Audit report: IRS must set deadline for SSN fixes

The Internal Revenue Service needs to pick a deadline to stop or reduce the use of Social Security numbers on its outgoing correspondence, according to a new audit report.

The report, issued last week by the Treasury Inspector General for Tax Administration, stated that the IRS plan, which is a response to concerns over protection of personal information, “lacks milestones for progress.”
 
Taxpayers need to be assured that their private information is being protected, Treasury Inspector General for Tax Administration J. Russell George said in a statement. More than 130 million taxpayers entrust the IRS with their Social Security numbers and other personal and financial information. Nearly 42 million notices, most of which included taxpayers’ SSNs, were mailed out in the first five months of this year.
 
"A person's Social Security number is the most valuable tool an identity thief can obtain to commit financial fraud, and it becomes even more valuable if it is linked to other personal data, such as information required to prepare a tax return," George said. "The IRS must improve its strategy to effectively ensure the protection of this information.”
 
The IRS agreed with the recommendations and has implemented “a more strongly organized process” for maintaining documentation related to accomplishing goals in its SSN Elimination and Reduction plan, which was first developed in 2007.
 
The IRS is focusing first on internal forms that use SSNs and eliminating employees’ SSNs from its system, although the ultimate goal is to reduce the agency's reliance on taxpayers’ SSNs as identifiers. The report states that the IRS will not be eliminating use of SSNs “in the immediate future,” as they are used in connection with more than 500 different computer systems, 6,000 kinds of internal and external forms, and 20 categories of individual taxpayer notices. So far, the IRS has removed or shortened SSNs from a small number of forms and letters.
 
In a separate report issued earlier this month, the inspector general said two IRS information technology security systems are adequate, but noted that the agency should improve its follow-up and remediation in one area of security control.
 
The report outlined the results of its annual evaluation of two Non-Intelligence National Security Systems, required by the Federal Information Security Management Act.
 
The law calls for federal agencies to track and monitor known weaknesses, but the IRS did not include previously identified weaknesses in its Plans of Action and Milestones (POA&M). In addition, weaknesses that had been fixed were not “closed out” in a timely way in the POA&Ms.
 
“The POA&M process is particularly important because the IRS decided not to perform a new certification and accreditation in Fiscal Year 2010 and to rely instead on its annual testing to ensure a subset of security controls have been implemented and are working as intended,” the report said. The inspector general’s report did not include recommendations, only reporting on the agency's performance under the Office of Management and Budget’s guidelines.
 
Related articles:

You may like these other stories...

AgFeed agrees to pay $18 million to settle SEC accounting fraud caseMichael Rapoport of the Wall Street Journal reported on Monday that AgFeed Industries Inc. has agreed to pay $18 million to settle US Securities and...
Many accountants struggle with payroll, either because they have too much of it or they don't want to do any of it. Either way, they are at odds with the needs of their business clients. Most clients are looking for a...
Hertz and Icahn make peaceThere won’t be any nasty, protracted proxy battle between Hertz Global Holdings and activist investor Carl Icahn. The rental car chain agreed last Thursday to give Icahn – who has...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.