Lois G. Lerner’s hard drive isn’t the only technological problem at the Internal Revenue Service.
The tax agency’s inspector general has been warning for years of lost computer equipment, lax security that could place private taxpayers’ information at risk, and mishandled information technology contracts that wasted tens of millions of dollars.
The reports are being disclosed as the IRS says its technology budget is strapped for cash, one reason the agency didn’t have a backup system to store all of Ms. Lerner’s emails that are the subject of a congressional investigation.
“We are provided significant amounts of money but significantly less than we need,” IRS Commissioner John Koskinen testified to Congress last week as he faced scrutiny over Ms. Lerner’s emails from 2009 through 2011.
Many of those emails were lost when Ms. Lerner’s computer hard drive crashed.
The explanation about the need for more money didn’t sit well with Republicans.
“That’s a very bogus argument,” said Rep. John L. Mica, Florida Republican. “It’s not just more money or more personnel. It’s probably smarter personnel in the administration of these programs. Maybe the government’s just not capable of [running] an IT system, particularly IRS.”
Agencies across the administration have a backlog of reports about technology problems, but those at the IRS have become well-known because of the congressional investigation.
The IRS has a backlog of up to $500 million in requested technology upgrades. Mr. Koskinen said thousands of employees are still using the Windows XP operating system, which Microsoft no longer supports.
“We’re trying to move on to Windows 7,” he said.
House Oversight and Government Reform Committee Chairman Darrell E. Issa, California Republican, said technological problems don’t excuse what he called an IRS pattern of illegal obstruction and political bullying.
“The Archivist of the U.S. has testified that the IRS has not followed the law with its electronic record keeping.” he said. “We’ve also been aware of larger-scale issues with technology management at the agency. It’s not a problem of sufficient funds or resources. Instead, IRS has been a poor steward of taxpayer money in addition to the past targeting Americans for their political beliefs.”
Auditors also found that bad management or poor oversight, not money, sometimes is the problem.
A March 2013 Government Accountability Office report found that the IRS failed to follow through on one-fifth of 58 IT-related recommendations despite assurances that it had.
In some cases, the agency did not properly store passwords or used low-strength passwords.
“Until IRS appropriately controls users’ access to its systems and effectively implements its procedures for authorization, the agency has limited assurance that its information resources are being protected from unauthorized access, alteration, and disclosure,” the GAO report said.
The report did find that the IRS had proper contingency planning and backup procedures in place “to ensure recovery of its data and information system resources” in case systems were down — the issue at the heart of Ms. Lerner’s missing emails.
The agency said it would cost more than $10 million to upgrade its systems to allow employees unlimited access to archived emails, a similar amount to what the IRS says is has cost to comply with congressional investigations into the improper targeting of tea party and other conservative groups for additional scrutiny.
The inspector general found that the tax agency needed more oversight in its hardware maintenance division and the IRS was still paying several contracts for hardware that had been retired.
“As a result of the lack of coordination and oversight, the IRS paid for services it did not receive or need,” the auditor said.
In April, the Treasury inspector general for tax administration issued a study showing that the IRS wrote off a number of old computers, printers and hard drives that were not unaccounted for. The auditor sampled 43 items reported missing or stolen and found 37 were reported improperly.
In the process of its investigation, the inspector general’s office identified 878 other IT assets included in disposal documents and written off in the inventory system as lost “because the IRS lost accountability for these assets.”
In response, the IRS agreed to improve its reporting but said it could do so only with more money.
“Obviously, I have a problem with their communication system,” said Mr. Mica. “Some of it isn’t recorded, or if it’s lost it isn’t reported.”
In a separate report from September, the Treasury inspector general selected a sample of 146 pieces of IT equipment at the Brookhaven, New York, and New Carrollton, Maryland, IRS buildings to physically verify, and could not locate the items or find supporting documentation for 34 of them.
The items unaccounted for were valued at $948,310. In a separate sample, 117 of 242 pieces were missing, retired, could not be found or had inaccurate data entered.
The inspector general wrote that an inaccurate and incomplete inventory system “exposes the IRS to the loss or theft of its assets” and that the lax record-keeping was a result of a reduction in staffing.
The IRS agreed to perform data review and analysis to update its incident reporting system in response to recommendations from the auditor.
Beyond physical hardware, the Treasury inspector general said specific IT investments were grossly underreported or improperly budgeted on multiple occasions.
In a 2007 follow-up report to accounting issues, one customer account project omitted $231 million, or 78 percent, of the total costs of $296 million incurred as of June 2005, and a separate project to modernize electronic filing omitted $83 million, or 54 percent, of the costs of $154 million to that point.
In response, the IRS assigned an analyst to coordinate with the Treasury Department to track labor and management cost allocations and assigned other personnel to increase oversight.
In its most recent annual assessment, the Treasury’s inspector general did note progress from the IRS: The GAO downgraded information security from a “material weakness” to a “significant deficiency.” But the office also said in the September report that the agency does not have enough operational employees with security clearances to handle classified information.