2.149.1 Asset Management Policy

Manual Transmittal

September 23, 2015

Purpose

(1) This transmits new Internal Revenue Service (IRS) Asset Management (AM) Policy.

Material Changes

(1) These policies define the Asset Management process and apply to all areas managing information technology assets.

Effect on Other Documents

Approval of this Asset Management Policy replaces IRM 2.14.1, Asset Management, Information Technology (IT) Asset Management.

Audience

The Asset Management Policy is applicable to all employees enterprise-wide responsible for managing IT equipment, including Asset Management’s stakeholders, customers, asset owners, contractors, and vendors.

Effective Date

(09-23-2015)

Terence V. Milholland
Chief Technology Officer

Directive

  1. Information Technology (IT) Asset Management Policy

Administration

  1. User & Network Services (UNS) is responsible for the development, implementation and maintenance of this directive. Approval of this directive, including updates, rests with the Associate Chief Information Officer (ACIO) for UNS. All proposed changes to this directive must be submitted to the Service Asset & Configuration Management (SACM) organization in UNS.

Purpose

  1. This policy establishes authority and responsibility for the performance of IT asset management throughout the IRS. It also establishes policies and procedures for management and control of hardware and software assets throughout their lifecycle.

Scope

  1. Asset Management (AM) is the process responsible for tracking and reporting the value and ownership of financial assets throughout their lifecycle. Asset Management is part of an overall Service Asset and Configuration Management Process. An IT asset is property or equipment that is part of the IT infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or is awaiting disposal. All IRS organizations (including contractors) developing, maintaining, and controlling IT assets shall adhere to the mandates of this policy and all associated AM procedures. For additional information, refer to the Asset Management User Guides on the IT Process Asset Library: IT PAL.

Mandates

  1. All AM activities shall be planned, managed, implemented, and controlled in accordance with all applicable laws, regulations, IRS policies, processes, and procedures. Throughout the lifecycle of hardware and software assets, the following policies apply:

    • The Chief Technology Officer (CTO) is the official responsible for ownership, management, and control of IT property. Organizations other than IRS IT are not authorized to purchase, acquire, manage, move or maintain IT property. IRS IT is also responsible for the accounting and recording of IT property in the inventory system.

    • The CTO or other delegated executive shall ensure that necessary budget, labor, tools, and appropriate training are available to implement asset management policies and procedures.

    • This process supports the integrity of the data by ensuring accurate and complete asset records are maintained.

    • Reports shall contain complete, reliable, consistent, and timely financial information regarding IT assets.

    • Asset data shall be documented using approved procedures.

    • The IT asset records are periodically audited with the results reported to the applicable business and system stakeholders.

    • The personnel designated or assigned to perform asset management activities shall be trained in the standards, process, and procedures for performing these activities.

    • The collection of metrics is used to determine the status of asset management activities and effectiveness to support increasing capability maturation.

    • The asset management process shall ensure economic and efficient purchase, lease, maintenance, operation, and use of IT property.

    • The disposal of hardware assets shall include transfer of excess or surplus computer equipment to qualifying schools and educational non-profits as a high priority.

    • The IRS complies with audit requests from the Treasury Inspector General for Tax Administration’s (TIGTA) Office of Audit and resolves audit findings.

    • The IRS adheres to Government Accountability Office (GAO) policies and procedures.

    • Federal agencies are required to employ tracking systems, such as specialized fully automated applications depending on the needs of the organization, for software protected by quantity licenses to control copying and distribution and to help ensure that software is used in accordance with licensing agreements.

    • Bureaus are required periodically scan their networks to detect and remove any unauthorized or unlicensed software.

    • Federal agencies are required to develop software license management policies and procedures. Federal agencies are also required to prepare inventories of software present on computers to help to ensure that software is used in compliance with copyright laws.

    • Federal agencies are required to take inventory of their information technology assets and ensure they are not paying for unused or under utilized installed software.

Authority and Reference Documents

  1. The following lists the regulatory documents that validate the Asset Management Policy:

    • Public Law 89-306, Automated Data Processing Equipment

    • Office of Management and Budget (OMB) Circular A-123, Management’s Responsibility for Internal Controls

    • Treasury Department Publication 32-01, Accounting Principles and Standards OMB Circular A-127, Financial Management Systems

    • Public Law 101-576, Chief Financial Officers Act of 1990

    • Executive Order 12999, Educational Technology: Ensuring Opportunity for All Children in the Next Century

    • Public Law 104-106, Clinger-Cohen Act of 1996, formerly Information Technology Reform Act of 1996

    • IRM 1.2.11.1.5, Servicewide Policies and Authorities, Policy Statements for Information Technology Activities - Policy Statement 2-93 (formerly P-1-229)

    • Delegation Order 1-41 Delegation Order MITS-2-1-1, Authority to Approve IT Resources

    • Policies and Procedures Memorandum No. 46.5, Evidentiary Documentation in Support of Receipt and Acceptance

    • IRM 10.8.1, IT Security, Policy and Guidance

    • IRM 1.14.4, Personal Property Management, Facilities Management and Security Services

    • IRM 1.35.6, Administrative Accounting, Property and Equipment Accounting

    • Memorandum, dated September 5, 2008 and signed by the ACIO for UNS regarding Asset Inventory Requirements for Timely Updating of Inventory Records

    • Memorandum, dated September 8, 2008 and signed by the ACIO for UNS regarding Route All Hardware/Software WebIPS Requisitions through UNS Asset Management Program Office

    • IRM 2.21.1.3.11, Requisition Processing for IT Acquisition Products and Services, Introduction to Requisition Processing for Information Technology (IT), End User Equipment and Services - Additional Technical Reviews - Non Specific Tier related

    • National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (Aug. 2009)

    • Treasury Directive Publication 85-01, Treasury IT Security Program (Nov. 3, 2006)

    • Executive Order, Department of the Treasury Directive 85-02, Software Piracy Policy (May 4, 2010)

    • IRM 10.8.2, IT Security Roles and Responsibilities (Apr. 29, 2011)

    • Executive Order 13103 (Sep. 30, 1998), Computer Software Piracy

    • Executive Order 13589, Promoting Efficient Spending (Nov. 09, 2011)

    • Asset Management - Enterprise-wide Software User Guide

    • Asset Management - UNS Software User Guide

    • Asset Management - Hardware User Guide

    • IRM 2.127, Software Testing Standards and Procedures

    • General Services Administration Bulletin Federal Management Regulation (FMR) B - 34, Disposal of Federal Electronic Assets

    • Memorandum, dated July 26, 2011 and signed by CTO for IRS Computer Room and Ownership and Management which assigns ownership of all Computer Rooms to Enterprise Operations