oversight

Financial Audit: Examination of IRS' Fiscal Year 1996 Custodial Financial Statements

Published by the Government Accountability Office on 1997-12-24.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                 United States General Accounting Office

GAO              Report to the Congress




December 1997
                 FINANCIAL AUDIT
                 Examination of IRS’
                 Fiscal Year 1996
                 Custodial Financial
                 Statements




GAO/AIMD-98-18
      United States
GAO   General Accounting Office
      Washington, D.C. 20548

      Comptroller General
      of the United States

      B-277111

      December 24, 1997

      To the President of the Senate and the
      Speaker of the House of Representatives

      In accordance with the Chief Financial Officers (CFO) Act of 1990, as
      expanded by the Government Management Reform Act of 1994, this report
      presents the results of our audit of the Custodial Financial Statements of
      the Internal Revenue Service (IRS) for fiscal year 1996. The IRS Custodial
      Financial Statements report the financial position and results of activities
      related solely to IRS’ custodial responsibilities for implementing federal tax
      legislation, including collecting federal tax revenues, refunding
      overpayments of taxes, and pursuing collection of amounts owed.

      Accordingly, these Custodial Financial Statements do not report on the
      financial position and results of operations related to the administration of
      IRS as funded by appropriations and reimbursements from other agencies,
      state and local governments, and the public. We reported on the results of
      our audit of IRS’ fiscal year 1996 Administrative Financial Statements on
      August 29, 1997.1

      Our report contains our opinions on (1) IRS’ Custodial Financial
      Statements and (2) IRS management’s assertion about the effectiveness of
      internal controls, along with information regarding our efforts to test
      compliance with laws and regulations and a description of our audit
      objectives, scope, and methodology. Also, appendix I describes the status
      of IRS’ efforts to implement our prior recommendations related to the
      Custodial Financial Statements.

      We are sending copies of this report to the Commissioner of Internal
      Revenue; the Secretary of the Treasury; the Director of the Office of
      Management and Budget; the Chairmen and Ranking Minority Members of
      the Senate Committee on Governmental Affairs, the House Committee on
      Government Reform and Oversight and its Subcommittee on Government
      Management, Information and Technology; and other interested
      congressional committees. Copies will be made available to others upon
      request.




      1
       Financial Audit: Examination of IRS’ Fiscal Year 1996 Administrative Financial Statements
      (GAO/AIMD-97-89, August 29, 1997).



      Page 1                                                      GAO/AIMD-98-18 IRS Financial Audit
B-277111




If you have any questions about this report, please contact Jeffrey C.
Steinhoff, Director of Planning and Reporting, at (202) 512-9450.




James F. Hinchman
Acting Comptroller General
of the United States




Page 2                                       GAO/AIMD-98-18 IRS Financial Audit
Page 3   GAO/AIMD-98-18 IRS Financial Audit
Contents



Letter                                                                                            1


Opinion Letter                                                                                    6


Principal Financial                                                                              20

Statements - Custodial
Appendix I                                                                                       43

Reports Issued as a
Result of GAO’s Audits
of IRS’ Fiscal Years
1992 Through 1995
Financial Statements
and Status of
Custodial
Recommendations
Appendix II                                                                                      47

Comments From the
Internal Revenue
Service




                         Abbreviations

                         CFO      chief financial officer
                         FMFIA    Federal Managers’ Financial Integrity Act
                         FMS      Financial Management Service
                         IRS      Internal Revenue Service
                         OMB      Office of Management and Budget
                         SFFAS    Statements of Federal Financial Accounting Standards


                         Page 4                                   GAO/AIMD-98-18 IRS Financial Audit
Page 5   GAO/AIMD-98-18 IRS Financial Audit
          United States
GAO       General Accounting Office
          Washington, D.C. 20548

          Comptroller General
          of the United States

          B-277111

          To the Commissioner of Internal Revenue

          In accordance with the Chief Financial Officers (CFO) Act of 1990, as
          expanded by the Government Management Reform Act of 1994, this report
          presents the results of our audit of the Custodial Financial Statements of
          the Internal Revenue Service (IRS) for fiscal year 1996. The Custodial
          Financial Statements report the financial position and results of activities
          related solely to IRS’ custodial responsibilities for implementing federal tax
          legislation, including collecting federal tax revenues, refunding
          overpayments of taxes, and pursuing collection of amounts owed.1

          In our audit of IRS’ fiscal year 1996 Custodial Financial Statements, we
          found the following:

      •   We are unable to give an opinion on the Statement of Financial Position
          because IRS could not provide adequate documentation to support its
          balance of federal taxes receivable. Consequently, we were unable to
          determine whether the amount reported for net federal tax receivables,
          which comprise over 95 percent of total custodial assets at September 30,
          1996, was fairly stated.
      •   The Statement of Custodial Activity was reliable in all material respects,
          except that sufficient evidence supporting the classification of itemized
          tax collections and refunds was not available. Accordingly, while we found
          that Total Collections of Federal Revenue (net) and total Transfers to
          Treasury, Net of Refund Appropriations, as reported on the Statement of
          Custodial Activity, are fairly presented in all material respects in relation
          to the financial statements taken as a whole, the classification of itemized
          collections and refunds of federal taxes presented on the statement may
          not be reliable.
      •   IRS management asserted that, except for the material weaknesses
          identified in IRS’ fiscal year 1996 Federal Managers’ Financial Integrity Act
          of 1982 (FMFIA) report, internal controls were effective in (1) safeguarding
          assets, (2) assuring material compliance with laws and regulations, and
          (3) assuring that there were no material misstatements in amounts
          reported in the financial statements. The nature of these material
          weaknesses was such that they affected our ability to render an
          unqualified opinion on IRS’ fiscal year 1996 financial statements taken as a


          1
           These Custodial Financial Statements do not report on activities related to IRS’ administrative costs
          as funded by appropriations and reimbursements from other agencies, state and local governments,
          and the public. The annual financial results relating to these administrative costs and funding are
          reported separately in IRS’ Administrative Financial Statements. Our audit report on those statements
          for fiscal year 1996 was issued in August 1997. See Financial Audit: Examination of IRS’ Fiscal Year
          1996 Administrative Financial Statements (GAO/AIMD-97-89, August 29, 1997).



          Page 6                                                       GAO/AIMD-98-18 IRS Financial Audit
                            B-277111




                            whole. Consequently, the internal controls were not effective in satisfying
                            the objectives discussed above during fiscal year 1996.
                        •   Material weaknesses in internal control and recordkeeping systems, which
                            are discussed later in this report, also precluded the tests necessary to
                            provide a basis to report on compliance with pertinent laws and
                            regulations.


                            We are unable to give an opinion on the Statement of Financial Position as
Disclaimer of Opinion       of September 30, 1996, because IRS could not provide adequate
on Statement of             documentation to support the classification of its inventory of unpaid
Financial Position          assessments as federal tax receivables and compliance assessments.

                            Because we were unable to determine the appropriateness of IRS’
                            classifications of its inventory of unpaid assessments, we were unable to
                            determine whether the amounts reported for net federal tax receivables
                            and the related allowance for doubtful accounts as reflected on the
                            Statement of Financial Position as of September 30, 1996, were fairly
                            stated. Also, because of this limitation, which affects over 95 percent of
                            the custodial assets on the Statement of Financial Position and which
                            prevented us from being able to give an opinion, we did not perform
                            testing of other line items on the Statement of Financial Position, such as
                            Frozen Tax Refunds and Credits, Tax Refunds Payable, Advances, and
                            Commitments and Contingencies.

                            As we have reported in the past2 and as discussed in a later section of this
                            report, IRS lacks an accounts receivable subsidiary ledger or other similar
                            mechanism which routinely tracks receivables individually from period to
                            period. This condition requires that IRS use alternative methods to identify
                            the amounts to be recorded as federal tax receivables on its financial
                            statements. However, these methods thus far have not provided IRS with
                            the capability to report accurate and supportable amounts for federal tax
                            receivables. Further, these methods have not provided the means
                            necessary for IRS to effectively manage and routinely monitor the status of
                            amounts owed by taxpayers. This makes it difficult to determine a
                            reasonable estimate of amounts deemed collectible and could minimize
                            the amounts IRS may ultimately be able to collect on its federal tax
                            receivables.

                            2
                             See Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101,
                            July 11, 1996); Financial Audit: Examination of IRS’ Fiscal Year 1994 Financial Statements
                            (GAO/AIMD-95-141, August 4, 1995); Financial Audit: Examination of IRS’ Fiscal Year 1993 Financial
                            Statements (GAO/AIMD-94-120, June 15, 1994); and Financial Audit: IRS Significantly Overstated Its
                            Accounts Receivable Balance (GAO/AFMD-93-42, May 6, 1993).



                            Page 7                                                      GAO/AIMD-98-18 IRS Financial Audit
                           B-277111




                           Because IRS could not provide sufficient evidence to support the
Qualified Opinion on       classification of certain itemized taxes collected and refunded, we could
Statement of               not determine if the classifications of collection and refund amounts by
Custodial Activity         tax type—for example, payroll versus corporate taxes—as reflected on the
                           Statement of Custodial Activity were reliable. Otherwise, in our opinion,
                           the Statement of Custodial Activity presents fairly, in all material respects,
                           in conformity with a comprehensive basis of accounting other than
                           generally accepted accounting principles as described in note 1, IRS’
                           custodial activities for taxes collected, refunded, and distributed.


                           We evaluated management’s assertion about the effectiveness of its
Opinion on                 internal controls designed to
Management’s
Assertion About the    •   safeguard assets against loss from unauthorized acquisition, use, or
                           disposition;
Effectiveness of       •   assure the execution of transactions in accordance with laws and
Internal Controls          regulations that have a direct and material effect on the Custodial
                           Financial Statements or are listed in Office of Management and Budget
                           (OMB) audit guidance and could have a material effect on the Custodial
                           Financial Statements; and
                       •   properly record, process, and summarize transactions to permit the
                           preparation of reliable financial statements and to maintain accountability
                           for assets.

                           IRSmanagement stated that, except for the material weaknesses in internal
                           controls presented in the agency’s fiscal year 1996 FMFIA report on
                           compliance with the internal control and accounting standards, internal
                           controls provide reasonable assurance that the following would be
                           prevented or detected for amounts material in relation to the financial
                           statements:

                       •   unauthorized acquisition, use, or disposition of assets, that could lead to
                           losses;
                       •   noncompliance with laws and regulations; and
                       •   misstatements in amounts reported in the financial statements.

                           Management made this assertion based upon criteria established under
                           FMFIA and the OMB Circular A-123, Management Accountability and Control.
                           For financial statement reporting, a material weakness is a condition that
                           precludes the entity’s internal control from providing reasonable
                           assurance that losses, noncompliance, or misstatements material in



                           Page 8                                        GAO/AIMD-98-18 IRS Financial Audit
                         B-277111




                         relation to the financial statements will be prevented or detected in a
                         timely basis.

                         The following material weaknesses, which we also found in our prior
                         audits of IRS, were reported in IRS’ FMFIA report for fiscal year 1996, with
                         the exception of the computer security issues discussed below. These
                         deficiencies in internal controls may adversely affect any decision by
                         management that is based, in whole or in part, on information that is
                         inaccurate because of the deficiencies. Our internal control work would
                         not necessarily disclose material weaknesses not reported by IRS.
                         Unaudited financial information reported by IRS may also contain
                         misstatements resulting from these deficiencies. The nature of these
                         weaknesses was such that they affected our ability to (1) render an
                         opinion on IRS’ fiscal year 1996 financial statements taken as a whole and
                         (2) conclude on IRS’ compliance with laws and regulations we tested as
                         discussed in a later section of this report. Consequently, we believe that
                         the internal controls were not effective in satisfying the objectives
                         discussed above during fiscal year 1996.


Federal Tax (Accounts)   As discussed above, IRS does not maintain an accounts receivable
Receivables              subsidiary ledger or other similar mechanism that routinely tracks
                         receivables and their related activity on an ongoing basis. Consequently,
                         IRS does not have readily available the information on receivables it needs
                         to prepare its financial statements. To compensate for this, IRS runs
                         computer programs against its masterfiles—the only detailed record of
                         taxpayer information it maintains—to identify taxpayer accounts for
                         which assessments or other debits exceed receipts received or other
                         credits made to taxpayers’ accounts. After these accounts—unpaid
                         assessments—have been identified, IRS runs computer programs that
                         utilize transaction and other codes within the masterfiles to separately
                         classify these accounts as financial receivables or compliance
                         assessments.3 Those accounts that are classified as financial receivables
                         are then evaluated on a statistical basis by IRS to estimate what amount IRS
                         ultimately believes it will collect on its receivables. The total amount
                         deemed collectible by IRS, based on a projection of its statistical sample, is
                         reported as federal tax receivables on its custodial Statement of Financial
                         Position. The difference between the amount estimated to be collectible
                         and the total amount identified as financial receivables is reported on the

                         3
                          Compliance assessments occur when IRS records an assessment to a taxpayer’s account, but the
                         taxpayer still has the right to disagree including through an appeal or in tax court. In contrast, IRS’
                         federal tax receivables on its Custodial Statement of Financial Position would consist of assessments
                         where the amounts owed have been acknowledged either by the taxpayer or a court.



                         Page 9                                                        GAO/AIMD-98-18 IRS Financial Audit
B-277111




custodial Statement of Financial Position as an allowance for doubtful
accounts.4

In our audit of IRS’ fiscal year 1995 financial statements,5 we reported that
IRS was unsuccessful in deriving reliable receivables information for use in
preparing the financial statements. We reported that errors we identified
in the transaction and other coding of assessments within the masterfiles,
coupled with mistakes IRS made in performing the statistical procedures,
resulted in IRS’ sampling results being unreliable for purposes of projecting
both the gross and net receivable amounts for financial reporting.

For our fiscal year 1996 audit, we again reviewed IRS’ process for
extracting and classifying taxpayer assessments into financial receivables
and compliance assessments. We also tested samples of assessments
classified by IRS as both financial receivables and compliance assessments
to determine whether IRS’ classifications were appropriate. To test for
proper classification, we attempted to review supporting documents in
taxpayer files, such as tax returns, receipt deposits, correspondence
between the taxpayer and IRS, and other pertinent information.

We found that IRS could not locate sufficient supporting documentation
(such as tax returns and installment agreements) for us to determine
whether IRS had properly classified its inventory of unpaid assessments as
either federal tax receivables or compliance assessments. Thus, we were
unable to determine whether IRS had appropriately recognized federal tax
receivables on the Statement of Financial Position.

IRS officials stated that the missing documents had either been destroyed
based on the agency’s record retention policies or simply could not be
located. The lack of a detailed listing, or subsidiary ledger, for receivables,
coupled with IRS not readily maintaining supporting documents on
outstanding accounts receivable, increases the risk that material amounts
may be inappropriately included or excluded from the financial
statements. Additionally, IRS’ not maintaining adequate documentation, in
many cases, to support the underlying assessments, could affect IRS’ ability
to pursue collection from taxpayers on amounts owed, resulting in lost tax
revenue, including interest and penalties, to the government.

4
 Accounts classified as compliance assessments are deemed by IRS to not meet the criteria for
recognition as receivables on the financial statements (i.e., no acknowledgement from either the
taxpayer or a court as to the amount owed). However, they are reported in the notes to the Custodial
Financial Statements.
5
 Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101,
July 11, 1996).



Page 10                                                      GAO/AIMD-98-18 IRS Financial Audit
                            B-277111




                            In an effort to address some of the concerns noted above, IRS is continuing
                            to review all individual assessments in excess of $10 million identified
                            through its computer programs as financial receivables and compliance
                            assessments to ensure their proper classification. Additionally, IRS is
                            continuing to refine its efforts to more accurately classify its unpaid
                            assessments inventory through various enhancements to the computer
                            programs it uses to classify these assessments. As part of a larger and
                            long-term effort to modernize its systems, IRS is also identifying and
                            refining the business and system requirements necessary to assess the
                            status of its unpaid assessments and manage its receivables.

                            IRS’efforts are consistent with our recommendations from prior years’
                            audits that IRS take steps to ensure that (1) in the long-term, tax system
                            modernization efforts provide for a mechanism to enable IRS to readily
                            identify and routinely track and report on the status of federal tax
                            receivables and (2) in the short-term, continue to identify ways to improve
                            the accuracy of receivables reporting through further enhancements to its
                            computer programs and detailed reviews of taxpayer accounts. (See
                            appendix I.)


Net Tax Revenue Collected   As we have reported in our prior financial audits, IRS’ custodial financial
                            management system was not designed to readily support the preparation
                            of financial statements. Specifically, IRS’ Revenue Accounting Control
                            System—its general ledger—is unable to sufficiently identify detailed tax
                            revenues collected and related refunds paid to permit the preparation of
                            its Custodial Financial Statements. For fiscal year 1995, we reported that
                            IRS had attempted to extract taxpayer information from its masterfiles to
                            support the amounts it reported as revenues on the fiscal year 1995
                            Custodial Financial Statements.6 We reported that, while IRS extracted
                            taxpayer information from its masterfiles, it could not adequately
                            reconcile this information to its general ledger and the Department of
                            Treasury’s Financial Management Service’s (FMS) records.

                            For fiscal year 1996, IRS again extracted detailed taxpayer information
                            from its masterfiles to derive the reported amounts for revenue collections
                            and refunds by tax types on the Custodial Financial Statements. IRS then
                            performed reconciliations between the information used to derive the
                            financial statements and (1) summary amounts recorded in its general
                            ledger and (2) amounts reported for tax revenues collected and refunds

                            6
                             See Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101,
                            July 11, 1996).



                            Page 11                                                    GAO/AIMD-98-18 IRS Financial Audit
                    B-277111




                    paid by FMS. We found that, for fiscal year 1996, IRS’ overall reconciliation
                    between its masterfile, general ledger, and amounts reported by FMS, in
                    total, were materially the same. Based on this, and on our detailed tests of
                    revenue collection and refund transactions, we were able to determine
                    that the total Net Collections of Federal Revenue as reported on the fiscal
                    year 1996 Statement of Custodial Activity was fairly stated in all material
                    respects in relation to the financial statements taken as a whole.

                    However, we were unable to determine whether revenue collection and
                    refund amounts reported by tax types on the financial statements were
                    properly classified. The primary reasons we were unable to make this
                    determination were because (1) IRS could not always provide
                    documentation to support certain transactions and (2) its record retention
                    policies and practices resulted in the destruction of other key documents.
                    By not maintaining the necessary documentation to support revenue
                    collection and refund activity, IRS’ ability to accurately report such activity
                    by tax type on its financial statements is significantly reduced.

                    To address its record retention problems, IRS is performing an in-depth
                    review to determine for what period, and in what form, records will be
                    retained to ensure that it has the information necessary to support tax
                    revenue collections and refunds.


Computer Security   IRS relies on computerized information systems to process and account for
                    its revenue and taxpayer data. These systems should include controls to
                    prevent or detect unauthorized access and intentional or inadvertent
                    unauthorized modifications to the data and related computer programs. In
                    our prior audits of IRS’ financial statements, we reported material
                    weaknesses in IRS’ computer security. Also, in April 1997 we reported that
                    IRS continues to have serious weaknesses in the controls used to safeguard
                    IRS computer systems, facilities and taxpayer data.7 Our review of controls,
                    done to support our audit of IRS’ fiscal year 1996 financial statements,
                    found that such controls continued to be ineffective. Many issues we
                    previously identified at five IRS sites remained unresolved at the
                    completion of our review of IRS computer security controls in May 1997.
                    These include serious weaknesses in the areas of (1) physical security,
                    (2) logical security, (3) data communications management, (4) risk
                    analysis, (5) quality assurance, (6) internal audit and security, (7) security
                    awareness, and (8) contingency planning. As a result, we consider

                    7
                     IRS Systems Security: Tax Processing Operations and Data Still at Risk Due to Serious Weaknesses
                    (GAO/AIMD-97-49, April 8, 1997).



                    Page 12                                                    GAO/AIMD-98-18 IRS Financial Audit
    B-277111




    computer security as a material weakness because IRS data or programs
    could be added, altered, or deleted and not detected in a timely manner.

    Further, we identified examples of weaknesses in our current review that
    allowed for unauthorized access and modification to computer resources,
    including computer programs and data. The more significant weaknesses
    include the following:

•   Computer support personnel were granted excessive access to read or
    change sensitive system files or resources. This access gave them the
    ability to change, alter, or delete taxpayer data and associated programs.
    Access to such data files, which include the basic operating system
    software, should be limited to the minimum number of computer support
    personnel needed for maintenance and review. For example, at one
    facility, 88 computer support personnel had the ability to implement
    programs not controlled by the security software.
•   Computer support personnel were granted inappropriate access, including
    the ability to both obtain access to data or programs and alter the
    automated audit trail that identifies who entered or changed data. The
    inherent risk in these privileges is that data or programs can be added,
    modified, or deleted and the related audit trail masked or deleted.
•   Computer support personnel access to system resources was not
    adequately monitored. Monitoring the access activities of employees,
    especially those who have the ability to alter sensitive programs and data,
    can help identify any significant problems and deter employees from
    inappropriate and unauthorized activities. IRS systems record user and
    system activity in automated audit logs. However, when thousands of
    transactions are involved, reviews cannot be effective unless reports are
    available to managers that highlight activity that is unusual or suspicious
    so that such activity can be investigated. Proper supervision of employee
    actions, especially those having broad access privileges, requires routine
    assurance concerning the propriety of their activities.
•   IRS sites had incomplete disaster recovery plans. The absence of a
    comprehensive, current plan increases the likelihood that IRS would not be
    able to restore the operations on a timely basis in the event of a local
    disaster and increases the risk of unavailability of the computerized
    information systems at IRS.
•   At one site, IRS allowed improper access to the commands used to
    authorize and generate taxpayer refund checks. Having access to
    commands would allow an individual to process a refund payment without
    review and approval by a second party. In addition, although there were
    methods available for reviewing such access, there were no monitoring



    Page 13                                      GAO/AIMD-98-18 IRS Financial Audit
                       B-277111




                       nor any review processes in place to detect improper refund transactions.
                       This increases the likelihood that a person with such privileges could
                       perform unauthorized refund activities. Further, without timely review, the
                       likelihood of identifying such incidents is decreased.


                       As discussed above, IRS could not provide adequate documentation to
Compliance With        support the classification of its inventory of unpaid assessments with
Laws and Regulations   respect to federal tax receivables, and of certain itemized taxes with
                       respect to tax collections and tax refunds. As a result, we were unable to
                       (1) determine whether federal tax receivables as reported were valid and
                       collectible, (2) determine whether tax collections and refunds were
                       properly classified within the appropriate tax class, and (3) test for
                       compliance with laws deemed significant to the financial statements.8
                       Accordingly, we are unable to report on IRS’ compliance with laws and
                       regulations.

                       When sufficient evidence to support information reported in the financial
                       statements is not available for audit, we cannot determine whether IRS
                       complied with laws and regulations deemed significant to the financial
                       statements. For example, as discussed earlier, IRS was unable to provide
                       documentation in many cases to support unpaid tax assessments.
                       Similarly, as discussed earlier, IRS was unable to provide documentation to
                       support its reporting of tax collections and refunds by tax type.
                       Consequently, in both of these cases, we were unable to determine
                       whether the transactions recorded in IRS’ accounting records complied
                       with laws and regulations.

                       However, we did note that one issue we have reported in our prior audits
                       continued to exist during fiscal year 1996. Specifically, IRS did not base its
                       certifications of excise tax amounts distributed to specific trust funds on
                       the basis of amounts actually collected. As we have reported in prior
                       audits,9 IRS based its certifications of excise tax distributions to specific
                       trust funds on the assessed amount, or amount owed, as reflected on the
                       tax returns filed by taxpayers. This is because IRS does not require
                       taxpayers to provide the necessary information at the time taxes are
                       collected to certify the distributions on the basis of amounts actually


                       8
                        These are laws and regulations that have a direct and material effect on the Custodial Financial
                       Statements or that are listed in OMB audit guidance and could have a material effect on the Custodial
                       Financial Statements.
                       9
                        See Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101,
                       July 11, 1996).



                       Page 14                                                      GAO/AIMD-98-18 IRS Financial Audit
                       B-277111




                       collected. By law, distributions of excise taxes to specific trust funds are
                       to be based on actual collections.

                       IRS  has studied various options to enable it to make final certifications of
                       amounts distributed based on actual collections and to develop the
                       underlying information needed to support such distributions. IRS has
                       finalized a methodology for addressing this issue and intends to implement
                       it in fiscal year 1998. We will assess IRS’ implementation of its proposal in
                       future audits.


                       IRS’Overview and Supplemental Information contain various data, most of
Consistency of Other   which is not directly related to the Custodial Financial Statements. We do
Information            not express an overall opinion on this information. Additionally, because
                       we were unable to express an opinion on the financial statements taken as
                       a whole due to IRS’ inability to provide sufficient evidence to support
                       amounts reported in its financial statements and the material weaknesses
                       in internal controls discussed above, we did not pursue further work on
                       this information.


                       In our prior reports, we made 30 recommendations aimed at improving IRS’
IRS’ Progress in       custodial accounting operations.10 In our assessment this year, we
Implementing GAO       determined that, to date, IRS had completed action on eight of these
Recommended            recommendations. IRS believes that it has resolved an additional 13
                       recommendations and anticipates closing the remaining nine in fiscal year
Improvements           1998. We will review IRS’ actions to resolve the 13 recommendations IRS
                       believes it has closed as part of our fiscal year 1997 financial statement
                       audit. With respect to six of the 22 recommendations, we provided more
                       specific recommendations that are contained in our April 1997 report on
                       IRS systems security.11


                       Progress has been made and actions are underway by IRS to try to resolve
                       the material weaknesses in internal controls and financial management
                       problems reported in our audits. Additional corrective actions are still
                       needed, and IRS continues to state its intention to commit the necessary

                       10
                        See Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101,
                       July 11, 1996); Financial Audit: Examination of IRS’ Fiscal Year 1994 Financial Statements
                       (GAO/AIMD-95-141, August 4, 1995); Financial Audit: Examination of IRS’ Fiscal Year 1993 Financial
                       Statements (GAO/AIMD-94-120, June 15, 1994); and Financial Audit: Examination of IRS’ Fiscal Year
                       1992 Financial Statements (GAO/AIMD-93-2, June 30, 1993).
                       11
                        IRS Systems Security: Tax Processing Operations and Data Still at Risk Due to Serious Weaknesses
                       (GAO/AIMD-97-49, April 8, 1997).



                       Page 15                                                    GAO/AIMD-98-18 IRS Financial Audit
                         B-277111




                         resources and management oversight to resolve these weaknesses. We will
                         continue to advise IRS on how to resolve these long-standing financial
                         management problems. Appendix I provides a status of IRS’
                         implementation efforts on the remaining outstanding recommendations.


                         Management is responsible for
Objectives, Scope,
and Methodology      •   preparing the annual Custodial Financial Statements in conformity with
                         the basis of accounting described in note 1;
                     •   establishing, maintaining, and assessing internal control to provide
                         reasonable assurance that the broad control objectives of FMFIA are met;
                         and
                     •   complying with applicable laws and regulations.

                         We are responsible for obtaining reasonable assurance about whether
                         (1) the Statement of Custodial Activity is reliable (free of material
                         misstatements and presented fairly, in all material respects, in conformity
                         with the basis of accounting described in note 1), and (2) management’s
                         assertion about the effectiveness of internal controls is fairly stated, in all
                         material respects, based upon criteria established under the Federal
                         Managers’ Financial Integrity Act of 1982 and the Office of Management
                         and Budget Circular A-123, Management Accountability and Control.

                         In order to fulfill these responsibilities, we

                     •   examined, on a test basis, evidence supporting the amounts in the
                         Statement of Custodial Activity and related disclosures;
                     •   assessed the accounting principles used and significant estimates made by
                         management in the preparation of the Statement of Custodial Activity;
                     •   evaluated the overall presentation of the Statement of Custodial Activity;
                     •   obtained an understanding of the internal control structure related to
                         safeguarding assets, compliance with laws and regulations, and financial
                         reporting, except in the above-noted areas where IRS was unable to
                         provide sufficient evidence to support amounts reported in its financial
                         statements; and
                     •   tested relevant internal controls over safeguarding, compliance, and
                         financial reporting and evaluated management’s assertion about the
                         effectiveness of internal controls, except in the above-noted areas where
                         IRS was unable to provide sufficient evidence to support amounts reported
                         in its financial statements.




                         Page 16                                          GAO/AIMD-98-18 IRS Financial Audit
                     B-277111




                     We did not evaluate all internal controls relevant to operating objectives as
                     broadly defined by FMFIA, such as those controls relevant to preparing
                     statistical reports and ensuring efficient operations. We limited our
                     internal control testing to those controls necessary to achieve the
                     objectives outlined in our opinion on management’s assertion about the
                     effectiveness of internal controls.

                     We attempted to perform audit procedures on the limited information IRS
                     provided; however, for the reasons stated above, we were unable to
                     perform the necessary audit procedures to opine on IRS’ Custodial
                     Statement of Financial Position or report on IRS’ compliance with laws and
                     regulations.

                     We did our work in accordance with generally accepted government
                     auditing standards and OMB Bulletin 93-06, Audit Requirements for Federal
                     Financial Statements.



                     In commenting on a draft of this report, IRS stated that its ability to obtain
Agency Comments      a qualified opinion on its Statement of Custodial Activity was a significant
and Our Evaluation   accomplishment. IRS also reaffirmed its commitment to improving its
                     revenue reporting and to developing a revenue accounting system that will
                     address the shortcomings cited in this report.

                     IRSstated that it generally agreed with the findings and conclusions in this
                     report; however, it questioned our inability to express an opinion on the
                     financial statements taken as a whole because of concerns with internal
                     controls. IRS officials based that view on their interpretation of auditing
                     standards. In referring to these standards, IRS stated that internal control
                     weaknesses do not preclude rendering an opinion on the financial
                     statements since the assessment of internal controls is performed to
                     determine the extent of reliance that can be placed on internal controls
                     and hence the nature, timing, and extent of substantive testing required.

                     While this statement is conceptually correct, the nature of one of the
                     significant internal control weaknesses discussed in this
                     report—specifically the lack of supporting documentation—prevented us
                     from substantiating significant line items on IRS’ financial statements. In
                     planning the fiscal year 1996 audit, we had to consider the weak internal
                     control environment at IRS and, in fact, designed our audit procedures
                     based on the assumption that we could not rely on internal controls. This



                     Page 17                                       GAO/AIMD-98-18 IRS Financial Audit
B-277111




resulted in our having to increase the level of testing necessary to support
our opinion. However, the lack of sufficient evidence to support (1) the
validity of amounts included in its tax accounts receivable and
(2) classifications of receipts and refunds by tax class precluded us from
being able to opine on the financial statements taken as a whole. As
discussed in this report, among the basic documents that IRS could not
locate and, therefore, were not available to us were tax returns and other
agreements which are typically generated or signed by the taxpayer. As a
result, we were unable to verify the amounts reported in the financial
statements for taxes receivable and receipts and refunds by tax class,
which are material to the financial statements taken as a whole, and to
report on IRS’ compliance with laws and regulations. The existence of an
audit trail to substantiate transactions is fundamental to good accounting
practices, and appropriate documentation is necessary to permit audit
assurance absent other means to validate these transactions. Further,
while IRS believes it provided enough alternative supporting
documentation for the majority of tax accounts receivable cases where it
could not obtain supporting documentation, we considered the
alternatives provided and found that they were unacceptable. Specifically,
we found that the information that was generated from IRS systems could
not be corroborated with sources external to IRS.

While acknowledging that material internal control and system
weaknesses related to tax accounts receivable existed, IRS disagreed that
these weaknesses would impact its ability to effectively manage and
routinely monitor the status of amounts owed by taxpayers or its ability to
pursue collection. We disagree. As we reported in prior years,12 improved
internal controls and systems would allow IRS to more effectively manage
its tax accounts receivable. For example, IRS could better manage its
collection efforts if it had readily available detailed subsidiary records of
collection activity to augment data used to establish collection priorities.




12
  We initially raised this matter in our report entitled Financial Audit: IRS Significantly Overstated its
Accounts Receivable Balance (GAO/AFMD-93-42, May 6, 1993). We have continued to include this
issue in our high risk series of reports focusing on IRS management challenges, High Risk Series: IRS
Management (GAO/HR-97-8, February 1997).



Page 18                                                         GAO/AIMD-98-18 IRS Financial Audit
B-277111




Also, not having available relevant supporting documentation, such as tax
returns filed and collection files, can impact the collection process when
taxpayers dispute amounts owed.




Jeffrey C. Steinhoff
Director of Planning and
  Reporting

August 8, 1997




Page 19                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




               Page 20            GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 21                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 22                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 23                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 24                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 25                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 26                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 27                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 28                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 29                                      GAO/AIMD-98-18 IRS Financial Audit
            Principal Financial Statements - Custodial




Unaudited




            Page 30                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 31                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 32                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




             Page 33                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




             Page 34                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




Unaudited.




             Page 35                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




Unaudited.




Unaudited.




             Page 36                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




Unaudited.




Unaudited.




Unaudited.




             Page 37                                      GAO/AIMD-98-18 IRS Financial Audit
             Principal Financial Statements - Custodial




Unaudited.




Unaudited.




             Page 38                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 39                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 40                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 41                                      GAO/AIMD-98-18 IRS Financial Audit
Principal Financial Statements - Custodial




Page 42                                      GAO/AIMD-98-18 IRS Financial Audit
Appendix I

Reports Issued as a Result of GAO’s Audits
of IRS’ Fiscal Years 1992 Through 1995
Financial Statements and Status of
Custodial Recommendations
                                                The results of our efforts to audit IRS’ fiscal year 1992, 1993, 1994, and 1995
                                                Principal Financial Statements were presented in our reports entitled
                                                Financial Audit: Examination of IRS’ Fiscal Year 1992 Financial Statements
                                                (GAO/AIMD-93-2, June 30, 1993), Financial Audit: Examination of IRS’ Fiscal
                                                Year 1993 Financial Statements (GAO/AIMD-94-120, June 15, 1994), Financial
                                                Audit: Examination of IRS’ Fiscal Year 1994 Financial Statements
                                                (GAO/AIMD-95-141, August 4, 1995), and Financial Audit: Examination of IRS’
                                                Fiscal Year 1995 Financial Statements (GAO/AIMD-96-101, July 11, 1996).

                                                In these prior reports, we made numerous recommendations to improve
                                                IRS’custodial accounting operations. We determined the status of
                                                recommendations based on our audit work on IRS’ fiscal year 1996
                                                Custodial Financial Statements and on our discussions with IRS officials.
                                                Our assessments of IRS’ actions for several recommendations are
                                                discussed in the report. However, we have not fully assessed the
                                                effectiveness of all of the responses identified in the following table.


                                                                                                         Action in
                                                                                                         planning    No specific
                                                                              Action     Action in    or planning         action
Reports/recommendations                                                     complete     progress       complete        planned
Financial Audit: IRS Significantly Overstated Its Accounts
Receivable (GAO/AFMD-93-42, May 6, 1993)
Provide the IRS Chief Financial Officer authority to ensure that IRS              X
accounting system development efforts meet its financial reporting
needs. At a minimum, the Chief Financial Officer’s approval of related
system designs should be required.
Take steps to ensure the accuracy of the balances reported in IRS                                X
financial statements. In the long term, this will require modifying IRS
systems so that they are capable of (1) identifying which assessments
currently recorded in the Master File System represent valid
receivables and (2) designating new assessments that should be
included in the receivables balance as they are recorded. Until these
capabilities are implemented, IRS should rely on statistical sampling to
determine what portion of its assessments represent valid receivables.
Clearly designate the Chief Financial Officer as the official responsible         X
for coordinating the development of performance measures related to
receivables and for ensuring that IRS financial reports conform with
applicable accounting standards.
                                                                                                                      (continued)




                                                Page 43                                        GAO/AIMD-98-18 IRS Financial Audit
                                                Appendix I
                                                Reports Issued as a Result of GAO’s Audits
                                                of IRS’ Fiscal Years 1992 Through 1995
                                                Financial Statements and Status of
                                                Custodial Recommendations




                                                                                                            Action in
                                                                                                            planning     No specific
                                                                                Action       Action in   or planning          action
Reports/recommendations                                                       complete       progress      complete         planned
Modify the IRS methodology for assessing the collectibility of its                                                                 X
receivables by

—including only valid accounts receivable in the analysis;
—eliminating, from the gross receivables balance, assessments
determined to have no chance of being collected;
—including an analysis of individual taxpayer accounts to assess their
ability to pay;
—basing group analyses on categories of assessments with similar
collection risk characteristics; and
—considering current and forecast economic conditions, as well as
historical collection data, in analyses of groups of assessments.

Once the appropriate data are accumulated, IRS may use modeling to
analyze collectibility of accounts on a group basis, in addition to
separately analyzing individual accounts. Such modeling should
consider factors that are essential for estimating the level of losses,
such as historical loss experience, recent economic events, and
current and forecast economic conditions. In the meantime, statistical
sampling should be used as the basis for both individual and group
analyses.
IRS Information Systems: Weaknesses Increase Risk of Fraud and
Impair Reliability of Management Information (GAO/AIMD-93-34,
September 22, 1993)
Limit access authorizations for individual employees to only those                                 Xa
computer programs and data needed to perform their duties and
periodically review these authorizations to ensure that they remain
appropriate.
Monitor efforts to develop a computerized capability for reviewing user                            Xa
access activity to ensure that it is effectively implemented.
Establish procedures for reviewing the access activity of unit security                            Xa
representatives.
Use the security features available in IRS’ operating systems software                              X
to enhance system and data integrity.
Require that programs developed and modified at IRS headquarters be                                 X
controlled by a program librarian responsible for (1) protecting such
programs from unauthorized changes including recording the time,
date, and programmer for all software changes, and (2) archiving
previous versions of programs.
Establish procedures requiring that all computer program modifications                 X
be considered for independent quality assurance review.
Formally analyze Martinsburg Computing Center’s computer                               X
applications to ensure that critical applications have been properly
identified for purposes of disaster recovery.
Test the disaster recovery plan.                                                                   Xa
                                                                                                                          (continued)




                                                Page 44                                            GAO/AIMD-98-18 IRS Financial Audit
                                                Appendix I
                                                Reports Issued as a Result of GAO’s Audits
                                                of IRS’ Fiscal Years 1992 Through 1995
                                                Financial Statements and Status of
                                                Custodial Recommendations




                                                                                                            Action in
                                                                                                            planning     No specific
                                                                                Action       Action in   or planning          action
Reports/recommendations                                                       complete       progress      complete         planned
Monitor service center practices regarding the development,                                        Xa
documentation, and modification of locally developed software to
ensure that such software use is adequately controlled.
Review the current card key access system in the Philadelphia Service                  X
Center to ensure that only users who need access to the facilities
protected by the system have access and that authorized users each
have only one unique card key.
Establish physical controls in the Philadelphia Service Center to protect                          Xa
computers with access to sensitive data that are not protected by
software access controls.
Financial Management: Important IRS Revenue Information Is
Unavailable or Unreliable (GAO/AIMD-94-22, December 21, 1993)
Develop a method to determine specific taxes collected by trust fund                                X
so that the difference between amounts assessed and amounts
collected is readily determinable and excise tax receipts can be
distributed as required by law. This could be done by obtaining
specific payment detail from the taxpayer, consistent with our April
1993 FTD report. Alternatively, IRS might consider whether allocating
payments to specific taxes based on the related taxpayer returns is a
preferable method.
Determine the trust fund revenue information needs of other agencies                                X
and provide such information, as appropriate. If IRS is precluded by
law from providing needed information, IRS should consider proposing
legislative changes.
Identify reporting information needs, develop related sources of reliable                           X
information, and establish and implement policies and procedures for
compiling this information. These procedures should describe any
(1) adjustments that may be needed to available information and
(2) analyses that must be performed to determine the ultimate
disposition and classification of amounts associated with in-process
transactions and amounts pending investigation and resolution.
Establish detailed procedures for (1) reviewing manual entries to the                  X
general ledger to ensure that they have been entered accurately and
(2) subjecting adjusting entries to supervisory review to ensure that
they are appropriate and authorized.
Monitor implementation of actions to reduce the errors in calculating                               X
and reporting manual interest, and test the effectiveness of these
actions.
Give a priority to the IRS efforts that will allow for earlier matching of                          X
income and withholding information submitted by individuals and third
parties.
                                                                                                                          (continued)




                                                Page 45                                            GAO/AIMD-98-18 IRS Financial Audit
                                              Appendix I
                                              Reports Issued as a Result of GAO’s Audits
                                              of IRS’ Fiscal Years 1992 Through 1995
                                              Financial Statements and Status of
                                              Custodial Recommendations




                                                                                                                     Action in
                                                                                                                     planning        No specific
                                                                                  Action           Action in      or planning             action
Reports/recommendations                                                         complete           progress         complete            planned
Financial Audit: Examination of IRS’ Fiscal Year 1993 Financial
Statements (GAO/AIMD-94-120, June 15, 1994)
Tax Collection Activities
Ensure that system development efforts provide reliable, complete,                                          X
timely, and comprehensive information with which to evaluate the
effectiveness of its enforcement and collection programs.
Establish and implement procedures to analyze the impact of                                                 X
abatements on the effectiveness of assessments from IRS’ various
collection programs.
Reconcile detailed revenue transactions for individual taxpayers to the                                     X
master file and general ledger.
Establish and implement procedures to proactively identify errors that                                      X
occur during processing of data, and design and implement improved
systems and controls to prevent or detect such errors in the future.
Seized Assets
Develop and implement systems and standard operating procedures                                             X
that incorporate controls to ensure that seized asset inventory records
are accurately maintained, which include
Establishing specific procedures to ensure the prompt and accurate                       X
recording of seizures and disposals, including guidance addressing
the valuation of seized assets;
Reconciling accounting and inventory records monthly as an interim                                          X
measure until the successful integration of inventory and accounting
systems is completed; and
Implementing mechanisms for ensuring that annual physical                                                   X
inventories at field locations are effectively performed, that
discrepancies are properly resolved, and that inventory records are
appropriately adjusted.
Determine what information related to seized assets, such as proceeds                    X
and liens and other encumbrances, would be most useful to IRS
managers for financial management purposes and develop a means
for accounting for these data.

                                              a
                                               With respect to this recommendation, we provided more specific recommendations that are
                                              contained in our report, IRS Systems Security: Tax Processing Operations and Data Still at Risk
                                              Due to Serious Weaknesses (GAO/AIMD-97-49, April 8, 1997).




                                              Page 46                                                     GAO/AIMD-98-18 IRS Financial Audit
Appendix II

Comments From the Internal Revenue
Service




See comment 1.




                 Page 47      GAO/AIMD-98-18 IRS Financial Audit
                 Appendix II
                 Comments From the Internal Revenue
                 Service




See comment 1.




See comment 1.




See comment 1.




                 Page 48                              GAO/AIMD-98-18 IRS Financial Audit
Appendix II
Comments From the Internal Revenue
Service




Page 49                              GAO/AIMD-98-18 IRS Financial Audit
                Appendix II
                Comments From the Internal Revenue
                Service




                The following is GAO’s comment on the Commissioner of IRS’ letter dated
                November 26, 1997.


                1. Discussed in “Agency Comments and Our Evaluation” section.
GAO’s Comment




(919054)        Page 50                                     GAO/AIMD-98-18 IRS Financial Audit
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov




PRINTED ON    RECYCLED PAPER
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested