Treasury Inspector General for Tax Administration

Office of Audit

ANNUAL ASSESSMENT OF THE INTERNAL REVENUE SERVICE INFORMATION TECHNOLOGY PROGRAM

Issued on September 28, 2012

Highlights

Highlights of Report Number:† 2012-20-120 to the Internal Revenue Service Chief Technology Officer

IMPACT ON TAXPAYERS

Successful modernization of IRS systems and the development and implementation of new Information Technology (IT) applications is necessary to meet evolving business needs.† The IRS must ensure that its computer systems are effectively secured to protect sensitive financial and taxpayer data.† The IRS also needs to ensure that it leverages viable technological advances as it improves its overall operational environment.

WHY TIGTA DID THE AUDIT

This audit was initiated as part of the TIGTA Fiscal Year 2012 Annual Audit Plan and addresses the major management challenge of Modernization. †TIGTA is required by the IRS Restructuring and Reform Act of 1998 to annually perform an evaluation of the adequacy and security of IRS technology.

WHAT TIGTA FOUND

Since last yearís assessment, the IRS has developed and implemented significant systems, including the daily processing and database implementation projects of the Customer Account Data Engine 2 and a new release of the Modernized e-File system.† The daily processing project provides individual taxpayer account information to select downstream IRS systems on a daily basis and was implemented in January 2012. †The database implementation project will establish a relational database that will store all individual taxpayer account data.† It is in the testing phase and is expected to be placed into production in late 2012.† Modernized e‑File Release 7.0 was implemented in January 2012; however, plans to retire the Legacy e-File system in 2012 were revised.

TIGTA continues to believe that the IRSís Modernization Program remains a major risk.† Improved controls are needed to ensure long-term success for two key systems within the Modernization Program.† The development and implementation of new systems for the Patient Protection and Affordable Care Act provisions present major IT management challenges.† TIGTA suggests that the IRS continues to stress improvements in its overall control processes and performance, including implementing successful new systems, necessary to meet the IRSís mission-critical goals.

The IRS has made progress to improve information security and personnel safety; however, it needs to continue to place emphasis on information and physical security programs in order to ensure that policies, procedures, and practices adequately address security control weaknesses.† Weaknesses were identified over system access controls, configuration management, audit trails, physical security, remediation of security weaknesses, and oversight and coordination on security‑related issues.† Until the IRS addresses security weaknesses, it will continue to put the confidentiality, integrity, and availability of financial and taxpayer information and employee safety at risk.

The IRS IT organization envisions becoming a world‑class provider of IT services by focusing on its people, processes, and technology.† It implemented virtualization technology to continue to improve operational efficiency, but additional improvements are needed.† In addition, the IT organization is effectively working human capital issues, but improvements are needed there also.†

WHAT TIGTA RECOMMENDED

Because this was an assessment report of the IRSís IT Program through Fiscal Year 2012, TIGTA did not offer any recommendations.† IRS officials were provided with an opportunity to review and comment on the report.

http://www.treas.gov/tigta/auditreports/2012reports/201220120fr.html.†

E-mail Address: ††TIGTACommunications@tigta.treas.gov

Phone Number:†† 202-622-6500

Website:†† http://www.tigta.gov