Government Technology

Report: IRS System Weaknesses Put Public Data at Risk



April 1, 2011 By

Vulnerabilities in IRS tax and financial processing systems endanger the private citizen information the systems contain, the Government Accountability Office (GAO) claimed in a March report.

The GAO identified 37 new weaknesses from fiscal 2010 when performing an annual audit of IRS systems. The findings were reported in IRS Needs to Enhance Internal Control over Financial Reporting and Taxpayer Data.

The new deficiencies cited by the GAO included unencrypted networks, outdated software, faulty access control protocols and employees with unnecessary access privileges.

“Our bottom line is that the IRS still needs to enhance the internal controls over their financial reporting and taxpayer data,” said Greg Wilshusen, the GAO’s director of information security issues. “We have found weaknesses in many of the areas in which we looked and the controls that we tested, and we found that these weaknesses continue to place financial and taxpayer information at risk.”

The situation for the IRS might actually be improving. Wilshusen said that the agency found 88 weaknesses two years ago. But he said the IRS had only remediated 23 of those previous 88 issues.

“They indicated they had corrected 39 of those [88 issues], and they told us which ones,” Wilshusen said. But the GAO claims that, in fact, 16 of the “corrected” vulnerabilities still remain. “That speaks to flaws in IRS’ verification and validation processes for assuring corrective actions.”

The IRS also has faulty procedures when it comes to testing the strength of internal policies and procedures. “We found that their tests were not comprehensive and that IRS did not identify many of the weaknesses that we identified during our testing,” Wilshusen said.

But Wilshusen did mention some positive steps the IRS has taken. The agency has provided security awareness training to all employees, including specialized training to those with significant security responsibilities.

The IRS didn't return calls for comment about the GAO's report.


You may use or reference this story with attribution and a link to
http://www.govtech.com/pcio/IRS-Weaknesses-Put-Public-Data-at-Risk.html


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

GovTech Papers and Case Studies View Library


Government Best Practices


Collaboration for the Public Sector


Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.

Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Today, thanks to new cloud technologies and high-quality networks, mobile video services - which provide not only cost savings but which help governmental interactions become more efficient - are more feasible than ever before.

Modernization as a Service: Acquiring IT through Innovative Procurement

Five Ways Collaboration is Driving Government Performance

Mobile Video Collaboration: The New Business Reality
 

Government Technology
Public CIO
Emergency Management
Digital Communities