Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk, Report to the Commissioner of Internal Revenue [open pdf - 353KB]
From the Highlights: "The IRS [Internal Revenue Service] has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect the financial and sensitive taxpayer information that resides on those systems. As part of its audit of IRS's fiscal years 2013 and 2012 financial statements, GAO [Government Accountability Office] assessed whether controls over key financial and tax processing systems are effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information. To do this, GAO examined IRS information security policies, plans, and procedures; tested controls over key financial applications; and interviewed key agency officials at six sites. […] GAO is recommending that IRS take 3 actions to more effectively implement portions of its information security program. In a separate report with limited distribution, GAO recommends that IRS take 23 specific actions to address identified control weaknesses. In commenting on a draft of this report, IRS agreed to develop a detailed corrective action plan to address each recommendation."
Government Accountability Office: http://www.gao.gov/