IRS requests priority help

A mounting list of unfinished corrective actions identified by Inspector General for Tax Administration auditors for the Internal Revenue Service's modernization and information technology service has led tax agency officials to request help from auditors in prioritizing the items' urgency.

"We have a finite level of resources in the IT budget in the IRS," said W. Todd Grams, the tax agency chief information officer. "We can't address all of them in a single year and make any appreciable progress," he told Federal Computer Week.

Tax administration auditors have identified more than 140 shortcomings that need a corrective action, said Margaret Begg, assistant inspector general with jurisdiction over IRS information systems programs.

"There was recognition that the tracking and monitoring of the corrective actions may not have been as strong" at the IRS, Begg said.

"I would rather actually close out and knock a few of them out rather than make a little progress on a lot of them," Grams said. Treasury auditors and IRS officials should meet by March to reach agreement on which actions will gain priority, he added.

The most recent Treasury audit report also shows tax agency's process for identifying and managing security weaknesses is flawed and ineffective. Consequently, information provided to the Office of Management Budget under Federal Information Security Management Act (FISMA) is misleading, the report states.

The number of reported weaknesses has been significantly understated because IRS officials considered each tax administration or Government Accountability Office audit as one weakness. Tax agency officials reported 319 system-level weaknesses for its 80 major systems in its most recent report to the Treasury Department. But, "generally, operational and technical control weaknesses were not reported," the audit states.

IRS officials also overstated their progress on rectifying those weakness. Tax agency officials assumed that if a system was certified and accredited, then any weaknesses discovered by auditors had been sufficiently addressed. "This assumption is not valid since certified and accredited systems can still have security weaknesses," auditors said.

The audit recommends two corrective actions. IRS officials responded to the audit by accepting both, stating they have established a working group that is constructing "an enterprise approach to instituting FISMA as a core organizational process," and that the tax agency will also develop a cross-referenced matrix of corrective actions with testing efforts that should be in place by mid-October.

About the Author

David Perera is a special contributor to Defense Systems.

Featured

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected