August 19, 1999

Executive Summary

Objective and Scope

Background

Results

Conclusion

Appendix I – Detailed Objective, Scope and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Management's Response to Report

Appendix V – Minicomputer Systems Included in the Review

Executive Summary

One of the most critical issues the Internal Revenue Service (IRS) faces this year is the need to make its computer systems Year 2000 (Y2K) compliant. The IRS is a $1.7 trillion financial services organization dependent on its computer systems to process tax returns, issue refunds, deposit payments, and provide employee access to timely and accurate taxpayer account data. Failure to identify, renovate, and test each of these systems calculations could result in catastrophic disruption to taxpayers and the government. Our review assessed the IRS’ efforts to convert its minicomputer systems.

The IRS has improved its management of the Y2K minicomputer (Tier II) conversion. The Century Date Change Project Office of the IRS Information Systems organization has taken actions to identify and convert minicomputer systems. This organization has (1) assigned responsibility for monitoring conversion of minicomputer systems, (2) identified sites where these systems are located, (3) provided guidance for converting systems, and (4) worked with site managers to develop schedules for converting production systems.

According to Information Systems management, the Tier II Program Office established a two-phased approach for tracking, monitoring, and validating the Y2K conversion effort. Phase I relied primarily on self-reporting by each system project office, while Phase II included validation activities such as independent audit and readiness verification.

The initial widespread use of self-reporting of critical conversion data, with minimal on-line validation, has resulted in weaknesses in systems testing and unmet target dates. We found the following areas where improvements are necessary.

Of the 66 minicomputer systems being monitored, at least 22 did not meet the January 31, 1999, conversion goal. Twelve of these 22 systems are considered mission critical systems. Rather than properly classifying these systems to indicate missed conversion dates, the IRS changed many of the completion dates to classify the systems as merely having minimal or moderate risk. Conversion delays were evident weeks before they were included in tracking reports. The IRS has scheduled five of the systems for conversion in either September or October 1999.

Testing of systems using year 2000 dates is critical to ensure they will remain operational into the next century. The Tier II Program Office requires testing of each system. Thorough testing, as required by the program office guidelines, was not conducted on three of the six systems we evaluated. Weaknesses included not setting system clocks ahead to year 2000 dates and not testing transactions through the complete system.

The Office of Management and Budget (OMB) required formal contingency planning for systems that were not compliant before the end of March 1999. The purpose of contingency planning is to address the possibility that some elements of the system may not be Y2K compliant by the scheduled target date. Our audit testing, which was completed in February, identified seven systems, including two key national systems, that were not scheduled to meet this time frame and were not covered by contingency plans. Plans need to be developed to address the possibility that these systems will not be made compliant before the century date change.

We recommend the following:

• The IRS properly classifies the risk for each minicomputer system that did not meet the January 1999 target date.
• The Century Date Change Project Office representatives independently validate:
• Conversion dates for systems that did not make the January target.
• Testing performed on each mission critical minicomputer system.
• Contingency procedures for all systems that were not compliant by

IRS management provided a detailed response to our report. The Tier II Program Office has identified and classified all systems applications that were not Year 2000 compliant by January 31, 1999, on the Year 2000 Risk Assessment Dashboard Report. The IRS is providing additional oversight to all of these projects. The program office will implement an Independent Audit and Readiness Verification process to validate the actions taken to renovate application systems. Through the verification process, the program office will validate the results of the integrated testing performed by application owners for Tier II systems.

The Century Date Change Project Office requested contingency plans for two key systems that were not Year 2000 compliant by March 31, 1999. The project office will continue to monitor the conversion progress and issue contingency plans as necessary.

Objective and Scope

The objective of this review was to assess the Internal Revenue Service’ (IRS’) conversion efforts and to determine whether conversion efforts will ensure that minicomputer systems will be operational in the next century. We initiated this review as part of the Treasury Inspector General for Tax Administration’s Office of Audit Year 2000 (Y2K) strategy. We performed this review from September 1998 to February 1999 in accordance with Government Auditing Standards.

We conducted testing in the Century Date Change Project Office, the Tier II Systems Software Branch in the Information Systems Technical Services Division, and the Information Systems project offices of the minicomputer systems included in our review. We also conducted testing in the Austin, Charlotte, and Las Vegas Development Centers, Cincinnati Service Center, and Memphis Service Center/Tennessee Computing Center, where various system programmers were located.

We designed and conducted tests to provide an overall assessment of IRS conversion efforts and to determine whether conversion efforts ensure the minicomputer systems will be operational in the next century. Our testing was designed to answer three questions:

• Are the schedules for testing, upgrading, and transmitting programs realistic and attainable?
• Will testing of the selected mission critical minicomputer systems ensure their continued operation into the year 2000?
• Will conversion of selected mission critical systems occur in all applicable sites, and are there contingency plans for systems that will not meet required deadlines?

At the beginning of our review, we conducted a preliminary risk assessment of 47 minicomputer systems to identify those systems with significant taxpayer impact that may be at risk of not being Y2K compliant. Because of this assessment, we performed a detailed evaluation of the conversion efforts of six application systems.

Four of the six systems were categorized as mission critical by the IRS. We included the remaining two systems because they directly affect taxpayer accounts.

Our initial analysis of these systems identified some concerns with meeting the interval, referred to as milestone, completion dates. Therefore, we selected nine additional systems, seven of which were categorized as mission critical by the IRS. We interviewed individuals managing the conversion of each system to assess their progress toward Y2K compliance. We also reviewed contingency planning for systems that will not meet the January 31, 1999, deadline.

The detailed objective, scope, and methodology of the review can be found in Appendix I. Please refer to Appendix II for a list of the major contributors to this report and Appendix III for the report distribution list. Appendix IV details management’s response to the report. Appendix V identifies the systems, along with a description of their purposes, that were included in our review.

Background

The century date change is one of the most critical problems facing organizations today. To ensure its systems will operate into the next century (referred to as being Y2K compliant), the IRS must evaluate all computer systems and applications. The majority of the IRS tax processing occurs on mainframe computers. However, there is a significant amount of mission critical processing at the minicomputer level (Tier II). For example, this category includes a system that tracks tax returns through processing, systems that support electronic filing of tax returns, and a system that enables taxpayers to use the telephone to contact the IRS for tax information. The IRS needs assurance these mission critical systems are adequately prepared for the century date change.

The Century Date Change Project Office was established to ensure all current and future IRS systems are Y2K compliant before January 1, 2000. Applications were to be converted, tested, and implemented, and commercial products were to be upgraded by January 31, 1999. Toward this end, Information Systems created the Tier II Program Office to provide program management and to facilitate timely integration of Y2K compliant applications and commercial products on compliant computers.

The Tier II Program Office identified 66 systems to monitor for Y2K compliance. These are listed on the February 19, 1999, Tier II Risk Assessment Dashboard, a report used to manage the conversion progress. As our review progressed, the program office classified these systems into two categories -- "Key National Tier II Systems" and "Other National Tier II Systems." Systems were categorized by their level of criticality. In the February 19, 1999, report, there were 27 systems listed as Key Systems and 39 listed as Other Systems.

The Tier II Program Office obtained target dates for five critical testing and implementation milestones in order to monitor the minicomputer conversion progress. These five milestones are:

• Establish testing environments.
• Conduct unit testing.
• Conduct integration testing.
• Upgrade production platforms.
• Transmit application into production.

Results

Information Systems has taken actions to make the minicomputer systems Y2K compliant. However, additional validation efforts are needed to ensure systems meet critical time frames for conversion. In addition, contingency planning efforts need to be validated for all systems that did not meet the Office of Management and Budget (OMB) deadline of March 31, 1999.

Planning and Coordinating Efforts Have Been Strengthened

In a report titled Review of the Service’s Efforts to Prepare Its Tier II Infrastructure for the Year 2000 (Reference Number 091206, dated November 20, 1998), we noted that the planning and coordinating of the minicomputer conversion efforts needed to be improved. During the current review, we identified progress in this area. For example, the Tier II Program Office and the Century Date Change Project Office have made significant progress in identifying and assigning responsibility for monitoring the minicomputer system conversion. The Tier II Program Office issued conversion guidelines to the various systems project offices, and the managers in these offices received and understood these guidelines.

Most application components for the systems reviewed were recorded on the IRS computer hardware and software inventory system. In addition, the IRS is currently ensuring that commercial products used to run minicomputer systems are Y2K compliant. Sites where these systems are located have been identified, and site managers have been involved in developing schedules for upgrading the systems at their locations.

According to Information Systems management, the Tier II Program Office has established a two-phased approach for tracking, monitoring, and validating the Y2K conversion effort. Phase I, tracking and monitoring, relied on self-reporting of critical conversion data, including completion dates. Phase II activities included (1) 100 percent validation of software program code, (2) end-to-end testing, (3) contingency planning, and (4) independent audit and readiness verification. The code validation, end-to-end testing, and contingency planning are currently being conducted. The independent audit and readiness verification has not yet begun.

The IRS has, thus far, conducted very little on-line validation of milestone dates or the adequacy of work performed to meet these dates. This use of self-reporting without on-line validation has resulted in unmet target conversion dates and weaknesses in systems testing.

Minicomputer Conversion Risk Continues to be High

The Century Date Change Project Office established January 31, 1999, as the target date for systems to be Y2K compliant. One-third of the minicomputer systems were not compliant by the target date. Project guidelines for classifying systems that missed critical milestone dates at a high risk level are not being followed. In addition, officials responsible for system conversion were reluctant to report delays in their conversion progress. Reluctance to identify and address conversion delays early has resulted in a significant risk for Y2K conversion problems involving minicomputer systems.

The Tier II Risk Assessment Dashboard is a report used to manage the conversion progress. This report is given to the Commissioner at least monthly. The February 19, 1999, report showed that 22 of the 66 (33 percent) systems being monitored had not been converted by the January 31, 1999, completion goal established by the Century Date Change Project Office. The percentage of key minicomputer systems that did not meet this goal is even higher at 44 percent (12 of 27).

The dashboard report includes critical milestone dates and an overall status for each system--red, yellow, or green. Although Information Systems management has indicated that the report evolves over time and its purpose is to track exceptions, there are certain rules listed on the report that should be followed. For example, systems are supposed to be classified as red if they have a critical milestone either past due or 15 percent or more behind schedule. This indicates that the systems may be in trouble and need additional oversight. Yellow indicates moderate risk and is given when milestones are more than 5 percent and less than 15 percent behind schedule. Green indicates no current risks or delays and is given when the milestones are less than 5 percent behind schedule.

In some cases, rather than properly classifying these systems as red, the Tier II Program Office, in conjunction with the various system project offices, changed the milestone dates. Information Systems management informed us that requirements to change these dates included an updated plan with executive signatures, and, in some cases, an approved waiver. We did not validate whether these requirements were met during our review.

We compared the December 18, 1998, dashboard report to the February 19, 1999, report to determine whether milestone date changes had been made. Six of the 12 mission critical systems that missed the January 31, 1999, target date had changes to their milestone dates during this period. All were originally scheduled to meet the target date before this milestone change. After the change, two of the six systems were in yellow status and four systems were in green status. There were no systems in red status.

Our initial testing and discussions regarding 15 systems (selected when we began our review) identified 2 systems, Totally Automated Personnel System (TAPS) and Electronic Management System (EMS), that would not (and eventually did not) meet the January 1999 target date.

TAPS In our September 1998 discussions with TAPS personnel, we were told there would not be a Y2K compliant version operating in all production sites by January 1999 because they were moving to a new architecture. They indicated that one system would be compliant in one site by that date, and they believed that would enable them to meet the requirement. They also indicated approval from the Century Date Change Project Office for this plan, but had no documentation of the approval.

There have been delays in testing TAPS for Y2K compliance and in moving to the new architecture. Due to these delays, the systems owner has decided to make the earlier system and architecture Y2K compliant. These delays were apparent in time to be noted on dashboard reports prepared in early December. However, dashboard reports did not indicate these delays until January 15, 1999.

EMS In mid-November 1998, we discussed with EMS personnel their ability to meet the January 1999 target. They mentioned problems involving one of the targeted database versions due to limitations it created in processing volumes of tax returns. They also stated they would probably need to obtain a waiver. However, dashboard reports did not indicate these delays until January 22, 1999. An earlier dashboard report actually indicated these milestones were complete.

To address conversion delays and inaccuracies in reported milestone dates, we recommend the following:

1. All systems that missed the January 31, 1999, target date are at risk and need additional oversight. The Tier II Program Office should classify each of these systems as either yellow or red on the dashboard report.
2. The Century Date Change Project Office should independently validate milestone dates for systems that did not make the January target.

Management’s Response: The Tier II Program Office has identified and classified all systems applications that were not Year 2000 compliant by January 31, 1999, on the Year 2000 Risk Assessment Dashboard Report. Management will provide additional oversight for those applications that did not meet the initial due date. By default, these are classified as yellow or red on the report. In addition, the program office will implement an Independent Audit and Readiness Verification process to validate the actions taken to renovate the application systems.

Systems Testing Did Not Consistently Address Critical Year 2000 Processing Issues

Testing system processing capability (using Y2K compliant code and commercial products) is critical to ensuring success of the conversion effort. The critical milestone that addresses this is called integration testing. Information Systems personnel did not plan to conduct a full functionality integration test for three of the six systems that we evaluated. Each of these three is critical – EMS processes incoming electronically filed returns, TAPS handles employee timekeeping for payroll purposes, and the Telephone Routing Interactive System (TRIS) handles incoming taxpayer telephone calls.

Integration testing as defined by the Tier II Program Office occurs when the application system is tested with other application systems, other tiers, and other users outside the IRS to ensure that they operate together as required and meet the stated requirements. The systems acceptability testing process can serve as a component of the integration test. Systems acceptability tests verify system documentation and test applications software and interfaces. For application systems that do not use this process, the application system and all its interfaces and configurations must be tested in its entirety, in accordance with the Procedures for Testing Year 2000 (Y2K) Changes, Version 1.1, dated February 13, 1998. This activity is finished when all integration tests have been successfully completed in all environments. Each of the three systems had a different reason for not meeting these requirements.

TRIS The personnel testing this system did not test all parts of the system using year 2000 dates. Their integration testing was focused on how the system would process requests for information during the 1999 tax filing season, and did not include testing all parts of their processing with required year 2000 dates. For example, they did not use year 2000 dates to test the portions of the system that handle incoming taxpayer calls. The system clock was set to the year 2000 only for very limited testing. In addition, certain accounts on the IRS main tax processing computer system, necessary for Y2K testing, were not available at the time they conducted the test.

Information Systems personnel responsible for converting this system told us they believed their testing was adequate. They have reported the testing as complete on the risk assessment dashboard report.

TAPS The IRS used contractors to conduct the integration testing. The testing consumed considerable time because the system had not previously undergone system acceptability testing. IRS personnel responsible for the testing stated that they did not plan to test using year 2000 dates or set the system clocks to the year 2000. They were unable to do this testing because of tight deadlines and delays in obtaining the revised code and in starting the testing. We discussed this issue with the Information Systems personnel responsible for converting this system and they were unaware that the year 2000 testing was not being conducted.

In addition, TAPS integration testing was conducted on one platform (Sun) while the system is currently running on another platform (Pyramid). The initial plans were to convert the system to the Sun platform before the year 2000. Due to conversion delays, the system will have to continue to run on the current platform beyond the year 2000. Therefore, additional testing will be necessary to ensure the upgraded programs will run on this platform beyond the year 2000.

EMS We observed the integration testing for this system. Similar to TRIS, this system is composed of various processes on different computers and involves significant levels of contractor support. The test was conducted as thoroughly as possible; however, one critical component could not be made Y2K compliant at the time of the testing. Therefore, this component could not be included in the test and integration testing was conducted around it. Additional testing will be necessary to ensure this component will work with the rest of the system.

Because our observations indicated problems with integration testing, we believe there is a need for enhanced oversight in this critical area. Without sufficient systems testing, problems could result in delayed end-to-end testing and potential processing problems in the year 2000.

Recommendation

3. We recommend that a Century Date Change Project Office representative ensure that complete integration tests are performed for each Tier II mission critical system.

Management’s Response: The Tier II Program Office, through the Independent Audit and Readiness Verification process, will validate the results of the integrated testing of all Tier II mission critical systems.

Formal Contingency Planning Procedures Are Needed for Systems That Were Not Compliant by March 31, 1999

On January 20, 1998, OMB issued a memorandum (M-98-02) that provides guidance on contingency planning. This memorandum states, "Recognizing that not all systems may achieve the March 1999 target, we expect agencies to make explicit triage decisions as they prioritize their work … agencies must have contingency plans for those systems that are not expected to have completed implementation by March 1999."

The IRS has begun contingency planning efforts to ensure that it can continue to handle the information that these systems process if the system fails. However, the IRS has structured these efforts according to business process rather than on a system-by-system basis. This has resulted in seven minicomputer systems that will not meet the March 31, 1999, deadline and are not covered by current contingency plans. Two of these systems, Compliance Research Information System and TAPS, are considered mission critical by the IRS.

Recommendation

4. The Century Date Change Project Office needs to ensure that formal contingency planning procedures cover all systems that did not meet the March 31, 1999, OMB target.

Management’s Response: The Century Date Change Project Office will continue to monitor the conversion progress and if a risk assessment results in a need for a contingency plan, one will be issued. The Century Date Change Project Office requested contingency plans for two systems that were not Year 2000 compliant by March 31, 1999. The Project Office suspended one of these requests when the system met its compliance requirements. The other request is still outstanding, and a memorandum was sent to the business owners to alert them that they have no contingency plan.

Conclusion

IRS has made significant efforts to ensure its minicomputer systems are compliant. However, there have been delays in the conversion of some mission critical systems and testing has been weak. Self-reporting mechanisms are being used to monitor and manage the conversion effort.

Increased oversight and validation is necessary, especially for the mission critical systems, to ensure that possible conversion delays are identified and addressed early, completion dates are reported accurately, and testing is thorough. Without increased oversight, conversion of these systems before the year 2000 is at risk.

Detailed Objective, Scope, and Methodology

The overall objective of this review was to assess the Internal Revenue Service’ (IRS’) conversion efforts and to determine whether conversion efforts will ensure that minicomputer systems will be operational in the next century.

To accomplish our overall objective, we conducted a preliminary risk assessment of 47 minicomputer systems to identify those systems with significant taxpayer impact that may be at risk of not being Y2K compliant. We then conducted the following tests:

1. We evaluated whether the schedules established by the systems owners for testing, upgrading, and transmitting programs are realistic and attainable.
1. Determined whether the program office identified all mission critical minicomputer application systems and included them in its overall testing schedules.
1. Identified 44 systems from review of the Century Date Change Project Office's systems inventory listing and 23 additional systems through review of workpapers from a previous audit, Review of the Service’s Efforts to Prepare its Tier II Infrastructure for the Year 2000, that were running on minicomputer systems in the districts, service centers, computing centers, and development centers.
2. Compared those systems to the Year 2000 (Y2K) dashboard report prepared by the Tier II Program Office to identify minicomputer systems that the program office is not monitoring.
3. Compared the 66 systems controlled on the Y2K dashboard report to the minicomputer systems shown on the Century Date Change Project Office systems inventory listing to identify systems that the Tier II Program Office is not monitoring.
4. For the 23 unmonitored systems identified through review of the previous audit workpapers, contacted the systems administrators and determined whether any were legitimate, continuing systems.
2. Evaluated guidance given to systems owners on measuring their conversion progress to determine whether it provides accurate input for reporting to the Commissioner and other executives.
3. For the 15 systems selected for testing, we:
1. Determined progress towards completion by January 31, 1999, and the number of delays that occurred in the planned schedule for completion.
2. Verified the accuracy of reports provided periodically to the Commissioner and other Y2K executives on the progress of the Tier II effort.
3. Interviewed programmers for these systems and determined what obstacles they face in making the code Y2K compliant.
4. Determined whether all systems’ interfaces and telecommunication infrastructure components have been identified and documented, and whether they are being made Y2K compliant.
2. We determined whether testing of six mission critical systems conducted by program office personnel, Systems Acceptance Testing (SAT) personnel, and systems owners will ensure that the systems will be operational into the year 2000. (These were 6 of the 15 systems mentioned in Objective I. C.)
1. For the six systems, compared the components listed on the computer hardware and software inventory system with programs currently running on the computer system to determine if all programs are being recorded and tracked on the inventory system.
1. Obtained a download of the components from the inventory system Applications Program Registry (APR) for these systems (see Appendix V):

• Batch Block Tracking System (BBTS)
• Electronic Management System (EMS)
• Telephone Routing Interactive System (TRIS)

1. Obtained a download of programs running on a production platform for those systems.
2. Compared the two downloads to identify any components not being tracked on the inventory system for Y2K conversion.

1. Determined whether the project office ensured that the commercial products used to run the application software are Y2K compliant.
0. Executed the "packageinfo" command on a production platform to obtain a list of commercial products running for BBTS, EMS, and TRIS.
1. Obtained and reviewed available Commercial-Off-The-Shelf (COTS) Year 2000 Impact Analysis Reports, any supporting documentation showing vendor contacts, and all completed COTS Compliance Forms for the six systems.
2. Identified any commercial products not evaluated for Y2K compliance.
2. Evaluated integration test plans for the systems in II.A.1 to determine whether they conform to IRS standards and address all processes that the application systems perform. (BBTS and TRIS did not have complete test plans.)
0. Reviewed the test plan to determine whether it describes the hardware and software used for the test, the pre-determined test results, the data creation and output review techniques, and the systems’ interfaces.
1. Determined whether the plan includes tests covering major subsystems/components identified through our match of the inventory system download and the output from the script program.
2. If the systems project office performs its own Y2K testing, determined whether proper separation of duties existed between the individuals who perform the software component tests and the individuals who perform the integration tests.
3. Identified the types of tests included in the plans and determined whether these tests require the execution of program code.
4. Determined if the integration test plan included production simulation tests or stress tests. If not, asked the systems project office how they planned to measure the impact that the Y2K changes will have on systems capacity.
5. Determined whether test scripts/scenarios, test data, and expected results have been developed for the tests listed in the plan. On a sample basis, determined if the test scripts/scenarios verify that the application handles the following year 2000 dates: 2000-02-29, 2000-02-30, 2000-03-01, 2000-04-01. Determined whether live test data would be used.
3. For the systems in II.A.1, determined whether the integration test was conducted in accordance with IRS standards.
0. When possible, observed the final integration test and identified the exact version of the commercial products loaded on the test platform. Determined whether Information Systems (IS) personnel had loaded the target operating and database management systems prescribed by the Tier II Program Office and a Y2K compliant version of the other commercial products.
1. Determined if the system clock was set to January 1, 2000, and if all application software components and interfaces were loaded onto the test platform. If the project had not loaded all software components and interfaces, we determined whether a simulated interface approach was used for the components being tested.
2. Determined whether testers record all program crashes, compare actual to expected test results, and issue problem reports if the expected results are not achieved.

1. We evaluated whether selected mission critical systems will be converted in all applicable sites, and whether adequate contingency plans exist for those that will not meet required deadlines.
1. Determined whether project offices for the selected systems have a methodology to acquire and distribute Y2K compliant commercial products to the production sites.
1. If the project's approach was to acquire upgrades on behalf of the production sites, we reviewed documentation (requisitions, requests to the Treasury Multi-user Contract Acquisition Contracting Officer Technical Representative, etc.) confirming that upgraded commercial products were ordered and obtained expected delivery dates and product distribution lists/instructions.
2. If the project's approach was to require the local IS function to obtain commercial product upgrades, obtained all documentation showing the instructions given to and agreements reached with the local IS site manager. Determined if the project office has assurance that the local IS function ordered the products and if the project knew the expected delivery dates.
3. Determined whether the expected delivery dates identified above were before the date the project office established for upgrading the production platforms.
2. Determined whether adequate contingency plans were developed for those systems not Y2K compliant by January 31, 1999.
1. Reviewed the revised Work Breakdown Structure and Milestone Concurrence Forms and identified three Tier II systems (and two subsystems) that will not meet the deadline. Determined if the Tier II Program Office met with systems owners and obtained documentation of agreements that were reached. These systems are:

• Automated Substitute for Return (ASFR)
• Examination Returns Control System (ERCS)
• Travel Reimbursement and Accounting System (TRAS)

1. Determined the reasons for not meeting the deadline and evaluated whether these reasons could apply to other projects. If so, determined whether the Tier II Program Office contacted the other projects and discussed the impact of these problems.
2. For the systems identified in III.B.1 above, contacted the project office and determined if they have contingency plans for not participating in the
   end-to-end test. Also, determined if the systems owner had contingency plans for conducting business without the system being operational.
3. Reviewed contingency planning efforts to determine whether they will effectively address problems resulting from the systems not being converted.

Major Contributors to This Report

Gary E. Lewis Deputy Regional Inspector General for Audit

Tammy L. Whitcomb Audit Manager

Alan Laudermilch Senior Auditor

Tom Cypert Senior Auditor

Jimmie Johnson Senior Auditor

Mike Laird Senior Auditor

Melinda Estrada Auditor

George Franklin Auditor

Michelle Griffin Auditor

Ken Henderson Auditor

Steve Holmes Auditor

Robert Nguyen Auditor

Esther Wilson Auditor

Laurelle Zamparelli Auditor

 Appendix III

Report Distribution List

Deputy Commissioner Operations C:DO

Deputy Commissioner Modernization C:DM

National Director for Legislative Affairs CL:LA

Chief Information Officer IS

Assistant Commissioner (IS National Operations) IS:O

Director, Year 2000 Program IS:CD

Assistant Commissioner (Collection) OP:CO

Assistant Commissioner (Examination) OP:EX

Assistant Commissioner (Program Evaluation and Risk Analysis) M:OP

Director, Office of Information Resources Management IS:IR

Office of Management Controls M:CFO:A:M

Audit Liaisons

Century Date Change Project Office IS:CD

Chief, IS Audit Assessment and Control Section IS:IR:O:A

TIGTA Liaison IS:IR:O:A

Management's Response to the Draft Report

Minicomputer Systems Included in the Review