IRS used extra funding for cybersecurity and identity theft protection

Register now

The Internal Revenue Service spent the extra $290 million appropriated by Congress last year to improve taxpayer service and cybersecurity and safeguard against identity theft, according to a new report.

The report, from the Treasury Inspector General for Tax Administration, analyzed how the IRS used $106.4 million of the extra funding for cybersecurity and identity theft prevention. TIGTA found the IRS adequately tracked and monitored and appropriately spent the additional funding. The IRS allocated around $91.8 million of the $290 million to safeguard taxpayer data through cybersecurity enhancements. Of the $91.8 million, approximately $71.7 million was obligated in fiscal year 2016, and the remaining $20.1 million dedicated for use in fiscal year 2017.

The extra cybersecurity funding supported network security improvements, more effective monitoring of data traffic, replacement of outdated equipment, and protection of taxpayer data from unauthorized access by identity thieves.

TIGTA looked at the supporting contracts and invoices for 48 requisitions within nine cybersecurity funding categories and found the dates, work descriptions and dollar amounts were adequately supported and correctly assigned to the appropriated funding account.

In addition, the IRS allocated about $14.6 million to identity theft operations support to help protect taxpayers against identity theft and tax refund fraud by collaborating with some of the leading tax preparation firms, software developers, payroll and tax financial product processors, and state tax administrators, much of it through its Security Summit initiative. All those funds were obligated and spent in fiscal year 2016. The funding also went to support a web-based authentication application, enabling taxpayers to provide proof of identity and increase the efficiency of case resolution of the IRS's Taxpayer Protection Program.

TIGTA also found that 20 requisitions related to actions from the Security Summit and the relaunch of its Get Transcript online application, which had been breached by hackers and needed to be temporarily shut down, were adequately supported. The requisitions included transaction dates, descriptions of the work, and dollar amounts, correctly identifying the appropriated funding account.

TIGTA didn’t make any recommendations in the report, but IRS officials reviewed a draft version of it and agreed with the facts it presented.

For reprint and licensing requests for this article, click here.