2.173.1 IT Governance Policy 2.173.1.1 Program Scope and Objectives 2.173.1.1.1 Background 2.173.1.1.1.1 Purpose 2.173.1.1.1.2 Scope 2.173.1.2 Authority 2.173.1.3 Mandate 2.173.1.4 Responsibilities 2.173.1.5 Terms and Definitions 2.173.1.6 Acronyms 2.173.1.7 Resources Part 2. Information Technology Chapter 173. IT Program Governance Section 1. IT Governance Policy 2.173.1 IT Governance Policy Manual Transmittal November 05, 2019 Purpose (1) This transmits new IRM 2.173.1, IT Program Governance, IT Governance Policy Material Changes (1) This is a new IRM. Effect on Other Documents This new IRM incorporates Interim Guidance IT-02-0319-0008, Reissued Interim Guidance for Internal Revenue Manual (IRM) 2.173 Information Technology (IT) Governance Standards. Audience IRS employees and contractors who support or are members of IT governance boards. Effective Date (11-05-2019) Chief Information Officer 2.173.1.1 (11-05-2019) Program Scope and Objectives This document provides Information Technology (IT) governance policy and procedures. It provides the purpose, scope, authority and mandates for IT governance policy. 2.173.1.1.1 (11-05-2019) Background The Enterprise Governance Authority and Operations Directive issued November 25, 2008 provided guidance for IT governance boards. This IRM replaces the 2008 Directive and incorporates Interim Guidance IT-02-0319-0008, Reissued Interim Guidance for Internal Revenue Manual (IRM) 2.173 Information Technology (IT) Governance Standards. 2.173.1.1.1.1 (11-05-2019) Purpose The purpose of IT governance policy is to establish the authority, responsibility, processes and procedures for IT governance. IT governance provides a framework for accountability, transparency and decision-making around the IRS IT investment portfolio. 2.173.1.1.1.2 (11-05-2019) Scope This policy applies to all IRS IT governance boards, employees and contractors who participate in or support IT governance. 2.173.1.2 (11-05-2019) Authority Investment and Portfolio Governance (IPG) is responsible for developing, implementing and maintaining this IRM. Approval of this IRM including updates rests with Investment and Portfolio Control and Oversight (IPCO). Proposed changes to this IRM must be submitted to IPG. Please share your comments and suggestions to improve this IRM with us via an email to *IT Program Governance Office. 2.173.1.3 (11-05-2019) Mandate Authority for this IRM includes: House of Representatives 1232 - Federal Information Technology Acquisition Reform Act (FITARA) Assignment of Information Technology/Information Resources Management Responsibilities memorandum dated 01/26/2018 Applicable OMB and Treasury circulars, directives and memorandums 2.173.1.4 (11-05-2019) Responsibilities A governance board is a chartered body responsible for conducting governance as set out in its governance board charter. Executive Steering Committees, Governance Boards and Advisory Boards are different types of IT governance boards. A governance board’s name, type and responsibilities are identified in its charter. IT governance board charters are located on the IPG SharePoint site accessed here. IT governance is hierarchical with Executive Steering Committees (ESCs) as the top level of governance. ESCs are supported by governance boards. See the table below for an overview of responsibilities: Governance Board Type Responsibilities Executive Steering Committee (ESC) Oversee portfolio’s risk and performance. Resolve escalated risks Recommend annual IT portfolio to the Senior Executive Team (SET) Sponsor governance boards as needed Delegate some governance decisions down to a governance board as appropriate Governance Board (GB) Recommend annual IT portfolio to the ESC Oversee portfolio’s risk and performance Escalate unresolved risks Make governance decisions as delegated by the ESC IT governance provides a framework for accountability, transparency and decision-making around the IRS IT investment portfolio. The table below identifies key IT governance board stakeholders and their responsibilities: Stakeholder Responsibilities Chairs and Co-Chairs Provide leadership and direction to the Board. Set, manage and conduct board meetings. Delegate as appropriate. Vice-Chairs Assist and support the Chair in performing their duties and responsibilities. Voting Members Provide oversight and make key decisions ensuring business requirements are met within agreed upon time frames and costs. Provide input to meeting agendas. Discuss, evaluate and vote on action items. Advisory Members Provide technical, organizational, business or other expertise to support informed discussions on risks and issues. Provide input to meeting agendas. Project Managers Report to the board on project status, cost, schedule, scope and risks. Responsible for project implementation and execution. Leads ESC and GB Leads support and promote good governance by supporting IT governance boards and board meetings. Responsible for portfolio knowledge, risk and issue awareness, and supporting agenda management. 2.173.1.5 (11-05-2019) Terms and Definitions IT governance provides a framework for decision-making in the IT investment portfolio, project management and other IT operational areas. IT governance identifies the decisions, rights and accountability necessary to track and achieve desired results with IT investments. IT governance includes monitoring, advising, recommending and making decisions on diverse topics such as: Term Definition IT Project An IT project is an effort to deliver a product, service or result. It has a defined beginning and end. IT projects are funded from a specific investment with a Unique Investment Identifier (UII) which determines ESC alignment. Projects are assigned to a GB based on functionality and organizational alignment and are responsible for regular performance reporting. IT Portfolio An IT portfolio is a collection of IT projects. IT portfolios are assigned to an ESC based on the type of investment. For example, the Infrastructure ESC maintains the portfolio of IT infrastructure projects and investments. Performance Reviews Performance reviews are reviews conducted to ensure an IT portfolio and its projects are on target to be delivered as forecast. Boards conduct quarterly performance reviews to monitor projects and portfolio performance, ensuring timely and at cost delivery. Milestones to Enter and Exit Milestones are used to mark project start and end dates. It can include: Design phase Deployment phase Operations and maintenance Boards review and approve project milestones. Key Performance Indicator (KPI) KPIs are indicators used to monitor the health of IT projects. The indicators are used to create a KPI scorecard which allows reviewers to determine the health of a project at a glance. Boards use the KPIs to conduct project health assessments. Health Assessment (HA) Health assessments are a process used to determine the health of a project. Boards conduct health assessments of IT projects using KPIs. Risk Escalation Risk escalation is a process for reporting and escalating risk. Projects trending yellow and red are escalated for attention from the project manager to a governance board and if not mitigated, to an ESC. 2.173.1.6 (11-05-2019) Acronyms Below is a list of IT governance acronyms: Acronyms Description ACIO Associate Chief Information Officer CIO Chief Information Officer DD Data dashboard ESC Executive Steering Committee FITARA Federal Information Technology Acquisition Reform Act GB Governance Board GIG Governance Information Group GDG Governance Desk Guide HA Health Assessment I ESC Infrastructure Executive Steering Committee ITE ESC IT Enterprise Executive Steering Committee IPG Investment and Portfolio Governance KPI Key Performance Indicator MER Milestone Exit Review MMD Meeting Minute Decisions OPPM Oracle Primavera Portfolio Management PM Project Manager SD ESC Strategic Development Executive Steering Committee SET Senior Executive Team SO ESC Sustaining Operations Executive Steering Committee UII Unique Investment Identifiers 2.173.1.7 (11-05-2019) Resources The Investment and Portfolio Governance (IPG) team supports IT governance with resources on the IPG website including: Tool Description IT Governance Desk Guide Contains processes, tools and templates to support IT governance including: Governance board meeting and agenda management Governance board portfolio changes Meeting minutes and decision documents Governance presentations Governance project shutdown Virtual votes IT Governance FAQs Shows the current IT Governance framework, roles and responsibilities, decisions boards make, policy, stakeholders and more. It includes links to governance policy, procedures, tools and resources. IT Governance Charter Guide Contains the processes, tools and templates to create and maintain governance boards and their charters including: Readiness to Govern Checklist Templates for ESCs and GBs Charter review and approval tracker IT Governance Framework A visual representation of IT governance showing the relationships between Executive Steering Committees and the governance boards that report up to them. IPG offers bimonthly Governance Information Group (GIG) meetings. Upcoming meetings and topics are posted on the IPG website. The IRS Knowledge Management site has a Governance web page with an overview of IRS governance, a list of IRS governance boards and governance resources. While informative, this site is not necessary for conducting IT governance. More Internal Revenue Manual
