WHILE RENOWNED FOR ITS FORENSICS CAPABILITIES, THE DIGITAL EVIDENCE PROGRAM FACES CHALLENGES AND NEEDS MORE CONTROLS

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

While Renowned for Its Forensics Capabilities, the Digital Evidence Program Faces Challenges and Needs More Controls

Issued on April 30, 2008

Highlights

Highlights of Report Number: 2008-10-106 to the Internal Revenue Service Chief, Criminal Investigation.

IMPACT ON TAXPAYERS

While the Criminal Investigation (CI) Division Electronic Crimes Program (E-Crimes) enjoys an excellent reputation throughout the law enforcement community for digital evidence forensics, the absence of some Program-level processing controls has created risks that could compromise investigations in worst-case scenarios. As the volume of digital evidence significantly increases, the Internal Revenue Service (IRS) must ensure that it treats this evidence properly and consistently to secure its continued admissibility in court.

WHY TIGTA DID THE AUDIT

This audit is related to the Major Management Challenges of tax compliance initiatives and taxpayer protection and rights. The overall objective of this review was to determine whether E-Crimes properly controlled the collection and timely analysis of digital evidence in support of IRS special agents.

WHAT TIGTA FOUND

E-Crimes has not established some common and necessary internal controls over digital evidence seized during investigations. For example, digital evidence is not backed up offsite, computer investigative specialist (CIS) agents are not required to keep a detailed record of their activities relating to an investigation, and digital or physical evidence in the possession of CIS agents is not periodically validated.

While our audit objective did not include a detailed assessment of the IRS’ forward-looking strategies to maintain and advance the E-Crimes digital evidence program, TIGTA identified issues that could become problematic without management’s attention, as demand for E‑Crimes’ services increases.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the Director, Electronic Crimes, protect digital evidence by 1) implementing a near-term disaster avoidance plan for digital data, 2) developing effective quality control guidelines and documentation standards for the forensic process, and 3) clarifying the role of the management information system as an evidence inventory control subject to periodic validation. In addition, TIGTA recommended that the Chief, Criminal Investigation, assess challenges to maintaining and advancing the digital evidence program by 1) testing the option of using non-law enforcement positions to benefit the field office role, 2) assigning responsibility to a task force or project management team regarding development of and contingency management for non-technological aspects of technology modernization, and 3) continuing to assess the span of control for first-line supervisors as the recently approved direct-line authority is implemented and experienced.

In their response to the report, IRS officials agreed with five of our six recommendations and partially agreed with one recommendation. The CI Division plans to, 1) establish policy directives to require periodic validation of evidence data, 2) review its standard operating procedures annually and develop documentation standards to include in future policy directives, 3) monitor, re-evaluate, and adjust the span of control for the newly created direct-line supervisory positions as needed, and 4) ensure that project management teams for the information technology infrastructure project remain in compliance with the risk management process.

In two instances, TIGTA does not believe that the CI Division’s corrective actions address the concerns in our recommendations. The CI Division believes that the information technology infrastructure project is near-term enough to facilitate the disaster avoidance plan we recommended. Funding for this project was scheduled for Fiscal Years 2009 and 2010, but funding for technology initiatives is dependent on the budget and might be at risk of not being fully approved. In addition, the CI Division continues to believe that its current model of having experienced agents as CIS agents is most prudent for field offices. However, if the option of blending non-law enforcement personnel with experienced agents in the field is not piloted, CI Division management will be missing a valuable opportunity to maximize resources and minimize the risk of continued conversion of experienced special agents to CIS agents, thus exacerbating staff attrition concerns.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:

http://www.treas.gov/tigta/auditreports/2008reports/200810106fr.html.

Email Address: inquiries@tigta.treas.gov

Phone Number: 202-622-6500

Web Site: http://www.tigta.gov