The Internal Revenue Service’s Federal Financial
Management Improvement Act Remediation Plan as of December 31, 2003
March 2004
Reference
Number: 2004-10-080
This report has cleared the Treasury
Inspector General for Tax Administration disclosure review process and
information determined to be restricted from public release has been redacted
from this document.
March
30, 2004
MEMORANDUM FOR
CHIEF FINANCIAL OFFICER
FROM: Gordon C. Milbourn III /s/ Gordon C.
Milbourn III
Acting Deputy Inspector General for Audit
SUBJECT: Final Audit Report - The Internal Revenue
Service’s Federal Financial Management Improvement Act Remediation Plan as of
December 31, 2003 (Audit # 200410004)
This
report presents the results of our review of the Internal Revenue Service’s (IRS) Federal Financial Management Improvement Act of
1996 (FFMIA) Remediation Plan as of December 31, 2003. The overall objective of this review was to
identify any
instances and reasons for missed intermediate target dates established in the
IRS FFMIA remediation plan. We also
evaluated whether the IRS was meeting its responsibilities in fulfilling the
intent of the FFMIA. The review was
performed to meet our requirement under the FFMIA that states, in general, each
Inspector General shall report to the Congress instances and reasons when an
agency has not met the intermediate target dates established in the remediation
plan.
In
summary, our review of 70 remedial actions open as of December 31, 2003, showed
4 intermediate target dates were missed, 36 dates were extended, and 2 dates
were not established. We believe the
missed, extended, or not established intermediate target dates further hinder
the IRS’ ability to timely resolve the reported issues which caused, and
continue to cause, its noncompliance with the FFMIA.
Also,
all 70 remedial actions had intermediate target dates that extend longer than 3
years from the initial reporting of the financial weakness. As a result and as required, the IRS,
through the Department of the Treasury, properly obtained Office of Management
and Budget (OMB) concurrence for these remedial actions and continues to hold
quarterly status review sessions with the OMB on the progress being made as
outlined in the concurrence memorandum.
Our analysis of
individual project resources listed in the December 31, 2003, remediation plan
showed that, for the most part, project resources were verifiable to supporting
documentation; however, not all project releases had resources listed, and some
project costs had not been updated to reflect current cost information. Further, one
resource discrepancy identified in our prior audit had not been updated. Based on these conditions, we believe the IRS is facing a significant challenge
pertaining to remediation plan resource identification and reporting
because of the delays and revisions to the plans of the individual financial
management projects that are listed in the remediation plan. Without having fully planned project
milestones, the IRS will be unable to accurately and consistently estimate the
resource needs for specific remedial actions as listed in its remediation plan.
Finally, and notwithstanding the one resource reporting
discrepancy outlined above, we believe the IRS implemented sufficient
corrective actions to ensure resources are supported and consistently reported in its remediation plans.
We do not have any specific remediation plan recommendations to
offer as a result of our analysis during this audit. However, we do believe the IRS, in fulfilling its responsibilities
under the FFMIA, needs to actively address, and continue to communicate to the
OMB and the Department of the Treasury, the challenges it faces concerning the
establishment of accurate and consistent intermediate target dates and resource
estimates in light of the uncertainty of the implementation environment of
certain significant IRS financial management projects.
Management’s
Response: Management agreed with the reported
conditions and will communicate and work closely with the OMB and the
Department of the Treasury as they work toward establishing accurate and
consistent intermediate target dates and resource estimates. Management’s
complete
response to the draft report is included as Appendix V.
Copies of this
report are also being sent to the IRS managers who are affected by the report
findings. Please contact me at (202)
622-6510 if you have questions or Daniel R. Devlin, Assistant Inspector General
for Audit (Headquarters Operations and Exempt Organizations Programs), at (202)
622-8500.
Intermediate Target Dates Were
Missed, Extended, or Not Established
Corrective Action Was Taken on a Prior Audit Recommendation
Appendix
I – Detailed Objectives, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix
III – Report Distribution List
Appendix IV – Financial Management Remedial Action Projects
Appendix V –
Management’s Response to the Draft Report
The Federal Financial Management Improvement Act of 1996 (FFMIA) establishes in statute certain financial management systems requirements that were already established by Executive Branch policies. The FFMIA was intended to advance Federal Government financial management by ensuring that Federal management systems can and do provide reliable, consistent disclosure of financial data. Further, this disclosure should be done on a basis that is uniform across the Federal Government from year to year, by consistently using professionally accepted accounting standards. Specifically, FFMIA § 803 (a) requires each agency to implement and maintain systems that comply substantially with:
· Federal Government financial management system requirements.
· Applicable Federal Government accounting standards.
· The Government Standard General Ledger at the transaction level.
Auditors are required to report on agency compliance with the three stated requirements as part of financial statement audit reports. Agency heads are required to determine, based on the audit report and other information, whether their financial management systems comply with the FFMIA. If the agency’s financial system does not comply, the agency is required to develop remediation plans that describe the resources, remedies, and intermediate target dates for achieving compliance and file the plans with the Office of Management and Budget (OMB).
In addition, FFMIA § 804 (b) requires that agency Inspectors General report to the Congress instances and reasons when an agency has not met the intermediate target dates established in its remediation plan.
In the last several years, the General Accounting Office
(GAO) has reported numerous financial management weaknesses in its audits of
the Internal Revenue Service’s (IRS) annual financial statements and related
assessments of internal control. Due to
these weaknesses, the IRS is noncompliant with the FFMIA and is required to
prepare a remediation plan.
This review was performed during the period December 2003 through February 2004 at the IRS National Headquarters in the office of the Chief Financial Officer (CFO), which is responsible for monitoring and implementing the remediation plan. The audit was conducted in accordance with Government Auditing Standards. Detailed information on our objectives, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
During
Calendar Year (CY) 2003, the IRS reported it cancelled 2 and added 10 remedial
actions to the 104 open remedial actions listed in its December 31, 2002,
remediation plan. The two cancelled
remedial actions were eliminated from the remediation plan because they did not have a significant impact on the
resolution of the associated financial weakness and were considered an internal
workload issue of routing work to one central location. The 10 added remedial actions mainly dealt
with the IRS’ trust fund recovery efforts.
As a
result of its Fiscal Year (FY) 2003 financial statement audit, the GAO did not
report any additional recommendations that would have required inclusion in the
IRS’ remediation plan.
Also during CY 2003, the IRS reported it completed 42 remedial actions, leaving 70 open remedial actions listed in its December 31, 2003, remediation plan. The IRS has initiated five significant financial management projects to facilitate the completion of these open remedial actions:
·
The Integrated
Financial System (IFS) – 22 remedial actions.
· The Custodial Accounting Project (CAP) – 34 remedial actions.
· The Automated Trust Fund Recovery (ATFR) System – 8 remedial actions.
· The Complex Interest Quality Measurement System (CIQMS) – 4 remedial actions.
·
Security – 2 remedial actions.
See
Appendix IV for a detailed description of each project.
Our detailed review of the 70 remedial actions open as of December 31, 2003, showed 4 intermediate target dates were missed, 36 dates were extended, and 2 dates were not established.
Missed intermediate target dates
The IRS did not meet four established intermediate target dates listed in its remediation plan during the fourth quarter of CY 2003. All four intermediate target dates related to CAP Release 1 implementation. Specifically, these dates involved the completion of system development testing, completion of acceptance testing, and preparation and completion of system deployment.
Extended intermediate target dates
The IRS extended 36 of the 70 open remedial
action intermediate target dates listed in its December 31, 2003, remediation
plan since initial reporting. Chart 1 depicts the extensions by the IRS’
five major financial management projects.
Chart 1: Open Remedial Action Extensions Since
Initial Reporting
|
Major Project |
Open Actions |
Extended Actions |
Extension Frequency (times) |
Extension Range (months) |
Extension Average (months) |
|
IFS |
22 |
20 |
1 to 4 |
2 to 37 |
9 |
|
CAP |
34 |
8 |
1 to 4 |
3 to 18 |
8 |
|
ATFR |
8 |
2 |
1 to 5 |
1 to 27 |
14 |
|
CIQMS |
4 |
4 |
3 to 8 |
17 to 49 |
33 |
|
Security |
2 |
2 |
1 to 2 |
3 to 5 |
4 |
|
Total |
70 |
36 |
N/A |
N/A |
N/A |
Source: IRS FFMIA Remediation Plans from December 1999 to December 2003.
The IRS reported in its remediation plan that current extensions of intermediate target dates were necessary due to the following:
· IFS – Data mapping and mid-year system conversion issues affecting data conversion and delays in system integration and acceptance testing.
· CAP – Development of a new implementation strategy and revision of the plan to focus on specific releases, which will address statutory financial reporting requirements.
· ATFR – System response time issues affecting the timely completion of the pilot phase.
· CIQMS – System incorporation with other IRS quality measurement systems and staffing issues that are affecting the hiring of personnel.
· Security – Delays in the completion of independent verification of completed actions.
The IRS also commented in its December 31, 2003, remediation plan that it is planning to submit a request to cancel all 15 IFS Release 2, 3, and 4 remedial actions and all 27 CAP Release 2 and 3 remedial actions (see Appendix IV for Release details). According to the remediation plan, this action is being taken because both projects are significantly behind schedule for their respective individual first release implementations. The cancelled remedial actions would be replaced by a placeholder action to develop a new plan for these future Releases upon successful completion of each project’s Release 1 remedial actions and the final resolution of funding issues. In addition, the plans to implement the remaining seven IFS and seven CAP Release 1 remedial actions are being revised, which will further extend the target dates for the final implementation of these two significant financial management projects.
Intermediate
target dates not established
The IRS established intermediate target dates for 68 of the 70 open remedial actions listed in its December 31, 2003, remediation plan. The first remedial action without an established intermediate target date concerns the testing of the IFS core functionality. The IRS reported this action is experiencing delays in software design and configuration issues that have affected the establishment of a target date.
The second remedial action without an established intermediate target date concerns future IFS enhancements. The IRS reported this action is being reevaluated to identify the benefits that will be achieved through its implementation, as well as the sequencing of interim actions to accomplish the overall remedial action. However, it should be noted this second remedial action has no associated audit finding and was established as a placeholder in the remediation plan for a future release of the IFS.
The GAO, as a result of its FY 2003
financial statement audit, continued to
report that material weaknesses exist relative to the IRS’ controls over
financial reporting, unpaid assessments, Federal tax revenue and refunds, and
computer security. The GAO further
reported these material weaknesses have given rise to significant management
challenges that have:
·
Impaired
management’s ability to prepare financial statements and other financial
information without extensive compensating procedures.
·
Limited the
availability of reliable information to assist management in effectively
managing operations on an ongoing basis.
·
Reduced the
IRS’ effectiveness in enforcing the Internal Revenue Code.
·
Resulted in
errors in taxpayer accounts.
· Increased taxpayer burden.
We believe the missed, extended, or not established intermediate target dates further hinder the IRS’ ability to timely resolve the reported issues which caused, and continue to cause, its noncompliance with the FFMIA.
The
FFMIA requires that a remediation plan bring an agency’s financial management
systems into substantial compliance no later than 3 years after the date a
determination is made that the financial management systems do not comply with
the requirements of the FFMIA unless the agency, with concurrence of the
Director, OMB:
·
Determines the agency’s
financial management systems cannot comply with the requirements within 3
years.
·
Specifies the most feasible
date to bring the agency’s financial management systems into compliance with
the requirements.
·
Designates an agency official
who shall be responsible for bringing the agency’s financial management systems
into compliance with the requirements.
All 70 open remedial actions
listed in the December 31, 2003, remediation plan had intermediate target dates
that extend longer than 3 years from the initial reporting of the financial
weakness.
On March 30, 2001, the Department of the Treasury obtained OMB concurrence for time extensions relating to the IRS’ remedial actions in excess of 3 years from the initial reporting of the financial weakness. As part of the concurrence memorandum, quarterly status review sessions on the progress being made to complete the identified remedial actions have been held with the OMB when requested.
The
FFMIA requires that a remediation plan describe the resources required
to achieve compliance with the FFMIA.
The IRS chose to identify resources by the five major financial
management projects or applicable project releases listed in its remediation
plan. Our
analysis of the individual project resources listed in the December 31, 2003,
remediation plan showed that, for the most part, project resources were
verifiable to supporting documentation; however, not all project releases had
resources listed, and some project costs had not been updated to reflect
current cost information.
We
verified the IFS Release 1 resources to the IRS’ draft Business System
Modernization (BSM) Expenditure Plan as of December 2003. Resources for the IFS Releases 2 through 4
were not identified in the remediation plan because of financial revisions to
the project plan.
Responsible
CFO personnel informed us the resources listed in the December 31, 2003,
remediation plan for the CAP had not been updated since the issuance of the June
30, 2003, remediation plan even though the BSM Expenditure Plan was known to
contain differing amounts. This
decision was made within the CFO’s office because the CAP was going through a
significant revision of the plan and it was determined to be better to wait for
the finalized amounts rather than to list amounts in the remediation plan that
most likely would change. We did
perform a verification of the resources listed in the December 31, 2003,
remediation plan to those exhibited in an IRS July 2003 BSM Expenditure Plan
and found them verifiable, except for a $1,126,000 difference that had not been
updated since our prior report due to an administrative oversight.
For
the ATFR project, we were able to verify the listed resources to the IRS’ ATFR
Business Case dated January 2003.
However, for the CIQMS project, we were unable to perform a
verification, since no resources were listed in the December 31, 2003,
remediation plan due to staffing levels being reevaluated for this
project. Finally, no verification was
necessary for the Security project, since the resources for this project will
be absorbed by normal business practices.
Due
to the above conditions, we believe the IRS is facing a significant challenge
pertaining to remediation plan resource identification and reporting
because of the delays and revisions to the plans of the individual financial
management projects that are listed in the remediation plan. Without having fully planned project
milestones, the IRS will be unable to accurately and consistently estimate the
resource needs for specific remedial actions as listed in its remediation plan.
We previously
reported that some resources included in the December 31, 2002,
remediation plan were not verifiable to supporting documentation and functional
areas were not consistently reporting resources shown in the remediation
plan. Accordingly, we recommended
procedures be issued that include a process for verifying the resources
included in the IRS’ FFMIA remediation plan and that provide for consistent
reporting of such resources by the responsible functions.
IRS management agreed with our reported recommendation and responded they
had enhanced and approved reporting procedures to address the resource
issues. Further, management stated the
IRS would include the enhanced reporting instructions for resources with its
March 14, 2003, remediation plan quarterly call memorandum.
We confirmed that the
CFO’s Office of Management Controls (OMC) issued revised reporting procedures
on March 14, 2003. The procedures
required responsible officials to forward supporting documentation to verify
all resources being reported in the remediation plan. Further, we evidenced the OMC’s receipt of supporting
documentation when responsible officials respond to the quarterly updates to
the remediation plan.
Notwithstanding the one resource reporting discrepancy discussed in the prior section, we believe the IRS implemented sufficient corrective actions to ensure resources are supported and consistently reported in its remediation plans.
We do
not have any specific remediation plan recommendations to offer as a result of
our analysis performed during this audit.
However, we do believe the IRS, in fulfilling its responsibilities under the FFMIA, needs to
actively address, and continue to communicate to the OMB and the Department of the Treasury, the challenges it faces concerning the
establishment of accurate and consistent intermediate target dates and resource
estimates in light of the uncertainty of the implementation environment of both
the IFS and the CAP financial management projects.
Appendix I
Detailed Objectives, Scope,
and Methodology
Our overall objective was to report to the Congress, as required by the Federal Financial Management Improvement Act of 1996 (FFMIA), any instances and reasons for missed intermediate target dates established in the Internal Revenue Service’s (IRS) remediation plan. We also evaluated whether the IRS was meeting its responsibilities in fulfilling the intent of the FFMIA. To accomplish our objectives, we:
I. Gained an understanding of the requirements of the FFMIA, including the Office of Management and Budget and Department of the Treasury guidance for compliance with the FFMIA.
II. Determined whether the IRS’ remediation plan was consistent with General Accounting Office recommendations from prior IRS financial audits and related financial management reports.
III. Determined whether the IRS missed any intermediate target dates, extended any intermediate target dates without sufficient documentation to support the revised dates, and obtained proper approval for remedial actions extending longer than 3 years from the initial reporting of the financial weakness.
IV. Determined whether the IRS’ remediation plan established resource needs for remedial actions and the resources presented were consistent with other IRS modernization resource budgets.
V.
Determined whether the IRS took adequate corrective
actions on prior reported audit findings.
Appendix II
Major Contributors to This Report
Daniel R. Devlin, Assistant Inspector General for Audit (Headquarters
Operations and Exempt Organizations Programs)
John R. Wright, Director
Thomas J. Brunetto, Audit Manager
Bobbie M. Draudt, Senior Auditor
Chinita M. Coates, Auditor
Appendix III
Commissioner C
Office of the Commissioner – Attn: Chief of Staff C
Deputy Commissioner for Operations Support OS
Office of Management Controls OS:CFO:AR:M
Chief Counsel CC
National Taxpayer Advocate
TA
Director, Office of Legislative Affairs CL:LA
Director, Office of
Program Evaluation and Risk Analysis
RAS:O
Audit Liaison: Chief Financial Officer OS:CFO
Appendix IV
The Internal Revenue Service (IRS) has initiated five significant financial management remedial action projects in response to the various General Accounting Office-identified Federal Financial Management Improvement Act of 1996 material weaknesses. The IRS describes the functionality of these projects in its remediation plan as follows:
The Integrated Financial System (IFS) – This project, when fully implemented over four releases, will provide the IRS with an integrated accounting system to account for and control resources. IFS Release 1 includes the Joint Financial Management Improvement Program (JFMIP) core financial system requirements of General Ledger, Accounts Receivable, Accounts Payable, Funds and Cost Management, and Financial Reporting, as well as Budget Formulation. This Release will also facilitate the preparation of financial statements and reports in accordance with Federal Government accounting and reporting standards; allow the IRS to move into compliance with Federal Government cost accounting standards; provide information for central agencies for budgeting, analysis, and Government-wide reporting, including consolidated financial statements; and provide a complete audit trail and reporting tools to facilitate audits. IFS Release 2 will focus on Asset Management and a software technical and functional upgrade. IFS Release 3 includes the planned implementation of Procurement Management. IFS Release 4 includes the planned implementation of Performance Management. In addition, the IFS is planned to incorporate the functionality to generate timely and reliable financial information for custodial activities with full traceability from the financial statement to the detailed transaction.
The Custodial Accounting Project (CAP) – This project has been revised to focus on specific releases which will address statutory financial reporting requirements and may initially benefit operating divisions to a limited extent. It will implement a single, integrated data repository of taxpayer account information, integrated with the general ledger and accessible for management analysis and reporting. The total functionality of the CAP will be implemented in three releases. CAP Release 1 relates to data of individual taxpayers, CAP Release 2 relates to business taxpayers, and CAP Release 3 relates to the establishment of the Collection subledger.
The Automated Trust Fund Recovery (ATFR) System – This project provides the capability to systematically upload assessments from Area Offices and properly cross-reference payments received for assessments made. It replaces manual processes and ensures compliance with requirements and accounting standards. The ATFR Phase I will automate the calculation of the penalties and assessment process, Phase II will automate the cross-referencing process, and Phase III will centralize all recovery cases into one compliance center.
The Complex Interest Quality Measurement System – This project initiates a review process to reduce errors in calculating interest, develops a database to monitor and measure accuracy, and implements a software package to provide functionality and automate net rate interest adjustments as well as all other necessary interest computations.
Security – This project addresses internal control deficiencies cited in various audits; initiates efforts to expand deterrent controls implemented at campuses, field offices, and post-of-duty offices to ensure uniformity and consistency; develops appropriate means through which the IRS can carry out periodic reviews of the effectiveness of policies and procedures, along with the means to address security breaches; updates access control standards to reflect changes in technology and operating environments; provides computer security training to personnel; and conducts computer security self-assessment reviews that identify and reduce vulnerabilities on a proactive basis.
Appendix V
The response was
removed due to its size. To see the
response, please go to the Adobe PDF version of the report on the TIGTA Public
Web Page.