Internal Revenue Service: Custodial Financial Management Weaknesses
(Letter Report, 08/04/1999, GAO/AIMD-99-193).
The Internal Revenue Service (IRS) continues to be plagued by serious
internal control weaknesses that have led to disbursements of fraudulent
and other questionable tax refunds, IRS employees stealing taxpayer
receipts, and errors or delays in posting payments to taxpayers'
accounts. These control weaknesses fall into five major categories: (1)
unpaid assessments, (2) security over receipts and taxpayer information,
(3) refunds and earned income tax credits, (4) revenue reporting and
distribution, and (5) financial reporting. Some weaknesses were evident
in GAO's first audit of IRS' financial statements in fiscal year 1992.
Some weaknesses are more pervasive than GAO had previously reported. For
example, GAO found varying degrees of weaknesses over the security of
receipts and taxpayer information at all 10 IRS service centers, at
other IRS offices, and at banks that process taxpayer information for
IRS. Until IRS corrects these shortcomings--such as ensuring that
taxpayer accounts are properly credited for payments made--these
conditions will undermine IRS' ability to deliver quality customer
service.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: AIMD-99-193
TITLE: Internal Revenue Service: Custodial Financial Management
Weaknesses
DATE: 08/04/1999
SUBJECT: Accounting procedures
Federal agency accounting systems
Financial records
Financial statement audits
Internal controls
Financial management
Tax administration systems
Tax refunds
Reporting requirements
Auditing procedures
IDENTIFIER: Highway Trust Fund
Black Lung Disability Trust Fund
Airport and Airway Trust Fund
Earned Income Tax Credit
EIC
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO report. This text was extracted from a PDF file. **
** Delineations within the text indicating chapter titles, **
** headings, and bullets have not been preserved, and in some **
** cases heading text has been incorrectly merged into **
** body text in the adjacent column. Graphic images have **
** not been reproduced, but figure captions are included. **
** Tables are included, but column deliniations have not been **
** preserved. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
** A printed copy of this report may be obtained from the GAO **
** Document Distribution Center. For further details, please **
** send an e-mail message to: **
** **
** **
** **
** with the message 'info' in the body. **
******************************************************************
United States General Accounting Office GAO Report
to the Commissioner of Internal Revenue August 1999
INTERNAL REVENUE SERVICE Custodial Financial Management Weaknesses
GAO/AIMD-99-193 United States General Accounting Office
Accounting Information and Washington, D.C. 20548
Management Division B-282731
Letter August 4, 1999 The Honorable Charles O. Rossotti
Commissioner of Internal Revenue Dear Mr. Rossotti: Over the past
6 years, we have issued numerous reports about the Internal
Revenue Service's (IRS) internal controls over its financial
operations. These operations dwarf most other financial activities
undertaken by any single entity, public or private, in the world.
While the enormity of the task heightens the need for effective
financial management, our previous audit work identified serious
financial management system deficiencies and internal control
weaknesses that have resulted in losses to the federal government
and unnecessary burden to taxpayers. Many of these deficiencies
continued to exist throughout fiscal year 1998. In our report on
the results of our audit of IRS' fiscal year 1998 financial
statements and in related testimony before Congress, we reported
that serious control weaknesses continue to exist,1 and that these
weaknesses result in our continuing to identify IRS financial
management as a high risk area.2 This report addresses internal
control and compliance issues related to IRS' custodial
activities, which include collecting federal tax revenues,
refunding tax overpayments, and pursuing collection of amounts
owed. It is one of several reports relating to specific issues we
identified in our fiscal year 1998 audit.3 With regard to these
custodial activities, this report discusses (1) previously
reported internal control and compliance issues 1Financial Audit:
IRS' Fiscal Year 1998 Financial Statements (GAO/AIMD-99-75, March
1, 1999) and Internal Revenue Service: Results of Fiscal Year 1998
Financial Statement Audit (GAO/T-AIMD-99-103, March 1, 1999). 2See
High Risk Series: An Update (GAO/HR-99-1, January 1999). 3We will
also be issuing separate reports related to financial management
of IRS' administrative operations and its computer security.
Letter Page 1 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 and related
recommendations,4 (2) new issues identified during our fiscal year
1998 financial audit,5 along with new recommendations to address
those issues, and (3) additional issues identified from our
ongoing fiscal year 1999 financial audit. Results in Brief
IRS continues to have a broad range of serious internal control
weaknesses that have resulted in disbursements of fraudulent and
other questionable tax refunds, unnecessary burden to taxpayers
resulting from taxpayer receipts stolen by IRS employees, and
errors or delays in posting payments to taxpayer accounts. These
control weaknesses fall into five major areas: (1) unpaid
assessments, (2) security over receipts and taxpayer information,
(3) refunds and earned income tax credits, (4) revenue reporting
and distribution, and (5) financial reporting. Some weaknesses
are long-standing, having been reported since our first audit of
IRS' financial statements in fiscal year 1992.6 In addition, we
have found that some weaknesses are more pervasive than we
previously reported. For example, we have now found weaknesses
over the security of receipts and taxpayer information in varying
degrees at all 10 IRS service centers, at other IRS offices, and
at banks that process taxpayer receipts for IRS. Until IRS
corrects these weaknesses-such as ensuring that taxpayer accounts
are properly credited for payments made-these conditions will
adversely impact IRS' ability to provide quality customer service.
Weaknesses in the areas we identified include the following: *
Unpaid tax assessments. IRS does not have a detailed list, or
subsidiary ledger, which tracks and accumulates unpaid assessments
and their status on an ongoing basis. As a result, IRS is unable
to properly manage its unpaid assessments. Deficiencies in IRS'
systems that track 4See Financial Audit: Examination of IRS'
Fiscal Year 1997 Custodial Financial Statements (GAO/AIMD-98-77,
February 26, 1998), Internal Revenue Service: Immediate and Long-
Term Actions Needed to Improve Financial Management (GAO/AIMD-99-
16, October 30, 1998), Excise Taxes: Internal Control Weaknesses
Affect Accuracy of Distributions to the Trust Funds (GAO/AIMD-99-
17, November 9, 1998), and Internal Revenue Service: Physical
Security Over Taxpayer Receipts and Data Needs Improvement
(GAO/AIMD-99-15, November 30, 1998). 5See Financial Audit:
Examination of IRS' Fiscal Year 1998 Financial Statements
(GAO/AIMD-99-75, March 1, 1999). 6See Financial Audit:
Examination of IRS' Fiscal Year 1992 Financial Statements
(GAO/AIMD-93-2, June 30, 1993) and Financial Management:
Important IRS Revenue Information is Unavailable or Unreliable
(GAO/AIMD-92-22, December 21, 1993). Letter Page 2
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 unpaid assessments have resulted in pursuit and collection
of amounts from taxpayers that had already been paid. * Security
over receipts and taxpayer information. IRS' internal controls do
not adequately safeguard assets such as cash, checks, and
sensitive taxpayer information from loss or theft. For example,
in at least six of the service centers, delays in background
investigations resulted in employees being hired and handling
receipts and taxpayer information before the results of background
checks were available. According to IRS, at four of these service
centers, background check results disclosed that 273 (5 percent)
of approximately 5,400 employees hired to handle taxpayer data
and/or receipts, had falsified key information on their
applications. Of the 273 employees, 64 (23 percent) had
significant unsuitable backgrounds, such as criminal convictions,
which resulted in their termination or forced resignation. As
late as March 1999, background investigations were still pending
on some employees hired in fiscal year 1998 and still working for
IRS-about 5 months after the end of the fiscal year. * Refunds and
earned income tax credits. IRS continues to lack adequate
preventive controls to effectively reduce the risk of issuing
inappropriate refunds. For example, in our fiscal year 1998
audit, we continued to find some refunds that should not have been
issued. These weaknesses in preventive controls over refunds are
further exacerbated by high amounts of invalid earned income tax
credit claims. * Revenue reporting and distribution. IRS cannot
routinely track and report amounts collected for Social Security,
Hospital Insurance, individual income taxes, and excise tax-
related trust funds. Although IRS recently changed its method of
distributing excise tax receipts to comply with the law, the new
method is complex, cumbersome, and prone to significant error.
For example, as a result of an IRS error in the certification
process, all excise tax-related trust funds received understated
amounts of distributions. For the Highway Trust Fund, this error
was $92 million. IRS corrected these errors once we brought them
to its attention. * Financial reporting. We continued to find
that IRS' general ledger for custodial activities cannot routinely
generate reliable and timely financial information for management
decision-making. IRS' financial systems do not conform to the
U.S. Government Standard General Ledger and material balances are
not supported by subsidiary ledgers. Due to these weaknesses, IRS
systems do not comply with the Federal Financial Management
Improvement Act (FFMIA) of 1996, which requires that financial
management systems comply with federal accounting and systems
standards. Page 3 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 IRS has acknowledged the
seriousness of its financial management problems and the
Commissioner has committed to making necessary improvements.
Although some needed improvements can be achieved in the short
term, we recognize that for many weaknesses, systems modernization
will need to be part of a long-term solution. IRS has begun-and
in some cases, completed-actions to address some of these
problems. For example, in the short term, IRS is developing and
implementing various security procedures to better safeguard cash,
checks, and taxpayer data. These procedures include purchasing
and installing equipment that, if properly linked with the FBI,
will provide fingerprint check results before new employees report
to duty. However, we recognize that addressing other critical
recommendations, such as the system deficiencies affecting IRS'
ability to effectively manage and report on its unpaid
assessments, will require system modifications that could take
years to fully implement. Such long-term efforts will require
sustained senior management commitment in order for IRS to have
sound financial management. To help IRS accomplish these changes,
we are making several recommendations on the newly reported
issues. IRS acknowledged the magnitude of its system deficiencies
and internal control weaknesses in comments on this report. It
noted that it was working on many of the matters that can be
addressed in the short term, but recognized the long-term
challenges posed by many of these issues and the need to factor
them into its system modernization plans. Background IRS is
responsible for collecting federal tax revenues, refunding tax
overpayments, and pursuing collection of amounts owed. In fiscal
year 1998, IRS collected nearly $1.8 trillion in tax revenues,
issued $151 billion in tax refunds, and had net taxes receivable
at fiscal year-end of $26 billion. Although most of the $1.8
trillion in revenue was collected by intermediaries such as
financial depository institutions and transferred directly to the
Treasury general fund, IRS offices and lockbox banks7 collected
$356 billion in fiscal year 1998. These IRS offices include 10
service centers nationwide that have collection, refund and
enforcement responsibilities, as well as district and post-of-duty
offices that IRS has 7A lockbox bank refers to a commercial bank
with a designated post office box to which taxpayers are
instructed to mail their payments and related tax documents.
These lockbox banks process the documents, deposit the payments,
then forward the documents and data to the service centers to
update taxpayers' accounts. Page 4 GAO/AIMD-99-
193 IRS Custodial Financial Management Weaknesses B-282731
established to assist taxpayers and perform collection and
enforcement activities. Ten commercial lockbox banks also receive
and process taxpayer receipts, then forward the tax data to IRS
for input and processing.8 Fiscal year 1997 marked the first time
we were able to conclude that financial information, as presented
in IRS' custodial financial statements, was reliable. For fiscal
year 1998 we again concluded that IRS' tax revenues, refunds, and
net taxes receivable were reliable.9 However, in both years, we
were able to reach this conclusion only after IRS applied
extensive ad hoc programming and analysis to its financial
information, resulting in material adjustments to derive reliable
amounts and balances for its tax administration activities
reported in the financial statements. These extensive procedures
are needed to compensate for chronic system deficiencies that
prevent IRS from having custodial information readily available
for routine use, reporting, and decision-making. Objectives,
Scope, and The objectives of this report are to (1) discuss
previously reported internal Methodology
control and compliance issues and related recommendations, (2)
present new issues identified during our fiscal year 1998
financial audit, along with new recommendations to address those
issues, and (3) present additional issues identified from our
ongoing fiscal year 1999 financial audit. Appendix I provides
further details on our scope and methodology. We conducted our
work from April 1998 through April 1999 in accordance with
generally accepted government auditing standards and Office of
Management and Budget (OMB) Bulletin 98-08. We requested comments
on a draft of this report from the Commissioner of Internal
Revenue or his designee. The Commissioner's designee provided us
with written comments, which are discussed in the "Agency Comments
and Our Evaluation" section and reprinted in appendix III.
8Treasury's Financial Management Service contracts with such banks
on IRS' behalf. 9During fiscal year 1998, IRS combined the
financial reporting of its administrative and custodial
activities, which had previously been reported and audited
separately, into a single set of principal financial statements.
This required IRS to include both administrative and custodial
activities on its balance sheet. Our opinion on the statement of
custodial activity was unqualified. However, our opinion on the
balance sheet was qualified due to administrative issues, not
custodial issues. These administrative issues will be covered in
a separate report. Page 5 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 Significant
Weaknesses IRS continues to lack controls to ensure effective
management and Continue to Hinder
accurate reporting of unpaid assessments.10 For example, IRS does
not have a subsidiary ledger which tracks and accumulates unpaid
assessments IRS' Ability to Manage and their status on an ongoing
basis, the absence of which adversely affects Unpaid Assessments
its ability to effectively manage and accurately report these
assessments. As a result, it cannot readily prevent or detect
errors in the accounts of taxpayers that owe such assessments. In
some instances, this can result in taxpayers being pursued for
amounts that have already been paid; in other instances, it can
result in lost revenue to the government. Table 1 summarizes the
weaknesses we identified related to unpaid assessments, both in
the past and in our most recent work along with their effect and
IRS' actions to address these issues. Table 1: Internal Control
and Compliance Issues Related to Unpaid Assessments Internal
control/compliance issues and effects
IRS actions to address issues Issues previously reported Issue:
IRS lacks a subsidiary ledger to track and accumulate
IRS action: IRS plans to implement a new subsidiary ledger unpaid
assessments. To compensate, it must use ad hoc programs system
as part of its systems modernization effort. In the to classify
the categories of its unpaid assessments for the annual meantime,
IRS must continue to use its ad hoc programs to prepare financial
statements.
its financial statements. Effect: IRS cannot routinely
distinguish categories of taxes due GAO response:
Weaknesses will continue to exist in this area until and their
status.
an effective subsidiary ledger is established. Issue: Key IRS
systems are not linked to ensure that all parties IRS
action: IRS issued directives to service center staff to reiterate
liable for particular assessments receive proper credit for
payments that they must manually eliminate assessments that have
already against those assessments.
been paid from all taxpayer accounts. Effect: GAO has found
taxpayers were erroneously pursued for GAO
response: Based on our fiscal year 1998 audit results, IRS'
nonpayment or had liens placed on their property even though the
efforts to manually fix these problems were ineffective. Unless
IRS liability had already been paid.
is able to develop effective solutions, these problems will likely
continue. Issue: IRS had problems locating adequate supporting
documents IRS action: IRS does not plan to implement our
previous for individual unpaid balances.
recommendation to establish checklists for collection documents
until January 2001. Effect: IRS may find it difficult to identify
and focus collection GAO response: While some
improvements were noted, we found efforts on cases most likely to
be collectible. This condition also IRS still had
trouble providing support for bankruptcy, nonestate makes it
difficult to assess the classification and collectibility of
installment agreement, and older cases. Weaknesses will likely
unpaid assessments.
continue in this area until further corrective action is taken.
(continued) 10Unpaid assessments consist of amounts for which (1)
IRS can support the existence of a receivable through taxpayer
agreement or a favorable court ruling (federal taxes receivable),
(2) neither the taxpayer nor the court has affirmed that the
amounts are owed (compliance assessments), and (3) IRS does not
expect further collections due to factors such as the taxpayer's
death, bankruptcy, or insolvency (write-offs). Page 6
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 Internal control/compliance issues and effects
IRS actions to address issues Newly reported issuesa Issue:
Delays are occurring in posting trust fund recovery penalty IRS
action: IRS has not identified plans to address this issue. tax
assessments to taxpayer accounts.
GAO response: We will follow-up on this issue as part of our
audit Effect: Such delays have resulted in refunds being issued to
of IRS' fiscal year 1999 financial statements. taxpayers that have
an outstanding tax liability. Issue: IRS does not ensure that
installment agreements with IRS action: IRS
issued a memorandum and guidance for revenue taxpayers fully
satisfy outstanding tax liabilities.
officers to reiterate that new installment agreements must fully
satisfy the tax liability. Effect: IRS is not in compliance with
the Internal Revenue Code, GAO response: We will
follow-up on this issue as part of our audit Section 6159.
of IRS' fiscal year 1999 financial statements. aThese consist of
internal control or compliance issues first reported in our report
on IRS' fiscal year 1998 financial statements, see GAO/AIMD-99-75,
March 1, 1999. As the table shows, problems in managing and
reporting unpaid assessments are pervasive. Typically, an
entity's accounts receivable balances would be supported by
detailed records, listings, or a subsidiary ledger of individual
amounts. To compensate for the lack of an unpaid assessment
subsidiary ledger, IRS uses ad hoc programs that extract data from
the tax master files-its database of taxpayer information. These
programs classify such assessments into the three categories
needed for financial reporting: taxes receivable, compliance
assessments, and write-offs. However, as in past years, the
results still required significant adjustments totaling tens of
billions of dollars before taxes receivable could be reliably
reported on the balance sheet.11 This is due in part to the fact
that, lacking detailed records, IRS can only determine the amounts
for each category by projecting the results of a statistical
sample of its unpaid assessments. Figure 1 shows the level of
adjustments needed in fiscal year 1998 to arrive at reliable,
auditable amounts for each category of unpaid assessments. Until
IRS makes significant improvements in its systems, large
adjustments will continue to be necessary to properly classify
unpaid assessments due to IRS' reliance on ad hoc procedures and
projections. 11In accordance with Statement of Federal Financial
Accounting Standards (SSFAS) No. 7, taxes receivable is the only
category of unpaid assessments that is included on the balance
sheet. Page 7 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 Figure 1: Comparison of
Unpaid Assessments Before and After Audit Adjustments as of
September 30, 1998 Billions of Dollars 119 120 110 100 81
83 80 60 54 40 22 20 0 Taxes
Compliance Write-offs receivable Before Audit
Adjustments After Audit Adjustments Note: The adjusted balance of
taxes receivable presented represents the gross taxes receivable
(does not include the allowance for doubtful accounts). Also note
that the total unadjusted unpaid assessment balance of $247
billion reflected in this figure was adjusted to $222 billion, due
primarily to duplicate assessments and errors. Source: IRS master
files and IRS fiscal year 1998 financial statements. The
subsidiary ledger weakness is particularly illustrative of the
need to make changes, because it continues to have direct
consequences on taxpayers. The consequences we identified
primarily involved a type of assessment called a trust fund
recovery penalty (TFRP) assessment. This assessment occurs when a
business does not pay IRS the payroll taxes12 that have been
withheld "in trust" on behalf of the federal government from
employee wages. Each officer of a business can be individually
liable for the amounts withheld from employees, provided the
officers are found willful and responsible for the nonpayment of
these taxes. To collect these 12Payroll tax withholdings are
comprised of individual income tax withholdings and employer and
employee withholdings for the Federal Insurance Contribution Act
(FICA), which include Social Security and Hospital Insurance
taxes. Page 8 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 taxes, IRS can assess
several business officers individually for the amounts withheld
from employees but not paid to the government. However, while
these trust fund recovery penalty assessments can be recorded
against several officers in addition to maintaining the original
taxes owed by the business, IRS can collect the amount owed only
once. In our fiscal year 1997 audit, we reported that TFRP
payments were not accurately recorded to reflect each responsible
party's tax liability reduction in more than half of the cases we
reviewed. In some cases, this resulted in the withholding of
refunds due to certain taxpayers and liens remaining on taxpayers'
personal properties even though the liabilities had already been
paid in full. Similarly, we found in this year's audit that in 56
of 106 cases (53 percent) reviewed involving TFRP assessments for
unpaid payroll and excise tax withholdings, payments were not
accurately recorded to reflect each responsible party's tax
liability reduction. Conversely, we also found for fiscal year
1998 that delays in posting the TFRP assessments to all the
related parties resulted in refunds being issued to taxpayers
before they could be offset against amounts owed. We found
instances where such assessments were not made for several years.
For example, in one case, an officer of a bankrupt business-who
was also later found liable for a portion of the business's unpaid
payroll taxes- received two refunds totaling almost $10,000 during
the first 38 months after the business defaulted on its payroll
taxes. This occurred because the officer was not assessed for the
employee portion of the unpaid payroll taxes until 40 months after
the taxes were first due. In another case, the officers of a
bankrupt business were not assessed a TFRP until 54 months after
the first period in which the payroll taxes were due. Refunds
issued to two officers totaling almost $4,000 were issued 48
months after the business defaulted on its payroll taxes. These
refunds could have been offset against outstanding tax liabilities
if IRS had more quickly identified and recorded these TFRP
assessments to the taxpayers' accounts. For the weaknesses we
previously identified, IRS has taken some corrective actions and
other actions are planned.13 For example, we noted some
improvements in the documentation supporting its unpaid
assessments and in its ad hoc computer programs for extracting
master file data for the financial statements. However,
improvements in other areas 13See appendix II for a specific list
of all pertinent recommendations from previous audits and the
status of IRS' actions to address them, i.e., recommendations 2
through 8. Page 9 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 will not occur
for many years. Specifically, significant improvements will not
be possible until a subsidiary ledger with appropriate links
between related TFRP assessments and payments is established, an
action IRS currently has no firm plans to implement. Our work
showed that over 185,000 taxpayers have 237,000 TFRP assessments
and that over 50 percent of TFRP cases reviewed had errors in
crediting payments for related accounts. Until IRS can greatly
improve the accuracy of its individual unpaid assessments, many
taxpayers will continue to be vulnerable to unwarranted collection
actions. In addition, the government will continue to be
vulnerable to a preventable loss of revenue from issuing refunds
to taxpayers that owe taxes. As noted in a prior GAO report,14
the significance and magnitude of this problem requires interim
solutions to address these issues, even if such solutions require
manual procedures, such as manually cross-linking taxpayer data.
Our fiscal year 1998 audit also disclosed that IRS did not have
procedures in place to ensure that installment agreements for
repaying tax assessments provide for payment of the full amount of
taxes due, as required by Section 6159 of the Internal Revenue
Code. Our detailed testing of 93 installment agreements showed
that in 48 cases (52 percent), the installment agreement terms did
not provide for the full payment of the taxes due prior to the end
of the statutory collection period (generally 10 years). In one
case, the installment agreement required the taxpayer to pay $25 a
month toward an outstanding tax liability of over $16 million. At
the end of the statutory collection period, such payments would
have totaled $1,625, far less than 1 percent of the amount due.15
In another instance, the installment agreement would result in
repayment of $65,450 of a $1.5 million amount due (4 percent).
IRS began addressing this weakness during fiscal year 1998, first
by issuing a March 1998 memorandum reiterating that under any new
installment agreement, the taxpayer must fully satisfy the tax
liability, and second by issuing new guidelines in August 1998.
However, IRS does not have monitoring procedures in place to
ensure that the new guidelines are being followed across the
country. We will assess the success of these corrective actions
during our fiscal year 1999 audit.16 14GAO/AIMD-99-16, October 30,
1998. 15The amount due includes the original tax liability plus
penalties and interest. 16Previous recommendations related to
unpaid assessments are listed in appendix II, recommendations 2
and 5 through 8. Page 10 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 Recommendations
To address delays in posting trust fund recovery penalty
assessments, we recommend that IRS analyze and determine the
factors causing delays in processing and posting all such
assessments. Once these factors have been determined, we
recommend that IRS develop procedures to reduce the impact of
these factors to ensure timely posting to all applicable accounts
and proper offsetting of refunds against unpaid TFRP assessments
before issuance. To ensure compliance with Section 6159 of the
Internal Revenue Code, we recommend that IRS identify and
institute procedures to monitor compliance of installment
agreements. Such monitoring should ensure that the installment
agreements provide for full payment of the taxes owed. For
example, management could randomly select installment agreements
from all of its units to review for compliance with the code.
Inadequate Controls As we have previously reported,
IRS' controls over cash, checks, and Over Manual Tax
related hard-copy taxpayer data it receives from taxpayers are not
adequate. We recognize that because receipts and taxpayer data
are Receipts and Taxpayer inherently vulnerable, some thefts are
inevitable. However, while IRS has Information
made some improvements, further actions and policy changes are
needed to mitigate risks. In addition, consistent implementation
of new and existing policies will require regular headquarters
follow-up and monitoring. We previously reported our findings in
this area with regard to several service centers and district
offices visited, but we have subsequently identified similar
conditions in varying degrees at all 10 service centers,
additional district offices, IRS post-of-duty offices, and at
commercial lockbox banks. The pervasiveness and sensitivity of
this condition emphasizes the need for IRS to act quickly and
aggressively to properly safeguard assets and protect taxpayer
data. The potential for loss and taxpayer burden can be seen in
the number of employee theft-related investigations opened by IRS
in fiscal years 1997 and 1998-specifically, 56 cases involving
actual or alleged theft of about $1 million in receipts at IRS
field offices and lockbox banks, and another 100 cases in which
the amount was not quantified. Because some thefts have likely
gone unidentified or undetected, actual losses may be much
greater. Table 2 summarizes the weaknesses we identified in this
area, both in the past and in our most recent work with their
effects and IRS' actions to address these issues. Page 11
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 Table 2: Internal Control Issues Related to Manual
Receipts and Taxpayer Data Internal control issues and effects
IRS actions to address issues Issues previously reported Issue:
Service centers had insufficient controls to deter employee IRS
actions: IRS is studying potential deterrents. While some theft of
receipts and data in receipt processing areas. For example,
service centers have lockers for receipt-processing staff to store
there were no surveillance cameras and employees were allowed
personal items, IRS is currently conducting space feasibility
studies to bring in personal belongings such as purses and
lunchboxes that at others. According to IRS, based on the
results of the feasibility could be used to conceal receipts.
studies, a plan will be initiated by December 1999. Effect: Such
weaknesses increase the exposure of IRS and GAO
response: IRS continues to lack surveillance cameras in its
taxpayers to loss or theft.
receipt processing areas and the availability of lockers and
enforcement of their use is inconsistent. Issue: Mail containing
cash and checks was received and opened IRS actions: IRS issued a
policy in November 1998 to require all outside controlled areas.
mail, except confidential mail, to be routed through the receipt
processing function. Effect: Uncontrolled areas are more
vulnerable to loss or theft of GAO response: Follow-up is planned
for fiscal year 1999. receipts and taxpayer data. Issue: Tax
payments were received by personnel, such as security IRS
actions: IRS issued a policy in December 1998 requiring that
guards, that are not authorized to accept payments.
service center deposit units be contacted when security guards and
unauthorized personnel are approached by taxpayers with Effect:
Receipts are vulnerable to theft or loss.
payments. GAO response: Based on our visits to service centers,
security guards and other unauthorized personnel do not accept
payments. Issue: Delays in obtaining fingerprint and background
information IRS actions: IRS purchased and installed 27
fingerprinting on IRS employees allowed staff with previous
convictions, and machines compatible with FBI's systems
and expects FBI to fully unsuitable backgrounds, to process
taxpayer receipts and data. implement the system by July
1999. IRS expects the fingerprint system to improve the
timeliness of fingerprint results. It expects to Effect: Receipts
and taxpayer data are at unnecessary risk of theft. have these
measures in place for the 2000 filing season. GAO response: In
April 1999, we visited some sites and saw that the new
fingerprinting machines had been installed. We will perform
further follow-up for fiscal year 1999 to determine whether IRS
has fully interfaced its fingerprinting machines with the FBI's
system. Issue: Daily deposits, which may total hundreds of
millions of IRS actions: IRS issued a directive in April
1999 that requires dollars, are transported to banks via unarmed,
unescorted couriers offices to use bonded couriers with locked,
enclosed vehicles to in unsecured vehicles and on bicycles.
deliver tax receipts. IRS reported it is also upgrading service
center requirements to include the use of armed couriers and plans
to Effect: Such security does not adequately protect deposits and
have all field offices send tax receipts by overnight mail to
sensitive taxpayer data from theft while in transit.
designated service centers by August 1999. GAO response: Follow-up
was performed in April 1999. Although this new policy was issued,
we found that it had not been fully implemented. We will perform
additional follow-up for the fiscal year 1999 financial statement
audit. (continued) Page 12 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 Internal
control issues and effects
IRS actions to address issues Issue: Service centers and district
offices stored receipts and IRS actions: IRS is
developing plans to address most of these taxpayer data in
unsecured areas or in open containers.
issues, such as (1) ensuring that each service center has
appropriate containers to secure unmatched checks by August
Effect: IRS and taxpayers are exposed to potential losses and
1999 and (2) developing guidelines requiring district offices to
fraud.
maintain receipts in locked containers. GAO response: Follow-up is
planned for fiscal year 1999. Newly reported issues Issue:
Inadequate internal controls similar to those previously
IRS actions: IRS has issued a new policy regarding the identified
were also found at post-of-duty offices, such as storage of
safeguarding of receipts at district and post-of-duty offices.
receipts and taxpayer data in unsecured areas or in open
containers.
GAO response: Follow-up was performed in April 1999. Although
this new policy was issued, we found that it had not been fully
Effect: IRS and taxpayers are exposed to potential losses and
implemented. We will perform additional follow-up for the fiscal
fraud.
year 1999 financial statement audit. Issue: Inadequate internal
controls similar to those previously IRS actions: IRS
has not yet reported plans to address lockbox identified were also
found at lockbox banks, including use of banks.
unarmed, unsecured couriers for transporting checks and taxpayer
data, and receipt processing staff starting work prior to
completion of fingerprint or background checks. Effect: IRS and
taxpayers are exposed to potential losses and fraud. Issue:
Additional weaknesses were identified related to courier
IRS actions: As discussed above, IRS issued a directive in April
security. For example, one service center included cash in its
1999 regarding improvements to be made to courier security.
deposits and one post-of-duty office used an IRS employee to
deliver its receipts with no audit trail to track that the
receipts were deposited. Also, deposits at one district office
were transported on foot. Effect: IRS and taxpayers are exposed
to potential losses and fraud. Issue: IRS' procedures for
accepting walk-in payments at service IRS actions: IRS has not
yet reported plans to address these centers do not adequately
protect taxpayer receipts and data from issues. loss. Generally
receipts are not prepared and provided to taxpayers and payments
are not logged in to ensure completeness of receipts and to
reconcile to deposits. Effect: IRS and taxpayers are exposed to
potential theft or loss. Issue: Scope of background checks
required of lockbox employees IRS actions: IRS has not yet
reported plans to address these was inconsistent and less than
that required of IRS employees. issues. Effect: IRS
and taxpayers are exposed to potential theft or loss. Issue: One
district office staff was unaware of fingerprinting
IRS actions: According to IRS district office management, all
staff requirements for applicants. As a result, some temporary
involved with fingerprint and background checks were informed of
employees were hired without fingerprint checks.
correct procedures. Effect: IRS and taxpayers are exposed to
potential theft or loss. GAO response: Follow-up is
planned for fiscal year 1999. Issue: Employees at one post-of-
duty office were not aware of IRS actions:
According to IRS post-of-duty management, requirement to overstamp
checks made out to "IRS" or were not responsible
employees were reminded of the policy. doing so promptly.
GAO response: Follow-up is planned for fiscal year 1999. Effect:
IRS and taxpayers are exposed to potential theft or loss. Page 13
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 Many of our findings in this area stem from our fiscal year
1997 audit work. We subsequently identified additional findings
during a review of controls over receipts and taxpayer data at
selected service centers and district offices during the April
1998 peak filing season. We issued a separate report17 on these
latter findings in November 1998. However, additional testing we
conducted to complete our fiscal year 1998 audit, as well as work
performed as part of our ongoing fiscal year 1999 financial audit,
showed that more weaknesses existed at other service centers,
district and post-of-duty offices, and lockbox banks. These
weaknesses increase the vulnerability of receipts and taxpayer
information to theft, fraud, or loss to both taxpayers and the
government. Specifically, we have identified the following
weaknesses relating to background checks at IRS offices and
lockbox banks. * In at least six service centers, delays in
background investigations resulted in employees being hired and
processing receipts and taxpayer data before the results of their
fingerprint/background checks were completed. According to IRS, at
four of these service centers, background check results disclosed
that 273 (5 percent) of about 5,400 employees hired to handle
taxpayer data and/or receipts had falsified key information on
their applications. Of the 273 employees, 64 (23 percent) had
significant unsuitable backgrounds, such as criminal convictions,
which resulted in their termination or forced resignation. As late
as March 1999, background investigations were pending on some
employees hired in fiscal year 1998 and still working for IRS-over
5 months after the end of the fiscal year. Similarly, temporary
employees at lockbox banks were also hired and handling receipts
and taxpayer data before the results of their background or
fingerprint checks were received. * At one district office, one
staff responsible for fingerprint checks was not aware that IRS
requires temporary employees to be fingerprinted. As a result, 14
temporary employees hired during fiscal year 1999 were not
initially fingerprinted. * At lockbox banks, we found that the
scope of background checks required of lockbox employees was
inconsistent among the banks and was less than that required of
IRS employees. For example, one lockbox bank performed background
checks that encompassed only the county in which the temporary
employees currently reside while at another lockbox bank, the
scope of background checks for temporary 17GAO/AIMD-99-15,
November 30, 1998. Page 14 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 employees
included the entire state. In contrast, IRS temporary employees
are subject to nationwide background checks. We found that this
inconsistency was due to ambiguous language contained in the
standard statement of work for the lockbox banks regarding
background checks for employees, which was thus subject to
differing interpretations by the banks. Another pervasive control
weakness was the inadequate security over deposits and taxpayer
data transported to banks and service centers. In our earlier
report on conditions during the peak period of the 1998 filing
season, we reported that at four service centers we visited,
unarmed couriers working alone picked up deposits-$100 million to
$200 million twice a day-for transporting to a bank for deposit.
Some of these deposits were left in unsecured, unattended
vehicles. Subsequent audit work identified similar weaknesses at
additional locations. For example, * At one service center, the
courier did not have credentials identifying him as the authorized
courier. He picked up receipts that included cash18 and drove off
in a car with family members who were not authorized to pick up
receipts. * At a district office, one courier picked up the
deposit and walked a block away to await the arrival of a second
courier. During our observation, the courier waited 20 minutes
for the second courier to arrive and, for a time, was joined by
another individual. When the second courier arrived in a marked
courier company truck, the first courier handed him the deposit
for delivery to the bank. IRS did not oversee this transfer to
the second courier, nor was the transfer documented. When the
second courier delivered the deposit, the receipt provided by the
bank did not document the amount of the deposit nor any other
identifying information to enable IRS to verify the bank received
the deposit intact. According to IRS, the district's deposits
average about $500,000 to $1 million per day during the nonpeak
season. * At another district office, a deposit of $4.5 million
was handed by IRS to a courier who walked the deposit two blocks
to where his bicycle was parked. The courier then waited for
about 20 minutes for another courier driving an unmarked pickup
truck. The first courier loaded his bicycle onto the truck and
waited in the truck with the deposit until the 18Other service
centers we visited converted cash to a cashier's check before
preparing the deposit or used an armored courier to transfer cash
deposits. Page 15 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 second courier returned
from briefly delivering a package. The two couriers then
departed. According to the bicycle courier, the second courier
later stopped to let him out of the truck and then proceeded to
the bank with the IRS deposit. * At one lockbox bank, a substitute
courier who did not wear a uniform, was unknown by bank staff, and
who did not present or display any identification, was able to
bypass several layers of security to obtain unescorted access to
the receipt processing area. Within this area, the courier was
allowed to load boxes of mail containing taxpayer returns destined
for an IRS service center without being questioned or asked for
identification. Additional weaknesses or problems we identified
include the following. * At some district and post-of-duty offices
we visited, receipts and taxpayer information received by revenue
officers and examiners were kept in open containers or in unlocked
file cabinets in the customer service walk-in work area, easily
accessible to unauthorized employees and in some instances, to the
general public. * At one post-of-duty office, checks made out to
"I.R.S." were not overstamped with "Internal Revenue Service" or
"United States Treasury" to prevent alteration. IRS staff were
either not aware of this requirement or were not performing it
promptly. For those control weaknesses identified in earlier
reports, we made recommendations that IRS generally agreed with
and has either implemented or made plans to implement. For
example, IRS recently issued a policy prohibiting guards and other
unauthorized personnel from receiving payments. However, the new
policy does not require that more than one person receive walk-in
payments and, except for cash, does not require that receipts be
logged. Also, IRS only requires service center staff to provide
receipts to taxpayers making walk-in payments by cash, not for
check or money order payments. In addition, IRS does not post
signs informing taxpayers to request receipts. We will be
following up during our fiscal year 1999 audit on additional
actions IRS is taking to address our recommendations.19 19Previous
recommendations and IRS' actions to date related to physical
security over manual tax receipts and taxpayer information are
listed in appendix II, recommendations 9 through12 and 20 through
35. Page 16 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 IRS has also taken other
steps to improve controls over receipts and taxpayer data. As we
reported last year, in one scheme, a check made out to "IRS" was
altered to a fraudulent payee-"I. R. Smith."20 For the 1999 tax
filing season, IRS revised its form 1040 instructions to instruct
taxpayers to make tax payment checks payable to "United States
Treasury." This change in payee should reduce IRS' vulnerability
to stolen checks being altered. To further prevent fraud and
theft, IRS has purchased and installed fingerprinting machines
compatible with FBI's system at 17 sites including all 10 service
centers and 7 other IRS offices. According to IRS officials, the
system is expected to improve turnaround time for fingerprint
checks. These same officials stated that IRS is waiting for the
FBI to complete the implementation of the system by July 1999.
Recommendations To address weaknesses in controls over taxpayer
data and receipts at IRS district offices and posts-of-duty, we
recommend that IRS expand the current review of service center
deterrent controls to include similar reviews of controls at IRS
district offices and posts-of-duty in areas such as courier
security, safeguarding of receipts in locked containers,
requirements for fingerprinting employees and requirements for
promptly over-stamping checks made out to "IRS" with "Internal
Revenue Service" or "United States Treasury." Based on the
results, IRS should make appropriate changes to strengthen its
controls at these locations. To improve controls at IRS lockbox
banks, we recommend that IRS work with Treasury's Financial
Management Service (FMS) to revise the current lockbox contracts
to specifically require that: * background checks be completed
before employees begin working; * temporary employees be subjected
to background checks that are consistent with those required of
IRS employees; and * taxpayer data and receipts in transit from
the lockbox banks are appropriately protected. To reduce the
vulnerability of walk-in payments to being lost or stolen, we
recommend that IRS require service center staff to provide
receipts to all walk-in taxpayers regardless of the method of
payment. In addition, IRS should post signs reminding taxpayers
to request receipts. At service centers not normally equipped to
receive walk-in payments, all receipts 20GAO/AIMD-99-16, October
30, 1998. Page 17 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 should be logged in to
ensure completeness and accuracy of receipts and deposits. Weak
Preventive We recognize that the
high volume and nature of refund activity makes it Controls Over
Refunds impossible to completely eliminate the risk that
inappropriate refunds are issued. However, IRS continues to lack
adequate preventive controls to and Earned Income
mitigate the risk of inappropriate refund payments. In addition,
earned Tax Credits Increase income tax
credits (EITC) continue to be vulnerable to high rates of invalid
Risk of Inappropriate claims. Although
IRS has detective (postrefund) controls in place, the lack of
adequate preventive controls over these areas unduly exposes the
Payments government to
potentially significant losses if refunds are made inappropriately
or revenue owed the government is inappropriately reduced by
invalid claims. Table 3 summarizes the weaknesses we identified
related to refund processing controls, along with their effects
and IRS' actions to address these issues. Table 3: Internal
Control Issues Related to Refunds and Earned Income Tax Credit
Claims Internal control issues and effects
IRS actions to address issues Issues previously reported Issue:
IRS does not compare tax returns with W-2 and other third IRS
action: IRS has not performed a cost-benefit analysis of party
data at time of filing and instead relies on a comparison
manually comparing W-2 and other third party information to tax
several months later to detect differences.
returns at the time the returns are received. According to IRS,
plans to automate this comparison at the time of filing would
require Effect: This has resulted in the issuance of
inappropriate refunds changes to the tax code and tax document
filing process.a or in reduced revenue to the government.
GAO response: The capability to perform an automated comparison is
still years away. As we previously recommended, IRS should
perform a comprehensive cost-benefit analysis to better determine
the actual costs and benefits of implementing preventive controls
in the short term. Issue: Gaps in internal controls between IRS'
manual and IRS action: IRS has plans to automate its
process for identifying automated refund processing systems
allowed duplicate refunds to and preventing potential duplicate
refunds which it expects to be paid.
complete in mid-1999. Effect: Such weaknesses resulted in
inappropriate refunds and GAO response: We will follow up on
this issue as part of our audit thus, financial losses to the
government. of IRS' fiscal year 1999
financial statements. (continued) Page 18 GAO/AIMD-
99-193 IRS Custodial Financial Management Weaknesses B-282731
Internal control issues and effects
IRS actions to address issues Issue: EITCs are vulnerable to high
rates of invalid claims. An IRS IRS action: IRS started a 5-year
compliance initiative to minimize review of 290,000 tax returns
with indications of errors or losses in this area.
This initiative is intended to increase taxpayer irregularities
found that $448 million of the $662 million in EITC
awareness, strengthen enforcement of EITC requirements, and claims
(68 percent) were invalid.
research sources of EITC noncompliance. Effect: Invalid EITC
claims may result in reduced revenue to the GAO response:
We will follow up on this issue as part of our audit government or
inappropriate refunds being issued. of
IRS' fiscal year 1999 financial statements. aAction Plan for GAO
Recommendations, A Report to Congress: The Internal Revenue
Service's Plans for Implementing Financial Statement Audit
Recommendations Made by the General Accounting Office, dated
January 8, 1999. Note: Weaknesses in controls over refunds
resulting from delays in posting trust fund recovery penalty
assessments were discussed previously in this report under unpaid
assessment issues. (See table 1.) Our recent work confirmed
continuing weaknesses were present in IRS procedures and systems
for issuing refunds to taxpayers. For example, gaps in controls
between IRS' automated and manual systems continue to make IRS
vulnerable to issuing duplicate refunds. In fact, we noted
several cases in which IRS procedures failed to prevent refunds
from being paid twiceone claim that was processed manually and one
processed through IRS' automated system. We also found instances
where delays in posting assessments resulted in IRS issuing
refunds to taxpayers that had unpaid tax assessments. Correcting
these internal control weaknesses as quickly as possible is
important because until they are corrected, the government's
exposure to fraud and financial losses is increased. For example,
IRS identified over $17 million in fraudulent refunds that had
been issued during the first 9 months of calendar year 1998.21
However, the full magnitude of fraudulent and other inappropriate
refunds is unknown. As we reported last year, significant levels
of invalid EITC claims further magnify the control weaknesses over
refunds.22 Most of IRS' efforts under its 5-year compliance study
to minimize losses from EITC claims have not progressed far enough
to make any judgment about their effectiveness. Therefore, we will
continue to monitor IRS' progress in resolving these issues during
our fiscal year 1999 audit.23 21IRS was unable to provide
information on the extent to which these fraudulent refunds were
recovered. 22GAO/AIMD-98-77, February 26, 1998. 23Previous
recommendations related to refunds are listed in appendix II,
recommendations 13 through14. Page 19 GAO/AIMD-
99-193 IRS Custodial Financial Management Weaknesses B-282731
IRS' Revenue IRS continues to be unable to
routinely track and report how much revenue Reporting and
has been collected for Social Security, Hospital Insurance, and
individual income taxes-three of the federal government's four
largest revenue Distribution Process sources. Also,
IRS is unable to timely report how much revenue has been Continues
to Be collected for the Highway Trust Fund and
other excise tax-related trust Inadequate and Prone funds. This
condition exists because the accounting information needed to
validate the taxpayer's liability and record the payment to the
proper trust to Error fund is provided on
the tax return, which is received months after the payment is
submitted rather than at the time of payment. Further, the
information on the return pertains only to the amount of the tax
liability, not the distribution of amounts previously collected.
This condition presents a number of reporting limitations with
respect to Social Security and Hospital Insurance taxes. For
example, payroll taxes collected on behalf of the federal
government are deposited in the general revenue fund of the
Department of Treasury, from which they are subsequently
distributed to the appropriate trust funds. This distribution is
based on employee wage information certified by the Commissioner
of the Social Security Administration (SSA), not on amounts
actually collected for payroll taxes. To the extent that annual
payroll tax collections are less than the actual tax liabilities,
the government's general revenue fund subsidizes the Social
Security and Hospital Insurance trust funds. The annual amount of
this subsidy is unknown because IRS cannot determine the specific
amount of revenue it actually collects for Social Security and
Hospital Insurance taxes.24 Having the capability to report
actual collections of significant taxes such as Social Security
would enable IRS to report information useful to interested
parties including the Congress. IRS' inability to timely track and
report how much revenue has been collected for excise tax-related
trust funds also presents operational issues for IRS and Treasury
in the distribution of excise tax receipts to these trust funds.
Because data are not available to allocate excise taxes to the
appropriate trust funds when deposits are made, the Department of
the Treasury uses a process that is complex, cumbersome, and prone
to error in order to distribute excise tax receipts to the
respective trust funds. 24As of September 30, 1998, the estimated
amount of unpaid taxes and interest in IRS' unpaid assessments
balance was approximately $38 billion for Social Security and
Hospital Insurance. While these totals do not include amounts no
longer in the unpaid assessments balance due to the expiration of
the statutory collection period, they nevertheless give an
indication of the cumulative amount of the subsidy provided from
the general fund. Page 20 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses B-282731 Table 4
summarizes the problems we identified in this area, both in the
past and in our most recent work, together with the effect and
IRS' actions to address these issues. Table 4: Internal Control
and Compliance Issues Related to Revenue Reporting and
Distribution Internal control/compliance issues and effects
IRS actions to address issues Issues previously reported Issue:
IRS is unable to routinely track and report actual revenue
IRS actions: IRS recently completed a study of the capabilities to
collected for specific trust funds and individual income taxes.
capture specific tax type/fee code information and is currently
analyzing the study's results. Effect: IRS must go through a
complex process to determine GAO response: We will
follow up on this issue as part of our audit (certify) the amounts
that should be distributed to the excise tax of IRS' fiscal
year 1999 financial statements. trust funds, and cannot separately
report the amount of revenue collected for Social Security,
Hospital Insurance, and individual income taxes. Issue: IRS
certified amounts to be distributed to excise tax trust IRS
actions: IRS developed a method to allocate excise tax funds based
on assessments rather than actual taxes collected.
collections to specific excise taxes and began using this
methodology in June 1998. Effect: IRS' certification process did
not comply with specific GAO response: The allocation
method now complies with the provisions of the law until June
1998. legal requirements;
however, we found it is still prone to error. Issue: IRS lacked
adequate controls over the excise tax IRS
actions: IRS has actions either planned, in process, or
certification process to detect taxpayer errors, data input
errors, and implemented to address most of these issues. errors
in preparing the certification.
GAO response: We will follow up on this issue as part of our audit
Effect: Excise tax trust funds may not receive the appropriate
of IRS' fiscal year 1999 financial statements. amount of excise
tax revenue. Newly reported issues Issue: IRS' controls did not
always ensure that tax returns were IRS actions: IRS is
determining the cause for posting delays and recorded timely.
plans to establish additional internal controls once the cause is
determined. Effect: The amounts initially distributed to excise
tax-related trust GAO response: We will follow up on this
issue as part of our audit funds may not be timely adjusted
through IRS' certification process. of IRS' fiscal year 1999
financial statements. Although IRS has taken some action, problems
remain in the excise tax area. For example, IRS developed a
method to allocate payments to specific excise taxes based on the
related records of payments received and the subsequently provided
tax returns. While this method allows IRS to comply with the law
for certifying excise taxes based on collections, IRS continues to
have difficulties certifying the amounts to be distributed to the
excise tax-related trust funds. Our fiscal year 1998 audit
continued to identify fundamental internal control weaknesses over
this process. For example, the new certification process allowed
some errors to remain undetected. Such errors included taxpayer
errors made in preparing excise Page 21 GAO/AIMD-
99-193 IRS Custodial Financial Management Weaknesses B-282731 tax
returns that were not detected and corrected by IRS when
processing the returns, IRS errors in inputting excise tax
information to its master files, and IRS erroneous omissions of
amounts from the quarterly certification that should have been
distributed to the trust funds. In the latter case, IRS
inappropriately subtracted certain amounts of all excise tax types
from the certification process for the quarter ended December 31,
1997, and, as a result, understated the amounts to be distributed
to all trust funds. We identified the amounts understated for
three trust funds: the Highway Trust Fund (understated by $92
million), Airport and Airways Trust Fund ($57 million), and Black
Lung Disability Trust Fund ($3 million). These errors occurred
even though there was evidence of supervisory review of the data
on the related certification documentation. Upon bringing these
errors to IRS' attention, they were corrected. Delays in posting
tax returns also resulted in misstatements of amounts certified.
Because specific tax type data are not available to allocate
excise taxes to the appropriate trust funds when deposits are
made, Treasury uses a process to estimate the initial distribution
of excise taxes. This process involves the use of economic models
prepared by the Office of Tax Analysis to estimate the initial
distribution of tax receipts. FMS uses these estimates to prepare
entries for the initial distribution to the trust funds, which are
then recorded by the Bureau of Public Debt (BPD) in the books and
records of the trust funds maintained by the Treasury. After the
initial distribution, IRS certifies quarterly the amounts that
should have been distributed to the excise tax-related trust funds
using its records of payments received and the subsequently
provided tax returns. FMS uses these certifications to prepare
adjustments to the initial trust fund distributions, which are
then recorded by BPD. However, in one quarter, we found that IRS
did not record all tax returns in time to include them in the
quarterly certification of the amounts that should be distributed
to the various funds. The amount IRS certified to the Highway
Trust Fund for the quarter ended June 30, 1998, included
approximately $590 million that was related to excise tax returns
from the previous quarter. IRS officials could not explain why
this occurred, but they identified at least one high-dollar tax
return which was not recorded in time to be included in the
certification for the quarter ended March 31, 1998. Although the
misstatement was corrected the following quarter (when the tax
return was recorded), the condition demonstrates that IRS'
certification process does not ensure that amounts distributed to
excise tax-related trust funds are timely adjusted. Page 22
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 As long as IRS lacks the data to identify the specific
amount of revenue received for each tax type at the time of
payment, IRS, Treasury, and excise tax-related trust funds will
continue to depend on a complex, error-prone process for
determining revenue distributions. We will follow up on the
implementation and effectiveness of IRS actions as part of our
fiscal year 1999 audit.25 Recommendation To address
delays in recording excise tax returns, we recommend that IRS
establish procedures to ensure the prompt recording of tax
returns. IRS should implement controls to ensure that excise tax
returns are recorded timely and included in the quarterly excise
tax trust fund certifications. Financial Reporting We
continued to find that IRS' general ledger for custodial
activities cannot Issues Remain routinely generate
reliable and timely financial information for decision-making.
This is due to the fact that IRS' financial systems do not
Unresolved conform to the U.S. Government Standard
General Ledger and subsidiary ledgers do not support material
balances. As a result of these weaknesses, IRS systems do not
comply with the Federal Financial Management Improvement Act
(FFMIA) of 1996, which requires that financial management systems
comply with federal accounting and systems standards; these
standards include the Standard General Ledger and subsidiary
ledgers. IRS' basic approach to preparing its annual custodial
financial statements was designed specifically for the narrowly
defined purpose of preparing auditable amounts and balances only
at fiscal year-end. This mechanism is not capable of producing
reliable agencywide principal financial statements or financial
performance information to measure results throughout the year as
a management tool, which is a standard practice in private
industry and some federal entities. In addition, IRS' approach
relies heavily upon ad hoc computer programming, which requires
extensive technical expertise with IRS' master files-expertise
that is possessed by only a limited number of individuals in IRS.
Table 5 identifies general ledger internal control weaknesses and
compliance issues we have identified, along with their effects and
IRS' actions to address these issues. 25Previous recommendations
related to IRS' revenue reporting and distribution process are
listed in appendix II, recommendations 16 through 19. Page 23
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 Table 5: Internal Control and Compliance Issues Related to
Financial Reporting Internal control/compliance issues and effects
IRS actions to address issues Issues previously reported Issue:
IRS' custodial general ledger system cannot routinely
IRS action: IRS has planned a series of incremental steps to
generate reliable and timely financial information for internal
and develop a system that can generate management reports
and external users.
financial statements beginning in 2000. Effect: IRS must rely on
costly, labor-intensive, and GAO response:
Until IRS implements a proper general ledger time-consuming ad hoc
programs to extract data requiring system that
complies with federal requirements, it will continue to
significant adjustments to prepare its annual financial
statements. rely on ad hoc procedures that severely limit its
ability to obtain and Consequently, it cannot routinely generate
periodic statements or provide meaningful financial
data routinely. other reliable information as a management tool.
Issue: IRS' custodial general ledger system does not comply with
IRS action: IRS' systems modernization plan includes developing a
Federal Financial Management System Requirements, federal
new system that will meet requirements, but IRS currently does not
accounting standards, and the U.S. Government Standard General
estimate completion until 2009. Ledger.
GAO response: IRS will not achieve compliance within the 3-year
Effect: IRS cannot rely on its custodial general ledger to
support time frame required. We will continue to assess IRS'
efforts to related amounts on the principal financial statements.
address and correct this problem. Newly reported issues Issue:
The use of interim ad hoc procedures to generate IRS'
IRS action: IRS has not yet developed plans to address this
issue. custodial balances relies on extensive technical expertise
with IRS' master files that is possessed by only a very limited
number of individuals. Effect: Should these individuals become
unavailable for any reason, IRS would most likely be unable to
prepare reliable custodial balances for its financial statements.
As the table above indicates, correcting these problems will
require IRS to make major changes to its financial systems, which
is a long-term process. Sustained senior management attention to
correcting the problems is important to ensure sound financial
management for several reasons: * The general ledger system
currently cannot properly report a reliable balance for taxes
receivable nor can it report revenue receipts by specific tax
type, such as the specific amounts collected for Federal Insurance
Contributions Act (FICA)26 and individual income taxes, even
though taxes receivable and revenue receipts are the two most
significant components of IRS' financial statements. Likewise, it
cannot 26FICA taxes include both employer and employee
contributions. Based on information certified by IRS and the
Social Security Administration, Treasury distributes FICA tax
revenue-also referred to as social security taxes-to three
specific trust funds established to finance the federal
government's principal Social Security programs: the Federal Old
Age and Survivors Insurance Trust Fund; the Federal Disability
Insurance Trust Fund; and the Federal Hospital Insurance Trust
Fund. Page 24 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses B-282731 provide refund activity
by tax type for reporting in the footnotes to the financial
statements as required by federal accounting standards.
Consequently, IRS' custodial general ledger system cannot
routinely generate reliable and timely financial information for
either internal or external users. * Lacking an adequate general
ledger system that complies with federal requirements, IRS must
rely on various costly and time-consuming ad hoc procedures and
adjustments. These include cumbersome procedures for certifying
revenue distributions to the various excise tax trust funds as
well as extensive computer programming to extract needed
information from its master files to support the preparation of
its annual financial statements. Addressing these problems
through costly and time-consuming ad hoc procedures and
adjustments, as IRS has had to do, is not a sound long-term
solution. * The computer programming needed to extract information
from IRS' master files requires an extensive technical knowledge
of the master files which is possessed by very few individuals at
IRS. Should these individuals become unavailable for any reason,
this approach could cease to be a viable option, and IRS would be
forced to rely on a financial reporting process which, in the
absence of such specialized expertise, cannot generate reliable
custodial balances. In addition, during fiscal year 1998, IRS
combined the financial reporting of its administrative and
custodial activities, which had previously been reported and
audited separately, into a single set of principal financial
statements.27 However, IRS has not integrated these separate
financial reporting processes under unified supervision at the
operational level. This lack of uniform supervision limits IRS'
ability to provide integrated IRS financial reporting in the
interim and unnecessarily complicates the annual financial
reporting process.28 In the short term, IRS plans to continue to
employ additional manual procedures until more modernized systems
can be developed. Therefore, it is critical that systems
modernization be part of the long-term solution. IRS plans to
implement the first step of its systems modernization plan to
begin to address some of the financial management deficiencies we
have 27The Department of the Treasury Office of Inspector General
audited IRS' fiscal year 1997 administrative activities. 28This
issue and related recommendations will be addressed further in a
separate report on IRS' administrative internal controls. Page 25
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses B-
282731 identified. While not solving all its problems,
improvements planned may help reduce the dependence of IRS on a
very limited resource of key employees who understand the master
file structure. In addition, the remaining phases of the
modernization plan are being reevaluated in light of changes in
IRS' priorities caused by organizational and legislative changes.
We will continue to monitor IRS' plans and progress toward systems
modernization in our fiscal year 1999 audit.29 In the meantime,
IRS will continue to depend upon ad hoc procedures for the
development of its financial statements for years to come.
Recommendation We recommend, that as a short-term
action, IRS ensure that additional staff are employed and existing
staff appropriately cross-trained to be able to perform the master
file extractions and other ad hoc procedures needed for IRS to
develop reliable balances for financial reporting purposes on a
continuing basis. Agency Comments and In commenting on this
report, the Internal Revenue Service recognized the Our Evaluation
magnitude of its financial management system deficiencies and
internal control weaknesses, and outlined several initiatives
planned or in progress that IRS believes will address a number of
our short-term issues and recommendations. IRS emphasized the
long-term nature of its efforts to improve custodial financial
management and the need to integrate these changes into its
ongoing systems modernization plans. In future audits, we will
continue to monitor the effectiveness of IRS' initiatives in
resolving the issues identified in this report. The complete text
of IRS' response to this report is in appendix III. This report
contains recommendations to you. The head of a federal agency is
required by 31 U.S.C. to submit a written statement on actions
taken on these recommendations. You should send your statements
to the Senate Committee on Governmental Affairs and the House
Committee on Governmental Reform within 60 days of the date of
this letter. A written statement also must be sent to the House
and Senate Committees on 29A previous recommendation related to
financial reporting is listed in appendix II, recommendation 1.
Page 26 GAO/AIMD-99-193 IRS Custodial Financial
Management Weaknesses B-282731 Appropriations with the agency's
first request for appropriations made over 60 days after the date
of this letter. We are sending copies of this report to Senator
Ted Stevens, Senator Robert C. Byrd, Senator Orrin G. Hatch,
Senator Max S. Baucus, Senator Fred Thompson, Senator Joseph
Leiberman, Senator William V. Roth, Senator Daniel P. Moynihan,
Representative Bill Archer, Representative Charles B. Rangel,
Representative C.W. (Bill) Young, Representative David R. Obey,
Representative Amo Houghton, Representative William J. Coyne,
Representative Dan Burton, and Representative Henry A. Waxman, in
their capacities as Chair or Ranking Minority Member of Senate and
House Committees and Subcommittees. We are also sending copies of
this report to The Honorable Lawrence Summers, Secretary of the
Treasury, and The Honorable Jacob J. Lew, Director of the Office
of Management and Budget. Copies will be made available to others
on request. Please contact me at (202) 512-9505 or Steven J.
Sebastian, Assistant Director, at (202) 512-9521 if you or your
staff have any questions concerning this report. Other contacts
and key contributors to this report are listed in appendix IV.
Sincerely yours, Gregory D. Kutz Associate Director,
Governmentwide Accounting And Financial Management Issues Page 27
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Contents Letter
1 Appendix I
30 Scope and Methodology Appendix II
32 Status of GAO Recommendations on IRS Custodial Activity
Appendix III
41 Comments From the Internal Revenue Service Appendix IV
43 GAO Contacts and Staff Acknowledgements Related GAO Products
47 Tables Table 1: Internal Control and
Compliance Issues Related to Unpaid Assessments 6 Table 2:
Internal Control Issues Related to Manual Receipts and Taxpayer
Data
12 Table 3: Internal Control Issues Related to Refunds and Earned
Income Tax Credit Claims
18 Table 4: Internal Control and Compliance Issues Related to
Revenue Reporting and Distribution
21 Page 28 GAO/AIMD-99-193 IRS Custodial Financial
Management Weaknesses Contents Table 5: Internal Control and
Compliance Issues Related to Financial Reporting 24 Table II.1:
Fifteen Recommendations on IRS Custodial Financial Management That
Remained Open 32
Table II.2: Twenty New Recommendations on IRS Custodial Financial
Management 36 Table II.3: Seven Recommendations on IRS Custodial
Financial Management in This Report
39 Figure Figure 1: Comparison of Unpaid Assessments Before
and After Audit Adjustments as of September 30, 1998
8 Abbreviations BPD Bureau of the Public Debt EITC
earned income tax credit FBI Federal Bureau of
Investigation FFMIA Federal Financial Management Improvement
Act FICA Federal Insurance Contribution Act FMS
Financial Management Service IRS Internal Revenue Service OMB
Office of Management and Budget SSA Social Security
Administration TFRP trust fund recovery penalty Page 29
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix I Scope and Methodology
Appendix I As part of our audit of IRS' fiscal year 1998 financial
statements, we evaluated IRS' internal controls, its compliance
with selected provisions of laws and regulations, and followed up
on the status of open recommendations. Specifically, we: *
performed multipurpose tests on selected statistical samples of
unpaid assessment, revenue, and refund transactions and conducted
analytical procedures; * performed detailed tests of transactions
that represent the underlying basis of amounts distributed to the
Highway, Airport and Airway, and Black Lung Disability trust
funds; * reviewed daily, weekly, and monthly reconciliations,
physical safeguards, and segregation of duties over cash and
checks received and processed at service centers, district
offices, post-of-duty offices and lockbox banks; * reviewed
specific controls over refund processing and financial reporting;
* interviewed IRS managers at service centers, district offices,
post-of-duty offices, and lockbox banks, and observed processing
procedures and controls; interviewed internal audit, internal
security, and criminal investigation managers at selected service
centers and district offices;1 * reviewed IRS' fiscal year 1998
Federal Managers' Financial Integrity Act Annual Assurance
Statement, Action Plan for GAO Recommendations dated January 8,
1999, and two IRS letters to Congress dated January 29, 1999, and
February 25, 1999, containing IRS' responses to recommendations in
two recent GAO reports on IRS financial management;2 and, *
reviewed IRS' quarterly certifications of excise tax revenue to
the Highway, Airport and Airway, and Black Lung Disability trust
funds. We also examined IRS' financial management systems to
enable us to report on whether they substantially complied with
Federal Financial Management Systems Requirements, applicable
federal accounting standards, and the U.S. Government Standard
General Ledger at the transaction level, as required by the
Federal Financial Management 1The IRS Restructuring and Reform Act
of 1998 replaced IRS' Office of Chief Inspector-which included
internal audit and internal security-with the Office of the
Treasury Inspector General for Tax Administration. 2GAO/AIMD-99-
15, November 30, 1998 and GAO/AIMD-99-17, November 9, 1998. Page
30 GAO/AIMD-99-193 IRS Custodial Financial
Management Weaknesses Appendix I Scope and Methodology Improvement
Act of 1996 (FFMIA). In addition, we considered the
implementation guidance for FFMIA issued by OMB on September 9,
1997, in Bulletin 98-08. Also, as part of our ongoing audit of
IRS' fiscal year 1999 financial statements, we performed
additional observations of processing procedures and controls at
selected service centers, district offices, post-of-duty offices,
and lockbox banks during the peak period of the 1999 tax filing
season. Our work was performed at IRS' National Office in
Washington D.C.; all 10 IRS service centers located across the
country; 7 district offices; 7 post-of-duty offices; and 5 lockbox
banks. Page 31 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses Appendix II Status of GAO
Recommendations on IRS Custodial Activity
Appendix I I As of our prior report on the status of GAO
recommendations on IRS custodial activity,1 15 recommendations
related to IRS custodial financial management remained open.
These are numbered 1 through 15 and are listed below with their
current status. Since the conclusion of our fiscal year 1997
audit we have issued two additional reports2 related to IRS
financial management which contained a total of 20 new
recommendations. These are numbered 16 through 35 in the chart
below.3 Also, we are making seven new recommendations in this
report as a result of our fiscal year 1998 audit and work
performed as part of our ongoing fiscal year 1999 financial audit.
These are numbered 36 through 42 below. We will continue to
monitor IRS' progress toward addressing each of these
recommendations during our fiscal year 1999 audit. Table II.1:
Fifteen Recommendations on IRS Custodial Financial Management That
Remained Open Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations Financial Management: Important IRS Revenue
Information Is Unavailable or Unreliable (GAO/AIMD-94-22, December
21, 1993) 1. Identify reporting information needs, develop
Closed. IRS reported that its contractor Open. As reported by
IRS, the policies related sources of reliable information, and
establish had completed a draft set of policies and
procedures only cover IRS' and implement policies and procedures
for compiling and procedures in 1998 for preparing
custodial financial statements and thus, this information. These
procedures should describe the custodial financial statements.
do not address any of the administrative any (1) adjustments that
may be needed to available
financial statements. Because IRS now information and (2)
analyses that must be performed
prepares one set of financial to determine the ultimate
disposition and
statements, these policies and classification of amounts
associated with in-process
procedures do not cover all of its transactions and amounts
pending investigation and
financial reporting needs. resolution. 2. Monitor implementation
of actions to reduce the Closed. IRS reported that it would
Open. IRS currently expects to errors in calculating and
reporting manual interest on increase automation of the manual
complete corrective actions in 2001. taxpayer accounts, and test
the effectiveness of interest calculations, develop a
quality We will follow up on IRS' these actions.
review process, and measure accuracy. implementation as part of
our fiscal year 1999 audit. (continued) 1See GAO/AIMD-99-16
appendix II, October 30, 1998. 2GAO/AIMD-99-17, November 9, 1998,
and GAO/AIMD-99-15, November 30, 1998. 3The current status of
recommendations related to IRS' administrative activities will be
addressed in a separate report on IRS' administrative internal
controls. Page 32 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses Appendix II Status of GAO
Recommendations on IRS Custodial Activity Status of GAO
recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations Financial Audit: Examination of IRS' Fiscal Year
1993 Financial Statements (GAO/AIMD-94-120, June 15, 1994) 3.
Ensure that system development efforts provide Closed. IRS
reported it is continuing Closed. Although IRS has not yet
fully reliable, complete, timely, and comprehensive
refinement of the Enforcement Revenue addressed the identified
problems, we information with which to evaluate the effectiveness
Information System, which integrates have since made
several more specific of its enforcement and collection programs.
data on enforcement recommendations, recommendations to address
IRS' assessments, collections, cost, and ongoing need for
more timely and case length on closed cases. accurate
information related to its efforts, see 5, 8, and 14 through19
below. 4. Establish and implement procedures to analyze
Closed. IRS reported it had Closed. Our fiscal year
1998 audit the impact of abatements on the effectiveness of
implemented program changes to more identified several issues
regarding assessments from IRS' various collections programs.
accurately report on abatements. abatements that, while
needing attention by IRS management, do not constitute significant
internal control deficiencies. We are thus closing this
recommendation but have separately issued a letter to IRS
management discussing the issues identified in our fiscal year
1998 audit and suggesting corrective actions to resolve them.
Internal Revenue Service: Immediate and Long-Term Actions Needed
to Improve Financial Management (GAO/AIMD-99-16, October 30, 1998)
5. Manually review and eliminate duplicate or other Closed. IRS
does not believe this is Open. We continue to believe this
assessments that have already been paid off to
achievable in the short-term and has problem's significance
warrants assure all accounts related to a single assessment
convened a task force to develop immediate action to
prevent further are appropriately credited for payments received.
programming specifications for unnecessary taxpayer
burden. Waiting automating this process in the for a
long-term systems changewhich long-term.
will likely take 10 years or more to implement-could continue to
subject taxpayers to additional costs and hardships until the
problem is fixed. 6. Improve the accuracy of its master file
extraction Closed. IRS made programming Closed.
Although IRS' FY 1998 unpaid programs used to classify unpaid
assessments such changes in FY 1998 that enabled it to
assessment balances required that, once the extractions are made,
any subsequent extract data that was consistent with FY
significant audit adjustments to correct adjustments needed would
not be material. At a 1997 final reported balances.
misstated and duplicate unpaid minimum, IRS should consider the
nature of the
assessment balances identified by our adjustments made to the
fiscal year 1997 amounts
testing, further refinement of the master extracted and adjust the
extraction programs in
file extraction programs will not future years accordingly.
significantly reduce these adjustments. (continued) Page 33
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix II Status of GAO Recommendations on IRS Custodial
Activity Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations 7. Establish minimum documentation standards or
Open. IRS reported it has established a Open. While we noted
some checklists for collection files. These standards or
task force to develop a corrective action improvements in our
fiscal year 1998 checklists should include minimum documentation
plan, which is expected to include audit, such as in
estate appraisal and file organization requirements for all taxes
modifying procedures and training documentation, IRS
continued to receivable and compliance assessment cases,
documents. It expects to accomplish experience
difficulties in providing other specifying the types of
documentation required, this by January 2001.
supporting documentation, such as that standard file organization,
and the retention period
for bankruptcy, non-estate installment that will ensure that such
documents are maintained
agreements, and older cases. until the statute of limitations has
expired. 8. Ensure that IRS' modernization blueprint includes
Open. IRS plans to develop a Open. The
success of the database to developing a subsidiary ledger to
accurately and subsidiary general ledger to identify,
track and link multiple TFRP promptly identify, classify, track,
and report all IRS classify, track and report all unpaid
assessments depends on service unpaid assessments by amount and
taxpayer. This assessments except for trust fund
center personnel manually inputting the subsidiary ledger must
also have the capability to recoveries. However, the
plan is cross-reference information needed to
distinguish unpaid assessments by category in order expected to
include the development of link these assessments. Therefore, to
identify those assessments that represent taxes a
relational database that has the even after the
database is implemented, receivable versus compliance assessments
and capability to track and link multiple
it will require significant manual effort to write-offs. In cases
involving trust fund recovery TFRP assessments.
ensure that it functions as needed. In penalties, the subsidiary
ledger should ensure that
addition, the capability to ensure that (1) the trust fund
recovery penalty assessment is
TFRP payments are automatically appropriately tracked for all
taxpayers liable but
credited to individual accounts is not counted only once for
reporting purposes and (2) all
currently being developed. payments made are properly credited to
the accounts of all individuals assessed for the liability. 9.
Examine and consider options to increase Open. IRS
is in the process of Open. We will follow up on IRS'
deterrent controls at service centers. Some options analyzing
all potential deterrents to theft implementation as part of our
fiscal year IRS should examine and consider include:
of cash, checks, and taxpayer data and 1999 audit. * installing
surveillance cameras to monitor staff expects to complete
its analysis by June when they are opening, extracting and sorting
the 30, 1999. According to IRS officials, a mail, and when they
are processing receipts, plan based on the results
of the analysis * restricting personal items that can be brought
into will be initiated by December 1999. the receipt processing
areas, such as handbags, briefcases, and bulky outerwear, and *
providing lockers and requiring their use for storing personal
belongings outside of the receipt processing areas. 10. Provide
adequate training and monitoring of Open. IRS plans to
develop a national Open. We will follow up on IRS' extraction
unit staff to ensure staff are informed and training course for
mail extraction unit implementation as part of our fiscal
year properly trained on the proper procedures, and that staff by
August 1999. 1999 audit. the
procedures are being followed. 11. Limit the units that may
receive unopened mail Closed. IRS issued a policy to route
Open. We will follow up on IRS' directly to only those units
which require mail through the service centers'
receipt implementation as part of our fiscal year confidentiality
due to the nature of their work. At a and control function
beginning January 1999 audit. minimum, mail addressed to off-site
locations should 1, 1999, except for functions that require be
routed through the service center first to identify
confidentiality due to the nature of their mail that may contain
taxpayer receipts. work. (continued) Page 34
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix II Status of GAO Recommendations on IRS Custodial
Activity Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations 12. Ensure that security guards and other
Closed. IRS issued a December 1998 Closed. While IRS issued a
policy unauthorized service center personnel do not
memorandum (1) prohibiting guards addressing this issue,
we are making an receive walk-in payments from taxpayers.
and other unauthorized personnel from additional recommendation
to reduce receiving payments and (2) specifying the
vulnerability of walk-in payments. procedures for deposit unit
personnel to See recommendation 40, below. receive such payments
from taxpayers. 13. Conduct a cost-benefit study to evaluate
Open. Although IRS agreed that Open. IRS has yet to
conduct a whether preventive controls, such as manually
reducing invalid refunds up front is comprehensive study
analyzing not only comparing W-2 and other third party information
to generally preferable, they believed that the expected
additional costs, but also tax returns at the time returns are
received rather manually comparing W-2s and other
the benefits derived, such as the value than many months later,
would be cost-beneficial. third party documents during
of invalid refunds that would be This study should include a
complete analysis of the processing is neither feasible nor
prevented and cost savings from having projected costs and
associated benefits of increases practical. IRS is requesting a
fewer invalid refunds to pursue and to preventive controls. If
such controls are programming change to identify
attempt to collect. determined to be beneficial, IRS should
implement selected returns for reviewing W-2 data them
to the extent practical to reduce the amount of rather than doing
so for all returns. inappropriate refund payments. 14. Ensure
that IRS' modernization blueprint Open. IRS
contends that it plans to Open. This is a long-term
solution for includes the ability to compare W-2 and other
implement an automated matching of which IRS does not
have an estimated third-party information to tax returns as they
are W-2 and other third party information to completion
date. processed to further prevent improper refunds from tax
returns as they are processed. being issued.
However, IRS reported that it would require changes in the tax
code and tax document filing requirements. 15. Implement Phase 0
of IRS' systems Open. IRS currently plans to
implement Open. We will monitor IRS' progress modernization plan
as quickly as possible. In doing the first step of Phase 0 in
2000. during our fiscal year 1999 audit. so, IRS
should incorporate plans to ensure that the resulting system can
routinely generate timely and reliable financial management
reports which can be used by internal and external users and which
will increase the timeliness of preparation and audit of its
annual financial statements. Until Phase 0 is implemented, IRS
should continue to utilize special computer programs and prepare
manual adjustments, as needed, to derive amounts to be reported in
the financial statements. aThe "Status of GAO Recommendations
Reported by IRS in 1999" is based primarily upon the following IRS
documents: Action Plan for GAO Recommendations, January 8, 1999,
and two letters to Congress dated January 29, 1999, and February
25, 1999, laying out IRS' response to each of the recommendations
in GAO/AIMD-99-15 and GAO/AIMD-99-17, respectively. Page 35
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix II Status of GAO Recommendations on IRS Custodial
Activity Table II.2: Twenty New Recommendations on IRS Custodial
Financial Management Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations Excise Taxes: Internal Control Weaknesses Affect
Accuracy of Distributions to the Trust Funds (GAO/AIMD-99-17,
November 9, 1998) 16. Determine if it would be cost-effective to
develop Closed. IRS reported that it Open. We
will follow up on IRS' and implement procedures requiring either
key implemented post-input controls to
implementation during our fiscal year verification of the
assessment amount by excise tax review all returns with
assessments of 1999 audit. type before final processing or to
implement other $1 million and over and all returns post-
input controls to verify the accuracy of reporting
coal tax assessments of assessment amounts by tax type. In making
the $100,000 or more. Per IRS, these cover
determination, IRS should consider establishing a over 92
percent of total excise tax dollar threshold that would ensure
coverage of 90 assessments. percent of total excise tax
assessments from the tax returns. 17. Revise the Form 720 tax
return to reflect a Open. IRS plans to explore the
Open. This is a mid- to long-term separate column adjacent to the
column for entering feasibility of adding a column on the
solution. As a result, errors associated the tax assessment, by
abstract number, for the Form 720 tax return or,
alternatively, to with adjustments affecting specific taxpayer to
report on pages 1 and 2 of the tax return increase the amount of
data captured excise tax amounts will continue to
claims and adjustments, by abstract number, based from the Form
720 through its systems occur in the short term. on the
information the taxpayer reports on Schedule modernization
effort. IRS plans to have C.
systemic changes in place for the 2002 filing season. 18.
Develop, document, and implement review Closed. IRS
reported it developed new Open. We will follow up on IRS'
procedures over the adjustment and summarization procedures and
checksheets for excise implementation during our fiscal year of
assessment data used in the certifications. tax trust
fund certifications that require a 1999 audit . Specifically, IRS
should require that detailed separate checksheet for
each trust fund. supervisory review be performed and documented to
Additional staff have been assigned to ensure that adjustments are
reasonable and analyze the data, and additional
adequately supported, calculations are appropriately supervisory
reviews prior to certification performed, and the certification
letter agrees with the have been added. supporting schedules. 19.
Establish and implement specific procedures Closed. IRS
reported that a rate chart Open. We will follow up on IRS'
requiring that IRS personnel review the distribution has
been developed and verified by the implementation during our
fiscal year rates provided by OTA prior to those rates being used
legal counsels for each of the Form 720 1999 audit. in the
certification of Highway Trust Fund trust fund
agencies. The table is to be distributions and document evidence
of those reviewed quarterly, used to update OTA
reviews. models
and monthly transfers, and maintained for audit trail purposes.
(continued) Page 36 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses Appendix II Status of
GAO Recommendations on IRS Custodial Activity Status of GAO
recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations Internal Revenue Service: Physical Security Over
Taxpayer Receipts and Data Needs Improvement (GAO/AIMD-99-15,
November 30, 1998) 20. Reevaluate the risk classification of all
positions Closed. IRS decided on March 24, Open.
IRS did not provide an estimated in IRS' Receipt and Control
Branch and reclassify 1999, that reevaluation of
positions for completion date for the other security. such
positions where appropriate.
reclassification was not needed and will We will continue to
monitor progress explore other security options.
during fiscal year 1999. 21. Establish procedures to review the
applications Open. IRS plans to re-emphasize
Open. We will follow up on IRS' and associated documents for all
applicants given procedures and to procure live scan
implementation during our fiscal year job offers to ensure that
fingerprint checks are fingerprint equipment
compatible with 1999 audit. initiated on those
individuals. Implement procedures FBI's Integrated Automated
Fingerprint to provide supervisory feedback on these reviews as
Identification System (IAFIS) to be necessary to ensure personnel
staff are aware of implemented about July 1999. Once
and follow IRS' policy requiring fingerprint checks.
operational, fingerprint checks are expected to be completed in 5
days. Also, IRS will review management reports and initiate
actions to address fingerprinting deficiencies. 22. Continue with
the agency's plans to develop and Open. IRS issued a memorandum
on Open. We will follow up on IRS' implement a
policy to fingerprint filing season April 30, 1999,
to all IRS support offices implementation during our fiscal year
applicants at the earliest possible time in the job to
fingerprint new employees upon 1999 audit. application
process. receipt of an
application or upon passing written tests. This is to be
implemented no later than September 1, 1999. 23. Until the
problems with delays in fingerprint Open. IRS reported
it would be unable Open. We will follow up on IRS' checks are
resolved, develop and implement a policy to comply during the
1999 filing season. implementation during our fiscal year
prohibiting new employees from being assigned to
However, it expects that implementation 1999 audit. process
receipts until the results of fingerprint of FBI's
IAFIS system in July 1999 checks are received and reviewed by
management. should resolve this problem for future filing
seasons. 24. Continue the agency's efforts to explore the
Open. IRS reported it plans to expand Open. We will follow up
on IRS' feasibility of obtaining local police checks on IRS
the local police check capability to other implementation during
our fiscal year applicants and evaluate the efficiency and
facilities and is testing a pilot program to 1999 audit.
effectiveness of the Philadelphia Service Center's
establish procedures with local police to electronic
fingerprinting system in order to provide this
service. supplement FBI fingerprint checks. 25. Continue the
agency's efforts to negotiate with Open. IRS reported it has
procured the Open. We will follow up on IRS' OPM and the FBI and
procure the necessary equipment and delivered
it to 17 IRS implementation during our fiscal year
equipment so that it can participate in FBI's IAFIS sites
including the 10 service centers. It 1999 audit. program by
August 1999. has requested to
be a pilot for IAFIS when it comes on-line in summer 1999. 26.
Improve the physical security over receipts and Open. IRS is
assessing the space issue Open. We will continue to monitor
returns stored in unsecured overflow areas. These at its service
centers to determine progress during our fiscal
year 1999 controls might include limiting unnecessary traffic by
where the overflow mail can be properly audit. temporarily
designating these overflow areas as stored and
secured. IRS expects to restricted access areas and/or posting
additional have improved security over overflow
security guards over such areas during the peak mail
by April 2000. filing season. (continued) Letter
Page 37 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses Appendix II Status of GAO
Recommendations on IRS Custodial Activity Status of GAO
recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations 27. Ensure that all final candling activities are
Open. IRS is working with the service Open. We will continue to
monitor consistently located in a restricted access area.
centers to assess the space issue and progress during our fiscal
year 1999 expects to have all final candling audit.
activities located in restricted access areas by January 2000. 28.
Provide secure containers for service center Closed.
In February 1999, IRS issued a Open. We will follow up on IRS'
employees to store "discovered remittances" prior to memorandum
that re-emphasizes implementation during
our fiscal year inventory and submission to the Receipt and
Control instructions for handling these
1999 audit. Branch. Immediately upon discovery, the receipts
remittances, including storing should be recorded into a control
log, the receipts discovered remittances in a secure
secured in a locked container, and the discovered
container and recording the information receipts reconciled to the
control log prior to on Form 4287, Record of
Discovered submission for processing.
Remittance. 29. Ensure that all unmatched checks are stored in
Open. IRS is in the process of obtaining Open. We will follow
up on IRS' locked containers until they can be researched and
suitable containers for storing
implementation during our fiscal year processed for deposit.
unmatched checks in service centers by 1999 audit. August 1999.
30. Ensure that all returned refund checks are
Closed. IRS issued a supplemental Open. We will follow
up on IRS' stamped "non-negotiable" as soon as they are
procedure to reinforce overstamping of implementation during our
fiscal year extracted.
returned refund checks as soon as they 1999 audit. are extracted.
31. Require district office employees to store walk-in Closed.
In November 1998, IRS issued Open. We will follow up on IRS'
payments in secure containers in accordance with new
guidelines for safeguarding receipts implementation during our
fiscal year IRM 1(16) 41, section 500. District office
of cash and noncash payments received 1999 audit. management
should ensure that this policy is in walk-in
facilities. followed and should limit the number of employees with
access to the keys or combinations to these containers. 32.
Ensure that walk-in payment receipts are Closed.
IRS issued new guidelines for Open. We will follow up on IRS'
recorded in a control log prior to depositing the
recording and reconciling receipts. implementation during
our fiscal year receipts in the locked container and ensure that
the 1999
audit. control log information is reconciled to receipts prior to
submission of the receipts to another unit for payment processing.
To ensure proper segregation of duties, an employee not
responsible for logging receipts in the control log should perform
the reconciliation. 33. Study the feasibility of improving
security for Open. IRS issued a directive in April
Open. We will continue to monitor deposits in transit. In
conducting this study, IRS 1999 that required couriers
to be progress during our fiscal year 1999 should
consider a number of alternatives including bonded and
use locked, enclosed audit. the use of depositories
in close proximity to its vehicles. IRS reported it
is also various field locations and employing security guards
upgrading service center requirements to accompany couriers to the
depositories. to include the use of armed
couriers, and plans to have all field offices send tax receipts by
overnight mail to designated service centers by August 1999. It
has also initiated a study to investigate other alternatives for
transporting deposits. (continued) Page 38
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix II Status of GAO Recommendations on IRS Custodial
Activity Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations 34. Develop a policy to ensure that contracts
related Open. Once the study on transporting Open. We will
continue to monitor to courier services do not unduly expose the
deposits is completed, IRS plans to progress during our
fiscal year 1999 government to losses in the event of lost,
stolen, or develop a policy. Implementation of the audit.
damaged deposits in transit.
contractor's findings is scheduled for August 1999. 35. Ensure
that courier access is limited to service Open. IRS reported it
is working to Open. No time frames have been center
premises. Deposit Unit employees should determine the
best solution to this issue. established for what corrective
action deliver the deposits to couriers waiting at the guard
will be taken and when this effort might station instead of
providing courier badges allowing
be completed. them unnecessary service center access. aThe "Status
of GAO Recommendations Reported by IRS in 1999" is based primarily
upon the following IRS documents: Action Plan for GAO
Recommendations, January 8, 1999, and two letters to Congress
dated January 29, 1999, and February 25, 1999, laying out IRS'
response to each of the recommendations in GAO/AIMD-99-15 and
GAO/AIMD-99-17, respectively. Table II.3: Seven Recommendations
on IRS Custodial Financial Management in This Report Status of GAO
recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations Internal Revenue Service: Custodial Financial
Management Weaknesses (GAO/AIMD-99-193, August 4, 1999) 36.
Analyze and determine the factors causing delays Not
applicablenew recommendation. New recommendation.
in processing and posting trust fund recovery penalty assessments.
Once these factors have been determined, IRS should develop
procedures to reduce the impact of these factors and to ensure
timely posting to all applicable accounts and proper offsetting of
refunds against unpaid TFRP assessments before issuance. 37.
Identify and institute procedures to monitor Not
applicablenew recommendation. New recommendation.
compliance of installment agreements. Such monitoring should
ensure that the installment agreements provide for full payment of
the taxes owed. For example, management could randomly select
installment agreements from all of its units to review for
compliance with the Internal Revenue Code. (continued) Page 39
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix II Status of GAO Recommendations on IRS Custodial
Activity Status of GAO recommendations Recommendations
reported by IRS in 1999a GAO status of
recommendations 38. Expand IRS' current review of service center
Not applicablenew recommendation. New recommendation.
deterrent controls to include similar reviews of controls at IRS
district offices and post-of-duty offices in areas such as courier
security, safeguarding of receipts in locked containers,
requirements for fingerprinting employees, and requirements for
promptly over-stamping checks made out to "IRS" with "Internal
Revenue Service" or "United States Treasury". Based on the
results, IRS should make appropriate changes to strengthen its
controls at these locations. 39. IRS should work with Treasury's
Financial Not applicablenew recommendation.
New recommendation. Management Service (FMS) to revise the current
lockbox contracts to specifically require that: * background
checks be completed before employees begin working, * temporary
employees be subjected to background checks that are consistent
with those required of IRS employees, and * taxpayer data and
receipts in transit to and from the lockbox banks are
appropriately protected. 40. Require service center staff to
provide receipts to Not applicablenew recommendation.
New recommendation. all walk-in taxpayers regardless of the method
of payment. In addition, IRS should post signs reminding
taxpayers to request receipts. At service centers not normally
equipped to receive walk-in payments, all receipts should be
logged in to ensure completeness and accuracy of receipts and
deposits. 41. Establish procedures to ensure the prompt
Not applicablenew recommendation. Not applicablenew
recommendation. recording of tax returns. IRS should implement
controls to ensure that excise tax returns are recorded timely and
included in the quarterly excise tax trust fund certifications.
42. Ensure that additional staff are employed and
Not applicablenew recommendation. New recommendation.
existing staff appropriately cross-trained to be able to perform
the master file extractions and other ad hoc procedures needed for
IRS to develop reliable balances for financial reporting purposes
on a continuing basis. aThe "Status of GAO Recommendations
Reported by IRS in 1999" is based primarily upon the following IRS
documents: Action Plan for GAO Recommendations, January 8, 1999,
and two letters to Congress dated January 29, 1999, and February
25, 1999, laying out IRS' response to each of the recommendations
in GAO/AIMD-99-15 and GAO/AIMD-99-17, respectively. Page 40
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Appendix III Comments From the Internal Revenue ServiceAppendix
III Page 41 GAO/AIMD-99-193 IRS Custodial Financial Management
Weaknesses Appendix III Comments From the Internal Revenue Service
Page 42 GAO/AIMD-99-193 IRS Custodial Financial
Management Weaknesses Appendix IV GAO Contacts and Staff
Acknowledgements Appendix IV GAO Contacts Steven J.
Sebastian (202) 512-3406 Doreen Eng (206) 287-4858
Acknowledgements In addition to those named above, the
following individuals made key contributions to this report:
Julianne Hartman Cutts, Catherine W. Arnold, Stan Stenerson, and
Charles R. Fox. Page 43 GAO/AIMD-99-193 IRS Custodial
Financial Management Weaknesses Page 44 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses Page 45 GAO/AIMD-99-
193 IRS Custodial Financial Management Weaknesses Page 46
GAO/AIMD-99-193 IRS Custodial Financial Management Weaknesses
Related GAO Products Internal Revenue Service: Results of Fiscal
Year 1998 Financial Statement Audit (GAO/T-AIMD-99-103, March 1,
1999). Financial Audit: IRS' Fiscal Year 1998 Financial
Statements (GAO/AIMD-99-75, March 1, 1999). IRS Systems Security:
Although Significant Improvements Made, Tax Processing Operations
and Data Still at Serious Risk (GAO/AIMD-99-38, December 14,
1998). Internal Revenue Service: Physical Security Over Taxpayer
Receipts and Data Needs Improvement (GAO/AIMD-99-15, November 30,
1998). Excise Taxes: Internal Control Weaknesses Affect Accuracy
of Distributions to the Trust Funds (GAO/AIMD-99-17, November 9,
1998). Internal Revenue Service: Immediate and Long-Term Actions
Needed to Improve Financial Management (GAO/AIMD-99-16, October
30, 1998). Internal Revenue Service: Composition and
Collectibility of Unpaid Assessments (GAO/AIMD-99-12, October 29,
1998). Internal Revenue Service: Remaining Challenges to Achieve
Lasting Financial Management Improvements (GAO/T-AIMD/GGD-98-139,
April 15, 1998). Financial Audit: Examination of IRS' Fiscal Year
1997 Custodial Financial Statements (GAO/AIMD-98-77, February 26,
1998). Tax Systems Modernization: Blueprint Is a Good Start But
Not Yet Sufficiently Complete to Build or Acquire Systems
(GAO/AIMD/GGD-98-54, February 24, 1998). Financial Audit:
Examination of IRS' Fiscal Year 1996 Custodial Financial
Statements (GAO/AIMD-98-18, December 24, 1997). Financial Audit:
Examination of IRS' Fiscal Year 1995 Financial Statements
(GAO/AIMD-96-101, July 11, 1996). Financial Audit: Examination of
IRS' Fiscal Year 1994 Financial Statements (GAO/AIMD-95-141,
August 4, 1995). Letter Page 47 GAO/AIMD-99-193 IRS
Custodial Financial Management Weaknesses Related GAO Products
Financial Audit: Examination of IRS' Fiscal Year 1993 Financial
Statements (GAO/AIMD-94-120, June 15, 1994). Financial Management:
Important IRS Revenue Information is Unavailable or Unreliable
(GAO/AIMD-94-22, December 21, 1993). Financial Audit: Examination
of IRS' Fiscal Year 1992 Financial Statements (GAO/AFMD-93-2, June
30, 1993). Financial Audit: IRS Significantly Overstated its
Accounts Receivable Balance (GAO/AFMD-93-42, May 6, 1993). Federal
Tax Deposit System: IRS Can Improve the Federal Tax Deposit
System (GAO/AFMD-93-40, April 28, 1993). (919354) Letter
Page 48 GAO/AIMD-99-193 IRS Custodial Financial
Management Weaknesses Ordering Information The first copy of each
GAO report and testimony is free. Additional copies are $2 each.
Orders should be sent to the following address, accompanied by a
check or money order made out to the Superintendent of Documents,
when necessary, VISA and MasterCard credit cards are accepted,
also. Orders for 100 or more copies to be mailed to a single
address are discounted 25 percent. Orders by mail: U.S. General
Accounting Office P.O. Box 37050 Washington, DC 20013 or visit:
Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S.
General Accounting Office Washington, DC Orders may also be placed
by calling (202) 512-6000 or by using fax number (202) 512-6061,
or TDD (202) 512-2537. Each day, GAO issues a list of newly
available reports and testimony. To receive facsimile copies of
the daily list or any list from the past 30 days, please call
(202) 512-6000 using a touchtone phone. A recorded menu will
provide information on how to obtain these lists. For information
on how to access GAO reports on the INTERNET, send an e-mail
message with "info" in the body to: [email protected] or visit
GAO's World Wide Web Home Page at: http://www.gao.gov United
States Bulk Rate General Accounting Office
Postage & Fees Paid Washington, D.C. 20548-0001 GAO
Permit No. GI00 Official Business Penalty for Private Use $300
Address Correction Requested
*** End of document. ***