The Internal Revenue Service’s Federal Financial Management Improvement Act Remediation Plan As of December 31, 2004

 

March 2005

 

Reference Number:  2005-10-068

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

March 25, 2005

 

 

MEMORANDUM FOR CHIEF FINANCIAL OFFICER

 

FROM:     Pamela J. Gardiner /s/ Pamela J. Gardiner

                 Deputy Inspector General for Audit

 

SUBJECT:     Final Audit Report - The Internal Revenue Service’s Federal Financial Management Improvement Act Remediation Plan As of December 31, 2004 (Audit # 200510007)

 

This report presents the results of our review of the Internal Revenue Service’s (IRS) Federal Financial Management Improvement Act of 1996 (FFMIA) remediation plan as of December 31, 2004.  The overall objective of this review was to identify any instances and reasons for missed intermediate target dates established in the IRS’ FFMIA remediation plan.  We also evaluated whether the IRS was meeting its responsibilities in fulfilling the intent of the FFMIA.  The review was performed to meet our requirement under the FFMIA that states, in general, each Inspector General shall report to the Congress instances and reasons when an agency has not met the intermediate target dates established in the remediation plan.

In summary, we determined from our review of all 12 open remedial actions as of December 31, 2004, that 1 intermediate target date was missed and 6 dates were extended.  Although the IRS has reasonable explanations for these missed and extended dates, these delays could further hinder the IRS’ ability to timely resolve the reported issues that cause its noncompliance with the FFMIA. 

Also, all of the 12 open remedial actions had intermediate target dates that extended more than 3 years from the initial reporting of the financial weakness.  As required, the IRS, through the Department of the Treasury, properly obtained Office of Management and Budget concurrence to extend its corrective actions beyond the 3-year limitation.  In addition, our analysis of individual project resources listed in the December 31, 2004, remediation plan indicated that project resources were generally verifiable to supporting documentation.

However, our analysis also indicated 45 remedial actions were canceled prior to completion in 2004.  Forty-two (93 percent) of the 45 canceled actions were related to critical future releases of the Integrated Financial System and Custodial Accounting Project, both of which are key financial management projects.  The IRS reported this action was taken because both projects were significantly behind schedule and faced funding shortfalls.  The canceled remedial actions were replaced by two placeholder remedial actions to develop new plans.  Until the IRS develops new remediation actions and milestones to replace these placeholders, we will be unable to reliably assess the IRS’ progress in resolving many of the significant issues which cause its noncompliance with the FFMIA.  

Finally, our analysis indicated the IRS removed seven unaddressed findings and recommendations in 2004.  The findings and recommendations all relate to accountability over property and equipment.  The IRS informed us the findings and recommendations were temporarily removed pending completion of the new plan discussed above.  We believe it is critical that the IRS maintain and continue to report all significant open findings and recommendations.  We discussed this issue with the IRS during our fieldwork, and management informed us they plan to reinstate the removed findings and recommendations in the next FFMIA remediation plan update, for the quarter ending March 31, 2005.

We do not have any specific remediation plan recommendations to offer as a result of our analysis during this audit.  However, management reviewed a draft of this report and agreed with its contents.

Copies of this report are also being sent to the IRS managers affected by the report findings.  Please contact me at (202) 622-6510 if you have questions or Daniel R. Devlin, Assistant Inspector General for Audit (Headquarters Operations and Exempt Organizations Programs), at (202) 622-8500.

 

Table of Contents

Background

Some Intermediate Target Dates Were Missed or Extended

All Remedial Actions Related to Future Releases of the Integrated Financial System and Custodial Accounting Project Were Canceled

Appendix I – Detailed Objectives, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Financial Management Remedial Action Projects

 

Background

The Federal Financial Management Improvement Act of 1996 (FFMIA) established in statute certain financial management systems requirements that were already established by Executive Branch policies.  The FFMIA was intended to advance Federal financial management by ensuring that Federal management systems can and do provide reliable, consistent disclosure of financial data.  Further, this disclosure should be done on a basis that is uniform across the Federal Government from year to year, by consistently using professionally accepted accounting standards.  Specifically, Section (§) 803 (a) of the FFMIA requires each agency to implement and maintain systems that comply substantially with:

  • Federal financial management systems requirements.
  • Applicable Federal Government accounting standards.
  • The Government Standard General Ledger at the transaction level.

Auditors are required to report on agency compliance with the three stated requirements as part of financial statement audit reports.  Agency heads are required to determine, based on the audit report and other information, whether their financial management systems comply with the FFMIA.  If the agency’s financial systems do not comply, the agency is required to develop a remediation plan that describes the resources, remedies, and intermediate target dates for achieving compliance and file the plans with the Office of Management and Budget (OMB).

In addition, § 804 (b) of the FFMIA requires agency Inspectors General to report to the Congress instances and reasons when an agency has not met the intermediate target dates established in its remediation plan.

In the last several years, the Government Accountability Office (GAO) has reported numerous financial management weaknesses in its audits of the Internal Revenue Service’s (IRS) annual financial statements and related assessments of internal control.  Due to these weaknesses, the IRS’ financial management systems have not been in substantial compliance with the requirements of the FFMIA; consequently, the IRS has been required to prepare and maintain a remediation plan.

This review was performed during the period October 2004 through February 2005 in the office of the Chief Financial Officer at the IRS National Headquarters located in Washington, D.C.  The audit was conducted in accordance with Government Auditing Standards.  Detailed information on our audit objectives, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

Some Intermediate Target Dates Were Missed or Extended

The IRS reported 12 open remedial actions in its December 31, 2004, remediation plan.  All of these open actions were associated with five major financial management projects or issues:

  • The Integrated Financial System (IFS) – four remedial actions.
  • The Custodial Accounting Project (CAP) - two remedial actions.
  • The Complex Interest Quality Measurement System (CIQMS) - two remedial actions.
  • The Automated Trust Fund Recovery (ATFR) System - three remedial actions.
  • Security – one remedial action.

See Appendix IV for a detailed description of each project.

Our detailed review of the 12 open remedial actions indicated 1 intermediate target date was missed and 6 dates were extended. 

Missed intermediate target date

The IRS reported the missed target date was due to delays in monitoring performance of CAP Release 1 attributable to a change in contract structure.

Extended intermediate target dates

The IRS extended six remedial action intermediate target dates.  Three of the six extended dates were attributed to delays in end-user training, performance monitoring, and the implementation of IFS Release 1.  Two extended dates were attributed to hiring delays of interest reviewers for the CIQMS and identification of additional controls needed to improve computer security.  The final extended date was attributable to performance monitoring related to CAP Release 1.

Although the IRS has reasonable explanations for these missed and extended intermediate target dates, these delays could further hinder the IRS’ ability to timely resolve the reported issues that cause its noncompliance with the FFMIA.

All of the 12 open remedial actions had intermediate target dates that extended more than 3 years from the initial reporting of the financial weakness.  As required, the IRS, through the Department of the Treasury, properly obtained OMB concurrence to extend its corrective actions beyond the 3-year limitation.  

Finally, our analysis of individual project resources for the 12 remediation actions listed in the December 31, 2004, remediation plan showed that project resources were generally verifiable to supporting documentation.  Also, the GAO did not report any additional recommendations that would have required inclusion in the IRS’ remediation plan as a result of its Fiscal Year 2004 financial statement audit.

All Remedial Actions Related to Future Releases of the Integrated Financial System and Custodial Accounting Project Were Canceled

During Calendar Year (CY) 2004, the IRS reported it completed 17 and added 4 remedial actions to the 70 open remedial actions listed in its December 31, 2003, remediation plan.  Also during 2004, the IRS reported that it canceled 45 remedial actions before completion, leaving 12 open remedial actions listed in its December 31, 2004, remediation plan.

Our analysis of the 45 actions canceled in CY 2004 indicated that 42 of the actions were related to critical future releases of the IFS and CAP, both of which are key financial management projects.  The IRS reported both projects were significantly behind schedule and faced funding shortfalls, and further development of these two projects has been suspended or canceled.  These 42 canceled actions were replaced by 2 placeholder remedial actions to develop new plans.  The IRS reported it expected to complete development of the new plans to address the cancellation of future releases of the IFS and CAP by July 31, 2005, and October 1, 2006, respectively.  We currently are planning a review of the actions the IRS will be taking on the revenue accounting issues.

Two of the remaining three canceled remedial actions dealt with the IRS’ Trust Fund Recovery Program, and the final canceled remedial action was related to the CIQMS.  The IRS had reasonable explanations for canceling these actions.  In addition to the two placeholder actions, described above, the remaining two actions added to the FFMIA remediation plan during CY 2004 related to the ATFR system.

Until the IRS develops new remediation actions and milestones to replace these placeholders, we will be unable to reliably assess the IRS’ progress in resolving many of the significant issues which cause its noncompliance with the FFMIA.

Removed findings and recommendations

The IRS also removed seven unaddressed findings and recommendations from its December 31, 2004, remediation plan.  The findings and recommendations all related to the accountability over property and equipment.  The IRS informed us the findings and recommendations were temporarily removed pending completion of the new plan discussed above.  We believe it is critical that the IRS maintain and continue to report all significant open findings and recommendations.  We discussed this issue with the IRS during our fieldwork, and management informed us they plan to reinstate the removed findings and recommendations in the next FFMIA remediation plan update for the quarter ending March 31, 2005.  We will continue to monitor FFMIA remediation plan updates throughout the year.

 

Appendix I

 

Detailed Objectives, Scope, and Methodology

 

The overall objective of this review was to identify any instances and reasons for missed intermediate target dates established in the Internal Revenue Service’s (IRS) Federal Financial Management Improvement Act of 1996 (FFMIA) remediation plan.  We also evaluated whether the IRS was meeting its responsibilities in fulfilling the intent of the FFMIA.  To accomplish our objective, we:

I.                   Gained an understanding of the requirements of the FFMIA, including Office of Management and Budget and Department of the Treasury guidance for compliance with the FFMIA.

II.                Determined whether the IRS’ remediation plan was consistent with Government Accountability Office recommendations from prior IRS financial audits and related financial management reports.

III.             Determined whether 1) the IRS missed any intermediate target dates established in its remediation plan, 2) intermediate target dates were extended without sufficient documentation to support the revised date, and 3) proper approval was obtained for remedial actions extending more than 3 years.

IV.             Determined whether the IRS remediation plan had established resource needs for remedial actions and the resources presented were consistent with other IRS modernization resource budgets.

V.                Determined whether the IRS had taken adequate corrective actions on prior reported audit findings.

 

Appendix II

 

Major Contributors to This Report

 

Daniel R. Devlin, Assistant Inspector General for Audit (Headquarters Operations and Exempt Organizations Programs)

John R. Wright, Director

Anthony J. Choma, Audit Manager

Philip A. Smith, Lead Auditor

Thomas Dori, Senior Auditor

Bobbie M. Draudt, Senior Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Office of Management Controls  OS:CFO:AR:M

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Audit Liaison:  Chief Financial Officer  OS:CFO

 

Appendix IV

 

Financial Management Remedial Action Projects

 

The Internal Revenue Service (IRS) has initiated five significant financial management projects in response to the various material weaknesses identified by the Government Accountability Office (GAO) relating to the Federal Financial Management Improvement Act of 1996.  The IRS described the functionality of the projects contained in its remediation plan as follows:

The Integrated Financial System (IFS):  The IFS, when fully implemented, will provide the IRS with an integrated accounting system to account for and control resources.  The first release of the IFS includes the General Ledger, Accounts Receivable, Accounts Payable, Funds and Cost Management, and Financial Reporting, as well as Budget Formulation. 

Release 2 was to focus on asset management and a software technical and functional upgrade, including the configuration efforts to allow use of the enhanced features in the cost accounting and finance modules.  Currently, all work on IFS Release 2 has been deferred due to the need for the IRS to balance its systems modernization portfolio with management capacity and available budget.

Procurement Management was planned for Release 3.  All remaining functionality, with the exception of Travel Management, was planned for Release 4.  Travel Management has been deleted from the functional requirements as a result of the Government-wide travel system development efforts.  Content of all future releases is being reevaluated and all future releases have been delayed or placed on indefinite hold.

The Custodial Accounting Project (CAP):  Formerly the Enterprise Data Warehouse/CAP, the CAP is being stopped due to budget cuts.  The IRS is currently examining other options for reducing the weakness to a reportable condition.  The Acting Chief Financial Officer (CFO), Business Systems Modernization, and Business Systems Development are currently developing a business case to determine whether this approach can be funded from the 2005 or 2006 Information Technology budget.

The Complex Interest Quality Measurement System (CIQMS)/Related Systems:  The IRS will implement the CIQMS review process to reduce errors in calculating interest; develop a database to monitor and measure accuracy; implement Decision Modeling Incorporated Interest Net Software to provide functionality; and automate net rate interest adjustments, as well as all other necessary interest computations.

The Automated Trust Fund Recovery (ATFR) System:  The ATFR system provides the capability to systematically upload Trust Fund Recovery Penalty assessments from the Area Offices and properly cross-references payments received for assessments made.  The ATFR system will replace manual processes and ensure compliance with GAO requirements and accounting standards.  Phase 1 will automate the calculation of the penalties and assessment process, Phase II will automate the cross-referencing process, and Phase III will centralize all recovery cases into one compliance center.  In October 2004, the IRS determined it is not feasible to convert legacy accounts to the ATFR system.  The Small Business/Self-Employed Division is working with the Acting CFO and GAO to address issues with the remaining legacy accounts. 

Security:  This project addresses internal control deficiencies cited in various audits; initiates efforts to expand deterrent controls implemented at campuses, field offices, and post-of-duty offices to ensure uniformity and consistency; develops appropriate means through which the IRS can carry out periodic reviews of the effectiveness of policies and procedures, along with means to address security breaches; updates access control standards to reflect changes in technology and operating environments; provides computer security training to personnel; and conducts computer security self-assessment reviews that identify and mitigate vulnerabilities on a proactive basis. 

Based on recent Treasury Inspector General for Tax Administration findings during the review of the computer security material weakness, the Mission Assurance & Security Services organization, in partnership with the Chief Information Officer, have developed new program action plans for the following five issues:  (1) Access Controls, (2) Rules of Behavior, (3) Audit Trails, (4) Training, and (5) Process Authorizations (Certifications and Accreditations).  The high level plan was presented at the January 18, 2005, Financial and Management Controls Executive Steering Committee meeting.