Treasury Inspector General for Tax Administration
Office of Audit
FOREIGN ACCOUNT TAX COMPLIANCE ACT:† IMPROVEMENTS ARE NEEDED TO STRENGTHEN SYSTEMS DEVELOPMENT CONTROLS FOR THE FOREIGN FINANCIAL INSTITUTION REGISTRATION SYSTEM
Issued on September 27, 2013
Highlights of Report Number: †2013-20-118 to the Internal Revenue Service Chief Technology Officer and the Commissioner, Large Business and International Division.
IMPACT ON TAXPAYERS
The development of the Foreign Financial Institution Registration System allows the IRS to support requirements of the Foreign Account Tax Compliance Act (FATCA) legislation.† The expected benefits of this information technology project include the ability to:† 1) effectively register Foreign Financial Institutions; 2) increase annual enforcement revenue; and 3) support the IRSís new overall information reporting system for the FATCA.† The successful development, deployment, and implementation of the Foreign Financial Institution Registration System should significantly improve taxpayer compliance internationally and enhance IRS tax administration.
WHY TIGTA DID THE AUDIT
The overall objective of this review was to determine whether the IRSís systems development approach for the Foreign Financial Institution Registration System is sufficiently mitigating risks with the application of information technology management controls for successful development and delivery of requirements and capabilities aimed at FATCA milestones and goals.† Specifically, TIGTA evaluated the IRSís key management controls and processes over program management, security control processes, testing documentation, requirements management, and fraud detection controls.
WHAT TIGTA FOUND
The IRS is developing the Foreign Financial Institution Registration System within its new Enterprise Life Cycle Iterative Path systems development and testing process.† The initial system release was substantially developed and nearing deployment when the IRS terminated the effort in November 2012.† Following new Department of the Treasury regulations, changes with Intergovernmental Agreements, and new processes needed to implement the FATCA, the IRS was unable to fully utilize the initial system.† Subsequently, the IRS modified and expanded the scope of the system requirements. †The major redesign and initiation of a new development effort was necessary because the IRS did not sufficiently develop requirements for the initial Foreign Financial Institution Registration System as needed for new system development.
While the IRS has taken steps to improve management controls for this major information technology investment, additional improvements are needed to ensure consistent adherence to risk mitigation processes for program management, security control processes, testing documentation, and requirements management.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Technology Officer and the Commissioner, Large Business and International Division, timely identify and communicate system changes for future FATCA releases and ensure that the IRS consistently documents and maintains test cases and test results.† In addition, the Chief Technology Officer should ensure that adequate program management controls are in place and consistently followed to allow the IRS to accomplish its FATCA goals and objectives.† Finally, the Chief Technology Officer should ensure that all system requirements documentation includes the requirements being tested and all security requirements, and that corresponding test cases are identified and sufficiently traced, managed, and tested.
In its written response to the report, the IRS agreed with all six recommendations.† However, TIGTA believes that the action plans provided by the IRS for two of the recommendations were not fully responsive.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
E-mail Address: ††TIGTACommunications@tigta.treas.gov
Phone Number:†† 202-622-6500