[ISN] GAO: IRS procedural flaws leave taxpayer materials vulnerable

From: InfoSec News (isn@private)
Date: Thu May 18 2006 - 02:02:19 PDT


By Jenny Mandel
jmandel @ govexec.com
May 17, 2006

Taxpayer receipts and other sensitive materials were left open and
vulnerable to loss or theft, and it was common to find problems with
financial and security procedures at Internal Revenue Service
facilities visited by auditors during an annual review.

As part of a fiscal 2005 audit, Government Accountability Office
employees visited a sampling of service centers, taxpayer assistance
centers, field offices, financial institutions serving as agents of
the government and a finance center, to evaluate how they followed
financial and internal controls designed to ensure the appropriate
handling of materials.

In a report (GAO-06-543R) [1] released last week, GAO described a
litany of security problems.

At a taxpayer assistance center, auditors repeatedly entered secure
areas without challenge by walking from public into controlled areas
through an unmarked, unlocked door. At assistance centers newly
reconfigured to incorporate security features, reviewers found the
same open access and were told that unauthorized people occasionally
appeared in secure areas.

At service centers where tax returns were opened and processed,
reviewers found that procedures for candling envelopes -- passing them
over a light source or using other methods to ensure the contents had
been removed -- were not routinely followed before the envelopes were
marked to be destroyed.

At a bank that processed tax remittances, procedures calling for the
immediate deposit of large checks were not routinely followed. In one
case, reviewers found six checks totaling $1.25 million that had not
been processed before a shift change, and new shift leaders were not
aware of their existence.

GAO also found that references were not verified when individuals
under age 18 were hired to handle taxpayer receipts and information.  
Underage employees routinely had access to taxpayer information beyond
what they were cleared to handle, and those who were no longer in
school, but without a work history, were not required to submit a
standard character assessment form.

The report recommended that the IRS improve its procedural guidelines,
enhance periodic facility reviews, enforce existing rules and monitor
adherence to regulations.

In response to a report draft, IRS officials accepted all but one of
GAO's recommendations, which they said the agency had already met.  
"The issues you presented in your report will help us to take the
necessary steps to strengthen our controls over property and
equipment, safeguarding tax receipts, and improving financial
management," Commissioner Mark Everson wrote.

He noted that the IRS had acted on and closed 33 outstanding
recommendations during fiscal 2005, and developed corrective action
plans for others.

[1] http://www.gao.gov/cgi-bin/getrpt?GAO-06-543R

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 02:11:37 PDT