20161817251_46fd35f36c_z

The IRS has failed to upgrade Windows software on its computers and servers by end of life deadlines, despite being expected to spend almost $140 million in taxpayer funds, according to a recently released report by the Treasury Inspector General for Tax Administration (TIGTA). The agency has already spent four years upgrading this technology, but is yet to upgrade half of its servers.

In all, the IRS had 110,000 workstations to upgrade from Windows XP and 6,000 servers to upgrade from Windows Server 2003. This process officially began in April 2011, but the IRS did not actually begin upgrades until September 2012, 17 months later. Progress was so unsatisfactory that the agency’s Chief Technology Officer began to directly oversee this process. As the report notes:

“Because the Windows 7 effort was not making sufficient progress in its completion, the Chief Technology Officer (CTO) made the decision in July 2012 to oversee the Windows 7 upgrade directly due to its complexity and magnitude.”

At the time of the TIGTA report, the IRS still has not upgraded half of its windows servers despite the “new” operating system being seven years old, and the current system being out of date and unsupported by Microsoft. However, it has completed upgrades for “most” computers although over 1,000 machines remain unaccounted for.

It is important that operating systems are up-to-date because, they are crucial as “a foundation to allow all other programs, software, and applications to run on the computers.” Since the IRS handles sensitive taxpayer information on a day-to-day basis, it is even more important that operating systems are up to date. As TIGTA points out, the agency’s failure to do so leaves taxpayer information at risk:

“For the IRS, the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft.  Further, network disruptions and security breaches may prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries.”

TIGTA concluded that the agency’s process for upgrading both its servers and computers lacked “sufficient oversight” and accountability and there was insufficient planning regarding costs, security implications, and amount of time necessary.