The Internal Revenue Service is working to correct weaknesses in its ability
to determine whether employees are inappropriately accessing taxpayer data, but
it can and should do more, according to a Treasury Inspector General for Tax
released Nov. 6.
An audit trail--a record showing who has accessed a computer system and what
operations a person has performed during a given period of time--is a key
component of information technology security, TIGTA said in the report dated
The federal watchdog found that IRS has created a central system to store
data trails and is educating employees on the type of information it needs to
investigate potential unauthorized access.
However, IRS needs to improve its processes for ensuring that audit trails
effectively support investigations of unauthorized access and allow management
to identify noncompliant activity and hold employees accountable.
Additionally, TIGTA said IRS audit trail documentation does not require the
collection of sufficient information.
“Unauthorized access to taxpayer records by IRS employees is a very serious
offense, and the IRS must do everything in its power to make sure that it
collects sufficient information to detect, monitor, and properly investigate all
such activity,” J. Russell George, Treasury Inspector General for Tax
Administration, said in a statement accompanying the report.
TIGTA recommended a series of improvements to IRS processes. IRS officials
agreed to improve processes to test audit trail data but disagreed with TIGTA's
recommendations to collect additional information.
Audit trails are useful both for maintaining security and for recovering lost
transactions, according to TIGTA. Most accounting systems and database
management systems include an audit trail component that documents events
occurring on a computer from system and application processes, as well as from
At IRS, the trails are used to determine whether inappropriate activity, such
as unauthorized access to taxpayer data, is occurring.
Due to the sensitive nature of tax return information, Section 6103 of the
Internal Revenue Code and the Taxpayer Browsing Protection Act of 1997 require
IRS to detect and monitor unauthorized access and disclosure of taxpayer
The willful unauthorized access or inspection of taxpayer records is a crime
punishable upon conviction by fines, prison terms, and termination of
The report, “Audit Trails Did Not Comply With Standards or Fully Support
Investigations of Unauthorized Disclosure of Taxpayer Data” (2012-20-099), is
available at http://www.treasury.gov/tigta/auditreports/2012reports/201220099fr.pdf.