Journal of Accountantcy
By Sally P. Schreiber, J.D.

The IRS continues to have challenges protecting taxpayer data, and especially ensuring that its various applications provide complete and accurate audit trails, according to the Treasury Inspector General for Tax Administration (TIGTA). TIGTA issued a report that highlights IRS shortcomings and challenges, titled Most Internal Revenue Service Applications Do Not Have Sufficient Audit Trails to Detect Unauthorized Access to Sensitive Information (TIGTA Rep't No. 2020-20-033).

The new report is an update of a 2015 TIGTA audit that found similar issues with the IRS's protection of taxpayer data. Audit trails have been a challenge for the IRS since at least 1997, and while the Service has made some progress in implementing solutions to address audit trail problems, TIGTA says the solutions are not effective.

In the report, TIGTA found the IRS could not provide an accurate inventory of all applications that store or process taxpayer data and personally identifiable information (PII), which refers to taxpayer, financial, or employee information that identifies a taxpayer or entity. This inventory is critical as a baseline for all applications that need to be monitored for potential unauthorized access by employees and cybercriminals. These applications are required to provide audit trail records to a repository used for investigations.Read more.