Management Discussion and Analysis_part7 ppt
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (82.02 KB, 1 trang )
Appendix I
Material Weaknesses, Significant Deficiency,
and Compliance Issues
Page 109 GAO-12-165 IRS’s Fiscal Years 2011 and 2010 Financial Statements
financial information used by management and increase the risk that
sensitive agency and taxpayer information may be compromised. These
deficiencies also increase the risk that errors or irregularities may affect
IRS’s financial information and not be detected and corrected in time to
prevent material misstatement of IRS’s financial statements or other
internal and external reports.
24
During fiscal year 2011, IRS management devoted attention and
resources to addressing the agency’
s information security controls. The
agency developed enterprise-wide security initiatives that are designed to
improve its controls and provide management with the ability to measure
the state of IRS’s controls. For example, IRS formed cross-functional
working groups with knowledge of the IRS internal systems to address
identified areas considered at risk.
Nevertheless, the agency made limited progress in corre
cting information
security weaknesses we identified in previous audits. IRS addressed
approximately 15 percent of the 105 open recommendations that we had
previously reported. For example, IRS took action to address
recommendations related to (1) encrypted data transfers for its Integrated
Financial System (IFS),
25
thereby decreasing the risk that malicious users
could capture sensitive information; (2) upgraded domain name system
servers, thereby decreasing the risk that known vulnerabilities may not be
mitigated; and (3) improved the infrastructure supporting RRACS, thereby
decreasing the risk of exposure to unauthorized access or manipulation
through the exploitation of known vulnerabilities.
24
As discussed above, measurements of materiality encompass both quantitative and
qualitative considerations. Quantitative considerations refer to the dollar magnitude of
actual or potential misstatements, while qualitative considerations encompass surrounding
circumstances which, in the judgment of the auditors, may significantly elevate financial
statements users' perceptions of the importance of actual or potential misstatements and
deficiencies in internal control. The deficiencies in internal control over information security
discussed in this report increase the risk that errors or omissions may occur and not be
timely detected and corrected, which even if not quantitatively material, may nevertheless
be considered qualitatively material due to the sensitive nature of the underlying
information and its importance to financial statement users.
25
IFS is IRS’s administrative accounting system, which the agency uses to account for core
financial management activities, including general ledger, budget formulation, accounts
payable, accounts receivable, funds management, cost management, and financial
reporting. IFS does not process or report IRS’s tax-related transactions, including tax
revenues, tax refunds, and taxes receivable.
This is trial version
www.adultpdf.com
