Tuesday, October 29, 2013
The Treasury Inspector General for Tax Administration today released Weaknesses in Asset Management Controls Leave Information Technology Assets Vulnerable to Loss (2013-20-089):
The IRS Information Technology organization controls more than 306,000 information technology assets worth almost $720 million using the Knowledge, Incident/Problem, Service Asset Management (KISAM) system. Our review determined that weaknesses in controls over asset management create an environment in which information technology assets are vulnerable to loss. The risk of loss, theft, or the inadvertent release of sensitive information can decrease the public’s confidence in the IRS’s ability to monitor and use its resources effectively.
TIGTA found that information technology asset data successfully migrated from the legacy inventory system to the KISAM–Asset Manager. However, the audit log used to capture events was not being reviewed to ensure that only appropriate accesses were made. In addition, information technology asset data within the KISAM–Asset Manager are inaccurate and incomplete because the IRS is not following its procedures to ensure that all assets are accurately recorded and timely updated in the KISAM–Asset Manager.
TIGTA also found that ineffective inventory controls created an environment where information technology assets are vulnerable to loss. TIGTA selected 146 information technology assets to physically verify and could not locate and verify or find proper supporting documentation for 34 information technology assets worth more than $948,000. In addition, IRS offices improperly completed the annual inventory reconciliation process.