Treasury Inspector General for Tax Administration

Office of Audit

THE MODERNIZED E-FILE RELEASE 6.2 INCLUDED ENHANCEMENTS, BUT IMPROVEMENTS ARE NEEDED FOR TRACKING PERFORMANCE ISSUES AND SECURITY WEAKNESSES

Issued on September 8, 2011

Highlights

Highlights of Report Number:  2011-20-088 to the Internal Revenue Service Chief Technology Officer.

IMPACT ON TAXPAYERS

The Modernized e-File (MeF) Project goal is to replace the Internal Revenue Service’s (IRS) current tax return filing technology with a modernized, Internet-based electronic filing platform.  The IRS’s processes for enhancing the MeF System can be improved to better validate correction of prior release performance and stability issues.  This will allow more individual taxpayers to take advantage of the benefits of electronic filing.

WHY TIGTA DID THE AUDIT

This review is part of our Fiscal Year 2011 Annual Audit Plan and addresses the major management challenge of Modernization of the IRS.  The overall objective of this review was to determine whether the IRS properly identified and corrected MeF performance and stability problems identified during the 2010 Filing Season.

WHAT TIGTA FOUND

The MeF Project Office followed Change Management processes, included key performance enhancements in Release 6.2, and effectively accomplished testing prior to implementation.  However, improvements are needed for tracking performance issues and security weaknesses.  Specifically, internal matrices captured performance enhancements; however, documentation did not support that enhancements were tracked to recommended solutions, and internal controls or guidance were not established for using the matrices.  Therefore, TIGTA was unable to validate whether issues during the 2010 Filing Season were resolved.  Additionally, seven of 24 General Support System security weaknesses affecting the MeF System were unresolved and not being tracked.  Further, although issues were identified, they were not tracked as required by the MeF Risk Management Plan.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the Chief Technology Officer ensure:  1) all identified performance issues are effectively mapped through to their resolution for all future filing seasons; 2) guidance is established for consistent use of the internal matrix to accurately depict the status of performance enhancements and solutions; 3) all confirmed MeF security weaknesses not immediately mitigated are included in the Plan of Action and Milestones to ensure adequate documentation, reporting, and resolution tracking; and 4) all issues and risks are included in the Item Tracking Reporting and Control System or that procedures outside the scope of the MeF Risk Management Plan are properly documented and approved.

The IRS agreed with three of TIGTA’s recommendations and stated corrective actions have been taken or started.  However, the IRS disagreed with TIGTA’s recommendation that all confirmed MeF security weaknesses were not immediately mitigated and included in the Plan of Action and Milestones.  The IRS stated it has currently accounted for all security controls confirmed as not in place within the Plan of Action and Milestones by confirming these through a Security Assessment and Authorization currently in progress.  However, TIGTA maintains that the Plan of Action and Milestones should be continuously monitored and updated as weaknesses are identified or changes occur and milestones are achieved.  This will ensure the accuracy of the information that is reported quarterly to the Department of the Treasury.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:

http://www.treas.gov/tigta/auditreports/2011reports/201120088fr.html. 

Email Address:   TIGTACommunications@tigta.treas.gov

Phone Number:   202-622-6500

Web Site:   http://www.tigta.gov