TIGTA: IRS must improve CADE 2 requirements management, testing, security

Tools

Key developmental processes of the IRS's Customer Account Data Engine 2 program need improvement, especially in the areas of requirements management, testing and security, says the Treasury Inspector General for Tax Administration.

In two reports dated Sept. 27 (.pdf) and Sept. 28 (.pdf) but not released publicly until Dec. 20, TIGTA found that while the IRS conducted extensive system development testing, planned risks reduction, and implemented new controls over the CADE 2 program, enhancements to system development controls are needed to better verify that the new system addresses all of the IRS's voluminous requirements.

Under the CADE 2 program, the IRS began in 2012 to process tax returns on a daily instead of weekly basis.

Currently, the CADE 2 program is in the initial stage of implementing its centralized database of individual taxpayer accounts, designed to provide future real-time tax processing and enhanced customer service functions. However, TIGTA reported that testing did not provide assurance that CADE 2 database data is consistently accurate and complete. In addition, TIGTA concluded that security weaknesses and poor coding practices in the CADE 2 database could result in the loss of taxpayer data.

"The IRS must not lose sight of the importance of having complete, accurate, and secured data, which is just as important as improved processing capabilities," said TIGTA J. Russell George in a press release.

In its Sept. 27 report, TIGTA made seven recommendations to the IRS, including that the CADE 2 program not exit Transition Stage 1 until the database can provide accurate and complete data to three downstream systems. The IRS agreed with this and two other recommendations and partially agreed with one of the recommendations, with corrective actions planned.

For more:
- read the Dec. 20 TIGTA press release
- download the Sept. 27 TIGTA report (.pdf)
- download the Sept. 28 TIGTA report (.pdf)

Related Articles:
George: Non-IRS data can help combat tax-related identity theft
IRS two-factor authentication system nearly 2 years behind schedule, finds TIGTA
Risks in Modernized e-File will delay retirement of legacy systems, says TIGTA