IRS' modernization needs better tracking, IG says

IG report on tracking audit trails

Related Links

The Internal Revenue Service does a poor job of monitoring audit trails for the computers supporting its Business Systems Modernization project, according to an inspector general report.

The Treasury Inspector General for Tax Administration said the IRS is not checking audit trails on the Customer Account Data Engine because only a limited number of users have permission to access the system. The IG expects CADE’s workload to increase from processing 1.4 million returns in 2005 to processing 135 million in 2012, according to the Sept. 29 report.

CADE currently stores a small number of taxpayer records, and only 39 IRS and IG employees and contractors have access to the information.

“However, these users have powerful access privileges, which could enable them to steal taxpayer information and take action to disrupt computer operations with little chance of detection,” the report states.

Audit trails for all other modernized systems are stored centrally and reviewed in the Security Audit and Analysis System. But SAAS’ information is in accurate or unreliable, the IG reports.

“We reviewed over 3 million audit trail records and found 48 percent of the places for data required by IRS policy were missing data or contained inaccurate information,” the IG report states.

Moreover, SAAS’ reports are unavailable for reviewing system usage, which blocks the IRS and the IG from monitoring user activities. It is unlikely SAAS users could identify inappropriate use on modernized systems, the report states.

The IG recommends that the chief of Mission Assurance and Security Services create a review process for CADE audit trails and make sure it is used. The chief should also reassess SAAS’ requirements to make sure collected data is valid, according to the report.

For SAAS, the chief information officer should change system audit trails to comply with standards and capture the correct information.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.