The Internal Revenue Service (IRS) replaced the computer systems used to annually process approximately 170 million paper tax returns and 50 million payments. The new system, referred to as the Integrated Submission and Remittance Processing (ISRP) System, is necessary because the existing computers cannot process data after
December 31, 1999. This is our third audit of the ISRP system. The first two audits evaluated the processes used by the IRS to design and develop the ISRP system. During this audit, we evaluated the IRS’ process for ensuring that problems identified during the system’s pilot were adequately corrected.

Overall, the IRS’ implementation of ISRP was successful. As of May 21, 1999, the IRS had processed over 66 million tax returns and over 11 million payments through the ISRP systems nationwide. Despite these notable accomplishments, the process of integrating ISRP with other IRS operations has resulted in additional risks and challenges affecting the IRS goal of ensuring that taxpayers are provided top quality submission processing services.

During this review, we found that document processing changes increased taxpayer burden, approval of a system enhancement placed the implementation at risk, contingency plans were incomplete and untested, and access to taxpayer information was not properly controlled.

The implementation of ISRP required changes to the IRS’ procedures for controlling documents. These changes resulted in additional taxpayer burden and created additional work in order to correct processing errors. For example, we found that:

• ISRP data entry operators occasionally failed to process tax returns (did not enter the tax return data). These unprocessed tax returns resulted because ISRP operators were no longer required to enter the unique serial number of each document processed. Based upon our review of randomly sampled tax returns, we estimate that approximately 230 tax returns processed through the ISRP systems at 3 sites were sent to warehouses without being processed and an additional 7,800 tax returns contained serial numbering problems.

• The amount of taxpayer contacts required to resolve payment processing mistakes increased. The ISRP system used to create and store computerized pictures (images) of the original payment documents (checks, money orders, payment vouchers, etc.) did not always capture usable information. Based upon our review of randomly sampled payments, we estimate that the ISRP system’s computer archives did not capture any images for approximately 2,900 payments and captured incomplete sets of images for approximately 6,000 additional payments.²
• Delays in the numbering of tax returns received with payments affected the accuracy of penalty assessments and the IRS’ ability to research payment-related processing errors. In the past, the control numbers for tax returns received with payments were assigned when the payments were processed and matched the control number assigned to the payment. Some IRS computer programs assessed penalties based upon dates reflected in the control number assigned to the tax return.

The IRS approved a significant enhancement to the design of the ISRP system despite delays in the project’s implementation schedule and unresolved development problems. After formally advising the vendor of concerns regarding the timely delivery of ISRP, the IRS authorized a significant system enhancement. The additional requirement increased the risk of delays in the vendor’s delivery of the system. After we advised them of the potential risks, IRS management decided to delay development of the enhancement.

On January 29, 1999, we advised the IRS of our concerns with its back-up plans for unexpected tax return and payment processing problems (i.e., contingency plans). We reported a lack of detail in the 1999 contingency plans, budget and staffing reductions that limited contingency alternatives, and the omission of the ISRP system from local recovery plans. In addition, we questioned the reliability of the IRS’ payment processing capabilities if problems with ISRP occur after the year 2000. IRS officials agreed with our recommendations and took corrective actions regarding the 1999 contingency plans, but they did not agree with our recommendations regarding contingency plans for problems in the year 2000 and beyond.

We are still concerned with the IRS’ year 2000 back-up payment processing capabilities. If detailed contingency plans are not both finalized and tested, unexpected problems with the IRS’ payment processing systems may result in untimely deposits, unprocessed payment transactions, and errors in calculating tax due balances. As of October 14, 1999, the IRS had neither completed negotiations with the vendors expected to provide the back-up services nor tested the contingency plans currently in place.

Due to the personal and sensitive nature of information on IRS computer systems and the legal requirements to safeguard the privacy of taxpayer information, the IRS established procedures to check the background of all individuals granted access to its computer systems. This includes the employees of vendors contracted to implement and maintain ISRP.

We reviewed the background investigation results for 51 vendor employees at 6 service centers. We found that 59 percent of these employees (30 of 51) did not have completed background investigations. Although we did not identify any misuse of taxpayer data, vendor employees with the computer knowledge and skills necessary to misuse this data were allowed access to ISRP before the completion of their background investigations.

The report contains specific recommendations for the IRS to improve the ISRP system’s control and accountability of all documents processed, to update submission processing contingency plans, and to improve ISRP controls designed to safeguard taxpayer information.

Management’s Response: IRS management agreed with the issues addressed in this report and stated that they have implemented corrective actions to improve the ISRP system’s control and accountability of documents, strengthen contingency plans, and improve ISRP controls designed to safeguard taxpayer information. IRS management’s complete response to the draft report is included as Appendix V.