TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

The Enterprise Systems Management Program Is Making Progress to Improve Service Delivery and Monitoring, but Risks Remain

 

 

 

September 12, 2008

 

Reference Number:  2008-20-161

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

Phone Number   |  202-622-6500

Email Address   |  inquiries@tigta.treas.gov

Web Site           |  http://www.tigta.gov

 

September 12, 2008

 

 

MEMORANDUM FOR CHIEF INFORMATION OFFICER

 

FROM:                            Michael R. Phillips /s/ Michael R. Phillips

                                         Deputy Inspector General for Audit

 

SUBJECT:                    Final Audit Report – The Enterprise Systems Management Program Is Making Progress to Improve Service Delivery and Monitoring, but Risks Remain (Audit # 200720039)

 

This report presents the results of our review to assess the efficiency and effectiveness of the Enterprise Systems Management (ESM) organization implementation and strategy.  This review was part of our Fiscal Year 2008 audit plan for reviews of the Internal Revenue Service’s (IRS) Modernization and Information Technology Services organization activities.

Impact on the Taxpayer

The IRS has begun an ESM initiative to improve the effectiveness and efficiency of managing computer systems operations and the availability of business systems services on an enterprise-wide basis.  The initiative is making progress toward accomplishing its goals.  However, we found that the ESM initiative incurred schedule slippage and $491,952 in additional costs.  By improving management practices and controls, this initiative could make better use of taxpayer dollars by reducing the frequency and duration of computer system outages, improve service availability for customers, and reduce IRS costs associated with owning and managing software tools.

Synopsis

The overall strategic direction for the ESM organization is to be an enterprise-level organization with centralized control over software tools and processes[1] based upon Information Technology Infrastructure Library concepts.[2]  To accomplish this strategy, the following three ESM projects were established:  End-to-End Business Systems Monitoring Project; Tools Centralization and Consolidation Project; and Organization and Operations Design Project.

In June 2007, the IRS began the process of making organizational changes to improve service delivery effectiveness and efficiency.  The ESM organization maintains a useful interactive web site where IRS personnel can obtain the results and reports of its monitoring activities.  Overall, the three ESM projects are making progress toward the goals of providing better service and reducing costs.  However, additional work is needed to improve ESM organization management practices and controls.

The IRS did not always provide funding for contractor support for the ESM projects in a timely manner.  Funding for contractor support lapsed in July 2007 and a subsequent contract was not awarded until August 29, 2007.  Management commented that it took approximately 2 months to get the new contractors familiar with the work previously completed.  We reviewed contractor invoices from September 4 through October 31, 2007 and determined that the IRS spent $491,952 just to get the new contractors familiar with what had been previously provided.  Subsequently, the Chief Information Officer approved $875,000 for ESM contractor support through May 2008.  However, as of June 26, 2008, additional funding had not been approved.  IRS management stated that funding problems occurred because the demand for funds is always much greater than the supply, and funding requirements are based on both available resources and IRS project prioritization.

The ESM projects did not always have adequate executive steering committee oversight to ensure that issues and risks were resolved in a timely manner.  It was not clear which organization was responsible for overseeing the ESM projects.  ESM organization management stated that the Information Technology Service Management organization provided oversight of the ESM projects based on a verbal agreement.  However, this organization’s management advised us that the Infrastructure Executive Steering Committee provided the formal governance for the ESM projects.  Currently, the ESM initiative is scheduled to go before the Infrastructure Executive Steering Committee in July 2008.

In addition, significant ESM project decisions and events were not always documented.  For example, the End-to-End Business Systems Monitoring Project did not have any written documentation showing the four specific applications recommended for future work or to support who approved the applications and when they were approved because the decisions were verbal.  In addition, the tool subsets selection process and changes to the selection process were not documented.  During the audit, management implemented corrective actions to address the documentation issue.

The Tools Centralization and Consolidation Project is collecting data on software tools within the Modernization and Information Technology Services organization and entering the data into a database called the Tool Repository.  As of April 15, 2008, the Tool Repository listed 240 tools.  The numbers of licenses owned and/or used were incomplete for 112 (47 percent) of the tools.  The number of licenses owned and/or used is not readily available or easily accessible because the IRS does not have a database or software license tracking tool to assist in identifying and tracking software used on its servers.  Without the ability to track software licenses and distribution, the IRS risks paying for additional licenses when unused licenses were available for distribution or paying for licenses that are not needed.

Recommendations

The Chief Information Officer should ensure that 1) the ESM projects receive timely and sufficient funding or revise the projects’ tasks, 2) the ESM projects are governed by the Infrastructure Executive Steering Committee, 3) software tools are acquired to track licenses of software used agencywide on servers to track and better evaluate software usage and related costs, and 4) all tools meeting ESM software tool criteria are approved by the ESM organization through the IRS Web Request Tracking System.

Response

IRS management agreed with all of our recommendations.  Corrective actions taken or planned include 1) modifying ESM project tasks to align with the available funds, 2) placing the ESM projects under the governance of the Infrastructure Executive Steering Committee, 3) acquiring and implementing the IBM Tivoli License Compliance Manager product to track and manage all software licenses used agency-wide on servers, and 4) taking the necessary actions to place the ESM organization in the IRS Web Request Tracking System approval path.  Management’s complete response to the draft report is included as Appendix VI.

Office of Audit Comment

In the IRS response to the draft report, management provided a comment acknowledging ramp-up funds were expended on the ESM project from September 4, 2007, through October 31, 2007.  However, upon further review, the IRS estimate for this cost is approximately one third of the amount stated in the report. 

The audit report was prepared based on the information the IRS provided to us during the audit.  The audit results were provided to IRS management on several occasions and we made revisions to the report based on the IRS comments.  After we revised the report to incorporate the IRS comments, we obtained executive agreement to the report at our closing conference.  Subsequently, the IRS advised us that it performed an additional review of the ramp-up cost and the amount of a new estimate.  We did not make any additional changes to the report because we did not independently validate the new information submitted after the completion of the audit.  

Copies of this report are also being sent to the IRS managers affected by the report recommendations.  Please contact me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at (202) 622-8510.

 

 

Table of Contents

 

Background

Results of Review

The Enterprise Systems Management Organization Has Been Deployed

Funding for Contractor Support Was Not Always Provided in a Timely Manner

Recommendation 1:

Project Governance Needs to Be Improved

Recommendation 2:

Significant Decisions and Events Were Not Always Documented

Controls Over Licenses for Software on Servers and Software Tool Purchases Should Be Improved

Recommendations 3 and 4:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measure

Appendix V – Glossary of Terms

Appendix VI – Management’s Response to the Draft Report

 

 

Abbreviations

 

CRSD

Customer Relationship and Service Delivery

ESM

Enterprise Systems Management

IRS

Internal Revenue Service

ITSDM

Information Technology Service Delivery Management

MITS

Modernization and Information Technology Services

 

 

Background

 

The overall strategic direction for the ESM organization is to be an enterprise-level organization with centralized control over software tools and processes.

The Internal Revenue Service (IRS) is striving to improve service to taxpayers, increase the effectiveness and efficiency of agency operations, and provide greater value to the Federal Government.  To assist the IRS in accomplishing these objectives, the Modernization and Information Technology Services (MITS) organization has begun an Enterprise Systems Management (ESM) initiative to improve the effectiveness and efficiency of managing computer systems operations and the availability of business systems services on an enterprise-wide basis.  This initiative will make better use of taxpayer dollars by reducing the frequency and duration of computer system outages, improving service availability for customers, and reducing IRS costs associated with owning and managing software tools.

The overall strategic direction for the ESM organization is to be an enterprise-level organization with centralized control over software tools and processes[3] based upon Information Technology Infrastructure Library concepts.[4]  Specifically, the following three ESM projects were established to implement this strategy:

  • End-to-End Business Systems Monitoring Project – An initiative to address enterprise monitoring from an Information Technology Service Management Service Delivery perspective, addressing both qualitative and quantitative issues with business systems availability and performance monitoring.  The overall goal is to improve the incident (e.g., system outages) management capabilities of the service and to better understand the real-time health of business systems.  This project was established in October 2006.

  • Tools Centralization and Consolidation Project – An initiative to develop a strategy and plan for the centralization and consolidation of software tools used across the MITS organization into a single ESM organization.  This effort will also develop and maintain an ESM Tool Repository.  This project was established in October 2006.

  • Organization and Operations Design Project – An initiative to implement an enterprise-focused ESM organization that leverages Information Technology Infrastructure Library concepts to provide end-to-end monitoring services and enterprise tools management.  This project was established September 2007.

Another MITS organization initiative to improve service management is the Information Technology Service Management Program.  The Information Technology Service Management Executive Steering Committee is responsible for governing the Program and championing the initiative within the MITS organization and the IRS.  The Information Technology Service Management Program initiative improves the way information technology organizations deliver and support information technology services so they are focused on the business requirements.  This initiative is also based on Information Technology Infrastructure Library concepts.  In January 2008, the Information Technology Service Management organization was expanded to include Customer Relationship Management.  With the expansion of the organization’s scope, the name was changed to the Customer Relationship and Service Delivery (CRSD) organization and is led by an Associate Chief Information Officer.  This organization will work with the other MITS organizations to implement a comprehensive and consistent approach to service delivery.

This review was performed at the MITS organization offices in New Carrollton, Maryland; Memphis, Tennessee; and Martinsburg, West Virginia, during the period September 2007 through July 2008.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

 

Results of Review

 

The Enterprise Systems Management Organization Has Been Deployed

In June 2007, the IRS began the process of making organizational changes to improve service delivery effectiveness and efficiency.  The redesigned ESM organization includes the Enterprise Service Desk organization and the Systems Management, Reporting, and Tools organization, which was created by realigning the prior ESM organization groups shown in Figure 1.

Figure 1:  Initial ESM Redesigned Organization

ESM Organization

Systems Management, Reporting, and Tools

Enterprise Service Desk

Production Support

Process Support I

Process Support II

Enterprise Analysis and Reporting

 

Source:  The ESM project team.

The Enterprise Service Desk provides a central point for reporting, tracking, and resolving information technology problems across the enterprise.  This review focused on the Systems Management, Reporting, and Tools organization.  The mission statements for the redesigned ESM organization were rewritten after the redesign in June 2007, but the roles and responsibilities of the personnel in the four subordinate groups of the Systems Management, Reporting, and Tools organization did not change.

The Systems Management, Reporting, and Tools organization maintains a useful interactive web site enabling personnel to access detailed information on workstations and reports of its monitoring activities.  The reports describe the performance “health” of servers, desktops, and laptops, as well as identify mislabeled systems.

IRS executives and managers should continuously evaluate the effectiveness and efficiency of their organizations; plan, propose, and obtain review and approval of reorganizations as needed; and evaluate the effects of reorganization.  The Office of Management and Budget Circular A-130, Management of Federal Information Resources, states that agencies should seek opportunities to improve the effectiveness and efficiency of Federal Government programs through work process redesign and the judicious application of information technology.  Although the June 2007 reorganization is not anticipated to be the final ESM reorganization, overall the three ESM projects are making progress toward the goals of providing better service and reducing costs.

Funding for Contractor Support Was Not Always Provided in a Timely Manner

The IRS requested contractor support to evaluate, design, and plan an infrastructure that can support the IRS’ business requirements for monitoring and managing business services.  However, the IRS did not always provide funding in a timely manner for contractor support for the ESM projects, which resulted in schedule slippage and additional costs.

ESM organization management obtained funding for contractor support from the Chief Information Officer’s project funding account.  Additional funding was obtained from the End User Equipment and Services organization when it authorized the realignment of $88,844 to cover contractor services through June 30, 2007.  However, funding for contractor support lapsed in July 2007 and work was put on hold pending the award of the new contract.

A new contract was awarded on August 29, 2007.  However, management commented that it took approximately 2 months to get the new contractors familiar with the work previously completed.  We reviewed contractor invoices from September 4 through October 31, 2007, and determined that the IRS spent $491,952 just to get the new contractors familiar with what had been previously provided.  The potential risk of additional project delays due to funding and budget issues was reported to IRS executives in November 2007.

Funding for ESM project contractor support was provided from several sources.  However, the delayed funding resulted in schedule slippage and $491,952 in additional costs.

The three ESM project teams provide weekly status reports to MITS organization executives to raise issues and risks affecting the ESM initiative.  For example,

  •  In December 2007, the Organization and Operations Design Project began reporting that its schedule, deliverables, and/or cost might be affected by its funding being scheduled to end in February 2008--prior to the completion of planned activities.  In February 2008, activity was underway to close down contractor support due to the lack of funding.

  • In November 2007, the End-to-End Business Systems Monitoring Project began reporting that its schedule, deliverables, and/or cost had been affected by insufficient funding.  On February 19, 2008, it was reported that the current funding would carry the project only through the end of February 2008.

Although the project was listed as a critical unfunded need, in January 2008, the MITS Enterprise Governance Committee did not approve funding for ESM project contractor support because of competing priorities and the unavailability of funds.  Subsequently, the Chief Information Officer approved $875,000 for ESM contractor support through May 2008.  The funds identified were anticipated software contract savings to be received by the IRS.  As of June 26, 2008, additional funding had not been approved.

The Chief Information Officer is responsible for managing information resources and technology management and the IRS long-range objectives and strategies for improving tax administration through modernizing the tax administration system.  The IRS indicated that the ESM initiative had problems in obtaining funding because the demand for funding is always much greater than the supply, and funding requirements are based on both available resources and IRS project prioritization.  As a result of not funding the ESM initiative in a timely manner, the IRS experienced schedule slippage and $491,952 in additional costs that could have been more efficiently used.[5]

Recommendation

Recommendation 1:  The Chief Information Officer should ensure that the ESM projects receive timely and sufficient funding, or revise the projects’ tasks to ensure efficient use of contractor support funds and continuity of funding.

Management Response:  IRS management agreed with this recommendation and will modify ESM project tasks to align with the available funds.

Office of Audit Comment:  In the IRS response to the draft report, management provided a comment acknowledging ramp-up funds were expended on the ESM project from September 4, 2007, through October 31, 2007.  However, upon further review, the IRS estimate for this cost is approximately one third of the amount stated in the report. 

The audit report was prepared based on the information the IRS provided to us during the audit.  The audit results were provided to IRS management on several occasions and we made revisions to the report based on the IRS comments.  After we revised the report to incorporate the IRS comments, we obtained executive agreement to the report at our closing conference.  Subsequently, the IRS advised us that it performed an additional review of the ramp-up cost and the amount of a new estimate.  We did not make any additional changes to the report because we did not independently validate the new information submitted after the completion of the audit.

Project Governance Needs to Be Improved

The ESM projects did not always have adequate executive steering committee oversight to ensure that issues and risks were resolved in a timely manner.  ESM management stated that the ESM Executive Steering Committee initially provided oversight of the three ESM projects.  However, management could not provide evidence of the oversight.

In June 2007, the Chief Information Officer established the Information Technology Service Management organization to provide oversight of the MITS organization-wide Information Technology Infrastructure Library related processes (e.g., Incident Management, Problem Management, and Tools Assessment).  However, the organization has undergone several name changes and is now referred to as the Information Technology Service Delivery Management (ITSDM) organization.  The ITSDM and ESM organizations provided us with inconsistent explanations about ESM project governance.  For example:

  • ESM organization management stated that the Executive Steering Committee joined the ITSDM organization in September 2007 and there was a verbal agreement with the former Director, ITSDM, that the ITSDM organization would provide oversight for the three ESM projects, given that the members served on each Executive Steering Committee.  However, the ITSDM organization was not aware of the verbal agreement because the former Director retired and the agreement was not documented in meeting minutes or other written communication.

  • In March 2008, the Director, ITSDM, stated that the ITSDM organization did not provide oversight for the ESM projects.  Instead, the Infrastructure Executive Steering Committee provided the formal governance for the ESM projects.  The Director explained that the ESM project teams were brought in regularly at the ITSDM organization meetings for status briefings solely for informational purposes.  However, ESM organization management stated that the Infrastructure Executive Steering Committee had not provided oversight of the three ESM projects.

We reviewed the Infrastructure Executive Steering Committee meeting minutes from March 14, 2007, through June 11, 2008.  The only mention of the ESM projects was from the December 3, 2007, ad-hoc meeting to prioritize the unfunded budget requests.  The minutes show the ESM project contractor support was ranked 13th in the Infrastructure Executive Steering Committee priority ranking.

The Clinger-Cohen Act of 1996[6] states that agencies shall develop a process for analyzing, tracking, and evaluating the risks and results of all major capital investments made by an executive agency for information systems.  The IRS implemented an Enterprise Governance Model for project and program oversight.  Governance bodies typically respond to immediate needs such as decision-making; risks; managing the project baselines; cost, schedule, and scope variances; and actions essential to resolving program or project problems affecting the achievement of strategic goals.

ESM organization management stated that the ESM project issues and risks were not reported to the Infrastructure Executive Steering Committee because they were discussed in briefings with the Chief Information Officer and MITS organization executives.  We were provided the documentation (dated May 2, 2007) used at the briefings.  The documentation included the status of completed and planned work for the ESM projects.  However, there were no meeting minutes to document the discussions.  Without the proper amount of executive oversight, the IRS increases the risk that the three ESM projects will incur additional costs and schedule slippage.

Management Action:  To improve the governance process over the ESM projects, the Director, ITSDM, was asked to lead the ESM projects beginning in December 2007.  The Director subsequently became the Deputy Director, CRSD.  Management indicated that the Deputy Director, CRSD, would continue to oversee the ESM projects to ensure that the projects proceed in the right direction and funding needs are reported.  In June 2008, the Deputy Director, CRSD, was reassigned to become the Associate Chief Information Officer, Enterprise Operations, but is still responsible for overseeing the three ESM projects.  In addition, a new request for organizational change is being submitted for approval for the ESM organization to become a part of the Enterprise Operations organization, with an anticipated effective date of October 1, 2008.  The ESM initiative is also scheduled to be presented to the Infrastructure Executive Steering Committee in July 2008.

Recommendation

Recommendation 2:  The Chief Information Officer should place ESM projects under the governance of the Infrastructure Executive Steering Committee to ensure that risks and issues are resolved in a timely manner.

Management Response:  IRS management agreed with this recommendation.  The ESM projects are under the governance of the Infrastructure Executive Steering Committee to ensure risks and issues are resolved in a timely manner.

Significant Decisions and Events Were Not Always Documented

Significant decisions and events were not documented and included in monthly project status reports, which resulted in increased risks of miscommunication, responsible parties not being held accountable, and actions not being implemented in a timely manner.  For example, the End-to-End Business Systems Monitoring Project team did not have any written documentation showing the four specific applications they recommended for future work or to support who approved the applications and when they were approved because the decisions were verbal.

The Tools Centralization and Consolidation Project also lacked documentation.  The tool subsets selection process and changes to the selection process were not documented.  The Tools Centralization and Consolidation Project team had begun the process to prioritize the tools for centralization, but this process was replaced by discussions with the ITSDM Executive Steering Committee.  The selections were based on software tools that were needed or would soon be needed by other MITS organization projects, which are in accordance with the Tools Project strategy of centralizing tools based on business priorities.  However, none of the activities or decisions leading to the final selection were documented.  The undocumented discussions and decisions included:

  • The Tools Centralization and Consolidation Projects discussions with the ITSDM organization.

  • The justification for selecting the tool subsets.

  • The tool subsets recommended by the Tools Centralization and Consolidation Project and presented to the Chief Information Officer and Associate Chief Information Officers.

  • The tool subsets selected and approved by the Chief Information Officer and Associate Chief Information Officers.

The ESM organization and the ITSDM organization also had conflicting accounts about how the tool recommendations were presented and how the selections were made.

The Government Accountability Office Standards for Internal Control in the Federal Government states that the entire process or life cycle of an event from the initiation and authorization should be promptly recorded to maintain its relevance and value to management in controlling operations and making decisions.  Insufficient or lack of documentation of key decisions increases the risk for miscommunication and the risks that responsible parties are not held accountable, and that actions are not implemented in a timely manner.  Also, when new management and staff are assigned to the ESM projects, they will not have access to documentation of key events and decisions that will help them understand the history and changes in the projects.  Without complete and accurate project management documentation, the IRS increases the risk that the three ESM projects will incur additional costs and schedule slippage.

Management Action:  The ESM project team agreed with our observations and is now documenting communications and meetings.  We verified that meetings are now being documented by reviewing the minutes from an ESM organization meeting held March 27, 2008.  Based on the management action, we are not making any recommendations regarding project documentation.

Controls Over Licenses for Software on Servers and Software Tool Purchases Should Be Improved

The Tools Centralization and Consolidation Project is collecting data on software tools within the MITS organization and entering the data into a database called the Tool Repository.  The Tool Repository includes information about the tools such as name, manufacturer, tool functions, license and maintenance data and cost, users, and tool version.  However, the IRS does not have an efficient and effective means to determine the number of licenses owned or used for the software on its servers.  As a result, approximately 47 percent of the tools in the Tool Repository were missing the information.

We surveyed IRS organizations outside of the MITS organization that owned or operated servers to determine the tools used to monitor or manage its information technology systems, the process for selecting and acquiring the tools, and the cost of the tools.  Only three IRS organizations outside of the MITS organization had such tools:  the Counsel Information Systems Office, the Criminal Investigation Division, and the Statistics of Income organization.  All three organizations stated that they consulted with the MITS organization prior to purchasing software tools.  The 3 organizations had 56 unique tools.

Nine of the 56 tools had names that were the same or similar to those in the Tool Repository.  We performed research and interviewed the Tools Centralization and Consolidation Project Manager to determine whether the MITS organization had available licenses for the nine tools.  Based on our analysis, we determined that:

  • One tool had available licenses and the IRS organization outside of the MITS organization was using these licenses.
  • Three tools did not have any available licenses, so the IRS organization outside of the MITS organization purchased its own.
  • Five tools did not have the information needed to determine the number of available licenses.  The IRS organizations outside of the MITS organizations stated that three of the five tools were obtained through IRS enterprise license agreements.  One tool was purchased by the MITS organization for an organization outside of the MITS organization.  One tool was purchased by an organization outside of the MITS organization.

We also analyzed the entire Tool Repository to determine the completeness of license information.  As of April 15, 2008, the Tool Repository listed 240 tools.  Figure 2 provides a summary of tool software license information.

Figure 2:  License Information for Tool Software on Servers

Licenses Owned

Licenses Used

Tool Count

Notes

Unknown

Unknown

94 (39.2%)

 

Unknown

Known

1 (0.4%)

 

Known

Unknown

17 (7.1%)

The number of licenses owned for 11 of these 17 tools ranged from 100 to 130,000.  Because the number of licenses used is unknown, an IRS organization outside of the MITS organization spent $4,815 to purchase its own copy of a tool.

 

Subtotal

112 (46.7%)

Number and percent of licenses with incomplete information.

Known

Known

128 (53.3%)

Number and percent of licenses with complete information.

 

Total

240

 

Source:  Treasury Inspector General for Tax Administration analysis of the Tool Repository.

The Tools Centralization and Consolidation Project Manager is attempting to determine the number of licenses owned and used for the tools that are missing information in order to update the Tool Repository.  However, the Project Manager has had difficulty finding the information because the designated points of contact for the tools do not always have the requested information.  Additional manual research performed is inefficient and does not always identify the information.

During our analysis of the software licenses, we found that organizations can purchase software tools without the ESM organization’s knowledge.  The Tools Centralization and Consolidation Project Manager was aware of this and had reported it as a risk in a status report.  In an effort to reduce the risk, the Project Manager submitted a request to include in the Internal Revenue Manual a requirement that the ESM organization be included as an approver for all purchase requests meeting the software tool criteria.  The request was submitted on November 1, 2007, but is still under review, and must be approved by all stakeholders before the requirement is included in the Internal Revenue Manual.

The Chief Information Officer is responsible for managing agency-wide information resources and technology management and the IRS long-range objectives and strategies for improving tax administration through modernizing the tax administration system.  An organization’s ability to more effectively manage its information technology environment depends on how effectively the information technology organization uses software tools.  By centralizing and consolidating tools, the IRS hopes to reduce costs associated with owning and managing software tools and identify and develop standard tools to eliminate duplication and address any gaps in tool functionality.  Ensuring that the proper number of software licenses are purchased and distributed to those who need them also helps to contain costs.

Without the ability to track software licenses and distribution, the IRS risks paying for unneeded licenses for additional licenses when unused licenses were available for distribution.  For example, if there were 45 unused licenses for Spotlight® on Active Directory, the business unit could have used them and avoided spending $4,815.  The number of licenses owned and/or used is not readily available or easily accessible because the IRS does not have a database or software license tracking tool in place to assist in identifying and tracking software used on its servers.

Recommendations

The Chief Information Officer should:

Recommendation 3:  Acquire software tools to track licenses of software used agency-wide on servers to track and better evaluate software usage and related costs.

Management Response:  IRS management agreed with this recommendation.  The IRS has acquired and will implement the IBM Tivoli License Compliance Manager product to track and manage all software licenses used agency-wide on servers in order to better evaluate software usage and related costs.

Recommendation 4:  Ensure that all tools meeting ESM organization software tool criteria and requested by all IRS organizations are submitted to the ESM organization for approval through the IRS Web Request Tracking System.

Management Response:  IRS management agreed with this recommendation.  The IRS will take the necessary actions to place the ESM organization in the IRS Web Request Tracking System approval path to ensure that requests meet the ESM organization’s software tool criteria.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

The overall objective was to assess the efficiency and effectiveness of the ESM organization implementation and strategy.  To accomplish this objective, we: 

I.                   Evaluated the effectiveness and efficiency in implementing the ESM organization.

A.    Evaluated the effectiveness and efficiency in implementing the initial ESM organization.

1.      Reviewed policies and procedures governing the establishment of the ESM organization.

2.      Determined whether key program management documents were prepared and approved.

3.      Determined whether the ESM organization obtained adequate resources and funding to implement the ESM strategy.

4.      Obtained a walkthrough of the Systems Management, Reporting, and Tools organization to determine how it provided and maintained the monitoring environment and tools.

B.     Evaluated the Organization and Operations Design Project efforts to implement an improved ESM organization.

1.      Interviewed ESM organization personnel to determine the mission, scope, and implementation timeline for the Organization and Operations Design Project and whether a Project Office was established and the governance process for overseeing the Project--for example, identify the executive steering committee responsible for this project.

2.      Determined whether key project documents were prepared and approved (e.g., Project Plan, Work Breakdown Structure, management approval).

3.      Interviewed ESM organization personnel to determine the process for and status in defining ESM organization personnel roles and responsibilities, organization structure, program governance, and service delivery.

4.      Identified and obtained, if available, Phase II work products and deliverables and determined whether they will be/were delivered in a timely manner (e.g., ESM Services Catalog, ESM Communication Strategy and Plan, ESM Process Integration Framework).

II.                Evaluated the Tools Management Project Office efforts to ensure effective and efficient use of software tools[7] through centralization and consolidation of the tools.

A.    Evaluated the effectiveness and efficiency of program and project management controls over the Tools Management Project Office.

1.      Reviewed policies and procedures governing the purchase of monitoring tools and the related licenses and maintenance contracts by the MITS organization and IRS organizations outside of the MITS organization.

2.      Determined how issues and risks were tracked, whether any issues were outstanding, and whether a risk mitigation plan was developed.

3.      Reviewed the Tools Management Project Plan and ESM Tools Centralization and/or Consolidation Plan.

B.     Evaluated the process for selecting software tools for centralization and consolidation.

1.      Interviewed ESM organization management to determine the process and criteria for selecting software tools for centralization and consolidation.

2.      Determined whether software tools were selected for centralization and/or consolidation and whether the tools selected met the selection criteria.

3.      Obtained an inventory of software tools used by IRS organizations outside of the MITS organization and compared the MITS inventory of monitoring tools to the IRS organizations outside of the MITS organization inventory of software tools to identify duplicate tools and whether the duplicate tools had licenses and maintenance contracts.

C.     For the duplicate software tools identified in Step II.B.3., determined whether cost savings could be realized if the IRS organizations outside of the MITS organization obtained or used tools available through the MITS organizations.

1.      Interviewed appropriate personnel (e.g., MITS organization and business unit personnel) to determine whether the duplicate tools identified have the capability to perform the same functionality required in both the MITS organization and the IRS organizations outside of the MITS organization and the process and analysis used in purchasing the duplicate software tools, the related licenses, and maintenance contracts, and whether the MITS organization was contacted prior to making these purchases.

2.      Determined whether the MITS organization has a process in place to obtain agreement with the business units that MITS organization monitoring tools satisfy the business unit’s needs.

3.      Obtained the cost of the duplicate monitoring tools and the related licenses and/or maintenance contracts in the IRS organizations outside of the MITS organization and interviewed MITS organization personnel to determine whether cost savings could be realized if the IRS organizations outside of the MITS organization obtained or used tools available through the MITS organization.

III.             Evaluated the End-to-End Monitoring Project Office efforts to ensure effective and efficient End-to-End monitoring throughout the IRS.

A.    Evaluated the effectiveness and efficiency of program and project management controls over the End-to-End Monitoring Project Office.

1.      Interviewed ESM organization personnel to determine the project plan, process, and status in implementing End-to-End monitoring.

2.      Determined whether key project management documents were prepared and approved (e.g., business case, Project Plan, Work Breakdown Structure, etc.).

3.      Determined how issues and risks were tracked, whether any issues were outstanding, and whether a risk mitigation plan was developed.

B.     Determined whether the Modernized e-File End-to-End Proof of Concept was on schedule and whether it demonstrated a process for effective End-to-End monitoring.

IV.             We used the IRS Web Request Tracking System and the MITS Project Tracking System to obtain contract information on the software reviewed in this audit.  Because we did not use the information to make projections, we did not validate the data on these systems.  We received the ESM Tool Repository, which was in a Microsoft Excel spreadsheet.  The data in the spreadsheet were entered from survey responses that were provided to the ESM team in written format and/or verbally.  We did not request the survey responses to validate the data.

 

Appendix II

 

Major Contributors to This Report

 

Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs)

Scott Macfarlane, Director

Danny Verneuille, Audit Manager

Tina Wong, Senior Auditor

Linda Screws, Auditor

Suzanne Westcott, Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Deputy Commissioner for Services and Enforcement  SE

Commissioner, Large and Mid-Size Business Division  SE:LM

Commissioner, Small Business/Self-Employed Division  SE:S

Commissioner, Tax Exempt and Government Entities Division  SE:T

Commissioner, Wage and Investment Division  SE:W

Chief, Agency-Wide Shared Services  OS:A

Chief, Criminal Investigation Division  SE:CI

Chief Human Capital Officer  OS:HC

Associate Chief Information Officer, End User Equipment and Services  OS:CIO:EU

Associate Chief Information Officer, Enterprise Operations  OS:CIO:EO

Director, Office of Research, Analysis, and Statistics  RAS

Director, Stakeholder Management  OS:CIO:SM

Chief Counsel CC                                        

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control OS:CFO:CPIC:IC

Audit Liaisons:

Commissioner, Large and Mid-Size Business Division  SE:LM

Commissioner, Small Business/Self-Employed Division  SE:S

Commissioner, Tax Exempt and Government Entities Division  SE:T

Commissioner, Wage and Investment Division  SE:W

Chief, Agency-Wide Shared Services  OS:A

Chief, Criminal Investigation Division  SE:CI

Chief Human Capital Officer  OS:HC

Director, Program Oversight Office  OS:CIO:SM:PO

Director, Office of Research, Analysis, and Statistics  RAS

 

Appendix IV

 

Outcome Measure

 

This appendix presents detailed information on the measurable impact that our recommended corrective action will have on tax administration.  This benefit will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

  •  Inefficient Use of Resources – Actual; $491,952 (see page 4).

Methodology Used to Measure the Reported Benefit:

Because funding for contractor support lapsed in July 2007 and a new contract was not awarded until August 29, 2007, new contractors were assigned to the ESM initiative.  Management commented that it took approximately 2 months to get the new contractors familiar with the work previously completed.  We reviewed contractor invoices from September 4 through October 31, 2007, and determined that the IRS spent $491,952 to get the new contractors familiar with the work previously completed on the ESM projects.

 

Appendix V

 

Glossary of Terms

 

End-to-End Monitoring

Managing all information technology component and subcomponent layers that exist in the IRS information technology operational environment.

Enterprise Governance Committee

The highest-level recommendation and
decision-making body to oversee and enhance enterprise management of information systems and technology.

Information Technology Infrastructure Library

A series of books giving guidance--based on best practices--on the provision of quality information technology services and on the accommodation and environmental facilities needed to support information technology.

Modernized e-File

A project to develop the modernized, web-based platform for filing approximately 330 IRS forms electronically.

Project Tracking System

A web-based budget application, which includes contract information.

Server

A computer that carries out specific functions.  For example, file servers store files, print servers manage printers, and network servers manage network traffic.

Spotlight® on Active Directory

Software used to monitor and troubleshoot problems on computers in Active Directory
(a
technology for administering and securing computer networks) environments.

Web Request Tracking System

A web-based application that allows IRS personnel to prepare, approve, fund, and track requests for the delivery of goods and services.  It also allows for electronic acceptance of items delivered and provides an electronic interface with the Automated Financial System for payment processing.

 

Appendix VI

 

Management’s Response to the Draft Report

 

The response was removed due to its size.  To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.


[1] ESM-related software tools and processes are used to provide computer systems support and services such as tool administration, systems monitoring, and change control.

[2] See Appendix V for a glossary of terms.

[3] ESM-related software tools and processes are used to provide computer systems support and services such as tool administration, systems monitoring, and change control. 

[4] See Appendix V for a glossary of terms.

[5] Appendix IV provides a summary of the outcome measure.

[6] (Federal Acquisition Reform Act of 1996) (Information Technology Management Reform Act of 1996), Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).

[7] ESM-related software tools are used to provide systems support and services such as tool administration, systems monitoring, and change control.