A new audit by the Treasury Inspector General for Tax Administration has found security weaknesses on each of the three computer systems it reviewed in the Office of Research, Analysis and Statistics.
TIGTA found that the weaknesses increase the risks of unauthorized disclosure of taxpayer data and significant disruption to computer operations. The audit was initiated as part of TIGTA’s statutory requirement to annually review the adequacy and security of IRS technology.
Information technology personnel in the RAS organization manage computer systems that users query to obtain taxpayer data. TIGTA found that managers and system administrators had not placed sufficient emphasis on maintaining the security and privacy of the taxpayer data they were charged with protecting.
TIGTA recommended a number of proposals, including the designation of a security officer to monitor compliance with IRS security requirements and remind managers and employees of their security responsibilities, and requiring system administrators to ensure that all system access controls are followed and to follow up on identified security weaknesses so they are corrected in a timely manner. IRS officials agreed with the findings and recommendations and reported they have already taken many corrective actions to address the recommendations.
