Auditors found contractors with unfavorable background investigations that retained access to one or more sensitive system. Image: grandbrothers/Shutterstock.com
By: FEDweek StaffAn inspector general audit has recommended that the IRS tighten its controls over sensitive systems, after finding that some contractor employees were granted access even though they did not pass security screening and that the agency delayed in revoking access rights to some of its own employees who had left the agency.
The report said that as of last July, more than 91,000 individuals—about 5,000 of them contractor employees working for nearly 200 different companies—had access to the Business Entitlement Access Request System, which the IRS has used since 2021 to control users access to its sensitive information technology systems.
Auditors said that due to differences in terminology, it was difficult to specify exactly which systems fell under BEARS, but that of 276 systems they identified, there were about an equal number of former IRS employees who had not had their system access removed—for periods ranging up to 502 days. The IRS said it had canceled their general network access, which the IG said “reduces, but does not eliminate, the risk that a user can access a sensitive system.”
Auditors also identified 19 contractor employees whose “background investigations were not favorable” but who retained their access to one or more sensitive systems because the IRS did not take action to suspend or disable the contractors from the IRS’s systems.
The review also found that 10 individuals “did not receive a favorable determination to become an IRS employee” but were allowed to continue working as contractor employees. “Although the IRS believes that these were the correct determinations, we are concerned that these individuals who were not considered suitable for IRS employment were retained as contractors and were given access to sensitive systems. We plan to evaluate this matter for additional review,” the auditors said.
Further, the agency “does not have adequate controls to detect or prevent the unauthorized removal of data by users” as pointed out in prior reports, although it is taking steps toward that end, the report said.
It said that management agreed with recommendations including to promptly remove sensitive system access rights when employee leave and evaluate how it grants access to and safeguards federal tax information on its IT systems.
Senate Eyes Vote to Pay Federal Employees Working Unpaid
Series of Bills Offered to Address Shutdown’s Impact on Employees
Public Starting to Feel Impact of Shutdown, Survey Shows
OPM Details Coverage Changes, Plan Dropouts for FEHB/PSHB in 2026
Does My FEHB/PSHB Plan Stack Up? Here’s How to Tell
2025 TSP Rollercoaster and the G Fund Merry-go-Round
See also,
TSP Takes Step toward Upcoming In-Plan Roth Conversions
5 Steps to Protect Your Federal Job During the Shutdown
Over 30K TSP Accounts Have Crossed the Million Mark in 2025
