Remember meForgot password?
    Log in with Twitter

article imageGAO audit says IRS has lapses in security for taxpayer data

By Leigh Goessl     Nov 13, 2011 in Technology
A new report issued by the U.S. Government Accountability Office (GAO) has determined through an annual audit that the Internal Revenue Service (IRS) is not doing enough to protect the sensitive data that streams through its offices.
According to GAO, the IRS has not initiated a high enough level of protection to secure taxpayer data and hasn't done enough to prevent "unauthorized users" from accessing that information the Associated Press reports (courtesy of Fox News).
GAO acknowledges the IRS did make some strides in addressing previously identified weaknesses in the agency's internal controls, however says the IRS has a way to go in securing their systems because "many of these issues continued to persist during fiscal year 2011" and the auditing agency sees "increased risk of compromising confidential IRS and taxpayer information."
The auditing agency says 182 recommendations to the IRS remain open at the time the report was written. While some files are encrypted now, the AP report makes note the GAO says with some sensitive data, encryption is still not being applied.
Areas identified as containing "material weakness" in the IRS' information security controls as said by GAO to "limit IRS ability" to offer reasonable assurance that:
• Financial statements are presented fairly
• Information is current, complete and accurate; weaknesses in this area can impede IRS ability to make sound day-to-day decisions
• Information systems, and the proprietary information processed by automation, is "appropriately safeguarded." If not properly secured, these problems "increase the risk of inappropriate access, alteration, or abuse of proprietary IRS programs and electronic data and taxpayer information."
GAO's concerns are the tax agency cannot effectively provide "reasonable assurance" that losses and misstatements would not be prevented, detected or corrected in a timely fashion.
US News reported earlier this year the IRS said it will need, with the implementation of President Obama's new healthcare reforms, "a battalion of 1,054 new auditors and staffers and new facilities at a cost to taxpayers of more than $359 million in fiscal 2012 just to watch over the initial implementation" of the new mandate. Additionally the Affordable Care Act (ACA) will require new IT systems, modifications to current information systems and other adjustments to meet standards.
The IRS said in its Service Fiscal Year 2012 Budget Request, "Implementation of the Affordable Care Act of 2010 presents a major challenge to the IRS. ACA represents the largest set of tax law changes in more than 20 years, with more than 40 provisions that amend the tax laws."
Based on the GAO's findings and the IRS 2012 Budget Request, what will the consequences be on what is already burdened and complex agency that currently isn't up to par in its security standards once the ACA kicks in full speed? The US News piece speculated that this request is "just the beginning, since the new healthcare program is evolving and won't be fully implemented until about 2014."
Nowadays corporate governance and information security are a much higher priority than in days past. The risks associated with financial and identity theft still persist and, in the case of the IRS, most of the data traveling through the agency is highly sensitive.
Data collection and compilation has increasingly gone digital, and in many ways automation is a more secure way of conducting operations because there is a virtual trail and digital footprints along the way. However using computerized systems do open up security holes, especially when not secured properly, which can lead to a serious data compromise. Additionally the 'hard copy' returns that taxpayers submit annually also require meticulous security as a breach can occur if documents are lost or exposed in some other fashion.
In a nutshell, information security is an area of operations that needs consistent attention in this day and age.
The full GAO finding can be found in the detailed report.
More about Irs, Internal revenue service, information security, gao, United States
More news from
Latest News
Top News