TREASURY INSPECTOR GENERAL FOR TAX
ADMINISTRATION
The Internal Revenue Service Successfully
Accounted for Employees and Restored Computer Operations After Hurricanes
Katrina and Rita
March 2006
Reference Number: 2006-20-068
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone Number |
202-927-7037
Email Address | Bonnie.Heald@tigta.treas.gov
Web Site |
http://www.tigta.gov
March 30, 2006
MEMORANDUM FOR CHIEF INFORMATION OFFICER
CHIEF,
FROM: Michael R. Phillips /s/ Michael R. Phillips
Deputy Inspector General for Audit
SUBJECT: Final Audit Report – The Internal Revenue Service Successfully Accounted for Employees and Restored Computer Operations After Hurricanes Katrina and Rita (Audit # 200620036)
This report presents the results of our review of the
Internal Revenue Service’s (IRS) efforts to protect employees and taxpayer data
in the offices affected by Hurricanes Katrina and Rita. The overall objectives of this review were to evaluate
the IRS’ preparatory actions prior to the arrival of Hurricanes Katrina and
Rita, the recovery actions taken in the Hurricanes’ aftermath, and the actions
taken to protect taxpayer data in the offices damaged by the Hurricanes. This
review was conducted in conjunction with the President’s Council on Integrity
and Efficiency (PCIE)[1] as part of its examination of relief efforts
provided by the Federal Government in the aftermath of Hurricanes Katrina and
Rita. As such, a copy of the report will
be forwarded to the PCIE Homeland Security Working Group, which is coordinating
the Inspectors’ General reviews of this important subject.
Synopsis
The IRS employs over 500 persons in the offices most affected by Hurricanes Katrina and Rita. These employees are responsible for communicating directly with taxpayers to provide customer service and enforce tax laws by examining tax returns and collecting delinquent taxes. By adequately planning and taking aggressive actions after the Hurricanes, the IRS was able to locate its employees and restore its computer operations to continue tax administration activities in the Gulf Coast area. This audit is 1 of 10 audits the Treasury Inspector General for Tax Administration is conducting to address additional tax administration issues resulting from these natural disasters.
Hurricane Katrina made landfall at the
The IRS adequately prepared for Hurricanes Katrina and Rita. The IRS had sufficiently updated its Occupant Emergency Plans[2] in May 2005 and Incident Management Plans[3] in March 2004 for the offices affected by the Hurricanes and conducted training sessions for its designated Incident Commanders.[4] It also took actions immediately prior to the Hurricanes to enhance post-hurricane employee communications, ensure continued salary payments, and minimize computer damage in its offices affected by the Hurricanes.
After the Hurricanes made landfall, the IRS took appropriate actions to expeditiously locate all employees and restore computer operations in the offices affected by the Hurricanes. Emergency Operations Command Centers were established in Nashville, Tennessee, and Dallas, Texas, immediately after Hurricanes Katrina and Rita, respectively. The IRS focused its primary attention on finding all employees in offices affected by the Hurricanes. All 517 employees in those offices were accounted for within 13 days after Hurricane Katrina, and all 35 employees were accounted for within 5 days after Hurricane Rita.
As for its computer operations in the offices affected by
the Hurricanes, the IRS restored system access to its Integrated Collection
System[5]
application from the 5 affected offices to the
However, we are unable to definitively state that taxpayer data were protected in the wake of Hurricanes Katrina and Rita because we were unable to locate seven computers from two offices affected by the Hurricanes.
· The IRS’ one-story Gulfport, Mississippi, office sustained hurricane damage that could have allowed an intruder to enter the office through a portion of the metal roof that was damaged. The building was unprotected for 2 weeks. We conducted a reconciliation of computers in that office and could not locate three desktop computers. We believe these computers may have contained taxpayer data because the computers were used by customer service and enforcement employees. The IRS had not conducted a physical reconciliation of its computers for any of the five offices affected by the Hurricanes before we began our review. As such, we could not determine if the computers were stolen by an intruder, lost during the move into temporary trailers after the Hurricane, or removed from the office prior to the Hurricane.
· We were also unable to locate four laptop computers in the New Orleans, Louisiana, Poydras Street office. The laptop computers were not assigned to specific employees and, according to the IRS, all data are routinely erased before the computers are returned to a storage room. The IRS indicated it may have reassigned the laptop computers to employees affected by the Hurricanes without updating the computer asset tracking system.
We confirmed that none of the missing computers were used to access the IRS computer network after the Hurricanes, so any loss of data would have been limited to the data on the computers.
Recommendations
We recommended the Chief, Mission Assurance and Security
Services, establish procedures to require a team of employees or government
entities to visit an office as soon as possible, but no later than 72 hours,
after a major disaster to evaluate the security of the office’s perimeter. If security has been compromised, the team
should take necessary actions to either secure the
perimeter or implement measures to prevent unauthorized access into the office. We also recommended the Chief Information Officer establish procedures to conduct
an inventory reconciliation of all computers at IRS facilities which suffer
extensive damage after any major disaster to identify possible loss or theft of
computers. This reconciliation should be
performed within 30 days after the disaster.
Response
The IRS agreed with our findings and recommendations. However, the Chief, Mission Assurance and Security Services, indicated that, depending on the type and severity of the disaster, there may be circumstances in which the IRS might be unable to physically access the affected IRS facility or the surrounding area, or not be allowed access to the affected facility or area by local authorities, within 72 hours of the disaster. The Chief, Mission Assurance and Security Services, further stated the IRS has procedures currently in place for conducting an initial and thorough damage assessment of IRS facilities affected by an incident or disaster and for providing appropriate security of IRS property and information.
The Chief Information Officer will revise the Internal Revenue Manual to include procedures for conducting an inventory reconciliation of all computers at extensively damaged IRS facilities after any major disaster. The inventory reconciliation will be performed within 30 days after a disaster pending the advice of local authorities. Management’s complete response to the draft report is included as Appendix IV.
Office of Audit Comment
We agree the procedures for damage assessment after an
incident or disaster are comprehensive; however, there is no time criterion
given for when the assessment should occur.
We acknowledge our 72-hour criterion is arbitrary, but its inclusion in
the procedures would illustrate the criticality and need to quickly assess and
protect IRS assets, including taxpayer data.
For Hurricane Katrina and the IRS’
Copies of this report are also being sent to the IRS managers affected by the report recommendations. Please contact me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at (202) 622-8510.
Appendices
Appendix
I – Detailed Objectives, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix
III – Report Distribution List
Appendix
IV – Management’s Response to the Draft Report
Hurricane Katrina made landfall at the
Because of these 2 Hurricanes, over 430 counties across Florida, Alabama, Mississippi, Louisiana, and Texas were declared disaster areas. The Internal Revenue Service (IRS) had 25 offices affected by the Hurricanes, many of which were closed for short durations due to sustained power outages. The following five offices, however, received significant damage forcing them to close for longer periods of time:
· New Orleans, Louisiana (Poydras Street).
· New Orleans, Louisiana (Hebert Building).
· Lake Charles, Louisiana.
· Gulfport, Mississippi.
· Beaumont, Texas.
The Senate Finance Committee requested the
Treasury Inspector General for Tax Administration determine whether the IRS
protected taxpayer data in the offices affected by the Hurricanes. In response to this Congressional inquiry, we
initiated a review focused on disaster preparation, recovery efforts, and the
protection of taxpayer data. This
audit is 1 of 10 audits we are conducting to address additional tax
administration issues resulting from these natural disasters.
In addition, we conducted this review in
conjunction with the President’s Council on Integrity and Efficiency (PCIE)[8] as part of its examination of relief efforts
provided by the Federal Government in the aftermath of Hurricanes Katrina and
Rita.
This review covered the five offices significantly affected by the Hurricanes and was performed in IRS offices of the Mission Assurance and Security Services organization and the Modernization and Information Technology Services (MITS) organization in New Carrollton, Maryland, and the Area Offices in New Orleans, Louisiana, and Gulfport, Mississippi, during the period November 2005 through February 2006. The audit was conducted in accordance with Government Auditing Standards. Detailed information on our audit objectives, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
The Internal Revenue Service Was Adequately Prepared
to Resume Operations at the Offices Affected by Hurricanes Katrina and Rita
The IRS maintains
several types of documents on handling emergencies and disaster preparedness. Two of these documents, the Occupant
Emergency Plans and Incident Management Plans, are pertinent to all disasters
and cover all IRS offices.
·
An Occupant
Emergency Plan is required for all IRS offices and is designed to address safety
issues of the employees and any visitors to a building at the time of an
emergency. When an emergency exists
within a building, the occupants are directed to follow an evacuation
plan. However, if the emergency exists
outside of the building, shelter-in-place plans[9] may be activated. An Occupant Emergency Plan designates
individuals to take charge and ensure the safety of the employees, the
visitors, and the facility itself. IRS
guidelines define specific potential emergencies that include fires, bomb
threats, explosions, hazardous materials, demonstrations, winter storms,
tornados, power failures, severe weather, earthquakes and other natural and
human-caused disasters. Larger employee-occupied
offices have a customized Occupant Emergency Plan tailored to the specific
office, while smaller offices have a basic Occupant Emergency Plan.
·
An Incident
Management Plan defines how to establish an Incident Management team and defines
the responsibilities of the emergency team members. An Incident Management Plan provides guidelines
for the Incident Commander[10] to follow in responding to the incident and
communicating with the National Headquarters office. An Incident Management Plan also covers the
important function of locating missing employees. As such, an Incident Management Plan provides
the structure for the Incident Commander to create and maintain an Incident
Management team where all incident response efforts are coordinated and
integrated.
We reviewed the
Occupant Emergency Plans for the five offices significantly affected by the
Hurricanes and found the specific Occupant Emergency Plans were updated by May
2005 and complied with IRS guidance and standards. The Occupant Emergency Plans for three
offices, the Beaumont, Texas, and the two New Orleans, Louisiana, offices,
provided extensive information on dealing with many different types of
emergencies. Managers in these three
offices were directed to maintain current home telephone numbers for employees
reporting to them. In addition to
providing instructions on dealing with the more common emergencies, the
Occupant Emergency Plans for these three offices covered shelter-in-place plans
and potential terrorist threats. The
abbreviated Occupant Emergency Plans for the Lake Charles, Louisiana, and
Gulfport, Mississippi, offices contained the basic information for local staff
members to deal with five types of emergencies: fire or smoke, earthquakes, severe weather,
bomb threats, and civil disturbances.
Individuals were designated specific responsibilities, and local emergency
telephone contact information was listed.
In March 2004, the
IRS issued an Incident Management Plan template to be used by its 18 Senior
Commissioner’s Representatives.[11] Each
Senior Commissioner’s Representative was to maintain the core format of the Incident
Management Plan template but could add the local contact information for the assigned
area. In April 2005, the IRS held a
training session for its Incident Commanders on the implementation of its
standardized Incident Management Plan. Coincidentally,
the emergency used during the training session was a hurricane.
In July 2004, the IRS
formed a cross-functional group, the Emergency Management and Preparedness
Working Group,[12] that meets monthly to address issues
associated with the IRS’ response to potential disasters or crises. This Group considers the overall
responsibilities of the staff during a crisis and which functional areas of the
IRS are best suited to respond to the various issues related to an
incident. The Group also defines the
roles and responsibilities of the staff designated in the Incident Management
Plan template and coordinates IRS actions and activities in the areas of
emergency management, business continuity of operations, business resumption
planning, Occupant Emergency Plans, shelter-in-place plans, Incident Management
Plans, as well as information systems disaster recovery and backup operations.
The IRS also
completed several other noteworthy actions to prepare for disasters as well as
for these Hurricanes. First and
foremost, the welfare of its employees is paramount when a disaster
occurs. For example:
·
All
managers were required to obtain personal contact information for employees in
the event of an emergency. A reminder
for this requirement was sent prior to the Hurricanes.
·
In June
2005, an emergency hotline telephone number for its employees was established as
well as an Internet web site where employees could obtain help, guidance, and
information in the event of an emergency.
·
The IRS
planned for the delivery of paychecks in the event employees could not obtain
money from their banks, and
As for pre-hurricane
computer-related efforts, local staffs from the MITS organization[14] took actions to properly shut down all services
supported by computer operations in the five offices, which minimized any
electrical damage to computer hardware and its data. In addition, the IRS had 13 servers for its
Integrated Collection Systems (ICS)[15] application in the
Overall, we believe
the IRS took adequate preparatory actions to ensure an orderly resumption of operations
in the offices affected by the Hurricanes.
In addition, the Emergency Management
and Preparedness Working Group performed a post-hurricane review of the IRS’
response to the Hurricanes and identified the following issues to improve the
IRS preparation for future disasters:
·
Clarification of the
roles and responsibilities of IRS staff members as related to disasters and
emergencies, including the establishment of national leadership roles and
responsibilities for a large-scale disaster, like the ones inflicted by
Hurricanes Katrina and Rita.
· Establishment of policies and procedures governing administrative leave, timekeeping, and temporary placement for disaster-affected employees.
· Consideration of alternate methods of communicating with displaced employees.
·
Development of a
process-flow diagram to help IRS employees understand the roles and
responsibilities of the Incident Commander and the Incident Management team
during a disaster.
· Preparation of a presentation entitled Emergency Preparedness and Response at the Internal Revenue Service to raise awareness of emergency preparedness in its employees.
· Continuation of the Emergency Management and Preparedness Working Group’s assistance to business units in the development of plans to maintain or resume IRS functional operations.
· Consideration of the legal and privacy issues surrounding employee emergency contact information.
· Revisions of written guidance for emergencies.
The Internal Revenue Service Took Aggressive
Actions to Account for Its Employees and Restore Computer Operations After Hurricanes
Katrina and Rita
While the IRS was as
prepared as possible, we acknowledge the arrival of 2 Category 5 Hurricanes in
a span of 1 month could not have been reasonably foreseen. The IRS’ Incident Management Plans did not
consider the destruction of an entire region but were focused to handle a
disruption of any single IRS site. Much
to its credit, the IRS adapted its Incident Management Plans effectively to
deal with the aftermath of the two Hurricanes.
The IRS established
Emergency Operations Command Centers[16] in
Because of the
widespread geographic damage of Hurricane Katrina and the multiple disaster-related
issues, incident management guidelines had to be adapted quickly and were
focused on operations (resumption of business), planning (tracking resources),
logistics (physical security and communications), and finance/administration
(budget, time and attendance, and procurements). The
All IRS employees were accounted for and
actions were taken to ensure their safety
From the onset of Hurricane
Katrina, the IRS’ number one priority was locating employees and providing any
needed assistance. The IRS employees
working at the Emergency Operations Command Centers in
In addition to
actions taken by the Emergency Operations Command Centers, IRS employees
assisted in locating and helping their fellow employees. For example, an IRS Criminal Investigation function
manager in the
The IRS had a total
of 517 employees displaced by Hurricane Katrina. All affected employees were located within 13
days after the disaster. Hurricane Rita
displaced 35 additional employees, 11 employees at the
Concurrent with
locating all of its affected employees, the IRS focused on assisting its
employees in maintaining basic needs.
Because the offices in
Computer operations were restored and data
were protected, but we could not locate seven computers
For the five
offices, the IRS restored system access to its ICS application within 5
workdays by moving data files from the offices affected by the Hurricanes to
its
In addition,
personnel from the MITS organization’s Enterprise Networks Division[18] assisted the
However, we are unable to definitively state that taxpayer data were protected in the wake of Hurricanes Katrina and Rita because we were unable to locate seven computers from two offices affected by the Hurricanes.
·
Of all IRS offices, the
We were unable to locate three desktop computers
in the
Because of the damage to the building and the 2-week time period when the building was unprotected, we conducted a reconciliation of the 13 computers assigned to this office. We were unable to locate three desktop computers, which were not assigned to specific employees according to the Information Technology Asset Management System, the IRS’ official computer inventory tracking system. These three desktop computers were listed as shared computers, meaning anyone in the office could use them. We were unable to identify the contents on these computers. However, the employees in this office worked for various IRS customer service and enforcement functions and often used taxpayer data to either assist taxpayers or enforce tax requirements. As a result, we believe it is likely that the missing computers contained taxpayer data.
When we initiated this review in November 2005, the IRS had not conducted a physical reconciliation of computer assets in any of the five offices affected by the Hurricanes. Therefore, we could not determine if the missing computers were stolen by an intruder, lost during the move into temporary trailers after the Hurricane, or removed from the office prior to the Hurricane.
· The IRS provides laptop computers for employees to use when they work outside of an IRS facility. The portability of laptop computers increases the likelihood of their being lost or stolen. The laptop computers may store sensitive information (e.g., taxpayer data) and they can also be used to access taxpayer data on the IRS network. To address these risks, laptop computers are equipped with upfront security controls (e.g., passwords) to limit access to the laptop computers’ contents as well as specific software to securely connect to the IRS network from offsite locations.
We conducted an inventory reconciliation
of all laptop computers in the five IRS offices affected by both Hurricanes. We identified 417 laptop computers assigned
to the 5 IRS offices (273 assigned to specific employees and 144 listed as
unassigned).[22] We were unable to account for four laptop
computers, which were listed as “In Stock” in the
We identified three possible scenarios for the missing laptop computers.
1. Personnel from the MITS organization indicated the laptop computers may have been reassigned to displaced employees and the Information Technology Asset Management System was not properly updated with the new assignments. However, during our reconciliation of the 417 laptop computers, we contacted all 273 employees assigned laptop computers in the 5 offices and determined that none of the employees had the missing computers.
2.
Hurricane
Katrina caused some damage to the
During the period when the windows remained broken, local and Federal Government officials maintained a heavily armed military and police presence in the area. Because the offices with the broken windows were visible from the main street, we believe the presence of law enforcement would have deterred anyone from attempting to enter through the broken windows. Although remote, it is possible that an intruder accessed the office and stole the laptop computers.
3.
During
our visit to the
The other three IRS offices sustained minor exterior damage, but entry points into the offices were not damaged and showed no signs of unauthorized entry.
In addition to our reconciliation of laptop computers, we evaluated the validity of network connections made from laptop computers. IRS employees can connect to the network either through the local area network in the office or by secure communication channels using telephone lines or high-speed cable connections in their homes. We identified 118 laptop computers assigned to employees who connected to the IRS network within 1 month after Hurricane Katrina made landfall or within 1 week after Hurricane Rita made landfall. We contacted employees for all 118 laptops and confirmed the connections were legitimate and made by IRS employees. Using IRS software, we also confirmed none of the seven missing computers identified during our review were used to access the IRS network after the Hurricanes, so any loss of data would have been limited to the data on the computers.
Recommendations
Recommendation 1: The Chief,
Mission Assurance and Security Services, should establish procedures to require
the IRS Incident Commander to send a small team of employees or other
government entities to affected IRS offices as soon as possible, but no later
than 72 hours, after a major disaster to assess each office’s structural state
and ensure secure perimeters are maintained.
If perimeter security has been compromised, the team should take actions
to either secure the perimeter or implement measures to prevent unauthorized
access into the office.
Management’s Response: The IRS concurred with this recommendation. However, the Chief, Mission Assurance and Security Services, indicated that, depending on the type and severity of the disaster, there may be circumstances in which the IRS might be unable to physically access the affected IRS facility or the surrounding area, or not be allowed access to the affected facility or area by local authorities, within 72 hours of the disaster. The Chief, Mission Assurance and Security Services, further stated the IRS has procedures currently in place for conducting an initial and thorough damage assessment of IRS facilities affected by an incident or disaster and for providing appropriate security of IRS property and information.
Office of Audit Comment: We agree
the procedures for damage assessment after an incident or disaster are
comprehensive; however, there is no time criterion given for when the
assessment should occur. We acknowledge our
72-hour criterion is arbitrary, but its inclusion in the procedures would
illustrate the criticality and need to quickly assess and protect IRS assets,
including taxpayer data. For Hurricane
Katrina and the IRS’
Recommendation 2: The Chief Information Officer should
establish procedures to conduct an inventory reconciliation of all computers at
IRS facilities which suffer extensive damage after any major disaster to
identify possible loss or theft of computers.
This reconciliation should be performed within 30 days after the
disaster.
Management’s Response: The IRS concurred
with this recommendation. The Chief
Information Officer will revise the Internal Revenue Manual to include
procedures for conducting an inventory reconciliation of all computers at
extensively damaged IRS facilities after any major disaster. The inventory reconciliation will be
performed within 30 days after a disaster pending the advice of local
authorities.
Appendix I
Detailed Objectives,
Scope, and Methodology
The overall objectives of this review were to evaluate the
Internal Revenue Service’s (IRS) preparatory actions prior to the arrival of Hurricanes
Katrina and Rita, the recovery actions taken in the Hurricanes’ aftermath, and the
actions taken to protect taxpayer data in the offices damaged by the Hurricanes. We focused our review on the five IRS offices
which received significant damage and were forced to close for long periods of
time:
I. To determine whether the IRS was adequately prepared for a disaster of the magnitude of Hurricane Katrina and whether IRS business resumption plans could be improved to prepare for future disasters, we:
A. Assessed the IRS’ overall preparedness for disaster recovery and business resumption efforts related to buildings, equipment, and personnel by reviewing the:
· Occupant Emergency Plans[23] for the five offices.
· Incident Management Plan[24] template provided to all 18 of the IRS’ Senior Commissioner’s Representatives.[25]
· Internal Revenue Manual sections related to emergency preparedness.
· Training session presentation for Incident Commanders.[26]
· Leader’s Digest articles on a nationwide emergency contact telephone number and about how to obtain emergency information through the Internet.
B. Assessed the IRS’ post-disaster recovery and business resumption activities related to buildings, equipment, and personnel. We:
1.
Interviewed
the Incident Commander of the
2. Reviewed the following documents relating to activities after the Hurricanes made landfall.
· The IRS’ summary document sent to the Department of the Treasury that included the lessons learned from the disasters.
· Minutes of the IRS’ Emergency Management and Preparedness Working Group[29] meetings held after the two Hurricanes.
· The IRS’ summary of temporary duty assignments provided to employees in the affected areas.
C. Assessed the preparedness disaster recovery and business resumption efforts related to buildings, equipment, and personnel by reviewing documentation from the IRS’ Modernization and Information Technology Services organization,[30] including logs of daily backup tapes and the policies and procedures for the business continuity.
D. Assessed the post-disaster recovery and business resumption activities related to protection of taxpayer data through research of email messages made in the post-Hurricane aftermath. We focused on messages relating to the following important activities.
· Restoration of network service to the users in the affected areas, including obtaining equipment, changing the physical location of the servers, transporting backup tapes to another city, and providing network connectivity to the data files.
·
Additional activities to assist other Federal
Government bureaus and agencies, such as the Federal Emergency Management
Agency[31]
and the
II. To determine whether taxpayer data had been adequately protected within IRS office buildings affected by Hurricanes Katrina and Rita, we:
A. Met with Mission Assurance and Security Services[33] organization personnel and local officials to determine whether any incidents of vandalism or theft had been reported and addressed.
B. Obtained the latest status of visits and assessments made by the IRS related to the five offices affected by the Hurricanes.
C. Determined whether damage assessments indicated a lack of physical security of IRS office space and conducted further tests to determine whether physical data loss occurred. We:
1.
Identified
the inventory of 13 computers assigned to the
2. Conducted a physical reconciliation of the 13 computers to ensure all computers were accounted for properly.
3. For three missing computers, identified possible content of the computers by profiling the employees who used the computers.
III. To determine whether taxpayer data had been adequately protected outside of IRS office buildings in areas affected by Hurricanes Katrina and Rita, we:
A. Met with personnel from the Mission Assurance and Security Services and the Modernization and Information Technology Services organizations to determine whether the IRS had initiated any efforts to identify missing or lost laptop computers of those employees affected by the disasters.
B. Identified 417 laptop computers on the Information Technology Asset Management System assigned to the 5 offices affected by the disasters as of October 7, 2005.
C. Conducted a reconciliation of the 417 laptop computers to ensure they were accounted for properly.
1. For the 273 laptop computers assigned to specific employees, we obtained current email addresses and contact telephone numbers for the employees and contacted the employees to confirm the computer name and bar code of each employee’s laptop computer.
2. For the 144 laptop computers not assigned to specific employees, we conducted a physical reconciliation to ensure all laptop computers were accounted for properly.
3. For four missing laptop computers, we identified the possible content of the computers through discussions with local Information Technology Service organization personnel.
IV. To determine whether employee user accounts in the five offices were compromised and used to make unauthorized accesses, we:
A. Met with Mission Assurance and Security Services organization personnel to identify all reported incidents as a result of the Hurricanes in the affected five offices, particular those pertaining to compromised user accounts or unauthorized accesses.
B.
Analyzed
Tivoli® data for the 417 laptop computers to identify 118 laptop
computers for which Tivoli® recorded a successful network connection
after the Hurricanes made landfall. The
remaining 299 laptop computers had not connected to the network after the Hurricanes
made landfall, as of October 7, 2005.
C. Contacted the employees assigned to the 118 laptop computers to confirm they used their laptop computers to connect to the IRS network.
Appendix II
Major Contributors
to This Report
Margaret
E. Begg, Assistant Inspector General for Audit (Information Systems Programs)
Steve
Mullins, Director
Kent
Sagara, Audit Manager
Dan
Ardeleano, Senior Auditor
Jacqueline
Nguyen, Senior Auditor
Midori
Ohno, Senior Auditor
Larry
Reimer, Senior Auditor
Stasha
Smith, Senior Auditor
Appendix III
Commissioner C
Office of the
Commissioner – Attn: Chief of Staff C
Deputy
Commissioner for Operations Support OS
Chief, Agency-Wide Shared Services OS:A
Deputy
Chief,
Director, Communications, Liaison, and Disclosure SE:S:CLD
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of
Program Evaluation and Risk Analysis
RAS:O
Office of
Management Controls OS:CFO:AR:M
Audit Liaisons:
Chief
Information Officer OS:CIO
Chief,
Mission Assurance and Security Services
OS:MA
Management
Controls Coordinator, Agency-Wide Shared Services OS:A:F
Appendix IV
Management’s
Response to the Draft Report
The
response was removed due to its size. To
see the response, please go to the Adobe PDF version of the report on the TIGTA
Public Web Page.
[1] The PCIE was established by Executive Order 12805, May 11, 1992, to address integrity, economy, and effectiveness issues that transcend individual Federal Government agencies and to increase the professionalism and effectiveness of Inspector General personnel throughout the Federal Government. The PCIE is primarily comprised of the Presidentially appointed Inspectors General.
[2] An Occupant Emergency Plan contains the procedures for employees to follow during an emergency situation.
[3] An Incident Management Plan describes the overall coordinated actions to be taken by the Incident Management team to ensure recovery and restoration of a facility when an incident occurs.
[4] An Incident Commander is directly responsible for frontline management of an incident. The Incident Commander, in conjunction with other onsite business team managers, will develop and implement response strategies and use existing disaster preparedness documents for the recovery of business operations.
[5] The Integrated Collection System is a case processing application that supports IRS employees who work delinquent taxpayer cases (i.e., taxpayers who have not filed tax returns or paid tax obligations).
[6] The Modernization and Information Technology Services organization is responsible for supporting the IRS on Information Technology issues, which include protecting and restoring computer operations and locating all computers after a disaster.
[7] The
[8] The PCIE was established by Executive Order 12805, May 11, 1992, to address integrity, economy, and effectiveness issues that transcend individual Federal Government agencies and to increase the professionalism and effectiveness of Inspector General personnel throughout the Federal Government. The PCIE is primarily comprised of the Presidentially appointed Inspectors General.
[9] Shelter-in-place plans address certain emergency situations where circumstances dictate that building occupants remain inside the building rather than trying to evacuate.
[10] An Incident Commander is directly responsible for frontline management of an incident. The Incident Commander, in conjunction with other onsite business team managers, will develop and implement response strategies and will use existing disaster preparedness documents for the recovery of business operations.
[11] Senior Commissioner’s Representatives are designated representatives authorized to act on behalf of the Commissioner/Deputy Commissioners in cross-functional and certain other administrative areas. The 18 Senior Commissioner’s Representatives cover all IRS offices nationwide and are generally the Incident Commanders for their respective areas when a disaster occurs.
[12] The Emergency Management and Preparedness Working Group is led by the Associate Director, Emergency Management Program Office, under the Mission Assurance and Security Services organization. The Group is tasked with improving and revising the IRS’ guidance to employees in managing future emergency situations.
[13] Western Union is a global leader in money transfer services with more than 225,000 agent locations worldwide.
[14] The MITS organization is responsible for supporting the IRS on Information Technology issues, which includes protecting and restoring computer operations and locating all computers after a disaster.
[15] The ICS is a case processing application that supports IRS employees who work delinquent taxpayer cases (i.e., taxpayers who have not filed tax returns or paid tax obligations). An ICS server is a computer devoted primarily to the operation of the ICS application.
[16] The Emergency Operations Command Center serves as the command post for all incident management decisions and coordinates the business resumption for IRS offices affected by a disaster.
[17] The Human Capital Office reports to the Deputy Commissioner for Operations Support. Its mission is to provide human capital strategies and tools for recruiting, hiring, developing, and retaining a highly skilled and high performing workforce to support tax administration.
[18] The mission of the Enterprise Networks Division is to positively satisfy IRS business units’ requirements by providing all forms of electronic communications in the most efficient and effective manner. This Division is responsible for managing the design and engineering of the telecommunications environment.
[19] The National Finance Center is a United States Department of Agriculture operation which provides payroll, personnel, administrative payments, accounts receivable, property management, budget, and accounting activities for its own agency as well as for over 130 other Federal Government agencies.
[20] The Federal Emergency Management Agency under the Department of Homeland Security is tasked with responding to, planning for, recovering from, and mitigating against disasters.
[21] Reconfiguring computers entailed the changing of settings of each computer so the computer would connect to the Federal Emergency Management Agency’s network while residing on the IRS’ computer infrastructure.
[22] The
[23] An Occupant Emergency Plan contains the procedures for employees to follow during an emergency situation.
[24] An Incident Management Plan describes the overall coordinated actions to be taken by the Incident Management team to ensure recovery and restoration of a facility when an incident occurs.
[25] Senior Commissioner’s Representatives are designated representatives authorized to act on behalf of the Commissioner/Deputy Commissioners in cross-functional and certain other administrative areas. The 18 Senior Commissioner’s Representatives cover all IRS offices nationwide.
[26] An Incident Commander is directly responsible for frontline management of the incident. The Incident Commander, in conjunction with other onsite business team managers, will develop and implement response strategies and will use existing disaster preparedness documents for the recovery of business operations.
[27] The Emergency Operations Command Center serves as the command post for all incident management decisions and coordinates the business resumption for IRS offices affected by a disaster.
[28] The Emergency Management Program Office, under the Mission Assurance and Security Services organization, develops policies, procedures, and processes to ensure optimal preparedness and effective management of incidents affecting IRS critical functions.
[29] The Emergency Management and Preparedness Working Group is led by the Associate Director, Emergency Management Program Office, under the Mission Assurance and Security Services organization. The Group is tasked with improving and revising the IRS’ guidance to employees in managing future emergency situations.
[30] The Modernization and Information Technology Services organization is responsible for supporting the IRS on Information Technology issues, which include protecting and restoring computer operations and locating all computers after disasters.
[31] The Federal Emergency Management Agency under the Department of Homeland Security is tasked with responding to, planning for, recovering from, and mitigating against disasters.
[32] The National Finance Center is a United States Department of Agriculture operation which provides payroll, personnel, administrative payments, accounts receivable, property management, budget, and accounting activities for its own agency as well as for over 130 other Federal Government agencies.
[33] The mission of the
Mission Assurance and Security Services organization is to support the vital
mission of the IRS by assuring the security and resilience of critical Agency
functions and business processes.
[34] The Information Technology Asset Management System is the IRS’ official computer inventory tracking system.
[35] Tivoli® is a registered trademark owned by International Business Machines.