TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

The Information Technology Enterprise Governance Structure Needs Further Process Improvements to Ensure Adequate Oversight

Issued on July 31, 2008

Highlights

Highlights of Report Number:  2008-20-134 to the Internal Revenue Service Chief Information Officer.

IMPACT ON TAXPAYERS

The Internal Revenue Service (IRS) estimated that it would spend $1.4 billion for information technology (IT) products and services in Fiscal Year 2007.  While the IRS has made progress in implementing its IT enterprise governance structure, additional actions are needed to address current weaknesses in providing effective oversight and management of all IT projects.  This will help to ensure that the IRS uses funds efficiently and effectively to provide oversight and control of all IT projects.

WHY TIGTA DID THE AUDIT

This audit was initiated as part of the TIGTA Fiscal Year 2007 Annual Audit Plan for coverage of IRS modernization efforts.  The overall objective of this review was to determine whether the IRS has established and is following adequate internal controls to manage all IT investment projects within the new enterprise governance model in support of the IRS mission and goals.

WHAT TIGTA FOUND

In Fiscal Year 2006, the IRS expanded the roles and responsibilities of the Program Control and Process Management Division to incorporate and establish direction for the new enterprise governance model.  Since then, the IRS has made significant progress in directing, developing, and implementing tiered-program management activities.  For example, it has 1) developed and distributed standardized reporting templates with documented processes and procedures for the executive steering committees, and 2) created a master listing of IT projects to track and assign oversight.  Each IRS organization has formed or is planning to form its own individual Program Management Office to execute the new tiered-program management processes and procedures while providing oversight and management to assigned IT projects.

Although the IRS has made progress in implementing its tiered-program management structure, additional actions are needed to address current weaknesses in providing effective oversight and management of all IT projects.  The IRS has not 1) fully documented policies and procedures for developing a complete portfolio of IT projects, 2) completed the setup of Program Management Offices for all IRS organizations, 3) fully implemented the health assessment process, or 4) provided consistent and continual monitoring and oversight of major IT projects through the executive steering committees.  Completing actions to address these conditions will help ensure that the enterprise tiered-program management structure provides effective oversight and control of all IT projects.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the Chief Information Officer 1) work with other IRS executives to develop a complete and accurate master IT project list with a standard set of IT terms that have been approved and communicated to all IRS organizations, 2) ensure that the proposed governance directive is approved and communicated through all levels of the IRS, 3) establish formal policies and procedures to ensure that the health assessment process is consistently applied and followed across all IRS organizations, and 4) ensure that policies and procedures are developed or revised to require that control organizations review all assigned major IT projects monthly and present projects to the appropriate governance board’s attention when established thresholds are exceeded.

In their response to the report, IRS officials agreed with our recommendations.  They plan to 1) incorporate projects and operational applications into the IRS portfolio and develop, approve, and communicate formal policies and procedures to continually update the portfolio and a standard set of IT terms, 2) obtain approval of the governance directive and communicate guidance to foster enterprise-wide adherence to the governance process, 3) conduct an enterprise-wide campaign of education and sustained support for the control organizations to ensure consistency of the health assessment process, and 4) ensure that all assigned major IT projects are reviewed monthly and are presented to the appropriate governance board’s attention when established thresholds are exceeded.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:

http://www.treas.gov/tigta/auditreports/2008reports/200820134fr.html.

Email Address:   inquiries@tigta.treas.gov

Phone Number:   202-622-6500

Web Site:   http://www.tigta.gov