Follow-Up Audit on Information Technology System General Internal Controls
Reference Number:† 2003-1C-121
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
May 29, 2003
MEMORANDUM FOR DAVID A. GRANT
†††††††††††††††††††††††††††††††††††††††† DIRECTOR OF PROCUREMENT
†††††††††††††††††††††††††††††††††††††††† INTERNAL REVENUE SERVICE
FROM:†††† Daniel R. Devlin /s/ Daniel R. Devlin
†††††††††††††††† Assistant Inspector General for Audit (Headquarters Operations and
†††††††††††††††† Exempt Organizations Programs)
SUBJECT:†††† Follow-Up Audit on Information Technology System General Internal Controls (Audit #200310002.033)
The Defense Contract Audit Agency (DCAA) examined the contractorís Information Technology (IT) system corrective actions as of May 5, 2003.† The purpose of the examination was to assure that the contractorís system of IT general controls are adequate to provide costs and data that are reasonable and compliant with applicable laws and regulations.† The examination was also used to evaluate the adequacy of and the contractorís compliance with the systemís internal control requirements.
The DCAA opined that the IT system and related general internal control policies and procedures of the contractor continue, in part, to be inadequate.† The DCAA examination disclosed a significant deficiency in the design or operation of the internal control structure.† According to DCAA, this deficiency could adversely affect the organizationís ability to record, process, summarize, and report contract costs in a manner that is consistent with applicable Government contract laws and regulations.†† ††
The DCAA recommends that the contractorís policies and procedures should contain provisions for the continuation of IT operations in the event of a disaster or failure that renders the IT center inoperable.† The DCAA also recommends that the contractor should have contingency/disaster recovery plans in place for the backup and recovery of IT department services in the event of unanticipated interruptions to IT operations. †Additionally, the DCAA noted that contingency planning can be critical to the resumption of operations in the event of a major hardware or software failure for whatever reason. †The information in this report should not be used for purposes other than that intended without prior consultation with the Treasury Inspector General for Tax Administration regarding its applicability.
If you have any questions, please contact me at (202) 622-8500 or John R. Wright, Director at (202) 927-7077.
The Office of Inspector General for Tax Administration has no objection to the release of this report, at the discretion of the contracting officer, to duly authorized representatives of the contractor.
The contractor information contained in this report is proprietary information.† The restrictions of 18 USC 1905 must be followed in releasing any information to the public.
This report may not be released without the approval of this office, except to an agency requesting the report for use in negotiating or administering a contract with the contractor.
The TIGTA seal was removed due to its size.