Audit report: IRS must set deadline for SSN fixes
by AccountingWEB on
The Internal Revenue Service needs to pick a deadline to stop or reduce the use of Social Security numbers on its outgoing correspondence, according to a new audit report.
The report, issued last week by the Treasury Inspector General for Tax Administration, stated that the IRS plan, which is a response to concerns over protection of personal information, “lacks milestones for progress.”
Taxpayers need to be assured that their private information is being protected, Treasury Inspector General for Tax Administration J. Russell George said in a statement. More than 130 million taxpayers entrust the IRS with their Social Security numbers and other personal and financial information. Nearly 42 million notices, most of which included taxpayers’ SSNs, were mailed out in the first five months of this year.
"A person's Social Security number is the most valuable tool an identity thief can obtain to commit financial fraud, and it becomes even more valuable if it is linked to other personal data, such as information required to prepare a tax return," George said. "The IRS must improve its strategy to effectively ensure the protection of this information.”
The IRS agreed with the recommendations and has implemented “a more strongly organized process” for maintaining documentation related to accomplishing goals in its SSN Elimination and Reduction plan, which was first developed in 2007.
The IRS is focusing first on internal forms that use SSNs and eliminating employees’ SSNs from its system, although the ultimate goal is to reduce the agency's reliance on taxpayers’ SSNs as identifiers. The report states that the IRS will not be eliminating use of SSNs “in the immediate future,” as they are used in connection with more than 500 different computer systems, 6,000 kinds of internal and external forms, and 20 categories of individual taxpayer notices. So far, the IRS has removed or shortened SSNs from a small number of forms and letters.
In a separate report issued earlier this month, the inspector general said two IRS information technology security systems are adequate, but noted that the agency should improve its follow-up and remediation in one area of security control.
The report outlined the results of its annual evaluation of two Non-Intelligence National Security Systems, required by the Federal Information Security Management Act.
The law calls for federal agencies to track and monitor known weaknesses, but the IRS did not include previously identified weaknesses in its Plans of Action and Milestones (POA&M). In addition, weaknesses that had been fixed were not “closed out” in a timely way in the POA&Ms.
“The POA&M process is particularly important because the IRS decided not to perform a new certification and accreditation in Fiscal Year 2010 and to rely instead on its annual testing to ensure a subset of security controls have been implemented and are working as intended,” the report said. The inspector general’s report did not include recommendations, only reporting on the agency's performance under the Office of Management and Budget’s guidelines.
You may like these other stories...
Some of your clients may get away to business conventions from time to time. It gives them a chance to rub shoulders with colleagues, catch up on the latest developments, and fine-tune their skills. And, when the meetings or...
PwC must face $1 billion lawsuit over MF Global adviceA federal judge on Wednesday ordered PricewaterhouseCoopers (PwC) to face a $1 billion lawsuit claiming that its bad accounting advice was a substantial cause of the...
Being an accountant doesn't mean you're giving investment advice to clients. However, at tax time, accountants often have to deal with the results of any investment advice clients obtained during the year—the...
Upcoming CPE Webinars
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.