Weaknesses in asset management controls at the IRS leave IT assets vulnerable to loss, the Treasury Inspector General for Tax Administration has said.
It said the agency’s IT organization controls over 306,000 IT assets worth almost $720 million using a so-called Knowledge, Incident/ Problem, Service Asset Management, or KISAM, system.
While IT asset data successfully migrated from the legacy inventory system to the KISAM-asset manager, the audit log used to capture events was not being reviewed to ensure that only appropriate accesses were made, according to TIGTA.
Further, it said IT asset data within the KISAM–asset manager are inaccurate and incomplete because the IRS is not following its procedures to ensure that all assets are accurately recorded and timely updated in the asset manager.
TIGTA also found that ineffective inventory controls created an environment where IT assets are vulnerable to loss. (Out of a sample of 146 assets it could not locate and verify or find proper supporting documentation for 34 of them worth close to $1 million.)
IRS management agreed with recommendations to ensure inventory records are updated to correct deficiencies, ensure the reconciliation process is effectively completed and offices provide supporting documentation for quality review, and to ensure dollar threshold criteria are included in the inventory certification plan.
IRS management also agreed to deliver KISAM enhancements for performing asset verification and correct data deficiencies, develop a missing asset aging report, and update the fiscal 2014 inventory certification plan to include the verification of the serial number field and assets with an acquisition value of $50,000 or greater.