GAO Finds Continued Weakness at IRS

The U.S. General Accounting Office (GAO) reported this week that while the Internal Revenue Service (IRS) has made “important” progress toward improving its security and implementing an information security program, weaknesses continue to pose a risk to taxpayer data.

GAO’s report, "Progress Made, But Weaknesses at the Internal Revenue Service Continue to Pose Risks," states that the "confidentiality, integrity and availability of sensitive systems and taxpayer data" are at risk. The report further found that the agency’s implementation of "logical internal controls — those designed to ensure that only authorized individuals can read, alter or delete data — has been inconsistent and accounts for three quarters of the 765 general control weaknesses found at the 11 facilities reviewed."

As part of its annual audits of IRS financial statements, GAO looked at the effectiveness of information security controls at some IRS facilities and over some applications — controls intended to protect agency systems and taxpayer data. The GAO website states, "Because the detailed reports that followed these reviews contained sensitive information and could have been detrimental to government if released to the public, they were issued only to the IRS and congressional requesters. This public report is based on 18 such reports issued during the three-year period, ending July 31, 2002. Although it does not identify specific IRS facilities or applications, the report does provide GAO’s assessment of the overall effectiveness of IRS’s information security."

In this week’s report, GAO recommends the IRS implement an effective agencywide information security program with the Commissioner of Internal Revenue directing the chief information officer and the senior management official for each operating division to:

  • Assess risks and evaluate security needs;
  • Establish and implement adequate policies and controls;
  • Enhance security awareness and training; and
  • Monitor the effectiveness of controls and mitigate known weaknesses as detailed in the report.

GAO said that the IRS generally agreed with the report and its recommendations. "IRS management is committed to completing such an agencywide program," stated the GAO report. "Until it does, however, IRS will remain at heightened risk of access to critical data by unauthorized persons — individuals who could obtain personal taxpayer data to perpetuate identity theft and commit financial crimes."

You may like these other stories...

Could the IRS disallow Ice Bucket Challenge charitable contributions?Unless you’ve been living under a rock, you’ve probably heard of – or participated in – the ALS Ice Bucket Challenge.I was...
As a general rule, a taxpayer can deduct the full amount of monetary contributions made to a qualified charitable organization, as long as certain substantiation requirements are met. These donations are typically made...
Hertz withdraws full-year forecast, cites accounting review, challengesRental car company Hertz Global Holdings Inc. said on Tuesday it is withdrawing its full-year financial forecast and expects 2014 results to be “...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.