Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits
November 30, 2009
Reference Number: 2010-20-007
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone Number |
202-622-6500
Email Address | inquiries@tigta.treas.gov
Web Site |
http://www.tigta.gov
November 30, 2009
MEMORANDUM FOR CHIEF TECHNOLOGY OFFICER
FROM: (for) Michael R. Phillips /s/ Nancy A.
Nakamura
Deputy Inspector General for Audit
SUBJECT: Final Audit Report – Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031)
This report presents the results of our review to determine the efficiency and effectiveness of implementing the Process Standardization component of the TRIPLEX initiative. This review was part of our Fiscal Year 2008 Annual Audit Plan coverage under the major management challenge of Modernization of the Internal Revenue Service (IRS).
Impact on the Taxpayer
The IRS began the TRIPLEX initiative to optimize data
center operations using industry best practices. Once fully implemented, the TRIPLEX initiative
will create a Uniform Operating Environment across the three computing centers,
operated by a Competency Based Organization[1] through the
standardization of processes and tools.
This will make better use of taxpayer dollars by reducing labor costs
and mitigating risks that can hamper the IRS’ ability to perform its primary
mission of tax collection and compliance activities.
Synopsis
In Calendar Year 2002, the IRS Chief Information Officer began
the TRIPLEX initiative, which was developed by the IBM Corporation to optimize
data center operations using industry best practices. The TRIPLEX initiative is intended to help
the Enterprise Operations organization transform into an optimized enterprise
computing center environment. One of the
three main components of the TRIPLEX initiative, and the focus of our audit, is
Process Standardization (including process
reengineering efforts). In
October 2005, the Enterprise Operations
organization took the first step in a multi-year process and stood up a Competency
Based Organization.
Implementation of the Competency Based Organization and Process Standardization has resulted in labor costs savings and improved operations. The Competency Based Organization structure significantly reduced the number of manager and nontechnical positions, and resulted in changing the grade levels of some technical employees. The reduction of 129 full-time equivalent positions resulted in more than $10 million in labor savings. In addition, the Enterprise Operations organization selected 10 processes for reengineering, and the completed and ongoing process reengineering efforts have resulted in operational improvements. Overall, the implementation of the Competency Based Organization and the completed process reengineering efforts have established a framework and a good foundation for continuing improvements within the Enterprise Operations organization.
While savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned, and timely and successfully implemented. Two of the process reengineering efforts were not effectively planned to ensure timely and successful implementation. Specifically, the Capacity Management process reengineering team does not have a plan in place to effectively monitor its progress. In addition, while the Detail Designs have been developed, no progress has been made since the completion of the Detail Designs. Also, the Data and Storage Management process reengineering team does not have a timeline scheduling completion of the remaining process improvement activities such as the Detail Design Phase and any associated deliverables coming out of that phase (e.g., standard operating procedures). Without giving due attention to its process reengineering efforts, the Enterprise Operations organization cannot effectively monitor the progress and ensure timely completion of the process reengineering efforts. As a result, the maximum benefits resulting from the completed process reengineering efforts may not be realized.
In addition, five of seven completed or ongoing operational processes selected for reengineering were not effectively baselined prior to the initiation of the reengineering efforts. The reengineering teams also had not implemented the performance measures that had been designed for some of these reengineering efforts. Operational processes were not baselined and performance measures were not implemented because process reengineering management and staff have not focused on performance management during the development and execution of the process reengineering efforts. Without operational process baseline and performance measure information, management cannot assess the improved effectiveness and efficiency of the reengineered processes.
Recommendations
We recommended that the Chief Technology Officer ensure the Enterprise Operations organization’s 1) process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources, 2) management timely completes the remaining process reengineering efforts or, if resources are not available to timely complete the efforts, suspends or cancels the process reengineering effort(s), 3) Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library, 4) operational processes selected for reengineering are baselined to establish the current state of the process, and 5) implementation of reengineered process performance measures.
Response
IRS management agreed with our recommendations and plans to take corrective actions including developing standard operating procedures to ensure process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources. IRS management will ensure the completion of the remaining process reengineering efforts in a timely manner by implementing standard operating procedures to schedule and track future reengineering processes. If resources are not available to complete the efforts, management will suspend or cancel the process reengineering efforts. Management will develop a schedule for entering configuration items in the Configuration Management Library and ensure operational processes selected for reengineering are baselined to establish the current state of the process. Also, management will implement performance measures to determine the effectiveness and efficiency of the reengineered processes. Management’s complete response to the draft report is included as Appendix VI.
Copies of
this report are also being sent to the IRS managers affected by the report
recommendations. Please contact me at
(202) 622-6510 if you have questions or Alan R. Duncan, Assistant Inspector
General for Audit (Security and Information Technology Services), at (202)
622-8510.
Planning of Process Reengineering
Efforts Needs to Be Improved
Appendices
Appendix
I – Detailed Objective, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix III – Report Distribution List
Appendix
IV – Description and Status of the Process Reengineering Efforts
Appendix
V – Glossary of Terms
Appendix
VI – Management’s Response to the Draft Report
Abbreviations
|
IRS |
Internal Revenue Service |
In Calendar Year 2002, the Internal
Revenue Service (IRS) Chief Information Officer began the TRIPLEX
initiative, which was developed by the IBM Corporation to optimize data center
operations using industry best practices.
The TRIPLEX initiative is intended to help the Enterprise Operations
organization transform into an optimized enterprise computing center[2]
environment by reducing labor costs and
mitigating risks that can hamper the IRS’ ability to perform its primary
mission of tax collection and compliance activities. The TRIPLEX
initiative is comprised of three main components:
1.
Process
Standardization – This component is a combination of processes that, when
completed, will provide an operating structure enabling the Enterprise Operations organization to efficiently function as a single corporate entity
managing resources, technologies, and workloads within a Uniform Operating
Environment across the three computing centers.
The standardization of processes is a detailed review and reengineering effort to implement standard operational information technology processes for 26 processes having the greatest effect on the Enterprise Operations organization. The IBM Corporation-developed Process Reference Model and Information Technology Infrastructure Library, which is based on best practices, is being used to guide the standardization activities. Before beginning validation or reengineering, each process was individually evaluated by a panel of Enterprise Operations organization management and staff to determine which of the processes would be addressed first. The 10 processes selected for reengineering are:
· Capacity Management.
· Change Management.
· Configuration Management.
· Data and Storage Management.
· Incident Management.
· Information Technology Security Management.
· Information Technology Service Continuity Management.
· Inventory Management and Validation (formerly known as Asset Management).
· Problem Management.
·
Stakeholder Requirements Management.
2.
Uniform
Operating Environment – This component contains two key initiatives: Enterprise Systems Management and
·
The
Enterprise Systems Management initiative uses technology placed to optimize the
technical capabilities of the infrastructure, without regard to the personnel
requirements. In
June 2007, the new Enterprise Systems Management
organization was deployed and teams are continuing to work on related TRIPLEX initiatives. We conducted an audit of the Enterprise
Systems Management initiative and issued a report in
September 2008.[3]
·
The
3.
Optimized
Technology Infrastructure – This component is to improve the Modernization and Information Technology Services organization’s services through
standardizing the infrastructure, services, best practices, and processes of
the Enterprise Operations and the End User Equipment and Service organizations. When completed, this will provide an
operating structure enabling the Enterprise
Operations organization to
efficiently function as a single corporate entity managing resources,
technologies, and workloads within a Uniform Operating Environment. The Optimized Technology Infrastructure component
currently has one project in progress, the Server Consolidation and
Virtualization project.
In September 2003, the IRS identified several functions within the computing center operations that would benefit from significant process reengineering efforts or organizational changes consistent with a “best in class” operating model. The comprehensive improvement strategy included transforming the computing center operations from a geographically based organization to a Competency Based Organization in the Enterprise Operations organization. In October 2005, the Enterprise Operations organization took the first step in a multi-year process and stood up a Competency Based Organization.
Our review focused on the Process Standardization component of the TRIPLEX initiative. This review was performed at the IRS Enterprise Operations organization offices in New Carrollton, Maryland, during the period February through August 2009. We conducted this audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
Implementation of the Competency Based Organization and Process Standardization Has Resulted in Labor Costs Savings and Improved Operations
The Competency Based Organization stood up in October 2005 with a structure that significantly reduced the number of manager and nontechnical positions, and resulted in changing the grade levels of some technical employees. The reduction in 129 full-time equivalent positions resulted in more than $10 million in labor savings. In Fiscal Year 2006, $5.6 million of the savings was used to pay for contractor support to implement the Competency Based Organization. The remaining $4.4 million in savings was used to offset a shortage in the labor budget.
Organizations with similar technical positions were
reviewed to determine the consistency of roles and responsibilities. For example, both the Information Technology
Infrastructure and the
In addition, five of seven completed and ongoing process
reengineering efforts have resulted in operational improvements. Figure 1 presents
the operational improvements resulting from completed and ongoing process
reengineering efforts.
Figure
1: Operational Improvements Resulting
From Completed and
Ongoing Process Reengineering Efforts
|
Process Being Reengineered |
Improvements |
|
Configuration Management |
Improved the Enterprise Operations
organization’s operations by creating a Configuration
Management Library to organize, control, maintain, and access information. The Configuration Management Library contains
documentation or links to various Uniform Resource Locators and automates the
Investment Management and Configuration Control Board process. As of April 2009, approximately 100
items were contained in the library. |
|
Information Technology Security Management |
The Security Program consists of
Security Management, Technical Security, and Operational Security. Each component was clarified further into
individual activities, and standard
operating procedures were developed to manage these activities. For example, an Enterprise Operations
Security Program Communication Plan was developed to maximize consistency and
efficiency in how security documentation is communicated throughout the
organization. The process reengineering
team also developed procedures for continuously monitoring server compliance
with security requirements. |
|
Information Technology Service Continuity Management |
During Fiscal Year 2008, the process
reengineering team focused on getting the Information Technology
Contingency Plans accurately completed so they could be executed by Enterprise Operations organization
management. As a result, the number of Information Technology
Contingency Plans requiring Get Well
Plans decreased from 113 in Fiscal Year 2008 to 2 in Fiscal Year 2009. |
|
Inventory Management and Validation |
Created four automated reports that provide specific
information to management about the computer inventory. The reports are used to support a variety
of inventory or asset management activities and contain information such as
the number of work stoppage incidents and downtime hours. Previously, this information was obtained
through ad hoc and labor intensive methods. |
|
Stakeholder Requirements Management |
Created the standard operating procedures
and five documents/reports.
Management’s effective use of these documents/reports resulted in a
steady decline of overdue Unified Work Request responses from more than 90 in
April 2004 to zero in March 2009. |
Source: Interviews of IRS personnel and the review of
documentation provided by the IRS.
The labor costs savings and operational improvements were realized because the Program Management Executive Steering Committee provided the proper level of executive oversight and a process and schedule for implementing the process reengineering efforts were established. Senior management also conducts operational reviews of the process reengineering efforts. Based on the implementation of the Competency Based Organization to date and the completed process reengineering efforts, the IRS has established a framework and a good foundation for continuing improvements within the Enterprise Operations organization.
While savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned, and timely and successfully implemented.
Planning of Process Reengineering Efforts Needs to Be Improved
Two of the process reengineering efforts were not effectively planned to ensure
timely and successful implementation.
Specifically:
In addition, while the Configuration Management process reengineering effort
has been completed, the team does not have a prioritized list of configuration
items to be added to the Configuration Management Library. The process reengineering team also does not
have a schedule for adding the items to the Configuration Management Library and
a method for tracking the status of the identified configuration items.
Finally, IBM Corporation contractors served as technical and process reengineering liaisons and provided technical recommendations and project management leadership. However, the contract with the IBM Corporation was cancelled in May 2008 due to a lack of funding. All of the process reengineering duties are currently performed by IRS employees as additional duties with the employee’s primary responsibilities taking priority. As a result, some of the process reengineering efforts lack the focus, urgency, or resources to complete them.
The Clinger Cohen Act of 1996[4] states that periodic reviews of selected information resources management activities of the executive agencies should be performed in order to ascertain the efficiency and effectiveness of information technology in improving the performance of the executive agency and the accomplishment of the missions of the executive agency.
Without giving due attention to its process reengineering efforts, the Enterprise Operations organization cannot effectively monitor the progress and ensure timely completion of the process reengineering efforts. Also, the maximum benefits resulting from the completed process reengineering efforts may not be realized. For example, the Data and Storage Management process reengineering team may not be able to support the data strategy goal to eliminate redundant storage, and the Configuration Management process reengineering team runs the risks of not being able to timely bring in newer versions of configuration items to the Enterprise Operations organization environment.
Management Action: After we discussed the lack of a prioritized list of configuration items to be added to the library with the Configuration Management process reengineering team, it compiled the list of items with the schedule for adding the items to the library yet to be determined.
Recommendations
The Chief Technology Officer should ensure the Enterprise Operations organization’s:
Recommendation 1: Process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.
Management’s Response: IRS management agreed with this recommendation. The Enterprise Operations organization will develop
a repeatable process in the form of standard operating procedures to ensure
process reengineering teams adequately plan the scope of the effort, establish
time periods for workload completion, track the progress, timely complete the
effort, and have adequate resources.
Recommendation 2: Management timely completes the remaining process reengineering efforts. If resources are not available to timely complete the efforts, the Enterprise Operations organization should then suspend or cancel the process reengineering effort(s).
Management’s Response: IRS management agreed with this recommendation.
The Enterprise Operations organization will ensure management completes the
remaining process reengineering efforts in a timely manner by implementing a yearly
repeatable process as part of the standard operating procedures to schedule and
track future reengineering processes. If
resources are not available to complete the efforts, the Enterprise Operations
organization will suspend or cancel the process reengineering efforts.
Recommendation 3: Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library.
Management’s Response: IRS management agreed with this recommendation.
The Enterprise Operations organization will ensure the Configuration
Management process reengineering team implements a yearly repeatable process as
part of the standard operating procedures to develop a schedule for entering
configuration items in the Configuration Management Library.
Operational Processes Selected for Reengineering Were Not Baselined and Performance Measures Were Not Implemented
Five of seven
completed or ongoing operational processes selected for reengineering were not
effectively baselined prior to the initiation of the reengineering
efforts. The five processes are Capacity
Management, Configuration Management, Data and Storage Management, Information
Technology Security Management, and Inventory Management and Validation.
Process reengineering managers were unable to provide us with results of any testing or reviews performed to baseline the operational processes within the Enterprise Operations organization’s control. In addition, the IBM Corporation designed performance measures for some of these process reengineering efforts, but the process reengineering teams had not implemented the performance measures. For example, one of the measures listed in the Detail Design document for the Capacity Management process reengineering effort is to assess the average time and total cost to produce a capacity plan, but the reengineering team was not recording the time expended or the number of full-time equivalents used to complete the plan. Also, the Information Technology Security Management process reengineering team developed a security plan that lists 18 activities needed to complete the process reengineering effort and performance measures for each activity. However, the process reengineering team did not perform any baseline reviews or testing to facilitate the determination of the effectiveness of the process reengineering effort. The Information Technology Security Management process reengineering team advised us that it has not yet assessed performance measures for the activities completed and no results have been gathered.
The Clinger Cohen Act of 1996 states that the Chief Information Officer/Chief Technology Officer shall monitor the performance of information technology programs of the agency, evaluate the performance of those programs on the basis of the applicable performance measurements, and advise the head of the agency whether to continue, modify, or terminate a program or project. The Government Accountability Office Standards for Internal Control in the Federal Government[5] states that managers at the functional or activity level need to compare actual performance to planned or expected results and analyze significant differences.
In addition, effective implementation
of the Process Reference
Model-Information Technology requires continuous assessment of
information technology business processes.
One of the key steps of the
Process Reference Model-Information Technology guidance is the establishment of
measures and setting targets to improve process effectiveness and efficiency. These measures and targets facilitate the
continuous assessment of business processes.
Operational processes were not baselined and performance
measures were not implemented because process reengineering management and
staff have not focused on performance management during the development and
execution of its process reengineering efforts.
Without operational process baseline and
performance measure information, management cannot assess the improved
effectiveness and efficiency of the reengineered processes.
Recommendations
The Chief Technology Officer should ensure the Enterprise Operations organization’s:
Recommendation 4: Operational processes selected for reengineering are baselined to establish the current state of the process.
Management’s Response: IRS management agreed with this recommendation.
The Enterprise Operations organization will implement a yearly repeatable process as
part of the standard operating procedures to ensure operational processes
selected for reengineering are baselined to establish the current state of the
process.
Recommendation 5: Implementation of reengineered process performance measures.
Management’s Response: IRS management agreed with this recommendation.
The Enterprise Operations organization will include the implementation of
performance measures as part of the reengineering standard operating procedures
to determine the effectiveness and efficiency of the reengineered processes.
Appendix I
Detailed Objective, Scope, and Methodology
The overall objective of this
review was to determine the efficiency and effectiveness of implementing the Process Standardization component of the TRIPLEX initiative. To
accomplish this objective, we:
I.
Evaluated the
efficiency and effectiveness of the Competency Based Organization[6]
implementation.
A.
Determined the effectiveness of the governance
process for overseeing the implementation of the
TRIPLEX initiative.
B.
Interviewed management
to determine the process for ensuring the roles and responsibilities between
the computing centers are consistent and how the inconsistencies are documented
and resolved.
C.
Interviewed management
and reviewed policies and procedures to determine the process for ensuring
employees maintain the skills and competencies required to maintain the
Enterprise Operations organization’s Competency Based Organization status.
D.
Reviewed the Enterprise
Operations organization’s 5-Year
Strategic Plan (Draft Version 4), the TRIPLEX Implementation Plan, and the Modernization and Information Technology Services
organization’s Improvement
Strategy and Plan to identify expected benefits from the TRIPLEX initiative.
II.
Evaluated the
efficiency and effectiveness of the implementation of the process reengineering
efforts to determine whether they corrected the problems they were established
to address and improved the Enterprise Operations organization’s operations. Specifically, we evaluated the efficiency and
effectiveness of the following process reengineering efforts:
A.
Capacity Management.
B.
Change Management.
C.
Configuration
Management.
D.
Data and Storage
Management.
E.
Incident Management.
F.
Information Technology
Security Management.
G.
Information Technology
Service Continuity Management.
H.
Inventory Management and Validation (formerly
known as Asset Management).
I.
Problem Management.
J.
Stakeholder
Requirements Management.
Appendix II
Major Contributors to This Report
Alan
R. Duncan, Assistant Inspector General for Audit (Security and Information
Technology Services)
Margaret
E. Begg, Acting Assistant Inspector General for Audit (Security and Information
Technology Services)
Scott
Macfarlane, Director
Danny
Verneuille, Audit Manager
Mark
Carder, Senior Auditor
Michael
Garcia, Senior Auditor
Tina
Wong, Senior Auditor
Kanika
Kals, Auditor
Tuyet
Nguyen, Auditor
Appendix III
Commissioner C
Office of the Commissioner –
Attn: Chief of Staff C
Deputy Commissioner for Operations
Support OS
Chief Information Officer OS:CTO:CIO
Deputy Chief Information Officer for
Operations OS:CTO
Associate Chief Information Officer,
Applications Development OS:CTO:AD
Associate Chief Information Officer, Cybersecurity
OS:CTO:C
Associate Chief Information Officer, End-User
Equipment and Services OS:CTO:EU
Associate Chief Information Officer,
Associate Chief Information Officer,
Associate Chief Information Officer,
Director, Stakeholder
Management OS:CTO:SM
Director, Customer Relationship and
Integration OS:CTO:EO:CR
Director,
Chief
Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of Program Evaluation and Risk Analysis RAS:O
Office of Internal Control OS:CFO:CPIC:IC
Audit Liaison: Director, Program
Oversight Office OS:CTO:SM:
Appendix IV
Description
and Status of the Process Reengineering Efforts
|
Process Being Reengineered |
Description |
|
Completed Process Reengineering
Initiatives |
|
|
Configuration
Management |
The scope of this reengineering effort was to develop
and implement the Configuration Management Library within the Enterprise
Operations organization. As a result, the Enterprise Operations organization
developed the Configuration Management Library as a document
repository for Enterprise Operations organization configuration
items (e.g., Enterprise Operations inventory reports, Enterprise
Operations Program
Management Executive Steering Committee minutes, and standard operating procedures). |
|
Information
Technology Service Continuity Management |
The purpose of this reengineering process is to develop
standard operating procedures defining roles and responsibilities for
employees within the Enterprise Operations organization to ensure the
required information technology technical and services facilities provided by
the Enterprise Operations organization can be recovered within required and
agreed business time periods. To avoid
duplication in the overall Business Continuity Management process, team
participants assigned to the process reengineering effort include employees
from the Cybersecurity organization.
The process reengineering team was scheduled to complete the Detail
Design Phase (i.e., standard operating procedures) by June 30, 2009. As of July 15, 2009, we received a draft of
the standard operating procedures dated May 22, 2009. The draft procedures need to be approved by
the Investment Management and Configuration Control
Board.[7] |
|
Inventory
Management and Validation |
The original scope for the process was management of all assets
including financial costs and software user licenses; however, the focus was
later limited to inventory management of the Enterprise Operations
organization’s information technology assets.
The scope of the reengineering effort was further limited to creating
four reports that summarize information pertaining to the overall status of
1) Tier I assets, 2) Tier II server assets, 3) End of service life cycle on Enterprise
Operations organization assets, and 4) Enterprise Operations organization nonoperational
assets owned or leased. |
|
Stakeholder Requirements Management |
This is the starting point for the translation of
customer needs into functional requirements.
The process reengineering effort focuses on Unified Work Request
issues related to only the Enterprise Operations organization. |
|
Ongoing Process Reengineering
Initiatives |
|
|
Capacity
Management |
This is the process of managing a defined level of capacity on information and information technology services, including managing the responses to performance incidents. The Capacity Management process reengineering initiative will standardize the process for forecasting resource capacity utilization and the related performance measurement. The process focuses on management of resources and not on the standardization of hardware/software issues. In May 2009, the Capacity Management process reengineering team provided us the Detail Designs for the IBM Tier I, Tier II, and Unisys platforms. The implementation date for the reengineering process was May 26, 2009, but the reengineering team was unable to provide us with any information or timeline to show the Plan of Actions and Milestones that will facilitate the process. |
|
Data and Storage
Management |
The mission of
this process is to ensure that all data required for providing and supporting
operational services are available for use and data storage facilities can
handle normal, expected fluctuations in data volumes, and other requirements
within their designed tolerances. The
Data and Storage Management process reengineering effort is focusing on
standardizing the roles at the process level. We were not provided with an established
timeline for completion of the process reengineering efforts or a reason for
the lack of significant progress made on the reengineering process during the
audit period. |
|
Information
Technology Security Management |
The end state vision for the Enterprise Operations organization’s security reengineering is to establish repeatable, standardized processes that control and secure all types of Enterprise Operations organization assets. The reengineering process was scheduled to be deployed on July 1, 2009. |
|
Not Started/Closed Process Reengineering
Initiatives |
|
|
Change
Management |
This
process focuses on coordinating and controlling all changes to information
technology services to minimize adverse impacts of those changes to business
operations and the users of information technology services. In March
2009, the Enterprise Operations organization staff
advised us that this initiative was approved and points-of-contact were
named. However, the initiative has not
started because of staffing and workload issues. |
|
Incident
Management |
This process reengineering effort
focuses on the restoration of service through triage, escalation, and Service
Restoration Teams. The August 4, 2008, Program Management Executive Steering Committee briefing
information included a proposal to close the Incident Management process reengineering
effort, but the meeting minutes did not indicate whether the proposal was
approved. The September 12, 2008,
Program Management Executive Steering
Committee minutes and the Investment
Management and Configuration Control Board minutes for April 11 through September 5, 2008, did not include any
information on this process. |
|
Problem
Management |
This process reengineering effort
focuses on prevention of recurring outages based on trend analysis and root cause
analysis. The August 4, 2008, Program Management Executive Steering
Committee briefing information included a proposal to close the Problem
Management process reengineering effort, but the meeting minutes did not
indicate whether the proposal was approved.
The September 12, 2008, Program Management Executive Steering Committee minutes and the Investment Management and Configuration Control Board minutes for April 11 through September 5,
2008, did not include any information on this process. |
Source: Interviews of IRS personnel and the review of
documentation provided by the IRS.
Appendix V
|
Competency Based Organization |
An organization that is structured independently of geographic boundaries, based on mission-focused groupings of related skills, knowledge, and functions working together across the enterprise to achieve common objectives. |
|
|
Supports
tax processing and information management through a data processing and
telecommunications infrastructure. |
|
Full-Time Equivalent |
A measure of labor hours in which one full-time equivalent is equal to 8
hours multiplied by the number of compensable days in a particular fiscal
year. In Fiscal Year 2008, |
|
Get Well Plan |
A plan that shows how the project/release will resolve issues identified (e.g., in testing of an Information Technology Contingency Plan). |
|
Information Technology Contingency Plan |
A plan that provides viable and actionable procedures and capabilities for recovering or restoring IRS systems and applications to their original state in the event of an information technology system disruption. |
|
Information Technology Infrastructure Library |
A series of books giving guidance--based on best practices--on the provision of quality information technology services and on the accommodation and environmental facilities needed to support information technology. |
|
Investment Management and Configuration Control Board |
A component of the Enterprise Operations organization’s internal governance structure established to review and decide on proposed changes to Enterprise Operations-owned baselined products. |
|
Plan of
Actions and Milestones |
Prioritizes
and assigns dates for remediation of identified weaknesses. |
|
Program Management Executive Steering Committee |
A component of the Enterprise Operations organization’s internal governance structure established to ensure that projects are well defined, thoroughly planned, implemented, controlled, and integrated into the Enterprise Operations organization environment. |
|
Server
Consolidation and Virtualization Project |
This
project will replace and/or refresh more than 1,000 physical Wintel servers
with about 200 high-end virtual servers and deploy a virtualized
infrastructure in the IRS’s computing centers and campus locations. |
|
|
Responsible for providing incident management and proactive monitoring support to ensure service continuity and service restoration. |
|
Stood Up |
In
October 2005, the Competency Based Organization was officially recognized. |
|
Tier I |
Computing infrastructure consisting of mainframe
computers that handle a high volume
of critical operational data. |
|
Tier II |
Computing infrastructure consisting of UNIX-based
minicomputer servers that provide specialized services. |
|
Unified Work Request |
A required document that provides notification to the Modernization and Information Technology Services organization that a service or support is needed. |
|
Uniform Resource Locator |
An address of a webpage on the world wide web. |
Appendix VI
Management’s Response to the Draft Report
DEPARTMENT OF THE TREASURY
INTERNAL REVENUE SERVICE
CHIEF TECHNOLOGY OFFICER
OCTOBER 28, 2009
MEMORANDUM FOR DEPUTY INSPECTOR.GENERAL FOR TAX
ADMINISTRATION
FROM: Terence V. Milholland /s/Terrence V. Milholland
Chief Technology Officer
SUBJECT; Draft Audit Report Progress Has Been Made in
Standardizing Processes
in the
Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031)
{i-trak # 2010-66328)
Thank you for the opportunity to review and respond to the subject audit report
We appreciate your comments and observations that the IRS has made progress in standardizing process in computing centers. We agree the implementation of the Competency Based Organization and the completed process reengineering efforts have established a framework and a sound foundation for continuing improvements within the Enterprise Operations organization.
We acknowledge that while savings have been realized and operations improved, additional improvements are needed to ensure ongoing and future process reengineering efforts are effectively planned and successfully implemented in a timely manner. We agree with the five recommendations made as a result of your audit and the attachment details our planned actions to implement them.
We value your continued support and the guidance your team provides. If you have any questions, please contact me at (202) 622-6800 or Darrin Brown, Director of Program Oversight, at (202) 283-4613.
Attachment
Attachment
Draft Audit Report - Progress Has Been Made in Standardizing Process in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trk # 2010-66328)
RECOMMENDATION #1: The Chief Technology Officer should ensure the Enterprise Operations organization's process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.
CORRECTIVE ACTION #1: We agree with this recommendation. The Enterprise Operations organization will develop a repeatable process in the form of standard operating procedures to ensure process reengineering teams adequately plan the scope of the effort, establish time periods for workload completion, track the progress, timely complete the effort, and have adequate resources.
IMPLEMENTATION DATE: March 1, 2010
RESPONSIBLE OFFICIAL: Associate
Chief Information Officer,
Operations
CORRECTIVE ACTIQN MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.
RECOMMENDATION #2: The Chief Technology Officer should ensure the Enterprise Operations organizations' management timely completes the remaining process reengineering efforts. If resources are not available to timely complete the efforts, the Enterprise Operations organization should then suspend or cancel the process reengineering effort(s).
CORRECTIVE ACTION #2: We agree with this recommendation. The Enterprise Operations organization will ensure management completes the remaining process reengineering efforts in a timely manner by implementing a yearly repeatable process as part of the standard operating procedures to schedule and track future reengineering processes. If resources are not available to complete the efforts, the Enterprise Operations organization will suspend or cancel the process reengineering effort.
IMPLEMENTATION DATE: October 1, 2010
RESPONSIBLE OFFICIAL: Associate
Chief Information Officer.
CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.
Attachment
Draft Audit Report - Progress Has Been Made in Standardizing Process in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trk # 2010-66328)
RECOMMENDATION #3: The Chief Technology Officer should ensure the Enterprise Operations organization's Configuration Management process reengineering team establishes a schedule for entering the prioritized configuration items in the Configuration Management Library.
CORRECTIVE ACTION #3: We agree
with this recommendation. The
IMPLEMENTATION DATE: March 1, 2010
RESPONSIBLE OFFICIAL: Associate
Chief Information Officer,
CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.
RECOMMENDATION #4: The Chief Technology Officer should ensure the Enterprise Operations organization's operational processes selected for reengineering are base lined to establish the current state of the process.
CORRECTIVE ACTION #4: We agree with this recommendation. The Enterprise Operations organization will implement a yearly repeatable process as part of the standard operating procedures to ensure operational processes selected for reengineering are based lined to establish the current state of the process.
IMPLEMENTATION DATE: March 1, 2010
RESPONSIBLE OFFICIAL: Associate
Chief Information Officer,
CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.
Attachment
Draft Audit Report - Progress Has Been Made in Standardizing Processes in the Computing Centers, but Additional Improvements Are Needed to Maximize Benefits (Audit # 200820031) (i-trak # 2010-66328)
RECOMMENDATION #5: The Chief Technology Officer should ensure the Enterprise Operations organizations’ implementation of performance measures to determine the effectiveness and efficiency of the reengineered processes.
CORRECTIVE ACTION #5: We agree with this recommendation. The Enterprise Operations organization will include the implementation of performance measures as part of the reengineering standard operating procedures to determine the effectiveness and efficiency of the reengineered processes.
IMPLEMENTATION DATE: March 1, 2010
RESPONSIBLE OFFICIAL: Associate
Chief Information Officer,
CORRECTIVE ACTION MONITORING PLAN: We enter accepted Corrective Actions into the Joint Audit Management Enterprise System (JAMES) and monitor them on a monthly basis until completion.
[1] See Appendix V for a glossary of terms.
[2] See Appendix V for a glossary of terms.
[3] The
[4] Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).
[5] GAO/AIMD-00-21.3.1, dated November 1999.
[6] See Appendix V for a glossary of terms.
[7] See Appendix V for a glossary of terms.