The IRS has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect the financial and sensitive taxpayer data that resides on those systems.
As part of its audit of IRS's fiscal year 2014 and 2013 financial statements, the GAO assessed whether controls over key financial and tax-processing systems were effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information. To do this, the GAO examined IRS information security policies, plans and procedures; interviewed key agency officials; and tested controls over key financial applications at four sites.
The GAO recommended that the IRS take 5 additional actions to more effectively implement elements of its information security program. In a separate report with limited distribution, GAO is recommending 14 actions that IRS can take to address newly identified control weaknesses.