IRS Asked to Improve Security at its Offices

November 15, 2013

The Internal Revenue Service needs to take additional steps to improve security at some of its facilities, according to a new report.

Due to the nature of the IRS’s mission, the organization remains a target for those who are angry at the tax system or the government, the report noted. Threats of violence directed at the IRS’s 100,000 employees at more than 600 facilities throughout the country have increased during a time of continued financial hardship. In the one-year period between October 2010 and September 2011, there were more than 1,400 reported threat incidents directed towards IRS employees and infrastructure.

The report, by the Treasury Inspector General for Tax Administration, identified deficiencies in the IRS’s Physical Security Risk Assessment Program and found that most but not all IRS facilities received risk assessments as required. As a result, the IRS may have security vulnerabilities that are not identified and addressed in a timely manner, thereby placing IRS employees and taxpayers at risk.

IRS employees may be exposed to many difficult, threatening, and even extremely dangerous situations because of daily and ongoing interactions with the public, an earlier report released in January noted.

The IRS is required to conduct comprehensive and timely risk assessments to identify and address vulnerabilities in physical security. The overall objective of TIGTA’s latest review was to determine whether physical security risk assessments were conducted as required at all IRS facilities, said Accounting Today.

The new report found that while the IRS completed risk assessments at nearly all of its facilities, it did not review 14 facilities. Five of those facilities remained open as of calendar year 2013 and the other nine facilities were closed prior to calendar year 2013.

In addition, the IRS did not conduct risk assessments at 49 other facilities that were not specifically occupied by IRS employees but were located in or adjacent to IRS facilities. These 49 facilities, which included childcare centers, parking lots and garages, storage units, and a credit union, are not specifically occupied by IRS employees. The IRS said that security at those buildings were the responsibility of the Federal Protective Service but did not provide evidence that that the facilities received a risk assessment.

Completed risk assessments prepared by the IRS identified numerous needs for additional security countermeasures, such as posting signs advising of video surveillance or relocating walls to allow security guards to see visitors entering the facility. However, TIGTA found that some countermeasures were not acted upon. The IRS cited resource constraints as a reason that countermeasures were not implemented, said Accounting Today.

TIGTA made seven recommendations to the IRS’s director of physical security and emergency preparedness. IRS management agreed with the recommendations and plans to implement corrective actions to address them. For example, the IRS plans to ensure that inventory records include all relevant information and develop a process to ensure that required countermeasures are in place and functioning at all Taxpayer Assistance Centers.

“Ensuring the security of IRS employees, facilities and taxpayers is of the utmost importance to us,” IRS chief of agency-wide services David A. Grant wrote in response to the report.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

IRS Asked to Improve Security at its Offices

Related Articles

Related Products

Report Abusive Comment