Unfinished Business: GAO identifies 36 'open recommendations' IRS hasn't fulfilled

The GAO said that the recommendations that have not been acted upon "warrant the attention of agency CIOs because their implementation could significantly improve government IT operations."

By Nicholas Ballasy

Published: September 6, 2025 10:34pm

Updated: September 7, 2025 12:29am

The Government Accountability Office (GAO) has identified 36 "open recommendations" — some dating back to 2014 — that the Internal Revenue Service (IRS) has not yet fulfilled, such as maintaining a "comprehensive inventory of its systems that process or store taxpayer information."

Nick Marinos, Managing Director of Information Technology and Cybersecurity for the GAO, sent a letter on August 28 to the IRS, stating 22 of those recommendations are "sensitive" based on "previously issued work."

Marinos added that "copies of this letter are being sent to the appropriate congressional committees, the Federal CIO, and the CIO of the Department of the Treasury" and "we are planning to send a separate letter related to agency wide priority recommendations to the Commissioner of the IRS."

"High-risk" areas, such as private data and cybersecurity

Some of the recommendations, such as the Ensuring the Cybersecurity of the Nation and the Improving IT Acquisitions and Management recommendations, are related to "high-risk" areas.

"GAO previously recommended that the IRS maintain a comprehensive inventory of its systems that process or store taxpayer information," the watchdog said about their study.

"Further, GAO recommended that the IRS fully address the key Office of Management and Budget requirement regarding conducting regular evaluations of customer experiences and user needs," the organization also said.

Quarterly cost reports recommended but not implemented

The GAO also noted that it previously recommended that the IRS include the cost and overall goals of each of its programs in its quarterly reports to Congress.

"Implementing this recommendation would provide Congress and other stakeholders with the information needed to gauge the IRS’s performance in meeting long-term modernization goals," Marinos wrote in the letter on Thursday to IRS Chief Information Officer Kaschit Pandya.

The GAO said that the outstanding recommendations "warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others."