Pursuant to a legislative requirement, GAO reviewed the Internal Revenue Service's (IRS) physical controls over receipts and taxpayer data.

GAO noted that: (1) IRS' controls over receipts and taxpayer data do not adequately reduce the vulnerability of the federal government and taxpayers to loss from theft; (2) this condition existed because of the length of time required to conduct background investigations, delays in receiving results of fingerprint checks, and processing demands which required the hiring of thousands of employees during the peak filing season; (3) placing new hires in sensitive positions prior to, at a minimum, receiving the results of fingerprint check increases the vulnerability of receipts and taxpayer data to theft; (4) in fact, of the 80 thefts IRS investigated at service centers from January 1995 to July 1997, 12 were committed by individuals who had previous arrest records that were not identified prior to their employment; (5) GAO also noted weaknesses in the physical controls over service center and district office receipts; (6) while service center receipts are required to be processed only by authorized individuals in the Receipt and Control Branch, which is a restricted access area, numerous receipts were found in unrestricted areas accessible to other IRS employees and to non-employees not authorized to handle receipts; (7) receipts particularly vulnerable to theft also were not adequately secured; (8) while it is important to adequately protect cash and checks received at IRS facilities, it is similarly essential to ensure that these receipts are properly protected during transport to depository institutions; (9) GAO found that single, unarmed couriers in ordinary civilian vehicles were used to transport IRS deposits totalling hundreds of millions of dollars to the depository institutions during the peak filing season; (10) the theft of one peak season deposit could place a significant administrative burden on IRS to contact taxpayers and initiate stop payment orders on tens of thousands of checks; (11) although receipts and taxpayer information will always be vulnerable to theft, IRS has a responsibility to protect the government and taxpayers from such losses; (12) many of the actions GAO is recommending to minimize these vulnerabilities and thus better protect taxpayer receipts and data would not result in significant costs, and several other actions GAO is recommending are already required by IRS policy or are currently under consideration by IRS management; and (13) IRS has prepared two corrective action plans to reduce its vulnerability to theft or loss of receipts and taxpayer data.

Click here for the full GAO Report, PDF Version, 37pgs. 344K