2.173.1 IT Governance Policy

Manual Transmittal

November 05, 2019

Purpose

(1) This transmits new IRM 2.173.1, IT Program Governance, IT Governance Policy

Material Changes

(1) This is a new IRM.

Effect on Other Documents

This new IRM incorporates Interim Guidance IT-02-0319-0008, Reissued Interim Guidance for Internal Revenue Manual (IRM) 2.173 Information Technology (IT) Governance Standards.

Audience

IRS employees and contractors who support or are members of IT governance boards.

Effective Date

(11-05-2019)


Chief Information Officer

Program Scope and Objectives

  1. This document provides Information Technology (IT) governance policy and procedures. It provides the purpose, scope, authority and mandates for IT governance policy.

Background

  1. The Enterprise Governance Authority and Operations Directive issued November 25, 2008 provided guidance for IT governance boards. This IRM replaces the 2008 Directive and incorporates Interim Guidance IT-02-0319-0008, Reissued Interim Guidance for Internal Revenue Manual (IRM) 2.173 Information Technology (IT) Governance Standards.

Purpose
  1. The purpose of IT governance policy is to establish the authority, responsibility, processes and procedures for IT governance. IT governance provides a framework for accountability, transparency and decision-making around the IRS IT investment portfolio.

Scope
  1. This policy applies to all IRS IT governance boards, employees and contractors who participate in or support IT governance.

Authority

  1. Investment and Portfolio Governance (IPG) is responsible for developing, implementing and maintaining this IRM. Approval of this IRM including updates rests with Investment and Portfolio Control and Oversight (IPCO). Proposed changes to this IRM must be submitted to IPG. Please share your comments and suggestions to improve this IRM with us via an email to *IT Program Governance Office.

Mandate

  1. Authority for this IRM includes:

    • House of Representatives 1232 - Federal Information Technology Acquisition Reform Act (FITARA)

    • Assignment of Information Technology/Information Resources Management Responsibilities memorandum dated 01/26/2018

    • Applicable OMB and Treasury circulars, directives and memorandums

Responsibilities

  1. A governance board is a chartered body responsible for conducting governance as set out in its governance board charter. Executive Steering Committees, Governance Boards and Advisory Boards are different types of IT governance boards. A governance board’s name, type and responsibilities are identified in its charter. IT governance board charters are located on the IPG SharePoint site accessed here.

  2. IT governance is hierarchical with Executive Steering Committees (ESCs) as the top level of governance. ESCs are supported by governance boards. See the table below for an overview of responsibilities:

    Governance Board Type Responsibilities
    Executive Steering Committee (ESC)
    • Oversee portfolio’s risk and performance.

    • Resolve escalated risks

    • Recommend annual IT portfolio to the Senior Executive Team (SET)

    • Sponsor governance boards as needed

    • Delegate some governance decisions down to a governance board as appropriate

    Governance Board (GB)
    • Recommend annual IT portfolio to the ESC

    • Oversee portfolio’s risk and performance

    • Escalate unresolved risks

    • Make governance decisions as delegated by the ESC

  3. IT governance provides a framework for accountability, transparency and decision-making around the IRS IT investment portfolio. The table below identifies key IT governance board stakeholders and their responsibilities:

    Stakeholder Responsibilities
    Chairs and Co-Chairs Provide leadership and direction to the Board. Set, manage and conduct board meetings. Delegate as appropriate.
    Vice-Chairs Assist and support the Chair in performing their duties and responsibilities.
    Voting Members Provide oversight and make key decisions ensuring business requirements are met within agreed upon time frames and costs. Provide input to meeting agendas. Discuss, evaluate and vote on action items.
    Advisory Members Provide technical, organizational, business or other expertise to support informed discussions on risks and issues. Provide input to meeting agendas.
    Project Managers Report to the board on project status, cost, schedule, scope and risks. Responsible for project implementation and execution.
    Leads ESC and GB Leads support and promote good governance by supporting IT governance boards and board meetings. Responsible for portfolio knowledge, risk and issue awareness, and supporting agenda management.

Terms and Definitions

  1. IT governance provides a framework for decision-making in the IT investment portfolio, project management and other IT operational areas. IT governance identifies the decisions, rights and accountability necessary to track and achieve desired results with IT investments.

  2. IT governance includes monitoring, advising, recommending and making decisions on diverse topics such as:

    Term Definition
    IT Project An IT project is an effort to deliver a product, service or result. It has a defined beginning and end. IT projects are funded from a specific investment with a Unique Investment Identifier (UII) which determines ESC alignment. Projects are assigned to a GB based on functionality and organizational alignment and are responsible for regular performance reporting.
    IT Portfolio An IT portfolio is a collection of IT projects. IT portfolios are assigned to an ESC based on the type of investment. For example, the Infrastructure ESC maintains the portfolio of IT infrastructure projects and investments.
    Performance Reviews Performance reviews are reviews conducted to ensure an IT portfolio and its projects are on target to be delivered as forecast. Boards conduct quarterly performance reviews to monitor projects and portfolio performance, ensuring timely and at cost delivery.
    Milestones to Enter and Exit Milestones are used to mark project start and end dates. It can include:
    • Design phase

    • Deployment phase

    • Operations and maintenance

    Boards review and approve project milestones.
    Key Performance Indicator (KPI) KPIs are indicators used to monitor the health of IT projects. The indicators are used to create a KPI scorecard which allows reviewers to determine the health of a project at a glance. Boards use the KPIs to conduct project health assessments.
    Health Assessment (HA) Health assessments are a process used to determine the health of a project. Boards conduct health assessments of IT projects using KPIs.
    Risk Escalation Risk escalation is a process for reporting and escalating risk. Projects trending yellow and red are escalated for attention from the project manager to a governance board and if not mitigated, to an ESC.

Acronyms

  1. Below is a list of IT governance acronyms:

    Acronyms Description
    ACIO Associate Chief Information Officer
    CIO Chief Information Officer
    DD Data dashboard
    ESC Executive Steering Committee
    FITARA Federal Information Technology Acquisition Reform Act
    GB Governance Board
    GIG Governance Information Group
    GDG Governance Desk Guide
    HA Health Assessment
    I ESC Infrastructure Executive Steering Committee
    ITE ESC IT Enterprise Executive Steering Committee
    IPG Investment and Portfolio Governance
    KPI Key Performance Indicator
    MER Milestone Exit Review
    MMD Meeting Minute Decisions
    OPPM Oracle Primavera Portfolio Management
    PM Project Manager
    SD ESC Strategic Development Executive Steering Committee
    SET Senior Executive Team
    SO ESC Sustaining Operations Executive Steering Committee
    UII Unique Investment Identifiers

Resources

  1. The Investment and Portfolio Governance (IPG) team supports IT governance with resources on the IPG website including:

    Tool Description
    IT Governance Desk Guide Contains processes, tools and templates to support IT governance including:
    • Governance board meeting and agenda management

    • Governance board portfolio changes

    • Meeting minutes and decision documents

    • Governance presentations

    • Governance project shutdown

    • Virtual votes

    IT Governance FAQs Shows the current IT Governance framework, roles and responsibilities, decisions boards make, policy, stakeholders and more. It includes links to governance policy, procedures, tools and resources.
    IT Governance Charter Guide Contains the processes, tools and templates to create and maintain governance boards and their charters including:
    • Readiness to Govern Checklist

    • Templates for ESCs and GBs

    • Charter review and approval tracker

    IT Governance Framework A visual representation of IT governance showing the relationships between Executive Steering Committees and the governance boards that report up to them.
  2. IPG offers bimonthly Governance Information Group (GIG) meetings. Upcoming meetings and topics are posted on the IPG website.

  3. The IRS Knowledge Management site has a Governance web page with an overview of IRS governance, a list of IRS governance boards and governance resources. While informative, this site is not necessary for conducting IT governance.