Janet Napolitano is helping Democrats sound the warning siren about cybersecurity and terrorism, but the everyday damage done by federal information systems is a lot less spectacular than the doomsday threats we are hearing in the push for a cybersecurity bill (see: The Real Cyber Threat Is From Politicians and Bureaucrats). If you plan to spend the weekend grinding out this year’s tax return, you might want to finish writing the check before you read this.
The usual White House accolades accompanied the announcement that the 2010 Improper Payments Elimination and Recovery Act was a go. A successor to a 2002 bill, the act’s goal of cutting tens of billions in improper payments sounded like a good thing, but a report released this week showed that the fanfare was premature.
Three programs were left out of the $115.3 billion in estimated bad payments for 2011,¹ including the Department of Defense’s $368.5 billion Defense Finance and Accounting Service Commercial Pay program,² which again raises the question of how much tax money our government is throwing away. The Defense Department is no stranger to improper payments, but fixing the problem seems to be an impossible task. A March 2011 inspector general’s report considered the Defense Department’s overpayments accounting “inaccurate and incomplete,”³ finding that:
Specifically, DoD [Department of Defense] did not review approximately $167.5 billion of the $303.7 billion in gross outlays for high dollar overpayments. Additionally, some overpayments were not reported, and the Overpayments Report did not include sufficient information about recoveries and corrective actions.4
A Government Accountability Office report characterized the methods used by the Defense Department to ferret out improper payments:
DOD’s payment controls are hindered by inadequate payment processing controls, poor financial systems, and inadequate supporting documentation.5
Other federal agencies do not fare much better. PaymentAccuracy.gov shows improper payment goals that only government would consider better than appalling. As much as taxpayers dislike hearing how billions of their hard earned dollars are being disposed of, the shock becomes less jarring every time a new audit is released. Where our government is concerned our standards tend to be pretty low. Still, another report released in time for tax season might give you pause to think while you sign your name to that pile of IRS forms or, scarier yet, file online.
We have no reason to think that information security at the IRS is any better than at any other federal agency, which is probably a good thing because it lessens our expectations. The GAO acknowledged that the IRS had made efforts to protect our information, but the reality is that:
… control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRS’s systems.6
Why is information security at the IRS a problem?
An underlying reason for these weaknesses is that IRS has not fully implemented a comprehensive information security program.7
Why is protecting taxpayers’ information important?
Protecting the confidentiality of this sensitive information is paramount; otherwise, taxpayers could be exposed to loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.8
Perhaps after the IRS secures its systems it can get to work on the $450 billion tax gap announced at the beginning of the year (see: Buffett Rule Will Not Apply to Tax Gap Deadbeats). Not to worry. Sign those taxes and get them to Uncle Sam on time. If you are lucky, maybe an illegal alien turned citizen with your secure information will pay your tax bill next year.