GAO: Internal Revenue Service financial and taxpayer data remain unnecessarily vulnerable to inappropriate and undetected use, modification and disclosure. IRS Commissioner John Koskinen agrees to develop corrective action plans to address GAO’s recommendations. GAO says the IRS did not effectively maintain the secure configuration of a key application or appropriately segregate duties by allowing a developer unnecessary access to the application. IRS’ testing methodology did not consistently determine whether required controls operated effectively, which resulted in examiners discovering control weaknesses undetected by IRS.”]
Source: https://www.govinfosecurity.com/gao-faults-irs-security-processes-a-8047