FROM: Pamela J. Gardiner /s/ Pamela J. Gardiner

Executive Summary

Objective and Scope

Background

Results

Conclusion

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Executive Summary

One of the most critical issues the Internal Revenue Service (IRS) faces this year is the need to make its computer systems Year 2000 (Y2K) compliant. The IRS depends on its automated systems to process tax returns, issue refunds, deposit payments, and provide employee access to taxpayer account data.

The objective of our review was to provide the IRS information on the status of critical Y2K corrective actions taken in response to the recommendations made in our report entitled The Internal Revenue Service Needs Additional Emphasis on Computer Component Retirement Decisions To Be Ready For the Year 2000 (Reference Number 093506, dated September 16, 1999). Our review covered only three of the six corrective actions included in the prior audit. These corrective actions involved:

• Assuring that decisions to retire computer components in the IRS’ Systems Support Division (SSD) were accurately reflected on the inventory system.
• Issuing guidance for service centers scheduled to transfer retired computer components to the computing centers.
• Requiring that service centers issue letters certifying that retired computer components were placed in archived or obsolete directories prior to their transfer to the computing centers.

The remaining three corrective actions were referred to another audit team for follow-up and will be reported on separately.

Our review showed that IRS management has completed corrective actions to address the three concerns we followed up on from the previous report. The completed corrective actions are designed to assure that computer components are properly retired.

Through interviews with IRS personnel and reviews of documentation, we confirmed that the SSD had conducted a complete review of the status of all its computer components, including the retired computer components, and updated the inventory system.

The IRS’ Information Systems function had also issued instructions for transferring retired computer components from the service centers to the computing centers. All seven service centers scheduled to transfer retired components to the computing centers had issued certification memoranda stating that the retired components had been removed from the IRS systems currently in use.

Management's Response: Although the IRS’ official comments were not available as of the date of this report, we incorporated comments provided by the Century Date Change Project Director. He outlined additional actions the IRS has taken to assure that components are retired timely and properly. These actions included developing several weekly reports for identifying and monitoring component retirements, and conducting independent visits to IRS offices to confirm Y2K compliance, including the retirement of components.

Objective and Scope

The objective of our review was to provide the Internal Revenue Service (IRS) information on the status of critical Year 2000 (Y2K) corrective actions taken in response to the recommendations made in our report entitled The Internal Revenue Service Needs Additional Emphasis on Computer Component Retirement Decisions To Be Ready For the Year 2000 (Reference Number 093506, dated September 16, 1999).

To provide the IRS with our updated assessment in time for any additional corrective actions to be taken before January 1, 2000, we limited our tests to interviews and reviews of documentation. We did not conduct any tests to verify that the actions taken were effective. In addition, we reviewed the status of only three of the six corrective actions. These corrective actions involved:

• Assuring that decisions to retire computer components (i.e., a unique item of software or hardware) in the IRS’ Systems Support Division (SSD) were accurately reflected on the inventory system.
• Issuing guidance for service centers scheduled to transfer retired computer components to the computing centers.
• Requiring that service centers issue letters certifying that retired computer components were placed in archived or obsolete directories prior to their transfer to the computing centers.

The remaining three corrective actions were referred to another audit team for follow-up and will be reported on separately.

We performed audit work in the New Carrollton Federal Building between September 1999 and October 1999. To accomplish our objective, we:

• Interviewed various Information Systems (IS) personnel in the Century Date Change (CDC) Project Office, the SSD, and the Offices of the Assistant Commissioners for IS National Operations and Service Center Operations.
• Obtained and reviewed documentation on the status of the corrective actions. The information obtained included Weekly Status Reports, memoranda from IRS service center executives certifying that components had been retired, and Y2K Alert Memoranda issued to responsible IRS executives by the CDC Project Office.

Details of our audit objective, scope, and methodology are presented in Appendix I. Major contributors to this report are listed in Appendix II.

Background

The Y2K issue presents a significant challenge to IRS operations. Most computer systems have a 2-digit year format which record the upcoming year as "00." These computers may recognize this as 1900 rather than 2000. If this problem is not corrected by January 1, 2000, computer analysis based upon date calculations may produce inaccurate results.

The IRS collects over $1.7 trillion in tax revenue to support the operations for the Federal Government. Because the IRS is highly dependent on computer technology to carry out business, a failure of one or more mission critical computer systems may have a severe impact on its ability to process tax returns, issue refunds, and collect tax revenue. As a result, the IRS established the CDC Project Office with the goal of ensuring that all IRS systems are Y2K compliant (i.e., will function correctly after December 31, 1999).

The CDC Project Office is responsible for monitoring to ensure that the decisions made on IRS computer components are accomplished. The decisions involve making the components Y2K compliant, retiring them, or determining they have no Y2K impact. The CDC Project Office used an established inventory system, the Integrated Network and Operations Management System, to monitor this decision-making process to completion.

During the prior review, we found that retired computer components for the SSD were not always accurately classified on the inventory system. We also found that computer components identified as "to be retired" were not properly identified and were still on IRS systems currently in use.

Results

The IRS took actions to correct concerns raised in our report on computer component retirement decisions for the Year 2000.

In the prior report, we recommended that IRS management review the status of all components classified as "retired" in the SSD and place any components which would be made Y2K compliant or which had no Y2K impact into their proper status on the inventory system. We also recommended they update the target dates for making the components Y2K compliant. The IRS agreed to take our recommended actions.

We interviewed the Director of the SSD and his staff. They confirmed that a complete review of the status of all SSD components, including the retired components, had been performed and that the inventory system had been properly updated. We also obtained and reviewed documentation from the SSD and the CDC Project Office which confirmed that the corrective action was properly completed.

In the prior report, we also recommended that the CDC Project Office develop instructions for the transfer of retired components from the service centers to the computing centers. We further recommended that procedures be implemented at the service centers to put retired components into directories that will not be used before the components are transferred to the computing centers.

IRS management responded that they would issue instructions for transferring retired computer components from the service centers to the computing centers. All retired computer components would be transferred to the computing centers along with a certification letter that stated that the component was actually retired.

We interviewed managers and their staffs in the Offices of the Assistant Commissioner for National Operations and the Assistant Commissioner for Service Center Operations. They confirmed that the instructions for transferring retired computer components from the service centers to the computing centers were issued.

In addition, all seven service centers scheduled to transfer retired components to the computing centers issued certification memoranda stating that the retired components had been removed from IRS systems currently in use. We obtained and reviewed documentation which corroborated the oral statements of IRS officials and their staff.

Management's Response: The CDC Project Director outlined additional actions the IRS has taken to assure that components are retired timely and properly. These actions include developing the following weekly reports, which serve as vehicles for identifying and monitoring component retirements.

• Application Program Registry (APR) Components Retirement Status Phases 1-7
• Tier 2 Weekly Summary Retirement Report
• Device Inventory Y2K Compliance Status
• Telecom Devices to be Retired
• Systems with APR Components Project Implementation and/or Retirement Overdue

The CDC Project Office reports areas of non-compliance weekly to the responsible executive, the Chief Information Officer, and the Commissioner of the IRS in a memorandum titled, "Y2K Alert Memorandum." The CDC Project Office also conducts weekly progress meetings with IRS management and Y2K coordinators to emphasize continually that the IRS must complete its Y2K task, including the retirement of all computer components designated to be retired.

The IRS has also conducted Independent Audit and Readiness Verification visits to computing centers, service centers and district offices to confirm Y2K compliance, including retirement of application components and Commercial Off-the-Shelf products.

Conclusion

IRS management has completed the corrective actions designed to assure that computer components are properly retired.

Detailed Objective, Scope, and Methodology

The objective of our review was to provide the Internal Revenue Service (IRS) information on the status of critical Year 2000 (Y2K) corrective actions taken in response to the recommendations made in our report entitled The Internal Revenue Service Needs Additional Emphasis on Computer Component Retirement Decisions To Be Ready For the Year 2000 (Reference Number 093506, dated September 16, 1999).

To provide the IRS with information timely enough to take corrective action on Y2K issues, we limited our tests to interviews and reviews of documentation, and did not conduct any tests to verify whether the corrective actions were effective. In addition, we included only three of the six corrective actions in this review. The remaining three corrective actions were referred to another audit team for follow-up and will be reported on separately.

1. Century Date Change (CDC) Project Office.
2. Systems Support Division.
3. Office of the Assistant Commissioner for Information Systems National Operations.
4. Office of the Assistant Commissioner for Service Center Operations.

1. Obtained and reviewed the following documentation to determine the status of the corrective actions:
1. CDC Project Management Plan, dated June 15, 1999.
2. CDC Project Office Database of corrective actions.
3. CDC Project Office Status Reports and Y2K Alert Memoranda.
4. Procedures issued by the Deputy Chief Information Officer for Operations.

Major Contributors to This Report

Scott E. Wilson, Associate Inspector General for Audit (Information Systems Programs)

Scott Macfarlane, Director

Terry Black, Audit Manager

Wallace Sims, Senior Auditor

Nelva Blassingame, Auditor

Jeffery Smith, Auditor

Report Distribution List

Deputy Commissioner Operations C:DO

Chief Information Officer IS

Deputy Chief Information Officer, Operations IS

Deputy Chief Information Officer, Systems IS

Assistant Commissioner, Program Evaluation and Risk Analysis M:OP

Director, Enterprise Operations IS:EO

Director, Service Center Operations IS:SC

Director, Systems Support Division IS:SP

Director, Century Date Change Project Office IS:CD

National Director for Legislative Affairs CL:LA

Chief, Office of Management Controls M:CFO:A:M

Office of the Chief Counsel CC

Audit Liaisons:

Information Systems Program Oversight and Management Controls IS:IR:O

Information Systems Audit Assessment and Control Section IS:IR:O:A

Century Date Change Project Office IS:CD