TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

THE INTERNAL REVENUE SERVICE ADEQUATELY PROTECTED SENSITIVE DATA AND RESTORED COMPUTER OPERATIONS AFTER THE FLOODING OF ITS HEADQUARTERS BUILDING

Issued on January 26, 2007

Highlights

Highlights of Report Number 2007-20-023, to the Internal Revenue Service Chief, Agency-Wide Shared Services.

IMPACT ON TAXPAYERS

The flooding disaster at the Internal Revenue Service (IRS) Headquarters building in Washington, D.C., could have resulted in the loss of taxpayer data and disruption in computer operations.  However, due to preparatory and responsive actions, the IRS adequately protected sensitive data in the aftermath of the flooding and restored computer operations for its Headquarters employees.

WHY TIGTA DID THE AUDIT

This audit was initiated because the Senate Finance Committee requested that the Treasury Inspector General for Tax Administration (TIGTA) determine the extent and nature of disruption to the IRS operations and identify the functions most affected by the flooding disaster of the IRS Headquarters building.  The flooding occurred when a rare tropical deluge over the Washington, D.C., metropolitan area on June 24 and 25, 2006, unleashed floods of water that swamped the Federal Triangle area of the nation’s capital.  An estimated 3 million gallons of water were removed from the basement and subbasement of the IRS Headquarters building.  Although the upper levels of the building were not flooded, the entire building was closed for repairs, requiring more than 2,200 employees to be assigned to alternate locations.

The TIGTA initiated three audits to answer concerns about the flooding disaster.  The objective of this review was to evaluate the actions taken by the IRS in response to the flooding of its Headquarters building.  Specifically, our audit determined whether the IRS adequately protected data and computer operations and sufficiently recovered its computer systems and data damaged or disrupted by the flooding.  The objectives of the other reviews relate to general business resumption efforts and determining the costs related to the flooding disaster.

WHAT TIGTA FOUND

Taxpayer data stored in the entire building were adequately protected against the risk of unauthorized access.  In addition, destroyed taxpayer data stored in the basement were properly protected and disposed of.

A little more than 1 month after the flooding, the Agency-Wide Shared Services Division had completed workstation space arrangements for displaced employees in 15 different locations in the District of Columbia, Maryland, and Virginia.  Within the same time period, the Modernization and Information Technology Services organization had located unassigned computers for those employees without computers, configured the computers to fit each employee’s needs, and provided technical support to allow employees to reconnect to the IRS network.

In addition, the Modernization and Information Technology Services organization restored computer infrastructure operations that existed in the Headquarters building prior to the flooding.  Critical servers were moved from the Headquarters building to other IRS facilities and restored for availability to employees within 2 weeks after the flooding. We commend the efforts of the IRS and believe the actions taken by the IRS minimized the disruption caused by the flooding disaster.

However, computer assets were removed from the building before an asset tracking system was put in place and a physical inventory validation of computer assets remaining in the building could not be performed while the building was closed.

WHAT TIGTA RECOMMENDED

The Chief, Agency-Wide Shared Services, should ensure the Incident Management Plans for all IRS locations include the implementation of an asset tracking system and related processes immediately after a disaster.

In their response to the report, IRS officials agreed with our findings and have taken appropriate corrective actions to our recommendation.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response go to:

http://www.treas.gov/tigta/auditreports/2007reports/200720023fr.html.

 

Email Address:   Bonnie.Heald@tigta.treas.gov

Phone Number:   202-927-7037

Web Site:   http://www.tigta.gov