2.173.2 IT Governance Procedures

Manual Transmittal

January 28, 2022

Purpose

(1) This transmits revised IRM 2.173.2, IT Governance, IT Governance Procedures

Material Changes

(1) See the table below for material changes.

IRM Changes
2.173.2 Plain Language updates, hyperlink updates, minor edits and clarity improvements throughout.
2.173.2.2.1, Starting an IT Governance Board Updated Table to include Advisory Boards.
2.173.2.2.3, Meeting Minutes Updated to include a hyperlink to a new meeting minutes template.
2.173.2.2.4, Annual Self-Assessment Included a new Step Table for the Annual Governance Board Self-Assessment process.
2.173.2.2.5, Annual Charter Review New section regarding the annual charter review.
2.173.2.2.6, Enterprise Health Assessment Updated to remove content and provide a link to the Enterprise Health Assessment IRM.
2.173.2.2.7, Decommissioning a Governance Board New section on decommissioning a governance board once they’re no longer needed.

Effect on Other Documents

IRM 2.173.2 dated October 4, 2019 is superseded.

Audience

IRS employees and contractors who support or are members of IT governance boards.

Effective Date

(01-28-2022)


Nancy Sieger
Chief Information Officer

Program Scope and Objective

  1. This IRM section provides policy and procedures to support, promote and execute effective IT governance.

Background

  1. This IRM incorporated Interim Guidance IT-02-0319-0008, Reissued Interim Guidance for Internal Revenue Manual (IRM) 2.173 Information Technology (IT) Governance Standards.

Process Description
  1. This IRM contains the procedures for starting an IT governance board, board meeting frequency, meeting minutes and decisions, the annual self-assessment process and the health assessment process.

Goal
  1. The goal is to enable IT governance to provide effective oversight and decision-making.

Objective
  1. The objective of IT governance is to support the achievement of the IRS mission and strategic goals.

Authority

  1. Authority for this IRM includes:

    • House of Representatives 1232 - Federal Information Technology Acquisition Reform Act (FITARA)

    • Assignment of Information Technology/Information Resources Management Responsibilities memorandum dated 01/26/2018

    • Applicable OMB and Treasury circulars, directives and memorandums

  2. Investment and Portfolio Governance (IPG) is responsible for developing, implementing and maintaining this IRM. Proposed changes to this IRM must be submitted to IPG. Please share comments and suggestions to improve this IRM with us via an email to *IT Program Governance Office.

IT Governance Procedures

  1. This document provides IT governance policy and procedures to support, promote and execute effective IT governance.

Starting an IT Governance Board (GB)

  1. Before starting a new board, you must first attempt to align your new program, project or initiative with an existing IT governance board (GB) and Executive Steering Committee (ESC) in the IT Governance Framework. The Investment & Portfolio Office will assist you in finding the best fit.

  2. If you’re considering a new Dedicated GB, the Starting a Dedicated GB worksheet will help you determine if a new GB is appropriate.

  3. If a new board is appropriate, you need an executive sponsor and stakeholder approval to start this process. The Readiness to Govern Checksheet guides you through the process of standing up a new board.

  4. Sponsoring executives must identify a new board’s support staff.

  5. IT GBs must have a charter. A GB charter documents a board’s roles and responsibilities . Charters are essential for good governance and required for all IT GBs and ESCs.

  6. Before drafting a charter for a new GB, determine the type of board needed:

    Board Type Description
    Executive Steering Committee (ESC) ESCs are top-level governance boards sponsored by the Deputy Commissioners and chaired by IRS senior leadership. ESCs sponsor GBs and receive reports from them. ESCs may make key IT Governance decisions or delegate them down to a GB or Advisory Board.
    Governance Board (GB) GBs are sponsored by and report to an ESC. There are two kinds of governance boards:
    • Organizational: Portfolio is worked and managed in the sponsoring organization (e.g., Enterprise Operations or Applications Development)

    • Dedicated: Portfolio is funded from one or more investments overseen by the subject GB (e.g., Web Applications) or projects specific to an IRS function (e.g., Financial Services)

    Advisory Board (AB) ABs are sponsored by and report to a GB or ESC. They:
    • Support their GB or ESC by providing Subject Matter Expertise

    • May make governance decisions as delegated by the ESC

  7. The IT Governance Charter Guide provides a charter template for each type of governance board listed above, along with tools to walk you through the process of drafting and seeking approval for your charter.

  8. Chairs are responsible for proposing GB membership, responsibilities and authority in the charter to approving executives.

  9. Determine the frequency and schedule of meetings for your new GB.

  10. Share your draft charter with Investment & Portfolio Governance (IPG) team for input and feedback. Prepare an Action Routing Sheet to request executive signature and approval of your charter. The table below describes the approving executive for each type of governance board.

    If the Board Type is... the Approving Executive is...
    ESC IRS Deputy Commissioners
    Organizational GB Chief Information Officer
    Dedicated GB Executive Steering Committee

  11. ESCs provide oversight to their subordinate GBs. ESCs review and approve subordinate GB charters and may assign objectives, responsibilities and decisions to them as well.

Meeting Frequency

  1. Governance boards are responsible for establishing and maintaining a meeting schedule that supports effective governance and oversight.

  2. A board must be decommissioned if it no longer meets. Complete the decommission template and email a copy to *IT Program Governance Office when shutting down a governance board.

Meeting Minutes

  1. Governance boards are responsible for:

    • Tracking action items in the Item Tracking Reporting and Control (ITRAC) database

    • Documenting meeting minutes using the Meeting Minutes (MM) Template

    • Routing and sharing the MM with the presenters, chairs and voting members for review, comment and approval. The streamlined MM distribution and approval process is found in the IT Governance Desk Guide, page 9.

    • After two years, archive MMs and other governance artifacts in the Document Management for IT Projects (DocIt)

Annual Self-Assessment

  1. GB Leads are responsible for completing and returning an annual self-assessment survey of their board’s operations.

    Step Actions
    1 IPG emails the self-assessment survey to all GB Leads.
    2 GB Lead completes and returns the survey to IPG by the deadline given.
    3 IPG uses the survey to:
    • Collect and respond to GB feedback

    • Improve IT governance tools and templates

    • Identify training needs

    • Provide a report on the current state of IT Governance

  2. If you identify gaps in your GBs operations while completing the survey, determine how to close those gaps:

    • IPG can assist with IT Governance training and resources.

    • Some gaps must be raised to GB leadership to resolve. For example, if you determine the GB needs to expand voting membership based on your portfolio, that’s an issue to raise to the Chair(s).

Annual Charter Review

  1. Governance Leads are responsible for reviewing their charters annually to see if they need updating. An update is appropriate when there are substantial changes in board roles and responsibilities.

  2. Use the:

    • ESC Charter Addendum template for ESC Charter updates, or the

    • GB Charter Addendum template for GB Charter updates

  3. Chairs may request, approve and sign a charter addendum.

  4. Sometimes changes are so extensive you need to draft a new charter. The process to review and approve the new charter is the same as the process used to secure approval of the original charter.

Enterprise Health Assessment

  1. The IRS identifies, assesses, manages and monitors risk through risk management. Governance provides a forum for identifying, assessing, escalating and mitigating IT project risks.

  2. Governance Boards are required to follow the Enterprise Health Assessment process found in IRM 2.173.2, Enterprise Control Authority and Operations.

Decommissioning a Governance Board

  1. When a GB or ESC fulfills its mission and is no longer needed, follow the steps below to decommission the board.

    Step Action
    1 Obtain approval to decommission the board
    2 Transition projects in the GB or ESC portfolio to another GB or ESC (if required)
    3 Document the decommission in the owning ESC’s Meeting Minutes using the Decommission Template

  2. If a board has not met in a year, the Governance Lead should consider if the board is still needed.