Management Report: Improvements Are Needed to Enhance the Internal Revenue Service's Information System Security Controls [May 13, 2020] [open pdf - 330KB]
From the Document: "In connection with our audit of the Internal Revenue Service's (IRS) fiscal years 2019 and 2018 financial statements, we reported that although internal controls could be improved, IRS maintained, in all material respects, effective internal control over financial reporting as of September 30, 2019, based on criteria established under 31 U.S.C. [United States Code] § 3512(c), (d), commonly known as the Federal Managers' Financial Integrity Act. [...] However, during our fiscal year 2019 audit, we identified new and continuing deficiencies in information system security controls that while not collectively considered a material weakness, were important enough to merit attention by those charged with governance of IRS and therefore represented a significant deficiency in IRS's internal control over its financial reporting systems. [...] This report for IRS management presents the new control deficiencies we identified during our fiscal year 2019 testing of information system security controls that are relevant to IRS's internal control over financial reporting and associated recommendations to address them. The report also includes the results of our follow-up on the status of the agency's corrective actions to address deficiencies in information system security controls and associated recommendations contained in our July 2019 report that remained open as of September 30, 2018."
Government Accountability Office: https://www.gao.gov/