WASHINGTON - While the Internal Revenue Service (IRS) continues to work toward securing tax information and maintaining taxpayer privacy, much work remains, according to an audit report that the Treasury Inspector General for Tax Administration (TIGTA) published today.
TIGTA annually assesses and reports on the adequacy and security of IRS information technology, as required by the IRS Restructuring and Reform Act of 1998. TIGTA's overall objective was to assess the progress of the IRS's Information Technology Program, including security, improving tax systems and online services, and operations for Fiscal Year 2016.
TIGTA identified weaknesses within the IRS's cybersecurity program in which three areas need significant improvement: Information Security Continuous Monitoring; Configuration Management; and Identity and Access Management. TIGTA also identified weaknesses in the electronic authentication process controls. Additional areas that need improvement include physical security controls, backing up and restoring data, and SharePoint controls.
TIGTA has designated "Security for Taxpayer Data and IRS Employees" as the number one management and performance challenge facing the IRS for the sixth consecutive year. Weaknesses within the IRS's Information Technology Program could result in computer operations that become compromised, disrupted, or outdated.
The IRS continues to update its systems in an effort to combat identity theft and tax refund fraud. During the 2016 Filing Season, the IRS implemented three new data elements for its Return Review Program. As of March 25, 2016, the IRS had detected $72 million in suspected tax return refund fraud that was directly attributable to the new data elements. The IRS is testing additional new data elements for future implementation.
The IRS also continues to develop systems to implement the Affordable Care Act and other tax law changes and successfully tested the functionality and security of the Affordable Care Act Compliance Validation System. The Foreign Account Tax Compliance Act Program Withholding & Refund Release 2.0 system was built to requirements, but has not provided the intended business results. Finally, TIGTA identified concerns with information technology contract administration controls and the enterprise e-mail acquisition.
Because this report was an assessment report of the IRS's Information Technology Program based on TIGTA audit reports issued during Fiscal Year 2016, TIGTA did not make any recommendations.