recommended reading

IRS mismanaged funds for major computer application

The Internal Revenue Service mismanaged funds for a major computer application that manages taxpayer data, which was officially halted in September 2008 so agency officials could reevaluate future plans for the system, according to an audit report released by the inspector general.

Between fiscal 2005 and fiscal 2008, the IRS received $41 million to develop four releases of the Account Management Services system, which was designed to provide agency employees faster access to taxpayer account information. According to a report from the IG, the IRS spent $17.4 million between January 2008 and November2008 on the system's core infrastructure, which included servers and network technology, as well as on development and project management associated with the releases. Lack of controls over how funding was spent caused a number of shortfalls.

"The AMS project management team experienced difficulty in managing project funding, [and] instead of reallocating and transferring the funding through the existing governance process, they used funds from future releases for the current release," the IG said.

Congress and the Government Accountability Office require that reports on the IRS' modernization costs and deployment schedules be included in the Business Systems Modernization Expenditure Plan, which estimates costs and sets schedules. Descriptions of work for eight transactions totaling almost $3.2 million "clearly did not match the funding source," which is defined by an internal order code, the IG reported.

Two transactions totaling $771,724 had descriptions that matched the internal order codes, but the work performed supported releases different from the ones the funds were allocated for. The IRS provided descriptions for five transactions totaling nearly $1.5 million, but did not identify which release the work supported.

"When one release was low on funding, they procured assets and services for that release by charging the expense to other releases," the IG said. "Adequate internal controls where the narrative description is compared to the internal order code would have identified these transactions as inappropriate."

The IRS spent $12 million on infrastructure and project management services for multiple releases of the computer application without the required approval, although the IG reported that the spending resulted in positive results.

"With a contract of this scope, control over spending for each release can be difficult," the IG noted. "A release-specific contract may have provided improved controls for employees, including requisition preparers, approving officials, the financial plan manager and management, to prevent cross-release spending."

The project management team completed deployment of Release 1.3 of AMS in February, and Release 2.1 is on track for its scheduled August delivery, but further development of the project is currently on hold. In 2007, the IRS decided to modernize and reuse the existing Integrated Data Retrieval System, which IRS employees use to work tax cases, eliminating the requirement to develop many of the capabilities originally planned for the AMS system. In September, the IRS' customer service executive steering committee approved a recommendation from the agency's Program Integration Office to stop all activities contributing to future releases of AMS so the goals of the project could be reevaluated.

"Because of these tentative plans about its future, IRS executives need to make several strategic decisions that will affect the future of the AMS system," the IG reported. "The longer these decisions are delayed, the greater the risk of costly rework."

In response to the recommendations, the chief technology officer agreed to ensure that AMS project management activities follow the appropriate governance process to redirect remaining AMS funding to complete Releases 1.3 and 2.1, and address the need to improve controls over project funding.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.