The Internal Revenue Service (IRS), America’s tax collector, no longer has a significant IT controls deficiency, auditors said this week – in what commissioner Danny Werfel described as a “momentous achievement.”
The IRS, which collected $5.1 trillion in taxes in 2024, has long struggled with a sclerotic collection of IT systems. Until recently it was running over 600 applications, many of them over 20-years-old and custom-built.
But a new audit by the Government Accountability Office (GAO) rewarded 2024’s efforts with a pat on the back – saying [pdf] that the IRS “worked diligently during FY 2024 to enhance its information technology security posture and resolved the long-standing Information System Controls.”
The Stack extends our congratulations to IRS Chief Information Officer (CIO) Rajiv Uppal who joined in early 2024, and his hard-working team.
Among the IRS’s recent successes: Modernisation of its central financial system – built on three SAP software components; a central planning ERP; “Procurement for Public Sector”; and “Business Warehouse” units.
IRS IT modernisation in 2025
During 2024, the GAO said, IRS modernisation included:
• Migration to the SAP National Security Services S/4HANA Cloud
• Improved invoicing functionalities in the Integrated Financial System.
• SAP and Business Warehouse software upgrades.
• System-wide legislative, technical and cybersecurity upgrades.
Among the latter were "enhanced security audit trails and advanced logging, advanced cybersecurity monitoring, cyber fraud analytics, and incident response capabilities to reduce risk and ensure high availability of IRS systems and applications" its annual report showed.
Security audits meanwhile were" completely modernized by consolidating all audit trail data repositories into a centralized monitoring tool."
See also: Exclusive: CISA’s $7 billion CDM program aims to provide pan-federal cybersecurity. Is it delivering?
Its priorities for 2025 include: “Providing up to 150 non-tax forms in digital mobile-friendly formats in addition to the 20 delivered in FY 2024.”
The IRS also plans to scan “at the point of entry virtually all paper-filed tax and information returns; simplifying notices by redesigning up to 200 notices, capturing 90% of all notice volume for individual taxpayers; and initiating business process changes necessary to… reduce taxpayer burden; modernizing foundational technology and aged programming from the point of intake of tax returns and information systems.”
All positive steps in a challenging environment.
But as the IRS also notes, its “business systems modernization activities” were “zeroed out” (cut) from its fiscal 2023 and fiscal 2024 funding package, so it is now reliant on funding from 2022’s “Inflation Reduction Act” to digitally transform – and that will run dry far too soon, it warned.
“ With the absence of discretionary business systems modernization funding, the IRS estimates it is currently underfunded by nearly $3 billion through FY 2031 for funds dedicated to information technology modernization.
As a result, it estimates that its "business systems modernization funds" will be exhausted in less than 18 months. As a result, it said; "automation solutions will be scaled back... cyber and cloud work will be truncated, increasing the risk for failure of IRS systems and cyber-attacks; work on digital solutions including Taxpayer 360 (a new platform designed to provide a more seamless and efficient experience for both taxpayers and customer service representatives), expanded payment functionality, and other important modernization efforts will be stopped..."
Hopefully by then it will, if nothing else, made further headway.
Some of its IT work is simply to get paper forms into a database.
As it's 2023-2031 strategic operating plan noted: "Historically, the IRS designed its tax return pipeline using legacy programming languages to manage stacks of paper arriving at regional service centers. We will change the underlying logic and processing to post transactions to a database – a modern approach that will allow taxpayers and employees to update accounts, send payments and resolve enforcement actions, often via self-service, and to see the changes in near-real time."