Treasury
Inspector General for Tax Administration
Office of Audit
THE
MODERNIZED E-FILE RELEASE 6.2 INCLUDED ENHANCEMENTS, BUT IMPROVEMENTS ARE
NEEDED FOR TRACKING PERFORMANCE ISSUES AND SECURITY WEAKNESSES
Issued on September 8, 2011
Highlights
Highlights of Report Number: 2011-20-088 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
The Modernized e-File (MeF) Project goal is to
replace the Internal Revenue Service’s (IRS) current tax return filing
technology with a modernized, Internet-based electronic filing platform. The IRS’s processes for enhancing the MeF System
can be improved to better validate correction of prior release performance and
stability issues. This will allow more
individual taxpayers to take advantage of the benefits of electronic filing.
WHY TIGTA DID THE AUDIT
This review is part
of our Fiscal Year 2011 Annual Audit Plan and addresses the major management
challenge of Modernization of the IRS.
The overall objective of this review was to determine whether the IRS properly
identified and corrected MeF performance and stability problems identified
during the 2010 Filing Season.
WHAT TIGTA FOUND
The MeF
Project Office followed Change Management processes, included key performance
enhancements in Release 6.2, and effectively accomplished testing prior to
implementation. However, improvements
are needed for tracking performance issues and security weaknesses. Specifically, internal matrices captured
performance enhancements; however, documentation did not support that
enhancements were tracked to recommended solutions, and internal controls or
guidance were not established for using the matrices. Therefore, TIGTA was unable to validate
whether issues during the 2010 Filing Season were resolved. Additionally, seven of 24 General
Support System security weaknesses affecting the MeF System were unresolved and
not being tracked. Further, although
issues were identified, they were not tracked as required by the MeF Risk
Management Plan.
WHAT TIGTA
RECOMMENDED
TIGTA recommended that the Chief Technology
Officer ensure: 1) all identified
performance issues are effectively mapped through to their resolution for all
future filing seasons; 2) guidance is established for consistent use of
the internal matrix to accurately depict the status of performance enhancements
and solutions; 3) all confirmed MeF security
weaknesses not immediately mitigated are included in the Plan of Action and
Milestones to ensure adequate documentation, reporting, and resolution
tracking; and 4) all issues and risks are included in the Item Tracking
Reporting and Control System or that procedures outside the scope of the MeF
Risk Management Plan are properly documented and approved.
The IRS agreed with three of TIGTA’s recommendations
and stated corrective actions have been taken or started. However, the IRS disagreed with TIGTA’s recommendation
that all confirmed MeF security weaknesses were not immediately mitigated and
included in the Plan of Action and Milestones.
The IRS stated it has currently accounted for all security controls
confirmed as not in place within the Plan of Action and Milestones by
confirming these through a Security Assessment and Authorization currently in
progress. However, TIGTA maintains that
the Plan of Action and Milestones should be continuously monitored and updated
as weaknesses are identified or changes occur and milestones are achieved. This will ensure the accuracy of the
information that is reported quarterly to the Department
of the Treasury.
READ THE
FULL REPORT
To view the report,
including the scope, methodology, and full IRS response, go
to:
http://www.treas.gov/tigta/auditreports/2011reports/201120088fr.html.
Email Address: TIGTACommunications@tigta.treas.gov
Phone
Number: 202-622-6500
Web Site: http://www.tigta.gov