The Internal Revenue Service (IRS) would have been more difficult to breach if the agency had made the updates recommended by the Treasury Department Inspector General's (IG's) office between 2011 and 2014, Russell George, the department's IG testified during a Senate Finance Committee hearing on the IRS breach.
George, whose office conducts annual security audits of the IRS and makes recommendations for improvement, criticized the agency for not addressing all of the flaws his office found. As of March, the IRS has not addressed 44 of the more than 100 recommendations George's office has made. Ten of these outstanding recommendations were made more than three years ago.
George said that he could not give a definitive answer to whether or not any of the recommendations would have prevented the breach but claimed, "It would have been much more difficult had they implemented all of the recommendations.”
IRS Commissioner John Koskinen told the Finance Committee that many of the IG office recommendations didn't apply to the most recent breach and that budget cuts hampered the agency's ability to make the necessary security upgrades. Sen. Tom Carper, D-Del., agreed, saying, "We can't on one hand reprimand the IRS for not better protecting taxpayer's sensitive information, while on the other, we slash their budget."
Others were less sympathetic to Koskinen's claims."Any questions regarding funding levels for the agency should wait until we have a complete understanding about what occurred," said Sen. Orrin Hatch, R-Utah.