WASHINGTON -- The Internal Revenue Service failed to demonstrate that it has fully addressed security weaknesses in recent years, potentially leaving sensitive taxpayer information vulnerable to attack, according to an auditor's report.
The Treasury Inspector General for Tax Administration found that the IRS had only implemented 42 percent of the corrective plans it had said it completed in recent years.
"When the right degree of security diligence is not applied to systems, disgruntled insiders or malicious outsiders can exploit security weaknesses and may gain unauthorized access," Treasury Inspector General Russell George said in the report.
The review showed that the IRS failed to properly track its progress in completing many of the fixes that auditors had recommended in recent years. The agency closed most of the cases without adequate documentation and did not always upload information into a database that would help ensure compliance.
The inspector general said that the IRS should strengthen its management controls and follow its internal requirements for tracking implementation of corrective measures, in addition to providing more training to employees.
The IRS said in its response to the findings that it issued a new manual this year to help improve its monitoring practices and that the agency would audit completed actions in the future.