The Government Accountability Office (GAO) has released a report (PDF) to IRS Commissioner Douglas Shulman regarding the state of the IRS' information security system. In its last audit of the IRS, the GAO identified 115 areas or systems as problematic. The IRS accepted the findings and agreed to remedy the situation. GAO's most recent audit (released this January) notes that the IRS has made progress—49 of the 115 vulnerabilities have been corrected—but must continue to act on the remaining 66. That may not be as bad as it sounds, as there's a certain gray area regarding how many of the 66 recommendations/changes have been partially adopted vs. not adopted at all; the report indicates that a number of the organization's changes are at least partly in place.