Audit report: IRS must set deadline for SSN fixes
by AccountingWEB on
The Internal Revenue Service needs to pick a deadline to stop or reduce the use of Social Security numbers on its outgoing correspondence, according to a new audit report.
The report, issued last week by the Treasury Inspector General for Tax Administration, stated that the IRS plan, which is a response to concerns over protection of personal information, “lacks milestones for progress.”
Taxpayers need to be assured that their private information is being protected, Treasury Inspector General for Tax Administration J. Russell George said in a statement. More than 130 million taxpayers entrust the IRS with their Social Security numbers and other personal and financial information. Nearly 42 million notices, most of which included taxpayers’ SSNs, were mailed out in the first five months of this year.
"A person's Social Security number is the most valuable tool an identity thief can obtain to commit financial fraud, and it becomes even more valuable if it is linked to other personal data, such as information required to prepare a tax return," George said. "The IRS must improve its strategy to effectively ensure the protection of this information.”
The IRS agreed with the recommendations and has implemented “a more strongly organized process” for maintaining documentation related to accomplishing goals in its SSN Elimination and Reduction plan, which was first developed in 2007.
The IRS is focusing first on internal forms that use SSNs and eliminating employees’ SSNs from its system, although the ultimate goal is to reduce the agency's reliance on taxpayers’ SSNs as identifiers. The report states that the IRS will not be eliminating use of SSNs “in the immediate future,” as they are used in connection with more than 500 different computer systems, 6,000 kinds of internal and external forms, and 20 categories of individual taxpayer notices. So far, the IRS has removed or shortened SSNs from a small number of forms and letters.
In a separate report issued earlier this month, the inspector general said two IRS information technology security systems are adequate, but noted that the agency should improve its follow-up and remediation in one area of security control.
The report outlined the results of its annual evaluation of two Non-Intelligence National Security Systems, required by the Federal Information Security Management Act.
The law calls for federal agencies to track and monitor known weaknesses, but the IRS did not include previously identified weaknesses in its Plans of Action and Milestones (POA&M). In addition, weaknesses that had been fixed were not “closed out” in a timely way in the POA&Ms.
“The POA&M process is particularly important because the IRS decided not to perform a new certification and accreditation in Fiscal Year 2010 and to rely instead on its annual testing to ensure a subset of security controls have been implemented and are working as intended,” the report said. The inspector general’s report did not include recommendations, only reporting on the agency's performance under the Office of Management and Budget’s guidelines.
You may like these other stories...
Senate Takes Different Approach from House for Highway and Bridge FundEarlier this week, according to a New York Times article, the Senate agreed to fill the coffers of the fund that pays for highway and bridge repairs with...
There it stands, your client's 100-year-old, rickety, vermin-infested barn or former hotel or whatever the darn thing once was. And she's considering what to do with it. There are two words that can help her decide...
It's not a reality—yet—but accounting software is poised to eliminate accountants. We are at a tipping point for many similar professions: online education replacing professors, legal software replacing...
Upcoming CPE Webinars
FRF for SMEs Series--Measurement and Disclosure Principles for various Consolidations and Business Combinations, Part 4B
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
In this session we'll review best practices for how to generate interest in your firm’s services.
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.