On average, 42% of IRS supervisors sampled in the audit certified that they had reviewed security reports showing whether their staffers gained access to taxpayer information without authorization.
The certification rate ranged from a low of 15% for IRS supervisors in Austin to a high of 75% for their Brookhaven, N.Y., counterparts, according to the audit by the Treasury Inspector General for Tax Administration.
"As a result, employees may be browsing their spouses' or other employees' tax information with little chance of detection," the audit concluded.
Underscoring the potential danger, auditors reported that they found "a clear violation" of data safeguards designed to prevent unauthorized access to taxpayer information during a site visit to one unidentified IRS location.
Auditors also said the IRS paid a government contractor $2.4 million for the data security system in 2002, even though it did not completely meet the agency's requirements. The IRS did not renew the contract last year because the contractor was unable to develop an anticipated upgrade.
Auditors recommended that the IRS emphasize the importance of reviewing data security reports and hold managers accountable. They also recommended that the agency hire a new contractor quickly to upgrade the security system. The IRS agreed with most of the recommendations.
Nonetheless, the audit results prompted criticism from Sen. Max Baucus, D-Mont., the ranking minority member on the Senate Finance Committee.
"With recent reports of security breaches at the VA (Veterans Affairs) and the Social Security Administration, it's unbelievable that IRS isn't doing what it takes to keep information safe in-house," Baucus said.