TREASURY INSPECTOR GENERAL FOR TAX
ADMINISTRATION
INSUFFICIENT ATTENTION HAS BEEN GIVEN
TO ENSURE STATES PROTECT TAXPAYER INFORMATION
Issued on August 31, 2007
Highlights
Highlights of
Report Number: 2007-20-134 to the
Internal Revenue Service Chief,
IMPACT ON TAXPAYERS
The Internal Revenue Service (IRS)
provides taxpayers’ personal and financial information to agencies in all 50
States to assist them in carrying out their own tax administration
responsibilities. The IRS Safeguard
Review program is responsible for ensuring the States provide adequate security
over the information to prevent unauthorized disclosures that could be used for
identity theft and other fraudulent activities.
Without an effective Safeguard Review program, the IRS has little
assurance the information provided to the States is adequately protected and
funds are prudently spent on contractor support.
WHY TIGTA DID THE AUDIT
TIGTA
initiated this audit as a followup to a 2005 review that found security
weaknesses over Federal tax information provided to State agencies. The overall objective of this audit was to
determine whether Federal tax information provided to third parties (in this
case, State agencies) is protected from unauthorized access, use, and
disclosure. To accomplish this
objective, TIGTA conducted followup tests to evaluate the effectiveness of the
IRS’ actions to correct computer security weaknesses at State agencies detailed
in the previous report.
WHAT
TIGTA FOUND
Corrective actions
to the prior report have not yet been taken or have not been effective to
improve the scope of the Safeguard Reviews and to monitor corrective
actions. Also, the IRS is not timely
reporting the results of its Safeguard Reviews to the States. TIGTA attributes these weaknesses to the lack
of management oversight.
During the
course of the review, TIGTA became very concerned at the lack of management
attention being directed to the Safeguard Review program. As a result, TIGTA expanded the review to assess
the administration of the contract with the contractor. Controls over the contract were insufficient
to ensure the Federal Government receives the services for which it contracted,
on time, and in accordance with specifications.
Additional oversight for the contract is needed so the IRS can ensure it
is prudently spending the $1.4 million designated annually for the Safeguard
Review program. Due to the poor contract
oversight provided by the IRS, TIGTA requested additional documentation from
the contractor. TIGTA will report its
assessment of the contractor documentation in a future Office of Audit
document.
WHAT TIGTA RECOMMENDED
TIGTA
recommended the Chief, Mission Assurance and Security Services, provide
management oversight for the Safeguard Review program sufficient to ensure (1) test
plans used during Safeguard Reviews are revised and consistent with IRS
guidance, (2) the corrective action to the prior TIGTA report is reopened to
ensure the development and implementation of a Plan of Action and Milestones
process, (3) Safeguard Review results are provided timely to the States, (4) task
orders clearly define deliverables for the contractor, and (5) contractor
billings are monitored to ensure funds are prudently spent.
In
response to the report, IRS officials agreed with the recommendations. Planned corrective actions include (1) initiating
additional changes to the guidance provided to State agencies to stagger
reporting deadlines and incorporating additional guidance for executing test
plans, (2) implementing a Plan of Action and Milestones process, (3) developing
a monthly monitoring plan to track reports and ensuring followup actions have
been timely taken, (4) assigning a dedicated task representative to oversee the
contractor’s work, and (5) performing monthly contract reviews to ensure the
accuracy of the invoices and that work authorized is completed in accordance
with the work requests.
READ THE
FULL REPORT
To view the report,
including the scope, methodology, and full IRS response, go to:
http://www.treas.gov/tigta/auditreports/2007reports/200720134fr.html.
Email
Address: Bonnie.Heald@tigta.treas.gov
Phone Number: 202-927-7037
Web Site:
http://www.tigta.gov