GAO Audit Reveals IRS Security Weaknesses

The Government Accountability Office recently reported that the Internal Revenue Service has made limited progress toward correcting or mitigating previously reported information security weaknesses. The report found 66 percent of the weaknesses that GAO had previously identified still existed.

As part of its audit of the IRS’s 2005-06 financial statements, the GAO took a look at what the agency was doing to correct previously reported information security weaknesses. To examine whether the controls in place were effective in ensuring the “confidentiality, integrity, and availability of financial and sensitive taxpayer information,” the GAO examined IRS information security policies and procedures, guidance, security plans, reports, and other documents. The office also tested controls over five critical applications at a trio of IRS sites and interviewed key security representatives and management officials.

Specifically, the IRS has corrected or mitigated 25 of the 73 information security weaknesses that the GAO reported as unresolved during its last review. Significant weaknesses in access controls and other information security controls continue to threaten the IRS’s financial and tax processing systems and information.

For example, while the IRS has improved password controls on its servers, it continues to use inadequate account lockout settings for Windows servers and inadequately verify employees’ identities against official IRS photo identification.

A primary reason for the weaknesses is that the IRS has not yet fully implemented its information security program. The GAO recommended, and the IRS agreed, that the agency-wide program -- that includes risk assessments, enhanced policies and procedures, security plans, training, adequate tests and evaluations, and a continuity of operations process for all major systems -- must be implemented.

The full report is available at www.gao.gov/new.items/d07364.pdf.

You may like these other stories...

IRS chief: New rule on the way for tax-exempt groupsIRS Commissioner John Koskinen told the USA Today on Monday that the agency will likely rewrite a proposed rule regulating the political activities of nonprofit groups to...
With tomorrow being Tax Day, you might see some procrastinators at your office filling out forms, printing out paperwork, or getting last-minute tax advice from their accountant so they can meet the IRS’s filing...
The IRS has launched 295 new identity theft and refund fraud investigations during this tax-filing season, bringing the number of active cases to nearly 1,900, the agency announced last week.The coast-to-coast enforcement...

Upcoming CPE Webinars

Apr 17
In this exciting presentation Excel expert David H. Ringstrom, CPA shares tricks that you can use with pivot tables every day. Remember, either you work Excel, or it works you!
Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.