TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

INSUFFICIENT ATTENTION HAS BEEN GIVEN TO ENSURE STATES PROTECT TAXPAYER INFORMATION

Issued on August 31, 2007

Highlights

Highlights of Report Number:  2007-20-134 to the Internal Revenue Service Chief, Mission Assurance and Security Services.

IMPACT ON TAXPAYERS

The Internal Revenue Service (IRS) provides taxpayers’ personal and financial information to agencies in all 50 States to assist them in carrying out their own tax administration responsibilities.  The IRS Safeguard Review program is responsible for ensuring the States provide adequate security over the information to prevent unauthorized disclosures that could be used for identity theft and other fraudulent activities.  Without an effective Safeguard Review program, the IRS has little assurance the information provided to the States is adequately protected and funds are prudently spent on contractor support.

WHY TIGTA DID THE AUDIT

TIGTA initiated this audit as a followup to a 2005 review that found security weaknesses over Federal tax information provided to State agencies.  The overall objective of this audit was to determine whether Federal tax information provided to third parties (in this case, State agencies) is protected from unauthorized access, use, and disclosure.  To accomplish this objective, TIGTA conducted followup tests to evaluate the effectiveness of the IRS’ actions to correct computer security weaknesses at State agencies detailed in the previous report.

WHAT TIGTA FOUND

Corrective actions to the prior report have not yet been taken or have not been effective to improve the scope of the Safeguard Reviews and to monitor corrective actions.  Also, the IRS is not timely reporting the results of its Safeguard Reviews to the States.  TIGTA attributes these weaknesses to the lack of management oversight.

During the course of the review, TIGTA became very concerned at the lack of management attention being directed to the Safeguard Review program.  As a result, TIGTA expanded the review to assess the administration of the contract with the contractor.  Controls over the contract were insufficient to ensure the Federal Government receives the services for which it contracted, on time, and in accordance with specifications.  Additional oversight for the contract is needed so the IRS can ensure it is prudently spending the $1.4 million designated annually for the Safeguard Review program.  Due to the poor contract oversight provided by the IRS, TIGTA requested additional documentation from the contractor.  TIGTA will report its assessment of the contractor documentation in a future Office of Audit document.

WHAT TIGTA RECOMMENDED

TIGTA recommended the Chief, Mission Assurance and Security Services, provide management oversight for the Safeguard Review program sufficient to ensure (1) test plans used during Safeguard Reviews are revised and consistent with IRS guidance, (2) the corrective action to the prior TIGTA report is reopened to ensure the development and implementation of a Plan of Action and Milestones process, (3) Safeguard Review results are provided timely to the States, (4) task orders clearly define deliverables for the contractor, and (5) contractor billings are monitored to ensure funds are prudently spent.

In response to the report, IRS officials agreed with the recommendations.  Planned corrective actions include (1) initiating additional changes to the guidance provided to State agencies to stagger reporting deadlines and incorporating additional guidance for executing test plans, (2) implementing a Plan of Action and Milestones process, (3) developing a monthly monitoring plan to track reports and ensuring followup actions have been timely taken, (4) assigning a dedicated task representative to oversee the contractor’s work, and (5) performing monthly contract reviews to ensure the accuracy of the invoices and that work authorized is completed in accordance with the work requests.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:  

http://www.treas.gov/tigta/auditreports/2007reports/200720134fr.html.

Email Address:   Bonnie.Heald@tigta.treas.gov

Phone Number:   202-927-7037

Web Site:   http://www.tigta.gov