Tax Systems Modernization

The Internal Revenue Service (IRS) has made progress in addressing GAO's concerns about the security and privacy aspects of Tax Systems Modernization, an $8-billion program to modernize the agency's 1950s-era tax processing system. IRS plans to complete actions in some of these areas--disaster recovery and managing user identification and profiles--when the next version of the Security Architecture is issued in March 1993. It is uncertain, however, when actions will be complete in other areas--independence among security software administrators and developers and accountability for protecting taxpayer privacy. Part of the problem is the lack of a firm deadline for resolving these issues and the need for coordination among several organizations within IRS.

GAO found that: (1) the security architecture did not describe how taxpayer information and other data would be processed during recovery from a major disaster; (2) the security architecture does not specify how user identification codes and user profiles will be managed; (3) a lack of independence exists among individuals and organizations responsible for administering the security program, developing the software, and ensuring the quality of the software; (4) no organization or person is responsible for incorporating privacy protection features; and (5) IRS officials agreed with the concerns and identified actions that were planned or under way to address them.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone: