TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
The
September 12, 2008
Reference
Number: 2008-20-161
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone Number |
202-622-6500
Email Address | inquiries@tigta.treas.gov
Web Site |
http://www.tigta.gov
September 12, 2008
MEMORANDUM FOR CHIEF INFORMATION OFFICER
FROM: Michael R. Phillips /s/ Michael R. Phillips
Deputy Inspector General for Audit
SUBJECT: Final
Audit Report – The
This report presents the results of our review to assess the efficiency and
effectiveness of the Enterprise Systems Management (ESM) organization
implementation and strategy. This review was part of our Fiscal Year 2008
audit plan for reviews of the Internal Revenue Service’s (IRS) Modernization
and Information Technology Services organization activities.
Impact on the Taxpayer
The IRS has begun an ESM initiative to improve the
effectiveness and efficiency of managing computer systems operations and the availability
of business systems services on an enterprise-wide basis. The initiative is making progress
toward accomplishing its goals. However,
we found that the ESM
initiative incurred schedule slippage and $491,952 in additional costs. By improving management
practices and controls, this initiative could make better use of taxpayer
dollars by reducing the frequency and duration of computer system outages,
improve service availability for customers, and reduce IRS costs associated
with owning and managing software tools.
Synopsis
The overall strategic direction for
the ESM organization is to be an enterprise-level organization with centralized
control over software tools and processes[1] based upon Information Technology Infrastructure Library
concepts.[2] To accomplish this
strategy, the following three ESM projects were established: End-to-End
Business Systems Monitoring Project; Tools Centralization and Consolidation
Project; and Organization and Operations Design Project.
In June 2007, the IRS began the
process of making organizational changes to improve service delivery
effectiveness and efficiency. The ESM organization maintains a useful
interactive web site where IRS personnel can obtain the results and reports of its
monitoring activities. Overall, the three ESM projects are making
progress toward the goals of providing better service and reducing costs. However, additional work is needed to improve ESM
organization management practices and controls.
The IRS did not always provide funding for contractor
support for the ESM projects in a timely manner. Funding for contractor support lapsed in July
2007 and a subsequent contract was not awarded until August
29, 2007. Management commented that it
took approximately 2 months to get the new contractors familiar with the work
previously completed. We reviewed contractor
invoices from September 4 through October 31, 2007 and determined that the IRS
spent $491,952 just to get the new contractors familiar with what had been
previously provided. Subsequently, the Chief
Information Officer approved $875,000 for ESM contractor support through May
2008. However, as of June 26, 2008, additional
funding had not been approved. IRS management stated that funding problems occurred because
the demand for funds is always much greater than the supply, and funding requirements
are based on both available resources and IRS project prioritization.
The ESM projects did not always have adequate executive steering committee oversight to ensure that issues and risks were resolved in a timely manner. It was not clear which organization was responsible for overseeing the ESM projects. ESM organization management stated that the Information Technology Service Management organization provided oversight of the ESM projects based on a verbal agreement. However, this organization’s management advised us that the Infrastructure Executive Steering Committee provided the formal governance for the ESM projects. Currently, the ESM initiative is scheduled to go before the Infrastructure Executive Steering Committee in July 2008.
In addition, significant ESM project decisions and events were not always documented. For example, the End-to-End Business Systems Monitoring Project did not have any written documentation showing the four specific applications recommended for future work or to support who approved the applications and when they were approved because the decisions were verbal. In addition, the tool subsets selection process and changes to the selection process were not documented. During the audit, management implemented corrective actions to address the documentation issue.
The Tools Centralization and Consolidation Project
is collecting data on software tools within the Modernization and Information Technology Services organization and entering the data into a database called the Tool
Repository. As of April 15, 2008, the Tool
Repository listed 240 tools. The numbers
of licenses owned and/or used were incomplete for 112 (47 percent) of the
tools. The number of licenses owned
and/or used is not readily available or easily accessible because the IRS does
not have a database or software license tracking tool to assist in identifying
and tracking software used on its servers. Without the ability to track software
licenses and distribution, the IRS risks paying for additional licenses when unused
licenses were available for distribution or paying for licenses that are not
needed.
Recommendations
The Chief Information Officer should ensure that 1) the ESM projects receive timely and sufficient funding or revise the projects’ tasks, 2) the ESM projects are governed by the Infrastructure Executive Steering Committee, 3) software tools are acquired to track licenses of software used agencywide on servers to track and better evaluate software usage and related costs, and 4) all tools meeting ESM software tool criteria are approved by the ESM organization through the IRS Web Request Tracking System.
Response
IRS management agreed with all of our recommendations. Corrective actions taken or planned include
1) modifying ESM project tasks to align with the
available funds, 2) placing the ESM projects under the governance of the
Infrastructure Executive Steering Committee, 3) acquiring and implementing the
IBM Tivoli License Compliance Manager product to track and manage all software
licenses used agency-wide on servers, and 4) taking the necessary actions to
place the ESM organization in the IRS Web Request Tracking System approval
path. Management’s complete
response to the draft report is included as Appendix VI.
Office of Audit Comment
In the IRS response to the draft
report, management provided a comment acknowledging ramp-up funds were expended
on the ESM project from September 4, 2007, through October 31, 2007. However, upon further review, the IRS
estimate for this cost is approximately one third of the amount stated in the
report.
The
audit report was prepared based on the information the IRS provided to us
during the audit. The audit results were provided to IRS
management on several occasions and we made revisions to the report based on the
IRS comments. After we revised the
report to incorporate the IRS comments, we obtained executive agreement to the
report at our closing conference. Subsequently,
the IRS advised us that it performed an additional review of the ramp-up cost
and the amount of a new estimate. We did
not make any additional changes to the report because we did not independently validate
the new information submitted after the completion of the audit.
Copies of this report are also being sent to the IRS managers affected by the report recommendations. Please contact me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at (202) 622-8510.
The Enterprise Systems
Management Organization Has Been Deployed
Funding for
Contractor Support Was Not Always Provided in a Timely Manner
Project Governance Needs to Be Improved
Significant Decisions and Events Were Not Always Documented
Controls Over Licenses for Software on
Servers and Software Tool Purchases Should Be Improved
Appendices
Appendix
I – Detailed Objective, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix
III – Report Distribution List
Appendix
V – Glossary of Terms
Appendix VI
– Management’s Response to the Draft Report
Abbreviations
|
CRSD |
Customer Relationship and Service Delivery |
|
ESM |
|
|
IRS |
Internal Revenue Service |
|
ITSDM |
Information Technology Service Delivery Management |
|
MITS |
Modernization and Information Technology Services |
The overall strategic direction for the ESM organization is
to be an enterprise-level organization with centralized control over software
tools and processes.
The Internal Revenue Service (IRS)
is striving to improve service to taxpayers, increase the effectiveness and
efficiency of agency operations, and provide greater value to the Federal Government.
To assist the IRS in accomplishing these
objectives, the Modernization
and Information Technology Services (MITS) organization has begun an Enterprise
Systems Management (ESM) initiative to improve the effectiveness and efficiency
of managing computer systems operations and the availability of business
systems services on an enterprise-wide basis. This initiative will make better
use of taxpayer dollars by reducing the frequency and duration of computer
system outages, improving
service availability for customers, and reducing IRS costs associated with
owning and managing software tools.
The overall strategic direction for
the ESM organization is to be an enterprise-level organization with centralized
control over software tools and processes[3] based upon Information Technology Infrastructure Library
concepts.[4] Specifically, the following three ESM projects were
established to implement this strategy:
End-to-End
Business Systems Monitoring Project – An initiative to address enterprise monitoring
from an
Information Technology Service Management Service Delivery perspective, addressing both qualitative and
quantitative issues with business systems availability and performance
monitoring. The overall goal is to
improve the incident (e.g., system outages) management capabilities of the
service and to better understand the real-time health of business systems.
This project was
established in October 2006.
Tools
Centralization and Consolidation Project – An initiative to develop a strategy
and plan for the centralization and consolidation of software tools used across
the MITS organization into a single ESM organization.
This effort will also
develop and maintain an ESM Tool Repository.
This project was established in October 2006.
Organization
and Operations Design Project – An initiative to implement an enterprise-focused
ESM organization that leverages Information Technology Infrastructure Library concepts
to provide end-to-end monitoring services and enterprise tools management.
This project was
established September
2007.
Another
MITS organization initiative to improve service management is the Information
Technology Service Management Program. The
Information Technology Service Management Executive Steering Committee is
responsible for governing the Program and championing the initiative within the
MITS organization and the IRS. The Information Technology Service Management Program initiative
improves the way information technology organizations deliver and support information
technology services so they are focused on the business requirements. This initiative is also based on Information Technology Infrastructure Library concepts. In January 2008, the Information Technology
Service Management organization
was expanded to include Customer Relationship Management. With the expansion of the organization’s
scope, the name was changed to the Customer
Relationship and Service Delivery (CRSD) organization and is led by an Associate Chief Information Officer.
This organization will work with the
other MITS organizations to implement a comprehensive and consistent approach
to service delivery.
This review was performed at the MITS organization offices in New Carrollton, Maryland;
The Enterprise Systems Management Organization Has Been Deployed
In June 2007, the IRS began the process of making organizational changes to improve service delivery effectiveness and efficiency. The redesigned ESM organization includes the Enterprise Service Desk organization and the Systems Management, Reporting, and Tools organization, which was created by realigning the prior ESM organization groups shown in Figure 1.
Figure 1:
Initial ESM Redesigned Organization
|
ESM Organization |
||||
|
Systems Management, Reporting, and Tools |
|
|||
|
Production Support |
Process Support I |
Process Support II |
|
|
Source: The ESM project team.
The Enterprise
Service Desk provides a central point for reporting,
tracking, and resolving information technology problems across the
enterprise. This review focused
on the Systems Management, Reporting, and Tools organization. The mission
statements for the redesigned ESM organization were rewritten after the redesign
in June 2007, but the roles and responsibilities of the personnel in the four
subordinate groups of the Systems
Management, Reporting, and Tools organization did not change.
The
Systems Management, Reporting, and Tools organization maintains a useful
interactive web site enabling personnel to access detailed information on
workstations and reports of its monitoring activities. The reports describe the performance “health”
of servers, desktops, and laptops, as well as identify mislabeled systems.
IRS executives and managers should continuously evaluate the effectiveness and efficiency of their organizations; plan, propose, and obtain review and approval of reorganizations as needed; and evaluate the effects of reorganization. The Office of Management and Budget Circular A-130, Management of Federal Information Resources, states that agencies should seek opportunities to improve the effectiveness and efficiency of Federal Government programs through work process redesign and the judicious application of information technology. Although the June 2007 reorganization is not anticipated to be the final ESM reorganization, overall the three ESM projects are making progress toward the goals of providing better service and reducing costs.
Funding for Contractor Support Was Not Always Provided in a Timely Manner
The IRS requested contractor support to evaluate, design, and plan an infrastructure that can support the IRS’ business requirements for monitoring and managing business services. However, the IRS did not always provide funding in a timely manner for contractor support for the ESM projects, which resulted in schedule slippage and additional costs.
ESM organization management obtained funding for contractor support from the Chief Information Officer’s project funding account. Additional funding was obtained from the End User Equipment and Services organization when it authorized the realignment of $88,844 to cover contractor services through June 30, 2007. However, funding for contractor support lapsed in July 2007 and work was put on hold pending the award of the new contract.
A new contract was awarded on
August 29, 2007. However, management
commented that it took approximately 2 months to get the new contractors familiar
with the work previously completed. We
reviewed contractor invoices from September 4 through October 31, 2007, and
determined that the IRS spent $491,952 just to get the new contractors familiar
with what had been previously provided. The
potential risk of additional project delays due to funding and budget issues
was reported to IRS executives in November 2007.
Funding for ESM project contractor support was provided from
several sources. However, the delayed
funding resulted in schedule slippage and $491,952 in additional costs.
The three ESM project teams
provide weekly status reports to MITS organization executives to raise issues
and risks affecting the ESM initiative. For
example,
In December 2007, the
Organization
and Operations Design Project began reporting that
its schedule, deliverables, and/or cost might be affected by its funding being scheduled
to end in February 2008--prior to the completion of planned activities. In February 2008, activity was underway to
close down contractor support due to the lack of funding.
In November 2007, the
End-to-End
Business Systems Monitoring Project began reporting that
its schedule, deliverables, and/or cost had been affected
by insufficient funding. On February 19,
2008, it was reported that the current funding would carry the project only through
the end of February 2008.
Although the project was
listed as a critical unfunded need, in January 2008, the MITS Enterprise
Governance Committee did not approve funding for ESM project contractor support
because of competing priorities and the unavailability of funds. Subsequently, the Chief Information Officer
approved $875,000 for ESM contractor support through May 2008. The funds identified were anticipated
software contract savings to be received by the IRS. As of June 26, 2008, additional funding had
not been approved.
The Chief Information Officer is responsible for
managing information resources and technology management and the IRS long-range
objectives and strategies for improving tax administration through modernizing
the tax administration system. The IRS indicated that the ESM initiative had problems
in obtaining funding because the demand for funding is always much greater than
the supply, and funding requirements are based on both available resources and
IRS project prioritization. As a result
of not funding the ESM initiative in a timely manner, the IRS experienced
schedule slippage and $491,952 in additional costs that could have been more
efficiently used.[5]
Recommendation
Recommendation 1: The Chief Information Officer should ensure that the ESM projects receive timely and sufficient funding, or revise the projects’ tasks to ensure efficient use of contractor support funds and continuity of funding.
Management Response: IRS management agreed with this recommendation and will
modify ESM project tasks to align with the available funds.
Office of Audit Comment: In the IRS response to the draft report,
management provided a comment acknowledging ramp-up funds were expended on the
ESM project from September 4, 2007, through October 31, 2007. However, upon further review, the IRS
estimate for this cost is approximately one third of the amount stated in the
report.
The audit report was prepared based on the information the
IRS provided to us during the audit. The audit results
were provided to IRS management on several occasions and we made revisions
to the report based on the IRS comments. After we revised the report to
incorporate the IRS comments, we obtained executive agreement to the report at
our closing conference. Subsequently, the IRS advised us that it
performed an additional review of the ramp-up cost and the amount of a new
estimate. We did not make any
additional changes to the report because we did not independently validate
the new information submitted after the completion of the audit.
Project Governance Needs to Be Improved
The ESM projects did not always
have adequate executive steering committee oversight to ensure that issues and
risks were resolved in a timely manner.
ESM management stated that the ESM Executive Steering Committee
initially provided oversight of the three ESM projects. However, management could not provide
evidence of the oversight.
In June 2007, the Chief
Information Officer established the Information Technology Service Management organization
to provide oversight of the MITS organization-wide Information Technology Infrastructure
Library related processes (e.g., Incident
Management, Problem Management, and Tools Assessment). However, the organization has undergone
several name changes and is now referred to as the Information Technology
Service Delivery Management (ITSDM) organization. The ITSDM and ESM organizations provided us
with inconsistent explanations about ESM project governance. For example:
ESM organization management
stated that the Executive Steering Committee joined the ITSDM organization in
September 2007 and there was a verbal agreement with the former Director, ITSDM,
that the ITSDM organization would provide oversight for the three ESM projects,
given that the members served on each Executive Steering Committee. However, the ITSDM organization was not aware
of the verbal agreement because the former Director retired and the agreement
was not documented in meeting minutes or other written communication.
In March 2008, the Director, ITSDM, stated that the ITSDM
organization did not provide oversight for the ESM projects.
Instead, the Infrastructure
Executive Steering Committee provided the formal governance for the ESM projects. The Director explained that the ESM project
teams were brought in regularly at the ITSDM organization meetings for status
briefings solely for informational purposes. However,
ESM organization management stated that the Infrastructure
Executive Steering Committee had not provided oversight of the three ESM projects.
We reviewed the Infrastructure Executive Steering Committee meeting minutes from March 14, 2007, through June 11, 2008. The only mention of the ESM projects was from the December 3, 2007, ad-hoc meeting to prioritize the unfunded budget requests. The minutes show the ESM project contractor support was ranked 13th in the Infrastructure Executive Steering Committee priority ranking.
The Clinger-Cohen
Act of 1996[6] states that agencies shall develop a process
for analyzing, tracking, and evaluating the risks and results of all major
capital investments made by an executive agency for information systems. The IRS
implemented an Enterprise Governance Model for project and program
oversight. Governance bodies typically
respond to immediate needs such as decision-making; risks; managing the project
baselines; cost, schedule, and scope variances; and actions essential to
resolving program or project problems affecting the achievement of strategic
goals.
ESM organization management stated
that the ESM project issues and risks were not reported to the Infrastructure Executive
Steering Committee because they were discussed in briefings with the Chief
Information Officer and MITS organization executives. We were provided the documentation (dated May
2, 2007) used at the briefings. The
documentation included the status of completed and planned work for the ESM
projects. However, there were no meeting
minutes to document the discussions. Without the proper amount of
executive oversight, the IRS increases the risk that the three ESM projects
will incur additional costs and schedule slippage.
Management Action: To improve the governance process over the ESM projects, the
Director, ITSDM, was asked to lead the ESM projects beginning in December 2007. The Director subsequently became the Deputy
Director, CRSD. Management indicated that
the Deputy Director, CRSD, would continue to oversee the ESM projects to ensure
that the projects proceed in the right direction and funding needs are reported. In June 2008, the Deputy Director, CRSD, was reassigned to become the Associate
Chief Information Officer, Enterprise Operations, but is still responsible for
overseeing the three ESM projects. In addition, a new request for organizational change is being submitted for
approval for the ESM organization to become a part of the Enterprise Operations
organization, with an anticipated effective date of October 1, 2008. The ESM initiative is also scheduled to be
presented to the Infrastructure Executive Steering Committee in July 2008.
Recommendation
Recommendation 2: The Chief Information Officer should place ESM projects under the governance of the Infrastructure Executive Steering Committee to ensure that risks and issues are resolved in a timely manner.
Management Response: IRS
management agreed with this recommendation.
The ESM projects are under the governance of the Infrastructure
Executive Steering Committee to ensure risks and issues are resolved in a
timely manner.
Significant
Decisions and Events Were Not Always Documented
Significant decisions and events
were not documented and included in monthly project status reports, which
resulted in increased risks of miscommunication, responsible
parties not being held accountable, and actions not being implemented in a
timely manner. For example, the
End-to-End Business Systems Monitoring Project team did not have any written documentation
showing the four specific applications they recommended for future work or to
support who approved the applications and when they were approved because
the decisions were verbal.
The Tools Centralization and Consolidation Project also lacked
documentation. The tool subsets
selection process and changes to the selection process were not
documented. The Tools Centralization and
Consolidation Project team had begun the process to prioritize the tools for
centralization, but this process was replaced by discussions with the ITSDM Executive Steering Committee. The
selections were based on software tools that were needed or would soon be
needed by other MITS organization projects, which are in accordance with the Tools
Project strategy of centralizing tools based on business priorities. However, none of the activities or decisions
leading to the final selection were
documented. The undocumented discussions
and decisions included:
The Tools Centralization and Consolidation Project’s discussions with the ITSDM organization.
The justification for selecting the tool subsets.
The tool subsets recommended by the Tools Centralization and Consolidation Project and presented to the Chief Information Officer and Associate Chief Information Officers.
The tool subsets selected and approved by the Chief
Information Officer and Associate Chief Information Officers.
The ESM
organization and the ITSDM organization also had conflicting accounts about how the tool
recommendations were presented and how the selections were made.
The Government
Accountability Office Standards for
Internal Control in the Federal Government states that the entire process
or life cycle of an event from the initiation and authorization should be
promptly recorded to maintain its relevance and value to management in
controlling operations and making decisions. Insufficient
or lack of documentation of key decisions increases the risk for
miscommunication and the risks that responsible parties are not held accountable,
and that actions are not implemented in a timely manner. Also, when new
management and staff are assigned to the ESM projects, they will not have
access to documentation of key events and decisions that will help them
understand the history and changes in the projects. Without complete and accurate project
management documentation, the IRS increases the risk that the three ESM
projects will incur additional costs and schedule slippage.
Management Action: The
ESM project team agreed with our observations and is now documenting
communications and meetings. We verified
that meetings are now being documented by reviewing the minutes from an ESM organization
meeting held March 27, 2008. Based on
the management action, we are not making any recommendations regarding project documentation.
Controls Over
Licenses for Software on Servers and Software Tool Purchases Should Be Improved
The Tools Centralization and Consolidation Project is collecting data on software tools within the MITS organization and entering the data into a database called the Tool Repository. The Tool Repository includes information about the tools such as name, manufacturer, tool functions, license and maintenance data and cost, users, and tool version. However, the IRS does not have an efficient and effective means to determine the number of licenses owned or used for the software on its servers. As a result, approximately 47 percent of the tools in the Tool Repository were missing the information.
We surveyed IRS organizations outside of the MITS organization that owned or operated servers to determine the tools used to monitor or manage its information technology systems, the process for selecting and acquiring the tools, and the cost of the tools. Only three IRS organizations outside of the MITS organization had such tools: the Counsel Information Systems Office, the Criminal Investigation Division, and the Statistics of Income organization. All three organizations stated that they consulted with the MITS organization prior to purchasing software tools. The 3 organizations had 56 unique tools.
Nine of the 56 tools had names that were the same or similar
to those in the Tool Repository. We
performed research and interviewed the Tools Centralization and Consolidation Project Manager to
determine whether the MITS organization had available licenses for the nine
tools. Based on our analysis, we determined
that:
We also
analyzed the entire Tool Repository to determine the completeness of license
information. As of April 15, 2008, the Tool
Repository listed 240 tools. Figure 2
provides a summary of tool software license information.
Figure 2: License Information for
Tool Software on Servers
|
Licenses
Owned |
Licenses Used |
Tool
Count |
Notes |
|
Unknown |
Unknown |
94 (39.2%) |
|
|
Unknown |
Known |
1 (0.4%) |
|
|
Known |
Unknown |
17 (7.1%) |
The number of licenses owned for 11 of these 17 tools ranged from 100
to 130,000. Because the number of
licenses used is unknown, an IRS organization outside of the MITS
organization spent $4,815 to purchase its own copy of a tool. |
|
|
Subtotal |
112 (46.7%) |
Number and percent of licenses with incomplete information. |
|
Known |
Known |
128 (53.3%) |
Number and percent of licenses with complete information. |
|
|
Total |
240 |
|
Source: Treasury Inspector General for Tax Administration analysis of the Tool Repository.
The
Tools Centralization and Consolidation Project Manager is attempting to
determine the number of licenses owned and used for the tools that are missing
information in order to update the Tool Repository. However, the Project Manager has had
difficulty finding the information because the designated points of contact for
the tools do not always have the requested information. Additional manual research performed is
inefficient and does not always identify the information.
During our analysis of the software licenses, we found that
organizations can purchase software tools without the ESM organization’s
knowledge. The Tools Centralization and Consolidation Project Manager was aware of
this and had reported it as a risk in a status report. In an effort to reduce the risk, the Project Manager submitted a request to
include in the Internal Revenue Manual a requirement that the ESM organization
be included as an approver for all purchase requests meeting the software tool
criteria. The request was submitted on November 1, 2007, but is still under review, and must be approved by all
stakeholders before the requirement is included in the Internal Revenue Manual.
The Chief
Information Officer is responsible for managing agency-wide information
resources and technology management and the IRS long-range objectives and
strategies for improving tax administration through modernizing the tax
administration system. An
organization’s ability to more effectively manage its information technology
environment depends on how effectively the information technology organization
uses software tools. By centralizing and
consolidating tools, the IRS hopes to reduce costs associated with owning and
managing software tools and identify and develop standard tools to eliminate
duplication and address any gaps in tool functionality. Ensuring that the proper number of software
licenses are purchased and distributed to those who need them also helps to
contain costs.
Without the ability to track software licenses and distribution, the IRS risks paying for unneeded licenses for additional licenses when unused licenses were available for distribution. For example, if there were 45 unused licenses for Spotlight® on Active Directory, the business unit could have used them and avoided spending $4,815. The number of licenses owned and/or used is not readily available or easily accessible because the IRS does not have a database or software license tracking tool in place to assist in identifying and tracking software used on its servers.
Recommendations
The Chief Information Officer should:
Recommendation
3:
Acquire
software tools to track licenses of software used agency-wide on servers to
track and better evaluate software usage and related costs.
Management Response: IRS management agreed
with this recommendation. The IRS has
acquired and will implement the IBM Tivoli License Compliance Manager product
to track and manage all software licenses used agency-wide on servers in order
to better evaluate software usage and related costs.
Recommendation 4:
Ensure that all tools meeting ESM organization
software tool criteria and requested by all IRS organizations are submitted to
the ESM organization for approval through the IRS Web Request Tracking System.
Management Response: IRS management
agreed with this recommendation. The IRS
will take the necessary actions to place the ESM organization in the IRS Web
Request Tracking System approval path to ensure that requests meet the ESM
organization’s software tool criteria.
Appendix I
Detailed Objective, Scope, and Methodology
The overall objective was to assess the efficiency and effectiveness of the ESM organization implementation and strategy. To accomplish this objective, we:
I.
Evaluated the effectiveness and efficiency in implementing the ESM
organization.
A. Evaluated the effectiveness and
efficiency in implementing the initial ESM organization.
1.
Reviewed
policies and procedures governing the establishment of the ESM organization.
2. Determined whether key program management documents were prepared and approved.
3.
Determined
whether the ESM organization obtained adequate resources and funding to
implement the ESM strategy.
4.
Obtained
a walkthrough of the Systems Management, Reporting, and Tools organization to
determine how it provided and maintained the monitoring environment and tools.
B.
Evaluated
the Organization and Operations Design Project efforts to implement an improved
ESM organization.
1.
Interviewed
ESM organization personnel to determine the mission, scope, and implementation
timeline for the Organization and Operations Design Project and whether a
Project Office was established and the governance process for overseeing the
Project--for example, identify the executive steering committee responsible for
this project.
2.
Determined
whether key project documents were prepared and approved (e.g., Project Plan,
Work Breakdown Structure, management approval).
3. Interviewed ESM organization personnel to determine the process for and status in defining ESM organization personnel roles and responsibilities, organization structure, program governance, and service delivery.
4.
Identified
and obtained, if available, Phase II work products and deliverables and
determined whether they will be/were delivered in a timely manner (e.g., ESM
Services Catalog, ESM Communication Strategy and Plan, ESM Process Integration
Framework).
II.
Evaluated the Tools Management Project Office efforts to ensure effective
and efficient use of software tools[7] through
centralization and consolidation of the tools.
A. Evaluated the effectiveness and
efficiency of program and project management controls over the Tools Management
Project Office.
1.
Reviewed policies and procedures
governing the purchase of monitoring tools and the related licenses and
maintenance contracts by the MITS organization and IRS organizations outside of the MITS organization.
2.
Determined how issues and risks
were tracked, whether any issues were outstanding, and whether a risk
mitigation plan was developed.
3.
Reviewed the Tools Management
Project Plan and ESM Tools Centralization and/or Consolidation Plan.
B.
Evaluated
the process for selecting software tools for centralization and consolidation.
1.
Interviewed
ESM organization
management to determine the process and criteria for selecting software tools
for centralization and consolidation.
2.
Determined
whether software tools were selected for centralization and/or consolidation
and whether the tools
selected met the selection criteria.
3.
Obtained
an inventory of software tools used by IRS organizations outside of the MITS organization and
compared the MITS inventory of monitoring tools to the IRS organizations outside of the MITS organization
inventory of software tools to identify duplicate tools and whether the
duplicate tools had licenses and maintenance contracts.
C.
For
the duplicate software tools identified in Step II.B.3., determined whether
cost savings could be realized if the IRS organizations outside of the MITS organization obtained
or used tools available through the MITS organizations.
1.
Interviewed
appropriate personnel (e.g., MITS organization and business unit personnel) to
determine whether the duplicate tools identified have the capability to perform
the same functionality required in both the MITS organization and the IRS organizations outside of the
MITS organization and the process and analysis used in purchasing the duplicate
software tools, the related licenses, and maintenance contracts, and whether
the MITS organization was contacted prior to making these purchases.
2.
Determined
whether the MITS organization has a process in place to obtain agreement with
the business units that MITS organization monitoring tools satisfy the business
unit’s needs.
3.
Obtained
the cost of the duplicate monitoring tools and the related licenses and/or
maintenance contracts in the IRS
organizations outside of the MITS organization and interviewed MITS organization personnel to determine whether
cost savings could be realized if the IRS organizations outside of the MITS organization obtained
or used tools available through the MITS organization.
III.
Evaluated the End-to-End Monitoring Project Office efforts to
ensure effective and efficient End-to-End monitoring throughout the IRS.
A. Evaluated the effectiveness and
efficiency of program and project management controls over the End-to-End
Monitoring Project Office.
1.
Interviewed
ESM organization personnel to determine the project plan, process, and status
in implementing End-to-End
monitoring.
2.
Determined
whether key project management documents were prepared and approved (e.g.,
business case, Project Plan, Work Breakdown Structure, etc.).
3.
Determined how issues and risks
were tracked, whether any issues were outstanding, and whether a risk
mitigation plan was developed.
B.
Determined
whether the Modernized
e-File End-to-End
Proof of Concept was on schedule and whether it demonstrated a process for
effective End-to-End
monitoring.
IV.
We used the IRS Web Request Tracking System and the MITS Project Tracking System to obtain contract
information on the software reviewed in this audit. Because we did not use the information to make
projections, we did not validate the data on these systems. We received the ESM Tool Repository, which
was in a Microsoft Excel spreadsheet.
The data in the spreadsheet were entered from survey responses that were
provided to the ESM team in written format and/or verbally. We did not request the survey responses to
validate the data.
Appendix II
Major Contributors to This Report
Margaret E. Begg,
Assistant Inspector General for Audit (Information Systems Programs)
Scott Macfarlane, Director
Danny Verneuille, Audit Manager
Tina Wong, Senior Auditor
Linda Screws, Auditor
Suzanne Westcott, Auditor
Appendix III
Commissioner C
Office of the Commissioner – Attn: Chief of Staff C
Deputy Commissioner for Operations Support OS
Deputy Commissioner for Services and Enforcement SE
Commissioner, Large and Mid-Size Business Division SE:LM
Commissioner, Small Business/Self-Employed Division SE:S
Commissioner, Tax Exempt and Government Entities Division SE:T
Commissioner, Wage and Investment Division SE:W
Chief, Agency-Wide Shared Services OS:A
Chief, Criminal Investigation Division SE:CI
Chief Human Capital Officer OS:HC
Associate Chief Information Officer, End User Equipment and Services OS:CIO:EU
Associate Chief Information Officer,
Director, Office of Research, Analysis, and Statistics RAS
Director, Stakeholder Management OS:CIO:SM
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of Program
Evaluation and Risk Analysis RAS:O
Office of Internal Control OS:CFO:CPIC:IC
Audit
Liaisons:
Commissioner, Large and Mid-Size Business Division SE:LM
Commissioner, Small Business/Self-Employed Division SE:S
Commissioner, Tax Exempt and Government Entities Division SE:T
Commissioner, Wage and Investment Division SE:W
Chief, Agency-Wide Shared Services OS:A
Chief, Criminal Investigation Division SE:CI
Chief Human Capital Officer OS:HC
Director, Program Oversight Office OS:CIO:SM:
Director, Office of Research, Analysis, and Statistics RAS
Appendix IV
This appendix presents detailed information on the measurable impact that our recommended corrective action will have on tax administration. This benefit will be incorporated into our Semiannual Report to Congress.
Type and Value of Outcome Measure:
Inefficient Use of Resources – Actual; $491,952 (see page 4).
Methodology Used to Measure the Reported Benefit:
Because funding for contractor
support lapsed in July 2007
and a new contract
was not awarded until August 29, 2007, new contractors were assigned to the ESM
initiative. Management commented that it
took approximately 2 months to get the new contractors familiar with the work
previously completed. We reviewed contractor invoices from September 4 through
October 31, 2007, and determined that the IRS spent $491,952 to get the new
contractors familiar with the work previously completed on the ESM projects.
Appendix V
|
End-to-End Monitoring |
Managing
all information technology component and subcomponent layers that exist in
the IRS information technology operational environment. |
|
|
The
highest-level recommendation and |
|
Information Technology Infrastructure Library |
A series of books
giving guidance--based on best practices--on the provision of quality information
technology services and on the
accommodation and environmental facilities needed to support information
technology. |
|
Modernized
e-File |
A
project to develop the modernized, web-based platform for filing
approximately 330 IRS forms electronically. |
|
Project Tracking System |
A web-based
budget application, which includes contract information. |
|
Server |
A computer that carries out specific functions. For example, file servers store files,
print servers manage printers, and network servers manage network traffic. |
|
Spotlight® on Active Directory |
Software used to
monitor and troubleshoot problems on computers in Active Directory |
|
Web
Request Tracking System |
A
web-based application that allows IRS personnel to prepare, approve, fund,
and track requests for the delivery of goods and services. It also allows for electronic acceptance of
items delivered and provides an electronic interface with the Automated Financial
System for payment processing. |
Appendix VI
Management’s Response to the Draft Report
The
response was removed due to its size. To
see the response, please go to the Adobe PDF version of the report on the TIGTA
Public Web Page.
[1] ESM-related software tools and processes are used to provide computer systems support and services such as tool administration, systems monitoring, and change control.
[2] See Appendix V for a glossary of terms.
[3] ESM-related software tools and processes are used to provide computer systems support and services such as tool administration, systems monitoring, and change control.
[4] See Appendix V for a glossary of terms.
[5]
Appendix IV provides a summary of the outcome
measure.
[6] (Federal Acquisition Reform Act of 1996) (Information Technology Management Reform Act of 1996), Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).
[7] ESM-related software tools are used to provide systems support and services such as tool administration, systems monitoring, and change control.