Text Resize

-A +A
Bookmark and Share

OIO - Collect Tax revenues April 2011 Executive Summary

Office of the Chief Financial Officer

Executive Summary for Closed Reports

Status as of March 5, 2014

 

Original Report

Report No. OIO-10-1-01-OTR (a): FINAL REPORT: Audit of the Process Used to Collect Tax revenues through Gov One, dated April 20, 2011.

 

A companion report was also issued: Report No. 10-1-01-OTR (b): FINAL REPORT: Audit of the Process Used to Collect Tax Revenues through Gov One, dated July 7, 2011.

 

Current Status

Closed.  Gov 1 has been replaced with a payment portal through our vendor, Wells Fargo Bank. All recommendations have been included in the new payment portal.

 

The original project was delayed as the OTR was changing lockbox vendors, which included an option to change payment portals. Work to improve Gov One was purposefully put on hold as the business case to support changes to a system that was being replaced could not be supported.  This activity was cited in the original OIO report.  Requirements for the new system were drafted to include OIO recommendations. The provider later recognized they could not meet all of OTR's requirements, and the transition to the Bank's portal was delayed (and the control work delayed again).  The provider continues to work updating its payment portal to accommodate OTR's requirements. Current estimated date for replacement payment portal is January 2013.

 

Chief Risk Officer’s Risk Assessment

The inherent risk associated with the collection of revenues through Gov One is High.  The collection of revenue is a core mission of the OCFO, and it takes seriously all risks associated with collections, including financial, fiduciary, customer service and reputational risks.  The lack of additional control work categorizes the residual risk as High, as well.  This is OUTSIDE of the risk tolerance levels established at the OCFO.  The new portal – embedded with these OIO recommendations as well as other internal controls – will  significantly reduce risks. 

 

Overview of Recommendations

OIO offered ten recommendations. Seven have been fully implemented. These efforts apply to the new system.

 

  • Developed a process of joint review for banking analysis statements and invoices.  Invoices are submitted through the Office of Finance and Treasury, Contracting Officer Technical Representative (COTR).  They are then forwarded to the Returns Processing Administration (RPA) Lockbox Coordinator for reconciliation and approved by the RPA Director and returned to OFT for payment. 
  • OFT worked with the Office of Management Administration (OMA) to have the language which addresses the protection of Personally Identifiable Information (PII) by the prime and subcontractors (using guidance provided in Title 31 Section 6013 of the U.S. Code, IRS Publication 1075 and 4557 and NIST SP 800-122 and SP 800-53)  inserted into the new banking services contract.
  • OTR has included the requirement for a SAS 70 Type 2 report in the lockbox contract.  Also, OTR resumed periodic site visits, averaging two per year in 2011.  The Bank is required, by contract, to maintain stringent data protection standards.
  • OMA complied with the requirements of 27 DCMR 2800 to include written justification for not requiring the approval of subcontractors.
  • Specific changes identified by OIO as unsupported were cleared during a final bill reconciliation.
  • A new position, the Lockbox Coordinator, has been established and filled.  This aligns with contractual requirements and includes communication of technical issues.  A document tracking system (Tracks) has been put into place to ensure the information is delivered timely and resolved quickly. Tracks is monitored weekly.
  • While procurement protocols do not allow for an additional COTR, OTR has established an additional contact with the Bank to address operational issues.

 

The remaining recommendations have been implemented. 

 

  • The TSG has worked with OTR to develop an assessment of the automated taxpayer data records and retention practices and provide a report that addresses system compliance with the OCFO/OTR Record Retention Schedule for taxpayer data.  This is not reliant on the new system and is currently being evaluated.
  • An electronic report of daily transactions received from the payment portal prior to processing by ITS has been designed and developed.  The detailed report specifications are reliant on a portal solution being determined.
  • A Lockbox Coordinator position has been created and filled providing oversight of the lockbox process.  OTR has developed and implemented policies and procedures that address the management, oversight and reconciliation of the OTR lockbox account. The detailed procedures are reliant on the new portal being in place.

 

To view the full report Click : Collect Tax revenues through Gov One April 2011 Full Report .