2.173.1 IT Governance Policy

Manual Transmittal

February 09, 2024

Purpose

(1) This transmits revised IRM 2.173.1, IT Program Governance, IT Governance Policy

Material Changes

(1) IRM 2.173.1 - Updated to include all required internal controls and reorganized related subsections.

(2) IRM 2.173.1 - Minor editorial changes to include plain language, correct broken links, updated authority and organizational terms to increase clarity.

(3) IRM 2.173.1.1, Original Section 2.173.1.1.1.1 - Purpose, realigned to Programs Scope and Objectives to align with the required internal controls format.

Effect on Other Documents

IRM 2.173.1 dated January 28, 2022, is superseded.

Audience

IRS IT employees and contractors who support reporting and oversight activities of IT programs, projects, and portfolios.

Effective Date

(02-09-2024)


Rajiv Uppal
Chief Information Officer

Program Scope and Objectives

  1. This IRM provides the purpose, scope, authority, and mandates for Information Technology (IT) governance policy.

  2. Purpose: The purpose of this IRM is to establish the authority, responsibility, processes, and procedures for IT governance. IT governance provides a framework of accountability, transparency, and decision-making on the IRS IT investment portfolio.

  3. Audience: IRS IT employees and contractors who support reporting and oversight activities of IT programs, projects, and portfolios.

  4. Policy Owner: IRS IT, Strategy and Planning

  5. Program Owner: IRS IT, Strategy and Planning, Investment and Portfolio Control and Oversight (IPCO), Investment and Portfolio Governance (IPG)

  6. Primary Stakeholders: All IRS IT organizations and business units

  7. Program Goals: The goal is to outline the IT Governance framework for providing effective oversight and decision-making on IRS IT programs, projects, and portfolio investments.

Background

  1. IT Governance is a subset of the broader IRS Governance structure that provides a decision-making and oversight framework for the execution and delivery of IT investments, programs, and projects.

  2. Investment and Portfolio Governance (IPG) within IT Strategy and Planning, oversees and manages IT Governance and guides Governance Boards, Executive Steering Committees, IT programs, and stakeholders on established governance procedures and processes.

  3. IT Governance is comprised of two types of governance bodies working together to provide a forum for governance oversight and decision making, 1) Governance Boards and 2) Executive Steering Committees.

Authority

  1. Authority for this IRM includes:

    • Federal Information Technology Acquisition Reform Act (FITARA)

    • OMB Circular No. A-130, Managing Information as a Strategic Resource

    • OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget

    • Treasury Directive 81-01, Treasury Information Technology (IT) Programs

    • Additional sources of authority can be viewed on the IPG SharePoint site

Responsibilities

  1. IPG supports the overarching governance activities across the various IT governance boards and provides tools and resources to impacted stakeholders to ensure compliance throughout the enterprise.

  2. IT Governance is comprised of two types of governance bodies working together to provide a forum for governance oversight and decision making, 1) Governance Boards (GB) and 2) Executive Steering Committees (ESC). An ESC or GB may establish a lower-level Advisory Boards (AB) to provide support and recommendations, while maintaining executive oversight responsibilities.

  3. A governance board is a chartered body responsible for conducting governance as set out in its governance board charter. The full listing of IT governance boards and charters are located on the IPG SharePoint site.

  4. IT governance reflects a hierarchical framework. ESCs are the top level of governance and supported by GBs and ABs. See the table below for an overview of board responsibilities:

    Governance Board Type Responsibilities
    ESC
    • Oversee assigned IT portfolio performance

    • Resolve escalated risks and issues

    • Oversee and support subordinate GBs and ABs

    • Oversee IT portfolio decisions as outlined in the IT governance Decision Matrix

    GB
    • Recommend scope and schedule changes to the ESC

    • Manage portfolio performance and risk

    • Escalate unresolved risks and issues

    • Manage decisions, risks and issues delegated by the ESC

    • Monitor and report on cost, schedule, risk and scope variance of the programs and projects

    AB
    • Recommend and maintain escalation criteria

    • Recommend portfolio selection criteria

    • Provide Subject Matter Expertise and advise ESCs and GBs

  5. The table below identifies key IT governance stakeholders and their responsibilities:

    Stakeholder Description Responsibilities
    Board Chair Sponsoring senior executive Lead meetings, set agendas, delegate as appropriate
    Board Vice-Chair Supporting senior executive Assist and support the Chair in performing their duties and responsibilities
    Voting Board Member Key business or IT resource owners responsible for IT investments in the Board portfolio Discuss, evaluate, and make decisions. Vote or appoint a proxy to vote. Provide input to agendas.
    Advisor (Non-voting Board Member) Key functional or process owner enabling sound Governance Provide expertise to support risk and issue discussions. Provide input to agenda.
    IT Project Manager Manages a project Report on project/program status, cost, schedule, scope, and risks. Responsible for project implementation and execution. Ensure enterprise processes and requirements are followed including registering projects in OPPM (ProSight).
    Governance Lead Supports and delivers effective board meetings Support the ESC or GB and its board meetings. Create, distribute, and archive meeting minutes.

Program Management and Review

  1. Program reports are generated using data sourced from the IT portfolio management tool and referenced during IT governance board meetings to support decision making.

  2. Records are maintained for all board meeting decisions, presentations and supporting artifacts to measure the program’s effectiveness.

Program Controls

  1. This program uses the IRS Internal Management Documents System to establish controls.

Terms/Acronyms

  1. IT governance provides a framework for IT investment portfolio decision-making. IT governance identifies the decisions, rights, and accountability necessary to track and achieve desired results with IT investments.

  2. Below are key IT governance terms and definitions:

    Term Definition
    IT Investment A single line item of funding in the IT Portfolio. Frequently a related set of procurements, projects, programs, and operations organized around a mission, related business functionality, or an end-to-end process.
    IT Program A group of organizational or functionally related projects managed in a coordinated way to obtain benefits and control not available from managing them individually.
    IT Project An IT endeavor with a unique start and end date following a defined software development lifecycle, or an implementation schedule and has approved funding and staffing resources which can be planned, monitored, measured, and controlled which directly result in a unique product for business functionality. IT Projects are undertaken for development, modernization, enhancement, disposal, or maintenance and are funded from a specific investment with a Unique Investment Identifier (UII) which determines ESC alignment. Projects are assigned to a GB based on functionality and organizational alignment and are responsible for regular performance reporting.
    IT Portfolio A collection of IT projects, programs, and/or investments used to represent the inventory of IT work being conducted and executed throughout the service for the given fiscal year, and within the confines of the IT budget.
    Escalation Escalation is the process for reporting and escalating program / project risk up from a subordinate GB to an ESC.

  3. Below is a list of IT governance acronyms:

    Acronyms Description
    AB Advisory Board
    ESC Executive Steering Committee
    FITARA Federal Information Technology Acquisition Reform Act
    GB Governance Board
    IPG Investment and Portfolio Governance
    PM Project Manager
    UII Unique Investment Identifiers

Related Resources

  1. Investment and Portfolio Governance (IPG) team supports IT governance with resources that can be found on the IPG SharePoint site including:

    • IT Governance Framework

    • IT Governance Decision Matrix

    • IT Governance Decision Log

    • IT ESC and GB charter and voting membership details

  2. The IRS Knowledge Management Governance page also provides an overview of IRS governance, a list of IRS governance boards, and governance resources.