The Internal Revenue Service is working to correct weaknesses in its ability to determine whether employees are inappropriately accessing taxpayer data, but it can and should do more, according to a Treasury Inspector General for Tax Administration report released Nov. 6.
An audit trail--a record showing who has accessed a computer system and what operations a person has performed during a given period of time--is a key component of information technology security, TIGTA said in the report dated Sept. 20.
The federal watchdog found that IRS has created a central system to store data trails and is educating employees on the type of information it needs to investigate potential unauthorized access.
However, IRS needs to improve its processes for ensuring that audit trails effectively support investigations of unauthorized access and allow management to identify noncompliant activity and hold employees accountable.
Additionally, TIGTA said IRS audit trail documentation does not require the collection of sufficient information.
“Unauthorized access to taxpayer records by IRS employees is a very serious offense, and the IRS must do everything in its power to make sure that it collects sufficient information to detect, monitor, and properly investigate all such activity,” J. Russell George, Treasury Inspector General for Tax Administration, said in a statement accompanying the report.
TIGTA recommended a series of improvements to IRS processes. IRS officials agreed to improve processes to test audit trail data but disagreed with TIGTA's recommendations to collect additional information.
Audit trails are useful both for maintaining security and for recovering lost transactions, according to TIGTA. Most accounting systems and database management systems include an audit trail component that documents events occurring on a computer from system and application processes, as well as from user activity.
At IRS, the trails are used to determine whether inappropriate activity, such as unauthorized access to taxpayer data, is occurring.
Due to the sensitive nature of tax return information, Section 6103 of the Internal Revenue Code and the Taxpayer Browsing Protection Act of 1997 require IRS to detect and monitor unauthorized access and disclosure of taxpayer records.
The willful unauthorized access or inspection of taxpayer records is a crime punishable upon conviction by fines, prison terms, and termination of employment.
The report, “Audit Trails Did Not Comply With Standards or Fully Support Investigations of Unauthorized Disclosure of Taxpayer Data” (2012-20-099), is available at http://www.treasury.gov/tigta/auditreports/2012reports/201220099fr.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).