Treasury Inspector General for Tax Administration
Office of Audit
Improvements Are Needed to Ensure Successful Development and System Integration for the Return Review Program
Issued on July 26, 2013
Highlights of Report Number:† 2013-20-063 to the Internal Revenue Service Chief Technology Officer
IMPACT ON TAXPAYERS
The IRS is developing a new Return Review Program (RRP) system to implement the IRSís new business model for a coordinated criminal and civil tax noncompliance system.† Improvements in the IRSís systems development processes are needed to ensure that the RRP system adequately mitigates risks from current and future dynamic fraud threats that confront IRS programs and systems.† A successful RRP systems development will satisfy specified business needs and improvement goals aimed at preventing fraudulent and erroneous Federal tax refunds.† Further, once developed and implemented, the new system will significantly enhance the IRSís capabilities to prevent, detect, and resolve tax refund fraud, including identity theft. ††
WHY TIGTA DID THE AUDIT
The IRSís current fraud detection system is the Electronic Fraud Detection System (EFDS).† The IRS determined that numerous inefficiencies and operational challenges render the EFDS, which was implemented in Calendar Year 1994, too risky to maintain, upgrade, or operate beyond Calendar Year 2015.† Based on fraud detected by the EFDS and supplemented by manual detection methods, the IRS estimates that tax refund fraud is more than $19.2 billion per fiscal year.† Successful implementation of the new RRP system would increase the dollar amount of fraudulent tax refunds identified annually.† Our overall audit objective was to determine whether the IRSís Information Technology Applications Development organization was adequately managing RRP Transition State 1 systems development risks to achieve stated business and information technology requirements.
WHAT TIGTA FOUND
Roles for program-level governance were not yet established for the RRP and the key role of system integrator was not documented or clearly communicated. †From January to December 2012, prototype activities were conducted to validate that technology product solutions integrated successfully.† However, RRP Prototype Management Plans, critical systems development products, were not completed or approved by major stakeholders before significant resources were committed.† Uncertainty about the systems development path for the RRP and the absence of Enterprise Life Cycle guidance for prototypes hindered initial systems development efforts.† Further, alternative commercial software products were not fully considered prior to selecting technology solutions for the RRP system.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Technology Officer:† 1) establish appropriate program-level governance with enterprisewide authority for the RRP; 2) clearly document the RRP systems integrator roles and responsibilities; 3) complete the RRP Prototype Management Plans, clarify how to measure prototype success, map prototype activities to requirements, incorporate lessons learned, and obtain approval from governance bodies; 4) document, for approval by RRP governance bodies, the decided systems development path; 5) establish sufficient Enterprise Life Cycle guidance for prototypes; and 6) take appropriate steps to ensure that change requests include alternative analyses and impact assessments and also establish and implement Enterprise Architecture guidelines for evaluating later versions of tested commercial products.
In its response, the IRS agreed with our recommendations and reports that it has implemented two corrective actions.† The IRS established two new enterprisewide governance entities to oversee the RRP, and it updated its RRP Prototype Management Plans and individual RRP Prototype Reports for performance measures criteria and relevant functional and performance requirements.† In addition, the IRS plans to document system integrator roles and responsibilities in the RRP Project Management Plan and to document the approved RRP systems development path.† The IRS also plans to update the Internal Revenue Manual with prototype guidance and to develop a process for analyzing and processing Enterprise Architecture Change Requests in a standard, repeatable process.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to: †
E-mail Address: ††TIGTACommunications@tigta.treas.gov
Phone Number:†† 202-622-6500