IRS

IRS needs better controls for IT contracts

Editor's Note: This story originally appeared on FCW.com   

The IRS needs better controls for its IT contracts, which account for $3.3 billion in annual spending, to meet federal requirements to protect agency systems and sensitive information, according to a review conducted by the Treasury Inspector General for Tax Administration.

Auditors examined controls in "high-risk contract administration areas" and identified two in which controls were inadequate. First, the IRS needs to clarify guidance to ensure consistent and reliable use of IT contract reviews throughout a contract's life cycle. Second, the IRS needs to reassess its approach to fraud control.

The report states that there were control inadequacies in the IRS' security compliance reviews, contract file documentation, contractor exclusion reviews, contract administration plans and contracting officer's representative appointment letters.

Current guidance mandates that security checklists for IT contracts be submitted to the Office of Cybersecurity for review and certification. However, the office was not provided checklists for any of the contracts sampled by TIGTA.

Additionally, the Internal Revenue Manual and the guidance for security compliance reviews did not provide clear instructions about what triggers further reviews from the Office of Cybersecurity and do not adequately document risk mitigation controls.

Officials in the Office of Cybersecurity told auditors that they have begun to update and bolster the security checklist and policies for IT contracts to comply with the Federal Information Technology Acquisition Reform Act and the Federal Information Security Modernization Act.

Auditors also found that the IRS did not consistently adhere to operational and fraud controls. Contractor exclusion reviews, which assess whether a company is precluded from receiving an IRS contract, were not consistently conducted or documented in agency records. Contractors can be excluded because of delinquent federal taxes, violations of government contracts or convictions of tax evasion, embezzlement or various forms of fraud.

Furthermore, IRS officials are supposed to appoint qualified employees -- through an appointment letter to clarify and ensure a separation of duties -- to review and monitor all contracts that exceed $150,000. However, auditors found that appointment letters were not consistently issued, meaning the IRS could not verify whether the assigned duties were completed.

Auditors recommended that the IRS clarify its guidance for completing the security compliance review checklists and regularly update that guidance.

Additionally, they recommended that the IRS ensure that all procurement documents relating to federal and IRS guidance are saved and that the agency update its policy to require information on post-award contract duties to be maintained in agency records, as required by federal guidance.

IRS officials generally concurred with the recommendations.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Reader Comments

Mon, Nov 14, 2016 Jarlman Brownlee

Yes, the president-elect will get right on this. Seriously, the IRS has been a failing IT systems contract overseer since the 1980s. Virtually all of the big IT systems houses have gotten big bucks, largely failed, but still gotten paid. (Exception--CSC was tagged out for bungling a lot work and did lose a lot of money, but still staggered back to the trough.) It will be interesting to see whether a new Secy. of the Treasury and new IRS Commissioner can finally get hold of this. Trump is a lot things, but he does not like waste and certainly does not like paying for failure. Many contractors may need to recalibrate their ability to get paid when they take work that is difficult and bungle it.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.