Attention FAE Customers:
Please be aware that NASBA credits are awarded based on whether the events are webcast or in-person, as well as on the number of CPE credits.
Please check the event registration page to see if NASBA credits are being awarded for the programs you select.

TIGTA Report: IRS Must Improve Security at Its Facilities

Ruth Singleton
Published Date:
Sep 26, 2022

A report recently issued by the Treasury Inspector General for Tax Administration (TIGTA) found that security measures at IRS facilities were inadequate, as they “did not ensure that minimum physical security countermeasures were tracked and considered.” 

TIGTA initiated the report because “the IRS is often the target of threats from individuals and organizations looking to do it harm.” Accounting Today reported that threats against the agency have intensified after passage of the Inflation Reduction Act in August. The legislation provides $80 billion in new funding for the IRS over 10 years, with a portion of the funds going to heightened enforcement and auditing of corporations and high-income taxpayers.  

Although Treasury Secretary Janet Yellen explicitly stated in a letter to IRS Commissioner Charles Rettig that “that any additional resources—including any new personnel or auditors that are hired—shall not be used to increase the share of small business or households below the $400,000 threshold,” Accounting Today reported in August that several Republican politicians said that the bill sought to audit rates for the middle class and small businesses 

TIGTA noted that the IRS manages 532 locations throughout the United States, adding, “It is important for the IRS to track the status of countermeasures at these locations to ensure that known security vulnerabilities are mitigated. Without effective management and documentation of the countermeasure tracking and approval process for known security vulnerabilities, IRS employees and facilities may be at increased risk if a necessary countermeasure was not implemented.” 

The TIGTA report specifically found that the “IRS’s process for documenting the tracking and monitoring of recommended countermeasures was not effective because the IRS does not consistently use a centralized system to track physical security countermeasure recommendations, approvals, implementation actions, and associated costs. As a result, TIGTA was unable to determine the status of all current recommended physical security countermeasures in [redacted] of the IRS facilities reviewed.” 

In addition, the report found that “physical security specialists did not consistently and clearly document when a request for risk acceptance was made or have a defined process to reject a recommended countermeasure. Without a process that requires physical security specialists to document their rationale and obtain approval for rejecting a recommended countermeasure, physical security specialists may choose not to implement a countermeasure that is required per Interagency Security Committee standards, thereby increasing risk to IRS personnel and facilities.” 

TIGTA made four recommendations to the IRS to improve the security at its facilities:  

"1) ensure that countermeasure recommendations, approvals or denials, implementation decisions and actions, risk acceptance decisions, and the associated cost of implementation are adequately tracked and maintained in a central location;

2) update the policies and procedures for any changes related to the tracking of countermeasures identified in a Facility Security Assessment or Facility Security Assessment Addendum and provide formalized training to the physical security specialists;3) ensure that all recommended countermeasures from the most recent risk assessment are tracked until a new risk assessment is completed using the new countermeasure tracking mechanism; and4) ensure that the countermeasure tracking mechanism requires physical security specialists to document the reason and obtain approval for rejecting a recommended countermeasure."

IRS management agreed with these recommendations. Specifically, TIGTA reported, the IRS “plans to implement a Countermeasure Tool to track and maintain countermeasures in a central location. Management also plans to update policies and procedures and to provide formalized training.” 

Richard Rodriguez, chief of facilities management and security services at the IRS, responded to the TIGTA report by saying, "Updates to our policies and procedures are drafted and we are in the process of planning the formalized training for our physical security specialists,” Accounting Today reported. Rodriguez added, “We expect to begin the new process the first quarter of fiscal year 2023.” 


Click here to see more of the latest news from the NYSSCPA.