The Treasury Department‘s inspector general for tax administration has found that the Internal Revenue Service failed to mitigate security risks for randomly selected information technology contracts worth $81.3 million.
TIGTA said Tuesday that it picked 14 out of 6,045 IT contracts awarded from October 2008 through May 2014 for the audit, which sought to evaluate whether post-award controls for such contracts helped the IRS assess whether operational practices comply with contract administration procedures and policies.
TIGTA also found weaknesses in IRS’ post-award controls such as contract file documentation, security compliance reviews, contractor exclusion reviews, appointment letters of contract officers’ representatives and contract administration plans.
“It is critical that the IRS clarify information technology security risks and enforce appropriate controls with its contract review process to ensure compliance with all applicable policy and guidance for information technology contracts,” said J. Russell George, inspector general for tax administration at the Treasury Department.
TIGTA recommended that the IRS’ chief technology officer and chief procurement officer should facilitate updates to policies in an effort to offer guidance for the Security Compliance Review Checklist certification process.