IRS Security: A Real Shake Your Head Moment

Since 1997, the IRS has designated computer security as a material weakness, i.e., “shortcomings in operations or systems which, among other things, severely impair or threaten the organization’s ability to accomplish its mission or to prepare timely, accurate financial statements or reports.”

Given this 11 year history, one would think that getting a handle on computer security would be an IRS top-management priority.

Alas, it appears not to be so, according to a Treasury Inspector General for Tax Administration audit report dated Sept. 24 but released yesterday.

In the report, the IG found appropriate security controls have not been fully implemented in the IRS Customer Account Data Engine (CADE) and the Account Management Services (AMS) systems. CADE will provide the foundation for managing all taxpayer accounts and will replace existing tax processing systems. The AMS systems will provide faster and improved access by employees to taxpayer account data.

In other words, core elements necessary to meeting the IRS mission.

Reading the audit report gives one a feeling of risk mis-management in action.