Treasury Inspector General for Tax Administration
July 28, 2011
TIGTA - 2011-41
Contact: Karen Kraushaar
WASHINGTON -- The Internal Revenue Service (IRS) should take steps to limit employee access to sensitive information about taxpayer bankruptcy petitions, a new report from the Treasury Inspector General for Tax Administration (TIGTA) concludes.
The IRS is notified of bankruptcy cases because taxpayers are required to list their creditors and liabilities when filing for bankruptcy protection. The IRS inputs the taxpayers’ sensitive information into its Automated Insolvency System (AIS) to track the legal requirements for dealing with the taxpayers and to protect the Government’s financial interests.
At the IRS’s request, TIGTA reviewed whether the IRS sufficiently limits employee access to protect taxpayers’ personal data and to ensure that the Government’s interest is protected when taxpayers file for bankruptcy.
Although some AIS access controls are in place, such as the automatic lockout control and password complexity settings, TIGTA found that other required access controls have not been implemented or are not operating effectively.
TIGTA found many IRS employees have excessive privileges on the AIS. Managers did not ensure duties were adequately segregated among employees to prevent and detect unauthorized activities. Also, AIS’s inadequate access control scheme caused managers to inadvertently grant unneeded, excessive privileges to employees.
Additionally, TIGTA found that some significant actions taken by employees on taxpayers’ bankruptcy cases are not logged. This prevents managers from determining which employee changed a taxpayer’s bankruptcy case or the IRS’s Proof of Claim and what changes were made.
“While TIGTA did not find errors or indications of fraud during its review, excessive employee privileges on the AIS increase the risks that errors, fraud, or unauthorized activities could be performed by employees acting alone or in collusion with others,” said J. Russell George, the Treasury Inspector General for Tax Administration.
TIGTA made six recommendations to the IRS to limit access to the AIS to only those employees with a business need.
The IRS agreed with the recommendations and is taking corrective actions.
Read the report.
A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.