Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data
Highlights
What GAO Found
Why GAO Did This Stuy
The Internal Revenue Service (IRS) has a demanding responsibility in collecting taxes, processing tax eturns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect the confientiality, integrity, and availability of the financial and sensitive taxpayer information that resides on those systems. As part of our audit of IRS's fiscal years 2011 and 2010 financial statements, we assessed the effectiveness of the agency's information security controls over its key financial and tax-processing systems, information, and interconnected networks at seven locations. These systems support the processing, storage, and transmission of financial and sensitive taxpayer information. In our report on IRS's fiscal years 2011 and 2010 financial statements, we reported that IRS continued to have a material weakness in internal control over financial reporting related to information security in fiscal year 2011. Our objective was to determine whether IRS's controls over key financial and tax-processing systems are effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information.
Recommendations
GAO recommends that IRS take 23 specific actions to correct newly identified control weaknesses. In a separate public report, GAO is recommending that IRS take 6 actions to fully implement key components of its comprehensive information security program. In commenting on a draft of this report, IRS agreed to develop a detailed corrective action plan to address each recommendation.