Follow-Up Audit on Information Technology System General Internal Controls

 

May 2003

 

Reference Number:  2003-1C-121

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

 

May 29, 2003

 

 

MEMORANDUM FOR DAVID A. GRANT

                                         DIRECTOR OF PROCUREMENT

                                         INTERNAL REVENUE SERVICE

 

FROM:     Daniel R. Devlin /s/ Daniel R. Devlin

                 Assistant Inspector General for Audit (Headquarters Operations and

                 Exempt Organizations Programs)

 

SUBJECT:     Follow-Up Audit on Information Technology System General Internal Controls (Audit #200310002.033)

 

The Defense Contract Audit Agency (DCAA) examined the contractor’s Information Technology (IT) system corrective actions as of May 5, 2003.  The purpose of the examination was to assure that the contractor’s system of IT general controls are adequate to provide costs and data that are reasonable and compliant with applicable laws and regulations.  The examination was also used to evaluate the adequacy of and the contractor’s compliance with the system’s internal control requirements.

 

The DCAA opined that the IT system and related general internal control policies and procedures of the contractor continue, in part, to be inadequate.  The DCAA examination disclosed a significant deficiency in the design or operation of the internal control structure.  According to DCAA, this deficiency could adversely affect the organization’s ability to record, process, summarize, and report contract costs in a manner that is consistent with applicable Government contract laws and regulations.     

 

The DCAA recommends that the contractor’s policies and procedures should contain provisions for the continuation of IT operations in the event of a disaster or failure that renders the IT center inoperable.  The DCAA also recommends that the contractor should have contingency/disaster recovery plans in place for the backup and recovery of IT department services in the event of unanticipated interruptions to IT operations.  Additionally, the DCAA noted that contingency planning can be critical to the resumption of operations in the event of a major hardware or software failure for whatever reason.  The information in this report should not be used for purposes other than that intended without prior consultation with the Treasury Inspector General for Tax Administration regarding its applicability.

 

If you have any questions, please contact me at (202) 622-8500 or John R. Wright, Director at (202) 927-7077.

 

 

Attachment

 

NOTICE:

The Office of Inspector General for Tax Administration has no objection to the release of this report, at the discretion of the contracting officer, to duly authorized representatives of the contractor.

 

The contractor information contained in this report is proprietary information.  The restrictions of 18 USC 1905 must be followed in releasing any information to the public.

 

This report may not be released without the approval of this office, except to an agency requesting the report for use in negotiating or administering a contract with the contractor.

 

The TIGTA seal was removed due to its size.