Why GAO Did This Study
The U.S. tax system is based largely on voluntary compliance. One factor that may influence taxpayers’ willingness to voluntarily comply is the confidence that IRS is protecting their personal and financial information.
GAO was asked to review IRS’s safeguards for taxpayer information. This report evaluates the extent to which IRS is following its tax safeguards for protecting taxpayer information.
To address this objective, GAO analyzed mandatory training and UNAX data for IRS employees and contractors, reviewed IRS and TIGTA documentation, and interviewed IRS and TIGTA officials at selected offices. In addition, GAO reviewed federal law authorizing other federal agencies to receive taxpayer information.
GAO also identified and tested selected management, operational, and technical controls on selected IRS systems that store or process taxpayer information, and observed controls in operation. GAO also has ongoing work assessing IRS’s efforts to protect the confidentiality of taxpayer information, including its implementation of technical controls and breach response processes. GAO will publish this work in a subsequent report with limited distribution…
What GAO Found
The Internal Revenue Service (IRS) has implemented access controls and other safeguards to help mitigate risks to taxpayer information. However, continuing weaknesses pose a risk. Among its safeguards, in July 2022, IRS began requiring certain employees to seek senior executive approvals to gain access to taxpayer information. IRS employees also met the agency-wide 97 percent completion goal for training on protecting taxpayer information. However, IRS did not have a training goal for contractors, who had training completion rates well below employee completion rates—less than 75 percent. For example, 66 percent of the approximately 14,000 contractors assigned the Insider Threat Awareness training completed the course. As a result, IRS contractors are at increased risk of being unprepared to handle taxpayer information…
Recommendations
Since fiscal year 2010, GAO has made 451 recommendations to IRS aimed at safeguarding taxpayer information. While IRS has implemented many of these recommendations, 77 of them had not been implemented as of March 2023. These include two recommendations that GAO considers high priority. Fully implementing these recommendations could significantly improve IRS’s ability to safeguard taxpayer information.
In addition to the remaining recommendations above, GAO is making one matter for congressional consideration. This matter would provide IRS with additional authority to inspect agencies’ data safeguards in those instances where IRS shares taxpayer information but does not have direct authority to inspect agency safeguards.
GAO is making 15 additional recommendations…
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.