Treasury Inspector General for Tax Administration
Office of Audit
THE CUSTOMER ACCOUNT DATA ENGINE 2 PROGRAM MANAGEMENT OFFICE IMPLEMENTED SYSTEMS DEVELOPMENT GUIDELINES; HOWEVER, PROCESS IMPROVEMENTS ARE NEEDED TO ADDRESS INCONSISTENCIES
Issued on September 30, 2011
Highlights of Report Number:† 2011-20-127 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
The mission of the Customer Account Data Engine (CADE) 2 Program is to provide state-of-the-art individual taxpayer account processing and technologies to improve service to taxpayers and enhance Internal Revenue Service (IRS) tax administration.† Once completed, the new modernization environment should allow the IRS to more effectively and efficiently update taxpayer accounts, support account settlement and maintenance, and process refunds on a daily basis, all of which will contribute to improved taxpayer services.
WHY TIGTA DID THE AUDIT
The overall objective of this review was to determine if the CADE 2 Program Management Office planned and provided oversight for Transition State 1 design activities in accordance with systems development guidelines, including applicable security provisions.
WHAT TIGTA FOUND
The CADE 2 Program Management Office implemented guidelines to cover key systems development processes.† Due to the critical nature of the system to the IRS mission, 18 enhanced security controls above those required by security guidelines were added to the CADE 2 system to help protect data from unauthorized access, modification, and corruption.† Improvements are still needed to ensure Program consistency.† Specifically:† 1) systems development guidelines and related processes were not consistently implemented by CADE 2 personnel, and 2) requirements and business rules were not sufficiently developed and traced to their sources before the CADE 2 exit of design activities.† The IRS implemented corrective actions; however, some were not developed or completed prior to the conclusion of our audit.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Technology Officer ensure project test plans are developed timely; the Internal Revenue Manual and other guidelines are revised to include Program-level test plans; a comprehensive Integrated Master Schedule is developed; requirements and business rules are identified, sufficiently traced, and controlled in the requirements management tool prior to implementation of testing processes; and all CADE 2 stakeholders use the requirements management tool to create, input, and control requirements to ensure the CADE 2 system functions as designed when deployed into IRS operations.
In its response, the IRS agreed with four of our five recommendations and indicated that corrective action had been completed.† The IRS disagreed with our recommendation to revise the Enterprise Life Cycle guidance, stating it is for project development and is not intended to provide for detailed instructions on developing a Program-level test plan.† Rather, the IRS agreed to reconcile two systems development documents it considers as being consistent with the purpose, scope, and timing of the Program Test Plan, and plans to maintain Program-level guidance about the process.† TIGTA agrees this alternative approach addresses the condition.†
The Chief Technology Officer also stated that our finding regarding delays in developing the Program Test Plan appeared inaccurate, citing uncertainty or unfamiliarity with the Program Test Planís content was not a factor in the decision to defer delivery.† However, during our audit fieldwork, CADE 2 Program Management Office staff advised us that they were considering not completing the Program Test Plan, and only did so after TIGTA brought this to the attention of the CADE 2 Director for Delivery Management.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to: †
Email Address: ††TIGTACommunications@tigta.treas.gov
Phone Number:†† 202-622-6500
Web Site:†† http://www.tigta.gov