Part of the IRS building (Photo: Allison Bell/ALM)

Just as the IRS is implementing a six-year roadmap to modernize its systems, the Government Accountability Office has detected 14 new information security snafus in the agency’s computer systems.

The GAO states in a new report that during its fiscal year 2018 audit of the IRS, it found new information system security control deficiencies including weaknesses in access controls and in procedures to help ensure information systems are operating securely. “Weaknesses like these place IRS’ systems and data at risk,” GAO said. “IRS must keep its computer systems secure to protect sensitive financial and taxpayer information.”

GAO said the 14 new infractions, “while not collectively considered a material weakness, were important enough to merit attention by those charged with governance of IRS and therefore represented a significant deficiency in IRS’s internal control over its financial reporting systems.”

GAO assessed whether the IRS had effective controls in place to safeguard this information in the past and again during fiscal year 2018.

As of Sept. 30, 2018, GAO said that the IRS had completed corrective actions to address deficiencies associated with 46 of the 154 recommendations from its prior financial audits that we reported as open as of last July.

“One deficiency and its associated recommendation are no longer relevant because of changes in the agency’s operating environment,” GAO said. As a result, the IRS has a total of 127 open recommendations related to the information system security control deficiencies identified during GAO audits.

IRS Commissioner Charles Rettig told senators in mid-April that the agency has crafted a six-year roadmap for modernizing its systems and taxpayer services, including revamping an outdated information technology infrastructure.

The IRS’ Integrated Modernization Business Plan is expected to cost $2.3 billion to $2.7 billion over six years — including $290 million requested in President Donald Trump’s fiscal 2020 budget — to implement, Rettig told the Senate Finance Committee.

The investment, Rettig said, “will position the IRS to greatly improve and expand the services we provide to taxpayers — with new technologies such as customer callback and online notifications — while strengthening our enforcement capabilities.”

President Donald Trump signed into law on July 1 the Taxpayer First Act of 2019, legislation to redesign the IRS.