The Internal Revenue Service (IRS) is in the process of modernizing its aging computer systems. A critical component of the modernization effort is the establishment of an enterprise architecture that defines concepts such as the organization’s mission, vision, and future business objectives. It also defines the organization’s business processes, business requirements, anticipated processing volumes, products and services to be offered and locations where they will be provided. Finally, it defines basic computer hardware and software that will be used to provide these services. The IRS’ Modernization Blueprint, which provides the plan that is being used to guide and control the modernization efforts, contains the IRS’ initial steps toward defining the architecture. Future architecture updates will become part of this Blueprint.

The IRS hired Computer Sciences Corporation (CSC) to help with the modernization effort. It also established the Architecture Systems and Engineering (AE) Division to oversee the development of the enterprise architecture and the update of the Modernization Blueprint. The overall objective of our audit was to determine whether the IRS’ AE Division established an effective system of controls and processes to ensure the development of the IRS’ enterprise architecture and the update of the IRS’ Modernization Blueprint.

The IRS and CSC are currently developing 60 architecture work products, or documents, that will become part of the planned September 2000 update of the Modernization Blueprint. These documents will explain the IRS’ architecture standards, business requirements, and strategy for when and how the new computer systems will be implemented.

However, the processes followed by the IRS do not fully address the development of the enterprise architecture, ensure that the Blueprint architecture meets the IRS’ needs, or ensure that systems modernization projects follow architecture guidance.

The IRS is using a process called the Enterprise Life Cycle (ELC) to provide a disciplined and institutional approach for managing its information technology investments during conception, development, operation and maintenance. A critical piece of this ELC, the Enterprise Architecture supplement, has not been completed. This supplement establishes the processes, activities and work products needed to develop the enterprise architecture.

The delay in completing this supplement has resulted in an environment where the enterprise architecture is being developed at the same time as the required ELC processes and procedures. Ideally, the ELC processes and procedures should be established first so that the IRS will have this guidance to follow as it develops and updates the enterprise architecture. However, due to significant modernization project dependencies on the development of the enterprise architecture, we concur with the IRS’ decision to continue developing the enterprise architecture in the absence of these required ELC processes.

The IRS paid CSC nearly $3 million for six architecture products. However, the IRS did not conduct a thorough validation of these products before accepting them to ensure these products met the IRS’ needs. As a result, the IRS did not realize all the expected benefits from the funds invested in these products.

In the past, the General Accounting Office has recommended that the IRS define and implement processes to validate life cycle products, including architecture deliverables. The Clinger-Cohen Act of 1996 also requires government agencies to implement validation controls. This legislation requires government agencies to focus on the results they are achieving through their information technology investments. Agencies are required to put their technology procurement decisions in a true business context and analyze investments for their return on investment.

Several projects are currently underway as part of the IRS’ systems modernization. Since the project developers must design their systems in compliance with the IRS’ enterprise architecture, they each have dependencies on the development and establishment of the enterprise architecture into the Modernization Blueprint. One of the architecture products, delivered by CSC in November 1999, was developed to address critical near-term topics for the early projects, which planned to deliver new and enhanced services in Fiscal Year (FY) 2001. However, the product did not provide solutions to some of the key architecture issues that needed to be addressed for these projects to move forward with the designs. This contributed to the delay of computer modernization initiatives that were originally planned for FY 2001. Some of the modernization projects continue to await architecture direction in key areas. Other projects, which management believes are low risk and not impaired by delays in development of the architecture, are continuing development efforts.

In May 1997, the IRS provided a Modernization Blueprint to the Congress that provided an initial foundation for IRS’ future architecture. The first update to this Blueprint is due in September 2000, and additional updates will be made throughout the modernization effort. Currently, the Core Business Systems Executive Steering Committee serves as the final approval authority for changes to the Blueprint. However, this high-level Committee has numerous other responsibilities and may not be able to conduct sufficiently detailed reviews to ensure that updates to this Blueprint meet all business needs and are approved at all necessary levels.

The AE Division is currently exploring opportunities to establish enforcement and waiver processes. These controls are necessary to ensure modernization projects design their new systems in compliance with the enterprise architecture. The AE Division has not yet established these processes because it has focused its efforts on working with the PRIME contractor to identify the 60 enterprise architecture products that must be completed to update the Modernization Blueprint. Without enforcement and waiver processes, project developers could design new computer systems that are not compliant with the enterprise architecture. This could result in wasted time and money.

Although efforts are underway to more fully develop an enterprise architecture, the IRS should strengthen its controls and processes to ensure the architecture products being developed will meet the IRS’ needs and systems development projects follow this guidance. The Chief Information Officer needs to develop and implement a plan to expedite the completion of the Enterprise Architecture supplement to the ELC.

In addition, processes should be established to validate the architecture deliverables received from CSC, ensure that project needs are obtained and considered in the development of the architecture, control changes to the Modernization Blueprint, and enforce compliance with the future enterprise architecture.

Management’s Response: Management’s response was due on September 25, 2000. As of September 26, 2000, management had not responded to the draft report.