Audit prompts Treasury to seek help with ID cards

Audit findings have convinced the Treasury Department to abandon its solo effort to meet a governmentwide identification card mandate and seek the General Services Administration's help.

An 18-page report from the Treasury Inspector General for Tax Administration, released Friday, stated that the Internal Revenue Service's attempts to develop its own system for issuing high tech cards required under Homeland Security Presidential Directive 12 risked wasting money and time.

"We believe the IRS was taking unnecessary risks, not only because its costs are likely to exceed the GSA solution, but because it was taking resources away from tax administration duties," the report stated.

The mandate requires agencies to verify employees' identities and issue cards to all workers with less than 15 years of service by Oct. 27, 2007. A year later, agencies must issue the cards to all employees. Some agencies, such as GSA, have said publicly that while they will not meet the 2007 deadline, they intend to meet the 2008 target.

The audit stated that despite assigning 68 employees and contractors to produce cards, the IRS never got around to purchasing the necessary hardware and software and did not plan to complete the program until September 2010, two years after the 2008 deadline.

IRS officials failed to provide cost projections showing the agency could issue compliant cards at a lower price than GSA, the IG noted.

In response to the report, Daniel Galik, chief of mission assurance and security services for the IRS, said the agency followed the auditors' recommendation and signed up for assistance from GSA on May 18.

The move is good news for GSA, which has struggled to attract larger agencies to use its shared services offerings to meet the ID mandate. Officials hoped that if enough agencies signed up with GSA, the economies of scale would allow GSA to issue to cards at a lower cost.

IRS officials initially believed that they were in a better position than GSA to distribute the cards to Treasury locations around the country, according to the IG report. The officials were concerned that GSA's technology would not be compatible with the IRS' information technology systems. And they were worried that GSA would not be able to produce the large number of cards needed to meet hiring demands during the tax return filing season. Difficulties with the contract for GSA's shared service offering also made IRS wary of signing on, the audit stated.

Despite GSA's plans to have over 225 nationwide stations to enroll employees and issue cards, including 25 mobile stations, IRS officials were concerned about the cost and time for employees traveling to the stations, according to the audit.

GSA had produced 100 cards to help the IRS meet an October 2006 deadline for agencies to issue at least one card to an employee. But the cards contained errors such as incorrect addresses and misspellings, according to the report. This also contributed to the IRS' initial decision to produce the cards on its own, auditors said.

Agencies that are planning to implement the mandate on their own include the Homeland Security, Transportation, Veterans Affairs, Health and Human Services, Education and Labor departments, the Environmental Protection Agency and the Social Security Administration.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.