Summary: The Internal Revenue Service's (IRS) Business Systems Modernization (BSM) program is a multi-billion dollar, high risk, highly complex effort that involves the development and delivery of a number of modernized systems that are intended to replace the agency's aging business and tax processing systems. As required, IRS submitted its fiscal year 2010 expenditure plan in November 2009 to the House and Senate appropriations committees, requesting approximately $254 million from the BSM account. GAO's objectives in reviewing the expenditure plan were to (1) determine whether it satisfies the applicable legislative conditions, (2) determine IRS's progress in implementing prior expenditure plan review recommendations, and (3) provide additional observations about the plan and the BSM program. To accomplish the objectives, GAO analyzed the plan, reviewed related documentation, and interviewed IRS officials.
IRS's expenditure plan satisfies five of the six legislative conditions, and partially satisfies the condition to comply with acquisition rules, requirements, guidelines, and systems acquisition management practices used by the federal government. IRS has initiated an effort to improve its software acquisition and development practices, but does not expect to have changes in place until November 2010, at the earliest. IRS has addressed two of GAO's prior recommendations to improve its management capabilities and controls. Specifically, IRS has completed a plan with specific time frames for implementing the initiatives supporting its information technology human capital strategy and has defined procedures for determining when to grant conditional milestone exits. However, work remains in order to fully implement GAO recommendations to develop long-term plans for completing the BSM and developing a quantitative measure of scope. GAO made the following observations about the expenditure plan and the BSM program: (1) GAO's analysis of reported project costs and completion dates shows that 6 of the 10 project milestones planned for fiscal year 2009 were completed early or within 10 percent of cost and schedule estimates and 3 milestones were completed on schedule but were more than 10 percent over planned cost. IRS did not include underlying causes for these cost variances in its expenditure plan. Further, GAO was not able to determine cost and schedule variances for a milestone of the Modernized e-File--the system intended to provide a single standard for filing electronic tax returns--because IRS had not identified planned cost and schedule information for it in the fiscal year 2009 expenditure plan. IRS also did not report completing this milestone in its expenditure plan, and Congress therefore was not provided with information on the system's progress. (2) IRS began development of a new strategy for managing individual taxpayer accounts to address several challenges confronting the Customer Account Data Engine, which was intended to replace the antiquated Individual Master File containing the repository of individual taxpayer information. While much has been done to define the strategy's transition states--or key phases--IRS has not identified time frames for completing key planning activities for fiscal year 2010 for the second transition state. (3) IRS has identified several risks associated with defining and implementing the new strategy (e.g., the ability to deliver capabilities could be jeopardized if the scope is not rigorously managed) and has classified these risks into five categories. IRS reported that it has developed mitigation strategies for the risks that it has identified. (4) Information security weaknesses continue to affect IRS's modernization environment. As GAO recently reported, IRS continues to have weaknesses in its information security controls. Additionally, while IRS reported that it had corrected about 40 percent of previously reported weaknesses, GAO found that it had not fully implemented the remedial actions it had reported for at least a third of those that it considered corrected.
