Each year, the Treasury Inspector General for Tax Administration (TIGTA) evaluates IRS programs, operations, and management functions to identify the areas of highest vulnerability to the nation’s tax system. For the fiscal year 2020, the IRS’s top challenge is security of taxpayer data and protection of IRS resources, according to TIGTA. Other challenges include implementing tax law changes, addressing emerging threats to tax administration, and modernizing IRS operations.
TIGTA’s assessment of major IRS management challenge areas is similar to the prior fiscal year.
Last year’s challenges of “identity theft and impersonation fraud” have been changed to “addressing emerging threats to tax administration,” to encompass more issues that affect the IRS and taxpayers.
TIGTA still reports that staffing remains a serious underlying problem that effects all management challenges. The IRS budget has increased slightly over the years, but cost increases have resulted in a reduction in the number of full-time employees, with a corresponding impact on institutional knowledge and technical expertise. For example, the IRS anticipates that over 30% of its workforce will retire within the next five years. That’s on top of the fact that the IRS lost over 29,000 full-time positions between 2010 and 2019.
To address this fiscal year’s top priority, the IRS has a mission to ensure that taxpayers can expect that that their information will not be disclosed unless authorized by law. The IRS has developed Internet-accessible, public-facing applications to interact with taxpayers for various tax administrative purposes. These applications collect, process and store large amounts of Personally Identifiable Information (PII) and tax data. This information is extremely valuable, and as such, the IRS is a target for criminals and identity thieves. Accordingly, the IRS must ensure that its applications are secure against threats on the Internet.
Recent data breaches exposing taxpayer data were discovered to have impacted the IRS eAuthentication web portal and the IRS Data Retrieval Tool within the U.S. Department of Education Free Application for Federal Student Aid website, which caused both applications to be taken offline. Without these resources, taxpayers were unable to timely file annual tax returns, and, in the case of the student financial aid application, the spring college enrollment process nationwide was negatively affected.
The report notes that, “TIGTA works continually with the IRS to identify, investigate, and combat threats to the IRS’s cyberinfrastructure,” specially focusing on “how the IRS ensures that only authorized taxpayers can access their information on these public-facing applications.” It goes on to state that “Strong electronic authentication controls are needed to prevent identity thieves from succeeding at impersonating taxpayers and gaining improper access to tax records.”
While the IRS believes that progress is being made at improving electronic authentication controls on its public-facing applications, the IRS’s 52 public-facing applications are not yet compliant with the National Institute of Standards and Technology guidelines. Without full compliance with the new guidelines, the IRS increases the risk of using inappropriate authentication controls, which could allow unauthorized access and activities, compromise taxpayer records, and cause revenue to be lost due to identity theft refund fraud.
A word to the wise: Not only does the IRS face cyber-attacks, but businesses do as well. Recent breach reports have outlined the fact that attacks are exploiting security weaknesses faster and easier than ever before and whether small or large, most organizations are not adequately equipped to defend themselves.
With the frequency of cyber-attacks on the rise, Schneider Downs can help your organization be better prepared. We offer a comprehensive set of information technology (IT) security service, including network penetration assessments, network vulnerability assessments, web application security testing, IT security maturity assessments and more. Your Schneider Downs team can provide contacts and resources to help your business deal with cyber and technology issues.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.