Treasury Inspector General for Tax Administration
October 20, 2009
Contact: Li-Yun Chien
The Treasury Inspector General for Tax Administration (TIGTA) today publicly released its review of the Internal Revenue Service's (IRS) procedures for ensuring that questionable access by employees to taxpayer information stored in the IRS's Integrated Data Retrieval System (IDRS) are reviewed by IRS management.
The IDRS is used by approximately 50,000 IRS employees to process taxpayer data. IDRS managers must review, certify and respond to security reports about questionable access to taxpayer accounts. While national averages of report certification rates have improved, the IRS did not ensure that all managers in IDRS business divisions reviewed and certified the security reports they received.
The IRS requires IDRS managers to maintain at least a 90 percent certification rate. Approximately 33 percent (816) of all IDRS managers did not meet this requirement.
"Until the process for certifying IDRS security reports is improved, the IRS cannot ensure that taxpayer accounts are fully protected from unauthorized access by IRS employees," commented J. Russell George, the Treasury Inspector General for Tax Administration.
TIGTA recommended that the IRS:
IRS officials agreed with TIGTA's recommendations and plan to take actions, and the Deputy Commissioners plan to issue a joint memorandum reiterating IDRS security program policy requirements.
To view the report, including the scope, methodology, and full IRS response, go to: http://www.treas.gov/tigta/auditreports/2009reports/200920119fr.pdf.
A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.