TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
THE INTERNAL REVENUE SERVICE
ADEQUATELY PROTECTED SENSITIVE DATA AND RESTORED COMPUTER OPERATIONS AFTER THE
FLOODING OF ITS
Issued on January 26, 2007
Highlights of Report Number 2007-20-023, to the Internal Revenue Service Chief, Agency-Wide Shared Services.
IMPACT ON TAXPAYERS
flooding disaster at the Internal Revenue Service (IRS) Headquarters building
WHY TIGTA DID THE AUDIT
was initiated because the Senate Finance Committee requested that the Treasury
Inspector General for Tax Administration (TIGTA) determine the extent and
nature of disruption to the IRS operations and identify the functions most
affected by the flooding disaster of the IRS Headquarters building. The flooding occurred when a rare tropical
deluge over the
The TIGTA initiated three audits to answer concerns about the flooding disaster. The objective of this review was to evaluate the actions taken by the IRS in response to the flooding of its Headquarters building. Specifically, our audit determined whether the IRS adequately protected data and computer operations and sufficiently recovered its computer systems and data damaged or disrupted by the flooding. The objectives of the other reviews relate to general business resumption efforts and determining the costs related to the flooding disaster.
WHAT TIGTA FOUND
Taxpayer data stored in the entire building were adequately protected against the risk of unauthorized access. In addition, destroyed taxpayer data stored in the basement were properly protected and disposed of.
A little more than 1 month after the flooding, the Agency-Wide Shared Services
had completed workstation space arrangements for displaced employees in 15
different locations in the
In addition, the Modernization and Information Technology Services organization restored computer infrastructure operations that existed in the Headquarters building prior to the flooding. Critical servers were moved from the Headquarters building to other IRS facilities and restored for availability to employees within 2 weeks after the flooding. We commend the efforts of the IRS and believe the actions taken by the IRS minimized the disruption caused by the flooding disaster.
However, computer assets were removed from the building before an asset tracking system was put in place and a physical inventory validation of computer assets remaining in the building could not be performed while the building was closed.
WHAT TIGTA RECOMMENDED
The Chief, Agency-Wide Shared Services, should ensure the Incident Management Plans for all IRS locations include the implementation of an asset tracking system and related processes immediately after a disaster.
In their response to the report, IRS officials agreed with our findings and have taken appropriate corrective actions to our recommendation.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response go to:
Email Address: Bonnie.Heald@tigta.treas.gov
Phone Number: 202-927-7037
Web Site: http://www.tigta.gov