English
Estonian
Latvian
Lithuanian
Polish
Romanian
Russian
Ukrainian
The Internal Revenue Service (IRS) relies extensively on its IT systems to collect taxes and distribute refunds. However, a report from the Government Accountability Office (GAO) says much of its IT infrastructure is outdated, which can increase cybersecurity risks, staffing issues, and costs.
The IRS legacy IT environment includes applications, software, and hardware, which are outdated but still critical to day-to-day operations. Specifically, GAO’s analysis showed that about 33 percent of the applications, 23 percent of the software instances in use, and eight percent of hardware assets were considered legacy. This includes applications ranging from 25 to 64 years in age, as well as software up to 15 versions behind the current version. As GAO has previously noted, and IRS has acknowledged, these legacy assets will continue to contribute to security risks, unmet mission needs, staffing issues, and increased costs.
To support its IT modernization efforts, in April 2019, IRS issued a high-level business plan that identified modernization initiatives through fiscal year 2024. IRS is updating this plan and expects the update to be finalized in early calendar year 2023.
Modernization best practices call for documenting plans that include three key elements: milestones, work to be performed, and disposition of legacy systems. GAO said that as of August 2022, IRS had documented plans for the 21 modernization initiatives that were underway, including nine associated with legacy systems. All 21 plans addressed two key elements. However, GAO found that the plans for six of the nine initiatives did not address the disposition of legacy systems. Officials stated they would address this key element at the appropriate time in the initiatives’ lifecycle; however, they did not identify time frames for doing so.
IRS recently suspended operations of six initiatives, including two which are essential to replacing the 60-year old Individual Master File (IMF). The IMF is the authoritative data source for individual tax account data. GAO has reported that IRS has been working to replace IMF for well over a decade. According to officials, the suspensions were due to IRS’s determination to shift resources to higher priorities; staff members working on these suspended initiatives were reassigned to other projects. As a result, the schedule for these initiatives is now undetermined. Accordingly, the 2030 target completion date for replacing the IMF that IRS announced last year is now unknown. GAO is concerned that this will lead to mounting challenges in continuing to rely on a critical system with software written in an archaic language requiring specialized skills.
GAO’s report also notes that IRS’s cloud computing efforts fully addressed 11, partially addressed one, and did not address two requirements identified in the Office of Management and Budget’s June 2019 cloud computing strategy. Key shortfalls include IRS not conducting regular evaluations of customer experiences and user needs.
GAO is making nine recommendations to IRS, including that it establish time frames to complete selected modernization plans, and fully address OMB’s cloud computing requirements. IRS agreed with all nine recommendations and told GAO of efforts underway and intentions to develop complete IT modernization plans and fully address OMB’s cloud computing requirements. The agency also stated that it planned to accelerate the replacement of the remainder of the IMF with funding provided by the Inflation Reduction Act.
Read the full report at GAO
