The IRS needs to improve its procedures to enable taxpayers to access their tax account information and identities online in a secure way, according to a new report.
The
However, after 32 months of development and approximately $10 million in expenditures, the project was canceled due to an ineffective enterprise-wide eAuthentication solution. eAuthentication is the process of establishing and verifying user identities electronically to a system.
At the request of the IRS Oversight Board, TIGTA conducted an audit, but found that none of the current applications that the IRS has developed and implemented so far have met the intent of the 1998 law. The applications only allow taxpayers to view a limited amount of their tax account information or to request that tax transcripts be sent to certain lending institutions electronically.
The IRS is planning to deploy a Get Transcript application in January 2014 that promises to enable taxpayers to access their tax account to obtain transcript information via the Internet.
TIGTA determined that the IRS successfully deployed an eAuthentication solution for applications it has already deployed. However, the IRS has not finished doing the necessary capacity testing to ensure the online applications are able to support the expected number of users. TIGTA also noted that cost information for the project was not readily available for project management purposes.
“Allowing taxpayers to securely access tax information online will modernize how the IRS interacts with taxpayers and allow for faster response to queries from the general public,” TIGTA Inspector General J. Russell George said in a statement.
The IRS has struggled to control the growing epidemic of tax-related identity theft, so secure access to its online systems and identity validation have become top priorities in recent years. At teh same time, however, the agency has struggled with a series of budget cuts that have prompted it to scale back and remove some of its online eServices applications for functions such as Disclosure Authorization and Electronic Account Resolution, to the dismay of many tax practitioners who had relied on such services for assisting their clients.
The report made four recommendations to the IRS, and the IRS agreed with three of them. TIGTA recommended that the IRS reprioritize its efforts to develop and implement applications that both serve the taxpayer and comply with the requirements of the 1998 law. The report also recommended that the IRS perform complete capacity testing of the eAuthentication application prior to Release 2 and continue its efforts to upgrade the reporting features. Finally, TIGTA suggested that the IRS develop a formal system to provide reports of the actual costs received and accepted by its contracting officer representatives.
In response, IRS management agreed with three recommendations. The IRS plans to prioritize release of applications that meet the requirements of the 1998 law, complete performance and capacity testing as part of Release 2 of the eAuthentication application, and to increase the reporting functionality in Release 2.
But while IRS officials agreed with the intent and spirit of the fourth recommendation, they disagreed with one of TIGTA’s findings. During the audit, TIGTA found that the IRS’s existing procurement system could not track enough details on the project cost levels for contracts that serve multiple projects, such as the eAuthentication project. The IRS said it considers this to be an isolated example and no further action is necessary.
“While we agree with the spirit and intent of Recommendation 4, we do not believe that the section on actual cost information’ accurately depicts the IRS’s processes,” IRS chief technology officer Terence V. Milholland wrote in response to the report. “This assessment was based on an isolated example of a single Contractor Officer's Representative (COR) managing project cost. All Receipt and Acceptance (R&A) transactions are done within the Integrated Procurement System. A reports module, accessible by all COR, allows the COR to track R&A completed for each project. This standard process is already being followed at the IRS; we therefore do not believe any further action is needed. The IRS is committed to continuously improving the security of our information technology systems and upgrading the functionality of the eAuthentication application.”
However, TIGTA contended that it is not an isolated occurrence and it needs to be addressed to ensure the actual project costs can be readily identified and tracked for management and decision-making purposes.
