Annual Assessment of the Business Systems Modernization Program
September 14, 2009
Reference Number: 2009-20-136
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone Number |
202-622-6500
Email Address | inquiries@tigta.treas.gov
Web Site |
http://www.tigta.gov
September 14, 2009
MEMORANDUM FOR CHIEF TECHNOLOGY OFFICER
FROM: Michael R. Phillips /s/ Michael R. Phillips
Deputy Inspector General for Audit
SUBJECT: Final Audit Report – Annual Assessment of the Business Systems Modernization Program (Audit # 200920021)
This report presents the results of our annual assessment of
the Business Systems Modernization (Modernization) Program. The overall objective of this review was to assess
the progress of the Internal Revenue Service (IRS) Modernization Program for
Fiscal Year 2009, as required by the IRS Restructuring and Reform Act of 1998.[1] This
review was included in the Treasury Inspector General for Tax Administration
Fiscal Year 2009 Annual Audit Plan under the major management challenge of
Modernization of the IRS.
Impact on the Taxpayer
The Modernization Program, which began in 1999, is a complex effort to modernize the IRS’ technology and related business processes. This effort will involve integrating thousands of hardware and software components. All of this must be done while replacing outdated technology and maintaining the current tax system. The objective of the Modernization Program is to address these crucial challenges, manage the inherent risks of modernization, and deliver a level of service American taxpayers expect.
Synopsis
In December 1998, the IRS hired the Computer Sciences Corporation as its PRIME contractor[2] for the Modernization Program. The IRS originally relied on the PRIME contractor to act as a systems integrator to find and manage the best expertise and technical resources to achieve its organizational goals. In January 2005, due to budget reductions and concerns about the adequacy of the PRIME contractor’s performance, the IRS began transitioning many activities from the PRIME contractor and taking over the primary role as the systems integrator for all projects.
The IRS has
spent 11 years and received more than $3
billion on the Modernization Program.
The IRS originally estimated the Modernization Program effort would last up to 15 years and incur contractor costs of about $8 billion. The Program is in its 11th year and has received approximately $2.71 billion for contractor services, plus an additional $353 million for internal IRS costs.
The Modernization Program accomplishments extend from the development of Program Management Offices and enterprise architecture to the implementation of systems and applications that improve the IRS’ ability to administer and enforce compliance with the nation’s tax laws, while providing quality customer service.
For the past year, Modernization Program management development activities have generally met the objectives of the IRS Modernization Program. These activities included the development and implementation of strategic planning and program management efforts in the form of the Information Technology Modernization Vision and Strategy, Enterprise Data Access and Data Strategy Implementation Programs, and a tiered program management structure designed to act as an enterprise governance model.
The Modernization Program has also continued to develop and deploy modernized applications. New capabilities include enhancements to the Customer Account Data Engine that incorporated new tax law provisions including the processing of Economic Stimulus Act of 2008[3] payments, and the ability of IRS employees to access taxpayer account information through the Account Management Services system.
The IRS has recognized that, in addition to the accomplishments achieved in the Modernization Program, it faces significant challenges in meeting the requirements of the next phase of project development and systems integration. The immediate challenge is the future of the Customer Account Data Engine, the acknowledged centerpiece throughout the life of the Modernization Program. The IRS Program Integration Office is considering using elements from the Individual Master File and the current Customer Account Data Engine to significantly reengineer the IRS tax account management process. The continued improvement to managing individual taxpayer accounts will be curtailed until the use of the reengineered database is implemented and made available for integration with other systems and applications. Further, the challenge in modernizing the management of business taxpayer accounts has yet to be considered.
The past year’s Modernization Program performance did not continue the trend of improvement it demonstrated in the prior 3 years. The shortfall in performance is presented in a Modernization Program analysis of project development cost and schedule variance (see Appendix VI). The IRS has also experienced a turnover of executives that challenges the Program’s continued long-term success.
Further, a control process to manage the Modernization and
Information Technology Services (MITS) organization’s Highest Priority Initiatives process has been discontinued. The MITS organization established the Customer Relationship and Service Delivery organization
to support the overall technology performance of the IRS and MITS
organization. The Customer Relationship and Service
Delivery organization is currently developing processes that will be used to
replace the Highest Priority Initiatives
process and plans to submit the draft process to the Chief Technology Officer
for review. The MITS organization
is currently focusing on process improvements throughout the organization using
industry best practices. The MITS
Leadership team determined that this will provide a more comprehensive,
integrated, disciplined, and effective management approach for process
improvements than the previous Highest Priority Initiatives
process.
Since 1995, the IRS has identified and reported the Modernization Program as a material weakness. The IRS recognizes the need to incorporate necessary program management disciplines and has plans to implement a process improvement strategy. This strategy will allow the Modernization Program to continue to improve its management practices by incorporating industry best practices. However, we believe the Modernization Program should continue as a material weakness until the modernization material weakness action plan is updated and the improvement strategy is accomplished.
Response
The Chief Technology Officer responded that the IRS was pleased that the annual assessment recognized the MITS organization’s accomplishments in providing quality customer service. The IRS also appreciated acknowledgement of the continued development and deployment of modernized applications. In response to our comments on the use of the Information Technology Modernization Vision and Strategy planning process, the IRS related that it expanded the breadth of the business technology included in this strategy and is establishing a pre-selection process for investment planning. Management’s complete response to the draft report is included as Appendix XI.
Copies of this report are also being sent to the IRS managers affected by the report conclusions. Please contact me at (202) 622-6510 if you have questions or Alan R. Duncan, Assistant Inspector General for Audit (Security and Information Technology Services), at (202) 622-5894.
The Modernization Program Has Delivered
Business Value
The Modernization Program
Is Being Refocused
Further Improvements
Can Be Made to Management of the Modernization Program
Appendices
Appendix
I – Detailed Objective, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix III – Report Distribution List
Appendix
IV – Enterprise Life Cycle Overview
Appendix V
– Modernization Program Funding
Appendix
VI – Project Cost and Schedule Variance Analysis
Appendix
VII – Modernization Program Project Accomplishments
Appendix VIII
– Open Recommendations Related to Modernization Program Material Weaknesses
Appendix
X – Glossary of Terms
Appendix
XI – Management’s Response to the Draft Report
Abbreviations
|
e-File |
Electronic Filing |
|
IRS |
Internal Revenue Service |
|
MITS |
Modernization and Information Technology
Services |
|
TIGTA |
Treasury Inspector General for Tax
Administration |
The Internal Revenue Service (IRS) Restructuring and Reform Act of 1998[4] requires the Treasury Inspector General for Tax Administration (TIGTA) to annually evaluate the adequacy and security of IRS information technology. This report provides our assessment of the IRS Business Systems Modernization (Modernization) Program from June 2008 through June 2009.
The Modernization Program, which began in 1999, is a complex effort to modernize the IRS’ technology and related business processes. This effort involves integrating thousands of hardware and software components. All of this is being done while replacing outdated technology and maintaining the current tax system. While the Modernization Program encompasses dozens of projects and systems, the core projects that the IRS has referred to as the “Pillars of Modernization” are the:
In December 1998, the IRS hired the Computer Sciences Corporation as its PRIME contractor for the Modernization Program. The IRS originally relied on the PRIME contractor to act as a systems integrator to find and manage the best expertise and technical resources to achieve its organizational goals. In January 2005, due to budget reductions and concerns about the adequacy of the PRIME contractor’s performance, the IRS began transitioning many activities from the PRIME contractor and taking over the primary role as the systems integrator for all projects.
The IRS
planned to complete the Modernization Program in 15 years at a cost of
approximately $8 billion.
The IRS originally estimated the Modernization Program effort would last up to 15 years and incur contractor costs of approximately $8 billion. The Program is now in its 11th year and has received approximately $2.71 billion for contractor services, plus an additional $353 million for internal IRS costs. Appendix V presents an analysis of Modernization Program funding since its inception.
The compilation of information for this report was conducted
at the TIGTA office in
The Modernization Program Has Delivered Business Value
The
Modernization Program accomplishments encompass the development of program
management offices and operations and modernized systems and applications.
The Modernization Program accomplishments extend from the development of an enterprise architecture and program management operations, to the implementation of systems and applications that improve the IRS’ ability to administer and enforce compliance with the nation’s tax laws, while providing quality customer service. The IRS has established offices and staffs to manage Modernization Program disciplines including the Enterprise Life Cycle,[8] program governance, systems engineering, configuration management, requirements development and management, system and application testing, and transition management. The Modernization Program is continuing to complete its organizational makeup and is maturing in the role as the primary systems integrator.
The Modernization Program has also continued to develop and deploy modernized applications. New capabilities include improvements to the Customer Account Data Engine that incorporated new tax law provisions including the processing of Economic Stimulus Act of 2008[9] payments, and the ability of IRS employees to access taxpayer account information through the Account Management Services system.
Customer Account
Data Engine
Our post-implementation review[10] of the Customer Account Data Engine showed that Customer Account Data Engine Release 3 accurately processes and records tax return and tax account information. The Customer Account Data Engine project team successfully implemented Release 3 requirements that enable the system to more successfully accept, record, and process tax return information.
The Customer Account Data Engine processed more than 39.4 million individual income tax returns (approximately 30 percent of all individual tax returns filed) and issued more than $58 billion in refunds during the Calendar Year 2009 tax return filing season. This is a significant increase over the 30 million tax returns (approximately 21 percent of all individual tax returns filed) processed by the Customer Account Data Engine in Calendar Year 2008, and the 11.2 million tax returns processed in Calendar Year 2007.
Account Management Services
The Account Management Services system provides IRS employees with the tools to access information quickly and accurately in response to complex customer inquiries. The Account Management Services project management team generally followed established systems development processes. In the development and deployment of Account Management Services Releases 1.3 and 2.1, the Modernization and Information Technology Services (MITS) organization developed and maintained documentation to meet Enterprise Life Cycle requirements for deliverables and work products. It also incorporated the use of project work breakdown structure schedules, task orders and modifications, and meeting minutes.
Modernized e-File
The Modernized e-File system accepted 3.5 million electronically filed business tax returns for the 2008 tax year, which far exceeded the filings for the previous tax year. All business forms are now accepted on the Modernized e-File system, such as corporations, partnerships, exempt organizations, excise tax returns, and applications for an automatic extension of time to file certain business returns. The increase for Tax Year 2008 is 139 percent more than Tax Year 2007 and represents about 28 percent of the total business return receipts for Tax Year 2008.
Other systems
Additional products delivered by the Modernization Program include the e-Services application that creates a web portal to promote the goal of conducting most of the IRS’ transactions with tax practitioners electronically, and the Integrated Financial System that operates as the IRS’ accounting system of record, replacing the core financial systems, including expenditure controls, accounts payable, accounts receivable, general ledger, budget formulation, and purchasing controls.
Appendix VII presents the Modernization Program project accomplishments during the past year.
The Modernization Program Has Continued to Further Its Program Management and Project Development Activities
For the past year, Modernization Program management development activities have generally met the objectives of the IRS Modernization Program. The Program included the development and implementation of strategic planning and program management efforts in the form of the Information Technology Modernization Vision and Strategy, Enterprise Data Access and Data Strategy Implementation Programs, and a tiered program management structure designed to act as an enterprise governance model.
Information
Technology Modernization Vision and Strategy
The MITS
organization has revised the Information Technology Modernization Vision
and Strategy to expand the
scope of modernization to include business and technology functions that were
not previously included. This process
reflects collaboration between the business functions and the MITS organization,
where difficult decisions are made and tradeoffs are based on an enterprise
view.
In its third year, the Information Technology Modernization Vision and Strategy planning process continues to mature. The current release of the Information Technology Modernization Vision and Strategy has been expanded to embody all technology services and products delivered by the IRS. In addition, the Information Technology Modernization Vision and Strategy Program Office was created. The mission of this Office is to enable the prioritization and selection of MITS organization investments by employing mature processes that proactively engage stakeholders to develop investment strategies that are aligned with the IRS enterprise-wide strategic plans. This Office coordinates, formulates, and presents to senior executives the key data points required to make informed investment decisions.
The Data Strategy is designed to provide standardized access
to official IRS data sources; eliminate redundant, inconsistent, and outdated
data; and provide guidance to identify and use data effectively and efficiently
to gather and manage taxpayer account information. The
Enterprise Data Access and Data Strategy Implementation Programs are the major
components of the Data Strategy. These Programs are in development and projects related to
them have been initiated and, in some cases, completed. The
MITS organization’s plans for the Data Strategy address the goals of the
Information Technology Modernization Vision and Strategy, and the MITS
organization is making progress in achieving those goals.
Tiered program management
To better manage the information technology investments, the
Chief Information Officer outlined a business commitment to implement an IRS
enterprise-wide information technology tiered program management structure. The Program Control and Process Management Division
has made significant progress directing, developing, and implementing tiered program
management activities. For example, it
has developed and distributed standardized reporting templates with documented
processes and procedures for the executive steering committees. In addition, the IRS has created a master
list of information technology projects to track and assign oversight. Each IRS organization has formed or is
planning to form its own individual Program Management Office to execute the
new tiered program management processes and procedures while providing
oversight and management to assigned information technology projects.
The Modernization Program Is Being Refocused
The IRS has recognized that, in addition to the accomplishments achieved in the Modernization Program, it faces significant challenges in meeting the requirements of the next phase of project development and system integration. The IRS has stated that a strategy correction is needed to meet changing business needs, have a more agile information technology environment, and reduce risks with associated costs to build and maintain systems.
The immediate challenge recognized by the IRS is the future of the Customer Account Data Engine, the acknowledged centerpiece throughout the life of the Modernization Program. Currently, the Customer Account Data Engine operates concurrently with Individual Master File processing. This requires that work must be done across the two environments, increasing the complexity of the filing season and resulting in a greater risk for errors in processing taxpayer account information. In addition, concerns about the increasing complexities and questions of scalability with the existing system led to the development of the new strategy. Future planned releases of the existing Customer Account Data Engine contain far more complex business requirements, more interfaces with other systems, and have a far greater effect on employees and visibility with taxpayers.
Further, the ability to obtain qualified technical resources and sufficient funding will challenge the successful delivery of future Customer Account Data Engine releases. Since the IRS initiated the Customer Account Data Engine project in 1999 and spent $335 million in development costs, it has been able to process only approximately 30 percent of the individual income tax returns filed. In the course of the project development, the Computer Sciences Corporation (the PRIME contractor) played dual roles as program integrator and systems developer. While the project did achieve substantial capabilities during this period, the IRS changed the contractor role from integrator to developer. The change was due to budget restrictions and performance. The IRS also considered how and to what extent to use contractor resources for project development. The past experience in managing contractor performance and the availability of resources for future development will drive the consideration for identifying and applying qualified technical resources.
To address these challenges, the IRS established Program Integration Office solution teams to consider using elements from the Individual Master File and the current Customer Account Data Engine to significantly reengineer the IRS’ tax account management process. This reengineering effort (if adopted) will end future new Customer Account Data Engine capabilities. A relational database will be developed that will use some of the Customer Account Data Engine routines and primarily rely on moving current Individual Master File processing from a weekly to a daily processing cycle.
Although the IRS expects the reengineering effort to allow the Modernization Program to provide the service desired for taxpayers and employees, the effort is currently in the design stage. The state of the Modernization Program is static until plans are approved, systems are designed and developed, and operations are implemented. The continued improvement to managing individual taxpayer accounts will be curtailed until the use of the reengineered database is available for downstream systems and applications. Further, the challenge in modernizing the management of business taxpayer accounts has yet to be considered.
Further Improvements Can Be Made to Management of the Modernization Program
Although the Modernization Program has continued to help improve IRS operations, project development activities have not always effectively implemented planned processes or delivered all planned system capabilities. The past year’s Modernization Program performance did not continue the trend of improvement it demonstrated in the prior 3 years. The shortfall in performance is presented in a Modernization Program analysis of project development cost and schedule variance. The IRS has also experienced a turnover of executives, which has resulted in changes to the Modernization Program direction. Further, a control process to manage the MITS organization’s Highest Priority Initiatives has been discontinued without the implementation of a compensating control to provide MITS organization executives the vehicle to identify and resolve its most significant challenges.
Since 1995, the IRS has identified and reported the Modernization Program as a material weakness. Because of the risks involved in the above conditions, and to maintain a high level of attention, focus, and accountability, we believe the Modernization Program should remain as a material weakness.
TIGTA reviews have identified weaknesses in program management processes throughout the life of the Modernization Program. The processes with weaknesses include:
· Configuration management.
· Requirements development and management.
· Risk management.
· Contract negotiation and management.
· Enterprise Life Cycle compliance.
· Program management.
· Security controls.
While the MITS organization has improved its controls over these processes as the Modernization Program has continued to mature, several weaknesses continue to exist. We have identified continued problems in requirements development and management, program management, contract management, and security controls as presented in the following examples from TIGTA reports during the past year.
Requirements development and management
Long-term system requirements issues challenged the Customer Account Data Engine project. As a followup to our July 2007 report,[11] we reported in September 2008[12] that:
· The Customer Account Data Engine processing demands were quickly reaching the capacity of the current system, both in the storage and retrieval of data and the processing speed for daily transactions.
· The ability of the Customer Account Data Engine to access historical taxpayer account information currently residing on the Individual Master File had to be resolved to enable requirements for future developed Customer Account Data Engine releases.
· The expectation of significant increases in the Customer Account Data Engine taxpayer population, processing capacity, and data storage required consideration to meet future operational needs. The engineering staff performed the last formal study of Customer Account Data Engine processing capacity in Calendar Year 2004 and had not determined the long-term processing capacity requirements.
We summarized our work in September 2008 by relating, “The absence of a comprehensive direction in designing and developing efficient computer processing will affect the Customer Account Data Engine project’s ability to deliver intended capabilities. Unless sufficient time and effort are provided to deliver the capabilities needed to support the long-term objectives and goals, the Customer Account Data Engine will be unable to process tax returns for all individual and business taxpayers as planned.”
By establishing a Program Integration Office, the IRS has
recognized the need to reassess the Customer Account Data Engine project
capabilities and future requirements, and use this experience to reengineer its
plans for processing individual tax accounts.
Some of the risks the Program Integration Office considered as significant
factors in the reengineering include identifying and defining the major data classes
and data stores for tax administration, identifying business requirements, and
incorporating yearly filing season updates and legislative changes. Addressing these requirements early in the
reengineering process should add to the potential success of the Program
Integration Office efforts.
Program management
While the IRS has made progress in implementing an IRS enterprise-wide information technology program management structure, additional actions are needed to address current weaknesses in providing effective oversight and management of all information technology projects. The IRS has not fully:
· Documented policies and procedures for developing a complete portfolio of information technology projects.
· Completed the establishment of Program Management Offices for all IRS organizations.
· Implemented the project health assessment process.
· Provided consistent and continual monitoring and oversight of major information technology projects through the executive steering committees.
Contract management
Managing and monitoring contract development and performance has been a factor in the success of Modernization Program project delivery. The IRS has made progress in negotiating contract development to meet the needs of the project requirements, and is maturing in its ability to identify and properly apply contractor resources. Although progress has been made, continued improvement is needed in providing contracted resources to meet project requirements and schedule demands.
An example of the need to improve the IRS’ contract development activity was identified in the contracted work for the Account Management Services system. The contract for this project was performance-based, finalized in a timely manner, and monitored. However, the contract was not developed in a manner to appropriately control spending across releases. Because of the form of the contract and the absence of key internal controls over funding, the Account Management Services project management team experienced difficulty in managing project funding.
A total of approximately $17.4 million was spent across Account Management Services releases (funds budgeted and allocated to 1 release, but used for another release). This $17.4 million included almost $5.4 million of development costs and $12 million for infrastructure and project management costs. The infrastructure and project management costs did benefit multiple releases. However, allocation of these funds to multiple releases did not go through the required MITS organization governance process for approval.
Security controls
Our reviews identified vulnerabilities in the security controls implemented with the development of the Customer Account Data Engine, Account Management Services, and Modernized e-File systems. The IRS has taken steps to resolve or is in the process of resolving these vulnerabilities.
Modernization Program performance has been inconsistent
In our 2008 Annual Business Systems Modernization Assessment,[13] we reported that improvements in the management of the Modernization Program had contributed to the IRS’ increased success in implementing modernization projects and in meeting cost and schedule commitments for most deliverables. Specifically, 19 (95 percent) of the 20 associated project milestones scheduled for completion were completed within the 10 percent cost estimate variance, and 18 (90 percent) of the 20 milestones were delivered within 10 percent of schedule estimates.
However, since our 2008 assessment, the Modernization
Program has not achieved the same level of success. From May 2008 to May 2009, 5 (29 percent) of
the 17 project milestones scheduled for completion were significantly over cost
estimates. These projects were between
30 percent and 375 percent over budget.
In addition, 3 (18 percent) of 17 milestones were significantly behind
schedule. These projects were between 15
percent and 54 percent behind schedule.
Appendix VI presents the cost and schedule
variance for Modernization Program project releases delivered from
May 2008 through May 2009. IRS Management did inform us during our
closing conference on August 5, 2009, that the variances were revised in July
2009 to reflect changes in the baseline figures used to compute the variances.
Figure 1 presents an analysis
of the Modernization Program management’s ability to deliver project segments
without significant variances. The
analysis shows that the Program was making steady progress in delivering
project segments within cost and schedule estimates until Calendar Year 2009.
Figure 1: Percentage
of Modernization Project Segments Delivered Without Significant Variances
Figure 1 was removed
due to its size. To see Figure 1, please
go to the Adobe PDF version of the report on the TIGTA Public Web Page.
Frequent changes in executive management may be affecting long-term program performance
The Modernization Program has experienced significant and frequent turnover of high level IRS and Modernization Program executives. Since the Program began in 1999, three Commissioners, five Chief Information Officers, and, recently, a Chief Technology Officer have been responsible for the Program. Many of these executives have made major changes to the Program’s direction and strategies during their tenure. These changes have made it challenging to achieve continuity to result in long-term success.
IRS designation of the Modernization Program as a material weakness should continue
The Modernization Program should continue to be designated a material weakness because of the risks involved with the redesign of the Customer Account Data Engine and associated systems, the replacement of a key process used to manage MITS organization weaknesses and challenges, and the continued system development concerns discussed previously.
Redesign of the Customer Account Data Engine
The picture was
removed due to its size. To see the picture,
please go to the Adobe PDF version of the report on the TIGTA Public Web Page.
As presented previously, the Modernization Program is in a state of refocus. Limitations in Customer Account Data Engine capabilities, including those reported by the TIGTA and the Government Accountability Office in previous years, have resulted in an effort to reengineer processing of individual taxpayer accounts and the ability to use downstream systems to improve customer service. With the pending changes and the yet to be determined implementation of a reengineered process, the risks to the success of the Modernization Program are significant.
Replacement of the Highest Priority Initiatives process
From August 2005 through February 2009, IRS executives and managers used the Highest Priority Initiatives process to identify and seek resolution for the most significant issues facing the Modernization Program. This process was expanded to include initiatives affecting the MITS and the Deputy Commissioner for Operations Support organizations, as well as corrective actions associated with Government Accountability Office and TIGTA report findings. The IRS also intended to use this process as a means to eventually downgrade the Modernization Program material weakness.
The MITS organization
established the Customer Relationship and Service Delivery organization
to support the overall technology performance of the IRS and MITS
organization. Concurrently, the Highest Priority Initiatives process was discontinued. The MITS organization informed us that it is
currently developing processes that will be used to replace the Highest Priority Initiatives process and
plans to submit the draft process to the Chief Technology Officer for review. The MITS organization is currently
focusing on process improvements throughout the organization using industry
best practices. The MITS Leadership team
determined that this will provide a more comprehensive, integrated,
disciplined, and effective management approach for process improvements than
the previous Highest Priority Initiatives process.
Until the Highest Priority Initiatives process is replaced, the MITS organization adds risk in its ability to manage its challenges, as well as controlling corrective actions to TIGTA and Government Accountability Office report findings. The IRS’ corrective action responses to TIGTA and Government Accountability Office recommendations were evaluated and submitted as Highest Priority Initiatives candidates, when appropriate, and were selected at the discretion of executive leadership. Appendix VIII presents TIGTA audit recommendations with current IRS open corrective actions related to the Modernization Program material weakness, which includes 3 of 15 open recommendations that were identified as candidates for resolution through the Highest Priority Initiatives process.
A current plan is not in place to reduce the Modernization Program material weakness
The Federal Managers’ Financial Integrity Act of 1982[14] requires each Federal Government agency to prepare for Congress and the President an annual report that identifies material weaknesses and the agency’s corrective action plans and schedules. Since 1995, the IRS has identified and reported systems modernization as a material weakness. The IRS developed a material weakness action plan in response to the initial identification of the material weakness in Fiscal Year 1995. However, the Modernization Program material weakness action plan has not been updated to include weaknesses subsequently reported since Fiscal Year 2003 by the TIGTA, the Government Accountability Office, and IRS studies.
In 2008, IRS management reported that it was using the Highest Priority Initiatives process to help eliminate the Modernization Program material weakness. With the changes planned for this process and the pending implementation of a replacement, the MITS organization currently does not have a vehicle to downgrade and eventually eliminate the Modernization Program material weakness.
The IRS recognizes the need to incorporate necessary program management disciplines and has plans to implement a process improvement strategy. This strategy will allow the Modernization Program to continue to improve its management practices by incorporating industry best practices. However, we believe the Modernization Program should continue as a material weakness until the modernization material weakness action plan is updated and the improvement strategy is accomplished.
Management’s Response: The Chief Technology Officer responded that the IRS was pleased that the annual assessment recognized the MITS organization’s accomplishments in providing quality customer service. The IRS also appreciated acknowledgement of the continued development and deployment of modernized applications. In response to our comments on the use of the Information Technology Modernization Vision and Strategy planning process, the IRS related that it expanded the breadth of the business technology included in this strategy and is establishing a pre-selection process for investment planning.
Appendix I
Detailed Objective, Scope, and Methodology
The overall objective of this review was to assess the progress of the IRS Business Systems Modernization (Modernization) Program for Fiscal Year 2009, as required by the IRS Restructuring and Reform Act of 1998.[15] To accomplish this objective, we:
I. Determined the current condition of the Modernization Program.
A. Reviewed TIGTA audit reports issued from July 2008 through June 2009[16] and seven previous Modernization Program annual assessment reports (issued in Fiscal Years 2002, 2003, 2004, 2005, 2006, 2007 and 2008).[17]
B. Reviewed IRS Oversight Board reports on the Modernization Program for Fiscal Year 2009.
C. Reviewed Government Accountability Office reports relevant to Modernization Program activities for Fiscal Year 2009.
D. Determined the TIGTA audit recommendations related to the Modernization Program material weakness with incomplete IRS corrective actions.
II. Determined the status and condition of the Modernization Program reported by the IRS by reviewing documentation related to:
A. The Chief Technology Officer’s material weaknesses, corrective actions, and statuses.
B. The IRS Information Technology Modernization Vision and Strategy program.
C. The August 2008 Business Systems Modernization Expenditure Plan and Business Systems Modernization Monthly Performance Measures Reports to analyze cost, schedule, and capability status and accomplishments. We did not validate the information provided by the IRS on the cost, scope, and business value of the Modernization Program. We analyzed these documents to:
1. Determine overall variances between planned and actual costs and schedules, and obtain reasons for significant variances.
2. Determine the extent planned capabilities were delivered as proposed in the August 2008 Business Systems Modernization Expenditure Plan.
D. The Highest Priority Initiatives status reports to determine the current efforts by the MITS organization to improve the Modernization Program.
1. Analyzed Highest Priority Initiatives reported for the Modernization Program during Fiscal Year 2009.
2. Assessed the adequacy of activity to address these initiatives.
E. The monthly IRS Modernization Has Delivered Real Business Value status reports from July 2008 to April 2009 to provide perspective on business value released into production.
Appendix II
Major Contributors to This Report
Margaret E. Begg, Acting Assistant Inspector General for Audit (Security and Information Technology Services)
Scott A. Macfarlane, Director
Edward A. Neuwirth, Audit Manager
Mark K. Carder, Senior Auditor
Bruce Polidori, Senior Auditor
Glen J. Rhoades, Senior Auditor
Louis V. Zullo, Senior Auditor
Appendix III
Commissioner C
Office of the Commissioner – Attn: Chief of Staff C
Deputy
Commissioner for Operations Support OS
Deputy Commissioner for Services and Enforcement SE
Commissioner, Wage and Investment Division SE:W
Chief Information Officer OS:CTO
Associate Chief Information Officer, Applications Development OS:CTO:AD
Associate Chief Information Officer,
Director, Procurement OS:A:P
Director,
Office of Program Evaluation and Risk Analysis RAS:O
Deputy Associate Chief Information Officer, Applications Development OS:CTO:AD
Deputy Associate Chief Information Officer, Business Integration OS:CTO:ES:BI
Deputy Associate Chief Information Officer, Systems Integration OS:CTO:ES:SI
Director, Stakeholder Management OS:CTO:SM
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Office of Internal Control OS:CFO:CPIC:IC
Audit
Liaisons:
Chief Technology Officer OS:CTO
Commissioner, Wage and Investment Division SE:W
Associate Chief Information Officer, Applications Development OS:CTO:AD
Senior Operations Advisor, Wage and Investment Division SE:W:S
Director, Program Oversight OS:CTO:SM:PO
Chief, GAO/TIGTA/Legislative Implementation Branch SE:S:CLD:PSP:GTL
Appendix IV
Enterprise
Life Cycle Overview
The Enterprise Life Cycle is the IRS’ standard approach to business change and information systems initiatives. It is a collection of program and project management best practices designed to manage business change in a successful and repeatable manner. The Enterprise Life Cycle addresses large and small projects developed internally and by contractors.
The Enterprise Life Cycle includes such requirements as:
·
Development of
and conformance to an enterprise architecture.
·
Improving
business processes prior to automation.
·
Use of
prototyping and commercial software, where possible.
·
Obtaining early
benefit by implementing solutions in multiple releases.
·
Financial
justification, budgeting, and reporting of project status.
In addition, the Enterprise Life Cycle improves the IRS’
ability to manage changes to the enterprise; estimate the cost of changes; and
engineer, develop, and maintain systems effectively. Figure 1 provides an overview of the phases
and milestones within the Enterprise Life Cycle. A
phase is a broad segment of work encompassing activities of similar scope,
nature, and detail and providing a natural breakpoint in the life cycle. Each phase begins with a kickoff meeting and
ends with an executive management decision point (milestone) at which IRS
executives make “go/no-go” decisions for continuation of a project. Project funding decisions are often
associated with milestones.
Figure 1:
|
Phase |
General
Nature of Work |
Milestone |
|
Vision
and Strategy/ |
High-level direction
setting. This is the only phase for
enterprise planning projects. |
0 |
|
Project
Initiation Phase |
Startup of development
projects. |
1 |
|
Domain
Architecture Phase |
Specification of the operating
concept, requirements, and structure of the solution. |
2 |
|
Preliminary
Design Phase |
Preliminary design of all
solution components. |
3 |
|
Detailed
Design Phase |
Detailed design of solution
components. |
4A |
|
System
Development Phase |
Coding, integration, testing,
and certification of solutions. |
4B |
|
System
Deployment Phase |
Expanding availability of the
solution to all target users. This is
usually the last phase for development projects. |
5 |
|
Operations
and Maintenance Phase |
Ongoing management of
operational systems. |
System Retirement |
Source:
The
Appendix V
Figure 1 presents the cumulative funding received by the Business Systems Modernization (Modernization) Program for contractor costs.
Figure 1:
Modernization Program Funding Timeline (Dollars are cumulative)
Figure 1 was removed due to its size.
To see Figure 1, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
Figure 2 presents the funding received annually by the Modernization Program for program management and development of business and infrastructure projects.
Figure 2:
Modernization Program Funding by Fiscal Year
Figure 2 was removed due to its size.
To see Figure 2, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
Figure 3 presents the cumulative funding received by the Modernization Program for non-contractor costs of managing Modernization Program activities. The IRS stated that approximately 25 percent of its non-contractor budget since Fiscal Year 2001 has been used to support non-Modernization Program activities in the IRS.
Figure 3: Non-contractor Modernization Program Funding
Timeline by Fiscal Year (Dollars are cumulative)
Figure 3 was removed due to its size.
To see Figure 3, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
Figure 4 presents the funding received annually by the
Modernization Program for non-contractor costs of managing Program activities.
Figure 4: Non-contractor Modernization Program Costs by
Fiscal Year
Figure 4 was removed due to its size.
To see Figure 4, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
Figure 5 depicts the Modernization Program funding for non-contractor and external (contractor) costs to manage Program activities.
Figure 5:
Internal and External Modernization Program Costs (in millions)
Figure 5 was removed due to its size.
To see Figure 5, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
Appendix VI
Project Cost and Schedule Variance Analysis
This table presents the cost
and schedule variance for Business Systems Modernization Program project releases
delivered since May 2008 and currently in progress. The statistics presented reflect the cost and schedule estimates of
these projects at the time of their initial design.
|
Release |
Current |
Milestone[18] |
Cost Variance (Dollars) |
Cost Variance (Percentage) |
Schedule Variance (Days) |
Schedule Variance
(Percentage) |
|
|
Customer Account Data Engine |
|||||||
|
4.1* |
July 24, 2008 |
4 |
-$8,000,000 |
-36% |
-10 |
-3% |
|
|
4.2* |
January 15, 2009 |
4 |
$10,000,000 |
49% |
-51 |
-20% |
|
|
5 |
March 17, 2009 |
2-3 |
$0 |
0% |
113 |
30% |
|
|
5 |
April 30, 2009 |
4a |
$0 |
0% |
0 |
0% |
|
|
5.2 |
January 31, 2010 |
4b |
$0 |
0% |
0 |
0% |
|
|
Account Management Services |
|||||||
|
1.2 |
November 13, 2008 |
5 |
$0 |
0% |
1 |
1% |
|
|
1.3 |
December 5, 2008 |
4b |
$4,762,000 |
127% |
16 |
8% |
|
|
1.3 |
May 31, 2009 |
5 |
$3,773,000 |
375% |
0 |
0% |
|
|
2.1 |
June 24, 2008 |
3 |
-$86,000 |
-3% |
0 |
0% |
|
|
2.1 |
December 9, 2008 |
4a |
$760,000 |
30% |
0 |
0% |
|
|
2.1 |
August 5, 2009 |
4b |
-$423,000 |
-10% |
36 |
15% |
|
|
Integrated Production Model |
|||||||
|
1.1 |
June 30, 2008 |
4b |
$0 |
0% |
0 |
0% |
|
|
4 |
June 30, 2008 |
3-4a |
$0 |
0% |
0 |
0% |
|
|
4 |
December 16, 2008 |
4b |
$0 |
0% |
1 |
1% |
|
|
Modernized e-File |
|||||||
|
5.5 |
April 2, 2009 |
3-5 |
-$2,000,000 |
-14% |
2 |
1% |
|
|
6 |
July 18, 2008 |
3 |
$2,800,000 |
40% |
63 |
54% |
|
|
6.1 |
May 14, 2010 |
4a-5 |
$0 |
0% |
0 |
0% |
|
The IRS provided information that in July 2009 it
rebaselined the cost variance to offset $8 million
Source: IRS Applications Development
organization – Resources Management office.
Appendix VII
Modernization Program
Project Accomplishments
Table 1 presents the Modernization Program project accomplishments since our June 2008 annual assessment of the Business Systems Modernization Program.[19]
Table 1: Modernization
Program Project Accomplishments
|
PROJECT |
DESCRIPTION |
RECENT
STATISTICS |
|
Account Management
Services[20] |
Account
Management Services is a strategic program to deliver improved customer
support by leveraging legacy systems.
The Account Management Services system will provide customer service representatives
and tax examiners with the tools to access information quickly and accurately
in response to complex customer inquiries.
Account Management Services system will deliver the technical and
functional infrastructure necessary to undertake the modernization of the
Integrated Data Retrieval System, and modernize and retire the Desktop
Integration and the Correspondence Imaging System. |
Account Management
Services Release 1.3 deployment was completed on February 20, 2009, and
provided increased functionality for customer service representatives. The release integrates two legacy systems, the
Correspondence Imaging System and the Desktop Integration, into the Account
Management Services system and modernizes the technology infrastructure for
the image inventory components (formerly the Correspondence Imaging System). |
|
Customer Account Data
Engine |
The Customer Account
Data Engine replaces the IRS Master File, the repository of all taxpayer
information. |
Customer
Account Data Engine Release 4.2 adds the capabilities to process certain
revenue receipt transactions, extensions to file tax returns, and last name
changes. Customer Account Data Engine Release 4.2 was
successfully deployed on January 19, 2009.
As of May 22, 2009, Release 4.2 posted almost 40 million individual
tax returns and issued more than The Customer Account Data Engine processes refunds
on an average of 5 days faster than Individual Master File processing. |
|
Modernized e-File |
The Modernized e-File
provides the electronic filing capability of more than |
Modernized
e-File Release 5.5 was deployed on Returns submitted
through the Modernized e-File have an average 8 percent processing error
rate, compared to 24 percent for transcription-based paper processing. The Modernized e-File offers |
Source:
IRS Applications Development organization – Resources Management office.
Appendix VIII
Open Recommendations Related to Modernization
Program Material Weaknesses
Table 1 lists TIGTA audit recommendations with current IRS open corrective actions related to the Modernization Program material weakness.
Table
1: TIGTA Recommendations Related to the
Modernization Program Material Weakness
|
The
Modernization, Information Technology and Security Services Organization
Needs to Take Further Action to Complete Its Human Capital Strategy (Reference
Number 2003-20-209, dated September 22, 2003) |
|
|
2003-20-209 Finding 1, Recommendation 1 |
To
ensure the MITS organization has sufficient data to determine human capital
demands, the Chief Information Officer needs to support the Director,
Management Services, to work with offices throughout the MITS organization to
identify the human capital demand. The
demand includes information to adequately plan the number, location, and
assignment schedule of human capital assets for existing information systems
(from owners in the Information Technology Services organization) and future
MITS organization operations (from owners in the Business Systems
Modernization office). |
|
The
Business Systems Modernization Program Has Achieved Mixed Success in
Addressing Weaknesses Identified in Internal and External Studies
(Reference Number 2006-20-003, dated November 21, 2005) |
|
|
2006-20-003 Finding 1, Recommendation 2 |
To
ensure study weaknesses and previous recommendations concerning change/configuration
management are addressed, the Associate Chief Information Officer, Enterprise
Services, should create an overall plan that includes defined tasks,
responsible individuals, and estimated completion dates for implementing the
standardized configuration management toolset. Due Date:
December 31, 2010. |
|
The Modernization and Information Technology
Services Organization’s Revised Post Implementation Review Procedure Can Be
Improved (Reference Number 2007-20-001, dated October 26,
2006) |
|
|
2007-20-001 Finding 1, Recommendation 1 |
The
Chief Information Officer should direct the Program Performance Management
office to develop a schedule to perform Post Implementation Reviews for
releases deployed and to identify and obtain staffing resource commitments needed
from the Program Performance Management office, the Office of Program
Evaluation and Risk Analysis, and appropriate business unit representatives
to effectively execute the Post Implementation Reviews. The Chief Information Officer should also
direct the Program Performance Management office to eliminate the requirement
to perform Post Reviews of milestone completion activities after milestone
exits, with the option of identifying any lessons learned for further project
progress through the Milestone Exit Reviews.
Due Date: March 1, 2010. |
|
2007-20-001 Finding 1, Recommendation 2 |
The
Chief Information Officer should direct the Program Performance Management
office to implement a procedure to control Post Implementation Review results
that ensures appropriate executives and decision makers have access to these
documents. |
|
2007-20-001 Finding 1, Recommendation 3 |
The
Chief Information Officer should direct the Program Performance Management
office to identify skills and abilities desired for Post Implementation
Review team members and ensure team assignments consider these
qualifications. The Program
Performance Management office should develop a training guide for Post
Implementation Review team members to provide them with an understanding of
the purpose, objectives, and processes of the Post Implementation
Review. Due Date: March 1, 2010. |
|
The
Modernization and Information Technology Services Organization Can Improve
Its Budget Formulation, Execution, and Review Processes (Reference Number 2007-20-064, dated May 9, 2007) |
|
|
2007-20-064 Finding 1, Recommendation 1 |
The
Chief Information Officer should implement a process to develop the entire
MITS organization budget in line with the Information Technology
Modernization Vision and Strategy’s rolling 5-year prioritized plan. The budget process should consider
organizational goals for each of the MITS organization components and include
costs for operations and maintenance of existing computer systems,
telecommunication systems, and other programs such as end-user support and
help desk activities. |
|
The
Information Technology |
|
|
2008-20-134 Finding 1, Recommendation 1 |
The
Chief Information Officer should work with other IRS executives to develop a
complete and accurate master Information Technology project listing with
formally approved and documented policies and procedures to continually
update the portfolio. These procedures
should include a standard set of Information Technology terms that have been
approved and communicated to all IRS organizations. Due Date:
August 1, 2009. |
|
Customer
Account Data Engine Project Management Practices Have Improved, but Continued
Attention Is Needed to Ensure Future Success (Reference Number 2008-20-151, dated September 11, 2008) |
|
|
2008-20-151 Finding 1, Recommendation 2 |
The
Chief Information Officer should develop an updated estimate of the
processing and storage requirements, including the related costs, to support
the long-term objectives and goals of Customer Account Data Engine
operations. Due Date: July 1, 2009. |
|
The
Modernization Vision and Strategy Program Is Achieving Desired Results, but
Risks Remain (Reference Number
2009-20-008, dated October 31, 2008) |
|
|
2009-20-008 Finding 2, Recommendation 1 |
The
Chief Information Officer should include guidelines for performance
measurement and reporting in the updated Modernization Vision and Strategy
Plan. |
|
Implementing
the Data Strategy Will Make System and Application Development More Efficient
and Effective (Reference Number
2009-20-022, dated February 19, 2009) |
|
|
2009-20-022 Finding 2, Recommendation 1 |
The
Chief Technology Officer should quantify and communicate the benefits that
will be realized from implementing the Data Strategy, to be in a better
position to promote the Data Strategy and justify and receive funding through
budget requests and MITS organization governance directives. Due Date:
July 15, 2009. |
|
2009-20-022 Finding 3, Recommendation 1 |
The
Chief Technology Officer should develop a method to determine the priority
for IRS systems and data assets to begin following the Data Strategy and when
systems and data assets can be retired due to the Data Strategy. Due Date:
September 1, 2009. |
|
Initial
Efforts to Develop a New Web-based Portal Environment Were Not Successful (Reference |
|
|
2009-20-079 Finding 1, Recommendation 1 |
The
Chief Technology Officer should work with the Commissioner, Wage and
Investment Division, to develop a process to ensure that new projects seeking
approval and funding during the information technology governance process, and
which are not part of the Modernization Vision and Strategy process, are
properly identified and their portal needs are considered. The new process should be similar to
existing procedures to ensure a uniform analysis is conducted for projects
that are not part of the Modernization Vision and Strategy process. Due Date:
October 1, 2009. |
|
Modernization
Program Uncertainties Are Affecting the Account Management Services Project
Development (Reference Number
2009-20-071, dated June 9, 2009) |
|
|
2009-20-071 Finding 2, Recommendation 1 |
The
Chief Technology Officer should direct project management teams and
contracting officers to propose modernization task orders with the ability to
readily account for system development activity funding on a release basis and,
for major modernization development projects, on a milestone basis. Designating contract activities for
specific release and milestone capital development activities will provide
clear funding and reporting traceability and more accessible assessments of
contract funding progress. Due
Date: June 1, 2010. |
|
2009-20-071 Finding 2, Recommendation 2 |
The
Chief Technology Officer should reinforce existing governance procedures to
Modernization and Information Technology Services organization executives and
managers about release-specific project funding, the need to gain approval of
funding reallocations, and requirements to communicate these changes to
stakeholders. |
|
2009-20-071 Finding 2, Recommendation 3 |
The
Chief Technology Officer should provide training and desk procedures on the
proper use of release-specific (and, where applicable, milestone-specific)
project funding. The procedures should
provide detailed steps for preparing, reviewing, and approving
requisitions. The procedures should
include, at a minimum, the following controls: |
Source: TIGTA audit
reports issued from September 2003 through June 2009 and the Joint Audit
Management
Appendix IX
Recent Treasury Inspector General for Tax
Administration Reports on the Internal Revenue Service’s Modernization Program
Table 1 lists TIGTA reports related to the IRS Modernization Program issued from July 2008 through June 2009 and the associated findings, recommendations, and IRS corrective actions.
Table 1:
Recent TIGTA Reports, Findings, and Corrective Actions
|
Report
Title, Reference Number, and Date |
Finding and Recommendation |
Corrective Action |
|
Correspondence Imaging System
Performance Has Improved, but Additional Measures Are Needed to Ensure That the
System Performs As Expected 2008-20-130 July 9, 2008 |
Finding 1:
The Correspondence Imaging System continues to experience random
periods of instability and performance issues. Recommendation: The Chief
Information Officer should ensure that the corrective actions taken
subsequent to our audit work to address the open recommendations identified
by the Incident Analysis Team have been completed and were effective in
improving Correspondence Imaging System performance. |
The Applications
Development organization, partnering with the Enterprise Operations
organization, provided a document showing the successful completion of each
Incident Analysis Team recommendation, action, and results to the Customer
Service Executive Steering Committee and to the TIGTA. |
|
Recommendation: The Chief
Information Officer should ensure that adequate actions are taken to reduce
and prevent the same instability and performance issues from occurring after
the Correspondence Imaging System is merged with the Accounts Management
Services system. |
Following the large-path
methodology, the IRS will implement Accounts Management Services
Release 1.3 drop 2, which is a complete
re-architecture of the Correspondence Imaging System. This will ensure that adequate actions are
taken to reduce and prevent instability and performance issues once the Correspondence
Imaging System has merged the with Accounts Management Services system. |
|
|
|
Finding
2: Information in the Correspondence Imaging System Business Case was
incomplete and inaccurate. Recommendation: The Chief
Information Officer should ensure IRS project officials timely request
Department of the Treasury approval to merge and close investments and
restate expected costs and benefits. |
The Chief Information Officer agreed
with this recommendation and will conduct presentations to the Executive Steering
Committees as part of their enterprise governance process to reinforce the
need to secure Department of the Treasury approval when a decision to merge
investments has been made. Also, IRS
project officials will prepare the new Exhibit 300 required to effectively
merge the Correspondence Imaging System and the Account Management Services
system investments and will restate the expected costs and benefits. |
|
The
Information Technology 2008-20-134 July 31, 2008 |
Finding: A
complete Recommendation: The Chief
Information Officer should work with other IRS executives to develop a
complete and accurate master Information Technology project list with
formally approved and documented policies and procedures to continually
update the portfolio. These procedures
should include a standard set of Information Technology terms that have been
approved and communicated to all IRS organizations. |
Building on work already completed, the
IRS master Information Technology project list will incorporate projects and
operational applications in the IRS portfolio. It will use the governance process to
develop, approve, and communicate formal policies and procedures to
continually update the portfolio as well as a standard set of information
technology terms. |
|
Recommendation: The Chief
Information Officer should ensure the proposed governance directive is
approved and communicated throughout all levels of the IRS and work with IRS
executives to require all IRS organizations to adhere to the Program Control
and Process Management Division governance processes. |
The Enterprise Governance Directive was
approved by the Chief Information Officer with concurrence by the Deputy
Commissioner for Services and Enforcement and the Acting Deputy Commissioner
for Operations Support, effective
November 25, 2008. The MITS organization
Program Management Offices and the Business Systems Planning offices
participated in the development of the Directive in order to foster an
enterprise-wide adherence. Key IRS
stakeholders were briefed on the final content, and it will be published on
the Governance web site and in the Process Asset Library. |
|
|
Recommendation: The Chief
Information Officer should establish formal policies and procedures to ensure
the health assessment process is consistently applied and followed across all
IRS organizations. |
The IRS will issue a directive and
guidance and conduct an enterprise-wide campaign of education and sustained
support for the control organizations in order to ensure consistency of the
health assessment process. |
|
|
Recommendation: The Chief
Information Officer should ensure policies and procedures are developed or
revised to require control organizations to review all assigned major information
technology projects monthly and present projects to the appropriate
governance board’s attention when established thresholds are exceeded. |
The IRS will develop a directive and
guidance to ensure all assigned major Information Technology projects are
reviewed monthly by the appropriate Information Technology control
organizations and presented to the appropriate governance board’s attention
when established thresholds are exceeded.
|
|
|
Customer
Account Data Engine Project Management Practices Have Improved, but Continued
Attention Is Needed to Ensure Future Success 2008-20-151 September 11, 2008 |
Finding
1: Long-term issues continue to
challenge the Customer Account Data Engine project. Recommendation: The Chief
Information Officer should ensure that a Historical Data Conversion solution
is in place to enable the Customer Account Data Engine to process
transactions related to issues such as balance-due conditions. |
The Customer Account Data Engine
Project Office will partner with key stakeholders to develop a decision paper
to assess how to proceed with the Historical Data Conversion as it relates to
Customer Account Data Engine’s continued development. The project office will develop a plan and
schedule for Historical Data Conversion implementations based on the decision
paper. |
|
Recommendation: The Chief
Information Officer should develop an updated estimate of the processing and
storage requirements, including the related costs, to support the long-term
objectives and goals of Customer Account Data Engine operations. |
The Enterprise Services organization
will update Customer Account Data Engine end-state processing and storage
design estimates as measured in Millions of Instructions Per Second and
Terabytes, respectively. Estimates
will include direct costs associated with processing and storage
requirements. Indirect costs such as
software license fees, professional services, labor charges, and maintenance
fees will not be included in cost estimates.
|
|
|
Finding 2: Processing of economic stimulus payments
put the Customer Account Data Engine Release 4 project schedule at risk. Recommendation: The
Chief Information Officer should use a standardized process to determine the
effect on the Customer Account Data Engine project’s scope, cost, and
delivery schedules when unplanned initiatives are mandated for
implementation. These effects should
be measured to the extent possible and reported to the IRS Commissioner and
other stakeholders as a means for communicating the consequences to
previously planned Customer Account Data Engine capabilities. |
The Customer Account Data Engine team
reviewed the current governance procedures for assessing impacts and risks in
the event of unplanned, mandated initiatives.
No gaps were identified; however, a Project Review Checklist was
developed in line with these procedures to ensure that release managers are
consistent in their approach and documentation. |
|
|
The 2008-20-161 September
12, 2008 |
Finding
1: Funding for contractor
support was not always provided in a timely manner. Recommendation: The Chief
Information Officer should ensure that the Enterprise System Management
projects receive timely and sufficient funding, or revise the projects’
tasks, to ensure efficient use of contractor support funds and continuity of
funding. |
The Enterprise System Management
projects have been discussed and tasks and deliverables have been re-scoped
to align with Fiscal Year 2009 budget projections and availability of
resources. |
|
Finding
2: The Recommendation: The Chief
Information Officer should place Enterprise System Management projects under
the governance of the Infrastructure Executive Steering Committee to ensure
that risks and issues are resolved in a timely manner. |
The Enterprise System Management projects
are now under the governance of the Infrastructure Executive Steering
Committee to ensure risks and issues are timely resolved. |
|
|
Finding
3: Controls over licenses for
software on servers and software tool purchases should be improved. Recommendation: The Chief
Information Officer should acquire software tools to track licenses of
software used agency-wide on servers to track and better evaluate software
usage and related costs. |
The IRS has acquired and implemented
the IBM Tivoli License Compliance Manager product to track and manage all
software licenses used
agency-wide on servers in order to better evaluate software usage and related
costs. |
|
|
Recommendation: The Chief Information Officer should ensure that all
tools meeting Enterprise System Management organization software tool
criteria and requested by all IRS organizations are submitted to the Enterprise
System Management organization for approval through the IRS Web Request
Tracking System. |
The Internal Revenue Manual revision
adding an Enterprise System Management organization review for information
technology acquisitions has been submitted for review and incorporation into
the next published revision of Internal Revenue Manual 2.21.1. This revision ensures that requisitions for
information technology enterprise tools meeting the Enterprise System Management
organization criteria incorporated an Enterprise System Management organization
review in its Web Request Tracking System approval path. |
|
|
The
Internal Revenue Service Deployed Two of Its Most Important Modernized
Systems With Known Security Vulnerabilities 2008-20-163 September
24, 2008 |
Finding: Internal Revenue Service organizations and
oversight groups did not consider known security vulnerabilities to be
significant enough to either resolve the vulnerabilities or deploy the
systems with conditional restrictions. Recommendation: The
Director, Business Modernization Office, and the Director, Customer Service,
serving as the Co-Chairs of the Customer Service Executive Steering
Committee, should consider all security vulnerabilities–including those
associated with general support systems–that affect the overall security of
the Customer Account Data Engine and the Account Management Services before
approving milestone exits. Equal
emphasis should be placed on security and functionality. |
The Co-Chairs of the Customer Service
Executive Steering Committee do not approve milestone exits unilaterally;
instead, they are two of several voting members of the Customer Service Executive
Steering Committee. The IRS will
continue to follow the governance process documented in the Customer Service
Executive Steering Committee charter and consider all security
vulnerabilities to ensure best practices are in place for the successful delivery
of project security and functionality.
Status: Closed October 2, 2008. |
|
Recommendation: The Customer Account Data Engine and the Account
Management Services Project Managers should provide more emphasis to both
preventing and resolving security vulnerabilities identified during
Enterprise Life Cycle processes. |
The IRS will continue to follow the
existing Enterprise Life Cycle processes for identifying, confirming, and
resolving security vulnerabilities at the requirements, design, development,
and testing life cycle stages, with an increased emphasis on both preventing
and resolving security vulnerabilities identified during the Enterprise Life
Cycle processes. The IRS will also
strengthen processes for capturing and documenting all Executive Steering
Committee meeting minutes. |
|
|
Recommendation: The Wage and Investment Division Directors of the
Customer Account Data Engine and the Account Management Services, in their
roles as system owners, should approve interim authorities to operate when
significant security control weaknesses exist in system environments. These interim authorities to operate should
contain specific terms and conditions in accordance with IRS policy, including
corrective actions to be taken by the information system owners and a
required time period for completion of the corrective actions, before
authorities to operate are granted. |
The IRS will continue to operate in
accordance with Internal Revenue Manual 10.8.1.42, which states that the Designated
Approving Authority verifies that security assessments are conducted to
determine that security controls are effectively operating, correctly
implemented, and meeting the security requirements of the system. Based on the results of these risk assessments,
the Designated Approving Authority, along with the approval of the
appropriate governance board (Executive Steering Committee), accepts risks
and may grant full, interim, or deny authority to operate. If and when significant control weaknesses
are found to exist in system environments, an interim authority to operate
will be issued with the appropriate timelines based on judgment of the level
of risk. Status: Closed October
2, 2008. |
|
|
Recommendation: The
Associate Chief Information Officer, Cybersecurity, should recommend interim
authorities to operate when significant security vulnerabilities exist in
system environments. |
The IRS has been recommending interim
authorities to operate when significant security vulnerabilities exist in
system environments as a standard part of the IRS certification and accreditation
process that was vetted with the National Institute of Standards and
Technology and rated “satisfactory” for two consecutive annual Federal
Information Security Management Act reporting cycles. |
|
|
Recommendation: The
Associate Chief Information Officer, Cybersecurity, should continue efforts
to improve the accuracy and completeness of risk information in the security
assessment reports by listing the general support system controls that are
not yet implemented in the system environment and documenting concurrence by
the Security Engineering Office and the Office of Privacy when reporting that
vulnerabilities identified during milestone reviews have been corrected. |
The certification and accreditation
process has been modified and includes documented concurrence by the Security
Engineering Office and/or the Office of Privacy when reporting that
vulnerabilities identified during milestone reviews have been corrected in
the security assessment report. The
IRS will update standard operating procedures to incorporate these process
changes and continue to strengthen the process by including the relevant
general support system plan of action and milestones as an attachment to each
application security assessment report.
Office of Audit Comment: While the
IRS agreed with all of our recommendations, the related corrective actions
for the first four recommendations are focused on continuing to follow
existing processes or strengthening current processes. As stated in the report, we believe the
existing security vulnerabilities were not caused by process deficiencies. Instead, IRS offices did not carry out
their responsibilities for ensuring that security weaknesses were corrected
before deployment. |
|
|
Customer
Account Data Engine 2009-20-001 October
24, 2008 |
Finding: Customer Account Data Engine Release 3
began processing tax returns in August 2007, and successfully incorporated
new requirements to accept and process tax return and tax account information. For the first time, the Customer Account
Data Engine processed two math error notices and an Earned Income Tax Credit
informational notice. In addition, the
Customer Account Data Engine accurately processed almost all economic
stimulus payments. Recommendation: No
recommendations were made. |
No corrective actions were required because
the report did not make any recommendations. |
|
The
Modernization Vision and Strategy Program Is Achieving Desired Results, but
Risks Remain 2009-20-008 October
31, 2008 |
Finding
1: The process for developing total cost
estimates can be improved. Recommendation: The Chief Information Officer should ensure the
reliability of the cost estimation process by implementing procedures to
compare actual project operations and maintenance costs to initial estimates
and revising the estimation process, if necessary. |
The IRS will implement procedures to
compare actual project operations and maintenance costs to initial estimates
and revise the estimation process when necessary. |
|
Finding
2: Modernization Vision and Strategy
program performance measurement standards need further development. Recommendation: The Chief Information Officer should include
guidelines for performance measurement and reporting in the updated Modernization
Vision and Strategy Plan. |
The IRS will update the Modernization
Vision and Strategy Plan to reference performance measures and
reporting. This update will be
included in the Calendar Year 2009 annual publication. |
|
|
The
Internal Revenue Service Deployed the Modernized E-File System With Known
Security Vulnerabilities 2009-20-026 December 30, 2008 |
Finding: Security vulnerabilities were not
given sufficient attention during the development and accreditation of the
Modernized Recommendation: The Submission Processing Executive Steering
Committee should consider all security vulnerabilities, including those
associated with general support systems, that affect the overall security of
the Modernized e-File system and the Modernized Tax Return Database before
approving milestone exits. |
The IRS will continue to follow the
governance process documented in the Submission Processing Executive Steering
Committee charter, which includes review of all security vulnerabilities,
including those associated with general support systems, before milestone
exits. Consistent with governance
procedures, these milestone exit review discussions will be documented in the
Submission Processing Executive Steering Committee meeting minutes. |
|
Recommendation: The
Commissioner, Wage and Investment Division, and the Chief Information Officer
should provide more emphasis to both preventing and resolving security
vulnerabilities identified during Enterprise Life Cycle processes to the
Modernized e-File system project office. |
The IRS will continue to follow the
existing Enterprise Life Cycle processes for identifying, confirming, and
resolving security vulnerabilities at the requirements, design,
developmental, and testing life cycle stages, with an increased emphasis in
both preventing and resolving security vulnerabilities identified during the
Enterprise Life Cycle. The IRS will
also strengthen the process for capturing and documenting all executive steering
committee meeting minutes. |
|
|
Recommendation: The
Director, Electronic Tax Administration and Refundable Credits, Wage and
Investment Division, as the Modernized e-File system owner, should approve
interim authorities to operate when significant security control weaknesses
exist in system environments. These
interim authorities to operate should contain specific terms and conditions
in accordance with IRS policy that must be met, including corrective actions
to be taken by the information system owners and a required time period for
completion of the corrective actions, before authorities to operate are
granted. |
The IRS will continue to operate in
accordance with Internal Revenue Manual 10.8.1.42, which states that the
Designated Approving Authority verifies that security assessments are
conducted to determine that security controls are effectively operating,
correctly implemented, and meeting the security requirements of the
system. Based on the results of these
risk assessments, the Designated Approving Authority, along with the approval
of the appropriate governance board (Executive Steering Committee), accepts
risks and may grant full, interim, or deny authority to operate. If and when significant control weaknesses
are found to exist in the system environments, the IRS will issue an interim
authority to operate with the appropriate timelines based on judgment of the
level of risk. Office of Audit Comment: Although
the IRS agreed with all of our recommendations, its related corrective
actions are focused on continuing to follow existing processes or
strengthening current processes. As
stated in the report, we believe that the existing security vulnerabilities
were not caused by process deficiencies.
Instead, IRS offices did not carry out their responsibilities for
ensuring that security weaknesses were corrected before deployment. |
|
|
Implementing
The Data Strategy Will Make System and Application Development More Efficient
and Effective 2009-20-022 February
19, 2009 |
Finding
1: Sustaining the Data Strategy effort
will allow for more efficient and effective system development and operations. Recommendation: The Chief Technology Officer should work with IRS
senior executives to consider the priority of the Data Strategy effort in
relation to the MITS organization’s budget and provide the necessary funding
so that the Data Strategy can be successfully implemented as an integral
component of the Information Technology Modernization Vision and
Strategy. The funding method needs to
support the development, implementation, and maintenance of the Data Strategy
as it facilitates and supports IRS data access. |
While the IRS agrees with the spirit
and intent of the recommendation, it cannot agree to fund any one project
without considering each year’s annual budget. The actions taken to prioritize all information
technology demand with IRS senior leadership limits the Chief Technology
Officer’s ability to direct resources to specific development projects. Priorities for the limited information technology
resources are driven through a
service-wide priority process.
Notwithstanding, it is the IRS’ intent over the long term to move the
IRS to a data-centric organization. Office of Audit Comment: The Data
Strategy is cited by the IRS as one of the “four pillars of Modernization.” We believe the IRS should place a high
enough priority on the Data Strategy that the project is considered for a
relevant portion of available funding.
Without providing adequate resources to secure this portion of the
foundation, the Modernization effort is weakened. Insufficient resources and commitment could
lead the Data Strategy to the same result experienced by previous efforts –
partially completed projects that did not provide the intended goal. |
|
Finding
2: Quantifying the benefits of the Data Strategy
will strengthen the commitment for implementation. Recommendation: The Chief Technology Officer should quantify and
communicate the benefits that will be realized from implementing the Data Strategy,
to be in a better position to promote the Data Strategy and justify and
receive funding through budget requests and MITS organization governance
directives. |
The Data Strategy Implementation
Program Office will quantify its benefits, including those derived from
eliminating redundant storage, using the Modernization Vision and Strategy
costing model developed by the Enterprise Data Management Office. This process will only address new
Modernization Vision and Strategy projects, as existing and non-Modernization
Vision and Strategy projects are not subject to the costing model. For Modernization Vision and Strategy
projects that already exist, the Data Strategy Implementation Program Office
will quantify and extract the benefits from their budget. |
|
|
Finding
3: A method to include systems and data
assets in the Data Strategy should be developed. Recommendation: The Chief Technology Officer should develop a method
to determine the priority for IRS systems and data assets to begin following
the Data Strategy and when systems and data assets can be retired due to the
Data Strategy. |
The Data Strategy Implementation
Division within the Applications Development organization will analyze IRS
systems and data assets to develop a plan for determining a prioritization
methodology for these systems and assets to be incorporated into the Data
Strategy. |
|
|
Initial Efforts to
Develop A New 2009-20-079 May 19, 2009 |
Finding: Procedures
are not in place to continuously identify new projects needing portal support. Recommendation: The Chief
Technology Officer should work with the Commissioner, Wage and Investment
Division, to develop a process to ensure that new projects seeking approval
and funding during the information technology governance process, and which
are not part of the Modernization Vision and Strategy process, are properly
identified and their portal needs are considered. The new process should be similar to
existing procedures to ensure that a uniform analysis is conducted for
projects that are not part of the Modernization Vision and Strategy process. |
The Chief Technology Officer organization
and the Wage and Investment Division will partner together to improve
coordination intended to ensure that all major new projects needing portal
services will receive analysis that is similar to existing procedures. To effect this change, the Enterprise
Services organization-led Modernization Vision and Strategy team and the Wage
and Investment Division Electronic Tax Administration function will
collaborate in a timely manner to identify priority projects and decision
data. This will be accomplished by
tailoring existing portfolio identification and management procedures to
optimize the impact from a time and resource perspective and to ensure the capture
of key elements necessary for informed decision making. The steps selected from the current procedures
will meet the specific needs of the project and an explanation of why
specific actions are tailored will be recorded for each of these items. The end result will be a process that
identifies investment opportunities which are channeled through an
engineering and estimation process to ensure that any portal needs are
identified, considered, and properly addressed. |
|
Modernization
Program Uncertainties Are Affecting the Account Management Services Project
Development 2009-20-071 June
9, 2009 |
Finding 1:
Work has been suspended on future
Account Management Services project releases. Recommendation: The Chief
Technology Officer should ensure that the Account Management Services project
development activities follow the appropriate governance process to redirect
remaining Account Management Services funding to complete Releases 1.3 and
2.1. |
The Account Management Services project
request to realign funds to complete Releases 1.3 and 2.1 followed the
governance process. The request
received approval from the Customer Service Executive Steering Committee on
December 5, 2008, and from the MITS Enterprise Governance Board on January
23, 2009. Notification was made to the
Department of the Treasury and the Office of Management and Budget. |
|
Finding 2:
Adequate project funding controls were not implemented. Recommendation: The Chief
Technology Officer should direct project management teams and contracting
officers to propose modernization task orders with the ability to readily
account for system development activity funding on a release basis and, for
major modernization development projects, on a milestone basis. Designating contract activities for
specific release and milestone capital development activities will provide
clear funding and reporting traceability and more accessible assessments of
contract funding progress. |
The Associate Chief Information Officer
for Management’s Financial Management Services Business Systems Modernization
team will meet with 1) the Procurement organization to discuss how the
recommendation can be incorporated with Procurement guidelines and 2)
Business Systems Modernization project managers to assess current practices
and determine what changes are necessary to ensure implementation of the
TIGTA’s recommendations, amended if necessary by Procurement’s input. Based on the results of these discussions,
the Financial Management Services Business Systems Modernization team will
issue budgetary guidelines. The IRS does
not believe there is a governance impact to Recommendation 2. |
|
|
Recommendation: The Chief
Technology Officer should reinforce existing governance procedures to MITS
organization executives and managers about release-specific project funding,
the need to gain approval of funding reallocations, and requirements to
communicate these changes to stakeholders. |
The Associate Chief Information Officer
for Management’s Financial Management Services Business Systems Modernization
team will review current procedures for release-specific project funding,
parameters around funding reallocations and external stakeholder
notifications to ensure they reflect the latest guidance, and then reissue
existing procedures to executives and managers. The team will partner with the Enterprise
Services organization’s Program Governance Office to reinforce existing
governance procedures and to ensure that this topic is included as an agenda
item for discussion at appropriate Executive Steering Committee meetings. |
|
|
Recommendation: The Chief
Technology Officer should provide training and desk procedures on the proper
use of release-specific (and, where applicable, milestone-specific) project
funding. The procedures should provide
detailed steps for preparing, reviewing, and approving requisitions. The procedures should include, at a
minimum, the following controls: 1) when
requisitions are initiated, requisition preparers, financial plan managers,
and approvers must verify that the narrative describing the work to be
performed in the requisition is clear and identifies the project release
supported, and compare the internal
order code to the narrative to ensure the correct release is being charged
for the expense and 2) before requisitions are executed, the project manager
must verify that the actual work requisitioned supports the release to be
charged for the cost. |
The suggested controls have been
discussed with Applications Development organization requisition preparers,
reviewers, and approvers and are now in place. Formal desk procedures, including the
appropriate use of release-specific and |
Source:
TIGTA audit reports issued from July 2008 through June 2009.
Appendix X
|
Term |
Definition |
||||||||||||||||||
|
Account Management
Services |
A project that will modernize the capability to collect, view, retrieve, and manage taxpayer information. |
||||||||||||||||||
|
Best Practice |
A technique or methodology that, through experience and research, has proven to reliably lead to a desired result. |
||||||||||||||||||
|
Byte |
A byte is commonly used as a unit of storage
measurement in computers, regardless of the type of data being stored. It is also one of the basic integral data types in many programming languages. Generally, a byte is a contiguous sequence
of eight binary digits.
|
||||||||||||||||||
|
Customer Account Data
Engine |
The foundation for managing taxpayer accounts in the
IRS modernization plan. It will
consist of databases and related applications that will replace the existing
IRS Master File processing systems and will include applications for daily
posting, settlement, maintenance, refund processing, and issue detection for
taxpayer tax account and return data. |
||||||||||||||||||
|
Data Strategy Implementation Program |
An initiative for implementing the data strategies that define the Enterprise Data Architecture, define the current and future data requirements, reduce and/or eliminate data duplication within the enterprise, provide solutions for information access and sharing, support interoperability among information systems, and support IRS business goals. |
||||||||||||||||||
|
|
Supports tax processing and information management through a data processing and telecommunications infrastructure. |
||||||||||||||||||
|
|
An Extensible Markup Language Relational Database and Integrated Production Model. The Extensible Markup Language Relational Database became operational in Fiscal Year 2006 and provides the IRS Tax Exempt and Government Entities Division with electronically filed business returns in a relational database that captures and associates data using common attributes. The Integrated Production Model will provide a consolidated database of tax return and account data in a single repository for compliance data used in the case selection processes. |
||||||||||||||||||
|
|
A structured business systems development method that requires the preparation of specific work products during different phases of the development process. |
||||||||||||||||||
|
Executive Steering
Committee |
Oversees investments, including validating major investment business requirements and ensuring that enabling technologies are defined, developed, and implemented. |
||||||||||||||||||
|
Filing Season |
The
period from January through mid-April when most individual income tax returns
are filed. |
||||||||||||||||||
|
Highest
Priority Initiatives Process |
A process IRS
executives and managers used to identify and seek resolution for the most
significant issues facing the Modernization Program. IRS executives and senior managers were appointed
to oversee the plans to resolve each of the Highest Priority Initiatives, and
progress was reported monthly. New initiatives
were identified every 6 months. |
||||||||||||||||||
|
Information
Technology Modernization Vision and Strategy |
A 5-year plan that drives investment decisions, addresses the priorities around modernizing front-line tax administration and supporting technical capabilities, and leverages existing systems (where possible) and new development (where necessary) to optimize capacity, manage program costs, and deliver business value on a more incremental and frequent basis. |
||||||||||||||||||
|
Infrastructure |
The fundamental structure of a system or organization. The basic, fundamental architecture of any system (electronic, mechanical, social, political, etc.) determines how it functions and how flexible it is to meet future requirements. |
||||||||||||||||||
|
Integrated Data
Retrieval System |
The IRS computer system capable of retrieving or
updating stored information; it works in conjunction with a taxpayer’s
account records. |
||||||||||||||||||
|
Integrated
Production Model |
A consolidated source of core taxpayer data (e.g., tax account, tax return, and third-party data) and business application data to be used by a wide range of business applications to support case identification, selection, prioritization, and delivery. |
||||||||||||||||||
|
Master File |
The IRS database that stores various types of taxpayer
account information. This database
includes individual, business, and employee plans and exempt organizations
data. |
||||||||||||||||||
|
Material Weakness |
Office of Management and Budget Circular A-123, Management’s Responsibility for Internal Control, dated December 2004, defines a material weakness as any condition an agency head determines to be significant enough to be reported outside the agency. |
||||||||||||||||||
|
Milestone |
The “go/no-go” decision point in a project and is
sometimes associated with funding approval to proceed. |
||||||||||||||||||
|
Modernized e-File |
The modernized, web-based platform for filing approximately
330 IRS forms electronically, beginning with the |
||||||||||||||||||
|
PRIME Contractor |
The Computer
Sciences Corporation, which heads an alliance of leading technology companies
brought together to assist with the IRS’ efforts to modernize its computer
systems and related information technology. |
||||||||||||||||||
|
Relational Database |
A database that captures data using common attributes found in the data set. |
||||||||||||||||||
|
Release |
A specific edition of software. |
||||||||||||||||||
|
Task Order |
An order for services planned against an established contract. |
||||||||||||||||||
|
Work Breakdown
Structure |
A deliverable-oriented grouping of project elements that organizes and defines the total scope of the project. |
||||||||||||||||||
Appendix XI
Management’s Response to the Draft Report
The response was removed
due to its size. To see the response,
please go to the Adobe PDF version of the report on the TIGTA Public Web Page.
[1] Pub. L. No. 105-206, 112 Stat. 685 (codified as amended in scattered sections of 2 U.S.C., 5 U.S.C. app., 16 U.S.C., 19 U.S.C., 22 U.S.C., 23 U.S.C., 26 U.S.C., 31 U.S.C., 38 U.S.C., and 49 U.S.C.).
[2] See Appendix X for a glossary of terms.
[3] Pub. L. No. 110-185, 122 Stat. 613.
[4] Pub. L. No. 105-206, 112 Stat. 685 (codified as amended in scattered sections of 2 U.S.C., 5 U.S.C. app., 16 U.S.C., 19 U.S.C., 22 U.S.C., 23 U.S.C., 26 U.S.C., 31 U.S.C., 38 U.S.C., and 49 U.S.C.).
[5] See Appendix X for a glossary of terms.
[6] Appendix IX presents the TIGTA reports used in formulating this Modernization Program assessment.
[7] Internal Revenue Service’s Fiscal Year 2009 Expenditure Plan (GAO-09-281, dated March 2009).
[8] See Appendix IV for an overview of the Enterprise Life Cycle.
[9] Pub. L. No. 110-185, 122 Stat. 613.
[10] Customer Account Data Engine Release 3 Successfully Processes Individual Tax Return and Tax Account Information (Reference Number 2009-20-001, dated October 24, 2008).
[11] Vital Decisions Must Be Made to Ensure Successful Implementation of Customer Account Data Engine Capabilities (Reference Number 2007-20-080, dated July 13, 2007).
[12] Customer Account Data Engine Project Management Practices Have Improved, but Continued Attention Is Needed to Ensure Future Success (Reference Number 2008-20-151, dated September 11, 2008).
[13] Annual Assessment of the Business Systems Modernization Program (Reference Number 2008-20-129, dated June 24, 2008).
[14] 31 U.S.C. Sections 1105, 1113, 3512 (2000).
[15] Pub. L. No. 105-206, 112 Stat. 685 (codified as amended in scattered sections of 2 U.S.C., 5 U.S.C. app., 16 U.S.C., 19 U.S.C., 22 U.S.C., 23 U.S.C., 26 U.S.C., 31 U.S.C., 38 U.S.C., and 49 U.S.C.).
[16] See Appendix IX for a detailed list of recent TIGTA reports and associated findings.
[17] Annual Assessment of the Internal Revenue Service’s Business Systems Modernization Program (Reference Number 2002-20-189, dated September 27, 2002); Annual Assessment of the Business Systems Modernization Program (Reference Number 2003-20-208, dated September 29, 2003); Annual Assessment of the Business Systems Modernization Program (Reference Number 2004-20-107, dated June 3, 2004); Annual Assessment of the Business Systems Modernization Program (Reference Number 2005-20-102, dated August 10, 2005); Annual Assessment of the Business Systems Modernization Program (Reference Number 2006-20-102, dated June 30, 2006); Annual Assessment of the Business Systems Modernization Program (Reference Number 2007-20-121, dated August 24, 2007); and Annual Assessment of the Business Systems Modernization Program (Reference Number 2008-20-129, dated June 24, 2008).
[18] See Appendix IV for description of the various Enterprise Life Cycle milestones.
[19] Annual Assessment of the Business Systems
Modernization Program (Reference Number 2008-20-129, dated
June 24, 2008).
[20] See Appendix X for a glossary of terms.