Financial Audit: IRS’s Fiscal Years 2015 and 2014 Financial Statements, GAO-16-146: Published: Nov 12, 2015. Publicly Released: Nov 12, 2015.
“In GAO’s opinion, the Internal Revenue Service’s (IRS) fiscal years 2015 and 2014 financial statements are fairly presented in all material respects. However, in GAO’s opinion, IRS did not maintain effective internal control over financial reporting as of September 30, 2015, because of a continuing material weakness in internal control over unpaid tax assessments. GAO’s tests of IRS’s compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements detected no reportable instances of noncompliance in fiscal year 2015. The material weakness in internal control over unpaid tax assessments was primarily caused by financial system limitations and errors in taxpayer accounts that rendered IRS’s systems unable to readily distinguish between taxes receivable, compliance assessments, and write-offs in order to properly classify these components for financial reporting purposes. These deficiencies necessitated the use of a compensating estimation process to determine the amount of taxes receivable, the most material asset on IRS’s balance sheet. Through this compensating process, IRS made over $9 billion in adjustments to the 2015 fiscal year-end gross taxes receivable balance produced by its financial systems. To address this material weakness, in fiscal year 2015, IRS took a significant step in developing a long-term corrective action plan. However, the plan does not include milestones or related dates for most of the actions, so it is unclear when IRS will fully address the issues that cause significant inaccuracies in the unpaid tax assessments information maintained in its accounting systems. During fiscal year 2015, IRS continued to make important progress in addressing deficiencies in internal control over its financial reporting systems. However, GAO identified continuing and new deficiencies in internal control over information security, including missing security updates, insufficient audit trails and monitoring for certain key systems, and use of weak passwords, that collectively constituted a significant deficiency in IRS’s internal control over financial reporting systems. Until IRS takes the necessary steps to fully address these control deficiencies over its financial reporting systems, its financial and taxpayer data will remain at increased risk of inappropriate and undetected use, modification, or disclosure. In addition to its internal control deficiencies, IRS faces significant ongoing financial management challenges related to (1) safeguarding the large volume of sensitive hard copy taxpayer receipts and associated information, (2) significant invalid refunds based on identity theft, and (3) implementing the tax provisions of the Patient Protection and Affordable Care Act. The difficulties confronting IRS in its efforts to effectively manage each of these challenges are further magnified by the need to do so in an environment of diminished budgetary resources.”