Annual Assessment of the IRS’s Information Technology Program for Fiscal Year 2024
Why did we do this audit?
The IRS relies extensively on computerized systems to operate. Weaknesses within the IRS’s computer operations could adversely affect its ability to meet its mission of helping taxpayers comply with their tax responsibilities and enforcing the tax laws with integrity and fairness to all. We assessed the adequacy and security of the IRS’s information technology systems based on 24 audit reports issued during Fiscal Year 2024: 19 by TIGTA, and 5 by the Government Accountability Office.
What did we find?
The IRS continues to make progress in many information technology
program areas. For example, the IRS is blocking more than 1,000 email websites and effectively preventing users from using email website services to exfiltrate sensitive taxpayer data.
However, significant issues remain. A 2024 evaluation found problems in the IRS’s handling of the privacy of taxpayer data, access controls, system environment security, roles and responsibilities and separation of duties, security policies, procedures, and documentation. For example, we found that the IRS is not removing user access to taxpayer information once users have separated from the IRS. Specifically, 279 of 91,661 users with sensitive system access were listed as separated but continued to have access to 1 or more sensitive systems.
Additionally, the IRS was unable to locate all cloud services contracts for its cloud applications. The value of all cloud services contracts was also indeterminable. Furthermore, the Cloud Management Office did not provide centralized management and oversight of the Enterprise Cloud Program. The IRS fully implemented some planned corrective actions, but the actions were not always effective.
Improvements Are Needed to Address Inaccuracies in Unassigned Firearms Inventory Records
Why did we do this audit?
Internal Revenue Service Criminal Investigation (IRS-CI) uses firearms to carry out its law enforcement duties. Firearms that are not currently assigned to an IRS-CI agent, including firearms used for training, are managed by a Use Of Force (UOF) coordinator. Because firearms are dangerous, it is critical to have safeguards and tracking systems in place to prevent unauthorized access and misuse. We reviewed whether UOF coordinators are properly inventorying, storing and securing these unassigned firearms and ammunition.
What did we find?
IRS-CI is comprised of approximately 3,500 employees - 2,300 who are federal law enforcement special agents. IRS-CI special agents are the only IRS employees statutorily authorized to carry and use firearms.
As of August 2024, IRS-CI’s firearms inventory list contained 6,261 firearms, with 3,647 held in storage and assigned to a UOF coordinator. The remaining 2,614 firearms were assigned to special agents. We conducted on-site inspections at 16 offices to verify 1,776 unassigned firearms. While all firearms were accounted for, we found inaccuracies in inventory records. For example, 33 of the 1,776 firearms assigned to UOF coordinators in the inventory system were actually in the possession of special agents.
We also identified 84 firearms in the possession of UOF coordinators but not assigned to those individuals in IRS-CI’s inventory tracking system. Specifically, 68 firearms were not included in the inventory extract provided to us. IRS-CI officials responded that these firearms were inadvertently left off the original inventory list provided to us. We later verified that these firearms were correctly identified in IRS-CI’s inventory system.
Having trouble viewing this email? View it as a Web page.
|
