What GAO Found During GAO’s audits of the Internal Revenue Service’s (IRS) fiscal year 2025 financial statements and of its internal control over financial reporting as of September 30, 2025, GAO identified five new deficiencies in internal control over financial reporting. Four of these new deficiencies are sensitive in nature and related to information systems, consisting of three access control deficiencies and one security management control deficiency. The remaining new deficiency was not sensitive in nature and related to IRS’s nonproduction costs, which are part of the financial reporting transaction cycle. This report presents detailed information on the new financial reporting transaction cycle control deficiency and associated recommendation. The separately issued LIMITED OFFICIAL USE ONLY report presents detailed information on the new information system control deficiencies and four recommendations to address them. In addition, GAO determined that IRS had completed corrective actions for 14 of 30 recommendations from GAO’s prior reports related to internal control over financial reporting that were open as of September 30, 2024. IRS’s actions addressed four transaction cycle recommendations, one safeguarding assets recommendation, and nine information system recommendations. This report provides the status of eight previously reported recommendations that are nonsensitive in nature and IRS’s actions…
Professional
IRS Financial Reporting: Improvements Needed in Information System and Other Controls
Source: US GAO Reports — US Government, Public Domain