The Internal Revenue Service needs to beef up security at its facilities to address persistent threats, according to a recent report.
The the report, released Monday by the Treasury Department’s Internal Revenue Service inspector general, notes that the IRS is often the target of threats from individuals and organizations seeking to harm it. The IRS already develops and implements physical security policies, procedures and processes to address current and emerging threats to its people and facilities, but the report recommends some improvements at 532 locations across the country.
The IRS is under threat again after last month’s passage of the Inflation Reduction Act, which provides $80 billion in additional funding for the agency over 10 years, with some of the money going to increased enforcement and auditing, mostly of high-income taxpayers. and corporations. Critics have warned that the funds are going to hire tens of thousands of armed IRS agents, although much of the money should be used to hire additional Taxpayer Services employees, update outdated IRS technology and replace older employees who are retiring.
“It is important for the IRS to monitor the status of countermeasures in these locations to ensure that known security vulnerabilities are addressed,” the report said. “Without an effective management and documentation process for tracking and approving countermeasures for known security vulnerabilities, IRS employees and facilities may be at increased risk if the required countermeasure has not been implemented.”
The report notes that the IRS updated its security countermeasures procedures in response to the previous TIGTA report, but the new process did not ensure that minimum physical security measures were tracked and reviewed. The IRS’s process for documenting the tracking and monitoring of recommended countermeasures was not effective because the IRS does not consistently use a centralized system to track physical security countermeasure recommendations, approvals, enforcement actions, and related costs. As a result, TIGTA was unable to determine the status of all current recommended physical security measures at a number of IRS facilities it inspected. The report also notes that security professionals did not consistently and accurately document why they chose to reject a recommended countermeasure.
TIGTA recommended that the IRS ensure that such recommendations, approvals and denials are tracked and maintained in a central location, IRS officials agreed with the report’s recommendations and plan to implement a tool to track and maintain countermeasures in a central location, as well as update its policies and procedures and provide formalized training.
The IRS said it has already begun taking steps to address the report’s findings and recommendations. “We have completed testing and are in the final stages of implementing this tool,” Richard Rodriguez, chief of the IRS’s Facilities Management and Security Division, said in response to the report. “Updates to our policies and procedures have been developed and we are in the process of planning formal training for our physical security professionals. We plan to start the new process in the first quarter of fiscal year 2023.”