IRS preps Hill for draft TSM follow-on
- By Elana Varon
- Apr 13, 1997
Amidst renewed concerns about agency security systems and policies the Internal Revenue Service plans to release next month a draft of its plan to put a new prime contractor at the helm of the future computer program.
The draft will be submitted 10 weeks ahead of a deadline set by Congress. Treasury Department deputy secretary Lawrence Summers told the Senate Governmental Affairs Committee last week that the early delivery of the draft solicitation is one piece of evidence that the tax agency is changing how it manages technology. He added that the agency is "on track" to provide a comprehensive blueprint of a revamped Tax Systems Modernization program along with the proposed procurement.
But lawmakers remain skeptical about IRS modernization plans even though they acknowledge that new information systems are critical to improving the agency's operations. Modernization "is the long pole in the tent because it impacts on the other problems we're talking about " said Sen. Fred Thompson (R-Tenn.) the panel chairman. But Thompson said he wanted more proof that the IRS had improved its "hands-on" management of the multibillion-dollar program.
"I hope we're on the right track " said Sen. John Glenn (D-Ohio) the ranking minority member of the committee likening the agency's modernization efforts to "sailing a paper airplane into the Grand Canyon."Treasury promised last year that it would improve its modernization management in part by assigning a vendor to take charge of integrating the program's systems. Although the agency has a $300 million integration contract with TRW Inc. the firm has no control over the work done by vendors building individual systems. Those vendors report to the IRS and officials concluded this arrangement has made systems development hard to manage. Criticism of TSM has included complaints about IRS oversight.Among other problems legislators have seized upon are continuing weaknesses in security systems and policies. A General Accounting Office report released last week said inadequate computer system security "continues to place taxpayer data and IRS' automated information systems at risk to both internal and external threats."
GAO said "serious and persistent" weaknesses include controls over access to systems and transmission of data. But the version of the report that was made public did not include the most alarming deficiencies because GAO chief scientist Rona Stillman testified "disclosure in a public forum would increase [the agency's] vulnerability to attack."
In a review of five IRS sites GAO found:~ The facilities "could not account for" about 6 400 tapes cartridges and other magnetic storage media that might have contained taxpayer information.~ Database administrators and other employees had access to system software even though their jobs did not require it.~ Managers had not performed risk analyses to determine systems' vulnerabilities.According to the report GAO investigators did not test whether IRS computer systems could be hacked.IRS deputy commissioner Michael Dolan said the agency is reviewing its computer security policies and preparing a plan to correct its shortcomings.
In the week before tax day members of Congress are also pressing for a crackdown on IRS employees who "browse" data files on taxpayers without authorization. An internal IRS report found that between 1991 and 1995 an average of only 29 percent of employees found browsing were disciplined although the agency had promised "zero tolerance" of the practice.
Glenn introduced a bill last week that would make browsing a crime and require that any federal employee convicted of the offense be fired. A similar bill sponsored by Rep. William Archer (R-Texas) is scheduled to be voted on in the House tomorrow.
GAO said the IRS also needs to improve the computer software it uses to monitor which accounts its employees tap. For example GAO reported the agency's Electronic Audit Research Log (EARL) software tracks use of only one system the Integrated Data and Retrieval System which is the main system employees use to update taxpayers' accounts.
Investigators noted however that there are at least three other systems that can be used to gain access to taxpayer files. Furthermore the report said EARL does not distinguish between browsing and "legitimate work activity."
Summers said he and Treasury Secretary Robert Rubin have ordered the IRS to report in a month how it plans to address the browsing problem.