Treasury Inspector General for Tax Administration
August 6, 2009
Contact: Li-Yun Chien
The Treasury Inspector General for Tax Administration (TIGTA) today publicly released its audit report on the Internal Revenue Service's (IRS's) controls over computer system access by contractors.
TIGTA concluded that the IRS needs to improve its methods of controlling contractors' access to its computer systems. From a sample of seven IRS computer systems, TIGTA found that 53 of 376 contractors who had active user accounts did not have a business need for having access to those systems. Contractors with unnecessary access to IRS computer systems included several whose job duties or access privileges had changed and who no longer needed system access as well as those whose contracts with the IRS had terminated.
"When contractors are allowed to have unnecessary access to IRS computer systems, the risk of exposing taxpayer data to unauthorized disclosure and disrupting system operations is substantially increased," commented J. Russell George, the Treasury Inspector General for Tax Administration.
TIGTA recommended that the IRS take several steps to ensure the privacy of taxpayer information. These recommendations included revoking contractors' system access immediately upon termination of their contracts, enforcing current policies and procedures that disable or delete user accounts when they are not accessed for an appropriate number of days, and not granting system access until a contractor or employee has successfully completed a background investigation.
The IRS agreed with all of TIGTA's recommendations and has identified corrective actions that will be implemented to limit improper contractor access to IRS computer systems.To view this report, including the scope, methodology, and full IRS response, go to: https://www.treasury.gov/tigta/auditreports/2009reports/200920108fr.pdf.
A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.