WASHINGTON - The Treasury Inspector General for Tax Administration (TIGTA) today publicly released its audit report of the Internal Revenue Service's (IRS) Tier II Environment Backup and Restoration Process, which protects important data saved on its computer systems. TIGTA found that the IRS is not effectively managing this process.
The IRS must provide adequate backup and restoration of this important computer data, called the Tier II Environment, which consists of non-mainframe servers. These servers run various operating systems, including versions of Microsoft Server, Linux, and UNIX. Some examples of important data stored within the Tier II environment include e-mails, personal and shared files, and taxpayer information. If the data is not backed up properly, a possibility exists that all taxpayer and management information could be lost and become unrecoverable. The IRS must effectively manage the Tier II backup and restoration environment to ensure that its technology fully serves taxpayers.
TIGTA evaluated the Tier II backup and restoration process following an incident in which the IRS discovered that a backup did not exist when needed to restore significant data. In addition to finding that the IRS is not effectively managing this process, TIGTA found that the IRS did not take effective action following this incident. IRS management has not established goals and does not regularly collect sufficient performance metrics to monitor, measure, and report on the effectiveness of the process.
As a result, IRS management does not have information to detect if a required backup is not created. Similarly, management does not routinely test restoration of backups to ensure the integrity and reliability of the data.
"If there is a failure in the ability to restore a system containing taxpayer data, it can have serious consequences in the IRS's ability to administer the tax system," said J. Russell George, Treasury Inspector General for Tax Administration.
TIGTA recommended that the Chief Technology Officer establish goals and performance measures; implement a problem management process; create and implement a backup strategy that includes tests to restore databases; ensure that a root cause analysis is performed on known vulnerabilities and that corrective actions are properly documented; develop standard operating procedures; and establish procedures to notify support personnel that backups have been completed successfully. TIGTA also recommended upgrades to the software and aged hardware infrastructure, and the development of guidelines for actions that should be taken when equipment reaches its end of useful life.
The IRS agreed to establish goals and plans to implement performance measures and to use the measures to address these concerns.