Outdated systems, poor security plague IRS

The Internal Revenue Service has serious issues with outdated financial management systems and insufficient information security that could affect the accuracy of its financial statements, according to a Government Accountability Office report released on Wednesday.

Comment on this article in The Forum.The report concluded that the agency's internal controls were not effective and that it did not comply with legal requirements for federal financial management systems.

The report says the IRS has yet to clearly articulate its plans to update the financial management systems or establish metrics to help determine the financial efficacy of its enforcement and collection programs.

The IRS is currently in the midst of the Business Systems Modernization program to upgrade its aging networks, for which the agency requested $222 million for fiscal 2009. The IRS began the program in 1999 after a previously failed effort, and plans to modernize its technology and consolidate the more than 400 legacy systems currently in use. GAO has designated the entire program as high risk.

GAO gives the IRS credit for taking steps to improve its internal controls and processes, but said the remaining challenges were enough to seriously hamper the agency's efforts to fulfill its mission.

The IRS' information security vulnerabilities are among the biggest concerns with financial management. In early November, the Treasury Department inspector general for tax administration identified material weaknesses in the taxpayer information system that could lead to identity theft. GAO's report echoed the IG's concerns.

"Until IRS successfully manages its information security risks, management will not have adequate assurance of the integrity and reliability of the information generated from its financial management systems, or its ability to effectively safeguard sensitive taxpayer information," the GAO report said.

GAO made 147 recommendations to help the agency strengthen its controls over financial management processes; 66 of those relate to information security. The IRS said it was dedicated to improving its financial management systems and cited several initiatives, such as testing the outsourcing of some transactions to Treasury's consolidated service center.

The IRS also is establishing an Office of Online Fraud Detection and Prevention to "address increasing and evolving threats online affecting both the IRS and taxpayers." In addition, the agency recently completed a plan to address information security training and other related activities.