The objective of this audit was to determine if the Internal Revenue Service (IRS) had developed authoritative guidelines for the classification of information technology (IT) projects, as intended by the Information Technology Investment Account (ITIA) legislation, and implemented processes to ensure that projects adhere to the guidelines. To accomplish the objective we:

• Determined if the IRS had established guidelines for the classification of IT projects.
• Identified IT projects and evaluated the IRS’ process for the classification of these projects.
• Compared the program and project management processes for ITIA and non-ITIA projects.

The scope of the audit included discussing the guidelines for classifying IT projects and associated processes with key IRS officials and reviewing available documentation. Some of the third-party documentation was provided to us by IRS liaisons. In addition, we reviewed a judgmental sample of six IT projects to determine if they were properly classified and funded.

We conducted the audit in the National Headquarters’ Business Systems Modernization (BSM) and Information Technology Services offices from November 2000 through May 2001. This audit was performed in accordance with Government Auditing Standards. Major contributors to this report are listed in Appendix I.

Previous attempts by the IRS to modernize its information systems have not been fully successful. Contributing factors included management and technical weaknesses on the part of the IRS, such as the lack of disciplined systems development processes. Insufficient oversight by IRS management resulted in inadequate integration of modernization projects and high-risk/high-dollar projects that were never deployed. The IRS has since started the BSM effort to replace all of its major information systems. The IRS estimates that the BSM effort will take 15 years and cost $5 billion.

The Congress established the ITIA to fund BSM projects. Projects funded by the ITIA are heavily scrutinized by the Congress and various oversight groups. The IRS funds non-ITIA projects through general Modernization and Information Technology Services (MITS) appropriations.

The IRS Commissioner’s strategy for the first few ITIA projects has been to develop low-risk projects that will show immediate taxpayer benefit and assist in developing the processes for future higher-risk projects.

The IRS has made progress in improving systems modernization processes by using lessons learned from the prior modernization efforts. The IRS created an architecture, known as the Modernization Blueprint, to guide the BSM effort. Also, the IRS established rigorous program and project management processes for ITIA projects. These processes include an Investment Decision Management process and a comprehensive methodology to guide development and deployment of systems from beginning to end, called the Enterprise Life Cycle (ELC). The IRS has also made progress in setting up similar processes for non-ITIA projects, including modified versions of the ELC and Investment Decision Management processes. See Appendix III for a chronological listing of systems modernization improvements.

In April 1999, the IRS Commissioner issued a memorandum entitled, "Thoughts on Issue of How to Plan IS Projects Other Than Major ‘Core Systems’ Projects." This memorandum advocated the creation of a three-tier structure for classifying IT projects (Tiers A, B, and C). Through discussions with IRS officials, we determined that Tier A projects are funded by the ITIA and Tier B and Tier C projects are funded through the IRS MITS General Appropriations account. The MITS will manage both the ITIA and non-ITIA projects.

While the IRS has defined some of the basic elements of a tier classification system, we determined that various definitions or guidelines exist for the three tiers (see Appendix IV for an analysis of Tier A characteristics). Based on our review of the various guidelines, management improvements being implemented, and the upcoming planned deployment of two low-risk projects, we concluded that the IRS should use this opportunity to establish authoritative classification guidelines and processes to administer the guidelines.

The Congress established the ITIA to create monetary control over the BSM, to avoid the pitfalls experienced in earlier modernization efforts. Therefore, to ensure that appropriate IT projects are properly funded, the IRS should develop authoritative guidelines and processes for classifying IT projects as ITIA or non-ITIA projects.

Various IRS documents, including status reports, meeting minutes, and performance reviews, indicate the IRS recognizes that the guidelines for classifying IT projects are not clear and need refining. In addition, opinions vary among the MITS managers as to what the classification guidelines are or should be (project management rigor, funding, risks, costs, etc.) and why projects are currently classified as they are.

The IRS has prudently begun the BSM effort by developing low-risk projects. Because the IRS was attempting to learn lessons and achieve early success by initiating low-risk projects, it did not focus on establishing either authoritative funding guidelines for classifying projects or processes to administer such guidelines. As the IRS moves toward higher risk projects, the need for authoritative guidelines will become more critical.

Without creating ITIA and non-ITIA funding guidelines and processes to administer the guidelines, the IRS could misclassify projects.

• Non-ITIA projects could be subjected to more project management and funding rigor than required.
• ITIA projects could be subjected to less project management and funding rigor than required.
• ITIA and non-ITIA funds could be used for purposes not intended or approved by the Congress.

To determine if any of these conditions were present, we reviewed six projects possessing characteristics that indicated possible misclassification, had authoritative guidelines been in place. We identified three ITIA projects that could have been classified as non-ITIA projects and three non-ITIA projects that could have been classified as ITIA projects (see Appendix V for details).

To ensure that Congressional expectations are met for the expenditure of ITIA and non-ITIA funds, the Deputy Commissioner for Modernization & Chief Information Officer should:

1. Establish specific objective guidelines for classifying IT projects as ITIA or non-ITIA. The guidelines should include, at a minimum, a) cost, b) development period, c) quantitative/qualitative estimate of risk, and d) integration with, or affect on, the modernization architecture.

Management’s Response: IRS management agreed with the recommendation and plans to develop authoritative guidelines for making investment decisions. The guidelines will include cost, development period, quantitative and qualitative risk estimates, and integration with, or effect on, the modernization architecture.

2. Establish repeatable processes and authority for applying the classification guidelines, including:
1. An initial classification of each IT project at its inception.
2. A periodic reassessment process to ensure that the classification continues to be appropriate.
3. A process to follow when guidelines do not clearly indicate how projects should be funded.

Management’s Response: IRS management agreed with the recommendation and plans to develop a process, including guidelines and procedures, for the selection and funding of information technology projects. The process will be used for funding classification and ongoing review of all information technology projects.

The IRS has prudently initiated the BSM with the development of low-risk projects. With the advent of improved management processes and the planned deployment of two low-risk projects, the IRS should establish authoritative guidelines for the classification of IT projects for determining the source of funding and establishing the proper amount of project management rigor required. Without developing authoritative guidelines and processes for the classification of IT projects, the IRS could misclassify IT projects. This could subject the projects to more or less project management rigor than required and could result in funds being used for purposes not intended or approved by the Congress.

Scott E. Wilson, Assistant Inspector General for Audit (Information Systems Programs)

Scott A. Macfarlane, Director

Troy D. Paterson, Audit Manager

Paul M. Mitchell, Senior Auditor

Jeffrey E. Williams, Senior Auditor

Perrin T. Gleaton, Auditor

Suzanne M. Noland, Auditor

Commissioner N:C

Associate Commissioner, Business Systems Modernization M:B

Deputy Associate Commissioner, Program Management M:B

Deputy Associate Commissioner, Program Planning and Control M:B

Deputy Associate Commissioner, Systems Integration M:B

Chief, Information Technology Services M:I

Director, Strategic Planning and Client Services M:SP

Director, Legislative Affairs CL:LA

Director, Office of Program Evaluation and Risk Analysis N:ADC:R:O

Chief Counsel CC

National Taxpayer Advocate TA

Office of Management Controls N:CFO:F:M

Audit Liaisons:

Characteristics for "Tier A" Project Classification	IRS[1] Comm-issioner’s Memo April 1999	ELC[2] Guide Chapter 1 November 1999	Power Point Slides from BSM[3] Director	Convers-ations with IRS Modern-ization Managers	"BSP[4] Participation in the ELC" Document January 2001
Creates or enables major business process change		X			X
Provides significant new technological functionality in support of business change		X			X
Defines or forms integral component of modernization architecture		X	X	X	X
Core business system (as opposed to medium or small size system)	X
Large size in cost or FTEs[5] ("large" is not defined)	X			X	X
Maintains core agency data			X	X
Supports basic tax function; usually multiple business organizations			X	X	X
Business owner is designated on behalf of agency			X
Large size, longer time frame			X	X	X
High risk		X	X	X	X
Full life cycle, multiple releases		X	X	X
Agency business case (as opposed to single user)			X	X
High impact; cost over $20 million; crosses multiple business lines; life cycle over 2-3 years with multiple releases					X
Projects derived from the Blueprint 1997				X
Projects funded by the ITIA[6]				X

• Customer Relationship Management Examination - This project is a commercial off-the-shelf software package intended to benefit just one business unit within the IRS. Both risk and cost for this project are low, and there is no planned integration with other modernization projects. The IRS estimates it will spend $4.5 million in ITIA funds to purchase and deploy the software.
• Telecommunications Enterprise Strategic Program - In January 2001, one segment of this project, consisting of three mini-projects, was transferred to the Modernization and Information Technology Services (MITS) organization for continued development and general appropriations funding. These mini-projects are low-risk since they are effectively just upgrades to the existing IRS telecommunications systems. We estimate that, prior to the transfer, $978,946 in ITIA funds was spent on the three mini-projects.
• Customer Communications 2001 - This project consists only of upgrades to existing telephone call management systems with no resulting retirement of existing systems. It is a low-risk project, although the cost is relatively high. The IRS estimates it will have spent $60.8 million in ITIA funds on this project by the end of Fiscal Year 2001.

• Asset Management Modernization Project (AMMP) - This is a sub-project of the Enterprise Systems Management (ESM) project, which is an ITIA project. The AMMP is currently being developed as a non-ITIA project. AMMP and ESM project management indicated that at some point the AMMP project should become an ITIA project. However, due to the absence of authoritative classification guidelines, IRS management was not sure at what point this should occur. The AMMP represents new technology that will become an integral part of a modernization project and is high in risk and dollars ($40 million).
• Practitioner Secure Messaging System - This project uses new technology to exchange taxpayer information using the Internet. A prior audit report indicated the project was being developed outside of the MITS organization without any Enterprise Life Cycle discipline and recommended the project be moved to the BSM program. The IRS has authorized $2.5 million to complete the project.
• Electronic Tax Law Assistance - We selected this project for review due to its similarities to an ITIA project. Subsequent to our selection of this project for analysis, the IRS recognized the similarities and cancelled further enhancements.

The response was removed due to its size. To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.