Sens. Johnson, Carper Seek Answers on IRS IT Flaws

Chairman Ron Johnson (R-Wis.) and Ranking Member Tom Carper (D-Del.) wrote to the Treasury's chief information officer, Sanjeev "Sonny" Bhagowalia, asking why leaders of the Internal Revenue Service (IRS) told Congress in 2014 that three IRS information technology projects were in trouble and another four faced risks, yet all of the projects were rated "green" -- or untroubled -- on the public "IT Dashboard" that's meant to apprise the public about federal performance.

The IT Dashboard is meant to alert taxpayers of significant risks in agency IT projects that can potentially lead to costly delays or overblown budgets.

Senator Johnson said, "The federal government spends over $80 billion per year on information technology, and all too often, billions of that is wasted due to cost overruns, delays and failed projects. The Office of Management and Budget's IT Dashboard website has the potential to be a valuable tool in identifying and mitigating risk before taxpayer dollars are wasted. Yet this tool is only useful if the information it provides is accurate and up to date. Often, it is not. Agencies and OMB must do a better job ensuring that Congress and taxpayers alike can track the progress of IT projects and understand where their hard-earned dollars are going. Last December, the committee-passed Federal IT Acquisition Reform Act (FITARA) was signed into law. FITARA included several provisions codifying and improving the IT Dashboard. This committee will remain focused on ensuring that agencies and OMB are complying with the law and providing timely and accurate assessments of their IT risk to the public."

Senator Carper said, "When it comes to analyzing the billions of taxpayer dollars the federal government is spending on information technology, the 'IT Dashboard' is a window where there once was a wall. This tool holds great potential to help both Congress and the public better understand how taxpayer dollars are spent on the federal government's major information technology projects. However, the IT Dashboard is at risk of not achieving its full potential if it lacks accurate information and transparent reporting of program risk. I look forward to gaining more clarity on this issue from the Department of Treasury. At the same time, I urge all agencies to continue to improve their process for reporting, tracking and measuring progress on this important initiative, and to move forward with implementation of the Federal IT Acquisition and Reform Act, which I worked with my colleagues to help enact last year."

The Federal Information Technology Acquisition Reform Act (FITARA), approved by the committee in the 113^th Congress, was included in the FY 2015 National Defense Authorization Act (NDAA). FITARA, now law, contains provisions to make IT investments more transparent to taxpayers by making the cost, schedule, and performance data for agencies' IT investments publically available on the IT Dashboard. The law also requires the Office of Management and Budget to issue new guidance intended to improve the quality of the Dashboard, and required agency CIOs develop plans for improving Dashboard information that is not timely and reliable. Agency CIOs, in consultation with the Office of Management and budget, must report to Congress on root causes of high risks in major IT acquisitions and describe plans to address those risks.

A copy of the letter can be found here.

The Committee on Homeland Security and Governmental Affairs is examining the lack of transparency and inaccuracy of risk information related to the federal government's information technology (IT) projects.

As you are aware, in June 2009, the Office of Management and Budget (OMB) launched the "IT Dashboard," a public website that displays important performance and risk information on major federal IT projects. In addition to cost and schedule performance data, the IT Dashboard displays overall risk evaluations for each major IT project by the respective agency Chief Information Officer (CIO).¹

The value of the IT Dashboard to taxpayers is dependent upon the accuracy and timeliness of the risk information it displays. Inaccurate or dated information prevents the public from understanding how their tax dollars are being used and inhibits Congress' ability to track the progress of IT projects over time. As such, we are concerned that a number of agencies appear to be reporting questionable risk ratings for their respective IT projects.

As noted in a February 2015 report by the Government Accountability Office (GAO), the Internal Revenue Service (IRS) Chief Technology Officer (CTO) provides quarterly summary-level risk assessments to Congress for 13 major IRS IT projects.² These assessments are determined during quarterly meetings between the IRS CTO and Deputy CIOs, and are "based on these officials' knowledge of each of the major projects as well as an assessment of six key performance indicators (cost, schedule, scope, risk, organizational readiness, and technical)."³

In the fourth quarter of FY 2014, three IRS projects were rated "red" by the CTO, indicating that "an eminent threat has been identified that puts the program deliverables in jeopardy."⁴ An additional four projects were rated "yellow," indicating that "risks have been identified, but the occurrence of such risks will not impede the core mission of the program."⁵ Together, these projects total more than $1.4 billion in spending in FY 2015, with many suffering significant cost and schedule variances.⁶

Despite the significant risks identified by the IRS CTO for these seven major IT projects, the IT Dashboard indicated that each of these projects were "green" (i.e., "low risk" or "moderately low risk") for the entirety of FY 2014. In fact, for the past several quarters through today, the IT Dashboard reports that none of the Department of Treasury's roughly 60 major IT projects are "high risk" or even "moderately high risk."

Given the clear discrepancy between the information reported by Treasury to the IT Dashboard and the ratings provided to Congress by the IRS, we request that you provide the Committee with the following information:

The Committee on Homeland Security and Governmental Affairs is the chief investigative committee of the United States Senate. Rule XXV of the Standing Rules of the Senate authorizes the Committee to investigate "the efficiency, economy, and effectiveness of all agencies and departments of the Government."⁷ Additionally, S. Res. 73 (114th Congress) authorizes the Committee to examine "the efficiency and economy of all branches of the Government including the possible existence of . . . waste . . . and the improper expenditure of Government funds. . . ."⁸

If you have any questions regarding this request, please contact Sean Casey with the Majority Committee staff at sean_casey@hsgac.senate.gov, or Matt Grote with the Minority Committee staff at matt_grote@hsgac.senate.gov. Thank you for your attention to this matter.

² The 13 major projects are: Affordable Care Act Administration (ACA); Account Management Services (AMS); Electronic Fraud Detection System (EFDS); Foreign Account Tax Compliance Act (FACTA); Individual Master File (IMF); Integrated Customer Communication Environment (ICCE); Integrated Data Retrieval System (IDRS); Integrated Financial System/CORE Financial System (IFS); Integrated Submission & Remittance Processing System (ISRP); IRS End User Systems and Services (EUSS); IRS Main Frame and Servers Services and Support (MSSS); IRS Telecommunications Systems and Support (TSS); and Service Center Recognition/Image Processing System (SCRIPS).

³ Government Accountability Office, Information Technology: Management Needs to Address Reporting of IRS Investments' Cost, Schedule, and Scope Information, GAO-15-297 (Washington, D.C.: February 25, 2015).

⁴ Id. at 19.

⁵ Id. at 19.

⁶ Office of Management and Budget, IT Dashboard, Department of Treasury Investments, available at: https://itdashboard.gov/portfolios/agency=015.

⁷ S. Rule XXV(k); see also S. Res. 445, 108th Cong. (2004).

⁸ S. Res. 73 § 12, 114th Cong. (2015).