Executive Summary

Objective and Scope

Background

Results

Conclusion

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Executive Summary

The Internal Revenue Service (IRS) is in the process of modernizing its aging computer systems. A critical component of the modernization effort is the establishment of an enterprise architecture that defines concepts such as the organization’s mission, vision, and future business objectives. It also defines the organization’s business processes, business requirements, anticipated processing volumes, products and services to be offered and locations where they will be provided. Finally, it defines basic computer hardware and software that will be used to provide these services. The IRS’ Modernization Blueprint, which provides the plan that is being used to guide and control the modernization efforts, contains the IRS’ initial steps toward defining the architecture. Future architecture updates will become part of this Blueprint.

The IRS hired Computer Sciences Corporation (CSC) to help with the modernization effort. It also established the Architecture Systems and Engineering (AE) Division to oversee the development of the enterprise architecture and the update of the Modernization Blueprint. The overall objective of our audit was to determine whether the IRS’ AE Division established an effective system of controls and processes to ensure the development of the IRS’ enterprise architecture and the update of the IRS’ Modernization Blueprint.

The IRS and CSC are currently developing 60 architecture work products, or documents, that will become part of the planned September 2000 update of the Modernization Blueprint. These documents will explain the IRS’ architecture standards, business requirements, and strategy for when and how the new computer systems will be implemented.

However, the processes followed by the IRS do not fully address the development of the enterprise architecture, ensure that the Blueprint architecture meets the IRS’ needs, or ensure that systems modernization projects follow architecture guidance.

The IRS is using a process called the Enterprise Life Cycle (ELC) to provide a disciplined and institutional approach for managing its information technology investments during conception, development, operation and maintenance. A critical piece of this ELC, the Enterprise Architecture supplement, has not been completed. This supplement establishes the processes, activities and work products needed to develop the enterprise architecture.

The delay in completing this supplement has resulted in an environment where the enterprise architecture is being developed at the same time as the required ELC processes and procedures. Ideally, the ELC processes and procedures should be established first so that the IRS will have this guidance to follow as it develops and updates the enterprise architecture. However, due to significant modernization project dependencies on the development of the enterprise architecture, we concur with the IRS’ decision to continue developing the enterprise architecture in the absence of these required ELC processes.

The IRS paid CSC nearly $3 million for six architecture products. However, the IRS did not conduct a thorough validation of these products before accepting them to ensure these products met the IRS’ needs. As a result, the IRS did not realize all the expected benefits from the funds invested in these products.

In the past, the General Accounting Office has recommended that the IRS define and implement processes to validate life cycle products, including architecture deliverables. The Clinger-Cohen Act of 1996 also requires government agencies to implement validation controls. This legislation requires government agencies to focus on the results they are achieving through their information technology investments. Agencies are required to put their technology procurement decisions in a true business context and analyze investments for their return on investment.

Several projects are currently underway as part of the IRS’ systems modernization. Since the project developers must design their systems in compliance with the IRS’ enterprise architecture, they each have dependencies on the development and establishment of the enterprise architecture into the Modernization Blueprint. One of the architecture products, delivered by CSC in November 1999, was developed to address critical near-term topics for the early projects, which planned to deliver new and enhanced services in Fiscal Year (FY) 2001. However, the product did not provide solutions to some of the key architecture issues that needed to be addressed for these projects to move forward with the designs. This contributed to the delay of computer modernization initiatives that were originally planned for FY 2001. Some of the modernization projects continue to await architecture direction in key areas. Other projects, which management believes are low risk and not impaired by delays in development of the architecture, are continuing development efforts.

In May 1997, the IRS provided a Modernization Blueprint to the Congress that provided an initial foundation for IRS’ future architecture. The first update to this Blueprint is due in September 2000, and additional updates will be made throughout the modernization effort. Currently, the Core Business Systems Executive Steering Committee serves as the final approval authority for changes to the Blueprint. However, this high-level Committee has numerous other responsibilities and may not be able to conduct sufficiently detailed reviews to ensure that updates to this Blueprint meet all business needs and are approved at all necessary levels.

The AE Division is currently exploring opportunities to establish enforcement and waiver processes. These controls are necessary to ensure modernization projects design their new systems in compliance with the enterprise architecture. The AE Division has not yet established these processes because it has focused its efforts on working with the PRIME contractor to identify the 60 enterprise architecture products that must be completed to update the Modernization Blueprint. Without enforcement and waiver processes, project developers could design new computer systems that are not compliant with the enterprise architecture. This could result in wasted time and money.

Although efforts are underway to more fully develop an enterprise architecture, the IRS should strengthen its controls and processes to ensure the architecture products being developed will meet the IRS’ needs and systems development projects follow this guidance. The Chief Information Officer needs to develop and implement a plan to expedite the completion of the Enterprise Architecture supplement to the ELC.

In addition, processes should be established to validate the architecture deliverables received from CSC, ensure that project needs are obtained and considered in the development of the architecture, control changes to the Modernization Blueprint, and enforce compliance with the future enterprise architecture.

Management’s Response: Management’s response was due on September 25, 2000. As of September 26, 2000, management had not responded to the draft report.

Objective and Scope

The overall objective of this audit was to determine whether the Internal Revenue Service’s (IRS’) Architecture Systems and Engineering (AE) Division established an effective system of controls and processes to ensure the development of the IRS’ enterprise architecture and the update of the IRS’ Modernization Blueprint. To accomplish this objective, we determined whether the AE Division established processes for validation of deliverables, control of changes to the Blueprint, consideration of project needs in development of architecture standards, and enforcement and waiver of architecture standards. We also determined whether the Enterprise Life Cycle (ELC) contained the processes, activities and details that are necessary to develop the enterprise architecture.

The scope of our audit included discussing the efforts underway to develop an enterprise architecture with key IRS and contractor officials, and reviewing relevant architecture documentation. The audit was conducted in the IRS Business Systems Modernization Office in New Carrollton, Maryland from January through June 2000. This audit was performed in accordance with Government Auditing Standards.

Details of our audit objective, scope, and methodology are presented in Appendix I. Major contributors to this report are listed in Appendix II.

Background

The IRS is attempting to modernize its organizational structure, performance management system, and its computer systems. To accomplish this comprehensive business change, the IRS selected a consulting firm to provide the solutions, advice and guidance needed to ensure success in the modernization of its systems. In December 1998, Computer Sciences Corporation (CSC), the PRIME contractor, was awarded a 15-year contract that is potentially worth $5 billion.

In addition, the MITRE Corporation is under contract to assist the IRS with the systems modernization. MITRE provides the IRS with specific expertise in establishing strategic priorities, making investment decisions, evaluating proposals, managing the systems modernization program, monitoring contracts, performing specific research, and conducting testing activities.

A critical component of the modernization effort is the establishment of an enterprise architecture that systems and modernization projects are required to follow. An enterprise architecture defines high-level concepts such as the organization’s mission, vision, and future business objectives. It also defines the organization’s business processes, business requirements, anticipated processing volumes, products and services to be offered and locations where they will be provided. Finally, it defines basic hardware and software technology components that will be used to provide these services. The Modernization Blueprint contains the IRS’ initial steps toward definition of its architecture, and future architecture updates will become part of this Blueprint.

The IRS and the PRIME contractor are developing and following the ELC to manage the business change and modernize the IRS’ computer systems. The ELC is an evolving methodology that should provide the processes, activities, products, policies and procedures that are necessary to manage the modernization efforts and the business change at the IRS.

In May 1997, the IRS provided a Modernization Blueprint to the Congress. This Blueprint included an architecture component. The General Accounting Office (GAO) acclaimed this Blueprint as a good first step in its February 1998 report to the Congress. The GAO reported that the IRS’ Modernization Blueprint provided a solid foundation from which to define precise business requirements. However, it also reported that the Blueprint components were not detailed or complete, and did not provide an adequate basis for effectively developing or acquiring systems. In addition, the components had not been validated using defined processes.

Three years have passed since the 1997 Modernization Blueprint was completed. The IRS is now working to update the 1997 Blueprint and plans to issue Blueprint 2000 in September 2000.

Several projects are currently underway as part of the IRS’ systems modernization. Two of the main projects, Customer Communications and e-Services, were initially expected to achieve customer service improvements in the 2001 and 2002 tax filing seasons. In addition, a third project, Security and Technology Infrastructure Releases (STIR), provides technical support and a technological "backbone" for the other two projects. These projects are called near-term projects because their benefits are expected to be realized in the next year or two.

The architecture task orders initiated by the IRS requested the PRIME to form an Architecture and Engineering group to address architecture issues for the near-term projects so that they could proceed with their systems development. The IRS also requested the PRIME to update the Modernization Blueprint.

Results

The IRS is currently working with the PRIME contractor to develop 60 architecture work products, or documents, that will become part of the Modernization Blueprint. These documents will define the IRS’ future architecture standards and business requirements, and provide a transition strategy for how and when the new computer systems will be implemented. The first release of the 60 products is scheduled to be completed by September 2000, and will be called Blueprint 2000.

However, the IRS’ new methodology for business systems modernization, the ELC, does not fully address the development of an enterprise architecture. In addition, the AE Division has not established effective controls and processes to ensure that these architecture products will meet the IRS’ needs or to ensure that systems development projects follow the guidance provided in these products. Processes are needed to validate the architecture deliverables received from the PRIME contractor, consider project needs in the development of the architecture, control changes to the Blueprint, and enforce compliance with the enterprise architecture.

The Enterprise Life Cycle Does Not Contain the Detailed Processes and Activities Necessary to Develop the Enterprise Architecture

The IRS is using the ELC to provide a disciplined and institutional approach for managing its information technology investments. A critical supplement to this ELC, the Enterprise Architecture supplement, has not yet been completed. The PRIME contractor is in the process of creating this supplement. This document is needed to establish the necessary processes, activities and work products that are needed to guide the IRS and the PRIME in the development of the enterprise architecture. However, the IRS did not initiate the task order requesting the PRIME contractor to enhance and augment the ELC with this supplement until November 15, 1999. This was 11 months after the award of the PRIME contract to CSC.

One of the main reasons for the delay in completing the Enterprise Architecture supplement was that IRS officials believed the ELC already contained the processes and activities needed to update the enterprise architecture. They believed that if they followed the existing processes in the ELC, the architecture would develop. However, this did not occur.

Another reason for the delay in creating the Enterprise Architecture supplement was the belief among some IRS officials that the 1997 Modernization Blueprint already contained the enterprise architecture. However, as the GAO reported, the 1997 Blueprint components were not detailed or complete, and did not provide an adequate basis for effectively and efficiently developing or acquiring systems.

The delay in the development of the IRS’ enterprise architecture contributed to the decision to postpone several key project initiatives. In addition, architecture work products for Blueprint 2000 are being prepared at the same time as the ELC processes and activities that are needed to guide the development of the architecture. Even though the ELC processes and activities should have been established first, we concur with the IRS’ decision to continue developing the enterprise architecture because the modernization projects have significant dependencies on the development of the enterprise architecture.

The delay in developing the ELC and the corresponding enterprise architecture contributed to the postponement or "push-back" of several initiatives planned for rollout by the Customer Communications and e-Services projects in FY 2001.

Customer Communications Project: The Customer Communications Project planned to provide taxpayers with Internet capability to determine their refund status and other useful information related to the filing of their tax returns. This project also planned an initiative that would help the IRS determine taxpayers’ incoming telephone call patterns.

E-Services Project: The e-Services project had planned to implement initiatives to make it easier and provide incentives for tax practitioners to participate in electronic filing.

These modernization initiatives were postponed, in part, due to the lack of an enterprise architecture.

To guide the projects in their future systems development, the IRS and PRIME contractor have identified 60 work products. These 60 products are designed to establish enterprise architecture, enterprise requirements, and enterprise transition into the Modernization Blueprint. The IRS plans to complete the first release of the enterprise architecture, enterprise requirements, and enterprise transition by the September release of Blueprint 2000. This release is intended to provide the solutions needed to allow the near-term projects to proceed.

The completion of these 60 architecture products by the September 2000 target date may not be achievable. The IRS needs to define and document the processes and activities that should be followed to complete these products. For example, the IRS needs to identify and document the processes and activities that should be performed to ensure that the current and future systems architecture is accurately defined. These processes and activities will help to ensure that affected business units are involved in the architecture development, and they should be included in the Enterprise Architecture supplement to the ELC.

The 60 architecture products that the IRS and the PRIME contractor identified as necessary were identified during the preliminary stages of the development of the ELC Enterprise Architecture supplement. Close coordination between the team that is developing the supplement and the team that is producing the architecture products is critical to ensure that the products that are developed address the requirements of the ELC.

To ensure the critical processes, activities, and work products necessary for the enterprise architecture are identified and developed, the Chief Information Officer (CIO) should:

1. Develop and implement a plan to expedite the completion of the Enterprise Architecture supplement to the ELC. This part of the ELC is necessary to provide all of the processes, products, techniques and procedures that are needed to establish and update the IRS’ enterprise architecture, and to provide needed guidance to ongoing systems development projects.

Management’s Response: Management’s response was due on September 25, 2000. As of September 26, 2000, management had not responded to the draft report.

A Validation Process Has Not Been Established to Ensure That Architecture Products Meet the Internal Revenue Service’s Needs

The IRS has paid the PRIME contractor nearly $3 million, thus far, to develop architecture work products, or deliverables for which limited benefits have been realized. The PRIME contractor submitted six architecture deliverables to the IRS under two different task orders between August 2 and December 1, 1999. However, the AE Division did not thoroughly validate the results achieved from these investments to ensure that they met the IRS’ needs.

For example, the IRS initiated two task orders (13 and 17) in 1999 requesting the PRIME contractor to identify solutions to the architecture issues that needed to be addressed for the projects that are currently under development to proceed with their system designs. However, neither task order adequately accomplished this objective. As previously presented, the lack of an enterprise architecture contributed to the IRS’ decision to postpone some modernization initiatives that were originally planned for release in FY 2001 by the Customer Communications and e-Services projects.

An effective validation control was not established in the AE Division because the staff took other actions they believed were sufficient to ensure that the PRIME contractor’s architecture deliverables met the IRS’ needs. For example, AE officials participated in meetings with the PRIME contractor throughout the development of the deliverables.

The IRS’ acceptance process for the architecture deliverables does not contain procedures requiring the Contracting Officer’s Technical Representative to obtain validation documentation from the AE Division prior to acceptance of the PRIME’s deliverables. The Technical Representative requires only an approval from the Government Task Manager, who may or may not be from the AE Division, to initiate payment for the deliverables. This approval may consist of a simple e-mail message.

The Clinger-Cohen Act of 1996 requires government agencies to implement validation controls. This legislation was enacted to require government agencies to focus on the results they are achieving through their information technology investments. Agencies are required to put their technology procurement decisions in a true business context and analyze investments for their return on investment.

In addition to the Clinger-Cohen Act, the GAO guide for evaluating information technology investments indicates that government agencies should regularly validate cost, benefit, and risk data used to support the investments. Agencies must institutionalize management processes and focus on measuring and evaluating results. They also must have hard numbers and facts on what was spent on information technology and what the agency achieved with the investments.

In its February 1998 report on the 1997 Blueprint, the GAO recommended that the IRS validate its business requirements, its architecture, and its sequencing plan using completed and implemented processes.

Two of the 60 enterprise architecture products that are scheduled to be completed by September 2000 are intended to provide incremental and overall validation controls.

• Product #49, Enterprise Architecture Completeness and Adequacy Assessment Approach, is intended to provide guidance in the incremental assessment of the PRIME’s deliverables.
• Product #50, Enterprise Architecture Completeness and Adequacy Assessment, will be designed to address the assessment of the overall enterprise architecture for coherency. This assessment will be designed to determine if all of the architecture pieces fit together.

As development of the architecture has evolved, management has recognized the need and taken some steps to enhance its validation processes. Implementation of an effective validation process prior to acceptance of the architecture work products is critical to ensure that Blueprint 2000 meets the IRS’ needs.

To establish a process to ensure architecture deliverables meet the IRS’ needs, the CIO should take actions to:

1. Implement processes necessary to ensure the architecture deliverables received from the PRIME contractor are thoroughly evaluated by the AE Division staff. These validation controls should be established prior to the delivery of the enterprise architecture products that are scheduled for delivery by the PRIME contractor. These processes should ensure that benefits claimed from architecture investments are fully supported by sufficient data.
2. Strengthen the deliverable acceptance process to ensure that payment for an architecture deliverable is not initiated until the Director of AE approves that the deliverable meets the IRS’ needs.

Processes Are Needed to Ensure That Architecture Requirements of Critical Modernization Projects Are Obtained and Addressed

Several projects, including Customer Communications, e-Services, and STIR are currently underway as part of the IRS’ systems modernization. The key architecture product delivered, thus far, called "Near-Term Topics: Architectural Approaches, Principles and Products for Moving Forward with Modernization" was intended to identify and develop solutions for these near-term projects to proceed with their system designs. This product, delivered in November 1999, did not address all of the architecture issues needed by the near-term projects in order for the IRS to roll out the modernization initiatives planned for release in FY 2001.

The Architecture Steering Group, which is comprised of technical staff from the AE Division, MITRE, and the PRIME contractor, took actions to consider the needs of the modernization projects. This group conducted background studies and interviews with private technology companies. However, obtaining consensus among the project teams was deemed a difficult objective, and there was a time limitation on the completion of the Near-Term Topics product. Therefore, the Architecture Steering Group prioritized and addressed the nine architecture issues that they believed were most significant.

Examples of architecture issues that were not addressed include the messaging software and the security framework that the IRS will use in its new computer systems. The STIR project needed these architecture issues to be addressed in order to advance its project. Because the other projects are dependent upon STIR to provide their technological "backbone", it is critical to ensure that the architecture needs of STIR are addressed, so that delays are not experienced in the other projects.

MITRE raised the above security framework weakness in their "Near-Term Project Concerns" document, dated April 16, 2000. This document stated that the Customer Communications, e-Services and STIR projects all have dependencies and risks associated with security policy changes. That is, as the near-term projects advance their system designs without the establishment of an enterprise-wide security framework, there are risks that their system designs may not be compatible with the yet-to-be defined security framework.

Three months after the delivery of the "Near-Term Topics" document, STIR was still working with the AE Division to discuss and obtain solutions to 34 topics and technical issues that were not provided in the initial document. In addition to the above security and messaging software issues, STIR also had concerns with a computer choice in the Near-Term Topics document. The STIR project team disagreed with the computer choice due to the anticipated high costs and performance limitations of the computer.

The Customer Communications project team expressed similar concerns with the Near-Term Topics product. In addition to the above messaging issues, they listed other communication products that were not adequately addressed from an architecture standpoint.

After the completion of this architecture product, the project teams were briefed on the architecture approaches, principles and products that were selected. At this point, workshops were initiated between the architecture and near-term project teams to address the unresolved architecture issues.

The ELC lists user involvement as one of ten project success factors. The ELC encourages cooperation between developers and users and provides for active user participation at almost every step. A fundamental guiding principle of the ELC requires developers, users and other parties to build and maintain consensus on a regular basis.

As mentioned earlier in this report, the Customer Communications and e-Services projects postponed several modernization initiatives that were originally planned to rollout in FY 2001. This delay was due in part to the fact that the needs and requirements of the near-term projects were not fully addressed in the development of the enterprise architecture deliverables that have been received thus far in the modernization effort. Other initiatives, which management believes are low risk and not impaired by delays in development of the architecture, are continuing development efforts.

Recommendation

To ensure that system modernization project teams understand and agree to enterprise architecture standards, the CIO should take actions to:

3. Establish a process to obtain, fully document, and address the needs of the modernization projects in the development of the enterprise architecture products. This process should require technical representatives from each project team to participate in meetings as architecture deliverables are developed that impact the design of their projects.

A Change Control Board Is Needed to Review and Approve Changes to the Modernization Blueprint

In May 1997, the IRS delivered a Modernization Blueprint to the Congress that provided an initial foundation for the IRS’ future architecture. The first update to this Blueprint is due in September 2000, and additional updates will be made throughout the modernization effort.

The IRS established the Core Business Systems (CBS) Executive Steering Committee and several subsidiary Executive Steering Committees to oversee the modernization efforts. Each sub-Committee was given responsibility for overseeing a major project, which includes a set of closely related subordinate projects and tasks. This oversight involves approving major milestone decisions and ensuring that the modernization of information systems supports the strategic needs and direction of the new business organizations.

Although oversight structures are in place to ensure that changes made to projects meet business needs, the CBS Executive Steering Committee approves final changes to the Blueprint. This Committee’s review is conducted at a very high level, and this Committee has numerous other responsibilities. Risks exist that this Committee may not have the ability to perform detailed reviews to ensure updates to the Blueprint meet all business needs and are approved at all necessary levels.

Without establishing change controls, the Modernization Blueprint might not be updated with the enterprise architecture needed to ensure consistent guidance in the IRS’ modernization efforts. This could result in incompatible system designs by the near-term and strategic modernization project teams.

Recommendation

To ensure that changes to the enterprise architecture are approved and the Modernization Blueprint properly updated, the CIO should:

4. Establish a central Change Control Board to approve enterprise architecture changes to the Modernization Blueprint. The results of each Change Control Board review should be documented and include the results and conclusions reached by the Board.

Enforcement and Waiver Processes Are Needed to Ensure Compliance with Architecture Guidance

In its report to the Congress on the IRS’ 1997 Blueprint, the GAO emphasized the need for a disciplined set of processes to enforce the architecture in the Blueprint. The GAO reported that the Blueprint provides a solid foundation upon which to establish processes for validating, implementing, and enforcing the architecture.

Officials from the AE Division are aware of the need to establish enforcement and waiver processes for the enterprise architecture, and are currently exploring opportunities to establish them. However, this control has not yet been established because the AE Division has focused its efforts on working with the PRIME contractor to identify the 60 enterprise architecture products that must be completed and delivered to establish Blueprint 2000. In other words, its efforts have, thus far, been focused on creating rather than enforcing the enterprise architecture.

An enforcement process would ensure project teams design their systems in compliance with the enterprise architecture that is approved and incorporated into the Blueprint. A waiver process would allow the project teams to request approval to deviate from the enterprise architecture. However, all waiver requests would be thoroughly reviewed before any approvals to deviate were granted.

Our review identified two illustrations where deviations from the architecture were pursued.

• MITRE officials identified at least one project where the technical architect was considering other alternatives to the recommended architecture products that were selected in the "Near-Term Topics" document.
• The AE Division staff has held meetings with IRS officials who were seeking to deviate from the recommended architecture standards.

Without an enforcement and waiver process, project developers could design new computer systems that are not compliant with the enterprise architecture. This could result in wasted time and money.

To ensure systems modernization project teams comply with established enterprise architecture standards, the CIO should:

1. Establish an enforcement process to ensure compliance with the enterprise architecture. This control should involve periodic reviews of project system designs. The results and conclusions of these reviews should be documented and actions should be taken to correct unauthorized departures from the Blueprint.
2. Establish a waiver process to approve minor deviations from the established architecture standards. This process should allow projects the ability to request guidance and approval to deviate from the Blueprint architecture.

Conclusion

Although efforts are underway to more fully develop an enterprise architecture, the IRS has not established the controls and processes necessary to ensure that the products being developed will meet the IRS’ needs or that systems development projects follow this guidance. To address these issues, the IRS and the PRIME contractor need to expedite completion of the enterprise architecture supplement to the ELC. This supplement is needed to provide guidance to the IRS and the PRIME contractor in their development of the 60 architecture products that will comprise Blueprint 2000.

In addition, processes should be established to validate the architecture deliverables received from the PRIME contractor, ensure that project needs are obtained and considered in the development of the architecture, control changes to the Blueprint, and enforce compliance with the established enterprise architecture.

Detailed Objective, Scope, and Methodology

The overall objective of our audit was to determine whether the Internal Revenue Service’s (IRS) Architecture Systems and Engineering (AE) Division established an effective system of controls and processes to ensure the development of the IRS’ enterprise architecture and the update of the IRS’ Modernization Blueprint. To accomplish our overall objective, we:

1. Determined whether the system of controls prescribed by the Enterprise Life Cycle (ELC) is designed to effectively establish an enterprise level architecture.
1. Determined the completion status of the Enterprise Architecture supplement to the ELC Guide.
2. Interviewed IRS and Computer Sciences Corporation (PRIME Contractor) officials responsible for developing the enterprise architecture and the Enterprise Architecture supplement to determine what ELC processes and guidance they are currently following.
3. Determined whether the IRS enterprise architecture is being developed and established consistent with Treasury’s Information System Architecture Framework and with the Federal Enterprise Architecture Framework.
1. Interviewed the Director of the AE Division and key PRIME contractor personnel working on the Enterprise Architecture supplement to determine how this consistency is maintained.
2. Determined whether the AE Division has established a control to validate the PRIME contractor’s deliverables to ensure they satisfy the requirements of the task orders.
1. Identified all task orders that tasked the PRIME contractor to develop architecture approaches, principles, products or standards.
2. Determined when these task orders were initiated.
3. Identified the deliverables for these task orders. Determined whether the IRS actually received these deliverables. Obtained electronic and or paper copies of the deliverables.
4. Determined whether the deliverables were the same. That is, were the same tasks repeated?
5. Evaluated whether the task orders were sufficiently descriptive to guide the PRIME contractor in developing the deliverables.
6. Determined whether the task orders and corresponding documentation included clauses to require approval prior to payment for the deliverables.
7. Interviewed PRIME contractor personnel to determine progress toward updating the Blueprint and any anticipated delays.
8. Requested documentation of the AE Division’s validation of the deliverables received under task orders 13 and 17.
1. Interviewed AE Division staff to determine whether issues were raised by AE and whether those issues were resolved.
2. Determined whether the enterprise architecture deliverables were timely disseminated to the project leaders.
3. Determined whether AE Division and/or MITRE Corporation personnel have the necessary qualifications and technical expertise to validate the PRIME contractor’s deliverables.
3. Determined whether the architecture needs and requirements of the near-term projects are obtained and fully considered in the development of the enterprise architecture.
1. Determined whether critical user input was considered in preparing the "Near-Term Topics" Document. The "Near-Term Topics" document was a preliminary, key deliverable in the development of the enterprise architecture. Personnel from the PRIME, MITRE and the IRS developed this product.
1. Determined where the core contributors and participants who developed the Near-Term Topics product work.
2. Interviewed the Director and Senior Technical Architect of the AE Division and a sample of the core contributors to the Near-Term Topics document to ascertain the level of involvement by the projects.
3. Interviewed near-term project leaders to determine their level of involvement.
2. Determined how the Blueprint will be updated with enterprise architecture.
1. Interviewed the Director and Senior Technical Architect of the AE Division.
4. Determined whether a Change Control Board has been established to approve the enterprise and project design architecture before it is incorporated into the Modernization Blueprint.
1. Interviewed the Director of the AE Division to determine whether this control has been established.
5. Determined whether an enforcement and waiver process has been established to ensure compliance with the enterprise architecture.
1. Interviewed the Director and the Senior Technical Architect of the AE Division to determine whether these controls have been established.

Major Contributors to This Report

Scott E. Wilson, Associate Inspector General for Audit (Information Systems Programs)

Scott A. Macfarlane, Director

Tammy L. Whitcomb, Audit Manager

William A. Gray, Senior Auditor

George Franklin, Auditor

Suzanne Noland, Auditor

Report Distribution List

Deputy Commissioner Modernization C:DM

Chief Information Officer IS

Director, Business Systems Modernization B

Deputy Director, Business Systems Modernization B:E

Director, Architectural Engineering Division B:AE

Director, Legislative Affairs CL:LA

Office of Management Controls CFO:A:M

Office of Chief Counsel CC

Director, Office of Program Evaluation and Risk Analysis M:O

Office of the National Taxpayer Advocate TA

Audit Liaisons:

Chief Information Officer IS

Business Systems Modernization Office B:E