TREASURY INSPECTOR GENERAL FOR TAX
ADMINISTRATION
The
Business Systems Modernization Program Has Achieved Mixed Success in Addressing
Weaknesses Identified in Internal and External Studies
November 2005
Reference Number: 2006-20-003
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone Number |
202-927-7037
Email Address | Bonnie.Heald@tigta.treas.gov
Web Site | http://www.tigta.gov
November 21, 2005
MEMORANDUM FOR CHIEF INFORMATION OFFICER
FROM: Michael R. Phillips /s/ Michael R. Phillips
Deputy Inspector General for Audit
SUBJECT: Final Audit Report – The Business Systems Modernization Program Has Achieved Mixed Success in Addressing Weaknesses Identified in Internal and External Studies (Audit # 200520026)
This report presents the results of our review to determine whether the Internal
Revenue Service (IRS) Business Systems Modernization (BSM) Challenges Plan
actions have been or will be effective in improving and strengthening the
overall performance of the modernization program by addressing study
weaknesses. The IRS Chief Information
Officer (CIO) requested the Treasury Inspector General for Tax Administration
perform a review of the effectiveness of the BSM Challenges Plan. This audit is in response to the CIO’s
request.
The IRS is currently engaged in an effort, known as BSM, to modernize its systems and associated processes. When the current IRS Commissioner arrived at the IRS in May 2003, the Commissioner and the PRIME contractor[1] determined they needed fresh assessments from outside experts on the health of the BSM program. As a result, in the summer of 2003, the IRS launched a comprehensive review comprising three studies of the BSM program. In addition, the PRIME contractor launched an internal study. To address the results of these studies, the IRS and the PRIME contractor developed a 48-point action plan,[2] known as the BSM Challenges Plan, designed to address the BSM-related study recommendations.
Synopsis
The BSM
Challenges Plan was intended to address longstanding BSM weaknesses identified
in internal and external studies. Our
review of 25 action items found that, for 19 (76 percent) of the action items,
the IRS is achieving this objective by effectively taking actions that should
help address the identified weaknesses. For
example, project managers from
both the IRS and the PRIME contractor believe communications have improved
following the reorganization of the modernization governance structure. In addition, the IRS has hired a number of
executives from outside the IRS to increase the management capability and skills
available to the BSM program.
For the remaining
six items, we identified additional actions we believe are needed to
effectively address the identified weaknesses.
For example, the IRS has made improvements in the areas of configuration
and change management and has initiated or planned an ambitious set of
activities; however, it was difficult to determine all the activities that
needed to be accomplished or a time period for the activities because an
overall action plan had not been prepared.
In addition, the
Associate CIO (ACIO), BSM, informed us the relationship between the IRS and the
PRIME contractor was changing. Under the
new operating model, the PRIME contractor will be a solutions provider and the
BSM Office will become the program integrator.
BSM Challenges Plan Action Item 30-07 (Identify key productivity and
quality metrics[3] across the life cycle based on industry
standards), Action Item 180-09 (Implement enhanced subcontractor management
model), and other action items have been affected by the change in the IRS and
PRIME contractor relationship.
Recommendations
To ensure study
weaknesses and previous recommendations concerning change/configuration
management[4] are addressed, we recommended the ACIO,
Enterprise Services, 1) create an overall plan that
includes defined tasks, responsible individuals, and estimated completion dates
for implementing one process for managing change; 2) create an overall plan that includes defined tasks, responsible
individuals, and estimated completion dates for implementing the
standardized configuration management toolset; and 3) ensure corrective actions
are completed by assigning executive-level responsibility for addressing
configuration management deficiencies.[5]
To ensure study weaknesses are addressed as part of the new IRS/PRIME contractor operating model, we recommended the ACIO, BSM, 1) assume the responsibility for correcting the identified study weaknesses concerning project metrics, 2) consider enforcement of the “inspection clause”[6] on all new contracts and establish staffing to accomplish inspections, and 3) review additional action items closed due to the change in the IRS/PRIME contractor operating model to determine if any aspects of the closed action items should be addressed as part of the new BSM operating model.
Response
The CIO agreed with our recommendations. The CIO responded the BSM Challenges Plan has
evolved to support the BSM program’s goal of continuous improvement. BSM officials have identified highest
priority initiatives, taking into consideration actions from the BSM Challenges
Plan as well as internal and external assessments of the needs of the BSM
program.
To ensure study weaknesses
and previous recommendations concerning change/configuration management are
addressed, the IRS is creating a plan to implement one process for managing
change requests and Requests for Information Services. The IRS is also hiring a contractor to assist
in identifying a solution that integrates configuration management components
on a Modernization and Information Technology Services organization-wide scale and has assigned
responsibility for addressing configuration management deficiencies. To ensure study weaknesses are addressed as
part of the new IRS/PRIME contractor operating model, the IRS has initiated a
phased approach to identifying, collecting, and using productivity and quality
metrics. In addition, the IRS has
completed actions to ensure contractors are held accountable for work items and
commitments (e.g., performing code and documentation inspections) and the BSM
Quality Assurance organization coordinates with subcontractor Quality Assurance
organizations to ensure quality products are delivered. Lastly, the IRS has implemented processes to
define project roles and decision authorities and to conduct life cycle reviews,
and is currently implementing a formal risk elevation process. Management’s complete response to the draft
report is included as Appendix VII.
Copies of this report are also being sent to the IRS managers affected by the report recommendations. Please contact me at (202) 622-6510 if you have questions or Margaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at (202) 622-8510.
Appendices
Appendix I – Detailed
Objective, Scope, and Methodology
Appendix II – Major
Contributors to This Report
Appendix
III – Report Distribution List
Appendix IV – Independent Assessment of the Business
Systems Modernization Challenges Plan Status
Appendix V – Enterprise Life Cycle Overview
Appendix VI – Business
Systems Modernization Project Descriptions
Appendix VII – Management’s
Response to the Draft Report
The Internal Revenue Service (IRS) is currently engaged in
an effort, known as Business Systems Modernization (BSM), to modernize its
systems and associated processes. To
facilitate the success of its modernization efforts, the IRS hired the Computer
Sciences Corporation as the PRIME contractor and integrator for the BSM program
and created the BSM Office (BSMO) to guide and oversee the work of the PRIME
contractor.[7]
While the IRS and PRIME contractor have deployed projects that provide value to taxpayers and have built the infrastructure needed to support these projects, the IRS and its contractors have drawn increased criticism due to continuing schedule delays and cost increases. When the current IRS Commissioner arrived at the IRS in May 2003, the Commissioner and the PRIME contractor determined they needed fresh assessments from outside experts on the health of the BSM program. As a result, in the summer of 2003, the IRS launched a comprehensive review comprising three studies of the BSM program. In addition, the PRIME contractor launched an internal study.
The BSM program released the results of these studies early in Fiscal
Year 2004. The studies were commissioned
to identify specific areas for improvement in the BSM program. To address the results of these studies, the
IRS and the PRIME contractor developed a 48-point action plan,[8] known as the BSM Challenges Plan,
designed to address the BSM-related study recommendations. The IRS later merged 10 action items,
resulting in 38 action items being actively worked by the IRS. On May 1, 2004, the BSM Challenges Plan
Close-Out Report was released detailing the actions taken to address BSM
challenges.
In the summer of 2004, the IRS Chief Information Officer (CIO) requested the Treasury Inspector General for Tax Administration (TIGTA) perform a review of the effectiveness of the BSM Challenges Plan. In December 2004, we issued a report on the results of that audit.[9] We determined key IRS executives and stakeholders quickly acknowledged BSM shortcomings and developed action items to address the studies’ recommendations and resolve longstanding BSM issues. However, we determined the studies’ recommendations were not fully addressed by the BSM Challenges Plan; no measurement plan was created to determine if the actions taken resulted, or will result, in actual improvements in the BSM program; and many BSM Challenges Plan action items were closed before all significant activities were completed.
In August 2004, the Associate CIO (ACIO), Modernization Management, identified the key barriers to success in the BSM program and created a plan to address these barriers. This plan included detailed, high-priority initiatives to deal with the root causes that created the barriers.
Since many of the BSM Challenges Plan action items were reopened following our initial review, this audit was initiated to review the effectiveness of the BSM Challenges Plan. We analyzed the audit work that had been completed during other reviews of the BSM program that related to the action items, performed indepth work on the effectiveness of the six additional action items shown in Figure 1, and evaluated the status of action items as communicated by the IRS.
Figure 1:
BSM Challenges Plan Action Items Reviewed in Depth
As Part of This Audit
|
Action Item Number |
Action Item Description |
|
30-04 |
Clarify roles of committees as advisory. |
|
30-07 |
Identify key productivity and quality metrics[10] across the life cycle based on industry standards. |
|
90-07 |
Refine change request[11] process. |
|
90-17 |
Establish a BSM Acquisition Executive. |
|
180-05 |
Strengthen IRS program and project manager cadre. |
|
180-09 |
Implement enhanced subcontractor management model. |
Source: BSM Challenges Plan and this report.
This audit was conducted while changes were being made at the BSM program level, including a significant change in the relationship between the IRS and the PRIME contractor. Any changes that have occurred since we concluded our analyses in April 2005 are not reflected in this report.
This review was performed at the BSMO facilities in New Carrollton, Maryland, during the period October 2004 through April 2005. The audit was conducted in accordance with Government Auditing Standards. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
The BSM Challenges Plan was intended to address longstanding BSM weaknesses identified in internal and external studies. Our review of 25 action items found that, for 19 (76 percent) of the action items, the IRS is achieving this objective by effectively taking actions that should help address the identified weaknesses. For the remaining six items, we identified additional actions we believe are needed to effectively address the identified weaknesses. These items are discussed in detail later in the report.
In addition, we did not draw any conclusions about the remaining 13 of 38 total BSM Challenges Plan action items because the items met 1 or more of the following 3 criteria:
Figure 2 summarizes
our opinions on the closure status of BSM Challenges Plan action items.[12]
Figure 2:
TIGTA Opinion on the Closure Status of BSM Challenges Plan Action Items
Figure 2 was removed due to its size.
To see Figure 2, please go to the Adobe PDF version of the report on the
TIGTA Public Web Page.
The IRS has successfully
closed 19 BSM Challenges Plan action items
We determined the IRS has effectively closed 19 BSM Challenges Plan action items. Some examples of positive outcomes that resulted from closing these action items follow.
· Action Item 30-04 (Clarify roles of committees as advisory) – The PRIME contractor’s internal study found the decision-making process was ambiguous, with multiple steering committees, review meetings, and individuals either recommending, agreeing, providing input, or making decisions. Based on the responses to a TIGTA questionnaire (see Figure 3), project managers from both the IRS and the PRIME contractor believe communications have improved following the reorganization of the modernization governance structure.
Figure 3:
BSM Project Managers’ Responses to TIGTA Questionnaire Concerning the
Extent to Which Communications Have Improved
Figure 3 was
removed due to its size. To see Figure 3,
please go to the Adobe PDF version of the report on the TIGTA Public Web Page.
· Action Item 180-05 (Strengthen IRS program and project manager cadre) – The IRS Oversight Board recommended the management cadre be significantly strengthened by increasing the experience and capabilities of the BSM team. This would require a meaningful number of outside hires from organizations that have experience with large, complex programs. The IRS has hired a number of executives from outside the IRS to increase the management capability and skills available to the BSM program.
·
Action Item 90-17 (Establish a BSM
Acquisition Executive) – One of the external
studies recommended the IRS increase focus on performance-based
acquisitions. The executive the
IRS hired for modernization to complete this Action Item has Department of Defense level 3
equivalent certification in contracting and program management and has created
a plan aimed at addressing performance-based acquisitions.
In addition, other actions items, such as 180-15 (Reduce the number of projects being conducted at the same time), have been accomplished. We believe focusing on a smaller set of projects will lead to improvements in the BSM program and have recommended this action in the past.
Additional Work Is Required to Completely Address Six
Closed Business Systems Modernization Challenges Plan Action Items
In a program of the size and complexity of the BSM program, it is not unreasonable to expect that changes will take time to implement and additional actions will be needed to correct weaknesses. Of the 25 BSM Challenges Plan action items we reviewed, there are 6 we believe require more work to completely address internal and external study weaknesses. The remainder of this report will discuss these six action items.
Action Item 90-07 (Refine
change request process)
The IRS internal study recommended improving immature management processes. One of the processes singled out in the BSM Challenges Plan was the change request process. BSM Challenges Plan Action Item 90-07 was initiated for this purpose. In addition, some of the activities taken as a result of this Action Item respond to our previous recommendations.
The IRS has made
improvements in the areas of configuration and change management and has
initiated or planned an ambitious set of activities; however, it was difficult
to determine all the activities that needed to be accomplished or a time period
for the activities because an overall
action plan had not been prepared. For
example:
While the majority
of the corrective actions related to our prior recommendations have been
completed successfully,[20] we determined the revised Configuration
Management Directive did not establish executive-level responsibility for
addressing configuration management deficiencies. If executive-level responsibility were
assigned for addressing configuration management deficiencies, higher
visibility would be given to ensuring known configuration management problems
are corrected.
Without an overall plan that includes defined tasks, responsible individuals, and estimated completion dates, as required by sound management practices, there is a high risk significant tasks may not be completed. An overall action plan had not been created because the IRS was hiring an executive to oversee highly complex information system initiatives such as configuration management.
Management Actions:
During our audit, the IRS hired the ACIO, Enterprise Services, to
oversee the configuration management process.
During discussion of our concerns with the ACIO, Enterprise Services, we
were informed a unified work request process group was created to develop a
plan to unify change request and Request for Information Services
processing. The ACIO, Enterprise Services,
provided a charter for the group and a draft project management plan to guide
activities. In addition, the ACIO, Enterprise
Services, provided a draft set of objectives for the unified work request
process initiative:
The ACIO, Enterprise Services, indicated the configuration management work request recommendations should be completed in the summer of 2005 and many of the processes should be in place by early fall of 2005.
Action Item 30-07 (Identify key productivity and quality metrics
across the life cycle based on industry standards)
In February 2005, the ACIO, BSM, informed us the relationship between the IRS and the PRIME contractor was changing. Under the new operating model, the PRIME contractor will be a solutions provider and the BSMO will become the program integrator.
One BSM Challenges
Plan action item affected by the new operating model is Action Item 30-07. The PRIME contractor was initially responsible for this Action
Item, which involved developing and implementing project-level productivity and
quality metrics for modernization projects across the entire life cycle.
To close Action Item 30-07, the PRIME contractor prepared a plan
entitled PRIME Program Enterprise Life Cycle Key Productivity and Quality
Measures Roll Out Plan. Our review of
this Plan determined:
The Deputy ACIO, Business Integration,
informed us the recent change in the IRS/PRIME contractor operating model
caused the PRIME contractor to dissolve its Estimation and Maintenance Office,
which had created the PRIME contractor’s Plan.
The Deputy ACIO, Business Integration, also informed us she had begun an
initiative on program-level metrics, unrelated to Action Item 30-07. Based on our conversation, she also stated it
might be useful for her staff to refer to the PRIME contractor’s Plan while
developing and enhancing program-level metrics.
This research leads us to conclude study weaknesses were not fully
addressed by activities taken under Action Item 30-07.
Management Action: We communicated our concerns with Action Item
30-07 to the ACIO, BSM, on April 5, 2005.
The ACIO, BSM, responded by
stating over 300 measures had been identified as candidates for the MITS
organization performance scorecard. For
certain measures, standard contract language was being developed for use in
future contracts. In addition, the
ACIO, BSM, indicated the IRS first wants to ascertain what data are
already available to support useful metrics without specifically tasking
contractors. Once this is complete, the
IRS would determine what needs to change.
Action Item 180-09 (Implement enhanced subcontractor management
model)
Action Item 180-09 is also affected by the new IRS/PRIME contractor operating model. The PRIME contractor’s internal study identified improved subcontractor accountability and delivery as an issue. BSM Challenges Plan Action Item 180-09 was developed to resolve this issue.
The PRIME contractor provided a listing of improvement activities completed in response to this Action Item. For example, the PRIME contractor conducted subcontractor performance evaluations and required additional data from subcontractors. However, processes had not been established to ensure the activities were performed on a routine basis and did not involve trending of subcontractor performance. Therefore, we were not confident the improvement activities would be repeated; without trending, it would not be possible to determine whether subcontractor performance was improving.
Based
on the new operating model, the PRIME contractor activity for Action Item 180-09
was closed. Without a PRIME contractor program office in place, the BSMO will need to
ensure contractors are adequately overseeing their subcontractors. One way to achieve this is through the use of
inspection clauses, which can be incorporated into contracts to allow Federal
Government employees to inspect the
goods and services completed by subcontractors.
Management Action: On February 22, 2005, we communicated our concerns with Action Item 180-09 to the ACIO, BSM, who responded he was interested in our concerns and would discuss the issue with the Office of Procurement.
Other action items affected by the change in the
IRS/PRIME contractor operating model
The change in the IRS/PRIME contractor operating model also affected three additional BSM Challenges Plan action items. All three were closed based on the new operating model.
If improvement activities for these Action Items do not continue, it is possible study weaknesses will persist. Since the processes in the above three Action Items will remain important regardless of who the program integrator is, it would be prudent to determine how these actions are going to be managed with the BSMO as the new program integrator.
Recommendations
To ensure study weaknesses and previous recommendations concerning
change/configuration management are addressed, the ACIO, Enterprise Services,
should:
Recommendation 1: Create an overall plan that includes defined tasks, responsible individuals, and estimated completion dates for implementing one process for managing change requests and Requests for Information Services.
Management’s Response: The CIO agreed with this recommendation. To ensure study weaknesses and previous recommendations concerning change/configuration management are addressed, the IRS is creating a plan to implement one process for managing change requests and Requests for Information Services. The IRS expects to complete the plan by December 31, 2005, and implement a system by October 31, 2006.
Recommendation 2: Create an overall plan that includes defined tasks, responsible individuals, and estimated completion dates for implementing the standardized configuration management toolset.
Management’s Response: The CIO agreed with this recommendation. The IRS is hiring a contractor to assist in identifying a solution that integrates configuration management components on a MITS organization-wide scale, with a tool solution that supports the integrated process. The IRS expects to complete a plan to implement the configuration management toolset by April 2006.
Recommendation 3: Ensure corrective actions are completed by assigning executive-level responsibility for addressing configuration management deficiencies.
Management’s Response: The CIO agreed with this recommendation. The IRS has already assigned responsibility for addressing configuration management deficiencies. Significant issues identified during internal configuration audits will be assigned to the appropriate executive, and documentation issues identified during compliance assessment audits will be assigned to the appropriate project manager.
To ensure study weaknesses are addressed as
part of the new IRS/PRIME contractor operating model, the ACIO, BSM, should:
Recommendation 4: Assume
the responsibility for correcting the identified study weaknesses concerning
project metrics by:
a.
Identifying a group of standardized productivity
and quality metrics needed for all projects across the entire life cycle,
defining these metrics, ensuring the metrics are collected or
calculated, and using the metrics to consistently manage projects.
b. Considering the impact of project-level metrics on the effort by the Deputy ACIO, Business Integration, to develop program-level metrics. Identification of a standard set of project-level metrics could collectively become program-level metrics or provide needed details for analysis in trends at the program level.
Management’s Response: The CIO agreed with this recommendation. The IRS has initiated a phased approach to identifying, collecting, and using productivity and quality metrics. The IRS will continue to use existing metrics as it makes improvements in identifying, collecting, and using productivity and quality metrics. The IRS is currently working to develop cost and schedule variance metrics and will then focus on establishing a performance measurement framework, targeting business value metrics first.
Recommendation 5: Consider enforcement of the “inspection clause” on all new contracts and establish staffing to accomplish inspections.
Management’s Response: The CIO agreed with this recommendation. The IRS has completed actions to ensure contractors are held accountable for work items and commitments. For example, the IRS is performing code and documentation inspections, as well as conducting testing. In addition, the BSM Quality Assurance organization coordinates with subcontractor Quality Assurance organizations to ensure quality products are delivered.
Recommendation 6: Review additional action items closed due to the change in the IRS/PRIME contractor operating model to determine if any aspects of the closed action items should be addressed as part of the new BSM operating model.
Management’s Response: The CIO agreed with this recommendation. The IRS is currently implementing a formal risk elevation management process, which includes the use of risk coordinators on each project and regular project and executive risk reviews. The IRS has already implemented a process to define project roles and decision authorities. This process is part of the Enterprise Life Cycle and will apply to any contractor with whom the IRS works. Lastly, the IRS has implemented four processes to conduct life cycle reviews across all phases of the Enterprise Life Cycle.
Appendix I
Detailed Objective,
Scope, and Methodology
The overall objective of this review was to determine whether
the Internal Revenue Service (IRS) Business Systems Modernization (BSM) Challenges Plan actions have been or will be
effective in improving and strengthening the overall performance of the
modernization program by addressing study weaknesses.[24] NOTE:
At the beginning of our review, we chose to review 6 action items in depth
because the other 42 BSM Challenges Plan action items 1) had been merged into
other action items, 2) were the subject of other Treasury Inspector General for
Tax Administration audits, 3) had not progressed far enough to warrant a
review, or 4) were low-priority audit items.
To accomplish this
objective, we:
I. Determined if the BSM Acquisition Executive had a documented plan to address study weaknesses (Action Item 90-17, Establish a BSM Acquisition Executive).
II. Determined if new project managers (Director, Internal Management, and Director, Infrastructure Management) had a documented plan to address study weaknesses (Action Item 180-05, Strengthen IRS program and project manager cadre).
III. Determined if IRS and contractor project managers indicated the new governance structure had resulted in clearer or more consistent instructions (Action Item 30-04, Clarify roles of committees as advisory). NOTE: To answer this question, we submitted a questionnaire to five IRS and five contractor project managers for three of the six tax administration/internal management projects (Customer Account Data Engine [two releases], e-Services, and Integrated Financial System) and one of the two core infrastructure projects (Infrastructure Shared Services)[25] funded in the Fiscal Year 2004 expenditure plan.
IV. Determined if the activities being taken as part of BSM Challenges Plan Action Items 180-09 (Implement enhanced subcontractor management model), 90-07 (Refine change request process), and 30-07 (Identify key productivity and quality metrics[26] across the life cycle based on industry standards) effectively addressed the associated weaknesses identified in the recent studies.
V. Identified the results of previous audits concerning BSM Challenges Plan action items.
VI. Evaluated the status of action items as communicated by the IRS.
Appendix II
Major Contributors
to This Report
Margaret E. Begg,
Assistant Inspector General for Audit (Information Systems Programs)
Gary V. Hinkle,
Director
Troy D. Paterson,
Audit Manager
Paul M. Mitchell, Lead
Auditor
Tina Wong, Senior Auditor
Steven W. Gibson,
Auditor
Perrin T. Gleaton,
Auditor
Appendix III
Commissioner C
Office of the
Commissioner – Attn: Chief of Staff C
Deputy Commissioner for Operations Support OS
Associate Chief Information
Officer, Business Systems Modernization OS:CIO:B
Associate Chief Information
Officer,
Associate Chief Information
Officer, Information Technology Services
OS:CIO:I
Associate Chief Information
Officer, Management OS:CIO:M
Director, Stakeholder Management
OS:CIO:SM
Deputy Associate Chief Information
Officer, Business Integration OS:CIO:B:BI
Deputy Associate Chief
Information Officer, Program Management OS:CIO:B:PM
Deputy Associate Chief
Information Officer, Systems Integration
OS:CIO:B:SI
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of
Program Evaluation and Risk Analysis
RAS:O
Office of
Management Controls OS:CFO:AR:M
Audit Liaisons:
Associate Chief Information Officer, Business Systems Modernization OS:CIO:B
Manager, Program Oversight Office OS:CIO:SM:
Appendix IV
Independent Assessment
of the Business Systems Modernization Challenges Plan Status
To
obtain fresh and independent
assessments from outside experts on the health of the Business Systems
Modernization (BSM) program, the Internal Revenue Service (IRS) launched a comprehensive review
consisting of three studies and a BSM benchmarking analysis. In addition, the PRIME contractor[27] launched an internal study. The studies resulted in 21 recommendations
for improvement in the BSM program, 15 of which were similar to those made in Treasury
Inspector General for Tax Administration (TIGTA) reports issued over several
years.[28] Key
IRS executives and stakeholders reviewed the results of the four studies,
quickly acknowledged BSM shortcomings, and developed actions to address the
studies’ recommendations and resolve longstanding BSM issues. Collectively, these actions became known as
the BSM Challenges Plan.
Based on our analysis
of actions taken and the latest IRS BSM Challenges Plan status report (dated
June 6, 2005), we created the following categories to document our opinion on
the closing of each BSM Challenges Plan action item:
Details on our reasons for categorizing each BSM Challenges Plan action
item are shown in Figure 1.
Figure 1: TIGTA Opinion on the Status of BSM Challenges
Plan Action Items
|
# |
ACTION ITEM NUMBER
AND DESCRIPTION |
HISTORICAL TIGTA ASSESSMENT/CURRENT IRS
STATUS |
TIGTA CONCURRENCE WITH CLOSURE |
|
1 |
30-01 – Make business owner
and program director accountable for project success. |
Merged into Action Item 90-10 |
|
|
2 |
30-02 – Implement short
duration, discrete “Tiger Teams” in Customer Account Data Engine (CADE),
Integrated Financial System (IFS), and |
Previous TIGTA Assessment: Action Item
30-02 was extended to the Custodial Accounting Project. The BSM Office (BSMO)[30]
initiated three reviews led by Tiger Teams resulting in Corrective Action: The IRS closed this finding
by addressing the remaining relevant 22 Tiger Team recommendations. Joint Audit Management IRS Status: Closed – The Tiger Teams were
initiated to drive delivery of three systems.
All three systems were delivered and the Action Item was closed |
Agree – The projects, which used Tiger Teams, were
deployed. The IRS has completed
corrective actions to all relevant TIGTA recommendations. |
|
3 |
30-03 – Enforce rapid
escalation of issues. |
Previous PRIME Quality Management Office
Assessment: The PRIME contractor performed an audit and found
the risk escalation process within the Item Tracking Reporting and Control
(ITRAC)[33]
system had not been used properly and the PRIME Item Escalation procedure had
not been updated.[34] Corrective Action: No management response or
corrective action is shown in the PRIME contractor audit report. IRS Status: Closed – The PRIME contractor amended
the escalation process to correct this problem. This is one of five action items closed due
to the shift in program management and project integration responsibilities
from the PRIME contractor to the IRS in early 2005. The Action Item was closed January 27,
2005. |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is Required
to Completely Address Six Closed BSM Challenges Plan Action Items section
in this report for additional information on this Action Item. See also Recommendation 6 in this report. |
|
4 |
30-04 – Clarify roles of
committees as advisory. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The modernization governance
committees were renamed and the charters were rewritten. The Action Item was closed November 21,
2003. |
Agree –
Activities have been completed, yet it will take time to determine the effectiveness
of the Action Item. |
|
5 |
30-05 – Designate business
architects for all projects to support business insight required throughout
the project life. |
Merged into Action Item 90-10 |
|
|
6 |
30-06 – Align critical
engineering talent to most critical projects. |
Merged into Action Item 90-08 |
|
|
7 |
30-07 – Identify key
productivity and quality metrics across the life cycle based on industry
standards. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – This Action Item was closed
March 8, 2005, due to the shift in program management and project integration
responsibilities from the PRIME contractor to the IRS in early 2005. |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is
Required to Completely Address Six Closed BSM Challenges Plan Action Items
section in this report for additional information on this Action Item. See also Recommendation 4 in this report. |
|
8 |
30-08 – Ensure more
effective integration of IRS and PRIME/Subs test teams. |
Previous TIGTA Assessment: To expedite
testing of the IFS Release 1 project, the BSMO and the PRIME contractor
decided to combine the System Acceptability Testing (SAT)[35]
with the System Integration Testing (SIT)[36]
process, but we determined this new process had not been documented as a
separate Enterprise Life Cycle (ELC)[37]
process. We also determined
independent testing roles in the combined test process had not been
documented. Corrective Action: The IRS closed this finding
by obtaining final signatures and updating life cycle documentation. JAMES Corrective Action Completion Date: April 28,
2005. IRS Status: Closed – The combined |
Agree –
The IRS has completed corrective actions to all relevant TIGTA
recommendations. |
|
9 |
30-09 – Complete the
Acquisition Solutions Incorporated study to address IRS and PRIME contractor
issues. |
Merged into Action Item 180-08 |
|
|
10 |
30-10 – Identify “blockers”
on current contracting issues. |
Previous TIGTA Assessment: Contract
blockers referred to two task orders that needed to be signed. We determined these task orders had been
signed. IRS Status: Closed – Blockers were identified and
resolved. The Action Item was closed
November 10, 2003. |
Agree –
Activities have been completed for the Action Item. |
|
11 |
30-11 – Baseline the |
Previous TIGTA Assessment: CADE Release
1.1 was released within budget and on time based on rebaselined estimates.[38] IRS Status: Closed – The risk-adjusted schedule and
new baseline for CADE R1.0/1.1 was established and approved at the January 7,
2004, executive review meeting. The Action
Item was closed |
Agree –
Since CADE |
|
12 |
30-12 – Move acceptance
testing earlier in the life cycle. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – Moving the SAT earlier in the
life cycle has now been instituted in the CADE and all other projects. The Action Item was closed October 28,
2003. |
Unable To Determine – During our audit, audit work was being conducted
to review this Action Item. Since the
completion of our audit work, an FY 2006 TIGTA audit report[39]
has been issued regarding the Action Item. |
|
13 |
30-13 – Increase the
frequency of CADE program reviews to twice monthly with the business owner. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS reports meetings were
scheduled twice monthly for the PRIME contractor CADE project managers and
the IRS CADE team. CADE meetings
continue to take place twice monthly.
The Action Item was closed November 3, 2003. |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
14 |
30-14 – Formally assign
accountability to the CADE Business Owner and the CADE Project Director. |
Merged into Action Item 90-10 |
|
|
15 |
90-01 – Streamline the MITS
[Modernization and Information Technology Services] organization governance
process. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The modernization governance
committees were renamed and charters were rewritten. The Change Control Boards are functional
and the Associate Chief Information Officer (ACIO), Enterprise Services, is
on board. The Action Item was closed |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
16 |
90-02 (renumbered as |
Previous TIGTA Assessment: We
determined the BSMO initiated a plan to establish a Requirements Management Office
that would incorporate new exit criteria for Milestones 3, 4a, and 4b. However, this Office had yet to be
established.[40] Corrective Action: The IRS commenced a review
of all previous TIGTA reports for program-wide requirements management
issues. Also, the IRS indicated it may
adopt the applicable Carnegie Mellon Software Engineering Institute’s[41]
Capability Maturity Model Integration (CMMI)[42]
capabilities as part of establishing the new Requirements Management Office
and in developing more effective requirements development and management
processes. JAMES Corrective Action Completion Date: April 29,
2005. IRS Status: Closed – The IRS closed this Action Item March 8, 2005. |
Agree – We
determined activities have been completed, yet it will take time to determine
the effectiveness of the Action Item. |
|
17 |
90-03 – Develop criteria
for project decision making, including impacts and |
Merged with actions taken under Action Items 180-11 |
|
|
18 |
90-04 – Align senior
transformation experts into the four operating divisions, the Chief Financial
Officer, and the MITS organization. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS developed a Concept
of Operations document for the operating divisions and the MITS organization. The IRS closed this Action Item March 8,
2005. |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
19 |
90-05 – Make the diagnostic
tools (dashboard) work. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS reports it added measures to the dashboard, which is
used to monitor performance for all project releases in development. The IRS closed this Action Item March 8,
2005. |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
20 |
90-06 – Establish ongoing
third-party reviews. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS closed this Action Item March 8, 2005. |
Agree – We
are aware the MITRE Corporation[43]
will review the BSM program annually and the Software Engineering Institute
will review the CADE in 2005.
Therefore, it will take time to determine the effectiveness of the Action
Item. |
|
21 |
90-07 – Refine change
request process. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – All planned actions for this
issue are complete; it has been officially handed off to the ACIO, Enterprise
Services, to build out a process. The Action
Item was closed March 8, 2005. |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is
Required to Completely Address Six Closed BSM Challenges Plan Action Items
section in this report for additional information on this Action Item. See also Recommendations |
|
22 |
90-08 – Strengthen the IRS’
system engineering capability through external hiring or leverage of
additional MITRE/Northrop Grumman Mission Services capabilities. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS reports 9 out of 10 positions in the Modernization
Program Engineering organization have been filled. The IRS closed this Action Item June 6,
2005. |
Unable To Determine – The IRS reports the Action Item involves ongoing
activities. In addition, the TIGTA has
not scheduled an audit of the Action Item and does not have enough
information or background knowledge to be able to express an opinion. |
|
23 |
90-09 – Determine
appropriate skills/sizing and “right-size” contracting organization in the
IRS and the Computer Sciences Corporation. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The Office of Modernization Acquisition continues hiring to fill
52 positions; the IRS closed this Action Item January 27, 2005. |
Unable To Determine – The IRS reports the Action Item involves ongoing
activities. In addition, the TIGTA has
not scheduled an audit of the Action Item and does not have enough
information or background knowledge to be able to express an opinion. |
|
24 |
90-10 – Assign business
owners and architects to validate business unit participation and accountability
in projects. |
Previous TIGTA Assessment: We determined
the Business Requirements Director (previously called the Business Architect)
for the CADE project had not yet been located/hired.[44] Corrective Action: While recruiting efforts
continue, MITRE Corporation employees and members from the Enterprise
Architecture team are providing CADE project engineering and architecture
support. JAMES Corrective Action Completion Date: Open. IRS Status: Closed – Roles and responsibilities of key positions in the new
governance and management structure were clarified and incorporated into
oversight committee charters and approved by the MITS Enterprise Governance
committee. The Action Item was closed |
Agree –
The IRS is in the process of completing corrective actions to all relevant
TIGTA recommendations. |
|
25 |
90-11 – Consistently
conduct technical integration reviews for each project and enterprise wide
(performance, interface/integration). |
Merged into Action Item 180-06 |
|
|
26 |
90-12 (renumbered as |
Previous TIGTA Assessment: We determined the actions planned by the
PRIME contractor to close this Action Item did not include steps to ensure
projects strictly follow the ELC.[45] Management Actions: The ACIO, Modernization
Management,[46] met
with and interviewed a number of individuals in the IRS business units, the
TIGTA, and the Government Accountability Office. The ACIO also reviewed the four studies. As a result, the ACIO determined what he
believed to be the key barriers to success in the BSM program and created a
plan to address these barriers. IRS Status: Closed – The IRS reports the PRIME contractor developed life cycle
tailoring guidance[47]
between August and |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is
Required to Completely Address Six Closed BSM Challenges Plan Action Items
section in this report for additional information on this Action Item. See also Recommendation 6. |
|
27 |
90-13 – Increase
understanding by development team of what they are building. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS developed a video tape
and held “boot camps” for |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
28 |
90-14 – Clearly define
business requirements and tightly manage them to control scope |
Previous TIGTA Assessment: We determined
the BSMO initiated a plan to establish a Requirements Management Office that
would incorporate new exit criteria for Milestones 3, 4a, and 4b. However, this Office had yet to be
established.[48] Corrective Action: The IRS commenced a review
of all previous TIGTA reports for program-wide requirements management
issues. Also, the IRS indicated it may
adopt the applicable Carnegie Mellon Software Engineering Institute’s CMMI
capabilities as part of establishing the new Requirements Management Office and
in developing more effective requirements development and management
processes. JAMES Corrective Action Completion Date: April 29,
2005. IRS Status: Closed – The IRS reported the
Requirements Management Office “stood up”[49]
and the Milestone 3, 4a, and 4b exit criteria were updated and
validated. The Action Item was closed
March 8, 2005. |
Agree –
The IRS has completed corrective actions to all relevant TIGTA
recommendations. |
|
29 |
90-15 – Implement firm fixed-price
(FFP) policy for Milestones 4 and 5. |
Previous TIGTA Assessment: We
determined FFP contracting had not been used to the fullest extent possible
due to Corrective Action: To further balance risk
between the IRS and the modernization contractors, the Chief Information
Officer (CIO) stated the IRS has issued FFP contracting guidance. In addition, the IRS will continue to
consider FFP contracting, address stabilizing requirements, and explore
options to balance risk when the use of FFP contracting is not appropriate. Office of Audit Comment: While the
CIO agreed with our recommendations, we were concerned the stated corrective
actions had not corrected the issues or had not yet been implemented. JAMES Corrective Action Completion Dates: April 30,
2004 and May 1, 2004. IRS Status: Closed – The IRS closed this Action Item April 28, 2005. |
Agree –
While we have determined FFP contracting has not been used to the fullest
extent possible and made recommendations to further increase the use of FFP
contracting, we also determined the use of FFP task orders within the BSM
program has increased since FY 2001.
Therefore, we conclude the Action Item effectively corrected
weaknesses found in the studies. |
|
30 |
90-16 – Revise current
contract with the PRIME contractor to align with new roles between the IRS
and the PRIME contractor. |
Merged into Action Item 180-08 |
|
|
31 |
90-17 – Establish a BSM
Acquisition Executive. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS hired a BSM Acquisition Executive. The Action Item was closed January 21,
2004. |
Agree –
Activities have been completed, yet it will take time to determine the
effectiveness of the Action Item. |
|
32 |
90-18 – Establish
independent architecture and engineering team of IRS and contractor Business
Architects and Systems Engineers. |
Previous TIGTA Assessment: We determined
the absence of a dedicated CADE system architect contributed to the inability
of the IRS and the PRIME contractor to communicate effectively to refine and
validate the CADE requirements. We
also determined the Business Requirements Director (previously called the
Business Architect) for the CADE project had not yet been located/hired.[51] Corrective Action: While recruiting efforts
continue, MITRE Corporation employees and members from the Enterprise
Architecture team are providing CADE project engineering and architecture
support. JAMES Corrective Action Completion Date: Open. IRS Status: Closed – The CADE Joint Engineering Team was established, and the Action
Item was closed January 15, 2004. |
Agree –
The IRS is in the process of completing corrective actions to all relevant
TIGTA recommendations. |
|
33 |
90-19 (renumbered as |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – A plan and work breakdown schedule for the effort have been completed in
partnership with the PRIME contractor.
Analysis work is to be completed by July 2005, and the final report is
scheduled to be issued in August 2005.
The Action Item was closed June 5, 2005. |
Unable To Determine – During our audit, audit work was being conducted
to review this Action Item. Since the
completion of our audit work, an FY 2006 TIGTA audit report[52]
has been issued regarding the Action Item. |
|
34 |
180-01 – Raise tax
administration understanding across the PRIME contractor alliance through tax
administration “boot camps.” |
Merged into Action Item 90-13 |
|
|
35 |
180-02 – Co-locate
resources (both senior program managers and project personnel). |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The Office of Procurement is in
the process of moving to the New Carrollton, Maryland, Federal Building. Other co-locations were considered and
deemed not feasible. The Action Item
was closed March 8, 2005. |
Unable To Determine – The IRS reports the Action Item involves ongoing
activities. In addition, the TIGTA has
not scheduled an audit of the Action Item and does not have enough
information or background knowledge to be able to express an opinion. |
|
36 |
180-03 – Integrate
management processes across the program. |
Previous TIGTA Assessment: We
determined the integrator role is not clearly defined in the BSM program. Clearly defining the integrator for
non-PRIME contractor projects and documenting the related responsibilities
and processes will be necessary to assure the successful integration of
projects developed by multiple contractors.[53] Corrective Action: Steps are underway to
restructure the MITS organization to include this new role. The ACIO, Enterprise Services, will
ultimately manage highly complex information system initiatives such as
configuration management[54]
and systems engineering. In the near
term, the ACIO, BSM, will continue to implement and integrate improvements
across the BSM program. IRS Status: Closed – A process is now fully
operational in support of |
Agree –
The IRS reports it has instituted a method for reviewing and improving |
|
37 |
180-04 – “Right-size”
contracting organizations in IRS and PRIME Contracting. |
Merged into Action Item 90-09 |
|
|
38 |
180-05 – Strengthen IRS
program and project manager cadre. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – Four key, critical-pay project
manager slots were filled. The Action
Item was closed January 27, 2005. |
Agree –
Activities have been completed, yet it will take time to determine the
effectiveness of the Action Item. |
|
39 |
180-06 – Conduct key
technical reviews throughout the ELC; baseline approved and placed under
configuration management. |
Previous TIGTA Assessment: We
determined key CMMI requirements development and management guidelines
relating to configuration management and technical reviews had not been
planned into the new Requirements Management Office’s responsibilities.[55] Corrective Action: The IRS commenced a review
of all previous TIGTA reports for program-wide requirements management
issues. Also, the IRS indicated it may
adopt the applicable CMMI capabilities as part of establishing the new
Requirements Management Office. JAMES Corrective Action Completion Date: April 29,
2005. IRS Status: Closed – The revised ELC framework is
now available, and documentation has been approved. The Action Item was closed June 6, 2005. |
Agree – The
IRS has completed corrective actions to all relevant TIGTA recommendations. |
|
40 |
180-07 – Strengthen
development environment by expanding capacity, conducting greater automating
testing, and separating Infrastructure Development. |
Previous TIGTA Assessment: We
determined the activities scheduled to close this Action Item included no
activities for automating testing or separating the infrastructure
environment.[56] Management Actions: The ACIO, Modernization
Management, met with and interviewed a number of individuals in the IRS
business units, the TIGTA, and the Government Accountability Office. The ACIO also reviewed the four studies. As a result, the ACIO determined what he
believed to be the key barriers to success in the BSM program and created a
plan to address these barriers. The
ACIO established detailed, highest priority initiatives to deal with these
root cause problems. IRS Status: Closed – An action plan has been
completed. The Development,
Integration, and Test Environment (DITE)[57]
lab is now operational. The Action
Item was closed June 1, 2004. |
Agree –
While we determined the activities scheduled to close this Action Item did
not include activities for automating testing or separating the
infrastructure environment, the ACIO, BSM, completed corrective actions to
our prior report by creating highest priority initiatives to deal with key
barriers to success in the BSM program. |
|
41 |
180-08 – Implement accepted
recommendations from the Acquisition Solutions Incorporated study. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS management team considered
Acquisition Solutions Incorporated study recommendations and found the
recommendations were either addressed as part of other initiatives (completed
or in progress) or were no longer applicable.
The IRS closed this Action Item June 6, 2005. |
Unable To Determine – The IRS reports the Action Item involves ongoing
activities. In addition, the TIGTA has
not scheduled an audit of the Action Item and does not have enough
information or background knowledge to be able to express an opinion. |
|
42 |
180-09 – Implement enhanced
subcontractor management model. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The PRIME contractor began
actions to improve the subcontractor management model. This is one of five Action Items closed due
to the shift in program management and project integration responsibilities
from the PRIME contractor to the IRS in early 2005. The Action Item was closed March 8, 2005. |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is
Required to Completely Address Six Closed BSM Challenges Plan Action Items
section in this report for additional information on this Action Item. See also Recommendation 5 in this report. |
|
43 |
180-10 – Operationalize
business rules management process. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – The IRS has deemed business rules management as a highest priority
initiative for the next 6 months where it will define the scope, acquire a business
rules repository, and conduct a rules engine utilization technical
analysis. The Action Item was closed
March 8, 2005. |
Unable To Determine – During our audit, audit work was being conducted
to review this Action Item. Since the
completion of our audit work, an FY 2006 TIGTA audit report[58]
has been issued regarding the Action Item. |
|
44 |
180-11 – Clarify roles
between the IRS and the PRIME contractor. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – Some of the Bain and Company
recommendations were addressed. This
is one of five action items closed due to the shift in program management and
project integration responsibilities from the PRIME contractor to the IRS in
early 2005. The
Action Item was closed March 8, 2005. |
More Work Needed – Activities conducted as part of the BSM Challenges Plan have not
completely addressed study weaknesses.
See the Additional Work Is
Required to Completely Address Six Closed BSM Challenges Plan Action Items
section in this report for additional information on this Action Item. See also Recommendation 6 in this report. |
|
45 |
180-12 – Fill gaps in the
Enterprise Architecture business and technology architecture (Concept of
Operations, Vision and Strategy, critical |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – Enterprise Architecture
version 2.4 was approved by the MITS Enterprise Governance committee. Two updates were published to the Enterprise
Architecture, and a significant amount of material was collected for a third
update. A process for updating the Enterprise
Architecture on a regular basis has been established. The Action Item was closed November 1, 2004. |
Unable To Determine – The TIGTA has not scheduled an audit of the Action
Item and does not have enough information or background knowledge to be able
to express an opinion. |
|
46 |
180-13 – Focus on |
Previous
TIGTA Assessment: We recommended the CIO determine whether
and how the BSMO will fulfill the BSM program integrator role and document
the related responsibilities and processes.
In addition, we recommended procedures be developed and updated for
the Office of Release Management.[59] Corrective Action: Steps are underway to
restructure the MITS organization to include this new role. Further, the CIO will develop, complete, or
update guidance for managing the activities in the Office of Release
Management. JAMES Corrective Action Completion Date: Open. IRS Status: Closed – The IRS completed the transition of release architecture
data. Training of IRS division
personnel was completed. The
Enterprise Transition Strategy was released in final on |
Agree –
The IRS is in the process of completing corrective actions to all relevant
TIGTA recommendations. |
|
47 |
180-14 – Rationalize the
oversight of the BSM program by streamlining process and eliminating
duplications. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status: Closed – Stakeholder management is now
centralized under a senior manager who reports directly to the CIO. All outstanding TIGTA corrective actions
have been reviewed and prioritized. MITS
organization management now meets regularly with external oversight
functions. The Action Item was closed
April 28, 2005. |
Agree –
While the TIGTA has not audited this Action Item, TIGTA officials met with MITS
Stakeholder Management officials to discuss the scope of TIGTA BSM audits and
agreed on oversight roles and responsibilities for the IRS and the external
oversight functions.[60] Therefore, the Action Item effectively
corrected weaknesses found in the studies. |
|
48 |
180-15 – Reduce the number of projects being conducted at the same
time. |
Previous TIGTA Assessment: No previous
TIGTA assessment has been made. IRS Status:
Closed – Some projects were canceled and others were put on
hold. The IRS has built a Resource
Capacity Management model to more efficiently use current resources in
projects and to assess skill deficiencies and consider further cutbacks in
projects, if necessary. The Action
Item was closed |
Agree – Following prior TIGTA assessments of the BSM
program, significant decreases in the BSM budget, and continuing problems
with key modernization processes, the IRS scaled back FY 2004 BSM
operations. Therefore, the Action Item
effectively corrected weaknesses found in the studies. |
Source:
BSM Challenges Plan, previous TIGTA audit reports, the JAMES, and TIGTA
analysis of the Current Status of BSM Challenges Plan dated June 6, 2005.
Appendix V
Enterprise Life
Cycle Overview
The
Enterprise Life Cycle (ELC) defines the processes, products, techniques, roles,
responsibilities, policies, procedures, and standards associated with planning,
executing, and managing business change.
It includes redesign of business processes; transformation of the
organization; and development, integration, deployment, and maintenance of the
related information technology applications and infrastructure. Its immediate focus is the Internal Revenue
Service (IRS) Business Systems Modernization (BSM) program. Both the IRS and the PRIME contractor[61] must follow the ELC in
developing/acquiring business solutions for modernization projects.
The
ELC framework is a flexible and adaptable structure within which one plans,
executes, and integrates business change.
The ELC process layer was created principally from the Computer Sciences
Corporation’s Catalyst®
methodology.[62] It is intended to improve the acquisition,
use, and management of information technology within the IRS; facilitate
management of large-scale business change; and enhance the methods of decision
making and information sharing. Other
components and extensions were added as needed to meet the specific needs of
the IRS BSM program.
ELC Processes
A
process is an ordered, interdependent set of activities established to
accomplish a specific purpose. Processes
help to define what work needs to be performed.
The ELC
methodology includes two major groups of processes:
·
Life-Cycle
Processes,
which are organized into phases and subphases and which address all domains of
business change.
·
Management Processes, which are organized into
management areas and which operate across the entire life cycle.
The chart was removed due to its
size. To see the chart, please go to the
Adobe PDF version of the report on the TIGTA Public Web Page.
The life-cycle
processes of the ELC are divided into six phases, as described below:
·
Vision and Strategy - This phase establishes the
overall direction and priorities for business change for the enterprise. It also identifies and prioritizes the
business or system areas for further analysis.
·
Architecture - This phase establishes the
concept/vision, requirements, and design for a particular business area or
target system. It also defines the
releases for the business area or system.
·
Development - This phase includes the
analysis, design, acquisition, modification, construction, and testing of the
components of a business solution. This
phase also includes routine planned maintenance of applications.
·
Integration - This phase includes the
integration, testing, piloting, and acceptance of a release. In this phase, the integration team brings
together individual work packages of solution components developed or acquired
separately during the Development phase.
Application and technical infrastructure components are tested to
determine whether they interact properly.
If appropriate, the team conducts a pilot to ensure all elements of the business solution work
together.
·
Deployment - This phase includes
preparation of a release for deployment and actual deployment of the release to
the deployment sites. During this phase,
the deployment team puts the solution release into operation at target sites.
·
Operations and Support - This phase addresses the
ongoing operations and support of the system.
It begins after the business processes and system(s) have been installed
and have begun performing business functions.
It encompasses all of the operations and support processes necessary to
deliver the services associated with managing all or part of a computing
environment.
The Operations and Support phase includes the scheduled activities, such as planned maintenance, systems backup, and production output, as well as the nonscheduled activities, such as problem resolution and service request delivery, including emergency unplanned maintenance of applications. It also includes the support processes required to keep the system up and running at the contractually specified level.
Besides the life-cycle processes, the ELC also
addresses the various management areas at the process level. The management areas include:
·
IRS Governance and
Investment Decision Management - This area is responsible
for managing the overall direction of the IRS, determining where to invest, and
managing the investments over time.
·
Program Management and
Project Management - This area is responsible for organizing, planning,
directing, and controlling the activities within the program and its
subordinate projects to achieve the objectives of the program and deliver the
expected business results.
·
Architectural
Engineering/Development Coordination - This area is responsible
for managing the technical aspects of coordination across projects and
disciplines, such as managing interfaces, controlling architectural changes,
ensuring architectural compliance, maintaining standards, and resolving issues.
· Management Support Processes - This area includes common management processes, such as quality management and configuration management that operate across multiple levels of management.
The ELC establishes a set of repeatable processes and a system of milestones, checkpoints, and reviews that reduce the risks of systems development, accelerate the delivery of business solutions, and ensure alignment with the overall business strategy. The ELC defines a series of milestones in the life-cycle processes. Milestones provide for “go/no-go” decision points in the project and are sometimes associated with funding approval to proceed. They occur at natural breaks in the process where there is new information regarding costs, benefits, and risks and where executive authority is necessary for next phase expenditures.
There are five milestones during the project life cycle:
·
Milestone 1 - Business
Vision and Case for Action.
In the activities leading up
to Milestone 1, executive leadership identifies the direction and priorities
for IRS business change. These guide
which business areas and systems development projects are funded for further
analysis. The primary decision at
Milestone 1 is to select BSM projects based on both the enterprise-level Vision
and Strategy and the Enterprise Architecture.
·
Milestone 2 - Business Systems Concept and Preliminary Business Case. The activities leading up to Milestone 2
establish the project concept, including requirements and design elements, as a
solution for a specific business area or business system. A preliminary business case is also produced. The primary decision at Milestone 2 is to
approve the solution/system concept and associated plans for a modernization
initiative and to authorize funding for that solution.
·
Milestone 3 - Business Systems Design and Baseline Business Case.
In the activities leading
up to Milestone 3, the major components of the business solution are analyzed
and designed. A baseline business case
is also produced. The primary decision
at Milestone 3 is to accept the logical system design and associated plans and
to authorize funding for development, test, and (if chosen) pilot of that
solution.
·
Milestone 4 - Business Systems Development and
·
Milestone 5 - Business Systems Deployment and Postdeployment Evaluation. In the activities leading up to Milestone 5,
the business solution is fully deployed, including delivery of training on use
and maintenance. The primary decision at
Milestone 5 is to authorize the release of performance-based compensation based
on actual, measured performance of the business system.
Appendix VI
Business
Systems Modernization Project Descriptions
The following is a list of Business Systems Modernization projects.
Custodial Accounting Project (CAP) – The CAP will be a single, integrated data repository of taxpayer account information, integrated with the general ledger[63] and accessible for management analysis and reporting. The first release of the CAP will extract taxpayer account data from the Individual Master File (IMF) for the Taxpayer Account Subledger.[64]
Customer Account Data Engine (CADE) – The CADE is the foundation for managing taxpayer accounts in the IRS modernization plan. It will consist of databases and related applications that will replace the IRS’ existing Master File processing systems and will include applications for daily posting, settlement, maintenance, refund processing, and issue detection for taxpayer tax account and return data.
Development,
Integration, and Testing Environments (DITE) –
The DITE is a consolidated administrative and oversight function for three
related Business Systems Modernization infrastructure support environments: the Solutions Development Laboratory, Virtual
Development Environment, and Enterprise Integration and Test Environment.
e-Services – The e-Services project provides a set of web-based business products as incentives to third parties to increase electronic filing, in addition to providing electronic customer account management capabilities to all businesses, individuals, and other customers.
Infrastructure Shared Services (ISS) – The ISS program’s goal is to deliver a
fully integrated shared information technology infrastructure to include
hardware, software, shared applications, data, telecommunications, security,
and an enterprise approach to systems and operations management.
Integrated Financial System (IFS) – The IFS is intended to address administrative financial
management weaknesses. The first release
of the IFS will include the Accounts Payable, Accounts Receivable,
General Ledger, Budget Execution, Cost Management, and Financial Reporting
activities. A future
IFS release will be needed to fully resolve all administrative financial
management weaknesses.
Solutions
Development Laboratory (SDL) – The
SDL provides an environment that permits the rapid installation and
configuration of proposed or potential systems solutions and provides
the flexibility to scale and respond to multiple, concurrent projects.
Virtual Development Environment (VDE) – The VDE provides a software development environment enabling geographically distributed projects and developers access to standardized tools, information, and services.
Appendix VII
Management’s Response to the Draft Report
The response was
removed due to its size. To see the
response, please go to the Adobe PDF version of the report on the TIGTA Public
Web Page.
[1] The PRIME contractor is the Computer Sciences Corporation, which heads an alliance of leading technology companies brought together to assist with the IRS’ efforts to modernize its computer systems and related information technology.
[2] The BSM Challenges Plan originally consisted of 46 action items. The IRS added two action items based on the results of an IRS Oversight Board report: Independent Analysis of IRS Business Systems Modernization, dated December 2003. The IRS later merged 10 action items, resulting in 38 action items being actively worked by the IRS.
[3] Project metrics, such as total number of requirements added, changed, or deleted, help measure the progress of a project during development.
[4] Configuration management is a discipline that applies technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a piece of hardware or software, control changes to those characteristics and their related documentation, record and report change processing and implementation status, and verify compliance with specified requirements.
[5] Configuration management deficiencies refer to issues identified during internal configuration management audits.
[6] Inspection clauses can be incorporated into contracts to allow Federal Government employees to inspect the goods and services completed by subcontractors.
[7] The PRIME contractor heads an alliance of leading technology companies brought together to assist with the IRS’ efforts to modernize its computer systems and related information technology.
[8] The BSM Challenges Plan originally consisted of 46 action items. The IRS added two action items based on the results of an IRS Oversight Board report: Independent Analysis of IRS Business Systems Modernization, dated December 2003.
[9] The Internal Revenue Service Should Ensure the Root Causes of Business Systems Modernization Performance Problems Are Successfully Addressed (Reference Number 2005-20-014, dated December 2004).
[10] Project metrics, such as total number of requirements added, changed, or deleted, help measure the progress of a project during development.
[11] A change request is the medium for requesting approval to change a baselined product or other controlled item.
[12] See Appendix IV for a detailed explanation supporting our conclusions.
[13] The Request for Information Services process provides a common framework to document, control, monitor, and track requests to the Modernization and Information Technology Services (MITS) organization for changes to IRS computer systems and for support.
[14] Configuration management is a discipline that applies technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a piece of hardware or software, control changes to those characteristics and their related documentation, record and report change processing and implementation status, and verify compliance with specified requirements.
[15] The Enterprise Architecture defines the IRS’ future
business objectives, processes, requirements, products and services to be
offered, and basic computer hardware and software that will be used to provide
these services.
[16] Additional Actions Are Needed to Establish and Maintain Controls Over Computer Hardware and Software Changes (Reference Number 2004-20-026, dated December 2003).
[17] The Configuration Management Directive establishes authority and responsibility for the performance of configuration management activities throughout the MITS organization.
[18] Configuration management deficiencies refer to issues identified during internal configuration management audits.
[19] Additional Actions Are Needed to Establish and Maintain Controls Over Computer Hardware and Software Changes (Reference Number 2004-20-026, dated December 2003).
[20] The IRS significantly modified the Configuration Management Directive in September 2004 to include mandates to raise the level of responsibility for configuration management, improve the governance structure, and institutionalize configuration management processes throughout the MITS organization. The Configuration Management Directive requires MITS organization-wide implementation, as well as coordination with the BSMO, of all Information Technology Services organization-initiated changes. In line with the Directive, the charters for the Configuration Control Boards for the MITS organization, the Information Technology Services organization, and the BSMO were updated in December 2004, and the Authority Level and Threshold Criteria Directive was updated to conform to the current governance structure. In addition, the ACIO, Enterprise Services, recently assumed responsibility for several MITS organization processes, including MITS organization-wide configuration management process improvements.
[21] See Appendix V for a description of Enterprise Life Cycle milestones.
[22] A defect is a perceived problem found in software, documents, hardware, or other controlled products. Defect processing is the process of documenting the defect, tracking the defect and its corrective action, and reporting the status of each defect.
[23]
The integrated master schedule provides a schedule
for project development and integration of all BSM projects.
[24] In mid-2003, the IRS and the PRIME contractor (hired by the IRS as the integrator for the BSM program) initiated four studies to help identify the root causes of the problems hindering the BSM effort and make recommendations to remedy the problems identified. Key IRS executives and stakeholders reviewed the results of the four studies and created actions to address the study recommendations. These actions collectively became known as the BSM Challenges Plan.
[25] We did not send a questionnaire to the other three tax administration/internal management projects because the PRIME contractor was not the lead contractor for those projects. We did not send a questionnaire to the second infrastructure project because this project was a consolidated administrative and oversight function for three related infrastructure support environments. See Appendix VI for a list of BSM projects and descriptions.
[26] Project metrics, such as total number of requirements added, changed, or deleted, help measure the progress of a project during development.
[27] The IRS hired the Computer Sciences Corporation as the PRIME contractor and integrator for the BSM program. The PRIME contractor heads an alliance of leading technology companies brought together to assist with the IRS’ efforts to modernize its computer systems and related information technology.
[28] Annual Assessment of the Business Systems Modernization Program (Reference Number 2004-20-107, dated June 2004).
[29] See Appendix VI for a list of BSM projects and descriptions.
[30] The IRS created the BSMO to guide and oversee the work of the PRIME contractor.
[31] System
Requirements Were Not Adequately Managed During the Testing of the Custodial
Accounting Project
(Reference
Number 2005-20-019, dated December 2004).
[32] The JAMES is a Department of the Treasury database that monitors and tracks the progress of internal control issues and material weaknesses within the Department.
[33] The BSM Risk Management Plan requires that all modernization organizations use the ITRAC database to record and update the status of risks and issues.
[34] In-Progress Assessment Plan/Report: Assess the utilization and effectiveness of the PRIME Item Escalation procedure (dated September 2004).
[35] The SAT independently assesses the quality of a system and the system’s readiness for implementation.
[36] The SIT ensures all system components (hardware and software) are working correctly and collectively with other related or dependent systems.
[37] See Appendix V for an overview of the ELC.
[38] Annual Assessment of the Business Systems Modernization Program (Reference Number 2005-20-102, dated August 2005).
[39] Instilling More Discipline to Business Rules Management Will Help the Modernization Program Succeed (Draft Report issued October 2005).
[40] The
Modernization Program Is Establishing a Requirements Management Office to
Address Requirements Development and Management Problems (Reference Number 2005-20-023, dated January
2005).
[41] The
Software Engineering Institute is a Federally Funded Research and
[42] The CMMI model provides guidance for an organization to use when developing its processes. These models help an organization appraise its capability, establish priorities for improvement, and implement these improvements.
[43] The MITRE Corporation (MITRE) is under contract to
assist the IRS with the systems modernization.
[44] To Ensure the Customer Account Data Engine’s Success, Prescribed Management Practices Need to Be Followed (Reference Number 2005-20-005, dated November 2004).
[45] The Internal Revenue Service Should Ensure the Root Causes of Business Systems Modernization Performance Problems Are Successfully Addressed (Reference Number 2005-20-014, dated December 2004).
[46] In the fall of 2004, the ACIO, Modernization Management, became the new ACIO, BSM.
[47] Tailoring guidance describes how to navigate and adapt the ELC methodology to fit specific projects.
[48] The
Modernization Program Is Establishing a Requirements Management Office to
Address Requirements Development and Management Problems (Reference Number 2005-20-023, dated January
2005).
[49] The stand-up process is defined as the establishment of a new organization with at least the minimum requirements for operation.
[50] While Many Improvements Have Been Made, Continued Focus Is Needed to Improve Contract Negotiations and Fully Realize the Potential of Performance-Based Contracting (Reference Number 2005-20-083, dated May 2005).
[51] To Ensure the Customer Account Data Engine’s Success, Prescribed Management Practices Need to Be Followed (Reference Number 2005-20-005, dated November 2004).
[52] Instilling More Discipline to Business Rules
Management Will Help the Modernization Program Succeed
(Draft Report issued October 2005).
[53] The
Office of Release Management Can Improve Controls for Modernization Program
Coordination
(Reference
Number 2004-20-157, dated September 2004) and The Modernization Program Is Establishing a Requirements Management
Office to Address Requirements Development and Management Problems (Reference
Number 2005-20-023, dated January 2005).
[54] Configuration management is a discipline that applies technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a piece of hardware or software, control changes to those characteristics and their related documentation, record and report change processing and implementation status, and verify compliance with specified requirements.
[55] The Modernization Program Is Establishing a Requirements Management Office to Address Requirements Development and Management Problems (Reference Number 2005-20-023, dated January 2005).
[56] The Internal Revenue Service Should Ensure the Root Causes of Business Systems Modernization Performance Problems Are Successfully Addressed (Reference Number 2005-20-014, dated December 2004).
[57] The DITE is a consolidated development and testing function for three related BSM infrastructure support environments: the Solutions Development Laboratory, Virtual Development Environment, and Enterprise Integration and Test Environment.
[58] Instilling More Discipline to Business Rules Management Will Help the Modernization Program Succeed (Draft Report issued October 2005).
[59] The Office of Release Management Can Improve Controls for Modernization Program Coordination (Reference Number 2004-20-157, dated September 2004).
[60] The results of this meeting are documented in Program Oversight, dated January 13, 2005.
[61] To facilitate success of its modernization efforts, the IRS hired the Computer Sciences Corporation as the PRIME contractor and integrator for the BSM program and created the Business Systems Modernization Office to guide and oversee the work of the PRIME contractor.
[62] The IRS has acquired a perpetual license to Catalyst® as part of the PRIME contract, subject to certain restrictions. The license includes rights to all enhancements made to Catalyst® by the Computer Sciences Corporation during the contract period.
[63] A general ledger is a set of accounts used to summarize an organization’s financial transactions by transaction type (e.g., cash receipts, accounts receivable, or rental expenses).
[64] The IMF is the Internal Revenue Service database that maintains transactions or records of individual tax accounts. The Taxpayer Account Subledger will be an integrated data repository of taxpayer account information containing detailed taxpayer account history and unpaid assessment information.