PDF - Department of the Treasury
PDF - Department of the Treasury
PDF - Department of the Treasury
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IRS management agreed to consider<br />
alternative methods to forecast revenue.<br />
However, IRS management does not plan to<br />
use data that is more specific to <strong>the</strong><br />
initiatives, because it does not believe <strong>the</strong><br />
investment <strong>of</strong> time and resources needed to<br />
generate refined estimates would be a<br />
prudent use <strong>of</strong> resources. TIGTA does not<br />
believe <strong>the</strong> use <strong>of</strong> more specific data would<br />
require more effort.<br />
Report Reference No. 2005-10-159<br />
Security <strong>of</strong> <strong>the</strong> IRS<br />
Homeland Security Presidential<br />
Directive/HSPD-7, Critical Infrastructure<br />
Identification, Prioritization, and<br />
Protection dated December 17, 2003,<br />
established a national policy for Federal<br />
agencies to protect critical national<br />
infrastructure and key resources from<br />
terrorist attacks. HSPD-7 required all<br />
Federal agencies to develop plans to protect<br />
<strong>the</strong>ir critical infrastructure by July 31, 2004.<br />
The IRS timely provided <strong>the</strong> <strong>Department</strong> <strong>of</strong><br />
<strong>the</strong> <strong>Treasury</strong> a list <strong>of</strong> 19 critical assets that<br />
had been identified in <strong>the</strong> latter part <strong>of</strong><br />
1998, in response to The Policy on Critical<br />
Infrastructure Protection: Presidential<br />
Decision Directive (PDD-63), dated<br />
May 1998.<br />
Operational and technical controls for<br />
critical systems have not been adequately<br />
tested and prioritized. In addition, plans for<br />
correcting identified weaknesses are<br />
insufficient. TIGTA believes IRS<br />
management has been slow to accept<br />
responsibility for <strong>the</strong> security <strong>of</strong> its systems,<br />
and has not devoted sufficient attention to<br />
testing and correcting security weaknesses.<br />
The <strong>Department</strong> <strong>of</strong> <strong>the</strong> <strong>Treasury</strong> also<br />
required all bureaus to update <strong>the</strong>ir lists <strong>of</strong><br />
critical infrastructure by September 2005.<br />
At <strong>the</strong> time this audit was completed, <strong>the</strong><br />
IRS was still in <strong>the</strong> process <strong>of</strong> performing<br />
<strong>the</strong> analysis necessary to identify its critical<br />
assets and expected to have it completed by<br />
<strong>the</strong> deadline. However, because <strong>the</strong> IRS<br />
does not have a process to regularly review<br />
its inventory <strong>of</strong> critical assets, TIGTA<br />
recommended that <strong>the</strong> IRS confirm at least<br />
annually <strong>the</strong> accuracy and completeness <strong>of</strong><br />
its critical assets list. The IRS agreed with<br />
<strong>the</strong> recommendations and will ensure<br />
corrective action is taken.<br />
Report Reference No. 2005-20-108<br />
Integrating Performance<br />
and Financial Management<br />
The IRS has made progress in improving its<br />
administration <strong>of</strong> <strong>the</strong> Earned Income Tax<br />
Credit (EITC) Program. The IRS<br />
developed <strong>the</strong> EITC Reform Initiative to<br />
address backlogs <strong>of</strong> EITC Program<br />
examinations, minimize taxpayer burden<br />
during <strong>the</strong> audit process, enhance<br />
compliance efforts, and pilot a certification<br />
process for higher-risk taxpayers. The IRS<br />
also established long-term performance<br />
goals and measures to evaluate its progress<br />
in improving <strong>the</strong> Program, and appointed an<br />
executive to head <strong>the</strong> EITC Office.<br />
This executive however, faces <strong>the</strong> difficulty<br />
<strong>of</strong> holding accountable <strong>the</strong> functions that<br />
complete EITC Program work, since most<br />
<strong>of</strong> <strong>the</strong>se functions do not report to <strong>the</strong> EITC<br />
Office. The EITC Office developed<br />
Service Level Agreements that document<br />
12 April 1, 2005 to September 30, 2005