Treasury Inspector General for Tax Administration
Office of Audit
THE CUSTOMER ACCOUNT DATA ENGINE 2 IS MAKING PROGRESS TOWARD ACHIEVING DAILY PROCESSING, BUT IMPROVEMENTS ARE WARRANTED TO ENSURE FULL FUNCTIONALITY
Issued on September 28 2011
Highlights of Report Number: 2011-20-109 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
The mission of the Customer Account Data Engine (CADE) 2 Program is to provide state-of-the-art individual taxpayer account processing and technologies to improve service to taxpayers and enhance Internal Revenue Service (IRS) tax administration. Once completed, the new modernization environment should allow the IRS to more effectively and efficiently update taxpayer accounts, support account settlement and maintenance, and process refunds on a daily basis, all of which will contribute to improved taxpayer services.
WHY TIGTA DID THE AUDIT
The overall objective of this review was to assess the logical and physical design of the CADE 2 Daily Processing activities and ensure the Daily Processing design is secure, the design satisfies the documented approved requirements, and the project management practices adhere to the Enterprise Life Cycle (ELC) standards and processes for the related milestones (through Milestone 4a).
WHAT TIGTA FOUND
The IRS is closer to achieving one of its modernization goals, daily processing of taxpayer accounts. In addition, TIGTA determined the IRS has taken steps to address security requirements during the Daily Processing Project. The IRS prepared a System Security Plan and documented 171 security controls, of which 65 were classified as planned controls (i.e., the control is not in place and there is an activity planned to implement the control).
However, additional improvements and adherence to all criteria will help ensure that the CADE 2 functions as intended and that the January 2012 release date is met. The CADE 2 Daily Processing Project did not ensure business rules and requirements were always fully and timely developed, the Electronic Fraud Detection System was properly recorded in the Item Tracking Reporting and Control System, and open issues were properly addressed and closed prior to milestone exits. Further, the Daily Processing Project did not follow a consistent ELC path, and the Work Breakdown Schedule was incomplete.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Technology Officer ensure a risk mitigation plan is formally developed and documented and all open issues are addressed and closed prior to approving milestone exits. TIGTA also recommended several other system development process improvements.
In its response, the IRS agreed with two of TIGTA’s recommendations and plans to take appropriate corrective action. The IRS disagreed with TIGTA’s recommendation to ensure that all open issues are addressed and closed prior to exiting a milestone. The IRS stated its guidance does not list specifics around what constitutes an open issue, leaving some flexibility to make risk-based decisions on whether a given open issue will impact efforts in the following milestones or undermine the success of the project. However, the design meeting documentation (dated 10 days prior to the milestone exit) indicated the design impact of the open issues was not known. Exiting a milestone without properly addressing critical open issues could result in rework, potentially impact the logical or physical design, and result in unnecessary costs.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
Email Address: TIGTACommunications@tigta.treas.gov
Phone Number: 202-622-6500
Web Site: http://www.tigta.gov