Audit prompts Treasury to seek help with ID cards

Audit findings have convinced the Treasury Department to abandon its solo effort to meet a governmentwide identification card mandate and seek the General Services Administration's help.

An 18-page report from the Treasury Inspector General for Tax Administration, released Friday, stated that the Internal Revenue Service's attempts to develop its own system for issuing high tech cards required under Homeland Security Presidential Directive 12 risked wasting money and time.

"We believe the IRS was taking unnecessary risks, not only because its costs are likely to exceed the GSA solution, but because it was taking resources away from tax administration duties," the report stated.

The mandate requires agencies to verify employees' identities and issue cards to all workers with less than 15 years of service by Oct. 27, 2007. A year later, agencies must issue the cards to all employees. Some agencies, such as GSA, have said publicly that while they will not meet the 2007 deadline, they intend to meet the 2008 target.

The audit stated that despite assigning 68 employees and contractors to produce cards, the IRS never got around to purchasing the necessary hardware and software and did not plan to complete the program until September 2010, two years after the 2008 deadline.

IRS officials failed to provide cost projections showing the agency could issue compliant cards at a lower price than GSA, the IG noted.

In response to the report, Daniel Galik, chief of mission assurance and security services for the IRS, said the agency followed the auditors' recommendation and signed up for assistance from GSA on May 18.

The move is good news for GSA, which has struggled to attract larger agencies to use its shared services offerings to meet the ID mandate. Officials hoped that if enough agencies signed up with GSA, the economies of scale would allow GSA to issue to cards at a lower cost.

IRS officials initially believed that they were in a better position than GSA to distribute the cards to Treasury locations around the country, according to the IG report. The officials were concerned that GSA's technology would not be compatible with the IRS' information technology systems. And they were worried that GSA would not be able to produce the large number of cards needed to meet hiring demands during the tax return filing season. Difficulties with the contract for GSA's shared service offering also made IRS wary of signing on, the audit stated.

Despite GSA's plans to have over 225 nationwide stations to enroll employees and issue cards, including 25 mobile stations, IRS officials were concerned about the cost and time for employees traveling to the stations, according to the audit.

GSA had produced 100 cards to help the IRS meet an October 2006 deadline for agencies to issue at least one card to an employee. But the cards contained errors such as incorrect addresses and misspellings, according to the report. This also contributed to the IRS' initial decision to produce the cards on its own, auditors said.

Agencies that are planning to implement the mandate on their own include the Homeland Security, Transportation, Veterans Affairs, Health and Human Services, Education and Labor departments, the Environmental Protection Agency and the Social Security Administration.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.