GAO Finds Continued Weakness at IRS | AccountingWEB

GAO Finds Continued Weakness at IRS

The U.S. General Accounting Office (GAO) reported this week that while the Internal Revenue Service (IRS) has made “important” progress toward improving its security and implementing an information security program, weaknesses continue to pose a risk to taxpayer data.

GAO’s report, "Progress Made, But Weaknesses at the Internal Revenue Service Continue to Pose Risks," states that the "confidentiality, integrity and availability of sensitive systems and taxpayer data" are at risk. The report further found that the agency’s implementation of "logical internal controls — those designed to ensure that only authorized individuals can read, alter or delete data — has been inconsistent and accounts for three quarters of the 765 general control weaknesses found at the 11 facilities reviewed."

As part of its annual audits of IRS financial statements, GAO looked at the effectiveness of information security controls at some IRS facilities and over some applications — controls intended to protect agency systems and taxpayer data. The GAO website states, "Because the detailed reports that followed these reviews contained sensitive information and could have been detrimental to government if released to the public, they were issued only to the IRS and congressional requesters. This public report is based on 18 such reports issued during the three-year period, ending July 31, 2002. Although it does not identify specific IRS facilities or applications, the report does provide GAO’s assessment of the overall effectiveness of IRS’s information security."

In this week’s report, GAO recommends the IRS implement an effective agencywide information security program with the Commissioner of Internal Revenue directing the chief information officer and the senior management official for each operating division to:

  • Assess risks and evaluate security needs;
  • Establish and implement adequate policies and controls;
  • Enhance security awareness and training; and
  • Monitor the effectiveness of controls and mitigate known weaknesses as detailed in the report.

GAO said that the IRS generally agreed with the report and its recommendations. "IRS management is committed to completing such an agencywide program," stated the GAO report. "Until it does, however, IRS will remain at heightened risk of access to critical data by unauthorized persons — individuals who could obtain personal taxpayer data to perpetuate identity theft and commit financial crimes."

Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

WHAT KIND OF FIRM ARE YOU?
As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.