL ACTIVITY
------------------------------------------------------------ Letter :2
Because IRS could not provide sufficient evidence to support the
classification of certain itemized taxes collected and refunded, we
could not determine if the classifications of collection and refund
amounts by tax type--for example, payroll versus corporate taxes--as
reflected on the Statement of Custodial Activity were reliable.
Otherwise, in our opinion, the Statement of Custodial Activity
presents fairly, in all material respects, in conformity with a
comprehensive basis of accounting other than generally accepted
accounting principles as described in note 1, IRS' custodial
activities for taxes collected, refunded, and distributed.
OPINION ON MANAGEMENT'S
ASSERTION ABOUT THE
EFFECTIVENESS OF INTERNAL
CONTROLS
------------------------------------------------------------ Letter :3
We evaluated management's assertion about the effectiveness of its
internal controls designed to
-- safeguard assets against loss from unauthorized acquisition,
use, or disposition;
-- assure the execution of transactions in accordance with laws and
regulations that have a direct and material effect on the
Custodial Financial Statements or are listed in Office of
Management and Budget (OMB) audit guidance and could have a
material effect on the Custodial Financial Statements; and
-- properly record, process, and summarize transactions to permit
the preparation of reliable financial statements and to maintain
accountability for assets.
IRS management stated that, except for the material weaknesses in
internal controls presented in the agency's fiscal year 1996 FMFIA
report on compliance with the internal control and accounting
standards, internal controls provide reasonable assurance that the
following would be prevented or detected for amounts material in
relation to the financial statements:
-- unauthorized acquisition, use, or disposition of assets, that
could lead to losses;
-- noncompliance with laws and regulations; and
-- misstatements in amounts reported in the financial statements.
Management made this assertion based upon criteria established under
FMFIA and the OMB Circular A-123, Management Accountability and
Control. For financial statement reporting, a material weakness is a
condition that precludes the entity's internal control from providing
reasonable assurance that losses, noncompliance, or misstatements
material in relation to the financial statements will be prevented or
detected in a timely basis.
The following material weaknesses, which we also found in our prior
audits of IRS, were reported in IRS' FMFIA report for fiscal year
1996, with the exception of the computer security issues discussed
below. These deficiencies in internal controls may adversely affect
any decision by management that is based, in whole or in part, on
information that is inaccurate because of the deficiencies. Our
internal control work would not necessarily disclose material
weaknesses not reported by IRS. Unaudited financial information
reported by IRS may also contain misstatements resulting from these
deficiencies. The nature of these weaknesses was such that they
affected our ability to (1) render an opinion on IRS' fiscal year
1996 financial statements taken as a whole and (2) conclude on IRS'
compliance with laws and regulations we tested as discussed in a
later section of this report. Consequently, we believe that the
internal controls were not effective in satisfying the objectives
discussed above during fiscal year 1996.
FEDERAL TAX (ACCOUNTS)
RECEIVABLES
---------------------------------------------------------- Letter :3.1
As discussed above, IRS does not maintain an accounts receivable
subsidiary ledger or other similar mechanism that routinely tracks
receivables and their related activity on an ongoing basis.
Consequently, IRS does not have readily available the information on
receivables it needs to prepare its financial statements. To
compensate for this, IRS runs computer programs against its
masterfiles--the only detailed record of taxpayer information it
maintains--to identify taxpayer accounts for which assessments or
other debits exceed receipts received or other credits made to
taxpayers' accounts. After these accounts--unpaid assessments--have
been identified, IRS runs computer programs that utilize transaction
and other codes within the masterfiles to separately classify these
accounts as financial receivables or compliance assessments.\3 Those
accounts that are classified as financial receivables are then
evaluated on a statistical basis by IRS to estimate what amount IRS
ultimately believes it will collect on its receivables. The total
amount deemed collectible by IRS, based on a projection of its
statistical sample, is reported as federal tax receivables on its
custodial Statement of Financial Position. The difference between
the amount estimated to be collectible and the total amount
identified as financial receivables is reported on the custodial
Statement of Financial Position as an allowance for doubtful
accounts.\4
In our audit of IRS' fiscal year 1995 financial statements,\5 we
reported that IRS was unsuccessful in deriving reliable receivables
information for use in preparing the financial statements. We
reported that errors we identified in the transaction and other
coding of assessments within the masterfiles, coupled with mistakes
IRS made in performing the statistical procedures, resulted in IRS'
sampling results being unreliable for purposes of projecting both the
gross and net receivable amounts for financial reporting.
For our fiscal year 1996 audit, we again reviewed IRS' process for
extracting and classifying taxpayer assessments into financial
receivables and compliance assessments. We also tested samples of
assessments classified by IRS as both financial receivables and
compliance assessments to determine whether IRS' classifications were
appropriate. To test for proper classification, we attempted to
review supporting documents in taxpayer files, such as tax returns,
receipt deposits, correspondence between the taxpayer and IRS, and
other pertinent information.
We found that IRS could not locate sufficient supporting
documentation (such as tax returns and installment agreements) for us
to determine whether IRS had properly classified its inventory of
unpaid assessments as either federal tax receivables or compliance
assessments. Thus, we were unable to determine whether IRS had
appropriately recognized federal tax receivables on the Statement of
Financial Position.
IRS officials stated that the missing documents had either been
destroyed based on the agency's record retention policies or simply
could not be located. The lack of a detailed listing, or subsidiary
ledger, for receivables, coupled with IRS not readily maintaining
supporting documents on outstanding accounts receivable, increases
the risk that material amounts may be inappropriately included or
excluded from the financial statements. Additionally, IRS' not
maintaining adequate documentation, in many cases, to support the
underlying assessments, could affect IRS' ability to pursue
collection from taxpayers on amounts owed, resulting in lost tax
revenue, including interest and penalties, to the government.
In an effort to address some of the concerns noted above, IRS is
continuing to review all individual assessments in excess of $10
million identified through its computer programs as financial
receivables and compliance assessments to ensure their proper
classification. Additionally, IRS is continuing to refine its
efforts to more accurately classify its unpaid assessments inventory
through various enhancements to the computer programs it uses to
classify these assessments. As part of a larger and long-term effort
to modernize its systems, IRS is also identifying and refining the
business and system requirements necessary to assess the status of
its unpaid assessments and manage its receivables.
IRS' efforts are consistent with our recommendations from prior
years' audits that IRS take steps to ensure that (1) in the
long-term, tax system modernization efforts provide for a mechanism
to enable IRS to readily identify and routinely track and report on
the status of federal tax receivables and (2) in the short-term,
continue to identify ways to improve the accuracy of receivables
reporting through further enhancements to its computer programs and
detailed reviews of taxpayer accounts. (See appendix I.)
--------------------
\3 Compliance assessments occur when IRS records an assessment to a
taxpayer's account, but the taxpayer still has the right to disagree
including through an appeal or in tax court. In contrast, IRS'
federal tax receivables on its Custodial Statement of Financial
Position would consist of assessments where the amounts owed have
been acknowledged either by the taxpayer or a court.
\4 Accounts classified as compliance assessments are deemed by IRS to
not meet the criteria for recognition as receivables on the financial
statements (i.e., no acknowledgement from either the taxpayer or a
court as to the amount owed). However, they are reported in the
notes to the Custodial Financial Statements.
\5 Financial Audit: Examination of IRS' Fiscal Year 1995 Financial
Statements (GAO/AIMD-96-101, July 11, 1996).
NET TAX REVENUE COLLECTED
---------------------------------------------------------- Letter :3.2
As we have reported in our prior financial audits, IRS' custodial
financial management system was not designed to readily support the
preparation of financial statements. Specifically, IRS' Revenue
Accounting Control System--its general ledger--is unable to
sufficiently identify detailed tax revenues collected and related
refunds paid to permit the preparation of its Custodial Financial
Statements. For fiscal year 1995, we reported that IRS had attempted
to extract taxpayer information from its masterfiles to support the
amounts it reported as revenues on the fiscal year 1995 Custodial
Financial Statements.\6 We reported that, while IRS extracted
taxpayer information from its masterfiles, it could not adequately
reconcile this information to its general ledger and the Department
of Treasury's Financial Management Service's (FMS) records.
For fiscal year 1996, IRS again extracted detailed taxpayer
information from its masterfiles to derive the reported amounts for
revenue collections and refunds by tax types on the Custodial
Financial Statements. IRS then performed reconciliations between the
information used to derive the financial statements and (1) summary
amounts recorded in its general ledger and (2) amounts reported for
tax revenues collected and refunds paid by FMS. We found that, for
fiscal year 1996, IRS' overall reconciliation between its masterfile,
general ledger, and amounts reported by FMS, in total, were
materially the same. Based on this, and on our detailed tests of
revenue collection and refund transactions, we were able to determine
that the total Net Collections of Federal Revenue as reported on the
fiscal year 1996 Statement of Custodial Activity was fairly stated in
all material respects in relation to the financial statements taken
as a whole.
However, we were unable to determine whether revenue collection and
refund amounts reported by tax types on the financial statements were
properly classified. The primary reasons we were unable to make this
determination were because (1) IRS could not always provide
documentation to support certain transactions and (2) its record
retention policies and practices resulted in the destruction of other
key documents. By not maintaining the necessary documentation to
support revenue collection and refund activity, IRS' ability to
accurately report such activity by tax type on its financial
statements is significantly reduced.
To address its record retention problems, IRS is performing an
in-depth review to determine for what period, and in what form,
records will be retained to ensure that it has the information
necessary to support tax revenue collections and refunds.
--------------------
\6 See Financial Audit: Examination of IRS' Fiscal Year 1995
Financial Statements (GAO/AIMD-96-101, July 11, 1996).
COMPUTER SECURITY
---------------------------------------------------------- Letter :3.3
IRS relies on computerized information systems to process and account
for its revenue and taxpayer data. These systems should include
controls to prevent or detect unauthorized access and intentional or
inadvertent unauthorized modifications to the data and related
computer programs. In our prior audits of IRS' financial statements,
we reported material weaknesses in IRS' computer security. Also, in
April 1997 we reported that IRS continues to have serious weaknesses
in the controls used to safeguard IRS computer systems, facilities
and taxpayer data.\7 Our review of controls, done to support our
audit of IRS' fiscal year 1996 financial statements, found that such
controls continued to be ineffective. Many issues we previously
identified at five IRS sites remained unresolved at the completion of
our review of IRS computer security controls in May 1997. These
include serious weaknesses in the areas of (1) physical security, (2)
logical security, (3) data communications management, (4) risk
analysis, (5) quality assurance, (6) internal audit and security, (7)
security awareness, and (8) contingency planning. As a result, we
consider computer security as a material weakness because IRS data or
programs could be added, altered, or deleted and not detected in a
timely manner.
Further, we identified examples of weaknesses in our current review
that allowed for unauthorized access and modification to computer
resources, including computer programs and data. The more
significant weaknesses include the following:
-- Computer support personnel were granted excessive access to read
or change sensitive system files or resources. This access gave
them the ability to change, alter, or delete taxpayer data and
associated programs. Access to such data files, which include
the basic operating system software, should be limited to the
minimum number of computer support personnel needed for
maintenance and review. For example, at one facility, 88
computer support personnel had the ability to implement programs
not controlled by the security software.
-- Computer support personnel were granted inappropriate access,
including the ability to both obtain access to data or programs
and alter the automated audit trail that identifies who entered
or changed data. The inherent risk in these privileges is that
data or programs can be added, modified, or deleted and the
related audit trail masked or deleted.
-- Computer support personnel access to system resources was not
adequately monitored. Monitoring the access activities of
employees, especially those who have the ability to alter
sensitive programs and data, can help identify any significant
problems and deter employees from inappropriate and unauthorized
activities. IRS systems record user and system activity in
automated audit logs. However, when thousands of transactions
are involved, reviews cannot be effective unless reports are
available to managers that highlight activity that is unusual or
suspicious so that such activity can be investigated. Proper
supervision of employee actions, especially those having broad
access privileges, requires routine assurance concerning the
propriety of their activities.
-- IRS sites had incomplete disaster recovery plans. The absence
of a comprehensive, current plan increases the likelihood that
IRS would not be able to restore the operations on a timely
basis in the event of a local disaster and increases the risk of
unavailability of the computerized information systems at IRS.
-- At one site, IRS allowed improper access to the commands used to
authorize and generate taxpayer refund checks. Having access to
commands would allow an individual to process a refund payment
without review and approval by a second party. In addition,
although there were methods available for reviewing such access,
there were no monitoring nor any review processes in place to
detect improper refund transactions. This increases the
likelihood that a person with such privileges could perform
unauthorized refund activities. Further, without timely review,
the likelihood of identifying such incidents is decreased.
--------------------
\7 IRS Systems Security: Tax Processing Operations and Data Still at
Risk Due to Serious Weaknesses (GAO/AIMD-97-49, April 8, 1997).
COMPLIANCE WITH LAWS AND
REGULATIONS
------------------------------------------------------------ Letter :4
As discussed above, IRS could not provide adequate documentation to
support the classification of its inventory of unpaid assessments
with respect to federal tax receivables, and of certain itemized
taxes with respect to tax collections and tax refunds. As a result,
we were unable to (1) determine whether federal tax receivables as
reported were valid and collectible, (2) determine whether tax
collections and refunds were properly classified within the
appropriate tax class, and (3) test for compliance with laws deemed
significant to the financial statements.\8 Accordingly, we are unable
to report on IRS' compliance with laws and regulations.
When sufficient evidence to support information reported in the
financial statements is not available for audit, we cannot determine
whether IRS complied with laws and regulations deemed significant to
the financial statements. For example, as discussed earlier, IRS was
unable to provide documentation in many cases to support unpaid tax
assessments. Similarly, as discussed earlier, IRS was unable to
provide documentation to support its reporting of tax collections and
refunds by tax type. Consequently, in both of these cases, we were
unable to determine whether the transactions recorded in IRS'
accounting records complied with laws and regulations.
However, we did note that one issue we have reported in our prior
audits continued to exist during fiscal year 1996. Specifically, IRS
did not base its certifications of excise tax amounts distributed to
specific trust funds on the basis of amounts actually collected. As
we have reported in prior audits,\9 IRS based its certifications of
excise tax distributions to specific trust funds on the assessed
amount, or amount owed, as reflected on the tax returns filed by
taxpayers. This is because IRS does not require taxpayers to provide
the necessary information at the time taxes are collected to certify
the distributions on the basis of amounts actually collected. By
law, distributions of excise taxes to specific trust funds are to be
based on actual collections.
IRS has studied various options to enable it to make final
certifications of amounts distributed based on actual collections and
to develop the underlying information needed to support such
distributions. IRS has finalized a methodology for addressing this
issue and intends to implement it in fiscal year 1998. We will
assess IRS' implementation of its proposal in future audits.
--------------------
\8 These are laws and regulations that have a direct and material
effect on the Custodial Financial Statements or that are listed in
OMB audit guidance and could have a material effect on the Custodial
Financial Statements.
\9 See Financial Audit: Examination of IRS' Fiscal Year 1995
Financial Statements (GAO/AIMD-96-101, July 11, 1996).
CONSISTENCY OF OTHER
INFORMATION
------------------------------------------------------------ Letter :5
IRS' Overview and Supplemental Information contain various data, most
of which is not directly related to the Custodial Financial
Statements. We do not express an overall opinion on this
information. Additionally, because we were unable to express an
opinion on the financial statements taken as a whole due to IRS'
inability to provide sufficient evidence to support amounts reported
in its financial statements and the material weaknesses in internal
controls discussed above, we did not pursue further work on this
information.
IRS' PROGRESS IN IMPLEMENTING
GAO RECOMMENDED IMPROVEMENTS
------------------------------------------------------------ Letter :6
In our prior reports, we made 30 recommendations aimed at improving
IRS' custodial accounting operations.\10 In our assessment this year,
we determined that, to date, IRS had completed action on eight of
these recommendations. IRS believes that it has resolved an
additional 13 recommendations and anticipates closing the remaining
nine in fiscal year 1998. We will review IRS' actions to resolve the
13 recommendations IRS believes it has closed as part of our fiscal
year 1997 financial statement audit. With respect to six of the 22
recommendations, we provided more specific recommendations that are
contained in our April 1997 report on IRS systems security.\11
Progress has been made and actions are underway by IRS to try to
resolve the material weaknesses in internal controls and financial
management problems reported in our audits. Additional corrective
actions are still needed, and IRS continues to state its intention to
commit the necessary resources and management oversight to resolve
these weaknesses. We will continue to advise IRS on how to resolve
these long-standing financial management problems. Appendix I
provides a status of IRS' implementation efforts on the remaining
outstanding recommendations.
--------------------
\10 See Financial Audit: Examination of IRS' Fiscal Year 1995
Financial Statements (GAO/AIMD-96-101, July 11, 1996); Financial
Audit: Examination of IRS' Fiscal Year 1994 Financial Statements
(GAO/AIMD-95-141, August 4, 1995); Financial Audit: Examination of
IRS' Fiscal Year 1993 Financial Statements (GAO/AIMD-94-120, June 15,
1994); and Financial Audit: Examination of IRS' Fiscal Year 1992
Financial Statements (GAO/AIMD-93-2, June 30, 1993).
\11 IRS Systems Security: Tax Processing Operations and Data Still
at Risk Due to Serious Weaknesses (GAO/AIMD-97-49, April 8, 1997).
OBJECTIVES, SCOPE, AND
METHODOLOGY
------------------------------------------------------------ Letter :7
Management is responsible for
-- preparing the annual Custodial Financial Statements in
conformity with the basis of accounting described in note 1;
-- establishing, maintaining, and assessing internal control to
provide reasonable assurance that the broad control objectives
of FMFIA are met; and
-- complying with applicable laws and regulations.
We are responsible for obtaining reasonable assurance about whether
(1) the Statement of Custodial Activity is reliable (free of material
misstatements and presented fairly, in all material respects, in
conformity with the basis of accounting described in note 1), and (2)
management's assertion about the effectiveness of internal controls
is fairly stated, in all material respects, based upon criteria
established under the Federal Managers' Financial Integrity Act of
1982 and the Office of Management and Budget Circular A-123,
Management Accountability and Control.
In order to fulfill these responsibilities, we
-- examined, on a test basis, evidence supporting the amounts in
the Statement of Custodial Activity and related disclosures;
-- assessed the accounting principles used and significant
estimates made by management in the preparation of the Statement
of Custodial Activity;
-- evaluated the overall presentation of the Statement of Custodial
Activity;
-- obtained an understanding of the internal control structure
related to safeguarding assets, compliance with laws and
regulations, and financial reporting, except in the above-noted
areas where IRS was unable to provide sufficient evidence to
support amounts reported in its financial statements; and
-- tested relevant internal controls over safeguarding, compliance,
and financial reporting and evaluated management's assertion
about the effectiveness of internal controls, except in the
above-noted areas where IRS was unable to provide sufficient
evidence to support amounts reported in its financial
statements.
We did not evaluate all internal controls relevant to operating
objectives as broadly defined by FMFIA, such as those controls
relevant to preparing statistical reports and ensuring efficient
operations. We limited our internal control testing to those
controls necessary to achieve the objectives outlined in our opinion
on management's assertion about the effectiveness of internal
controls.
We attempted to perform audit procedures on the limited information
IRS provided; however, for the reasons stated above, we were unable
to perform the necessary audit procedures to opine on IRS' Custodial
Statement of Financial Position or report on IRS' compliance with
laws and regulations.
We did our work in accordance with generally accepted government
auditing standards and OMB Bulletin 93-06, Audit Requirements for
Federal Financial Statements.
AGENCY COMMENTS AND OUR
EVALUATION
------------------------------------------------------------ Letter :8
In commenting on a draft of this report, IRS stated that its ability
to obtain a qualified opinion on its Statement of Custodial Activity
was a significant accomplishment. IRS also reaffirmed its commitment
to improving its revenue reporting and to developing a revenue
accounting system that will address the shortcomings cited in this
report.
IRS stated that it generally agreed with the findings and conclusions
in this report; however, it questioned our inability to express an
opinion on the financial statements taken as a whole because of
concerns with internal controls. IRS officials based that view on
their interpretation of auditing standards. In referring to these
standards, IRS stated that internal control weaknesses do not
preclude rendering an opinion on the financial statements since the
assessment of internal controls is performed to determine the extent
of reliance that can be placed on internal controls and hence the
nature, timing, and extent of substantive testing required.
While this statement is conceptually correct, the nature of one of
the significant internal control weaknesses discussed in this
report--specifically the lack of supporting documentation--prevented
us from substantiating significant line items on IRS' financial
statements. In planning the fiscal year 1996 audit, we had to
consider the weak internal control environment at IRS and, in fact,
designed our audit procedures based on the assumption that we could
not rely on internal controls. This resulted in our having to
increase the level of testing necessary to support our opinion.
However, the lack of sufficient evidence to support (1) the validity
of amounts included in its tax accounts receivable and (2)
classifications of receipts and refunds by tax class precluded us
from being able to opine on the financial statements taken as a
whole. As discussed in this report, among the basic documents that
IRS could not locate and, therefore, were not available to us were
tax returns and other agreements which are typically generated or
signed by the taxpayer. As a result, we were unable to verify the
amounts reported in the financial statements for taxes receivable and
receipts and refunds by tax class, which are material to the
financial statements taken as a whole, and to report on IRS'
compliance with laws and regulations. The existence of an audit
trail to substantiate transactions is fundamental to good accounting
practices, and appropriate documentation is necessary to permit audit
assurance absent other means to validate these transactions.
Further, while IRS believes it provided enough alternative supporting
documentation for the majority of tax accounts receivable cases where
it could not obtain supporting documentation, we considered the
alternatives provided and found that they were unacceptable.
Specifically, we found that the information that was generated from
IRS systems could not be corroborated with sources external to IRS.
While acknowledging that material internal control and system
weaknesses related to tax accounts receivable existed, IRS disagreed
that these weaknesses would impact its ability to effectively manage
and routinely monitor the status of amounts owed by taxpayers or its
ability to pursue collection. We disagree. As we reported in prior
years,\12 improved internal controls and systems would allow IRS to
more effectively manage its tax accounts receivable. For example,
IRS could better manage its collection efforts if it had readily
available detailed subsidiary records of collection activity to
augment data used to establish collection priorities. Also, not
having available relevant supporting documentation, such as tax
returns filed and collection files, can impact the collection process
when taxpayers dispute amounts owed.
Jeffrey C. Steinhoff
Director of Planning and
Reporting
August 8, 1997
(See figure in printed edition.)
--------------------
\12 We initially raised this matter in our report entitled Financial
Audit: IRS Significantly Overstated its Accounts Receivable Balance
(GAO/AFMD-93-42, May 6, 1993). We have continued to include this
issue in our high risk series of reports focusing on IRS management
challenges, High Risk Series: IRS Management (GAO/HR-97-8, February
1997).
PRINCIPAL FINANCIAL STATEMENTS -
CUSTODIAL
============================================================== Letter
(See figure in printed edition.)Overview to the Financial Statements
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)Statement of Financial Position
(Unaudited)
(See figure in printed edition.)Statement of Custodial Activity
(See figure in printed edition.)Notes to Financial Statements
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)Supplemental Financial Information
(See figure in printed edition.)
(See figure in printed edition.)
(See figure in printed edition.)Supplemental Management Information
REPORTS ISSUED AS A RESULT OF
GAO'S AUDITS OF IRS' FISCAL YEARS
1992 THROUGH 1995 FINANCIAL
STATEMENTS AND STATUS OF CUSTODIAL
RECOMMENDATIONS
=========================================================== Appendix I
The results of our efforts to audit IRS' fiscal year 1992, 1993,
1994, and 1995 Principal Financial Statements were presented in our
reports entitled Financial Audit: Examination of IRS' Fiscal Year
1992 Financial Statements (GAO/AIMD-93-2, June 30, 1993), Financial
Audit: Examination of IRS' Fiscal Year 1993 Financial Statements
(GAO/AIMD-94-120, June 15, 1994), Financial Audit: Examination of
IRS' Fiscal Year 1994 Financial Statements (GAO/AIMD-95-141, August
4, 1995), and Financial Audit: Examination of IRS' Fiscal Year 1995
Financial Statements (GAO/AIMD-96-101, July 11, 1996).
In these prior reports, we made numerous recommendations to improve
IRS' custodial accounting operations. We determined the status of
recommendations based on our audit work on IRS' fiscal year 1996
Custodial Financial Statements and on our discussions with IRS
officials. Our assessments of IRS' actions for several
recommendations are discussed in the report. However, we have not
fully assessed the effectiveness of all of the responses identified
in the following table.
Action
in
planning No
Action or specific
Action in planning action
Reports/recommendations complete progress complete planned
------------------------------------- -------- --------- --------- ---------
Financial Audit: IRS Significantly
Overstated Its Accounts Receivable
(GAO/AFMD-93-42, May 6, 1993)
Provide the IRS Chief Financial X
Officer authority to ensure that IRS
accounting system development
efforts meet its financial reporting
needs. At a minimum, the Chief
Financial Officer's approval of
related system designs should be
required.
Take steps to ensure the accuracy of X
the balances reported in IRS
financial statements. In the long
term, this will require modifying
IRS systems so that they are capable
of (1) identifying which assessments
currently recorded in the Master
File System represent valid
receivables and (2) designating new
assessments that should be included
in the receivables balance as they
are recorded. Until these
capabilities are implemented, IRS
should rely on statistical sampling
to determine what portion of its
assessments represent valid
receivables.
Clearly designate the Chief Financial X
Officer as the official responsible
for coordinating the development of
performance measures related to
receivables and for ensuring that
IRS financial reports conform with
applicable accounting standards.
Modify the IRS methodology for X
assessing the collectibility of its
receivables by
--including only valid accounts
receivable in the analysis;
--eliminating, from the gross
receivables balance, assessments
determined to have no chance of
being collected;
--including an analysis of
individual taxpayer accounts to
assess their ability to pay;
--basing group analyses on
categories of assessments with
similar collection risk
characteristics; and
--considering current and forecast
economic conditions, as well as
historical collection data, in
analyses of groups of assessments.
Once the appropriate data are
accumulated, IRS may use modeling to
analyze collectibility of accounts
on a group basis, in addition to
separately analyzing individual
accounts. Such modeling should
consider factors that are essential
for estimating the level of losses,
such as historical loss experience,
recent economic events, and current
and forecast economic conditions. In
the meantime, statistical sampling
should be used as the basis for both
individual and group analyses.
IRS Information Systems: Weaknesses
Increase Risk of Fraud and Impair
Reliability of Management
Information (GAO/AIMD-93-34,
September 22, 1993)
Limit access authorizations for X\a
individual employees to only those
computer programs and data needed to
perform their duties and
periodically review these
authorizations to ensure that they
remain appropriate.
Monitor efforts to develop a X\a
computerized capability for
reviewing user access activity to
ensure that it is effectively
implemented.
Establish procedures for reviewing X\a
the access activity of unit security
representatives.
Use the security features available X
in IRS' operating systems software
to enhance system and data
integrity.
Require that programs developed and X
modified at IRS headquarters be
controlled by a program librarian
responsible for (1) protecting such
programs from unauthorized changes
including recording the time, date,
and programmer for all software
changes, and (2) archiving previous
versions of programs.
Establish procedures requiring that X
all computer program modifications
be considered for independent
quality assurance review.
Formally analyze Martinsburg X
Computing Center's computer
applications to ensure that critical
applications have been properly
identified for purposes of disaster
recovery.
Test the disaster recovery plan. X\a
Monitor service center practices X\a
regarding the development,
documentation, and modification of
locally developed software to ensure
that such software use is adequately
controlled.
Review the current card key access X
system in the Philadelphia Service
Center to ensure that only users who
need access to the facilities
protected by the system have access
and that authorized users each have
only one unique card key.
Establish physical controls in the X\a
Philadelphia Service Center to
protect computers with access to
sensitive data that are not
protected by software access
controls.
Financial Management: Important IRS
Revenue Information Is Unavailable
or Unreliable (GAO/AIMD-94-22,
December 21, 1993)
Develop a method to determine X
specific taxes collected by trust
fund so that the difference between
amounts assessed and amounts
collected is readily determinable
and excise tax receipts can be
distributed as required by law. This
could be done by obtaining specific
payment detail from the taxpayer,
consistent with our April 1993 FTD
report. Alternatively, IRS might
consider whether allocating payments
to specific taxes based on the
related taxpayer returns is a
preferable method.
Determine the trust fund revenue X
information needs of other agencies
and provide such information, as
appropriate. If IRS is precluded by
law from providing needed
information, IRS should consider
proposing legislative changes.
Identify reporting information needs, X
develop related sources of reliable
information, and establish and
implement policies and procedures
for compiling this information.
These procedures should describe
any
(1) adjustments that may be needed
to available information and
(2) analyses that must be performed
to determine the ultimate
disposition and classification of
amounts associated with in-process
transactions and amounts pending
investigation and resolution.
Establish detailed procedures for (1) X
reviewing manual entries to the
general ledger to ensure that they
have been entered accurately and (2)
subjecting adjusting entries to
supervisory review to ensure that
they are appropriate and authorized.
Monitor implementation of actions to X
reduce the errors in calculating and
reporting manual interest, and test
the effectiveness of these actions.
Give a priority to the IRS efforts X
that will allow for earlier matching
of income and withholding
information submitted by individuals
and third parties.
Financial Audit: Examination of IRS'
Fiscal Year 1993 Financial
Statements (GAO/AIMD-94-120, June
15, 1994)
Tax Collection Activities
Ensure that system development X
efforts provide reliable, complete,
timely, and comprehensive
information with which to evaluate
the effectiveness of its enforcement
and collection programs.
Establish and implement procedures to X
analyze the impact of abatements on
the effectiveness of assessments
from IRS' various collection
programs.
Reconcile detailed revenue X
transactions for individual
taxpayers to the master file and
general ledger.
Establish and implement procedures to X
proactively identify errors that
occur during processing of data, and
design and implement improved
systems and controls to prevent or
detect such errors in the future.
Seized Assets
Develop and implement systems and X
standard operating procedures that
incorporate controls to ensure that
seized asset inventory records are
accurately maintained, which include
Establishing specific procedures to X
ensure the prompt and accurate
recording of seizures and disposals,
including guidance addressing the
valuation of seized assets;
Reconciling accounting and inventory X
records monthly as an interim
measure until the successful
integration of inventory and
accounting systems is completed; and
Implementing mechanisms for ensuring X
that annual physical inventories at
field locations are effectively
performed, that discrepancies are
properly resolved, and that
inventory records are appropriately
adjusted.
Determine what information related to X
seized assets, such as proceeds and
liens and other encumbrances, would
be most useful to IRS managers for
financial management purposes and
develop a means for accounting for
these data.
--------------------------------------------------------------------------------
\a With respect to this recommendation, we provided more specific
recommendations that are contained in our report, IRS Systems
Security: Tax Processing Operations and Data Still at Risk Due to
Serious Weaknesses (GAO/AIMD-97-49, April 8, 1997).
(See figure in printed edition.)Appendix II
COMMENTS FROM THE INTERNAL REVENUE
SERVICE
=========================================================== Appendix I
(See figure in printed edition.)
(See figure in printed edition.)
The following is GAO's comment on the Commissioner of IRS' letter
dated November 26, 1997.
GAO'S COMMENT
1. Discussed in "Agency Comments and Our Evaluation" section.
*** End of document. ***