Audit Reports
Direct Tax
Report No. 23 of 2012 - Performance Audit of IT Applications in Income Tax Department
Overview
The main objectives of the IT Applications in Income Tax Department (ITD) were to improve the efficiency and effectiveness of the tax administration and provide management with reliable and timely information towards effective planning as also broaden the tax base. We reviewed four modules of ITD Applications namely, AST for processing returns, OLTAS for providing tax accounting and payment information, e-TDS for providing AST with information on details of payment of taxes under TDS scheme and IRLA for maintaining a ledger account of each individual assessees in respect of demand and refunds of tax for each assessment year (AY).
ITD has spent RS 790 crore on computerisation during FY 06 to FY 11. Yet ITD has not utilized important functionalities of modules. AST/CPC applications do not link up assessee's legacy details (paragraph 2.16 to 2.20). It does not record scrutiny assessment details nor does it record penalty proceedings and appeals. All non filers identified by AST are not being issued notices, (paragraph 2.11). ITD did not reconcile the revenue collections as reported by Banks and as accounted by Zonal Accounts Office, with implications on correctness of Government Accounts, (paragraph 2.26). Deauthorised bank branches are collecting taxes (paragraph 2.31 to 2.32). Large amounts of unposted credits are lying in OLTAS (paragraph 2.42). The Individual Running Ledger Accounts are not being populated completely (paragraph 2.52 to 2.53). Multiple uses of same Challans have been found which accorded inadmissible tax credit to assessees. ITD has already confirmed 3089 cases amounting to RS 153 crores of extra credit through the system at our instance (paragraph 2.58). IT applications do not generate important MIS reports like CAP-1 and CAP-II online (paragraphs 2.66 to 2.69); and, do not co-relate Certificate for deduction of tax at lower/nil rate while processing returns.
Outsourcing contracts are not comprehensive towards ensuring third party security audit / audit by ITD (paragraphs 3.16 to 3.22). We could not obtain adequate assurance towards the system for handling records for digitization by outsourced vendors (paragraph 3.25 to 3.27).There were deficiencies in physical and logical access controls (paragraph 3.29). Contractors defaulted on their deliverables without attracting penalties.