Executive Summary

Objective and Scope

Background

Results

Conclusion

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measures

Appendix V – Credit Card Program Advertisement

Appendix VI – Management’s Response to the Draft Report

Executive Summary

In 1999, the Internal Revenue Service (IRS) began providing taxpayers with the option of paying the balances due on their United States Individual Income Tax Returns (Forms 1040) by using credit cards or by authorizing direct payments from their bank accounts. To provide this service, the IRS contracted with several private vendors to process the electronic payments at no cost to the IRS.

The IRS received over 53,000 credit card payments totaling $183.8 million and over 76,000 direct debit payments totaling $141.9 million during the 1999 Filing Season. For the 2000 Filing Season, the IRS has contracted for program enhancements to process the 1.6 million credit card payments that it expects to receive. These enhancements include allowing credit card payments for estimated taxes and taxes related to Form 1040 filing extensions made through the Pay by Phone Program. They also include adding more service providers, while expanding payment acceptance, to additional types of credit cards through the File and Pay Program.

Our overall objective was to evaluate the IRS’ efforts to effectively implement the expanded services of these credit card programs for the 2000 Filing Season.

Although the IRS effectively communicated with its credit card program vendors through conference calls and reviews of their work schedules, at the onset of our review it had not exercised its contractual rights to independently verify the accuracy of their work. While we acknowledge that monitoring vendor performance is important for effective project management, it does not adequately ensure that the vendors’ reports and program tests are reliable and accurate. Without such verification, there is an inherent risk of negatively impacting taxpayer relations if potential problems are not identified and corrected prior to implementation.

The IRS subsequently advised us in November 1999 that it had arranged to have one vendor’s test results independently verified. However, the effectiveness of starting this review so near the start of the filing season raises the question as to whether sufficient time will be available to effectively complete the review. If not timely completed, the IRS is at risk of having to process the electronic payments before the vendor’s work is thoroughly evaluated and any problems are corrected.

The Office of Federal Procurement Policy (OFPP) has established best practice guidelines for contract administration in the federal government. These OFPP guidelines recommend a quality assurance process to evaluate the services and products that vendors are required to furnish. We believe that exercising the IRS’ contractual rights should be considered an integral part of its program verification process in addition to current monitoring efforts. Such verification, if routinely and timely performed, would help ensure that future program enhancements are effective.

The IRS has entered into several contracts with private vendors. These contracts allow vendors to provide a "service for fee" to a taxpayer that wishes to electronically file his/her tax return and pay his/her taxes by credit card. The vendors agree to provide the appropriate software and security provisions necessary to implement their programs at no cost to the IRS. The contracts also provide the IRS with the contractual right to inspect and verify the vendors’ work prior to implementation.

However, we found that the IRS does not normally exercise its right to inspection because it is not at risk monetarily. It also believes that it is in the vendor’s economic best interest to deliver a quality program to remain in partnership with the IRS.

The independent review the IRS contracted for in November 1999 included an analysis of the vendors’ security and privacy test plans. While we agree that requiring an independent review is a good business practice, the effectiveness of starting this review at such a late date could place the IRS at risk of having insufficient time to identify and correct potential problems.

Independent verification is important for the IRS to ensure that vendors have effectively tested their programs to help prevent significant processing problems that may adversely affect taxpayer relations. For example, if verification of changes to a vendor’s program had been performed during the 1999 Filing Season, the error that caused 13,700 (26 percent) credit card payments to be applied to the wrong tax year and 9,400 erroneous notices to be sent to taxpayers may have been prevented.

At the time of our review, a newly added private vendor reported that its program would not be ready for implementation until late February 2000, making an independent review prior to the filing season impossible. While we have since been informed that this vendor was unable to deliver the program and has asked to be released from its contract, it does illustrate another potential risk to IRS processing and taxpayer relations if vendor programs are not timely delivered.

To improve the IRS’ process for implementing credit card program enhancements, we recommend as a good business practice that the IRS exercise its contractual rights of inspection to ensure that vendor programs are accurately and timely developed. It should also ensure that program development includes sufficient time for independent review prior to implementation.

Management’s Response: IRS management agrees with the benefits of the recommendations and stated that future project plans would include independent reviews of vendor testing. These reviews will be built into filing season project plans and IRS management will allow sufficient time for evaluation and appropriate corrective actions prior to program implementation.

Management’s complete response to the draft report is included as Appendix VI.

Objective and Scope

The overall objective of this review was to evaluate the Internal Revenue Service’s (IRS) process to ensure that the credit card program enhancements planned for the 2000 Filing Season are effectively implemented.

To accomplish our objective, we assessed the degree of oversight the IRS exercised over vendor performance and evaluated the tools and controls used to monitor program implementation. We also evaluated the process used for testing program enhancements and the security and deposit provisions of vendor contracts.

Audit work was performed between September and November 1999, in the National Office and at vendor sites in San Ramon, California, and Bellevue, Washington. This audit was performed in accordance with Government Auditing Standards.

Details of our audit objective, scope, and methodology are presented in Appendix I. Major contributors to this report are listed in Appendix II.

Background

The Taxpayer Relief Act of 1997, 26 U.S.C. § 24, allowed the IRS to accept payment of taxes by any commercially acceptable means that the Secretary of the Treasury deems appropriate. As a result, the IRS, in partnership with private industry, initiated three pilot programs that allow individual taxpayers to pay their taxes electronically.

In 1999, a taxpayer could pay the balance due shown on his/her 1998 United States (U.S.) Individual Income Tax Return (Form 1040) through any of the following pilot programs:

• The Pay by Phone credit card program available through a private vendor, U S Audiotex, using a Discover, MasterCard, or American Express credit card. This program received over 44,800 credit card payments totaling over $174.4 million.
• The File and Pay credit card program available through a private vendor, Novus Services, Inc., and its subcontractor, Intuit, Inc., using a Discover credit card. This program received over 8,400 credit card payments totaling over $9.3 million.
• The Direct Debit Program available through private vendors authorized to file taxes electronically or by taxpayers using personal computers and commercial tax preparation software. When taxpayers authorize a direct debit payment, it is moved from their checking or savings account. This program received over 76,000 direct debit payments totaling $141.9 million.

Contracts between the IRS and these private vendors require an accuracy rate for transmitted payment data of greater than 99 percent. However, during the 1999 Filing Season, these pilot programs encountered several problems that resulted in error rates of up to 26 percent. The problems included a programming error that caused over 13,700 credit card payments to be applied to the wrong tax year and resulted in over 9,400 improper notices being sent to taxpayers. In addition, 40 taxpayers had duplicate credit card charges and 111 taxpayers improperly avoided late filing and payment penalties and interest.

Program enhancements planned for the 2000 Filing Season involve only the Pay by Phone and the File and Pay credit card programs.

The IRS and U S Audiotex are enhancing the Pay by Phone Program to include credit card payments for estimated taxes submitted on the Estimated Tax for Individuals (Form 1040ES) and payments related to the Application for Automatic Extension of Time to File U.S. Individual Income Tax Return (Form 4868). The IRS projects that over 1.6 million transactions will be received during Calendar Year 2000.

The IRS’ enhancement plans for the File and Pay Program include pursuing additional private industry partners and accepting additional brands of credit cards. For the 2000 Filing Season, the IRS has contracted with Nelco, Inc. and U S Audiotex in addition to extending the 1999 contract with Novus Services. These partners will provide integrated filing and paying services that allow taxpayers to file their tax returns and pay the balances due using American Express, Discover Card, and MasterCard credit cards. The IRS projects that 15,100 taxpayers will file electronic tax returns and pay the balances due with credit cards for the Calendar Year 2000.

Results

While the IRS has effectively communicated with its credit card program vendors through conference calls and reviewed vendor work schedules, it has not routinely exercised its contractual rights to independently verify vendors’ work or evaluate vendors’ test results.

We acknowledge that monitoring vendor performance is important for effective project management. It does not, however, adequately ensure that the vendors’ reports and program tests are reliable and accurate. Without such verification, there is an inherent risk of negatively impacting taxpayers and taxpayer relations if potential problems are not identified and corrected prior to implementation.

The level of verification can vary based on the inherent risk associated with the vendor or program involved. For example, the IRS projects that its Pay by Phone credit card program will receive 1.6 million transactions for Calendar Year 2000. New program enhancements are expected to account for over half of these transactions. In comparison, the File and Pay credit card program is estimated to receive only 15,100 returns. The inherent risk associated with the Pay by Phone, based on the significantly greater number of transactions with taxpayers, illustrates the greater potential for negative impact should problems occur, and thus the need for a greater level of verification.

Another factor the IRS should consider in assessing the level of risk is the degree to which taxpayers may perceive the program as an IRS service. An example of this is an advertisement promoting the IRS’ credit card programs in a national magazine. It may convey the perception to taxpayers that when paying their taxes by telephone, they are dealing directly with the IRS rather than a private vendor. Perceptions such as this make oversight of vendors important to help ensure that taxpayers receive quality service and enable the IRS to achieve its strategic goals. (A complete copy of this advertisement is included in Appendix V.)

The Internal Revenue Service Should Exercise Its Contractual Rights to Ensure That Credit Card Programs Are Independently Verified

To implement enhancements to its credit card payment programs, the IRS negotiates contracts with its private industry partners. In the contracts, the vendors agree to provide the appropriate software and security necessary to implement the programs. These contracts are negotiated as "no fee or consideration" contracts. This means that the vendor and the IRS agree that the work will be done at no cost to the government. To attract private industry participation, the contracts allow the partners to charge a fee to the taxpayers that wish to pay their taxes using credit cards.

The contracts between the IRS and its private industry partners outline the terms and conditions of their agreement. The contracts include a statement of work that outlines the contract requirements, the duties and responsibilities of the vendor and the government, contract deliverables, and the schedule of performance. They also include provisions that cover rights of inspection and disclosure of information.

To oversee these contracts, the IRS monitors the vendor work process through conference calls. In these conference calls, the IRS and the vendor review the vendors’ work schedules.

The vendors’ work schedules are used to measure the progress of vendor work. The work schedule provides a detailed schedule of the tasks the vendor needs to perform in order to implement the enhancements. The IRS conducts weekly conference calls with vendors to discuss each open task on the work schedule, determine the status of the work, and establish follow-up items. Minutes from these conference calls are used to track the issues discussed and provide a list of the follow-up items and their due dates. While the IRS effectively reviews vendor work schedules and communicates with the vendors through conference calls, it does not provide for any independent evaluation of the vendors’ work.

Contracts the IRS negotiates with its private vendors provide the right to inspect and verify vendors’ work prior to its implementation. However, we found that the IRS does not routinely exercise this right because the contracts negotiated are "no fee or consideration" contracts and it is not at monetary risk. The IRS also believes that the vendor will timely deliver an acceptable product because it is in the vendor’s economic best interest to do so if it is to remain in partnership with the IRS.

While we recognize that the IRS is not at monetary risk, there is an inherent risk of negatively impacting taxpayer relations if potential problems are not identified and corrected prior to implementation.

The Office of Federal Procurement Policy (OFPP), a part of the Office of Management and Budget, establishes policy and provides guides for "best practices" in contract administration for the federal government. The OFPP describes contract administration as those activities performed by government officials after a contract has been awarded to determine how well the government and the contractor performed to meet the requirements of the contract. The OFPP guidelines recommend that contract administrators develop a quality assurance process, which provides a systemic, structured methodology to evaluate the products or services that contractors are required to furnish. This process includes independent verification of a contractor’s work.

1. IRS management should exercise its contractual rights of inspection to ensure vendor programs are accurately and timely developed.

Management’s Response: In October 1999, ETA management initiated efforts to procure the services of a third party to perform an independent review for the Year 2000 filing season. Dynamics Research Corporation will perform the independent review. ETA management will also include this type of review in future project plans.

The Internal Revenue Service Should Ensure There Is Sufficient Time to Review a Vendor’s Test Results

Independent review of vendor test results is an integral part of contract quality assurance and it provides independent verification that the vendor has thoroughly tested its product. In addition, it provides taxpayers and the IRS assurance that the vendor will effectively process their payments and provide a secure environment to receive and process taxpayer data.

During our review, the IRS advised us that it was exercising its contractual rights to have an independent verification and validation of a vendor’s test plan and test results performed. In November 1999, a request was made for an independent review which included evaluating all phases of the test plan, identifying tests that should be performed but omitted, and reviewing the test results. The review also includes an analysis of the vendor’s security and privacy test plans. This analysis will determine whether:

• Security and privacy tests are conducted on all facilities and computer systems that are used to process tax payments for the IRS.
• Physical, personnel, computer, and data security controls are tested.
• The test results support the credit card processor’s assurance to the IRS that it can protect taxpayer information from unauthorized disclosure.

The review was requested through the Treasury Information Processing Support Services (TIPSS) contract. This contract provides for a streamlined method for awarding contracts requiring information processing expertise. The contract process requires at least 31 days to complete, provided there are no delays. Once the contract for independent review is awarded, it is expected to take 40 workdays, provided a staff of 3 is assigned to perform the work.

While we agree that requiring an independent review is a good business practice, the late decision to request the review may limit its effectiveness. Such a decision raises the question of whether sufficient time will be available to effectively complete the review without placing the IRS at risk of having to process the electronic payments before the vendor’s work is thoroughly evaluated and any identified problems are corrected.

Because of the time frames involved to award the contract and perform the review, it is unlikely that the IRS can complete this testing before the programs are used to process taxpayer payments.

Independent review of vendor work is necessary to ensure the vendors have effectively tested the new program enhancements. For example, for the 1999 Filing Season, a computer programming error in the Pay by Phone Program caused over 13,700 credit card payments to be applied to the wrong tax year. An independent review of vendor testing could help prevent similar problems.

Another example of potential risk to IRS taxpayer relations involved a new vendor that was added to the File and Pay Program for the 2000 Filing Season. The File and Pay Program provides integrated filing and paying services that allow taxpayers to file their tax returns and pay the balance due using a credit card. At the time of our review, the new vendor reported that its program would not be ready for implementation until late February 2000, which would have made an independent review of its program virtually impossible prior to the filing season. However, we have been informed that this risk is no longer a factor since the vendor was unable to deliver the program and has requested to be released from the contract.

1. IRS management should ensure that program development includes sufficient time for independent review of vendor testing prior to program implementation.

Management’s Response: In October 1999, ETA management requested an independent review and tried to accelerate the review to ensure completion prior to program implementation. In the future, ETA management will ensure that reviews are built into filing season project plans and allow sufficient time for evaluation and appropriate corrective actions prior to program implementation.

Conclusion

The IRS’ oversight of vendors for the credit card program should be strengthened by independently verifying vendor work and evaluating vendor test results.

While the IRS has effectively communicated with its credit card payment vendors through conference calls and reviewed vendor work schedules, it had not exercised its contractual rights to independently verify vendors’ work or evaluate vendors’ test results.

We acknowledge that monitoring vendor performance is important for effective project management. However, it does not adequately ensure that the vendors’ reports and program tests are reliable and accurate. Without such verification, there is an inherent risk of negatively impacting taxpayer relations if potential problems are not identified and corrected prior to implementation.

Detailed Objective, Scope, and Methodology

The overall objective of this audit was to evaluate the Internal Revenue Service’s (IRS) process to ensure that the credit card program enhancements planned for the 2000 Filing Season were effectively implemented.

To accomplish our objective, we:

1. Assessed the degree of oversight exercised by the Electronic Tax Administration (ETA) project office over the vendor’s performance.
0. Reviewed vendor contracts for program enhancements to determine whether they include program enhancements, adequate milestone dates, and requirements for testing and reporting progress.
1. Evaluated the tools and controls used by the ETA to monitor and timely implement 2000 Filing Season program enhancements.
1. Reviewed ETA communication records to determine whether interaction between the vendor and the IRS is effective.
2. Reviewed ETA visitation records used to verify and document the progress of work performed by the vendor.
3. Determined whether the IRS has established an effective process for suspending program implementation in the event that the IRS and vendor testing produces negative results.
4. Evaluated the process used by the ETA project office management to elevate problems to the National Director, Electronic Program Enhancement.
2. Requested the Office of Chief Counsel, Treasury Inspector General for Tax Administration, provide an opinion on the IRS’ contractual rights to exercise oversight of credit card program vendors.
2. Evaluated the security and deposit provisions in the File and Pay and Pay by Phone contracts for processing taxpayer data and tax payments, and determined how the ETA plans to ensure that these contract provisions meet the IRS standards.
0. Contacted Information Systems (IS) security personnel and determined whether security provisions meet established standards.
1. Contacted Cash Management personnel and determined whether cash transfer provisions meet established standards.
2. Evaluated the effectiveness of the process the IRS has established for validating vendor security certifications.
3. Contacted vendors and arranged site visitations to assess the progress of each enhancement for the 2000 Filing Season by determining whether existing timelines are realistic and implementation is on schedule.
0. Determined why the proposed enhancement to expand the Federal/State agreement for joint payment of tax liabilities is not being pursued for the 2000 Filing Season.
1. Determined the basis used by the ETA and the vendor to establish a permissible error rate, and what process is in place to effectively notify taxpayers if the IRS rejects their payment.

1. Evaluated the process that the IRS uses to coordinate with its vendors to ensure effective testing of enhancements to the Pay by Phone and the File and Pay credit card programs.
1. Analyzed Pay by Phone telephonic scripts to ensure taxpayer instructions are complete, clear, and easily understood.
2. Identified the types of internal and integrated testing to be performed and evaluated whether the tentative test dates allow for timely reporting of results and correction of mistakes.
3. Evaluated the IRS and vendor roles in testing enhancements prior to implementation dates. Determined whether an adequate process is in place to ensure that the IRS validates vendor performance for all critical testing activities.
4. Reviewed vendor plans for testing program enhancements and compared them to contractual requirements.
5. Interviewed IS personnel and determined whether contractual testing requirements meet the established IRS standards.
1. Determined how IS interfaces with the ETA to ensure that credit card testing meets the IRS standards.
2. Determined whether credit card enhancements will undergo the IRS’ Systems Acceptability Testing (Quality Assurance).

Major Contributors to This Report

Walter E. Arrison, Associate Inspector General for Audit (Wage and Investment Income Programs)

M. Susan Boehmer, Director

Gary L. Young, Audit Manager

Larry W. Gore, Senior Auditor

Carl H. Parmer, Senior Auditor

Steven E. Vandigriff, Senior Auditor

Richard A. Lambrecht, Auditor

George E. Millard, Auditor

Bonnie G. Shanks, Auditor

Report Distribution List

Deputy Commissioner Operations C:DO

Chief Operations Officer OP

Deputy Chief Operations Officer OP

Assistant Commissioner (Electronic Tax Administration) OP:ETA

Director, Office of Program Evaluation and Risk Analysis M:O

National Director, Diversified Electronic Filing OP:ETA:D

National Director, Individual Electronic Filing OP:ETA:I

National Director for Legislative Affairs CL:LA

Office of the Chief Counsel CC

Office of the Taxpayer Advocate C:TA

Office of Management Controls M:CFO:A:M

Audit Liaison:

Chief Operations Officer OP

Outcome Measures

This appendix presents detailed information on the potential impact that our recommended corrective actions will have on tax administration. These benefits will be incorporated into our Semiannual Report to the Congress.

Finding and recommendation:

The Internal Revenue Service (IRS) does not routinely exercise its contractual rights to independently verify vendor work on credit card program contracts. Independent verification is an important tool for effective oversight of vendor performance and program implementation. The Office of Federal Procurement Policy (OFPP) establishes policy and provides guides for "best practices" in contract administration for the federal government. The OFPP guidelines recommend that contract administrators develop a quality assurance process, which provides a systemic, structured methodology to evaluate the products or services that vendors are required to furnish.

The IRS should ensure that sufficient time is available for independent review of vendor testing of program enhancements prior to implementation. In November 1999, the IRS finalized the process to request an independent verification and validation of a vendor’s test plans and test results. The request also includes an analysis of the contractors security and privacy test plans. However, it is unlikely that the IRS can complete this testing before the programs are used to process taxpayer payments. The independent testing is necessary to ensure the contractors have effectively tested the new program enhancements and they can protect taxpayer information from unauthorized disclosure.

This report includes two recommendations for improvement. To improve the IRS’ oversight of vendors for credit card program enhancements, we recommend that the IRS:

• Exercise its contractual rights of inspection to ensure vendor programs are accurately and timely developed.
• Ensure that program development includes sufficient time for independent review of vendor testing prior to implementation.

Type of Outcome Measure:

Taxpayer Burden - Potential

Value of the Benefit:

We determined that the IRS does not routinely exercise its contractual rights to independently verify vendor work on contracts for credit card program enhancements. In addition, we determined the IRS should ensure that there is sufficient time to review vendor testing of program enhancements prior to their implementation. Errors in the implementation of program enhancements have the potential to negatively impact over 1.6 million taxpayer transactions with the IRS during the 2000 Filing Season. This is a potential outcome that cannot be accurately measured until the filing season begins and the impact to taxpayers can be identified.

Methodology Used to Measure the Reported Benefit:

We used IRS projections to identify the total number of taxpayer transactions that could be adversely impacted if unidentified errors are not corrected prior to program implementation.

Credit Card Program Advertisement

The picture of the advertisement has been removed due to its size.

Management’s Response to the Draft Report

The response has been removed due to its size. To see the complete response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.