Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk

Citation
Government Accountability Office, Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk (GAO-14-405) (Apr. 8, 2014) (full-text).

Overview
The IRS has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect the financial and sensitive taxpayer information that resides on those systems.

As part of its audit of the IRS's fiscal years 2013 and 2012 financial statements, GAO assessed whether controls over key financial and tax processing systems are effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information. To do this, the GAO examined IRS information security policies, plans, and procedures; tested controls over key financial applications; and interviewed key agency officials at six sites.

The GAO recommended that the IRS take three actions to more effectively implement portions of its information security program. In a separate report with limited distribution, the GAO recommends that the IRS take 23 specific actions to address identified control weaknesses.