U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Implementation of the Taxpayer First Act Provision Regarding the Management and Purchase of Information Technology Resources Needs Improvement

Report Information

Date Issued
Report Number
2023-25-017
Report Type
Audit
Special Emphasis
Taxpayer First Act (TFA)
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

The CIO should coordinate with the Chief Procurement Officer to ensure that the approval process includes a review that the appropriate management official approved the shopping cart prior to the purchase of information technology products.

Provide clarification on the inherently information technology-related work that should not be performed by the information technology staff outside of the IT organization to the heads of the business units to ensure compliance with the CIO’s memorandum.

Develop a control to ensure that the information technology staff outside of the IT organization are not performing inherently information technology-related work in accordance the CIO’s memorandum.

The CIO should establish a process to ensure that oversight of information systems managed by business units outside of the IT organization is documented to support complying with the TFA.

The CIO should ensure that the Network Security Management Standard, Standard Operating Procedures are updated to include the procedures for stakeholders’ defined roles and responsibilities in detecting and overseeing as well as to clarify the CSIRC’s and NMCC’s roles and responsibilities in reviewing unauthorized hardware.