We've got some interesting findings about IRS's cloud security and IT modernization. Dig in.
Improvements Are Needed in the Cloud Security Assessment, Approval, and Monitoring Processes
Why did we do this audit?
Federal agencies are required to expand the use of shared services to enable broader use and adoption of cloud computing. Cloud computing is the delivery of computing services, including servers, storage, databases, networking, software, analytics, and intelligence, over the Internet to offer faster innovation, flexible resources, and economies of scale.
When an application hosted in the cloud has unidentified internal control deficiencies or security weaknesses that are not being monitored, it can potentially lead to disclosure of sensitive data.
What did we find?
The IRS was not maintaining appropriate separation of duties for certain roles related to cloud systems. The agency also did not follow guidance meant to prevent conflicts of interest, increasing the risk of erroneous and inappropriate actions. Specifically, 35 (70%) of 50 cloud systems reviewed had the same individual filling the System Owner and Authorizing Official roles.
We also identified a cloud system that was operating in a production environment despite not having the required security documentation.
For more of our findings:
Progress of Information Technology Modernization Efforts
Why did we do this audit?
Information technology (IT) plays a critical role in enabling the IRS to carry out its mission and responsibilities. The modernization of its IT and business systems is essential to fulfilling its mission of providing America’s taxpayers with top quality service, helping them understand and meet their tax responsibilities, and enforcing the law with integrity and fairness to all.
What did we find?
The IRS has a Strategic Operating Plan includes 39 key projects that outline how it will use its Inflation Reduction Act funding to deliver transformational change to taxpayers. During FY 2023, the IRS spent $1.2 billion to work on 27 of the 39 projects. Some of these projects include online tools/self-service options for taxpayers and identity and access management.
We also found that the IRS's IT organization is making significant technical advancements in the areas of artificial intelligence, automation, cloud capabilities, data access, data quality, and data standards.
For more of our findings:
Having trouble viewing this email? View it as a Web page.
|
