A recent audit[pdf] of the Internal Revenue Service (IRS) by the United States Government Accountability Office (GAO) exposed 14 shortcomings in relating to information system security control. The deficiencies undermined access control (8), configuration management control (4), segregation of duties (1), and contingency planning (1).
The report also found that as of September 2018, the IRS had implemented 46 of 154 recommendations made in previous audits. Since one recommendation no longer applied, 107 recommendations still needed to be addressed. The recent audit has added an additional 20 recommendations.
Read more: Report Finds New Deficiencies in IRS Data Security Security Controls