Many computer system interconnections at the IRS do not have proper authorization or security agreements, the Treasury Inspector General for Tax Administration has said.
The agency shares federal tax information and other records with many federal, state, and local agencies, as well as private agencies and contractors via connections with external IT systems.
The agency has established an office to provide oversight and guidance for the development of security agreements covering those connections, but that office is not responsible for managing or monitoring agreements for all external interconnections in use in the IRS environment, according to TIGTA.
It said improvements are also needed to ensure that existing agreements contain all required elements and not be allowed to lapse.
The agency agreed with recommendations to identify and document external interconnections; Establish a repeatable process for identifying external interconnections; Ensure that policies and procedures are developed and implemented for updating the interconnections inventory; Establish an escalation process to resolve agreement renewal issues; Ensure that interconnection agreements meet policies and are renewed timely; and, Streamline and eliminate ineffective practices related to interconnection agreements.