Summary: The Internal Revenue Service's (IRS) Business Systems Modernization (BSM) program is a multi-billion dollar, high-risk, highly complex effort that involves the development and delivery of a number of modernized systems that are intended to replace the agency's aging business and tax processing systems. As required, IRS submitted its fiscal year 2011 expenditure plan in May 2011 to the House and Senate appropriations committees, requesting approximately $352 million from the BSM account. In response to a mandate, GAO's objectives in reviewing the expenditure plan were to (1) determine whether it satisfies the applicable statutory conditions, (2) determine IRS's progress in implementing prior expenditure plan review recommendations, and (3) provide additional observations about the plan and the BSM program. To accomplish the objectives, GAO analyzed the plan, reviewed related documentation, and interviewed IRS officials.
IRS's expenditure plan satisfies each of the six applicable statutory conditions, which include meeting the Office of Management and Budget's (OMB) capital planning and investment control review requirements, and complying with federal systems acquisition requirements and management practices (as encompassed by the Software Engineering Institute's Capability Maturity Model Integration). IRS has addressed four of GAO's five outstanding recommendations from prior expenditure plan reviews. For example, IRS has developed high-level plans for the second phase of its Customer Account Data Engine (CADE) 2 program, IRS's new effort to replace its legacy systems for storing, managing, and accessing individual taxpayer accounts. However, steps remain to fully implement the recommendation to ensure that expenditure plans include a quantitative measure of progress in meeting project scope expectations. IRS expects to include this metric in its fiscal year 2012 expenditure plan. GAO has the following four observations about the expenditure plan and the BSM program: (1) GAO's analysis of reported project costs and completion dates shows that 11 of the 12 project milestones planned for completion between January 2010 and May 2011 were completed early, under budget, or within 10 percent of cost and schedule estimates, and 1 milestone was completed on schedule but significantly over cost. Specifically, a milestone for the Modernized e-File project was completed more than 70 percent over estimated costs. According to IRS, several factors contributed to the overrun, including the need to implement unplanned requirements for disaster recovery. (2) For fiscal year 2011 IRS requested about $174 million, or about 49 percent of the total BSM request for level of effort (LOE) work--that is, tasks of a general or supportive nature, such as program management, which do not result in clear products. According to best practices, if more than 15 percent of a program's budget is classified as LOE, this amount should be scrutinized. One factor contributing to the large percentage is that IRS's definition of LOE differs from the commonly accepted definition in that it includes some work that results in clear products. By categorizing such tasks as LOE in the expenditure plan, IRS is presenting an inaccurate picture of the work it is performing and the manner in which it is being managed, and providing Congress with less insight into its performance in implementing the BSM program. (3) CADE 2 risk management and preliminary cost estimating processes are generally consistent with best practices; however, IRS will be challenged in completing one of the two key projects for the first phase by January 2012, as planned. According to IRS officials, IRS is still on track for delivering this project by January 2012 as planned. However, the agency is considering phasing its implementation to reduce the impact on filing season operations. (4) Due, in part, to the fact that IRS has not yet fully implemented key components of its comprehensive information security program, IRS continues to have information security weaknesses. Although not all these weaknesses pertain to BSM specifically, IRS's information security program encompasses all agency systems, and therefore the program weaknesses affect the modernization environment. GAO's recommendations include reclassifying activities with discrete work and accordingly reporting on associated performance data in future expenditure plans, and consistent with best practices, scrutinizing any remaining LOE work exceeding 15 percent of the program's budget. In comments on a draft of this report, IRS noted disagreement over certain aspects of GAO's views on LOE work but stated that it will collaborate with GAO to ensure that this work is clearly expressed in the expenditure plan.
