Although it's taken 12 years and $3.24 billion so far, a decades-long effort to upgrade the Internal Revenue Service's business systems is delivering value to taxpayers, the agency's inspector general says in a new report, but security problems may be holding the efforts back.

The modernization program began in 1999, and involves integrating "thousands" of different hardware and software components. Among its goals were issuing refunds five days faster, offering electronic filing for businesses, web-based services for taxpayers and accountants and improved customer service.

Among its core projects are: the Customer Account Data Engine (CADE), databases and apps to post, settle and maintain tax accounts and returns; Modernized e-File/e-Services (MeF) for electronic filing; and the Account Management Services/Integrated Data Retrieval System to give IRS employees access to taxpayer records.

CADE processed 40 million tax returns in 2009, and another 40 million from January through May 2010. Account Management Services and MeF, meanwhile, are also online, and the most recent upgrades to CADE and Account Management Services came in under budget. In addition, the overall modernization program is being overhauled to deliver features quicker. The next upgrades to CADE will take place in phases, during which a new relational database will be installed and applications migrated and integrated.

Still, despite the progress, the inspector general found some lingering problems, especially in the area of security. While the IRS took steps to address most of the vulnerabilities noted in recent auditor's reports, the IG cautions that the IRS continues to insufficiently monitor vulnerabilities, warning that the lack of proper controls increases the risk of unauthorized access to taxpayer information.

In related news, two Republican Senators recently wrote a letter lashing out at the agency for "unacceptable" delays in providing the inspector general with information related to IT systems, characterizing the delays as "interference" with the auditor's mission to monitor IRS' good governance.

The letter comes after, in a response to the Senators' request for information on IRS auditor investigations, the tax agency's inspector general noted a number of "significant delays" in receiving information from the IRS and said that IRS management has required the review and clearance of documents before releasing the information to the IRS.

"It is unacceptable that [the inspector general] is not allowed unfettered access to documents and employees," Sens. Chuck Grassley, R-Iowa and Tom Coburn, R-Okla., wrote in the letter. "Management pre-screening is not consistent with the Inspector General Act."

In terms of delays, the IRS repeatedly delayed responses to IG requests for information as part of the business systems modernization review, such as a three-month delay in sharing an expenditure plan and a two-month delay in sharing funding reports.

In another instance, due to a lack of agency resources assigned to responding to the IG's request, the IRS took more than three months to provide e-mail messages the IG sought to analyze compliance with secure e-mail policies, and even after the IG reduced the scope of the request, only received messages for 65% of its requested sample. In yet another case, again due to a lack of resources, it took about five months to scan a sample of 20 databases and then set up time to share the results with respective database administrators.