A recent government report from the Treasury Inspector General for Tax Administration detailed the failings of the IRS’s project to upgrade all of its computers from Windows XP and all servers away from Windows Server 2003. Microsoft decided to end its mainstream support for Windows XP in April of 2009. Two years later, in April of 2011, the IRS announced a project to upgrade its operating systems to Windows 7, but they did not actually begin the process of upgrading workstations until September 2012. Nearly two years later, when Microsoft announced they would discontinue extended support for Windows XP in April of 2014, the IRS had to contract with Microsoft to provide continued support for an additional year past this deadline.
The project cost taxpayers $128 million so far and, TIGTA reported, the IRS was unable to account for the location of approximately 1,300 workstations and had only upgraded about half of its Windows servers from the 2003 software to the 2008 release. The IRS expects to spend an additional $11 million through the end of fiscal year 2015 on the project.
What went wrong? The TIGTA report claims the IRS did not follow established policies over project management and provided inadequate oversight and monitoring of the Windows XP upgrade early on in the project.
Project managers responsible for the upgrade could not confirm the number of missing workstations or outdated computers, citing an inaccurate inventory system.
Whether or not the missing workstations are still somewhere within the IRS’s possession, any workstations running outdated operating systems pose a significant security threat to the IRS and taxpayers. Per TIGTA, “External hackers or malicious insiders need to locate only the one computer with security weaknesses . . . to exploit in order to steal data or further compromise other computers.”
The $139 million projected costs will only bring the agency to an operating system that is already seven years old. Further costs, under a new budget, will be necessary to bring the agency’s workstations and servers into this decade.
By Janet Berry-Johnson, CPA