Recommendations for Executive Action

1. Status: Closed - Implemented

   Comments: In early October 2000, IRS delayed CAP and limited further investment to evaluate whether the project was a sound investment. Specifically, IRS developed and issued a revised business case in November 2000. GAO reviewed this revised business case, and it demonstrated that CAP contained sufficient business value to be a near-term investment priority. In addition, IRS took steps to strengthen its management of CAP and the business systems modernization (BSM) program. For example, IRS integrated CAP into the BSM master schedule and included CAP in monthly program management reviews. IRS also reported to its House and Senate Appropriations subcommittees on November 14, 2000, that it had implemented these and other controls designed to mitigate the risks associated with building CAP before program-level controls were fully implemented.

   Recommendation: The Commissioner of Internal Revenue should limit further investment in the Customer Accounting Project (CAP) until IRS: (1) demonstrates that CAP is of sufficient business value to treat it as near-term investment priority; and (2) reports to the Senate and House appropriations committees on how it is mitigating the risks associated with beginning to build CAP before important program-level management controls are fully implemented.

   Agency Affected: Department of the Treasury: Internal Revenue Service

2. Status: Closed - Implemented

   Comments: In November 2000, IRS completed a security risk assessment for STIR and reported that it validated STIR requirements against the risk assessment results. On November 20, 2000, the Commissioner certified to the Senate and House appropriations subcommittees that the assessment had been completed. In response to GAO's recommendations, IRS also completed a business case for STIR and reported that the requirements and proposed design were economically justified.

   Recommendation: The Commissioner of Internal Revenue should: (1) direct the Security and Technology Infrastructure Release (STIR) project to complete as soon as possible a security risk assessment and validate STIR requirements against the risk assessment results; and (2) ensure that STIR requirements and the proposed design solution are economically justified through business case analysis.

   Agency Affected: Department of the Treasury: Internal Revenue Service

3. Status: Closed - Implemented

   Comments: In reviewing IRS's fiscal year 2003 and 2004 expenditure plans, GAO found and reported in a June 2003 report and March 2004 briefing that IRS had made significant progress in improving its modernization management controls and capabilities and implementing our recommendations. GAO reported that IRS had implemented most of its commitments to address previously reported management weaknesses and recommendations and was in the process of implementing and institionalizing the controls and capabilities needed to correct the remaining management weaknesses.

   Recommendation: Because GAO has open recommendations to address IRS modernization management weaknesses that remain applicable, GAO reemphasizes to the Commissioner of Internal Revenue that these recommendations should be implemented before IRS begins building software-intensive systems.

   Agency Affected: Department of the Treasury: Internal Revenue Service

Explore the full database of GAO's Open Recommendations »