TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
THE INTERNAL REVENUE SERVICEíS
FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT REMEDIATION
Issued on May 21, 2007
Highlights of Report Number: †2007-10-077 to the Internal Revenue Service Chief Financial Officer.
IMPACT ON TAXPAYERS
Our analysis of the December 31, 2006, Federal Financial Management Improvement Act (FFMIA) remediation plan indicated that the Fiscal Year 2007 cost calculations related to computer security remediation actions, totaling $58.5 million, could either not be verified or differed significantly from the detailed supporting documentation provided by the Internal Revenue Service (IRS).† If costs are not accurately estimated and budgeted for, it could delay the completion of the remediation actions due to insufficient resources being available when needed.† Until these actions are taken, the weaknesses in the IRSí financial management system related to computer security issues will continue to exist. †Reliable financial information is critical to the IRSí ability to accurately report on the results of its operations to both internal and external stakeholders, including taxpayers.
WHY TIGTA DID THE AUDIT
This review was conducted to report to Congress, as required by the FFMIA, any instances of and reasons for missed intermediate target dates established in the IRSí remediation plan.
WHAT TIGTA FOUND
During Calendar Year 2006, the IRS reported it canceled 11 and added 61 remedial actions to the 38 open remedial actions listed in its December 31, 2005, remediation plan.† The 11 canceled remedial actions all related to computer security and were replaced by new remedial actions.† Also, during Calendar Year 2006, the IRS reported it completed 37 remedial actions, leaving 51 open remedial actions in its December 31, 2006, remediation plan.
Our review of the 51 open remedial actions indicated that no intermediate target dates were missed and only 1 action was extended. †Out of the 51 open remedial actions, 40 were new for Calendar Year 2006.† The 40 new actions relate to computer security and replaced 11 existing actions that were all scheduled for completion by Fiscal Year 2008.† The new actionsí completion dates range from Fiscal Years 2007 through 2013.
Although the explanations provided by the IRS for extending 1 and replacing 11 existing actions are reasonable, lengthy target completion dates associated with many of the new actions could hinder the IRSí ability to timely resolve the critical issues that cause its noncompliance with the FFMIA.
Our analysis of individual project resources listed in the December 31, 2006, remediation plan indicated that information on the estimated resources needed to implement the 40 open remedial actions relating to computer security were either incomplete or differed significantly from the detailed supporting documentation provided by the IRS.† For example, $58.5 million reported for Fiscal Year 2007 calculated costs related to computer security remediation actions could either not be verified or differed significantly from the detailed supporting documentation provided.†
WHAT TIGTA RECOMMENDED
TIGTA recommended the IRS Associate Chief Financial Officer for Corporate Planning and Internal Control develop procedures requiring that all remediation actions presented in future FFMIA plans be reviewed to ensure they are supported by a calculation of resource needs by year and the calculations be compared to detailed supporting documentation on at least a sample basis.
In their response to the report, IRS officials stated they agreed with the recommendation and plan to develop procedures requiring that owners of all remediation actions presented in future FFMIA plans identify resources for all years covered by the actions and that the owners provide documentation to support the identified resources.† Additionally, the IRS Office of Internal Control plans to review all FFMIA plans to ensure they are supported by a calculation of resource needs by year and compare the calculations to detailed supporting documentation to ensure compliance with reporting procedures.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to: †
Email Address:†† Bonnie.Heald@tigta.treas.gov
Phone Number:†† 202-927-7037
Web Site:†† http://www.tigta.gov