The Internal Revenue Service’s Federal Financial Management Improvement Act Remediation Plan as of December 31, 2003

 

March 2004

 

Reference Number:  2004-10-080

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

March 30, 2004

 

 

MEMORANDUM FOR CHIEF FINANCIAL OFFICER

 

FROM:     Gordon C. Milbourn III /s/ Gordon C. Milbourn III

                 Acting Deputy Inspector General for Audit

 

SUBJECT:     Final Audit Report - The Internal Revenue Service’s Federal Financial Management Improvement Act Remediation Plan as of December 31, 2003  (Audit # 200410004)

 

This report presents the results of our review of the Internal Revenue Service’s (IRS) Federal Financial Management Improvement Act of 1996 (FFMIA) Remediation Plan as of December 31, 2003.  The overall objective of this review was to identify any instances and reasons for missed intermediate target dates established in the IRS FFMIA remediation plan.  We also evaluated whether the IRS was meeting its responsibilities in fulfilling the intent of the FFMIA.  The review was performed to meet our requirement under the FFMIA that states, in general, each Inspector General shall report to the Congress instances and reasons when an agency has not met the intermediate target dates established in the remediation plan.

In summary, our review of 70 remedial actions open as of December 31, 2003, showed 4 intermediate target dates were missed, 36 dates were extended, and 2 dates were not established.  We believe the missed, extended, or not established intermediate target dates further hinder the IRS’ ability to timely resolve the reported issues which caused, and continue to cause, its noncompliance with the FFMIA.

Also, all 70 remedial actions had intermediate target dates that extend longer than 3 years from the initial reporting of the financial weakness.  As a result and as required, the IRS, through the Department of the Treasury, properly obtained Office of Management and Budget (OMB) concurrence for these remedial actions and continues to hold quarterly status review sessions with the OMB on the progress being made as outlined in the concurrence memorandum.

Our analysis of individual project resources listed in the December 31, 2003, remediation plan showed that, for the most part, project resources were verifiable to supporting documentation; however, not all project releases had resources listed, and some project costs had not been updated to reflect current cost information.  Further, one resource discrepancy identified in our prior audit had not been updated.  Based on these conditions, we believe the IRS is facing a significant challenge pertaining to remediation plan resource identification and reporting because of the delays and revisions to the plans of the individual financial management projects that are listed in the remediation plan.  Without having fully planned project milestones, the IRS will be unable to accurately and consistently estimate the resource needs for specific remedial actions as listed in its remediation plan.

Finally, and notwithstanding the one resource reporting discrepancy outlined above, we believe the IRS implemented sufficient corrective actions to ensure resources are supported and consistently reported in its remediation plans.

We do not have any specific remediation plan recommendations to offer as a result of our analysis during this audit.  However, we do believe the IRS, in fulfilling its responsibilities under the FFMIA, needs to actively address, and continue to communicate to the OMB and the Department of the Treasury, the challenges it faces concerning the establishment of accurate and consistent intermediate target dates and resource estimates in light of the uncertainty of the implementation environment of certain significant IRS financial management projects.

Management’s Response:  Management agreed with the reported conditions and will communicate and work closely with the OMB and the Department of the Treasury as they work toward establishing accurate and consistent intermediate target dates and resource estimates.  Management’s complete response to the draft report is included as Appendix V.

Copies of this report are also being sent to the IRS managers who are affected by the report findings.  Please contact me at (202) 622-6510 if you have questions or Daniel R. Devlin, Assistant Inspector General for Audit (Headquarters Operations and Exempt Organizations Programs), at (202) 622-8500.

 

Table of Contents

Background

Intermediate Target Dates Were Missed, Extended, or Not Established

Office of Management and Budget Concurrence Was Received for Target Dates Extending Longer Than 3 Years

Listed Remediation Plan Resources Were Verifiable to Supporting Documentation, but Not All Resources Were Listed

Corrective Action Was Taken on a Prior Audit Recommendation

Appendix I – Detailed Objectives, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Financial Management Remedial Action Projects

Appendix V – Management’s Response to the Draft Report

 

Background

The Federal Financial Management Improvement Act of 1996 (FFMIA) establishes in statute certain financial management systems requirements that were already established by Executive Branch policies.  The FFMIA was intended to advance Federal Government financial management by ensuring that Federal management systems can and do provide reliable, consistent disclosure of financial data.  Further, this disclosure should be done on a basis that is uniform across the Federal Government from year to year, by consistently using professionally accepted accounting standards.  Specifically, FFMIA § 803 (a) requires each agency to implement and maintain systems that comply substantially with:

·        Federal Government financial management system requirements.

·        Applicable Federal Government accounting standards.

·        The Government Standard General Ledger at the transaction level.

Auditors are required to report on agency compliance with the three stated requirements as part of financial statement audit reports.  Agency heads are required to determine, based on the audit report and other information, whether their financial management systems comply with the FFMIA.  If the agency’s financial system does not comply, the agency is required to develop remediation plans that describe the resources, remedies, and intermediate target dates for achieving compliance and file the plans with the Office of Management and Budget (OMB).

In addition, FFMIA § 804 (b) requires that agency Inspectors General report to the Congress instances and reasons when an agency has not met the intermediate target dates established in its remediation plan.

In the last several years, the General Accounting Office (GAO) has reported numerous financial management weaknesses in its audits of the Internal Revenue Service’s (IRS) annual financial statements and related assessments of internal control.  Due to these weaknesses, the IRS is noncompliant with the FFMIA and is required to prepare a remediation plan.

This review was performed during the period December 2003 through February 2004 at the IRS National Headquarters in the office of the Chief Financial Officer (CFO), which is responsible for monitoring and implementing the remediation plan.  The audit was conducted in accordance with Government Auditing Standards.  Detailed information on our objectives, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

Intermediate Target Dates Were Missed, Extended, or Not Established

During Calendar Year (CY) 2003, the IRS reported it cancelled 2 and added 10 remedial actions to the 104 open remedial actions listed in its December 31, 2002, remediation plan.  The two cancelled remedial actions were eliminated from the remediation plan because they did not have a significant impact on the resolution of the associated financial weakness and were considered an internal workload issue of routing work to one central location.  The 10 added remedial actions mainly dealt with the IRS’ trust fund recovery efforts.

As a result of its Fiscal Year (FY) 2003 financial statement audit, the GAO did not report any additional recommendations that would have required inclusion in the IRS’ remediation plan.

Also during CY 2003, the IRS reported it completed 42 remedial actions, leaving 70 open remedial actions listed in its December 31, 2003, remediation plan.  The IRS has initiated five significant financial management projects to facilitate the completion of these open remedial actions:

·        The Integrated Financial System (IFS) – 22 remedial actions.

·        The Custodial Accounting Project (CAP) – 34 remedial actions.

·        The Automated Trust Fund Recovery (ATFR) System – 8 remedial actions.

·        The Complex Interest Quality Measurement System (CIQMS) – 4 remedial actions.

·        Security – 2 remedial actions.

See Appendix IV for a detailed description of each project.

Our detailed review of the 70 remedial actions open as of December 31, 2003, showed 4 intermediate target dates were missed, 36 dates were extended, and 2 dates were not established. 

Missed intermediate target dates

The IRS did not meet four established intermediate target dates listed in its remediation plan during the fourth quarter of CY 2003.  All four intermediate target dates related to CAP Release 1 implementation. Specifically, these dates involved the completion of system development testing, completion of acceptance testing, and preparation and completion of system deployment.

Extended intermediate target dates

The IRS extended 36 of the 70 open remedial action intermediate target dates listed in its December 31, 2003, remediation plan since initial reporting.  Chart 1 depicts the extensions by the IRS’ five major financial management projects.

Chart 1:  Open Remedial Action Extensions Since Initial Reporting

Major Project

Open Actions

Extended Actions

Extension Frequency (times)

Extension Range (months)

Extension Average (months)

IFS

22

20

1 to 4

2 to 37

9

CAP

34

8

1 to 4

3 to 18

8

ATFR

8

2

1 to 5

1 to 27

14

CIQMS

4

4

3 to 8

17 to 49

33

Security

2

2

1 to 2

3 to 5

4

Total

70

36

N/A

N/A

N/A

Source:  IRS FFMIA Remediation Plans from December 1999 to December 2003.

The IRS reported in its remediation plan that current extensions of intermediate target dates were necessary due to the following:

·        IFS – Data mapping and mid-year system conversion issues affecting data conversion and delays in system integration and acceptance testing.

·        CAP – Development of a new implementation strategy and revision of the plan to focus on specific releases, which will address statutory financial reporting requirements.

·        ATFR – System response time issues affecting the timely completion of the pilot phase.

·        CIQMS – System incorporation with other IRS quality measurement systems and staffing issues that are affecting the hiring of personnel.

·        Security – Delays in the completion of independent verification of completed actions.

The IRS also commented in its December 31, 2003, remediation plan that it is planning to submit a request to cancel all 15 IFS Release 2, 3, and 4 remedial actions and all 27 CAP Release 2 and 3 remedial actions (see Appendix IV for Release details).  According to the remediation plan, this action is being taken because both projects are significantly behind schedule for their respective individual first release implementations.  The cancelled remedial actions would be replaced by a placeholder action to develop a new plan for these future Releases upon successful completion of each project’s Release 1 remedial actions and the final resolution of funding issues.  In addition, the plans to implement the remaining seven IFS and seven CAP Release 1 remedial actions are being revised, which will further extend the target dates for the final implementation of these two significant financial management projects.

Intermediate target dates not established

The IRS established intermediate target dates for 68 of the 70 open remedial actions listed in its December 31, 2003, remediation plan.  The first remedial action without an established intermediate target date concerns the testing of the IFS core functionality.  The IRS reported this action is experiencing delays in software design and configuration issues that have affected the establishment of a target date.

The second remedial action without an established intermediate target date concerns future IFS enhancements.  The IRS reported this action is being reevaluated to identify the benefits that will be achieved through its implementation, as well as the sequencing of interim actions to accomplish the overall remedial action.  However, it should be noted this second remedial action has no associated audit finding and was established as a placeholder in the remediation plan for a future release of the IFS.

The GAO, as a result of its FY 2003 financial statement audit, continued to report that material weaknesses exist relative to the IRS’ controls over financial reporting, unpaid assessments, Federal tax revenue and refunds, and computer security.  The GAO further reported these material weaknesses have given rise to significant management challenges that have:

·        Impaired management’s ability to prepare financial statements and other financial information without extensive compensating procedures.

·        Limited the availability of reliable information to assist management in effectively managing operations on an ongoing basis.

·        Reduced the IRS’ effectiveness in enforcing the Internal Revenue Code.

·        Resulted in errors in taxpayer accounts.

·        Increased taxpayer burden.

We believe the missed, extended, or not established intermediate target dates further hinder the IRS’ ability to timely resolve the reported issues which caused, and continue to cause, its noncompliance with the FFMIA.

Office of Management and Budget Concurrence Was Received for Target Dates Extending Longer Than 3 Years

The FFMIA requires that a remediation plan bring an agency’s financial management systems into substantial compliance no later than 3 years after the date a determination is made that the financial management systems do not comply with the requirements of the FFMIA unless the agency, with concurrence of the Director, OMB:

·        Determines the agency’s financial management systems cannot comply with the requirements within 3 years.

·        Specifies the most feasible date to bring the agency’s financial management systems into compliance with the requirements.

·        Designates an agency official who shall be responsible for bringing the agency’s financial management systems into compliance with the requirements.

All 70 open remedial actions listed in the December 31, 2003, remediation plan had intermediate target dates that extend longer than 3 years from the initial reporting of the financial weakness.

On March 30, 2001, the Department of the Treasury obtained OMB concurrence for time extensions relating to the IRS’ remedial actions in excess of 3 years from the initial reporting of the financial weakness.  As part of the concurrence memorandum, quarterly status review sessions on the progress being made to complete the identified remedial actions have been held with the OMB when requested.

Listed Remediation Plan Resources Were Verifiable to Supporting Documentation, but Not All Resources Were Listed

The FFMIA requires that a remediation plan describe the resources required to achieve compliance with the FFMIA. The IRS chose to identify resources by the five major financial management projects or applicable project releases listed in its remediation plan.  Our analysis of the individual project resources listed in the December 31, 2003, remediation plan showed that, for the most part, project resources were verifiable to supporting documentation; however, not all project releases had resources listed, and some project costs had not been updated to reflect current cost information.

We verified the IFS Release 1 resources to the IRS’ draft Business System Modernization (BSM) Expenditure Plan as of December 2003.  Resources for the IFS Releases 2 through 4 were not identified in the remediation plan because of financial revisions to the project plan.

Responsible CFO personnel informed us the resources listed in the December 31, 2003, remediation plan for the CAP had not been updated since the issuance of the June 30, 2003, remediation plan even though the BSM Expenditure Plan was known to contain differing amounts.  This decision was made within the CFO’s office because the CAP was going through a significant revision of the plan and it was determined to be better to wait for the finalized amounts rather than to list amounts in the remediation plan that most likely would change.  We did perform a verification of the resources listed in the December 31, 2003, remediation plan to those exhibited in an IRS July 2003 BSM Expenditure Plan and found them verifiable, except for a $1,126,000 difference that had not been updated since our prior report due to an administrative oversight.

For the ATFR project, we were able to verify the listed resources to the IRS’ ATFR Business Case dated January 2003. However, for the CIQMS project, we were unable to perform a verification, since no resources were listed in the December 31, 2003, remediation plan due to staffing levels being reevaluated for this project.  Finally, no verification was necessary for the Security project, since the resources for this project will be absorbed by normal business practices.

Due to the above conditions, we believe the IRS is facing a significant challenge pertaining to remediation plan resource identification and reporting because of the delays and revisions to the plans of the individual financial management projects that are listed in the remediation plan.  Without having fully planned project milestones, the IRS will be unable to accurately and consistently estimate the resource needs for specific remedial actions as listed in its remediation plan.

Corrective Action Was Taken on a Prior Audit Recommendation

We previously reported that some resources included in the December 31, 2002, remediation plan were not verifiable to supporting documentation and functional areas were not consistently reporting resources shown in the remediation plan.  Accordingly, we recommended procedures be issued that include a process for verifying the resources included in the IRS’ FFMIA remediation plan and that provide for consistent reporting of such resources by the responsible functions.

IRS management agreed with our reported recommendation and responded they had enhanced and approved reporting procedures to address the resource issues.  Further, management stated the IRS would include the enhanced reporting instructions for resources with its March 14, 2003, remediation plan quarterly call memorandum.

We confirmed that the CFO’s Office of Management Controls (OMC) issued revised reporting procedures on March 14, 2003.  The procedures required responsible officials to forward supporting documentation to verify all resources being reported in the remediation plan.  Further, we evidenced the OMC’s receipt of supporting documentation when responsible officials respond to the quarterly updates to the remediation plan.

Notwithstanding the one resource reporting discrepancy discussed in the prior section, we believe the IRS implemented sufficient corrective actions to ensure resources are supported and consistently reported in its remediation plans.

We do not have any specific remediation plan recommendations to offer as a result of our analysis performed during this audit. However, we do believe the IRS, in fulfilling its responsibilities under the FFMIA, needs to actively address, and continue to communicate to the OMB and the Department of the Treasury, the challenges it faces concerning the establishment of accurate and consistent intermediate target dates and resource estimates in light of the uncertainty of the implementation environment of both the IFS and the CAP financial management projects.

 

Appendix I

 

Detailed Objectives, Scope, and Methodology

 

Our overall objective was to report to the Congress, as required by the Federal Financial Management Improvement Act of 1996 (FFMIA), any instances and reasons for missed intermediate target dates established in the Internal Revenue Service’s (IRS) remediation plan.  We also evaluated whether the IRS was meeting its responsibilities in fulfilling the intent of the FFMIA.  To accomplish our objectives, we:

I.                    Gained an understanding of the requirements of the FFMIA, including the Office of Management and Budget and Department of the Treasury guidance for compliance with the FFMIA.

II.         Determined whether the IRS’ remediation plan was consistent with General Accounting Office recommendations from prior IRS financial audits and related financial management reports.

III.       Determined whether the IRS missed any intermediate target dates, extended any intermediate target dates without sufficient documentation to support the revised dates, and obtained proper approval for remedial actions extending longer than 3 years from the initial reporting of the financial weakness.

IV.       Determined whether the IRS’ remediation plan established resource needs for remedial actions and the resources presented were consistent with other IRS modernization resource budgets.

V.                 Determined whether the IRS took adequate corrective actions on prior reported audit findings.

 

Appendix II

 

Major Contributors to This Report

 

Daniel R. Devlin, Assistant Inspector General for Audit (Headquarters Operations and Exempt Organizations Programs)

John R. Wright, Director

Thomas J. Brunetto, Audit Manager

Bobbie M. Draudt, Senior Auditor

Chinita M. Coates, Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Office of Management Controls  OS:CFO:AR:M

Chief Counsel  CC

National Taxpayer Advocate TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis RAS:O

Audit Liaison:  Chief Financial Officer  OS:CFO

 

Appendix IV

 

Financial Management Remedial Action Projects

 

The Internal Revenue Service (IRS) has initiated five significant financial management remedial action projects in response to the various General Accounting Office-identified Federal Financial Management Improvement Act of 1996 material weaknesses. The IRS describes the functionality of these projects in its remediation plan as follows:

The Integrated Financial System (IFS) This project, when fully implemented over four releases, will provide the IRS with an integrated accounting system to account for and control resources. IFS Release 1 includes the Joint Financial Management Improvement Program (JFMIP) core financial system requirements of General Ledger, Accounts Receivable, Accounts Payable, Funds and Cost Management, and Financial Reporting, as well as Budget Formulation. This Release will also facilitate the preparation of financial statements and reports in accordance with Federal Government accounting and reporting standards; allow the IRS to move into compliance with Federal Government cost accounting standards; provide information for central agencies for budgeting, analysis, and Government-wide reporting, including consolidated financial statements; and provide a complete audit trail and reporting tools to facilitate audits.  IFS Release 2 will focus on Asset Management and a software technical and functional upgrade.  IFS Release 3 includes the planned implementation of Procurement Management. IFS Release 4 includes the planned implementation of Performance Management.  In addition, the IFS is planned to incorporate the functionality to generate timely and reliable financial information for custodial activities with full traceability from the financial statement to the detailed transaction.

The Custodial Accounting Project (CAP) This project has been revised to focus on specific releases which will address statutory financial reporting requirements and may initially benefit operating divisions to a limited extent.  It will implement a single, integrated data repository of taxpayer account information, integrated with the general ledger and accessible for management analysis and reporting. The total functionality of the CAP will be implemented in three releases.  CAP Release 1 relates to data of individual taxpayers, CAP Release 2 relates to business taxpayers, and CAP Release 3 relates to the establishment of the Collection subledger.

The Automated Trust Fund Recovery (ATFR) System – This project provides the capability to systematically upload assessments from Area Offices and properly cross-reference payments received for assessments made.  It replaces manual processes and ensures compliance with requirements and accounting standards.  The ATFR Phase I will automate the calculation of the penalties and assessment process, Phase II will automate the cross-referencing process, and Phase III will centralize all recovery cases into one compliance center.

The Complex Interest Quality Measurement System – This project initiates a review process to reduce errors in calculating interest, develops a database to monitor and measure accuracy, and implements a software package to provide functionality and automate net rate interest adjustments as well as all other necessary interest computations.

Security – This project addresses internal control deficiencies cited in various audits; initiates efforts to expand deterrent controls implemented at campuses, field offices, and post-of-duty offices to ensure uniformity and consistency; develops appropriate means through which the IRS can carry out periodic reviews of the effectiveness of policies and procedures, along with the means to address security breaches; updates access control standards to reflect changes in technology and operating environments; provides computer security training to personnel; and conducts computer security self-assessment reviews that identify and reduce vulnerabilities on a proactive basis.

 

Appendix V

 

Management’s Response to the Draft Report

 

The response was removed due to its size.  To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.