Reviews to Determine Architectural Compliance of Information
Technology Acquisitions Need to Be Consistently Performed and Documented
November 2003
Reference Number: 2004-20-017
This report has cleared the Treasury
Inspector General for Tax Administration disclosure review process and
information determined to be restricted from public release has been redacted
from this document.
November
28, 2003
MEMORANDUM FOR
DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT
FROM: Gordon C. Milbourn III /s/ Gordon C.
Milbourn III
Acting Deputy Inspector
General for Audit
SUBJECT: Final Audit Report - Reviews to Determine
Architectural Compliance of Information Technology Acquisitions Need to Be
Consistently Performed and Documented
(Audit # 200320014)
This
report presents the results of our review of the compliance of hardware and software procurements for non-Business
Systems Modernization (non-BSM) systems with the Enterprise Architecture (EA). Our review evaluated selected Tier I (e.g.,
mainframe), Tier II (e.g., mid-range), and Tier III (e.g., end-user computers)
procurement requisitions for compliance with the IRS’ EA.
In summary, the IRS has
issued interim procedures to promote compliance with its EA. These procedures require that the respective
Tier Owners within the Modernization and Information Technology Services
organization perform a Tier Review to ensure that acquisition requests comply
with the IRS’ EA. However, the
procedures called for in IRS policy guidance are not consistently being
followed and, as a result, potentially limit the IRS’ ability to ensure that
the hardware and software purchases are consistent with its current and
projected EA. The IRS uses the Request
Tracking System (RTS) to initiate procurement requisitions and document Tier
Reviews. Of the 651 procurement
requisitions we reviewed on the RTS, 233 showed no indication of a Tier
Review.
Within these 233 requisitions, we identified 92
procurements totaling $1.1 million that were indicated on the RTS as being Ad
Hoc requisitions. None of the Ad Hoc
requisitions had an indication of a Tier Review, and some of these requisitions
explicitly indicated that a Tier Review
was not required. However, we
were unable to obtain written procedures that indicated Ad Hoc requisitions
were exempt from the Tier Review process.
Having an Ad Hoc process that bypasses a Tier Review increases the risk
of purchasing equipment that is not compliant with the IRS’ EA.
In our review of a judgmental
sample of hardcopy files for 54 of the 651 procurement requisitions, 42 of the
54 sampled items showed no evidence that a Tier Review was performed. Since there was no evidence of a Tier Review
being performed on these 42 purchases totaling $30.6 million, the IRS increases
the risk of obtaining incompatible information technology (IT) hardware and
software that could necessitate additional purchases to provide EA compliance
and increases the potential for inefficient use of resources.
Furthermore, hardcopy
requisition files did not always provide evidence to corroborate RTS data of a
Tier Review. In many instances, we were
unable to validate whether IT purchases were compliant. These conditions occurred because Tier
Owners did not have complete lists of approved products readily available to
facilitate Tier Reviews. In addition,
we noted that some IRS personnel were unfamiliar with IRS policy and procedures
to appropriately document Tier Reviews and ensure that designated personnel
conduct the Tier Reviews.
We recommended that the
Chief Information Officer (CIO) ensure Tier Reviews are performed, documented,
and periodically reviewed for compliance with required procedures. We also recommended that the CIO ensure Tier
Owners develop complete and readily available approved products lists to assist
in the completion of Tier Reviews to be performed on all non-BSM IT procurement
requisitions.
Management’s
Response: IRS management agreed with the
recommendations presented. The Enterprise
Operations organization has measures in place that will ensure all
requisitions are reviewed for completeness and are in compliance with the IRS’
EA, Delegation Order Number 28, and are Section 508 compliant. Requisitions will not be forwarded for
approval until all reviews (to include Tier I and II acquisitions) are
conducted. The Enterprise Operations organization has issued guidelines requiring
that complete products lists for Tier I and Tier II acquisitions accompany the
requisition. These lists will be available
during Tier I and Tier II Reviews and will become a part of the acquisition
file documentation.
The End User
Equipment and Services (EUES) organization will develop and implement a
procedure ensuring that Tier reviews for Tier III hardware and software
purchases are conducted, documented, and periodically reviewed for compliance
with required procedures for all non-BSM IT acquisitions. The procedure will be coordinated with the
Procurement organization to ensure purchases are not made without receiving
Tier III approval. The EUES
organization has established a product list for customer review for Tier III
acquisitions. Efforts are being put in
place to make it readily available for customer review. The list will be made available
during Tier III Reviews and will become a part of the acquisition file
documentation.
The Enterprise Networks organization adheres to policy and procedures as
listed in Delegation Order Number 28 and Internal Revenue Manual 2.21. It has developed an additional set of procedures
for internal use to ensure that the appropriate reviews and approvals for Tier
IV acquisitions are achieved. As a
standard procedure, it will continue to review all Tier IV requisitions for
compliance prior to approval. The
Enterprise Network organization’s procurements are mostly governed by
centralized contracts that have specific products and services approved for
compliance with the EA. Management
officials and reviewers of Tier IV procurements approve only those products and
services that are compliant through the specific contract. Management’s complete response to the draft
report is included as Appendix V.
Copies
of this report are also being sent to the IRS managers who are affected by the
report recommendations. Please contact
me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant
Inspector General for Audit (Information Systems Programs), at (202)
622-8510.
Appendix I – Detailed Objective, Scope, and Methodology
Appendix II – Major Contributors to This Report
Appendix III – Report Distribution List
Appendix IV – Outcome Measures
Appendix V – Management’s Response to the Draft Report
One of the major strategies contained in the Fiscal Year (FY) 2000-2005 Internal Revenue Service (IRS) Strategic Plan is to improve property stewardship and asset management compliance with the IRS’ Enterprise Architecture (EA). The EA defines the IRS’ target business practices, the systems that enable these practices, and the technology that will support the EA. It also serves as a guide to the IRS’ Modernization Program and investment decisions.
In November 2001, the IRS Chief Information Officer (CIO) issued Delegation Order Number 28, which became effective in February 2002. This Delegation Order stated that the Modernization, Information Technology, and Security Services executives have been delegated signature authority and ultimate responsibility for approving information technology (IT) goods and services. Since this Delegation Order was issued, over $566 million in procurements have been made using this delegated signature authority. This includes IT hardware and software procurements for non-Business Systems Modernization (BSM) Tier I (e.g., mainframe), Tier II (e.g., mid-range), and Tier III (e.g., end-user computers) systems.
Audit work was conducted in the Modernization, Information Technology, and Security Services organization at IRS Headquarters in New Carrollton, Maryland, from May to July 2003. Subsequent to our field work the Modernization, Information Technology, and Security Services organization was reorganized and renamed the Modernization and Information Technology Services (MITS) organization. The audit was conducted in accordance with Government Auditing Standards. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
The Office of Management and Budget (OMB) Circular
A-130, Management of Federal Information Resources, dated November 28,
2000, requires agencies to use or create an EA. Furthermore, the
head of each Federal agency is required to effectively and efficiently manage
agency information and IT, and develop policies and procedures that provide for
timely acquisition of required IT. The
agency’s capital planning and investment control process must build from the
agency’s current EA and its transition from current architecture to target
architecture.
Guidance derived from OMB Circular A-11, Planning, Budgeting, Acquisition, and
Management of Capital Assets, dated June 2002, further indicates that
Federal agency managers and staff involved in IT planning and investment
decision making assess IT initiatives in terms of their costs, risks, and
expected returns.
The IRS’ Interim Internal Revenue Manual (IRM) 2.21, Part
1 of the Acquisition Life Cycle: MITS
Responsibilities, issued November 14, 2001, and effective February 4, 2002,
states
that executives with signature authority are fully responsible for each
requisition they approve, regardless of the cost. The Acquisition Life Cycle describes the cradle-to-grave processes surrounding an acquisition,
beginning with identifying a business requirement, refining the business
requirement into a technical requirement, obtaining all reviews and
concurrences necessary to prepare a requisition, procuring the acquisition, and
managing the work related to maintaining and supporting an acquisition, such as
upgrades.
The interim procedures further state that Ad Hoc requests for Tier III hardware should be transferred to the Tier III Point of Contact to ensure completion of all certifications and reviews. This guidance mandates the use of a Requisition Summary to ensure that all necessary reviews (i.e., Tier Review, Impact Assessment, Security Review) are conducted before approving IT requisitions. The Requisition Summary summarizes the status of all reviews and concurrences to give the Management Approver, with signature authority under Delegation Order Number 28, assurance that the requisition is complete and accurate.
Finally, the procedures mandated that the Requisition Summary is to be included as an electronic attachment in the IRS’ Request Tracking System (RTS). The RTS provides functions throughout the acquisition process that include creation, routing, and approval of requisitions for goods and services; electronic receipt and acceptance; and enhanced document attachment capability. All procurement requisitions using budget funds from FY 1999 and later should be entered in the RTS.
Interim IRS procedures state that a Tier Review is to be
performed for each IT requisition to assure it complies with the IRS’ EA
requirements. Additionally, documentation
related to all reviewed and approved requisitions should be maintained in the
originating office and available for comparison against the Requisition Summary
under the Compliance Review process conducted by the Office of Technical
Contract Management in the IRS Office of Procurement at the direction of the
MITS organization.
As indicated above, the interim
version of the procedures governing the IRS’ IT requisition process has been in
effect since February 4, 2002. These
procedures were scheduled for dissemination in September 2003 for
enterprise-wide review and comment. In
addition, the Office of Technical Contract Management made several
recommendations addressing the process of IT requisitions in a prior in-house
review. For example, the review made
recommendations that included clarification of the authority of individuals
within the MITS organization to approve IT requisitions. However, key personnel assigned to oversee
implementation of the in-house review’s recommendations left the IRS, and no
one was designated to continue this effort. As explained below, our review of IT procurement requisitions
indicated that Tier Reviews were not always being performed and documented to
ensure compliance with the EA.
Tier Reviews of IT acquisitions
were not consistently reflected on the RTS as required
Between February 4, 2002, and May
21, 2003, the IRS processed 651 requisitions totaling approximately $219
million for IT hardware and software items relating to Tier I, Tier II, and
Tier III purchases. Review of the
procurement request documentation on the RTS indicated that 233 requisitions
(36 percent), totaling $24.1 million, of the 651 requisitions had not been
subjected to the required Tier Review, as shown
in Table 1.
Table 1: Requisitions
Reviewed on the RTS
|
Requisition
Type |
Tier
Review |
Est.
Funds (millions) |
No
Tier Review |
Est.
Funds (millions) |
|
Tier
I & II Hardware |
69 |
$40.7 |
16 |
$4.7 |
|
Tier
I & II Software |
48 |
$50.0 |
9 |
$6.3 |
|
Tier
III Hardware |
155 |
$50.1 |
83 |
$3.3 |
|
Tier
III Software |
146 |
$53.9 |
33 |
$8.7 |
|
Subtotals |
418 |
$194.7 |
141 |
$23.0 |
|
Tier
III Ad Hoc |
0 |
$0.0 |
92 |
$1.1 |
|
Grand
Totals |
418 |
$194.7 |
233 |
$24.1 |
Source: The IRS’ RTS data from February 4, 2002, to May 21, 2003.
For 141 of the 233 requisitions,
no justification was provided on the RTS for not performing a Tier Review. The 141 requisitions accounted for $23
million. This indicates that, in
the case of all three Tiers we reviewed, personnel were not consistently
following established procedures to document the required Tier Reviews because
there was no clear accountability for ensuring that IRS personnel strictly
adhere to the procedures.
The remaining 92 of the 233 requisitions were identified on the RTS as Ad Hoc requests and accounted for $1.1 million. None of the Ad Hoc requisitions on the RTS had an indication of a Tier Review, and some of these requisitions explicitly indicated that a Tier Review was not required. However, we were unable to obtain written procedures that indicated Ad Hoc requisitions were exempt from the Tier Review process. Having a process that bypasses a Tier Review increases the risk of purchasing equipment that is not compliant with the IRS’ EA.
We also found that the Tier Owners (Tiers I, II, and III) were not consistent in preparing a Requisition Summary on the RTS. For example, Tier personnel did not always enter a Requisition Summary into the RTS. This indicates that the process of uploading the electronic copy of the Requisition Summary is not consistently followed across the Tiers.
Hardcopy requisition file documentation did not always contain evidence that a Tier Review had been conducted
We requested the original
requisition files for a judgmental sample of 238 of the 651 requisitions so we
could review the documentation supporting the required Tier Review. Since the files are located in various geographical
offices, we agreed to reduce our sample, at IRS management’s request, to 54
requisition files, consisting of 25 that the RTS indicated as having a Tier
Review and 29 indicated as not having a Tier Review. As shown in Table 2, we were able to obtain the requisition files
for only 47 of the 54 requisitions. Of
the 54 files, 42 contained no evidence that a Tier Review had been conducted,
including 16 where the RTS showed a review had been conducted.
Table 2: Sample of Requisition
Files Reviewed
|
Category |
Population
per the RTS |
Requisition File Request Results |
Results of
Review for Evidence of Tier Review |
||||
|
Sample
Size |
File
Received |
File Not
Received |
No
Evidence |
Evidence |
Other |
||
|
No Tier
Review |
233 |
29 |
23 |
6 |
26 |
2 |
1 |
|
Tier
Review |
418 |
25 |
24 |
1 |
16 |
8 |
1 |
|
Totals |
651 |
54 |
47 |
7 |
42 |
10 |
2 |
Source: The IRS’ requisition files.
As shown in Table 2, our review
of supporting requisition file documentation showed that 26 of the 29
requisition files corroborated the RTS data showing no evidence of a Tier
Review. These 26 requisitions accounted
for $16.1 million.
Additionally, only 8 of the 25
requisition files could corroborate the RTS data of a Tier Review having been
performed. For 16 of the 25 RTS
requisitions reflected as having been Tier Reviewed on the RTS, no corroborating
evidence was found in the requisition files that a Tier Review had been
performed. These
16 requisitions accounted for $14.5 million.
In the case of all three Tiers,
the required reviews were not documented as performed or conducted at all
because personnel were not formally designated to ensure Tier Review procedures
were strictly followed. Furthermore, Tier personnel were not
consistent in maintaining electronic or paper requisition documentation
supporting the performance of the required Tier Review. Procurement personnel indicated that
contracting officers are not responsible for maintaining requisition file
documentation in the official contract file, which necessitated contacting the
originating office contacts listed on the RTS to obtain original requisition
files. As a result, Tier
representatives were required to spend excessive time during our review
attempting to verify performance of Tier Reviews on the IRS’ RTS and in
locating supporting documentation.
Without consistent and complete Tier
Reviews to ensure development of adequate originating office requisition file
documentation (electronic or hardcopy), the IRS has limited assurance that its
IT purchases comply with the EA.
Complete lists of approved
products were not readily available for use to validate and facilitate Tier
Reviews
Interim IRS procedures require Tier Owners to
use a Tier Review to verify that hardware and software acquisitions comply with
approved products lists that are developed based on EA requirements. Approved products lists serve as reference
guides for the Tier Owner or designated approver to consult before giving
approval to hardware and/or software requisitions.
From the RTS and the requisition file
documentation provided by the IRS, we attempted to determine whether our sampled
requisitions were compliant with the EA.
However, we were unable to determine compliance with the EA because
approved products lists for hardware and/or software purchases were either not
complete or were not readily accessible by Tier representatives for use in
verifying compliance of hardware and software acquisitions.
For example, we noted that Tier Review and
approval personnel for Tier III were unable to use approved products lists for
hardware and software requisitions because the lists had not been developed or
made readily available for use. Without
developed and accessible approved products lists for each Tier, acquisition
approvals by Tier Owners would require extensive time to determine compliance
for almost every procurement requisition.
By not consistently implementing established
procedures and using prescribed tools (i.e., the Requisition Summary and
approved products lists) to perform these reviews, the IRS has increased its
risk of obtaining incompatible IT hardware and software that could
necessitate additional purchases to provide EA compliance. Based on our work, the IRS has made over $31
million in purchases that may not be compliant and that represent a potential
inefficient use of its resources (see Appendix IV).
The CIO should ensure that:
1. Tier Reviews are conducted, documented, and periodically reviewed for compliance with required procedures for all non-BSM IT acquisitions across all Tiers, including Telecommunications.
Management’s Response: The Enterprise Operations organization has measures in place that will ensure all requisitions are reviewed for completeness and are in compliance with the IRS’ EA, Delegation Order Number 28, and are Section 508 compliant. Requisitions will not be forwarded for approval until all reviews (to include Tier I and II acquisitions) are conducted.
The End User Equipment and Services (EUES)
organization will develop and implement a procedure ensuring that Tier Reviews
for Tier III hardware and software purchases are conducted, documented, and
periodically reviewed for compliance with required procedures for all non-BSM
IT acquisitions. The procedure will be
coordinated with the Procurement organization to ensure purchases are not made
without receiving Tier III approval.
The
Enterprise Networks organization adheres to
policy and procedures as listed in Delegation Order Number 28 and IRM
2.21. It has developed an additional
set of procedures for internal use to ensure that the appropriate reviews and
approvals for Tier IV acquisitions are achieved. As a standard procedure, the Enterprise Networks organization
will continue to review all Tier IV requisitions for compliance prior to
approval.
2. Complete lists of approved products are developed and made readily available for use by reviewers to facilitate Tier Reviews.
Management’s Response: The Enterprise Operations organization has issued guidelines requiring that complete products lists for Tier I and Tier II acquisitions accompany the requisition. These lists will be available during Tier I and Tier II Reviews and will become a part of the acquisition file documentation.
The
EUES organization has established a product
list for customer review for Tier III acquisitions. Efforts are being put in place to make it readily available for
customer review. The list will
be made available during Tier III Reviews and will become a part of the
acquisition file documentation.
The Enterprise Network organization’s
procurements are mostly governed by centralized contracts that have specific
products and services approved for compliance with the EA. Management officials and reviewers of Tier
IV procurements approve only those products and services that are compliant
through the specific contract.
Appendix I
Detailed Objective, Scope,
and Methodology
The overall objective of this
review was to assess the compliance of hardware and software procurements for
non-Business Systems Modernization (non-BSM) systems with the Enterprise
Architecture (EA). To accomplish this objective, we:
I.
Evaluated the acquisition review process to determine
whether hardware and software procurements were properly evaluated and approved
prior to being awarded.
A.
Evaluated the purchasing process for non-BSM
systems.
B.
Evaluated the Tier Review processes to ensure
acquisitions (hardware and/or software) requirements were properly reviewed
prior to being awarded.
II.
Reviewed hardware and software procurements for non-BSM
Tier I (e.g., mainframe), Tier II (e.g., mid-range), and Tier III (e.g.,
end-user computers) systems to determine whether they complied with the
EA.
A.
Reviewed Information Technology Asset Management System
(ITAMS) information to identify the information technology (IT) inventory of
hardware and/or software.
We obtained a data extract of the
ITAMS database covering the period February 4, 2002, to May 25, 2003, and
determined the data could not be used in correlating requisition numbers in the
ITAMS to those in the Request Tracking System (RTS). The RTS data were used to identify the IT inventory.
B.
Identified non-BSM procurements in the RTS.
C.
Analyzed data obtained through the ITAMS (step II.A.
above) and the requisitions identified through the RTS (step II.B. above) for
testing EA compliance.
We selected all RTS requisitions from February 4, 2002, to May 21, 2003, using the procurement accounting sub-object codes (SOC) of 3151, 3164, 3165, and 3152. These SOCs represent Capitalized Software (Tiers I and II), Capitalized Automated Data Processing (ADP) Equipment (Tiers I and II), Capitalized ADP Equipment (Tier III), and Non-Capitalized Software (Tier III), respectively, with status codes of 90 (partial receipt) and 91 (complete receipt). This represented 651 requisitions as our population from the RTS. We evaluated all 651 requisitions and divided these into 2 populations representing requisitions that were Tier Reviewed and requisitions that were not Tier Reviewed.
Due to difficulties the IRS had in
locating hardcopy procurement requisition files, RTS data validation of Tier
Reviews was limited to items in our judgmental sample. Data validation of Tier Reviews relied upon
hardcopy procurement requisition files for corroborative evidence. We limited our judgmental sample to 54
requisitions per IRS management’s request (25 Tier Reviewed and 29 not Tier
Reviewed). The 54 requisitions were
selected from the RTS data extract covering the period February 4, 2002, to May
21, 2003 (see below for selection methodology of the 54 items).
Selection of Judgmental Sample
From the 651 requisitions, 3
populations were defined and represented:
Tier Reviewed (418 requisitions), Not Tier Reviewed (141 requisitions),
and Ad Hoc (92 requisitions).
Tier Reviewed: Of 418 requisitions that were shown on the
RTS to be Tier Reviewed, 25 were sampled.
We selected a judgmental sample of requisitions above the following
dollar thresholds for each of the SOC categories as follows:
SOC 3151 $500,000.
SOC 3152 $75,000.
SOC 3164 $250,000.
SOC 3165 $100,000.
This selection resulted in a sample of 96 requisitions. The IRS stated this documentation request was too large, and due to the IRS’ difficulties noted above, we further limited our sample size. From the listing of 96, we selected a judgmental sample by selecting the 1st requisition and every 4th requisition thereafter. This resulted in a selection of, and request for, 25 requisitions.
Not Tier Reviewed: There were 233 total requisitions in this population. We removed the 92 Ad Hoc requisitions due to the assertion made that they were exempt from the Tier Review process. This made our total population of exceptions for this test 141 requisitions. From this 141, we selected a judgmental sample by selecting the 1st requisition and every 5th requisition thereafter. This resulted in a selection of, and request for, 29 requisitions.
Appendix II
Major Contributors to This Report
Margaret E. Begg, Assistant
Inspector General for Audit (Information Systems Programs)
Gary V. Hinkle, Director
Theodore Grolimund, Audit Manager
Mark Carder, Senior Auditor
Myron Gulley, Senior Auditor
Steven Gibson, Auditor
Linda Screws,
Auditor
Appendix III
Commissioner C
Office of the
Commissioner – Attn: Chief of
Staff C
Chief Information Officer OS:CIO
Chief, Information Technology Services OS:CIO:I
Director,
Procurement OS:A:P
Acting Director,
End User Equipment and Services
OS:CIO:I:EU
Director,
Enterprise Operations OS:CIO:I:EO
Director,
Infrastructure, Architecture, and Engineering
OS:CIO:I:IA
Director, Portfolio
Management OS:CIO:R:PM
Chief Counsel CC
National Taxpayer Advocate TA
Director,
Office of Legislative Affairs CL:LA
Director, Office of
Program Evaluation and Risk Analysis
RAS:O
Office of Management Controls OS:CFO:AR:M
Audit
Liaisons:
Chief, Information
Technology Services OS:CIO:I
Director, Procurement OS:A:P
Acting Director, End
User Equipment and Services OS:CIO:I:EU
Director, Enterprise Operations OS:CIO:I:EO
Director, Infrastructure, Architecture, and Engineering OS:CIO:I:IA
Manager, Program Oversight and
Coordination Office OS:CIO:R:PM:PO
Appendix IV
This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration. These benefits will be incorporated into our Semiannual Report to the Congress.
Type and Value of Outcome Measure:
Methodology Used to Measure the Reported Benefit:
In our examination of requisitions using the Request Tracking System (RTS), we identified 141 requisitions that had no indication that a Tier Review had occurred. Without Tier Reviews, the Internal Revenue Service (IRS) has no assurance that its purchases are in compliance with the Enterprise Architecture (EA).
We selected a
judgmental sample of 29 requisitions from the 141 to examine the hardcopy
requisition files to identify evidence that a Tier Review had occurred. Our review of supporting requisition file
documentation showed there was no evidence of Tier Review for 26 of these 29
requisitions. These 26 requisitions
accounted for $16,121,659.
Type and Value of Outcome Measure:
Methodology Used to Measure the Reported Benefit:
In our examination of
requisitions using the RTS, we identified 92 Tier III Ad Hoc requisitions that had no indication that a
Tier Review had occurred. These
requisitions accounted for $1,107,912. Without Tier
Reviews, the IRS has no assurance that its Tier III Ad Hoc requisitions comply
with the EA.
Type and Value of Outcome Measure:
Methodology Used to Measure the Reported Benefit:
We selected a judgmental sample
of 25 requisitions from the 418 requisitions we found to have an indication of
a Tier Review on the RTS. For 16 of the
25 requisitions, there was no supporting documentation of a Tier Review. Without
Tier Reviews, the IRS has no assurance that its information technology
purchases are in compliance with the EA. These 16 requisitions
accounted for $14,455,395.
Attachment V
The response was removed due to its size. To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.