TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

 

Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits

 

 

 

November 30, 2009

 

Reference Number:2010-20-007

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

Phone Number ††|202-622-6500

Email Address ††|inquiries@tigta.treas.gov

Web Site†††††† |http://www.tigta.gov

 

November 30, 2009

 

 

MEMORANDUM FOR CHIEF TECHNOLOGY OFFICER

 

FROM:††††††††††††††† (for)††Michael R. Phillips /s/ Nancy A. Nakamura

Deputy Inspector General for Audit

 

SUBJECT:††††††††††††††††††† Final Audit Report Ė Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031)

 

This report presents the results of our review to determine the efficiency and effectiveness of implementing the Process Standardization component of the TRIPLEX initiative.This review was part of our Fiscal Year 2008 Annual Audit Plan coverage under the major management challenge of Modernization of the Internal Revenue Service (IRS).

Impact on the Taxpayer

The IRS began the TRIPLEX initiative to optimize data center operations using industry best practices.† Once fully implemented, the TRIPLEX initiative will create a Uniform Operating Environment across the three computing centers, operated by a Competency Based Organization[1] through the standardization of processes and tools.† This will make better use of taxpayer dollars by reducing labor costs and mitigating risks that can hamper the IRSí ability to perform its primary mission of tax collection and compliance activities.

Synopsis

In Calendar Year 2002, the IRS Chief Information Officer began the TRIPLEX initiative, which was developed by the IBM Corporation to optimize data center operations using industry best practices.The TRIPLEX initiative is intended to help the Enterprise Operations organization transform into an optimized enterprise computing center environment.One of the three main components of the TRIPLEX initiative, and the focus of our audit, is Process Standardization (including process reengineering efforts).In October 2005, the Enterprise Operations organization took the first step in a multi-year process and stood up a Competency Based Organization.

Implementation of the Competency Based Organization and Process Standardization has resulted in labor costs savings and improved operations.The Competency Based Organization structure significantly reduced the number of manager and nontechnical positions, and resulted in changing the grade levels of some technical employees.The reduction of 129 full-time equivalent positions resulted in more than $10 million in labor savings.In addition, the Enterprise Operations organization selected 10 processes for reengineering, and the completed and ongoing process reengineering efforts have resulted in operational improvements.Overall, the implementation of the Competency Based Organization and the completed process reengineering efforts have established a framework and a good foundation for continuing improvements within the Enterprise Operations organization.

While savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned, and timely and successfully implemented.Two of the process reengineering efforts were not effectively planned to ensure timely and successful implementation.Specifically, the Capacity Management process reengineering team does not have a plan in place to effectively monitor its progress.In addition, while the Detail Designs have been developed, no progress has been made since the completion of the Detail Designs. Also, the Data and Storage Management process reengineering team does not have a timeline scheduling completion of the remaining process improvement activities such as the Detail Design Phase and any associated deliverables coming out of that phase (e.g., standard operating procedures). Without giving due attention to its process reengineering efforts, the Enterprise Operations organization cannot effectively monitor the progress and ensure timely completion of the process reengineering efforts.As a result, the maximum benefits resulting from the completed process reengineering efforts may not be realized.

In addition, five of seven completed or ongoing operational processes selected for reengineering were not effectively baselined prior to the initiation of the reengineering efforts.The reengineering teams also had not implemented the performance measures that had been designed for some of these reengineering efforts.Operational processes were not baselined and performance measures were not implemented because process reengineering management and staff have not focused on performance management during the development and execution of the process reengineering efforts.Without operational process baseline and performance measure information, management cannot assess the improved effectiveness and efficiency of the reengineered processes.

Recommendations

We recommended that the Chief Technology Officer ensure the Enterprise Operations organizationís 1) process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources, 2) management timely completes the remaining process reengineering efforts or, if resources are not available to timely complete the efforts, suspends or cancels the process reengineering effort(s), 3) Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library, 4) operational processes selected for reengineering are baselined to establish the current state of the process, and 5) implementation of reengineered process performance measures.

Response

IRS management agreed with our recommendations and plans to take corrective actions including developing standard operating procedures to ensure process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.IRS management will ensure the completion of the remaining process reengineering efforts in a timely manner by implementing standard operating procedures to schedule and track future reengineering processes.If resources are not available to complete the efforts, management will suspend or cancel the process reengineering efforts.Management will develop a schedule for entering configuration items in the Configuration Management Library and ensure operational processes selected for reengineering are baselined to establish the current state of the process.Also, management will implement performance measures to determine the effectiveness and efficiency of the reengineered processes. Managementís complete response to the draft report is included as Appendix VI.

Copies of this report are also being sent to the IRS managers affected by the report recommendations.Please contact me at (202) 622-6510 if you have questions or Alan R. Duncan, Assistant Inspector General for Audit (Security and Information Technology Services), at (202) 622-8510.

 

 

Table of Contents

 

Background

Results of Review

Implementation of the Competency Based Organization and Process Standardization Has Resulted in Labor Costs Savings and Improved Operations

Planning of Process Reengineering Efforts Needs to Be Improved

Recommendations 1 and 2:

Recommendation 3:

Operational Processes Selected for Reengineering Were Not Baselined and Performance Measures Were Not Implemented

Recommendations 4 and 5:

Appendices

Appendix I Ė Detailed Objective, Scope, and Methodology

Appendix II Ė Major Contributors to This Report

Appendix III Ė Report Distribution List

Appendix IV Ė Description and Status of the Process Reengineering Efforts

Appendix V Ė Glossary of Terms

Appendix VI Ė Managementís Response to the Draft Report

 

 

Abbreviations

 

IRS

Internal Revenue Service

 

 

Background

 

In Calendar Year 2002, the Internal Revenue Service (IRS) Chief Information Officer began the TRIPLEX initiative, which was developed by the IBM Corporation to optimize data center operations using industry best practices.The TRIPLEX initiative is intended to help the Enterprise Operations organization transform into an optimized enterprise computing center[2] environment by reducing labor costs and mitigating risks that can hamper the IRSí ability to perform its primary mission of tax collection and compliance activities. The TRIPLEX initiative is comprised of three main components:

1.      Process Standardization Ė This component is a combination of processes that, when completed, will provide an operating structure enabling the Enterprise Operations organization to efficiently function as a single corporate entity managing resources, technologies, and workloads within a Uniform Operating Environment across the three computing centers.

The standardization of processes is a detailed review and reengineering effort to implement standard operational information technology processes for 26 processes having the greatest effect on the Enterprise Operations organization.The IBM Corporation-developed Process Reference Model and Information Technology Infrastructure Library, which is based on best practices, is being used to guide the standardization activities.Before beginning validation or reengineering, each process was individually evaluated by a panel of Enterprise Operations organization management and staff to determine which of the processes would be addressed first.The 10 processes selected for reengineering are:

        Capacity Management.

        Change Management.

        Configuration Management.

        Data and Storage Management.

        Incident Management.

        Information Technology Security Management.

        Information Technology Service Continuity Management.

        Inventory Management and Validation (formerly known as Asset Management).

        Problem Management.

        Stakeholder Requirements Management.

2.      Uniform Operating Environment Ė This component contains two key initiatives:Enterprise Systems Management and Service Delivery Command Center.

        The Enterprise Systems Management initiative uses technology placed to optimize the technical capabilities of the infrastructure, without regard to the personnel requirements.In June 2007, the new Enterprise Systems Management organization was deployed and teams are continuing to work on related TRIPLEX initiatives.We conducted an audit of the Enterprise Systems Management initiative and issued a report in September 2008.[3]

        The Service Delivery Command Center initiative establishes the technology locations for computing and network components and the technology command and control locations.The Service Delivery Command Center was deployed in October 2006, with a mission to avoid/minimize service interruptions for customers.It provides incident management and proactive monitoring support of all Enterprise Operations organization infrastructure to ensure normal information technology service operations are maintained.A review of the Service Delivery Command Center is included in our Fiscal Year 2010 Annual Audit Plan.

3.      Optimized Technology Infrastructure Ė This component is to improve the Modernization and Information Technology Services organizationís services through standardizing the infrastructure, services, best practices, and processes of the Enterprise Operations and the End User Equipment and Service organizations.When completed, this will provide an operating structure enabling the Enterprise Operations organization to efficiently function as a single corporate entity managing resources, technologies, and workloads within a Uniform Operating Environment. The Optimized Technology Infrastructure component currently has one project in progress, the Server Consolidation and Virtualization project.

In September 2003, the IRS identified several functions within the computing center operations that would benefit from significant process reengineering efforts or organizational changes consistent with a ďbest in classĒ operating model.The comprehensive improvement strategy included transforming the computing center operations from a geographically based organization to a Competency Based Organization in the Enterprise Operations organization.In October 2005, the Enterprise Operations organization took the first step in a multi-year process and stood up a Competency Based Organization.

Our review focused on the Process Standardization component of the TRIPLEX initiative.This review was performed at the IRS Enterprise Operations organization offices in New Carrollton, Maryland, during the period February through August 2009.We conducted this audit in accordance with generally accepted government auditing standards.Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective.We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.Detailed information on our audit objective, scope, and methodology is presented in Appendix I.Major contributors to the report are listed in Appendix II.

 

 

Results of Review

 

Implementation of the Competency Based Organization and Process Standardization Has Resulted in Labor Costs Savings and Improved Operations

The Competency Based Organization stood up in October 2005 with a structure that significantly reduced the number of manager and nontechnical positions, and resulted in changing the grade levels of some technical employees. The reduction in 129 full-time equivalent positions resulted in more than $10 million in labor savings.In Fiscal Year 2006, $5.6 million of the savings was used to pay for contractor support to implement the Competency Based Organization.The remaining $4.4 million in savings was used to offset a shortage in the labor budget.

Organizations with similar technical positions were reviewed to determine the consistency of roles and responsibilities.For example, both the Information Technology Infrastructure and the Enterprise Computing Center organizations created teams to identify role and responsibility inconsistencies of database/system administrators, Tier II support services, and storage support services.The organizational review of technical positions led to the development of updated roles and responsibilities.

In addition, five of seven completed and ongoing process reengineering efforts have resulted in operational improvements.Figure 1 presents the operational improvements resulting from completed and ongoing process reengineering efforts.

Figure 1:Operational Improvements Resulting From Completed and
Ongoing Process Reengineering Efforts

Process Being Reengineered

Improvements

Configuration Management

Improved the Enterprise Operations organizationís operations by creating a Configuration Management Library to organize, control, maintain, and access information.The Configuration Management Library contains documentation or links to various Uniform Resource Locators and automates the Investment Management and Configuration Control Board process.As of April 2009, approximately 100 items were contained in the library.

Information Technology Security Management

The Security Program consists of Security Management, Technical Security, and Operational Security.Each component was clarified further into individual activities, and standard operating procedures were developed to manage these activities.For example, an Enterprise Operations Security Program Communication Plan was developed to maximize consistency and efficiency in how security documentation is communicated throughout the organization.The process reengineering team also developed procedures for continuously monitoring server compliance with security requirements.

Information Technology Service Continuity Management

During Fiscal Year 2008, the process reengineering team focused on getting the Information Technology Contingency Plans accurately completed so they could be executed by Enterprise Operations organization management.As a result, the number of Information Technology Contingency Plans requiring Get Well Plans decreased from 113 in Fiscal Year 2008 to 2 in Fiscal Year 2009.

Inventory Management and Validation

Created four automated reports that provide specific information to management about the computer inventory.The reports are used to support a variety of inventory or asset management activities and contain information such as the number of work stoppage incidents and downtime hours.Previously, this information was obtained through ad hoc and labor intensive methods.

Stakeholder Requirements Management

Created the standard operating procedures and five documents/reports.Managementís effective use of these documents/reports resulted in a steady decline of overdue Unified Work Request responses from more than 90 in April 2004 to zero in March 2009.

Source:Interviews of IRS personnel and the review of documentation provided by the IRS.

The labor costs savings and operational improvements were realized because the Program Management Executive Steering Committee provided the proper level of executive oversight and a process and schedule for implementing the process reengineering efforts were established. Senior management also conducts operational reviews of the process reengineering efforts.Based on the implementation of the Competency Based Organization to date and the completed process reengineering efforts, the IRS has established a framework and a good foundation for continuing improvements within the Enterprise Operations organization.

While savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned, and timely and successfully implemented.

Planning of Process Reengineering Efforts Needs to Be Improved

Two of the process reengineering efforts were not effectively planned to ensure timely and successful implementation.Specifically:

  • The Capacity Management process reengineering team does not have a plan in place to effectively monitor its progress.For example, the Capacity Plan is a major product resulting from the Capacity Management process reengineering, but the team could not provide us with an estimated date or time period for the completion of the Capacity Plan. In addition, the Detail Designs for the IBM Tier I, Tier II, and Unisys platforms have been developed, but no progress has been made since the completion of the Detail Designs. This initiative started in July 2007.
  • The Data and Storage Management process reengineering team does not have a timeline scheduling completion of the remaining process improvement activities such as the Detail Design Phase and any associated deliverables coming out of that phase (e.g., standard operating procedures). This initiative started in January 2008.

In addition, while the Configuration Management process reengineering effort has been completed, the team does not have a prioritized list of configuration items to be added to the Configuration Management Library.The process reengineering team also does not have a schedule for adding the items to the Configuration Management Library and a method for tracking the status of the identified configuration items.

Finally, IBM Corporation contractors served as technical and process reengineering liaisons and provided technical recommendations and project management leadership.However, the contract with the IBM Corporation was cancelled in May 2008 due to a lack of funding. All of the process reengineering duties are currently performed by IRS employees as additional duties with the employeeís primary responsibilities taking priority. As a result, some of the process reengineering efforts lack the focus, urgency, or resources to complete them.

The Clinger Cohen Act of 1996[4] states that periodic reviews of selected information resources management activities of the executive agencies should be performed in order to ascertain the efficiency and effectiveness of information technology in improving the performance of the executive agency and the accomplishment of the missions of the executive agency.

Without giving due attention to its process reengineering efforts, the Enterprise Operations organization cannot effectively monitor the progress and ensure timely completion of the process reengineering efforts.Also, the maximum benefits resulting from the completed process reengineering efforts may not be realized.For example, the Data and Storage Management process reengineering team may not be able to support the data strategy goal to eliminate redundant storage, and the Configuration Management process reengineering team runs the risks of not being able to timely bring in newer versions of configuration items to the Enterprise Operations organization environment.

Management Action:After we discussed the lack of a prioritized list of configuration items to be added to the library with the Configuration Management process reengineering team, it compiled the list of items with the schedule for adding the items to the library yet to be determined.

Recommendations

The Chief Technology Officer should ensure the Enterprise Operations organizationís:

Recommendation 1: Process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.

Managementís Response:IRS management agreed with this recommendation.The Enterprise Operations organization will develop a repeatable process in the form of standard operating procedures to ensure process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.

Recommendation 2: Management timely completes the remaining process reengineering efforts.If resources are not available to timely complete the efforts, the Enterprise Operations organization should then suspend or cancel the process reengineering effort(s).

Managementís Response:IRS management agreed with this recommendation.The Enterprise Operations organization will ensure management completes the remaining process reengineering efforts in a timely manner by implementing a yearly repeatable process as part of the standard operating procedures to schedule and track future reengineering processes.If resources are not available to complete the efforts, the Enterprise Operations organization will suspend or cancel the process reengineering efforts.

Recommendation 3:Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library.

Managementís Response:IRS management agreed with this recommendation.The Enterprise Operations organization will ensure the Configuration Management process reengineering team implements a yearly repeatable process as part of the standard operating procedures to develop a schedule for entering configuration items in the Configuration Management Library.

Operational Processes Selected for Reengineering Were Not Baselined and Performance Measures Were Not Implemented

Five of seven completed or ongoing operational processes selected for reengineering were not effectively baselined prior to the initiation of the reengineering efforts.The five processes are Capacity Management, Configuration Management, Data and Storage Management, Information Technology Security Management, and Inventory Management and Validation.

Process reengineering managers were unable to provide us with results of any testing or reviews performed to baseline the operational processes within the Enterprise Operations organizationís control.In addition, the IBM Corporation designed performance measures for some of these process reengineering efforts, but the process reengineering teams had not implemented the performance measures.For example, one of the measures listed in the Detail Design document for the Capacity Management process reengineering effort is to assess the average time and total cost to produce a capacity plan, but the reengineering team was not recording the time expended or the number of full-time equivalents used to complete the plan.Also, the Information Technology Security Management process reengineering team developed a security plan that lists 18 activities needed to complete the process reengineering effort and performance measures for each activity.However, the process reengineering team did not perform any baseline reviews or testing to facilitate the determination of the effectiveness of the process reengineering effort.The Information Technology Security Management process reengineering team advised us that it has not yet assessed performance measures for the activities completed and no results have been gathered.

The Clinger Cohen Act of 1996 states that the Chief Information Officer/Chief Technology Officer shall monitor the performance of information technology programs of the agency, evaluate the performance of those programs on the basis of the applicable performance measurements, and advise the head of the agency whether to continue, modify, or terminate a program or project.The Government Accountability Office Standards for Internal Control in the Federal Government[5] states that managers at the functional or activity level need to compare actual performance to planned or expected results and analyze significant differences.

In addition, effective implementation of the Process Reference Model-Information Technology requires continuous assessment of information technology business processes.One of the key steps of the Process Reference Model-Information Technology guidance is the establishment of measures and setting targets to improve process effectiveness and efficiency.These measures and targets facilitate the continuous assessment of business processes.

Operational processes were not baselined and performance measures were not implemented because process reengineering management and staff have not focused on performance management during the development and execution of its process reengineering efforts.Without operational process baseline and performance measure information, management cannot assess the improved effectiveness and efficiency of the reengineered processes.

Recommendations

The Chief Technology Officer should ensure the Enterprise Operations organizationís:

Recommendation 4: Operational processes selected for reengineering are baselined to establish the current state of the process.

Managementís Response:IRS management agreed with this recommendation.The Enterprise Operations organization will implement a yearly repeatable process as part of the standard operating procedures to ensure operational processes selected for reengineering are baselined to establish the current state of the process.

Recommendation 5:Implementation of reengineered process performance measures.

Managementís Response:IRS management agreed with this recommendation.The Enterprise Operations organization will include the implementation of performance measures as part of the reengineering standard operating procedures to determine the effectiveness and efficiency of the reengineered processes.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

The overall objective of this review was to determine the efficiency and effectiveness of implementing the Process Standardization component of the TRIPLEX initiative.To accomplish this objective, we:

I.                    Evaluated the efficiency and effectiveness of the Competency Based Organization[6] implementation.

A.     Determined the effectiveness of the governance process for overseeing the implementation of the TRIPLEX initiative.

B.     Interviewed management to determine the process for ensuring the roles and responsibilities between the computing centers are consistent and how the inconsistencies are documented and resolved.

C.     Interviewed management and reviewed policies and procedures to determine the process for ensuring employees maintain the skills and competencies required to maintain the Enterprise Operations organizationís Competency Based Organization status.

D.     Reviewed the Enterprise Operations organizationís 5-Year Strategic Plan (Draft Version 4), the TRIPLEX Implementation Plan, and the Modernization and Information Technology Services organizationís Improvement Strategy and Plan to identify expected benefits from the TRIPLEX initiative.

II.                 Evaluated the efficiency and effectiveness of the implementation of the process reengineering efforts to determine whether they corrected the problems they were established to address and improved the Enterprise Operations organizationís operations.Specifically, we evaluated the efficiency and effectiveness of the following process reengineering efforts:

A.     Capacity Management.

B.     Change Management.

C.     Configuration Management.

D.     Data and Storage Management.

E.      Incident Management.

F.      Information Technology Security Management.

G.     Information Technology Service Continuity Management.

H.     Inventory Management and Validation (formerly known as Asset Management).

I.        Problem Management.

J.       Stakeholder Requirements Management.

 

Appendix II

 

Major Contributors to This Report

 

Alan R. Duncan, Assistant Inspector General for Audit (Security and Information Technology Services)

Margaret E. Begg, Acting Assistant Inspector General for Audit (Security and Information Technology Services)

Scott Macfarlane, Director

Danny Verneuille, Audit Manager

Mark Carder, Senior Auditor

Michael Garcia, Senior Auditor

Tina Wong, Senior Auditor

Kanika Kals, Auditor

Tuyet Nguyen, Auditor

 

Appendix III

 

Report Distribution List

 

CommissionerC

Office of the Commissioner Ė Attn:Chief of StaffC

Deputy Commissioner for Operations SupportOS

Chief Information OfficerOS:CTO:CIO

Deputy Chief Information Officer for OperationsOS:CTO

Associate Chief Information Officer, Applications DevelopmentOS:CTO:AD

Associate Chief Information Officer, Cybersecurity OS:CTO:C

Associate Chief Information Officer, End-User Equipment and ServicesOS:CTO:EU

Associate Chief Information Officer, Enterprise NetworksOS:CTO:EN

Associate Chief Information Officer, Enterprise OperationsOS:CTO:EO

Associate Chief Information Officer, Enterprise ServicesOS:CTO:ES

Director, Stakeholder ManagementOS:CTO:SM

Director, Customer Relationship and IntegrationOS:CTO:EO:CR

Director, Enterprise Computing CenterOS:CTO:EO:EC

Chief CounselCC

National Taxpayer AdvocateTA

Director, Office of Legislative AffairsCL:LA

Director, Office of Program Evaluation and Risk AnalysisRAS:O

Office of Internal ControlOS:CFO:CPIC:IC

Audit Liaison:Director, Program Oversight OfficeOS:CTO:SM:PO

 

Appendix IV

 

Description and Status of the Process Reengineering Efforts

 

Process Being Reengineered

Description

Completed Process Reengineering Initiatives

Configuration Management

The scope of this reengineering effort was to develop and implement the Configuration Management Library within the Enterprise Operations organization. As a result, the Enterprise Operations organization developed the Configuration Management Library as a document repository for Enterprise Operations organization configuration items (e.g., Enterprise Operations inventory reports, Enterprise Operations Program Management Executive Steering Committee minutes, and standard operating procedures).

Information Technology Service Continuity Management

The purpose of this reengineering process is to develop standard operating procedures defining roles and responsibilities for employees within the Enterprise Operations organization to ensure the required information technology technical and services facilities provided by the Enterprise Operations organization can be recovered within required and agreed business time periods.To avoid duplication in the overall Business Continuity Management process, team participants assigned to the process reengineering effort include employees from the Cybersecurity organization.The process reengineering team was scheduled to complete the Detail Design Phase (i.e., standard operating procedures) by June 30, 2009.As of July 15, 2009, we received a draft of the standard operating procedures dated May 22, 2009.The draft procedures need to be approved by the Investment Management and Configuration Control Board.[7]

Inventory Management and Validation

The original scope for the process was management of all assets including financial costs and software user licenses; however, the focus was later limited to inventory management of the Enterprise Operations organizationís information technology assets.The scope of the reengineering effort was further limited to creating four reports that summarize information pertaining to the overall status of 1) Tier I assets, 2) Tier II server assets, 3) End of service life cycle on Enterprise Operations organization assets, and 4) Enterprise Operations organization nonoperational assets owned or leased.

Stakeholder Requirements Management

This is the starting point for the translation of customer needs into functional requirements.The process reengineering effort focuses on Unified Work Request issues related to only the Enterprise Operations organization.

Ongoing Process Reengineering Initiatives

Capacity Management

This is the process of managing a defined level of capacity on information and information technology services, including managing the responses to performance incidents.The Capacity Management process reengineering initiative will standardize the process for forecasting resource capacity utilization and the related performance measurement.The process focuses on management of resources and not on the standardization of hardware/software issues.In May 2009, the Capacity Management process reengineering team provided us the Detail Designs for the IBM Tier I, Tier II, and Unisys platforms.The implementation date for the reengineering process was May 26, 2009, but the reengineering team was unable to provide us with any information or timeline to show the Plan of Actions and Milestones that will facilitate the process.

Data and Storage Management

The mission of this process is to ensure that all data required for providing and supporting operational services are available for use and data storage facilities can handle normal, expected fluctuations in data volumes, and other requirements within their designed tolerances.The Data and Storage Management process reengineering effort is focusing on standardizing the roles at the process level. We were not provided with an established timeline for completion of the process reengineering efforts or a reason for the lack of significant progress made on the reengineering process during the audit period.

Information Technology Security Management

The end state vision for the Enterprise Operations organizationís security reengineering is to establish repeatable, standardized processes that control and secure all types of Enterprise Operations organization assets.The reengineering process was scheduled to be deployed on July 1, 2009.

Not Started/Closed Process Reengineering Initiatives

Change Management

This process focuses on coordinating and controlling all changes to information technology services to minimize adverse impacts of those changes to business operations and the users of information technology services.In March 2009, the Enterprise Operations organization staff advised us that this initiative was approved and points-of-contact were named.However, the initiative has not started because of staffing and workload issues.

Incident Management

This process reengineering effort focuses on the restoration of service through triage, escalation, and Service Restoration Teams.The August 4, 2008, Program Management Executive Steering Committee briefing information included a proposal to close the Incident Management process reengineering effort, but the meeting minutes did not indicate whether the proposal was approved.The September 12, 2008, Program Management Executive Steering Committee minutes and the Investment Management and Configuration Control Board minutes for April 11 through September 5, 2008, did not include any information on this process.

Problem Management

This process reengineering effort focuses on prevention of recurring outages based on trend analysis and root cause analysis.The August 4, 2008, Program Management Executive Steering Committee briefing information included a proposal to close the Problem Management process reengineering effort, but the meeting minutes did not indicate whether the proposal was approved.The September 12, 2008, Program Management Executive Steering Committee minutes and the Investment Management and Configuration Control Board minutes for April 11 through September 5, 2008, did not include any information on this process.

Source:Interviews of IRS personnel and the review of documentation provided by the IRS.

 

Appendix V

 

Glossary of Terms

 

Competency Based Organization

An organization that is structured independently of geographic boundaries, based on mission-focused groupings of related skills, knowledge, and functions working together across the enterprise to achieve common objectives.

Enterprise Computing Center

Supports tax processing and information management through a data processing and telecommunications infrastructure.

Full-Time Equivalent

A measure of labor hours in which one full-time equivalent is equal to 8 hours multiplied by the number of compensable days in a particular fiscal year.In Fiscal Year 2008,
one full-time equivalent was equal to 2,096 staff hours.In Fiscal Year 2009, one full-time equivalent was equal to 2,088 staff hours.

Get Well Plan

A plan that shows how the project/release will resolve issues identified (e.g., in testing of an Information Technology Contingency Plan).

Information Technology Contingency Plan

A plan that provides viable and actionable procedures and capabilities for recovering or restoring IRS systems and applications to their original state in the event of an information technology system disruption.

Information Technology Infrastructure Library

A series of books giving guidance--based on best practices--on the provision of quality information technology services and on the accommodation and environmental facilities needed to support information technology.

Investment Management and Configuration Control Board

A component of the Enterprise Operations organizationís internal governance structure established to review and decide on proposed changes to Enterprise Operations-owned baselined products.

Plan of Actions and Milestones

Prioritizes and assigns dates for remediation of identified weaknesses.

Program Management Executive Steering Committee

A component of the Enterprise Operations organizationís internal governance structure established to ensure that projects are well defined, thoroughly planned, implemented, controlled, and integrated into the Enterprise Operations organization environment.

Server Consolidation and Virtualization Project

This project will replace and/or refresh more than 1,000 physical Wintel servers with about 200 high-end virtual servers and deploy a virtualized infrastructure in the IRSís computing centers and campus locations.

Service Delivery Command Center

Responsible for providing incident management and proactive monitoring support to ensure service continuity and service restoration.

Stood Up

In October 2005, the Competency Based Organization was officially recognized.

Tier I

Computing infrastructure consisting of mainframe computers that handle a high volume of critical operational data.

Tier II

Computing infrastructure consisting of UNIX-based minicomputer servers that provide specialized services.

Unified Work Request

A required document that provides notification to the Modernization and Information Technology Services organization that a service or support is needed.

Uniform Resource Locator

An address of a webpage on the world wide web.

 

Appendix VI

 

Managementís Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON. DC 20224

 

CHIEF TECHNOLOGY OFFICER

 

 

OCTOBER 28, 2009

 

MEMORANDUM FOR †††††††† DEPUTY INSPECTOR.GENERAL FOR TAX

ADMINISTRATION

 

FROM: †††††††††††††††††††††††††††††††††† Terence V. Milholland /s/Terrence V. Milholland

Chief Technology Officer

 

SUBJECT;†††††††††††††††††††††††††††††† Draft Audit Report Progress Has Been Made in

Standardizing Processes in the Computing Centers, but

Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031)

{i-trak # 2010-66328)

 

Thank you for the opportunity to review and respond to the subject audit report

 

We appreciate your comments and observations that the IRS has made progress in standardizing process in computing centers. We agree the implementation of the Competency Based Organization and the completed process reengineering efforts have established a framework and a sound foundation for continuing improvements within the Enterprise Operations organization.

 

We acknowledge that while savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned and successfully implemented in a timely manner. We agree with the five recommendations made as a result of your audit and the attachment details our planned actions to implement them.

 

We value your continued support and the guidance your team provides. If you have any questions, please contact me at (202) 622-6800 or Darrin Brown, Director of Program Oversight, at (202) 283-4613.

 

Attachment

 

Attachment

 

Draft Audit Report - Progress Has Been Made in Standardizing Process in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trk # 2010-66328)

 

RECOMMENDATION #1: The Chief Technology Officer should ensure the Enterprise Operations organization's process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.

 

CORRECTIVE ACTION #1: We agree with this recommendation. The Enterprise Operations organization will develop a repeatable process in the form of standard operating procedures to ensure process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.

 

IMPLEMENTATION DATE: March 1, 2010

 

RESPONSIBLE OFFICIAL: Associate Chief Information Officer, Enterprise

Operations

 

CORRECTIVE ACTIQN MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.

 

RECOMMENDATION #2: The Chief Technology Officer should ensure the Enterprise Operations organizations' management timely completes the remaining process reengineering efforts. If resources are not available to timely complete the efforts, the Enterprise Operations organization should then suspend or cancel the process reengineering effort(s).

 

CORRECTIVE ACTION #2: We agree with this recommendation. The Enterprise Operations organization will ensure management completes the remaining process reengineering efforts in a timely manner by implementing a yearly repeatable process as part of the standard operating procedures to schedule and track future reengineering processes. If resources are not available to complete the efforts, the Enterprise Operations organization will suspend or cancel the process reengineering effort.

 

IMPLEMENTATION DATE: October 1, 2010

 

RESPONSIBLE OFFICIAL: Associate Chief Information Officer. Enterprise Operations

 

CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.

 

Attachment

 

Draft Audit Report - Progress Has Been Made in Standardizing Process in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trk # 2010-66328)

 

RECOMMENDATION #3: The Chief Technology Officer should ensure the Enterprise Operations organization's Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library.

 

CORRECTIVE ACTION #3: We agree with this recommendation. The Enterprise operations organization will ensure the Configuration Management process reengineering team implements a yearly repeatable process as part of the standard operating procedures to develop a schedule for entering configuration items in the Configuration Management Library.

 

IMPLEMENTATION DATE: March 1, 2010

 

RESPONSIBLE OFFICIAL: Associate Chief Information Officer, Enterprise Operations

 

CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.

 

RECOMMENDATION #4: The Chief Technology Officer should ensure the Enterprise Operations organization's operational processes selected for reengineering are base lined to establish the current state of the process.

 

CORRECTIVE ACTION #4: We agree with this recommendation. The Enterprise Operations organization will implement a yearly repeatable process as part of the standard operating procedures to ensure operational processes selected for reengineering are based lined to establish the current state of the process.

 

IMPLEMENTATION DATE: March 1, 2010

 

RESPONSIBLE OFFICIAL: Associate Chief Information Officer, Enterprise Operations

 

CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.

 

Attachment

 

Draft Audit Report - Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trak # 2010-66328)

 

RECOMMENDATION #5: The Chief Technology Officer should ensure the Enterprise Operations organizationsí implementation of performance measures to determine the effectiveness and efficiency of the reengineered processes.

 

CORRECTIVE ACTION #5: We agree with this recommendation. The Enterprise Operations organization will include the implementation of performance measures as part of the reengineering standard operating procedures to determine the effectiveness and efficiency of the reengineered processes.

 

IMPLEMENTATION DATE: March 1, 2010

 

RESPONSIBLE OFFICIAL: Associate Chief Information Officer, Enterprise Operations

 

CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.

 



[1] See Appendix V for a glossary of terms.

[2] See Appendix V for a glossary of terms.

[3] The Enterprise Systems Management Program Is Making Progress to Improve Service Delivery and Monitoring, but Risks Remain (Reference Number 2008-20-161, dated September 12, 2008).

[4] Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).

[5] GAO/AIMD-00-21.3.1, dated November 1999.

[6] See Appendix V for a glossary of terms.

[7] See Appendix V for a glossary of terms.