Treasury Inspector General for Tax Administration
Office of Audit
THE MODERNIZED E-FILE RELEASE 6.2 INCLUDED ENHANCEMENTS, BUT IMPROVEMENTS ARE NEEDED FOR TRACKING PERFORMANCE ISSUES AND SECURITY WEAKNESSES
Issued on September 8, 2011
Highlights of Report Number: 2011-20-088 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
The Modernized e-File (MeF) Project goal is to replace the Internal Revenue Service’s (IRS) current tax return filing technology with a modernized, Internet-based electronic filing platform. The IRS’s processes for enhancing the MeF System can be improved to better validate correction of prior release performance and stability issues. This will allow more individual taxpayers to take advantage of the benefits of electronic filing.
WHY TIGTA DID THE AUDIT
This review is part of our Fiscal Year 2011 Annual Audit Plan and addresses the major management challenge of Modernization of the IRS. The overall objective of this review was to determine whether the IRS properly identified and corrected MeF performance and stability problems identified during the 2010 Filing Season.
WHAT TIGTA FOUND
The MeF Project Office followed Change Management processes, included key performance enhancements in Release 6.2, and effectively accomplished testing prior to implementation. However, improvements are needed for tracking performance issues and security weaknesses. Specifically, internal matrices captured performance enhancements; however, documentation did not support that enhancements were tracked to recommended solutions, and internal controls or guidance were not established for using the matrices. Therefore, TIGTA was unable to validate whether issues during the 2010 Filing Season were resolved. Additionally, seven of 24 General Support System security weaknesses affecting the MeF System were unresolved and not being tracked. Further, although issues were identified, they were not tracked as required by the MeF Risk Management Plan.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Technology Officer ensure: 1) all identified performance issues are effectively mapped through to their resolution for all future filing seasons; 2) guidance is established for consistent use of the internal matrix to accurately depict the status of performance enhancements and solutions; 3) all confirmed MeF security weaknesses not immediately mitigated are included in the Plan of Action and Milestones to ensure adequate documentation, reporting, and resolution tracking; and 4) all issues and risks are included in the Item Tracking Reporting and Control System or that procedures outside the scope of the MeF Risk Management Plan are properly documented and approved.
The IRS agreed with three of TIGTA’s recommendations and stated corrective actions have been taken or started. However, the IRS disagreed with TIGTA’s recommendation that all confirmed MeF security weaknesses were not immediately mitigated and included in the Plan of Action and Milestones. The IRS stated it has currently accounted for all security controls confirmed as not in place within the Plan of Action and Milestones by confirming these through a Security Assessment and Authorization currently in progress. However, TIGTA maintains that the Plan of Action and Milestones should be continuously monitored and updated as weaknesses are identified or changes occur and milestones are achieved. This will ensure the accuracy of the information that is reported quarterly to the Department of the Treasury.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
Email Address: TIGTACommunications@tigta.treas.gov
Phone Number: 202-622-6500
Web Site: http://www.tigta.gov