Information security failings are making it impossible for the U.S. Internal Revenue Service (IRS) to get its financial house in order and could be putting taxpayers’ sensitive information at risk, according to a financial audit of the agency by the Government Accountability Office (GAO).
Deficiencies in information security continued to constitute material weaknesses in the IRS’s internal control over the 2011/2010 fiscal year, as the IRS made only meager progress addressing security concerns identified in previous audits. In fact, the GAO estimates that the IRS corrected only 15 percent of the 105 previous security related recommendations from previous reviews.
The IRS, a bureau of the Department of Treasury, is the nation’s tax collection agency. Past audits have revealed that it has difficulty maintaining control over and access to automated systems and software it uses to process financial transactions, produce internal and external financial reports, and safeguard related sensitive information.
The “IRS was limited in its ability to provide reasonable assurance that… proprietary financial and taxpayer information was appropriately safeguarded,” the GAO found.
According to the (137 page) audit[pdf], the GAO claims that material weaknesses in security limited the IRS’s ability to reasonably ensure that financial statements are fairly presented in conformity with generally accepted accounting principles, that financial information relied upon by management in day-to-day decision making is current, complete, and accurate, and that proprietary data being processed by automated systems is appropriately safeguarded.
“These issues increase the risk of unauthorized individuals accessing, altering, or abusing proprietary IRS programs and electronic data and taxpayer information,” reads the report.
This audit more-or-less confirms what we already know about the IRS (and humans in general for that matter), the US’s tax-collecting agency has a lot of work to do when it comes to securing tax-payer data.