recommended reading

Poor planning led to IRS killing personal online tax accounts project

Poor planning led to the termination of an Internal Revenue Service project to provide online access to tax records, which the agency had spent $10 million to develop, the Treasury inspector general for tax administration reported on Tuesday.

The IRS terminated My IRS Account in December 2008, a project that would have provided taxpayers online access to their tax account information and tools to find assistance for tax preparation. The agency also planned to use MIRSA as a prototype for future delivery of Web-based projects. The IRS terminated the project near its scheduled December 2008 deployment date after working on it for 32 months and spending $10 million.

The 1998 IRS Restructuring and Reform Act and the 2002 Electronic Government Act required the agency to develop the site.

"Successful implementation of this effort is essential to support taxpayers' ability to electronically fulfill their tax responsibilities and is critical to the long-term success of the IRS modernization program," said the IG in the report. "The decision by the IRS to terminate deployment of the MIRSA project puts the goals of the project at risk as well as the approximately $10 million spent to develop it."

Most taxpayers obtain tax account information by calling the IRS toll-free number, which often results in long wait times.

The IRS intends to reuse most of the hardware and functionality developed so far, called MIRSA Release 1, when it rebuilds the site, according to the report. At the time the IG conducted its audit, the agency did not have a plan or schedule to restart My IRS Account, and it had no formal proposals to reuse the hardware or functionality for a future project, the IG reported.

When the first release of MIRSA was scheduled to be deployed, the IRS released its strategic plan for 2009-2013, which had a goal to "improve service to make voluntary compliance easier" for taxpayers. The plan called for the IRS to incorporate taxpayer perspectives to improve service interactions; expedite and improve issue resolution across all interactions with taxpayers; provide taxpayers with targeted and timely guidance, and outreach; and strengthen partnerships with tax practitioners, tax preparers and other third parties.

IRS executives re-examined the MIRSA project to make sure it met taxpayers' needs and was in compliance with the strategic plan. They then decided a long-term strategy was needed before proceeding with the project, according to the report.

But the IRS had no procedures for terminating information technology projects before deployment, as required by the Treasury Department to ensure vital information is preserved in the event that a system is repurposed for another project. Instead, the MIRSA project team executed informal procedures for data preservation but did not develop a reactivation plan to ensure data was not lost.

"With incomplete project termination procedures, shutting down a project could result in loss of data during migration or archival of information in the event the system, or portions of the system, is reactivated," the IG said.

The inspector general recommended that Terence Milholland, chief technology officer at the IRS, complete a long-term strategy for MIRSA and, if the project is restarted, deploy the first release quickly to ensure the hardware and functionality already developed can be reused. The auditor also recommended that Milholland initiate an enterprisewide e-authentication tool that would improve secure access to online applications, such as MIRSA.

The IRS agreed with the recommendations "in spirit," but "will not conduct planning for the MIRSA project until it is determined to be among the services included in the [agency's] e-strategy," Milholland said in a letter responding to the report.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.