IRS requests priority help

A mounting list of unfinished corrective actions identified by Inspector General for Tax Administration auditors for the Internal Revenue Service's modernization and information technology service has led tax agency officials to request help from auditors in prioritizing the items' urgency.

"We have a finite level of resources in the IT budget in the IRS," said W. Todd Grams, the tax agency chief information officer. "We can't address all of them in a single year and make any appreciable progress," he told Federal Computer Week.

Tax administration auditors have identified more than 140 shortcomings that need a corrective action, said Margaret Begg, assistant inspector general with jurisdiction over IRS information systems programs.

"There was recognition that the tracking and monitoring of the corrective actions may not have been as strong" at the IRS, Begg said.

"I would rather actually close out and knock a few of them out rather than make a little progress on a lot of them," Grams said. Treasury auditors and IRS officials should meet by March to reach agreement on which actions will gain priority, he added.

The most recent Treasury audit report also shows tax agency's process for identifying and managing security weaknesses is flawed and ineffective. Consequently, information provided to the Office of Management Budget under Federal Information Security Management Act (FISMA) is misleading, the report states.

The number of reported weaknesses has been significantly understated because IRS officials considered each tax administration or Government Accountability Office audit as one weakness. Tax agency officials reported 319 system-level weaknesses for its 80 major systems in its most recent report to the Treasury Department. But, "generally, operational and technical control weaknesses were not reported," the audit states.

IRS officials also overstated their progress on rectifying those weakness. Tax agency officials assumed that if a system was certified and accredited, then any weaknesses discovered by auditors had been sufficiently addressed. "This assumption is not valid since certified and accredited systems can still have security weaknesses," auditors said.

The audit recommends two corrective actions. IRS officials responded to the audit by accepting both, stating they have established a working group that is constructing "an enterprise approach to instituting FISMA as a core organizational process," and that the tax agency will also develop a cross-referenced matrix of corrective actions with testing efforts that should be in place by mid-October.

About the Author

David Perera is a special contributor to Defense Systems.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected