IRS Commissioner John Koskinen testifies at a Senate Appropriations Subcommittee hearing on the FY2017 budget for the Treasury Department on Capitol Hill Thomson Reuters

Last month, the Internal Revenue Service got its hands slapped by the agency’s auditor for essentially wasting $12 million on computer software that was incompatible with its system.

When the IRS sought to comply with a directive from the Obama administration to preserve permanent records of all emails by December 2016, they chose a popular cloud-based suite of office applications from Microsoft.

The agency purchased two-years’ worth of email software subscriptions from Microsoft before discovering that its email system was not compatible with Microsoft’s services.

“The purchase was made without first determining project infrastructure needs, integration requirements, business requirements, security and portal bandwidth, and whether the subscriptions were technologically feasible on the IRS enterprise,” the auditors wrote.

Inherent in the criticism was that IRS executives and lawyers are in dire need of remedial training on negotiating and fine-tuning major IT contracts – especially when millions of dollars in taxpayers’ money is on the line.

Irate IRS leaders disagreed with the findings that it wasted money on the subscriptions.“We strongly disagree with the assertion that we wasted taxpayer dollars,” chief information officer S. Gina Garza wrote in response, according to media reports.

Earlier this week, the auditors from the Treasury Department’s Inspector General for Tax Administration were back again with even more alarming news about the agency’s mishandling of large contracts.

An inspector general’s review of $81.3 million worth of information technology contracts awarded by the IRS fell well short of meeting federal acquisition regulations for insuring the security of IRS computer systems and sensitive data.

The IG discovered huge gaps in the contract review process that led to, among other things, lax safeguards against security breaches of sensitive taxpayer data and potentially fraudulent activities by government employees and outsiders.

A general view of the U.S. Internal Revenue Service (IRS) building in Washington Thomson Reuters

“It is critical that the IRS clarify information technology security risks and enforce appropriate controls with its contract review process to ensure compliance with all applicable policy and guidance for information technology contracts,” said J. Russell George, Treasury Inspector General for Tax Administration.

Data security is no small matter at the IRS. Back in February, the agency revealed that hackers used malware the previous month to automatically generate E-file personal identification numbers that could be used to steal tax refunds. The attack involved 464,000 Social Security numbers that had already been stolen, of which 101,000 were used to successfully generate an E-file PIN.

IRS managers agreed with many of the inspector general’s recommendations and promised to toughen its oversight and implementation contracts. But the embattled agency, which has come under steady fire from congressional Republicans for its management and budgeting policies, will have its work cut out for it.

The IG investigation covered only a sliver of the IT contracts that have been let by the IRS in recent years. The inspector general had randomly selected 14 of 6,045 information technology contracts awarded between October 2008 and May 2014, with a total obligation of $3.3 billion. There’s no telling how many of those contracts have similar flaws.