GAO Audit Reveals IRS Security Weaknesses

The Government Accountability Office recently reported that the Internal Revenue Service has made limited progress toward correcting or mitigating previously reported information security weaknesses. The report found 66 percent of the weaknesses that GAO had previously identified still existed.

As part of its audit of the IRS’s 2005-06 financial statements, the GAO took a look at what the agency was doing to correct previously reported information security weaknesses. To examine whether the controls in place were effective in ensuring the “confidentiality, integrity, and availability of financial and sensitive taxpayer information,” the GAO examined IRS information security policies and procedures, guidance, security plans, reports, and other documents. The office also tested controls over five critical applications at a trio of IRS sites and interviewed key security representatives and management officials.

Specifically, the IRS has corrected or mitigated 25 of the 73 information security weaknesses that the GAO reported as unresolved during its last review. Significant weaknesses in access controls and other information security controls continue to threaten the IRS’s financial and tax processing systems and information.

For example, while the IRS has improved password controls on its servers, it continues to use inadequate account lockout settings for Windows servers and inadequately verify employees’ identities against official IRS photo identification.

A primary reason for the weaknesses is that the IRS has not yet fully implemented its information security program. The GAO recommended, and the IRS agreed, that the agency-wide program -- that includes risk assessments, enhanced policies and procedures, security plans, training, adequate tests and evaluations, and a continuity of operations process for all major systems -- must be implemented.

The full report is available at www.gao.gov/new.items/d07364.pdf.

You may like these other stories...

As mentioned in today’s “Bramwell’s Lunch Beat” via an article from the USA Today, a new report from the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS doled out $2.8...
London Stock Exchange switches auditing to EYThe London Stock Exchange will drop PwC as its auditor and replace it with EY after completion of the audit for the year ending March 2014, Harriet Agnew of the Financial Times...
With tax season in the past, it's time to think about the tax implications of decisions your clients may be making about their homes in 2014. The rules are complicated and because of the huge amounts involved, the...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.