May 20 Oversight Hearing on the Internal Revenue Service--Questions for the Record

GAO-03-962R: Published: Jun 27, 2003. Publicly Released: Jun 27, 2003.

Additional Materials:


James R. White
(202) 512-5594


Office of Public Affairs
(202) 512-4800

GAO reviewed the Internal Revenue Service's (IRS) accomplishments in the 5 years since the IRS Restructuring and Reform Act of 1998 was past. Specifically, GAO determined (1) how much money IRS has spent on upgrading its security, (2) whether the challenges associated with ensuring information security are technological or managerial, and (3) if IRS is taking sufficient steps to eliminate overpayments to the Earned Income Credit (EIC).

According to IRS officials, spending for security in fiscal year 2003 is about $132 million,including about $39 million dedicated to information technology security improvements. For fiscal year 2004, IRS officials state that they have requested about $136 million for information security, with about $40 million dedicated to improvements. The challenges facing IRS in ensuring information security are largely managerial. Ensuring that known weaknesses affecting IRS's computing resources are promptly mitigated and that computer controls effectively protect its systems and data requires support and leadership from senior management of IRS's information technology and operating divisions, disciplined processes, and consistent oversight. We have reported that an underlying cause for the hundreds of information security weaknesses identified during our reviews of IRS's computer controls was that IRS has not fully implemented its agencywide information security program. Implementing such a program requires that IRS take a comprehensive approach that includes assessing risks and evaluating needs, establishing and implementing appropriate policies and controls, enhancing awareness and technical skills, and monitoring the effectiveness of controls on an ongoing basis. Further, a successful program will need the active and accountable involvement of both (1) operating division executives and managers who understand which aspects of their missions and information systems are the most critical and sensitive and (2) technical experts who know the agency's systems and understand the technical aspects of implementing security controls. Because IRS's latest compliance study uses tax year 1999 data and its new initiatives are in the early planning stages, it is too early to determine whether IRS's steps to reduce EIC overpayments will be sufficient. IRS has plans to evaluate the success of its initiatives, but data will not be available for some time. IRS has and continues to take steps aimed at reducing EIC overpayments. IRS received about $875 million in special appropriations for EIC compliance initiatives between 1998 and 2003. The most recent data available, for tax year 1999, showed that overpayments for the EIC are estimated to be between about 27 and 32 percent of dollars claimed or between $8.5 billion and $9.9 billion. For fiscal year 2004, IRS has asked for a total of $251 million. This included $100 million to enhance its EIC compliance initiatives--about $45 million for technology improvements and about $55 million for direct casework. The direct casework involves three new initiatives, each of which would be tested over the next year and, depending on the results, expanded in future years. The initiatives cover (1) qualifying child verification, (2) income misreporting, and (3) filing status.

Aug 31, 2020

Jun 29, 2020

Jun 16, 2020

May 1, 2020

Apr 30, 2020

  • tax icon, source: Eyewire

    Priority Open Recommendations:

    Internal Revenue Service
    GAO-20-548PR: Published: Apr 23, 2020. Publicly Released: Apr 30, 2020.

Apr 1, 2020

Mar 2, 2020

Feb 26, 2020

Feb 25, 2020

Feb 12, 2020

Looking for more? Browse all our products here