TaxProf Blog

Editor: Paul L. Caron, Dean
Pepperdine University School of Law

Wednesday, March 16, 2011

GAO: IRS's Lack of Internal Controls Puts Confidential Taxpayer Info at Risk

GAO Logo The Government Accountability Office yesterday released IRS Needs to Enhance Internal Control over Financial Reporting and Taxpayer Data (GAO-11-308):

Although IRS made progress in correcting previously reported information security weaknesses, control weaknesses over key financial and tax processing systems continue to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information. Specifically, IRS did not consistently implement controls that were intended to prevent, limit, and detect unauthorized access to its financial systems and information. For example, the agency did not sufficiently (1) restrict users’ access to databases to only the access needed to perform their jobs; (2) secure the system it uses to support and manage its computer access request, approval, and review processes; (3) update database software residing on servers that support its general ledger system; and (4) enable certain auditing features on databases supporting several key systems. In addition, 65 of 88—about 74%—of previously reported weaknesses remain unresolved or unmitigated.

Gov't Reports, IRS News, Tax | Permalink

TrackBack URL for this entry:

Listed below are links to weblogs that reference GAO: IRS's Lack of Internal Controls Puts Confidential Taxpayer Info at Risk: