GAO Audit Reveals IRS Security Weaknesses | AccountingWEB

GAO Audit Reveals IRS Security Weaknesses

The Government Accountability Office recently reported that the Internal Revenue Service has made limited progress toward correcting or mitigating previously reported information security weaknesses. The report found 66 percent of the weaknesses that GAO had previously identified still existed.

As part of its audit of the IRS’s 2005-06 financial statements, the GAO took a look at what the agency was doing to correct previously reported information security weaknesses. To examine whether the controls in place were effective in ensuring the “confidentiality, integrity, and availability of financial and sensitive taxpayer information,” the GAO examined IRS information security policies and procedures, guidance, security plans, reports, and other documents. The office also tested controls over five critical applications at a trio of IRS sites and interviewed key security representatives and management officials.

Specifically, the IRS has corrected or mitigated 25 of the 73 information security weaknesses that the GAO reported as unresolved during its last review. Significant weaknesses in access controls and other information security controls continue to threaten the IRS’s financial and tax processing systems and information.

For example, while the IRS has improved password controls on its servers, it continues to use inadequate account lockout settings for Windows servers and inadequately verify employees’ identities against official IRS photo identification.

A primary reason for the weaknesses is that the IRS has not yet fully implemented its information security program. The GAO recommended, and the IRS agreed, that the agency-wide program -- that includes risk assessments, enhanced policies and procedures, security plans, training, adequate tests and evaluations, and a continuity of operations process for all major systems -- must be implemented.

The full report is available at www.gao.gov/new.items/d07364.pdf.

Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

WHAT KIND OF FIRM ARE YOU?
As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.