TIGTA Seal graphic

Treasury Inspector General for Tax Administration

Press Release

December 4, 2012
TIGTA - 2012-68
Contact: David Barnes
(202) 622-3062

IRS Information Technology: Improvements Have Been Made But Risks Remain

WASHINGTON – The Internal Revenue Service (IRS) developed and implemented significant information technology (IT) capabilities over the past year, but needs to continue its efforts to deliver new systems and protect sensitive financial and taxpayer data, according to a new report publicly released today by the Treasury Inspector General for Tax Administration (TIGTA).

Every year, TIGTA reviews the IRS’s IT systems to perform an annual evaluation of the adequacy and security of IRS technology, as required by the IRS Restructuring and Reform Act of 1998 (RRA 98).

Since TIGTA’s 2011 assessment, the IRS implemented the daily processing and database implementation projects of the Customer Account Data Engine 2 and a new release of the Modernized e-File system.

TIGTA continues to believe that the IRS’s Modernization Program remains a major risk and that improved controls are needed to ensure long-term success for both of these key systems within the Program. Further, the development and implementation of new systems, which are needed to implement provisions of the Patient Protection and Affordable Care Act, introduce significant risk management challenges.

This annual IT Program assessment stresses the importance of continued improvements in the overall control environment, including processes and performance needed to ensure that IRS systems adequately meet all mission-critical requirements and goals for electronic tax administration.

“The IRS made significant progress in modernizing its system, but it must continue its efforts to ensure that its computer systems are effectively secured to protect sensitive financial and taxpayer data,” said J. Russell George, the Treasury Inspector General for Tax Administration.

TIGTA found that the IRS has made progress to improve information security and personnel safety; however, it needs to continue to place emphasis on information and physical security programs in order to ensure that policies, procedures, and practices adequately address security control weaknesses. TIGTA auditors identified weaknesses over system access controls, configuration management, audit trails, physical security, remediation of security weaknesses, and oversight and coordination on security related issues.

“Until the IRS addresses security weaknesses, it will continue to put the confidentiality, integrity, and availability of financial and taxpayer information and employee safety at risk,” Mr. George said.

Additionally, TIGTA found that the IRS needs to ensure that it leverages viable technological advances as it improves its overall operational environment. While the IRS implemented virtualization technology to continue to improve operational efficiency, additional improvements are needed.

Because the Fiscal Year 2012 annual assessment report was based primarily on previously issued reports from TIGTA and other oversight organizations, focusing on the IRS’s IT Program. TIGTA did not offer any new recommendations. IRS officials were provided with an opportunity to review and comment on the draft report.

Read the report.


Note: The difference between the date TIGTA issues an audit report to the Internal Revenue Service and the date TIGTA publicly releases the report is due to TIGTA's internal review process to ensure that public release is in compliance with Federal confidentiality laws.

A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.