Improved Secure Document Safeguarding and Destruction Procedures Are Needed

View Report

Date Issued

Monday, December 23, 2024

Submitting OIG

Treasury Inspector General for Tax Administration

Agencies Reviewed/Investigated

Internal Revenue Service

Report Number

2025-IE-R005

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 9 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
The Chief, Facilities Management and Security Services, should develop standard operating procedures for sensitive document safeguarding and destruction to ensure uniformity and consistency across all IRS facilities.
3	No	$0	$0
The Chief, Facilities Management and Security Services, should immediately evaluate the 110 facilities not covered under the national or local contracts to ensure that the IRS has sensitive document safeguarding and destruction procedures in place that comply with NIST guidelines.
4	No	$0	$0
The Chief, Facilities Management and Security Services, should ensure that all bins that do not meet requirements are replaced at the Kansas City, Missouri, IRS facility.
5	No	$0	$0
The Chief, Facilities Management and Security Services, should develop processes and procedures to periodically inspect bins to identify damaged and altered bins and work with local subcontractors to replace the bins at all IRS facilities.
6	No	$0	$0
The Chief, Facilities Management and Security Services, should ensure that all bins at every IRS facility are labeled properly to instruct employees to only discard sensitive documents in locked bins solely used for destruction purposes.
9	No	$0	$0
The Chief, Facilities Management and Security Services, should perform annual inspections of all facilities used by subcontractors for sensitive document destruction to ensure compliance with NIST guidelines (e.g., shred, burn, mulch, pulp, or pulverize sensitive documents beyond recognition and reconstruction).
10	No	$0	$0
The Chief, Facilities Management and Security Services, should complete an up-to-date cost-benefit analysis to ensure that there is optimal bin size and number of bins based on the number of employees at all 387 IRS facilities covered under the national contract.
11	No	$0	$0
The Chief, Facilities Management and Security Services, should designate FMSS personnel on-site at each of the IRS facilities whose responsibilities are to verify what is serviced matches to the subcontractor CODs and to ensure that only full bins are retrieved for destruction.
12	No	$0	$0
The Chief, Facilities Management and Security Services, should develop processes and procedures to ensure that only full bins are serviced and scanned and compare invoices to bin scan reports to only pay for those bins scanned.