oversight

Financial Audit: IRS's Fiscal Years 2012 and 2011 Financial Statements

Published by the Government Accountability Office on 2012-11-09.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                United States Government Accountability Office

GAO             Report to the Secretary of the Treasury




                FINANCIAL AUDIT
November 2012




                IRS’s Fiscal Years
                2012 and 2011
                Financial Statements




GAO-13-120
                                               November 2012

                                               FINANCIAL AUDIT
                                               IRS’s Fiscal Years 2012 and 2011 Financial
                                               Statements
Highlights of GAO-13-120, a report to the
Secretary of the Treasury




Why GAO Did This Study                         What GAO Found
In accordance with the authority               In GAO’s opinion, the Internal Revenue Service’s (IRS) fiscal years 2012 and
granted by the Chief Financial Officers        2011 financial statements are fairly presented in all material respects. However,
Act of 1990, GAO annually audits the           in GAO’s opinion, IRS did not maintain effective internal control over financial
financial statements of IRS to                 reporting as of September 30, 2012, because of a material weakness in internal
determine whether (1) the financial            control over unpaid tax assessments. In addition, GAO found that IRS’s financial
statements are fairly presented and            management systems were not in substantial compliance with Federal Financial
(2) IRS management maintained                  Management Improvement Act of 1996 (FFMIA) requirements because of the
effective internal control over financial      systems issues underlying the material weakness. GAO also found no reportable
reporting. GAO also tests IRS’s
                                               instances of noncompliance in fiscal year 2012 with provisions of the laws and
compliance with selected provisions of
                                               regulations it tested.
significant laws and regulations and its
financial systems’ compliance with             During fiscal year 2012, IRS continued to make important progress in addressing
FFMIA.                                         its deficiencies in internal control. Specifically, based on IRS’s success in
IRS’s tax collection activities are            addressing numerous deficiencies in its information security controls over its
significant to overall federal receipts,       financial reporting systems, GAO considers information security, previously
and the effectiveness of its financial         reported as a long-standing material weakness, to be a significant deficiency that
management is of substantial interest          warrants the attention of those charged with governance of IRS. In addition, a
to Congress and taxpayers.                     significant reduction in the magnitude of manual refunds, coupled with the
                                               expiration of the First-time Homebuyer Credit program and resultant decrease in
What GAO Recommends                            the number of related claims, led GAO to conclude that the deficiencies in
Based on prior financial statement             internal control over refunds no longer constitute a significant deficiency. GAO
audits, GAO made numerous                      also concluded that for the first time since fiscal year 1999, there was no
recommendations to IRS to address              reportable noncompliance by IRS with laws applicable to release of tax liens
internal control deficiencies. GAO will        because of improvements IRS made in related processes.
continue to monitor and will report            The material weakness in internal control over unpaid tax assessments was
separately on IRS’s progress in
                                               primarily caused by financial system limitations and data entry errors that
implementing the recommendations
                                               necessitated the use of a compensating statistical estimation process rather than
that remain open, as well as any
recommended actions to address the             the summation of individual account balances to determine the amount of taxes
new internal control deficiencies              receivable, the most material asset on IRS’s balance sheet. Serious control
identified in this year’s audit.               deficiencies over unpaid tax assessments are likely to continue to exist until IRS
                                               (1) significantly enhances or replaces the software applications it uses to
In commenting on a draft of this report,       maintain the subsidiary taxpayer information necessary to support its unpaid tax
IRS stated that it would continue to           assessment amounts and (2) remedies the deficiencies that continue to result in
increase its focus on information              significant errors in taxpayer accounts.
security and internal controls while
improving financial reporting.                 In addition to its internal control deficiencies, IRS faces significant ongoing
                                               financial management challenges arising from its continued need to safeguard
                                               the large volume of sensitive hard copy taxpayer receipts and related information
                                               and to address its exposure to significant improper refunds based on identity
                                               theft. Sustained management efforts will be necessary to maintain and build on
                                               the progress made to date and to fully address IRS’s remaining internal controls
                                               and systems deficiencies as well as its financial management challenges.


View GAO-13-120. For more information,
contact Cheryl E. Clark at (202) 512-3406 or
clarkce@gao.gov.




                                                                                       United States Government Accountability Office
Contents


Letter                                                                                                        1

Independent Auditor’s Report                                                                                  3
                               Opinion on the Financial Statements                                            4
                               Opinion on Internal Control                                                    5
                               Compliance with Laws and Regulations                                          13
                               Systems’ Compliance with FFMIA Requirements                                   14
                               Required Supplementary Information                                            15
                               Other Information                                                             16
                               Other Financial Management Challenges                                         16
                               Objectives, Scope, and Methodology                                            18
                               Agency Comments and Our Evaluation                                            21

Management Discussion and Analysis                                                                           23



Financial Statements                                                                                         60



Required Supplementary Information                                                                           87



Other Accompanying Information                                                                               91



Appendix I                     Management’s Report on Internal Control over Financial
                               Reporting                                                                   102



Appendix II                    Comments from the Internal Revenue Service                                  103




                               Page i            GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Abbreviations

CFO               Chief Financial Officer
FASAB             Federal Accounting Standards Advisory Board
FFMIA             Federal Financial Management Improvement Act of 1996
FMFIA             Federal Managers’ Financial Integrity Act of 1982
FTHBC             First-time Homebuyer Credit
IRS               Internal Revenue Service
MD&A              Management Discussion and Analysis
OMB               Office of Management and Budget
RSI               Required Supplementary Information
USSGL             United States Standard General Ledger




This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.




Page ii                  GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
United States Government Accountability Office
Washington, DC 20548




                                   November 9, 2012

                                   The Honorable Timothy F. Geithner
                                   Secretary of the Treasury

                                   Dear Mr. Secretary:

                                   The accompanying report presents the results of our audit of the fiscal
                                   years 2012 and 2011 financial statements of the Internal Revenue
                                   Service (IRS). Specifically, we found
                                   •   the financial statements are presented fairly, in all material respects,
                                       in conformity with U.S. generally accepted accounting principles;
                                   •   IRS’s internal control over financial reporting was not effective as of
                                       September 30, 2012, because of a continuing material weakness in
                                       internal control over unpaid tax assessments;
                                   •   no reportable noncompliance in fiscal year 2012 with the laws and
                                       regulations we tested; and
                                   •   IRS’s financial management systems were not in substantial
                                       compliance with the requirements of the Federal Financial
                                       Management Improvement Act of 1996 as of September 30, 2012,
                                       because of systems-related issues underlying the material weakness
                                       associated with unpaid tax assessments.

                                   Our audit also found that based on IRS’s success in addressing
                                   numerous deficiencies in its information security controls over its financial
                                   reporting systems, we consider information security, previously reported
                                   as a long-standing material weakness, to be a significant deficiency in
                                   internal control over financial reporting systems. In addition, because of
                                   the significant reduction in the dollar magnitude of manual refunds and
                                   the expiration of the First-time Homebuyer Credit program, we also
                                   determined that the deficiencies in internal control over refunds no longer
                                   constitute a significant deficiency. Further, because of IRS’s actions to
                                   improve the timeliness of its lien releases, we no longer consider this area
                                   to represent a reportable noncompliance with the applicable law. Our
                                   report also discusses ongoing financial management challenges that IRS
                                   faces related to safeguarding hard copy taxpayer receipts and information
                                   and its exposure to significant improper refunds based on identity theft.

                                   We performed our audit in accordance with authority granted by the Chief
                                   Financial Officers Act of 1990, as expanded by the Government
                                   Management Reform Act of 1994.



                                   Page 1                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
We are sending copies of this report to the Chairman and Vice Chairman
of the Joint Committee on Taxation, the Chairmen and Ranking Members
of the Senate Committee on Finance and the House Committee on Ways
and Means, and other interested congressional committees and
subcommittees. We are also sending copies of this report to the
Commissioner of Internal Revenue, the Director of the Office of
Management and Budget, the Chairman of the IRS Oversight Board, and
other interested parties. In addition, the report is available at no charge on
the GAO website at http://www.gao.gov.

If you have any questions concerning this report, please contact me at
(202) 512-3406 or clarkce@gao.gov. Contact points for our Offices of
Congressional Relations and Public Affairs may be found on the last page
of this report.




Cheryl E. Clark
Director
Financial Management and Assurance




Page 2                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
United States Government Accountability Office
Washington, DC 20548




                                                             Independent Auditor’s Report

                                   To the Commissioner of Internal Revenue

                                   We conducted our audit of the financial statements of the Internal
                                   Revenue Service (IRS) in accordance with our authority granted by the
                                   Chief Financial Officers (CFO) Act of 1990, as expanded by the
                                   Government Management Reform Act of 1994. 1

                                   In our audit of IRS’s financial statements for fiscal years 2012 and 2011,
                                   we found
                                   •   the financial statements are presented fairly, in all material respects,
                                       in conformity with U.S. generally accepted accounting principles;
                                   •   IRS’s internal control over financial reporting was not effective as of
                                       September 30, 2012;
                                   •   no reportable noncompliance in fiscal year 2012 with the provisions of
                                       laws and regulations we tested; and
                                   •   IRS’s financial management systems were not in substantial
                                       compliance with the requirements of the Federal Financial
                                       Management Improvement Act of 1996 (FFMIA) as of September 30,
                                       2012. 2

                                   The following sections discuss in more detail (1) these conclusions;
                                   (2) required supplementary information (RSI) and other information
                                   included with the financial statements; (3) other significant financial




                                   1
                                     See the CFO Act of 1990, Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990), codified,
                                   in relevant part, as amended, at 31 U.S.C. § 3521(g); see also the Government
                                   Management Reform Act of 1994, Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994),
                                   codified, in relevant part, as amended, at 31 U.S.C. § 3515(c). Under the authority of
                                   31 U.S.C. § 3515, the Office of Management and Budget (OMB) requires IRS to issue
                                   annual audited financial statements that are separate from those of the Department of the
                                   Treasury. Although the CFO Act designates the agency’s inspector general, or, where
                                   applicable, an independent external auditor, as the responsible auditor of an agency’s
                                   financial statements, the act also gives GAO the authority to perform such audits at its
                                   discretion. Based on that authority, we audit IRS’s financial statements because of the
                                   significance of IRS’s tax collections to the consolidated financial statements of the U.S.
                                   government, which GAO is required to audit. See 31 U.S.C. § 331 (e)(2).
                                   2
                                    Pub. L. No. 104-208, div. A, § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30,
                                   1996).




                                   Page 3                    GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                       management challenges confronting IRS; (4) our audit objectives, scope,
                       and methodology; and (5) IRS’s comments on a draft of this report.


                       IRS’s financial statements, including the accompanying notes, present
Opinion on the         fairly, in all material respects, in conformity with U.S. generally accepted
Financial Statements   accounting principles, IRS’s assets, liabilities, and net position as of
                       September 30, 2012 and 2011, and its net costs, changes in net position,
                       budgetary resources, and custodial activity for the fiscal years then
                       ended.

                       However, misstatements may nevertheless occur in other unaudited
                       financial information reported by IRS and not be detected as a result of
                       the deficiencies in internal control described in this report.

                       In accordance with federal accounting standards, the financial statements
                       do not include an estimate of the dollar amount of taxes that are owed the
                       federal government but have not been reported by taxpayers or identified
                       through IRS’s enforcement programs, often referred to as the tax gap, nor
                       do they include information on tax expenditures. 3 Further detail
                       discussing the tax gap and tax expenditures, as well the associated dollar
                       amounts, are discussed in Other Accompanying Information included with
                       the financial statements.




                       3
                         The estimated magnitude of the tax gap is based on a study conducted to measure the
                       compliance rate of taxpayers based on an examination of a statistical sample of tax
                       returns filed for tax year 2006. Tax expenditures represent the amount of revenue that the
                       government forgoes resulting from federal tax law provisions that (1) allow a special
                       exclusion, exemption, or deduction from gross income, or (2) provide a special credit,
                       preferential rate, or deferred tax liability.




                       Page 4                   GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                      Because of the material weakness 4 in internal control over unpaid tax
Opinion on Internal   assessments discussed below, 5 IRS did not maintain, in all material
Control               respects, effective internal control over financial reporting as of
                      September 30, 2012, and thus did not provide reasonable assurance that
                      losses and misstatements that were material in relation to the financial
                      statements would be prevented or detected and corrected on a timely
                      basis. Our opinion is based on criteria established under 31 U.S.C. sec.
                      3512 (c), (d), commonly known as the Federal Managers’ Financial
                      Integrity Act of 1982 (FMFIA).

                      In each of our previous audits of IRS’s financial statements, we have
                      reported a material weakness in internal control over IRS’s financial
                      reporting systems. 6 Based, in part, on our recommendations, IRS has
                      taken significant actions over the years to strengthen its internal control in
                      this important area. As a result of IRS’s efforts to address many of the
                      deficiencies we previously found in its internal control over its financial
                      reporting systems, and the continuing improvements we found during our
                      fiscal year 2012 audit, we concluded that this long-standing weakness in
                      financial reporting systems is no longer a material weakness. However,
                      the remaining control deficiencies, along with the new deficiencies that we
                      identified during this year’s audit concerning IRS’s financial reporting



                      4
                        A material weakness is a deficiency, or a combination of deficiencies, in internal control
                      such that there is a reasonable possibility that a material misstatement of the entity’s
                      financial statements will not be prevented, or detected and corrected on a timely basis. A
                      deficiency in internal control exists when the design or operation of a control does not
                      allow management or employees, in the normal course of performing their assigned
                      functions, to prevent or detect and correct misstatements on a timely basis. Materiality
                      represents the magnitude of an omission or misstatement of an item in a financial report
                      that when considered in light of surrounding circumstances, makes it probable that the
                      judgment of a reasonable person relying on the information would have been changed or
                      influenced by the inclusion or correction of the item.
                      5
                        An unpaid tax assessment is a legally enforceable claim against a taxpayer and consists
                      of taxes, penalties, and interest that have not been collected or abated (a reduction in a
                      tax assessment).
                      6
                        Financial reporting systems are information systems that process and report a
                      quantitatively material dollar amount of the transactions included in agency internal and
                      external financial reports during a reporting period. The scope of our audit includes those
                      financial reporting systems that affect the financial statements upon which we opine. The
                      assessment of the significance of a deficiency in the internal control over such a system
                      may be elevated if it also exhibits qualitative characteristics, such as processing (1) an
                      inordinately large volume of financial transactions or (2) related sensitive information, the
                      safeguarding of which is a matter of substantial concern to financial statement users.




                      Page 5                    GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
systems, while not considered a material weakness, are important
enough to merit the attention of those charged with governance of IRS.
Therefore, we considered these remaining and new issues affecting IRS’s
internal control over financial reporting systems collectively to be a
significant deficiency 7 in internal control in fiscal year 2012. This
significant deficiency is discussed in more detail later in this report.

In our fiscal year 2011 and 2010 audits of IRS, we reported a significant
deficiency in internal control over tax refund disbursements. This
significant deficiency primarily consisted of a combination of deficiencies
in IRS’s internal control over the processing of manual tax refunds 8 and
the processing of First-time Homebuyer Credit (FTHBC) claims, 9 coupled
with the material magnitude of manual tax refunds disbursed (over
$112 billion in fiscal year 2010 when we first reported this issue). Over the
past couple of years, IRS has made operational changes that have
significantly reduced the dollar amount of manual tax refunds disbursed.
In fiscal year 2012, such disbursements totaled about $39 billion (down
by over 65 percent compared to fiscal year 2010). In addition, the FTHBC
program has expired, and the magnitude of the program’s related refund
disbursements was not significant in fiscal year 2012. During our fiscal
year 2012 audit, we continued to find deficiencies in internal control over
IRS’s processing of tax refunds similar to those we found in previous
audits; however, because of the significant decrease in the dollar amount
of manual tax refunds and FTHBC refunds disbursed during fiscal year
2012, we have determined that the deficiencies in internal control over


7
  A significant deficiency is a deficiency, or a combination of deficiencies, in internal
control that is less severe than a material weakness, yet important enough to merit the
attention of those charged with governance.
8
 The preponderance of tax refunds are disbursed to taxpayers automatically by IRS’s
automated systems once a tax return is posted to the taxpayer’s account and an
overpayment to IRS is identified and calculated. However, tax refunds meeting certain
defined criteria, such as those exceeding $10 million in dollar amount, are subject to
manual review before disbursement and are known as manual tax refunds.
9
  The First-time Homebuyer Credit is codified, as amended, at 26 U.S.C. § 36. The
Worker, Homeownership and Business Assistance Act of 2009 (Public Law 111-92, sec.
11(f)), as amended by the Homebuyer Assistance and Improvement Act of 2010 (Public
Law 111-198, sec. 2), enacted a new 26 U.S.C. § 36(h)(3), which established a longer
availability period for claiming the first-time homebuyer credit for individuals on qualified
official extended duty outside the United States (Section 36(h)(3) Buyers). Although the
credit for Section 36(h)(3) Buyers expired on April 30, 2011, those Section 36(h)(3) Buyers
who entered into a binding contract before May 1, 2011, had until June 30, 2011, to close
on the purchase of their principal residence.




Page 6                    GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                         refunds no longer constitute a significant deficiency as of September 30,
                         2012.

                         Despite its material weakness in internal control, IRS was able to prepare
                         financial statements that were fairly presented in all material respects for
                         fiscal years 2012 and 2011. However, the material weakness in IRS’s
                         internal control over unpaid tax assessments may adversely affect any
                         decisions by IRS’s management that are based, in whole or in part, on
                         information that is inaccurate because of this weakness. The issues
                         constituting the material weakness over unpaid tax assessments were
                         also encompassed in the material weaknesses disclosed in IRS’s fiscal
                         year 2012 (1) FMFIA assurance statement to the Department of the
                         Treasury and (2) Management’s Report on Internal Control over Financial
                         Reporting. We considered this material weakness in determining the
                         nature, timing, and extent of our audit procedures on IRS’s fiscal years
                         2012 and 2011 financial statements. We caution that misstatements may
                         occur and may not be detected by our tests and that such testing may not
                         be sufficient for other purposes.

                         In addition to the material weakness and significant deficiency in internal
                         control noted above and described in greater detail below, we also
                         identified several other deficiencies in IRS’s system of internal control that
                         we do not consider to be material weaknesses or significant deficiencies
                         yet are important enough to warrant the attention of management. We
                         have communicated these other internal control deficiencies to IRS
                         management informally and, as appropriate, will be reporting them to IRS
                         separately at a later date, along with recommendations for corrective
                         action.


Material Weakness in     During our fiscal year 2012 audit, we continued to identify the same
Internal Control over    deficiencies in IRS’s internal control over unpaid tax assessments that we
Unpaid Tax Assessments   reported on in prior audits. Specifically, we continued to find control
                         deficiencies that caused errors in unpaid tax assessment amounts
                         resulting from IRS’s inability to (1) rely on its general ledger system for tax
                         transactions and underlying subsidiary records to report federal taxes
                         receivable, compliance assessments, and write-offs in accordance with
                         federal accounting standards without significant compensating




                         Page 7                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
procedures; 10 (2) trace reported balances for taxes receivable from its
general ledger to underlying source documents; and (3) effectively
prevent or timely detect and correct errors in taxpayer accounts. During
this year’s audit, we also found a new deficiency in this area concerning
IRS’s process for determining its federal taxes receivable balance.

As we have reported in prior years, 11 IRS’s software applications are not
designed to provide the accurate, complete, and timely transaction-level
financial information necessary to enable IRS to reliably classify and
report transaction-by-transaction unpaid tax assessment balances in
accordance with federal accounting standards. IRS processing errors and
delays also contributed to misclassified unpaid tax assessment balances.
To compensate for these deficiencies, IRS applies a statistical sampling
and estimation process to data extracted from its master files to estimate
the balances of (1) taxes receivable reported in its financial statements—
which made up over 80 percent of total assets reported on its fiscal year
2012 balance sheet—and RSI and (2) compliance assessments and
write-offs reported in RSI. 12 IRS then adjusts the gross taxes receivable
balance in its general ledger based on the results of this estimation
process, which for fiscal year 2012 resulted in a significant adjustment of
$14 billion. While IRS adjusts the gross taxes receivable balance in its
general ledger based on the results of this estimation process, IRS could
not trace adjusted account balances to its detailed supporting records.
Specifically, because the adjusted tax receivable balance is the product of
a statistical estimation process, IRS is not able to (1) identify which
taxpayers owe the tax debts summarized in the gross taxes receivable
balance or how much each one owes or (2) trace transactions from the


10
   Federal accounting standards classify unpaid tax assessments into one of the following
three categories for reporting purposes: federal taxes receivable, compliance
assessments, and write-offs. Federal taxes receivable are taxes due from taxpayers for
which IRS can support the existence of a receivable through taxpayer agreement or a
favorable court ruling. Compliance assessments are tax assessments where neither the
taxpayer nor the court has affirmed that the amounts are owed. Write-offs represent
unpaid tax assessments for which IRS does not expect further collections because of
factors such as the taxpayer’s death, bankruptcy, or insolvency. Of these three
classifications of unpaid tax assessments, only federal taxes receivable, net of an
allowance for uncollectible amounts, are reported on the financial statements.
11
  GAO, Financial Audit: IRS’s Fiscal Years 2011 and 2010 Financial Statements,
GAO-12-165 (Washington, D.C.: Nov. 10, 2011).
12
    IRS’s master files contain detailed records of taxpayer accounts. However, the master
files do not contain all the details necessary to properly classify or estimate collectibility for
unpaid tax assessment accounts.




Page 8                     GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
taxes receivable amount, through its general ledger system, and back to
underlying transaction-level source documents.

In a number of cases we reviewed during this year’s audit, IRS’s system
misclassified tax debt accounts among the three financial reporting
categories—taxes receivable, compliance assessments, and write-offs.
Specifically, IRS identified 25 cases in its sample of unpaid assessment
tax modules that were either completely or partially misclassified among
these three categories because its automated system does not contain
sufficient detail to analyze all relevant information for proper
classification. 13 One type of example involved instances in which IRS has
recorded multiple tax assessments against a single taxpayer. In all but
the simplest of cases, the system is not designed to distinguish between
tax assessments that (1) have been agreed to by the taxpayer and
therefore represent a tax receivable and (2) have not been agreed to by
the taxpayer and therefore represent a compliance assessment. For such
cases, IRS’s system would classify the entire module balance as either
taxes receivable or a compliance assessment, depending on which
assessment was larger. IRS also found 25 other cases in its sample that
were either totally or partially misclassified, or contained incorrect account
balances because of data entry errors and processing delays. We also
identified such errors during our audit. In one example, IRS recorded a
taxpayer’s total income as $99 million when the taxpayer actually
reported $9.9 million on the tax return. In another example, the
bankruptcy court had relieved the taxpayer of his unpaid tax liability in
2006. However, 6 years later IRS had still not recorded this information in
the taxpayer’s account. These and other system limitations and data entry
and processing errors made it necessary for IRS to make numerous
adjustments as part of its process for estimating and reporting net taxes
receivable and other unpaid tax assessments in its financial statements
and RSI. In addition, errors that caused inaccurate tax records in some
cases also resulted in IRS erroneously billing taxpayers for amounts that
were not valid, thus placing an undue burden on taxpayers who were
compelled to prove that IRS was in error.




13
   A taxpayer may have multiple account modules within IRS’s master files under a unique
taxpayer identification number, for example, a Social Security number or an employer
identification number. Each unique account module is identified by the taxpayer
identification number, specific tax period (e.g., year or quarter), and tax type (e.g., excise
tax, individual tax, payroll tax, etc.).




Page 9                    GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                            During this year’s audit, we also identified a new deficiency that resulted
                            in errors in IRS’s estimate of its federal taxes receivable balance.
                            Specifically, we found a number of instances in which our calculation of
                            the sample account module did not agree with IRS’s calculation for the
                            same account module because IRS did not properly consider all of the
                            pertinent information related to the tax assessments outstanding against
                            these taxpayers. Further, these errors were not discovered through IRS’s
                            own supervisory review process, which is a critical control given the
                            complexity involved in determining amounts to use in its estimation
                            process. We brought these errors to IRS’s attention, and IRS made the
                            necessary corrections and adjustments to the taxes receivable balance
                            on its balance sheet as of September 30, 2012.

                            The collective nature of these continuing and new control deficiencies is
                            such that a reasonable possibility exists that a material misstatement of
                            IRS’s financial statements would not be prevented, or detected and
                            corrected on a timely basis. Consequently, these control deficiencies
                            collectively represent a material weakness in IRS’s internal control over
                            unpaid tax assessments. In addition, because of these serious control
                            deficiencies, management lacks the information it needs to make
                            well-informed decisions and to accumulate and report financial
                            information in accordance with federal accounting standards. Based on
                            our recommendations, IRS has taken actions over the years to improve
                            controls over its unpaid tax assessments subsidiary ledger; however,
                            IRS’s progress to date has not been effective at fully addressing all the
                            issues that continue to cause a lack of transaction traceability and
                            material inaccuracies produced by this subsidiary ledger. These serious
                            deficiencies in internal control over unpaid assessments are likely to
                            continue to exist until IRS (1) significantly enhances or replaces the
                            software applications it uses to maintain the subsidiary taxpayer
                            information necessary to support its unpaid assessment amounts and
                            (2) remedies the continuing control deficiencies that result in significant
                            errors in taxpayer accounts.


Significant Deficiency in   Starting with our first audit of IRS’s financial statements in fiscal year
Internal Control over       1992, each year we have reported a material weakness in internal control
Financial Reporting         over information security because of multiple deficiencies we found that
                            collectively resulted in IRS being unable to rely on its financial reporting
Systems                     systems or compensating and mitigating controls to provide reasonable
                            assurance that its financial statements were fairly presented. These
                            deficiencies also limited IRS’s ability to provide reasonable assurance
                            that the financial information necessary to make management decisions


                            Page 10              GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
was reliable and the proprietary information processed by its automated
systems was appropriately safeguarded. Over the years, IRS has made
important progress in addressing information system-related internal
control deficiencies, particularly those involving its networks and systems
that had reduced the overall effectiveness of its information security
controls and therefore the reliability of its financial data. Notable among
these efforts were the (1) formation of cross functional working groups
tasked with the identification and remediation of specific at-risk control
areas, (2) improvement in controls over the encryption of data transferred
between accounting systems, and (3) upgrades to critical network devices
on the agency’s internal network system.

During this fiscal year, IRS management—both within the Chief Financial
Officer and the Information Technology offices—continued to devote
significant attention and resources to addressing information security
controls, and resolved a significant number of the information system-
related internal control deficiencies that we previously reported. For
example, IRS (1) addressed its outdated operating system and
application software so that the versions in use are now supported by
vendors, (2) improved the auditing and monitoring capabilities of a
general support system, and (3) tested its general ledger system for tax
transactions in its current operating environment. 14 In addition, IRS
funded critical software upgrades for some of its key financial reporting
systems, including its administrative accounting system and its
procurement system, which was an important step toward addressing its
information system issues.

However, the remaining deficiencies in information security, along with
new deficiencies we identified during this year’s audit and discuss further
below, while not collectively considered a material weakness, are
important enough to merit the attention of those charged with governance
of IRS. Therefore, these issues represent a significant deficiency in IRS’s
internal control over financial reporting systems as of September 30,
2012. Specifically, the more significant risks that remained throughout
fiscal year 2012 included (1) access control weaknesses and database
software issues with IRS’s procurement system and (2) inadequate
database security for various systems, both of which we have reported on



14
  In fiscal year 2009, IRS moved its general ledger system for tax transactions from one
data center operating environment to another.




Page 11                  GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
in previous audits. 15 In addition, as we found in our fiscal year 2011
financial audit, 16 IRS had not performed sufficient monitoring of internal
control over its financial reporting systems to determine whether such
control was affected by any deficiencies in internal control that had not
previously been reported that either individually or collectively constitute a
material weakness. Further, we continued to identify weaknesses that
IRS informed us it had addressed. For example, IRS informed us that it
had addressed 58 of the previous information system security-related
recommendations we made. However, we determined that 13 (about
22 percent) of the 58 had actually not yet been fully resolved.

During this year’s audit, we also found new deficiencies in internal
controls over IRS’s financial reporting systems. For example, we found
that IRS (1) did not always set sufficiently restrictive security-related
parameters and users’ rights and privileges for its Windows and UNIX
operating environments, including for a key financial application;
(2) allowed inappropriate and unlogged access to important mainframe
system files; and (3) was not effectively managing certain privileged
accounts on Windows servers. We also found that while IRS has a
comprehensive framework for its information security program, some
aspects of it had not yet been effectively implemented. For example,
IRS’s testing procedures over financial reporting systems were not always
appropriate or thorough. Specifically, IRS’s testing methodology did not
always meet the test objectives necessary to determine whether required
controls were operating effectively and consequently, we identified control
weaknesses that had not been detected by IRS. In addition, we
determined that an important policy concerning security standards for
IRS’s main tax processing environment that is encompassed by the
framework had not been updated to include current software versions and
control capabilities.

IRS informed us that it is planning to make major further changes to its
information systems environment that supports its financial reporting
process. For instance, according to IRS, it began operating a new
procurement system in October 2012. In addition, IRS is in the process of



15
     GAO-12-165.
16
   GAO, Management Report: Improvements Are Needed to Enhance the Internal
Revenue Service’s Internal Controls and Operating Effectiveness, GAO-12-683R
(Washington, D.C.: June 25, 2012).




Page 12                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                       enhancing its administrative general ledger accounting system and is
                       continuing to develop a new tax processing system that is intended to
                       ultimately replace its master file for individual taxpayers.

                       In light of the inherent and control risks created by the changes IRS is
                       implementing and IRS’s ongoing information security challenges,
                       continued and consistent management commitment and attention to an
                       effective information security program will be essential to the
                       maintenance of, and continued improvements in, its information system
                       controls. Until IRS takes additional steps to (1) more effectively implement
                       its testing and monitoring capabilities, (2) ensure that policies and
                       procedures are updated, and (3) address unresolved and newly identified
                       control deficiencies, its financial and taxpayer data will remain vulnerable
                       to inappropriate use, modification, or disclosure, possibly without being
                       detected. We plan to issue a separate report to IRS on the new
                       information security control deficiencies we identified during fiscal year
                       2012 and the status of actions to address previous recommendations. As
                       appropriate, we will also issue a limited distribution report to IRS that
                       details our findings and related recommendations to address any new
                       and sensitive information system deficiencies we identified during our
                       fiscal year 2012 audit.


                       Our tests of IRS’s compliance with selected provisions of laws and
Compliance with        regulations for fiscal year 2012 disclosed no instances of noncompliance
Laws and Regulations   that are reportable under U.S. generally accepted government auditing
                       standards. However, the objective of our audit was not to provide an
                       opinion on overall compliance with laws and regulations. Accordingly, we
                       do not express such an opinion.

                       Starting with our fiscal year 1999 audit of IRS, we have reported that IRS
                       was not in compliance with Section 6325 of the Internal Revenue Code,
                       which pertains to IRS’s timely release of federal tax liens. 17 Over this


                       17
                          The Internal Revenue Code grants IRS the authority to obtain a statutory lien against
                       the property of any taxpayer who neglects or refuses to pay all assessed federal taxes.
                       The lien serves to protect the interest of the federal government and serves as a public
                       notice to current and potential creditors of the government’s interest in the taxpayer’s
                       property. Under section 6325 of the Internal Revenue Code, IRS is required to release
                       federal tax liens within 30 days after the date the tax liability is satisfied or has become
                       legally unenforceable or the Secretary of the Treasury has accepted a bond for the
                       assessed tax.




                       Page 13                    GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                      time, we have made numerous recommendations to resolve the issues
                      contributing to IRS’s noncompliance with this legal requirement. In
                      response to our recommendations, IRS steadily completed actions to
                      improve lien release timeliness. For example, it completed various system
                      enhancements to improve the timeliness of recognizing when a taxpayer
                      has fully satisfied the outstanding tax liability, performed targeted reviews
                      of areas where processing delays were identified in the past, and now
                      conducts periodic testing to evaluate the timeliness of its release of tax
                      liens. During our fiscal year 2012 audit, we found that IRS’s actions
                      significantly improved the timeliness of its lien releases such that we no
                      longer consider this area to represent a reportable noncompliance with
                      the applicable law. We did, however, continue to find internal control
                      deficiencies in this area, which we have communicated to IRS
                      management.


                      IRS’s financial management systems did not substantially comply with
Systems’ Compliance   FFMIA requirements as of September 30, 2012. 18 Specifically, IRS’s
with FFMIA            financial management systems did not substantially comply with
Requirements          •   Federal Financial Management System Requirements, because the
                          previously discussed material weakness in IRS’s internal control over
                          unpaid tax assessments was due, in part, to deficiencies in IRS’s
                          automated systems for tax-related transactions, and
                      •   federal accounting standards (U.S. generally accepted accounting
                          principles), because IRS’s automated systems for tax-related
                          transactions did not support the net federal taxes receivable amount
                          on IRS’s balance sheet and RSI related to uncollected taxes—
                          compliance assessments and write-offs—as required by Statement of
                          Federal Financial Accounting Standards No. 7, Accounting for
                          Revenue and Other Financing Sources and Concepts for Reconciling
                          Budgetary and Financial Accounting. 19




                      18
                         Pub. L. No. 104-208, div. A, § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30,
                      1996).
                      19
                         Federal Accounting Standards Advisory Board (FASAB), Statement of Federal
                      Financial Accounting Standards No. 7, Accounting for Revenue and Other Financing
                      Sources and Concepts for Reconciling Budgetary and Financial Accounting, as codified in
                      FASAB, Statements of Federal Financial Concepts and Standards, Pronouncements as
                      Amended (Washington, D.C.: June 30, 2011).




                      Page 14                   GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                However, IRS’s financial management systems did substantially comply
                with the U.S. Standard General Ledger (USSGL) at the transaction level.

                Our conclusion is based on the criteria established under FFMIA. The
                deficiencies that resulted in IRS’s financial management systems’
                noncompliance with the FFMIA requirements relate to the material
                weakness discussed previously.

                IRS’s fiscal year 2012 FMFIA assurance statement to the Department of
                the Treasury and its Management’s Report on Internal Control over
                Financial Reporting identified and reported this FFMIA noncompliance.
                IRS has established a remediation plan to address the conditions that
                cause its system’s lack of substantial compliance with the FFMIA
                requirements. This plan outlines the actions to be taken to resolve these
                issues and defines related resources and responsible organizational
                units. Many of the actions detailed in the plan are long term in nature and
                are tied to IRS’s systems modernization efforts. 20


                U.S. generally accepted accounting principles require that RSI be
Required        presented to supplement the financial statements. 21 This information,
Supplementary   although not a part of the financial statements, is required by the Federal
                Accounting Standards Advisory Board (FASAB), which considers it to be
Information     an essential part of financial reporting for placing the financial statements
                in appropriate operational, economic, or historical context. We did not
                audit and we do not express an opinion or provide any assurance on the
                RSI because the limited procedures we applied do not provide sufficient
                evidence to express an opinion or provide any assurance.




                20
                   Section 803(c)(4) of FFMIA requires that the Department of the Treasury, with the
                concurrence of the Director of OMB, specify the most feasible date for bringing its systems
                into substantial compliance with FFMIA systems requirements and designate a
                Department of the Treasury official who shall be responsible for bringing its systems into
                substantial compliance by that date.
                21
                  RSI comprises the Management’s Discussion and Analysis and the required
                supplementary information sections that are included with the financial statements.




                Page 15                  GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                          IRS’s other information contains a wide range of information, some of
Other Information         which is not directly related to the financial statements. 22 This information
                          is presented for purposes of additional analysis and is not a required part
                          of the financial statements or RSI. Our audit was conducted for the
                          purpose of forming an opinion on IRS’s financial statements. We did not
                          audit and do not express an opinion or provide any assurance on the
                          other information.


                          In addition to the challenge of addressing its internal control deficiencies,
Other Financial           IRS also faces additional significant financial management challenges
Management                related to (1) the safeguarding of taxpayer receipts and associated
                          information and (2) significant improper refunds based on identity theft.
Challenges
Safeguarding Taxpayer     IRS faces an ongoing management challenge because of the millions of
Receipts and Associated   hard copy tax returns along with hundreds of billions of dollars in
Information               associated taxpayer payments it receives and processes each year. As
                          long as IRS continues to receive large volumes of hard copy taxpayer
                          payments and supporting data, there will continue to be a significant risk
                          to the government and taxpayers alike that loss of receipts or
                          inappropriate disclosure or compromise of taxpayer information may
                          occur during this process. Safeguarding these taxpayer receipts and
                          associated taxpayer information to prevent such events is among IRS’s
                          most important and demanding responsibilities. Congressional and
                          taxpayer expectations in this regard are justifiably high. During our
                          financial audits of IRS, including this year’s audit, we continued to identify
                          deficiencies in IRS’s internal control intended to safeguard taxpayer
                          receipts and information that while not individually or in the aggregate
                          constituting a significant deficiency or material weakness, are
                          nonetheless sensitive matters requiring IRS management’s attention. We
                          have made numerous recommendations to address these issues, to
                          which IRS has been responsive. 23 Nonetheless, it is critical that IRS
                          continue to maintain effective internal control necessary to appropriately



                          22
                             Other information comprises information included with the financial statements, other
                          than RSI and the auditor report.
                          23
                             We have reported these deficiencies and recommendations to address them, as well as
                          IRS’s associated corrective actions, in various management and status of
                          recommendations reports to IRS. See GAO-12-695.




                          Page 16                  GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                           mitigate this risk, including ongoing monitoring of key internal controls to
                           ensure that they do not deteriorate over time.


Preventing and Detecting   IRS management also faces a significant challenge arising from the large
Improper Refunds Based     numbers of identity theft-based claims it receives for fraudulent tax
on Identity Theft          refunds. This form of identity theft occurs when individuals use stolen
                           taxpayer names and Social Security numbers to file fraudulent tax returns
                           claiming tax refunds. Fraudulent refund claims are often submitted to IRS
                           early in the filing season, before the victims, whose identities have been
                           stolen, file their tax returns. In many such cases, the fraudulent refund
                           claim is only discovered after the legitimate taxpayer files his or her tax
                           return and IRS realizes that a refund has already been paid on the
                           taxpayer’s account. Identifying and stopping identity theft-based refund
                           claims has been a serious and increasing challenge for IRS, and has
                           resulted in significant cost to the federal government as well as a burden
                           to the taxpayers whose identities have been stolen.

                           IRS has been aware of the growing magnitude of identity theft-based
                           fraudulent refund claims and has devoted significant resources to address
                           the problem. According to IRS, it identified and prevented the payment of
                           over 40,000 identity theft-based refund claims totaling over $470 million
                           during fiscal year 2010, and over 1,100,000 claims totaling over $8 billion
                           in fiscal year 2011. During the first 9 months of calendar year 2012, IRS
                           informed us that it stopped another 1,400,000 identity theft-based refund
                           claims totaling over $9.3 billion. However, the number of identity theft-
                           based refund claims IRS did not identify or stop during this period and
                           their associated cost to the federal government is unknown. IRS has
                           developed a strategy to address identity theft, including efforts to prevent
                           and detect identify theft-based refund claims. 24 According to IRS, this
                           strategy serves as the foundation of its efforts to reduce the effects of
                           identity theft. For example, IRS enhanced its questionable refund
                           program, which screens tax returns for suspicious activity, including
                           identity theft; stops payments of potentially fraudulently claimed refunds;
                           and refers identified fraudulent refund schemes to IRS’s Criminal
                           Investigation office. 25 IRS has also provided taxpayers with targeted


                           24
                             GAO, Taxes and Identity Theft: Status of IRS Initiatives to Help Victimized Taxpayers,
                           GAO-11-721T (Washington, D.C.: June 2, 2011).
                           25
                                GAO-11-721T.




                           Page 17                  GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                     information to increase their awareness of the threats posed by identity
                     theft and enable them to better protect themselves. In addition, starting in
                     tax year 2011, IRS offered taxpayers victimized by identity theft the use of
                     a six-digit personal identification number to help them prevent a
                     recurrence. 26 However, the options available to IRS in attempting to
                     minimize identity theft-related refund claims are affected by a number of
                     constraints. 27 For example, (1) the personal information contained in tax
                     returns and related information submitted to IRS is confidential and is
                     protected from disclosure except as specifically authorized by statute,
                     which places limitations on IRS’s ability to share it with other entities
                     affected by identity theft, including law enforcement agencies, and (2) the
                     benefits to be derived by more rigorous screening for potentially
                     fraudulent tax returns must be weighed against the adverse effects of
                     increased taxpayer burden as the closer scrutiny inevitably causes more
                     legitimate refund claims to be caught by the screening, thereby delaying
                     payment of valid refunds to legitimate taxpayers as IRS reviews their
                     claims more closely. Moreover, because the full magnitude of identity
                     theft-related refund fraud is unknown, the effectiveness of IRS’s efforts is
                     unclear.

                     Effectively responding to the high levels of identity theft-related refund
                     claims and minimizing the related costs to the government and burden to
                     the taxpayers represent a significant challenge to IRS management. If
                     IRS is to minimize the effects of identity theft-based refund claims on
                     taxpayers and the federal government, as well as the associated losses, it
                     is critical for IRS to explore all options available to it to identify, design,
                     and implement the most effective possible measures to prevent and
                     detect identity theft-related refund fraud.


                     IRS management is responsible for (1) preparing the financial statements
Objectives, Scope,   in conformity with U.S. generally accepted accounting principles;
and Methodology      (2) preparing, measuring, and presenting the RSI in accordance with the
                     prescribed guidelines in U.S. generally accepted accounting principles;
                     (3) preparing and presenting other information included in documents
                     containing the audited financial statements and auditor’s report, and
                     ensuring the consistency of that information with the audited financial


                     26
                          A tax year is the period of time covered by a particular tax return.
                     27
                          GAO-11-721T.




                     Page 18                      GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
statements and the RSI; (4) establishing and maintaining effective internal
control over financial reporting and evaluating its effectiveness;
(5) ensuring that IRS’s financial management systems substantially
comply with FFMIA requirements; and (6) complying with applicable laws
and regulations. IRS management evaluated the effectiveness of IRS’s
internal control over financial reporting as of September 30, 2012, based
on the criteria established under FMFIA. IRS management’s assertion
based on its evaluation is included in appendix I.

We are responsible for planning and performing the audit to obtain
reasonable assurance and provide our opinion about whether (1) IRS’s
financial statements are presented fairly, in all material respects, in
conformity with U.S. generally accepted accounting principles; (2) IRS
management maintained, in all material respects, effective internal control
over financial reporting as of September 30, 2012; and (3) IRS’s financial
management systems substantially comply with FFMIA requirements. We
are also responsible for (1) testing compliance with selected provisions of
laws and regulations that have a direct and material effect on the financial
statements, and (2) applying certain limited procedures to the RSI and
other information included with the financial statements.

In order to fulfill these responsibilities, we
•   examined, on a test basis, evidence supporting the amounts and
    disclosures in IRS’s financial statements;
•   assessed the accounting principles used and significant estimates
    made by IRS management;
•   evaluated the overall presentation of IRS’s financial statements;
•   obtained an understanding of IRS and its operations, including its
    internal control over financial reporting;
•   considered IRS’s process for evaluating and reporting on (1) internal
    control over financial reporting based on criteria established under
    FMFIA and (2) financial management systems under FFMIA;
•   assessed the risk of (1) material misstatement in IRS’s financial
    statements and (2) material weakness in its internal control over
    financial reporting;
•   evaluated the design and operating effectiveness of IRS’s internal
    control over financial reporting based on the assessed risk;
•   tested relevant internal control over IRS’s financial reporting;
•   tested compliance with selected provisions of the Antideficiency Act,
    as amended; Purpose Statute; Prompt Payment Act; Pay and
    Allowance System for Civilian Employees; Civil Service Retirement
    Act; Federal Employees’ Retirement System Act of 1986, as
    amended; Federal Employees Health Benefits Act of 1959, as


Page 19                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
    amended; Federal Employees’ Compensation Act; Social Security Act
    of 1935, as amended; Tax Relief, Unemployment Insurance
    Reauthorization, and Jobs Creation Act of 2010; Temporary Payroll
    Tax Cut Continuation Act of 2011; Middle Class Tax Relief and Job
    Creation Act of 2012; Health Care and Education Reconciliation Act of
    2010; Internal Revenue Code; and Financial Services and General
    Government Appropriations Act, 2012;
•   tested whether IRS’s financial management systems substantially
    complied with the FFMIA requirements for Federal Financial
    Management System Requirements, U.S. generally accepted
    accounting principles, and the USSGL;
•   conducted inquiries of management about the methods of preparing
    the RSI, and compared this information for consistency with
    management’s responses to the auditor’s inquiries, the financial
    statements, and other knowledge we obtained during the audit of the
    financial statements in order to report omissions or material
    departures from FASAB guidelines, if any, identified by these limited
    procedures;
•   read the other information included with the financial statements in
    order to identify material inconsistencies, if any, with the audited
    financial statements; and
•   performed such other procedures as we considered necessary in the
    circumstances.

An entity’s internal control over financial reporting is a process affected by
those charged with governance, management, and other personnel, the
objectives of which are to provide reasonable assurance that
(1) transactions are properly recorded, processed, and summarized to
permit the preparation of financial statements in conformity with U.S.
generally accepted accounting principles and assets are safeguarded
against loss from unauthorized acquisition, use, or disposition and
(2) transactions are executed in accordance with the laws governing the
use of budget authority and other laws and regulations that could have a
direct and material effect on the financial statements.

We did not evaluate all internal control relevant to operating objectives as
broadly established under FMFIA, such as controls relevant to preparing
statistical reports and ensuring efficient operations. We limited our
internal control testing to testing controls over financial reporting. Our
internal control testing was for the purpose of expressing an opinion on
the effectiveness of internal control over financial reporting and may not
be sufficient for other purposes. Consequently, our audit may not identify
all deficiencies in internal control over financial reporting that are less



Page 20               GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
                     severe than a material weakness. Because of inherent limitations, internal
                     control may not prevent or detect and correct misstatements caused by
                     error or fraud, losses, or noncompliance. We also caution that projecting
                     any evaluation of effectiveness to future periods is subject to the risk that
                     controls may become inadequate because of changes in conditions, or
                     that the degree of compliance with policies or procedures may
                     deteriorate.

                     We did not test compliance with all legal provisions applicable to IRS. We
                     limited our tests of compliance to those laws and regulations that have a
                     direct and material effect on the financial statements for the fiscal year
                     ended September 30, 2012. We caution that noncompliance may occur
                     and not be detected by these tests and that such testing may not be
                     sufficient for other purposes. Also, our work on FFMIA would not
                     necessarily disclose all instances of noncompliance with FFMIA
                     requirements.

                     We performed our audit in accordance with U.S. generally accepted
                     government auditing standards. We believe our audit provides a
                     reasonable basis for our opinions and other conclusions.


                     In commenting on a draft of this report, IRS stated that it was pleased that
Agency Comments      we recognized its progress in strengthening controls over information
and Our Evaluation   security and federal tax lien releases. In addition, IRS noted that we
                     determined that the deficiencies in internal control over refunds no longer
                     constitute a significant deficiency. Further, while IRS acknowledged that
                     challenges remain, it also stated that it had a solid management team
                     dedicated to promoting the highest standard of financial management,
                     and would continue to increase the focus on information security and
                     internal controls while improving financial reporting.




                     Page 21              GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
We will evaluate the effectiveness of IRS’s corrective actions during our
audit of IRS’s fiscal year 2013 financial statements. The complete text of
IRS’s response is reprinted in appendix II.




Cheryl E. Clark
Director
Financial Management and Assurance

November 5, 2012




Page 22              GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis
             Management Discussion and Analysis




             Page 23                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 24                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 25                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 26                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 27                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 28                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 29                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 30                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 31                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 32                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 33                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 34                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 35                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 36                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 37                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 38                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 39                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 40                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 41                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 42                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 43                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 44                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 45                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 46                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 47                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 48                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 49                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 50                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 51                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 52                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 53                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 54                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 55                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 56                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 57                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 58                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Management Discussion and Analysis




Page 59                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements
              Financial Statements




              Page 60                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 61                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 62                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 63                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 64                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 65                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 66                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 67                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 68                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 69                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 70                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 71                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 72                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 73                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 74                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 75                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 76                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 77                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 78                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 79                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 80                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 81                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 82                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 83                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 84                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 85                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Financial Statements




Page 86                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Required Supplementary Information
             Required Supplementary Information




             Page 87                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Required Supplementary Information




Page 88                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Required Supplementary Information




Page 89                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Required Supplementary Information




Page 90                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information
             Other Accompanying Information




             Page 91                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 92                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 93                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 94                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 95                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 96                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 97                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 98                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 99                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 100                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Other Accompanying Information




Page 101                GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Appendix I: Management’s Report on Internal
              Appendix I: Management’s Report on Internal
              Control over Financial Reporting



Control over Financial Reporting




              Page 102                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
Appendix II: Comments from the Internal
              Appendix II: Comments from the Internal
              Revenue Service



Revenue Service




              Page 103                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
           Appendix II: Comments from the Internal
           Revenue Service




(196250)
           Page 104                 GAO-13-120 IRS’s Fiscal Years 2012 and 2011 Financial Statements
GAO’s Mission         The Government Accountability Office, the audit, evaluation, and
                      investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (http://www.gao.gov). Each weekday
GAO Reports and       afternoon, GAO posts on its website newly released reports, testimony,
                      and correspondence. To have GAO e-mail you a list of newly posted
Testimony             products, go to http://www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
                      Website: http://www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in   E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.