53.9 F
Washington D.C.
Thursday, September 29, 2022

GAO Finds ‘Significant Deficiency’ in IRS Information System Security Controls

During its audit of the Internal Revenue Service’s (IRS) fiscal years 2019 and 2018 financial statements, the Government Accountability Office (GAO) identified new deficiencies in information system security controls that along with unresolved control deficiencies from prior audits, “collectively represent a significant deficiency in the agency’s internal control over financial reporting systems”.

GAO identified 11 new deficiencies in information system security controls over certain IRS financial and tax processing systems that are relevant to internal control over financial reporting. Of the 11 new deficiencies, five were related to access controls, three were related to configuration management, one was related to segregation of duties, and two were related to information security management program controls. In a separately issued limited official use only report, GAO communicated to IRS management detailed information regarding the 11 new deficiencies in information system security controls and made 18 recommendations to address them.

In addition, GAO found that as of September 30, 2019, IRS had completed corrective actions to address deficiencies in information system security controls associated with 13 of the 127 recommendations resulting from GAO’s prior financial audits. GAO closed these recommendations. In the limited official use only report, GAO communicated to IRS management the status of previously reported recommendations as of September 30, 2019.

As a result, IRS has 132 GAO recommendations to address—the 114 remaining open recommendations from GAO’s prior financial audits and the 18 new recommendations GAO made in the limited official use only report. GAO says that until these new and continuing control deficiencies, which collectively represent a significant deficiency, are fully addressed, IRS financial reporting and taxpayer data will remain unnecessarily vulnerable to unauthorized access, modification, or disclosure.

IRS agreed with GAO’s recommendations and stated that it will ensure that its corrective actions include root cause analysis for sustainable fixes. GAO will evaluate the effectiveness of IRS’s efforts to address these deficiencies during its audit of IRS’s fiscal year 2020 financial statements.

Read the full report at GAO

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles