Treasury
Inspector General for Tax Administration
Office of Audit
THE CUSTOMER ACCOUNT DATA ENGINE 2
PROGRAM MANAGEMENT OFFICE IMPLEMENTED SYSTEMS DEVELOPMENT GUIDELINES; HOWEVER,
PROCESS IMPROVEMENTS ARE NEEDED TO ADDRESS INCONSISTENCIES
Issued on September 30, 2011
Highlights
Highlights of Report Number:
2011-20-127 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
The mission of the Customer
Account Data Engine (CADE) 2 Program is to provide state-of-the-art individual taxpayer account
processing and technologies to improve service to taxpayers and enhance
Internal Revenue Service (IRS) tax administration. Once completed, the new modernization
environment should allow the IRS to more effectively and efficiently update
taxpayer accounts, support account settlement and maintenance, and process
refunds on a daily basis, all of which will contribute to
improved taxpayer services.
WHY TIGTA DID THE AUDIT
The overall
objective of this review was to determine if the CADE 2 Program Management
Office planned and provided oversight for Transition State 1 design activities
in accordance with systems development guidelines, including applicable
security provisions.
WHAT TIGTA FOUND
The CADE 2 Program Management Office implemented
guidelines to cover key systems development processes. Due to the critical nature of the system to
the IRS mission, 18 enhanced security controls above those required by
security guidelines were added to the CADE 2 system to help protect data
from unauthorized access, modification, and corruption. Improvements are still needed to ensure
Program consistency. Specifically: 1) systems development guidelines and
related processes were not consistently implemented by CADE 2 personnel, and
2) requirements and business rules were not sufficiently developed and
traced to their sources before the CADE 2 exit of design activities. The IRS implemented corrective actions;
however, some were not developed or completed prior to the conclusion of our
audit.
WHAT TIGTA RECOMMENDED
TIGTA recommended
that the Chief Technology Officer ensure project test plans are developed
timely; the Internal Revenue Manual and other guidelines are revised to include
Program-level test plans; a comprehensive Integrated Master Schedule is
developed; requirements and business rules are identified, sufficiently traced,
and controlled in the requirements management tool prior to implementation of
testing processes; and all CADE 2 stakeholders use the requirements management
tool to create, input, and control requirements to ensure the CADE 2 system functions as designed when deployed
into IRS operations.
In its response,
the IRS agreed with four of our five recommendations and indicated that
corrective action had been completed.
The IRS disagreed with our recommendation to revise the Enterprise Life
Cycle guidance, stating it is for project development and is not intended to
provide for detailed instructions on developing a Program-level test plan. Rather, the IRS agreed to reconcile two
systems development documents it considers as being consistent with the
purpose, scope, and timing of the Program Test Plan, and plans to maintain Program-level
guidance about the process. TIGTA agrees
this alternative approach addresses the condition.
The Chief
Technology Officer also stated that our finding regarding delays in developing
the Program Test Plan appeared inaccurate, citing
uncertainty or unfamiliarity with the Program Test Plan’s content was not a
factor in the decision to defer delivery.
However, during our audit fieldwork, CADE 2 Program Management Office staff
advised us that they were considering not completing the Program Test Plan, and
only did so after TIGTA brought this to the attention of the CADE 2 Director for
Delivery Management.
READ THE
FULL REPORT
To view the report,
including the scope, methodology, and full IRS response, go
to:
http://www.treas.gov/tigta/auditreports/2011reports/201120127fr.html.
Email Address: TIGTACommunications@tigta.treas.gov
Phone
Number: 202-622-6500
Web Site: http://www.tigta.gov