recommended reading

Outdated systems, poor security plague IRS

The Internal Revenue Service has serious issues with outdated financial management systems and insufficient information security that could affect the accuracy of its financial statements, according to a Government Accountability Office report released on Wednesday.

Comment on this article in The Forum.The report concluded that the agency's internal controls were not effective and that it did not comply with legal requirements for federal financial management systems.

The report says the IRS has yet to clearly articulate its plans to update the financial management systems or establish metrics to help determine the financial efficacy of its enforcement and collection programs.

The IRS is currently in the midst of the Business Systems Modernization program to upgrade its aging networks, for which the agency requested $222 million for fiscal 2009. The IRS began the program in 1999 after a previously failed effort, and plans to modernize its technology and consolidate the more than 400 legacy systems currently in use. GAO has designated the entire program as high risk.

GAO gives the IRS credit for taking steps to improve its internal controls and processes, but said the remaining challenges were enough to seriously hamper the agency's efforts to fulfill its mission.

The IRS' information security vulnerabilities are among the biggest concerns with financial management. In early November, the Treasury Department inspector general for tax administration identified material weaknesses in the taxpayer information system that could lead to identity theft. GAO's report echoed the IG's concerns.

"Until IRS successfully manages its information security risks, management will not have adequate assurance of the integrity and reliability of the information generated from its financial management systems, or its ability to effectively safeguard sensitive taxpayer information," the GAO report said.

GAO made 147 recommendations to help the agency strengthen its controls over financial management processes; 66 of those relate to information security. The IRS said it was dedicated to improving its financial management systems and cited several initiatives, such as testing the outsourcing of some transactions to Treasury's consolidated service center.

The IRS also is establishing an Office of Online Fraud Detection and Prevention to "address increasing and evolving threats online affecting both the IRS and taxpayers." In addition, the agency recently completed a plan to address information security training and other related activities.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.