TREASURY INSPEcTOR GENERAL
FOR TAX ADMINISTRATION
REVIEW OF THE SERVIcE'S EFFORTS TO PREPARE ITS
TIER II INFRASTRUcTURE FOR THE YEAR 2000
Reference No. 091206
Date: November 20, 1998
One of the most critical issues the Service faces this year and next is the need to make its computer systems Year 2000 (Y2K) compliant. The Service’s ability to successfully meet this enormous challenge will largely be determined by the quality of their program management and executive leadership. The Service is a $1.7 trillion financial services organization dependent on its automated systems to process tax returns, issue refunds, deposit payments, and provide employee access to timely and accurate taxpayer account data. Failure to identify, renovate, and test each of these system calculations could result in catastrophic disruption to taxpayers and the government.
The objective of this review was to evaluate the overall efforts of the Service in identifying and converting its Tier II infrastructure. Although the majority of the Service’s tax processing occurs at the Tier I level, there is a significant amount of processing at the Tier II level, as well. As a result, some Tier II systems feed data to the Tier I systems. Examples of processing systems in Tier II include the Electronic Management System (EMS) and Telefile.
The Service must better focus, manage, and control the century Date change (cDc) effort to assure business continuity. Our review identified the following areas where critical improvements are needed:
The century Date change Project Office and the Tier II Program Office have made progress in the way the Y2K effort is being tracked and managed. However, the conversion of the Tier II infrastructure by January 1999, is questionable. In May 1998, we reported to management the need to establish an implementation plan for the Tier II effort, enhance the planning and coordination of the Tier II testing effort, and improve coordination and accountability with the field and customer organizations.
Information Systems management agreed with the issues we reported in May 1998, and established a Tier II Program Office to address these issues. A work breakdown structure to schedule testing and implementation for mission critical Tier II systems was developed, and an overall implementation schedule was to be developed by July 30, 1998. coordination improvements were implemented to address Tier II issues. However, the corrective actions planned in response to the coordination issues in our memorandum addressed Tier II only. The conditions we observed were not confined to Tier II, but included coordination issues among all Tiers.
As our review progressed, we reported to management the need to ensure consistency between Y2K needs and Integrated Network and Operations Management System (INOMS) instructions, and to improve the accuracy and completeness of the inventory. We are now reporting the need to establish contingency plans for delays in vendor schedules and infrastructure upgrades.
Accuracy of INOMS is critical because it is the primary tool the cDc Project Office and the Tier II Program office are using to track the Y2K conversion process. We identified that the platform inventory is complete but nearly half of the 837 platforms reviewed were recorded inaccurately. The commercial-Off-The-Shelf (cOTS) software inventory was incomplete and inaccurate. Approximately 28% of the 411 products were not recorded on INOMS, and 22% were recorded with the wrong version. In a separate test for accuracy, 77 of 168 products were recorded with the incorrect version.
Each of the findings identified above is addressed as steps in the awareness and assessment phases outlined in GAO’s Assessment Guide for Year 2000. According to the guide, these phases should have been completed by mid-1997 to ensure conversion is completed for Y2K. However, the Service is still in the process of finalizing their Tier II inventory and establishing detailed management plans for the Tier II initiative. Based on our assessment, conversion of the Tier II processing systems by January 1999, is in jeopardy.
We recommend the following:
Auditor's Note: Management responded to each of the above recommendations when they were issued in a memorandum. However, this recommendation was designed to address broad cDc coordination issues, not just those related to Tier II. A broader corrective action is needed to address this concern.
Management Response: Management’s earlier response (see preceding page) has been summarized in the report. However, their response to this complete report was not available for inclusion at the time it was issued. We were informed that management is developing actions to address our concerns and will provide us with a written description of their proposed corrective actions at a later date.