While the Internal Revenue Service has made progress in implementing a solution to its audit trail deficiencies, it still needs to strengthen its controls, according to a new report.

The report -- the result of an audit by the Treasury Inspector General for Tax Administration -- said that improvements are needed to ensure that new information systems are deployed with compliant audit trails, and that identified deficiencies are corrected in a timely fashion.

Specifically, TIGTA said that the IRS needs to strengthen controls in its new systems development and deficiency remediation processes to improve the number and quality of its audit trails. It found that not all IRS systems in development in recent years had audit trail requirements adequately assessed prior to deployment. Of those for which an audit plan was completed during the development process, most were not transmitting audit trails in accordance with IRS requirements when deployed.  TIGTA also found that system owners were not timely entering identified audit trail deficiencies into plans of action and milestones to ensure proper tracking and remediation. 

Audit trails have long been an issue for the IRS, according to TIGTA; the service reported them as an “area of material weakness” as far back as 1997, and as recently as 2012. The service established an office to coordinate an enterprise solution for the problem, and TIGTA’s audit was initiated to evaluated its efforts to implement effective audit trails for new systems that store and process taxpayer data, and to track and correct identified deficiencies in existing audit trails.

As a result of the audit, TIGTA recommended that the IRS’s chief technology officer:

  • Amend procedures to ensure that systems in development are evaluated for audit trail requirements in a timely manner;
  • Ensure that the document which new system owners must complete prior to transmitting audit trails is included as one of the required systems development documents;
  • Revise guidance to clearly state system owner responsibility for audit trails, including the requirement for addressing identified audit trail deficiencies in a timely manner; and,
  • Ensure that appropriate annual testing of audit trail controls is conducted and any identified deficiencies are reported.

The IRS agreed with the recommendations, except the first, to which it partially agreed. 
The full report is available online.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access