Office of Audit
ANNUAL ASSESSMENT OF THE INTERNAL REVENUE SERVICE’S INFORMATION TECHNOLOGY PROGRAM FOR FISCAL YEAR 2019
Final Report issued on September 27, 2019
Highlights of Reference Number: 2019-20-083 to the Commissioner of Internal Revenue.
IMPACT ON TAXPAYERS
In Fiscal Year 2018, the IRS collected approximately $3.5 trillion in Federal tax payments, processed approximately 253 million tax returns and other forms, and paid approximately $464 billion in refunds to taxpayers. In addition, the IRS employs approximately 78,700 people in its Washington, D.C., headquarters and its more than 530 offices in all 50 States, U.S. territories, and some U.S. embassies and consulates. The IRS relies extensively on computerized systems to support its financial and mission-related operations. Weaknesses within the IRS’s information technology program could result in computer operations that become compromised, disrupted, or outdated, which could adversely affect the IRS’s ability to meet its mission of providing America’s taxpayers with top-quality service by helping them understand and meet their tax responsibilities and enforcing the law with integrity and fairness to all.
WHY TIGTA DID THE AUDIT
The IRS Restructuring and Reform Act of 1998 requires TIGTA to annually assess and report on an evaluation of the adequacy and security of IRS information technology. Our overall objective was to assess the adequacy and security of the IRS’s information technology program.
WHAT TIGTA FOUND
The IRS has made progress in many information technology program areas, but additional improvements are needed. TIGTA and the Government Accountability Office identified a number of areas in which the IRS can more efficiently use its limited resources and make more informed business decisions. For example, in the area of system security and privacy of taxpayer data, TIGTA rated three of five Cybersecurity Framework functions as “effective.” However, taxpayer data will remain vulnerable to inappropriate and undetected use, modification, or disclosure until all areas of the IRS security program are fully implemented in compliance with the requirements of the Federal Information Security Modernization Act of 2014.
Problems were also reported in the IRS’s handling of the privacy of taxpayer data, system access controls, system environment security, disaster recovery, separation of duties, system security and privacy training, and system security documentation.
In our reviews of systems development and information technology operations, TIGTA found that the IRS completed extensive programming and systems changes in a compressed time frame and started the 2019 Filing Season on January 28, 2019, which is within the normal time frame.
However, TIGTA also found that inadequate governance of the Solaris® to Linux® migration project contributed to significant delays with total project costs of $56.2 million. Problems were also reported with the IRS’s information technology acquisitions, hardware and software asset management, governance and project management, information technology service and helpdesk requests, and risk management.
WHAT TIGTA RECOMMENDED
Because this report was an assessment report of the IRS’s information technology program based on TIGTA and Government Accountability Office reports issued during Fiscal Year 2019, TIGTA did not make any further recommendations.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
Phone Number / 202-622-6500
E-mail Address / TIGTACommunications@tigta.treas.gov
Website / https://www.treasury.gov/tigta