Reviews to Determine Architectural Compliance of Information Technology Acquisitions Need to Be Consistently Performed and Documented

 

November 2003

 

Reference Number:  2004-20-017

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

November 28, 2003

 

 

MEMORANDUM FOR DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT

 

FROM:     Gordon C. Milbourn III /s/ Gordon C. Milbourn III

                 Acting Deputy Inspector General for Audit

 

SUBJECT:     Final Audit Report - Reviews to Determine Architectural Compliance of Information Technology Acquisitions Need to Be Consistently Performed and Documented  (Audit # 200320014)

 

This report presents the results of our review of the compliance of hardware and software procurements for non-Business Systems Modernization (non-BSM) systems with the Enterprise Architecture (EA).  Our review evaluated selected Tier I (e.g., mainframe), Tier II (e.g., mid-range), and Tier III (e.g., end-user computers) procurement requisitions for compliance with the IRS’ EA. 

In summary, the IRS has issued interim procedures to promote compliance with its EA.  These procedures require that the respective Tier Owners within the Modernization and Information Technology Services organization perform a Tier Review to ensure that acquisition requests comply with the IRS’ EA.  However, the procedures called for in IRS policy guidance are not consistently being followed and, as a result, potentially limit the IRS’ ability to ensure that the hardware and software purchases are consistent with its current and projected EA.  The IRS uses the Request Tracking System (RTS) to initiate procurement requisitions and document Tier Reviews.  Of the 651 procurement requisitions we reviewed on the RTS, 233 showed no indication of a Tier Review. 

Within these 233 requisitions, we identified 92 procurements totaling $1.1 million that were indicated on the RTS as being Ad Hoc requisitions.  None of the Ad Hoc requisitions had an indication of a Tier Review, and some of these requisitions explicitly indicated that a Tier Review was not required.  However, we were unable to obtain written procedures that indicated Ad Hoc requisitions were exempt from the Tier Review process.  Having an Ad Hoc process that bypasses a Tier Review increases the risk of purchasing equipment that is not compliant with the IRS’ EA. 

In our review of a judgmental sample of hardcopy files for 54 of the 651 procurement requisitions, 42 of the 54 sampled items showed no evidence that a Tier Review was performed.  Since there was no evidence of a Tier Review being performed on these 42 purchases totaling $30.6 million, the IRS increases the risk of obtaining incompatible information technology (IT) hardware and software that could necessitate additional purchases to provide EA compliance and increases the potential for inefficient use of resources. 

Furthermore, hardcopy requisition files did not always provide evidence to corroborate RTS data of a Tier Review.  In many instances, we were unable to validate whether IT purchases were compliant.  These conditions occurred because Tier Owners did not have complete lists of approved products readily available to facilitate Tier Reviews.  In addition, we noted that some IRS personnel were unfamiliar with IRS policy and procedures to appropriately document Tier Reviews and ensure that designated personnel conduct the Tier Reviews. 

We recommended that the Chief Information Officer (CIO) ensure Tier Reviews are performed, documented, and periodically reviewed for compliance with required procedures.  We also recommended that the CIO ensure Tier Owners develop complete and readily available approved products lists to assist in the completion of Tier Reviews to be performed on all non-BSM IT procurement requisitions.

Management’s Response:  IRS management agreed with the recommendations presented.  The Enterprise Operations organization has measures in place that will ensure all requisitions are reviewed for completeness and are in compliance with the IRS’ EA, Delegation Order Number 28, and are Section 508 compliant.  Requisitions will not be forwarded for approval until all reviews (to include Tier I and II acquisitions) are conducted.  The Enterprise Operations organization has issued guidelines requiring that complete products lists for Tier I and Tier II acquisitions accompany the requisition.  These lists will be available during Tier I and Tier II Reviews and will become a part of the acquisition file documentation. 

The End User Equipment and Services (EUES) organization will develop and implement a procedure ensuring that Tier reviews for Tier III hardware and software purchases are conducted, documented, and periodically reviewed for compliance with required procedures for all non-BSM IT acquisitions.  The procedure will be coordinated with the Procurement organization to ensure purchases are not made without receiving Tier III approval.  The EUES organization has established a product list for customer review for Tier III acquisitions.  Efforts are being put in place to make it readily available for customer review.  The list will be made available during Tier III Reviews and will become a part of the acquisition file documentation.

The Enterprise Networks organization adheres to policy and procedures as listed in Delegation Order Number 28 and Internal Revenue Manual 2.21.  It has developed an additional set of procedures for internal use to ensure that the appropriate reviews and approvals for Tier IV acquisitions are achieved.  As a standard procedure, it will continue to review all Tier IV requisitions for compliance prior to approval.  The Enterprise Network organization’s procurements are mostly governed by centralized contracts that have specific products and services approved for compliance with the EA.  Management officials and reviewers of Tier IV procurements approve only those products and services that are compliant through the specific contract.  Management’s complete response to the draft report is included as Appendix V. 

Copies of this report are also being sent to the IRS managers who are affected by the report recommendations.  Please contact me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at (202) 622-8510. 

 

Table of Contents

Background

The Internal Revenue Service Has Limited Assurance That Non-Business Systems Modernization Information Technology Procurements Are in Compliance With the Projected Enterprise Architecture

Recommendation 1:

Recommendation 2:

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measures

Appendix V – Management’s Response to the Draft Report

 

Background

One of the major strategies contained in the Fiscal Year (FY) 2000-2005 Internal Revenue Service (IRS) Strategic Plan is to improve property stewardship and asset management compliance with the IRS’ Enterprise Architecture (EA).  The EA defines the IRS’ target business practices, the systems that enable these practices, and the technology that will support the EA.  It also serves as a guide to the IRS’ Modernization Program and investment decisions.

In November 2001, the IRS Chief Information Officer (CIO) issued Delegation Order Number 28, which became effective in February 2002.  This Delegation Order stated that the Modernization, Information Technology, and Security Services executives have been delegated signature authority and ultimate responsibility for approving information technology (IT) goods and services.  Since this Delegation Order was issued, over $566 million in procurements have been made using this delegated signature authority.  This includes IT hardware and software procurements for non-Business Systems Modernization (BSM) Tier I (e.g., mainframe), Tier II (e.g., mid-range), and Tier III (e.g., end-user computers) systems. 

Audit work was conducted in the Modernization, Information Technology, and Security Services organization at IRS Headquarters in New Carrollton, Maryland, from May to July 2003.   Subsequent to our field work the Modernization, Information Technology, and Security Services organization was reorganized and renamed the Modernization and Information Technology Services (MITS) organization.  The audit was conducted in accordance with Government Auditing Standards.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II. 

The Internal Revenue Service Has Limited Assurance That Non-Business Systems Modernization Information Technology Procurements Are in Compliance With the Projected Enterprise Architecture

The Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, dated November 28, 2000, requires agencies to use or create an EA.  Furthermore, the head of each Federal agency is required to effectively and efficiently manage agency information and IT, and develop policies and procedures that provide for timely acquisition of required IT.  The agency’s capital planning and investment control process must build from the agency’s current EA and its transition from current architecture to target architecture.  Guidance derived from OMB Circular A-11, Planning, Budgeting, Acquisition, and Management of Capital Assets, dated June 2002, further indicates that Federal agency managers and staff involved in IT planning and investment decision making assess IT initiatives in terms of their costs, risks, and expected returns. 

The IRS’ Interim Internal Revenue Manual (IRM) 2.21, Part 1 of the Acquisition Life Cycle:  MITS Responsibilities, issued November 14, 2001, and effective February 4, 2002, states that executives with signature authority are fully responsible for each requisition they approve, regardless of the cost.  The Acquisition Life Cycle describes the cradle-to-grave processes surrounding an acquisition, beginning with identifying a business requirement, refining the business requirement into a technical requirement, obtaining all reviews and concurrences necessary to prepare a requisition, procuring the acquisition, and managing the work related to maintaining and supporting an acquisition, such as upgrades. 

The interim procedures further state that Ad Hoc requests for Tier III hardware should be transferred to the Tier III Point of Contact to ensure completion of all certifications and reviews.  This guidance mandates the use of a Requisition Summary to ensure that all necessary reviews (i.e., Tier Review, Impact Assessment, Security Review) are conducted before approving IT requisitions.  The Requisition Summary summarizes the status of all reviews and concurrences to give the Management Approver, with signature authority under Delegation Order Number 28, assurance that the requisition is complete and accurate. 

Finally, the procedures mandated that the Requisition Summary is to be included as an electronic attachment in the IRS’ Request Tracking System (RTS).  The RTS provides functions throughout the acquisition process that include creation, routing, and approval of requisitions for goods and services; electronic receipt and acceptance; and enhanced document attachment capability.  All procurement requisitions using budget funds from FY 1999 and later should be entered in the RTS.

Interim IRS procedures state that a Tier Review is to be performed for each IT requisition to assure it complies with the IRS’ EA requirements.  Additionally, documentation related to all reviewed and approved requisitions should be maintained in the originating office and available for comparison against the Requisition Summary under the Compliance Review process conducted by the Office of Technical Contract Management in the IRS Office of Procurement at the direction of the MITS organization. 

As indicated above, the interim version of the procedures governing the IRS’ IT requisition process has been in effect since February 4, 2002.  These procedures were scheduled for dissemination in September 2003 for enterprise-wide review and comment.  In addition, the Office of Technical Contract Management made several recommendations addressing the process of IT requisitions in a prior in-house review.  For example, the review made recommendations that included clarification of the authority of individuals within the MITS organization to approve IT requisitions.  However, key personnel assigned to oversee implementation of the in-house review’s recommendations left the IRS, and no one was designated to continue this effort.  As explained below, our review of IT procurement requisitions indicated that Tier Reviews were not always being performed and documented to ensure compliance with the EA. 

Tier Reviews of IT acquisitions were not consistently reflected on the RTS as required

Between February 4, 2002, and May 21, 2003, the IRS processed 651 requisitions totaling approximately $219 million for IT hardware and software items relating to Tier I, Tier II, and Tier III purchases.  Review of the procurement request documentation on the RTS indicated that 233 requisitions (36 percent), totaling $24.1 million, of the 651 requisitions had not been subjected to the required Tier Review, as shown in Table 1. 

Table 1:  Requisitions Reviewed on the RTS

Requisition Type

Tier Review

Est. Funds (millions)

No Tier Review

Est. Funds (millions)

Tier I & II Hardware

69

$40.7

16

$4.7

Tier I & II Software

48

$50.0

9

$6.3

Tier III Hardware

155

$50.1

83

$3.3

Tier III Software

146

$53.9

33

$8.7

Subtotals

418

$194.7

141

$23.0

Tier III Ad Hoc

0

$0.0

92

$1.1

Grand Totals

418

$194.7

233

$24.1

Source:  The IRS’ RTS data from February 4, 2002, to May 21, 2003.

For 141 of the 233 requisitions, no justification was provided on the RTS for not performing a Tier Review.  The 141 requisitions accounted for $23 million.  This indicates that, in the case of all three Tiers we reviewed, personnel were not consistently following established procedures to document the required Tier Reviews because there was no clear accountability for ensuring that IRS personnel strictly adhere to the procedures. 

The remaining 92 of the 233 requisitions were identified on the RTS as Ad Hoc requests and accounted for $1.1 million.  None of the Ad Hoc requisitions on the RTS had an indication of a Tier Review, and some of these requisitions explicitly indicated that a Tier Review was not required.  However, we were unable to obtain written procedures that indicated Ad Hoc requisitions were exempt from the Tier Review process.  Having a process that bypasses a Tier Review increases the risk of purchasing equipment that is not compliant with the IRS’ EA. 

We also found that the Tier Owners (Tiers I, II, and III) were not consistent in preparing a Requisition Summary on the RTS.  For example, Tier personnel did not always enter a Requisition Summary into the RTS.  This indicates that the process of uploading the electronic copy of the Requisition Summary is not consistently followed across the Tiers. 

Hardcopy requisition file documentation did not always contain evidence that a Tier Review had been conducted

We requested the original requisition files for a judgmental sample of 238 of the 651 requisitions so we could review the documentation supporting the required Tier Review.  Since the files are located in various geographical offices, we agreed to reduce our sample, at IRS management’s request, to 54 requisition files, consisting of 25 that the RTS indicated as having a Tier Review and 29 indicated as not having a Tier Review.  As shown in Table 2, we were able to obtain the requisition files for only 47 of the 54 requisitions.  Of the 54 files, 42 contained no evidence that a Tier Review had been conducted, including 16 where the RTS showed a review had been conducted. 

Table 2:  Sample of Requisition Files Reviewed

Category

Population per the RTS

 Requisition File Request Results

Results of Review for Evidence of Tier Review

Sample Size

File Received

File Not Received

No Evidence

Evidence

Other

No Tier Review

233

29

23

6

26

2

1

Tier Review

418

25

24

1

16

8

1

Totals

651

54

47

7

42

10

2

Source:  The IRS’ requisition files.

As shown in Table 2, our review of supporting requisition file documentation showed that 26 of the 29 requisition files corroborated the RTS data showing no evidence of a Tier Review.  These 26 requisitions accounted for $16.1 million.

Additionally, only 8 of the 25 requisition files could corroborate the RTS data of a Tier Review having been performed.  For 16 of the 25 RTS requisitions reflected as having been Tier Reviewed on the RTS, no corroborating evidence was found in the requisition files that a Tier Review had been performed.  These 16 requisitions accounted for $14.5 million. 

In the case of all three Tiers, the required reviews were not documented as performed or conducted at all because personnel were not formally designated to ensure Tier Review procedures were strictly followed.  Furthermore, Tier personnel were not consistent in maintaining electronic or paper requisition documentation supporting the performance of the required Tier Review.  Procurement personnel indicated that contracting officers are not responsible for maintaining requisition file documentation in the official contract file, which necessitated contacting the originating office contacts listed on the RTS to obtain original requisition files.  As a result, Tier representatives were required to spend excessive time during our review attempting to verify performance of Tier Reviews on the IRS’ RTS and in locating supporting documentation.  Without consistent and complete Tier Reviews to ensure development of adequate originating office requisition file documentation (electronic or hardcopy), the IRS has limited assurance that its IT purchases comply with the EA. 

Complete lists of approved products were not readily available for use to validate and facilitate Tier Reviews

Interim IRS procedures require Tier Owners to use a Tier Review to verify that hardware and software acquisitions comply with approved products lists that are developed based on EA requirements.  Approved products lists serve as reference guides for the Tier Owner or designated approver to consult before giving approval to hardware and/or software requisitions. 

From the RTS and the requisition file documentation provided by the IRS, we attempted to determine whether our sampled requisitions were compliant with the EA.  However, we were unable to determine compliance with the EA because approved products lists for hardware and/or software purchases were either not complete or were not readily accessible by Tier representatives for use in verifying compliance of hardware and software acquisitions. 

For example, we noted that Tier Review and approval personnel for Tier III were unable to use approved products lists for hardware and software requisitions because the lists had not been developed or made readily available for use.  Without developed and accessible approved products lists for each Tier, acquisition approvals by Tier Owners would require extensive time to determine compliance for almost every procurement requisition. 

By not consistently implementing established procedures and using prescribed tools (i.e., the Requisition Summary and approved products lists) to perform these reviews, the IRS has increased its risk of obtaining incompatible IT hardware and software that could necessitate additional purchases to provide EA compliance.  Based on our work, the IRS has made over $31 million in purchases that may not be compliant and that represent a potential inefficient use of its resources (see Appendix IV). 

Recommendations

The CIO should ensure that:

1.      Tier Reviews are conducted, documented, and periodically reviewed for compliance with required procedures for all non-BSM IT acquisitions across all Tiers, including Telecommunications. 

Management’s Response:  The Enterprise Operations organization has measures in place that will ensure all requisitions are reviewed for completeness and are in compliance with the IRS’ EA, Delegation Order Number 28, and are Section 508 compliant.  Requisitions will not be forwarded for approval until all reviews (to include Tier I and II acquisitions) are conducted. 

The End User Equipment and Services (EUES) organization will develop and implement a procedure ensuring that Tier Reviews for Tier III hardware and software purchases are conducted, documented, and periodically reviewed for compliance with required procedures for all non-BSM IT acquisitions.  The procedure will be coordinated with the Procurement organization to ensure purchases are not made without receiving Tier III approval.  

The Enterprise Networks organization adheres to policy and procedures as listed in Delegation Order Number 28 and IRM 2.21.  It has developed an additional set of procedures for internal use to ensure that the appropriate reviews and approvals for Tier IV acquisitions are achieved.  As a standard procedure, the Enterprise Networks organization will continue to review all Tier IV requisitions for compliance prior to approval. 

 

2.      Complete lists of approved products are developed and made readily available for use by reviewers to facilitate Tier Reviews. 

Management’s Response:  The Enterprise Operations organization has issued guidelines requiring that complete products lists for Tier I and Tier II acquisitions accompany the requisition.  These lists will be available during Tier I and Tier II Reviews and will become a part of the acquisition file documentation. 

The EUES organization has established a product list for customer review for Tier III acquisitions.  Efforts are being put in place to make it readily available for customer review.  The list will be made available during Tier III Reviews and will become a part of the acquisition file documentation. 

The Enterprise Network organization’s procurements are mostly governed by centralized contracts that have specific products and services approved for compliance with the EA.  Management officials and reviewers of Tier IV procurements approve only those products and services that are compliant through the specific contract.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

The overall objective of this review was to assess the compliance of hardware and software procurements for non-Business Systems Modernization (non-BSM) systems with the Enterprise Architecture (EA).  To accomplish this objective, we:

I.                    Evaluated the acquisition review process to determine whether hardware and software procurements were properly evaluated and approved prior to being awarded. 

A.                 Evaluated the purchasing process for non-BSM systems. 

B.                 Evaluated the Tier Review processes to ensure acquisitions (hardware and/or software) requirements were properly reviewed prior to being awarded. 

II.                 Reviewed hardware and software procurements for non-BSM Tier I (e.g., mainframe), Tier II (e.g., mid-range), and Tier III (e.g., end-user computers) systems to determine whether they complied with the EA. 

A.                 Reviewed Information Technology Asset Management System (ITAMS) information to identify the information technology (IT) inventory of hardware and/or software. 

We obtained a data extract of the ITAMS database covering the period February 4, 2002, to May 25, 2003, and determined the data could not be used in correlating requisition numbers in the ITAMS to those in the Request Tracking System (RTS).  The RTS data were used to identify the IT inventory. 

B.                 Identified non-BSM procurements in the RTS. 

C.                 Analyzed data obtained through the ITAMS (step II.A. above) and the requisitions identified through the RTS (step II.B. above) for testing EA compliance. 

We selected all RTS requisitions from February 4, 2002, to May 21, 2003, using the procurement accounting sub-object codes (SOC) of 3151, 3164, 3165, and 3152.  These SOCs represent Capitalized Software (Tiers I and II), Capitalized Automated Data Processing (ADP) Equipment (Tiers I and II), Capitalized ADP Equipment (Tier III), and Non-Capitalized Software (Tier III), respectively, with status codes of 90 (partial receipt) and 91 (complete receipt).  This represented 651 requisitions as our population from the RTS.  We evaluated all 651 requisitions and divided these into 2 populations representing requisitions that were Tier Reviewed and requisitions that were not Tier Reviewed. 

Due to difficulties the IRS had in locating hardcopy procurement requisition files, RTS data validation of Tier Reviews was limited to items in our judgmental sample.  Data validation of Tier Reviews relied upon hardcopy procurement requisition files for corroborative evidence.  We limited our judgmental sample to 54 requisitions per IRS management’s request (25 Tier Reviewed and 29 not Tier Reviewed).  The 54 requisitions were selected from the RTS data extract covering the period February 4, 2002, to May 21, 2003 (see below for selection methodology of the 54 items). 

Selection of Judgmental Sample

From the 651 requisitions, 3 populations were defined and represented:  Tier Reviewed (418 requisitions), Not Tier Reviewed (141 requisitions), and Ad Hoc (92 requisitions). 

Tier Reviewed:  Of 418 requisitions that were shown on the RTS to be Tier Reviewed, 25 were sampled.  We selected a judgmental sample of requisitions above the following dollar thresholds for each of the SOC categories as follows:

SOC 3151       $500,000.

SOC 3152       $75,000.

SOC 3164       $250,000.

SOC 3165       $100,000.

This selection resulted in a sample of 96 requisitions.  The IRS stated this documentation request was too large, and due to the IRS’ difficulties noted above, we further limited our sample size.  From the listing of 96, we selected a judgmental sample by selecting the 1st requisition and every 4th requisition thereafter.  This resulted in a selection of, and request for, 25 requisitions. 

Not Tier Reviewed:  There were 233 total requisitions in this population.  We removed the 92 Ad Hoc requisitions due to the assertion made that they were exempt from the Tier Review process.  This made our total population of exceptions for this test 141 requisitions.  From this 141, we selected a judgmental sample by selecting the 1st requisition and every 5th requisition thereafter.  This resulted in a selection of, and request for, 29 requisitions. 

 

Appendix II

 

Major Contributors to This Report

 

Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs)

Gary V. Hinkle, Director

Theodore Grolimund, Audit Manager

Mark Carder, Senior Auditor

Myron Gulley, Senior Auditor

Steven Gibson, Auditor

Linda Screws, Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Chief Information Officer  OS:CIO

Chief, Information Technology Services  OS:CIO:I

Director, Procurement  OS:A:P

Acting Director, End User Equipment and Services  OS:CIO:I:EU

Director, Enterprise Operations  OS:CIO:I:EO

Director, Infrastructure, Architecture, and Engineering  OS:CIO:I:IA

Director, Portfolio Management  OS:CIO:R:PM

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Management Controls  OS:CFO:AR:M

Audit Liaisons:

Chief, Information Technology Services  OS:CIO:I

Director, Procurement  OS:A:P

Acting Director, End User Equipment and Services  OS:CIO:I:EU

Director, Enterprise Operations  OS:CIO:I:EO

Director, Infrastructure, Architecture, and Engineering  OS:CIO:I:IA

Manager, Program Oversight and Coordination Office  OS:CIO:R:PM:PO

 

Appendix IV

 

Outcome Measures

 

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration.  These benefits will be incorporated into our Semiannual Report to the Congress. 

Type and Value of Outcome Measure:

Methodology Used to Measure the Reported Benefit:

In our examination of requisitions using the Request Tracking System (RTS), we identified 141 requisitions that had no indication that a Tier Review had occurred.  Without Tier Reviews, the Internal Revenue Service (IRS) has no assurance that its purchases are in compliance with the Enterprise Architecture (EA). 

We selected a judgmental sample of 29 requisitions from the 141 to examine the hardcopy requisition files to identify evidence that a Tier Review had occurred.  Our review of supporting requisition file documentation showed there was no evidence of Tier Review for 26 of these 29 requisitions.  These 26 requisitions accounted for $16,121,659. 

Type and Value of Outcome Measure:

Methodology Used to Measure the Reported Benefit:

In our examination of requisitions using the RTS, we identified 92 Tier III Ad Hoc requisitions that had no indication that a Tier Review had occurred.  These requisitions accounted for $1,107,912.  Without Tier Reviews, the IRS has no assurance that its Tier III Ad Hoc requisitions comply with the EA. 

Type and Value of Outcome Measure:

Methodology Used to Measure the Reported Benefit:

We selected a judgmental sample of 25 requisitions from the 418 requisitions we found to have an indication of a Tier Review on the RTS.  For 16 of the 25 requisitions, there was no supporting documentation of a Tier Review.  Without Tier Reviews, the IRS has no assurance that its information technology purchases are in compliance with the EA.  These 16 requisitions accounted for $14,455,395. 

 

Attachment V

 

Management’s Response to the Draft Report

 

The response was removed due to its size.  To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.