Treasury Inspector General for Tax Administration
November 6, 2012
TIGTA - TIGTA - 2012-64
Contact: David Barnes
WASHINGTON -- The Internal Revenue Service (IRS) is working to correct weaknesses in its ability to determine whether its employees are inappropriately accessing taxpayer data, but can and should do more, according to a report publicly released today by the Treasury Inspector General for Tax Administration (TIGTA).
An audit trail – a record showing who has accessed a computer system and what operations he or she has performed during a given period of time -- is a key component of information technology security. Audit trails are useful both for maintaining security and for recovering lost transactions. Most accounting systems and database management systems include an audit trail component which documents events occurring on a computer from system and application processes, as well as from user activity. At the IRS, the trails are used to determine whether inappropriate activity, such as unauthorized access (UNAX) to taxpayer data, is occurring.
Due to the sensitive nature of tax return information, Section 6103 of the Internal Revenue Code and the Taxpayer Browsing Protection Act of 1997 require the IRS to detect and monitor UNAX and disclosure of taxpayer records. The willful unauthorized access or inspection of taxpayer records is a crime punishable upon conviction by fines, prison terms, and termination of employment.
TIGTA reviewed the IRS’s efforts to implement effective UNAX audit trails for information systems that store and process taxpayer data.
TIGTA found that the IRS has created a central system to store data trails and is educating employees on the type of information it needs to investigate potential UNAX. However, it needs to improve its processes for ensuring that audit trails effectively support UNAX investigations and allow IRS management to identify noncompliant activity and hold employees accountable.. Additionally, audit trail documentation does not require the collection of sufficient information.
“Unauthorized access to taxpayer records by IRS employees is a very serious offense, and the IRS must do everything in its power to make sure that it collects sufficient information to detect, monitor, and properly investigate all such activity,” said J. Russell George, Treasury Inspector General for Tax Administration. TIGTA recommended a series of improvements to IRS processes. IRS officials agreed to improve processes to test audit trail data but disagreed with TIGTA recommendations to collect additional information.
Read the report.
Note: The difference between the date TIGTA issues an audit report to the Internal Revenue Service and the date TIGTA publicly releases the report is due to TIGTA's internal review process to ensure that public release is in compliance with Federal confidentiality laws.
A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.