The Internal Revenue Service can’t always be sure that former employees’ access to systems and buildings has been revoked, according to a recent report.
The Treasury Inspector General for Tax Administration estimates that the IRS could not verify that all security items were recovered from over two-thirds (66 percent) of the approximately 4,100 employees who left from the IRS during fiscal year 2014. This includes 186 who departed during a pending disciplinary case, including criminal misconduct.
TIGTA said that the IRS controls to verify that physical access to government facilities is secured when employees leave -- including a computer process that documents if security items are recovered from them -- were not effective in preventing access to government facilities and computers after employees separated.Partner Insights
The inspector general also reviewed a sample of 10 employees who left during pending disciplinary cases, and found that the IRS could not verify the recovery of the security items for six of these employees and could not provide evidence that these cases were referred to the TIGTA Office of Investigations, as required. Some of the uncollected security items were later used to enter IRS buildings.
TIGTA recommended that the IRS’s chief of agency-wide shared services update the guidance on departing employees, and develop an inventory process to include documenting the issuance of manual keys and key cards and changing combination locks, as well as confirming that computer and building access is deactivated when an employee separates.
The IRS management agreed with all the recommendations.
The Treasury Inspector General for Tax Administration estimates that the IRS could not verify that all security items were recovered from over two-thirds (66 percent) of the approximately 4,100 employees who left from the IRS during fiscal year 2014. This includes 186 who departed during a pending disciplinary case, including criminal misconduct.
TIGTA said that the IRS controls to verify that physical access to government facilities is secured when employees leave -- including a computer process that documents if security items are recovered from them -- were not effective in preventing access to government facilities and computers after employees separated.Partner Insights
The inspector general also reviewed a sample of 10 employees who left during pending disciplinary cases, and found that the IRS could not verify the recovery of the security items for six of these employees and could not provide evidence that these cases were referred to the TIGTA Office of Investigations, as required. Some of the uncollected security items were later used to enter IRS buildings.
TIGTA recommended that the IRS’s chief of agency-wide shared services update the guidance on departing employees, and develop an inventory process to include documenting the issuance of manual keys and key cards and changing combination locks, as well as confirming that computer and building access is deactivated when an employee separates.
The IRS management agreed with all the recommendations.