IRS Systems Security and Funding:
Employee Browsing Not Being Addressed Effectively and Budget Requests for New Systems Development Not Justified
T-AIMD-97-82: Published: Apr 15, 1997. Publicly Released: Apr 15, 1997.
- Full Report:
GAO discussed: (1) Internal Revenue Service (IRS) employees' electronic browsing of taxpayer files; and (2) IRS' fiscal years (FYs) 1998 and 1999 budget requests for tax systems modernization (TSM) development.
GAO noted that: (1) on April 8, 1997, GAO issued a report disclosing many serious computer security weaknesses at IRS; (2) these weaknesses make IRS computer resources and taxpayer data unnecessarily vulnerable to external threats, such as natural disasters and people with malicious intentions; (3) they also expose taxpayer data to internal threats, such as employees accessing taxpayer files for purposes unrelated to their jobs (for example, reading the files of celebrities or neighbors) or making unauthorized changes to taxpayer data, either inadvertently or deliberately for personal gain (for example, to initiate unauthorized refunds or abatements of tax); (4) such unauthorized and improper browsing of taxpayer records has been the focus of considerable attention in recent years; (5) nevertheless, GAO's report shows that IRS is not effectively addressing the problem; (6) IRS still does not effectively monitor employee activity, accurately record browsing violations, consistently punish offenders, or widely publicize reports of incidents detected and penalties imposed; (7) compounding IRS' serious and persistent computer security and employee browsing problems are equally serious and persistent TSM management and technical problems that must be corrected if IRS is to effectively invest in TSM; (8) IRS is requesting $1.131 billion in FYs 1998 and 1999 for TSM development and deployment; (9) however, IRS does not know how it will spend this $1.131 billion and has not yet corrected the management and technical problems that IRS has acknowledged have resulted in hundreds of millions of dollars being wasted thus far on TSM; and (10) this is inconsistent with the Government Performance and Results Act of 1993 and the Clinger-Cohen Act of 1996, which require that information technology investments be supported by convincing business case analyses and disciplined management and technical processes.