Tax agency punted on $12M email system

The IRS authorized the purchase of a $12 million email system it never used, according to a report from the Treasury Department's Inspector General for Tax Administration.

The IRS has been beset by email woes since the case of Lois Lerner made headlines in 2013. The former director of IRS' Exempt Organizations unit was the chief player in an apparent effort to deny conservative-leaning organizations tax-exempt status. Republicans in Congress pursuing the case were stymied when the IRS was unable to produce much of Lerner's email record, claiming that the hard drive of a computer used by Lerner and backup tapes of emails were all destroyed.

Politics and scandal aside, the episode revealed that the IRS permitted employees just 150MB of email storage at the time, because the agency used an on-premise system with limited storage. The system also lacked archiving capability, and backups were stored on tapes that were themselves destroyed according to a regular schedule. According to a June 2014 letter to the Senate Finance Committee, the IRS spent about $10 million directly on the hunt for Lerner's email and an additional $6 million to $8 million to modify existing systems to support the production of materials from other accounts that were relevant to the case.

It was against this backdrop, in August 2014, when the IRS prepared a draft proposal seeking a new cloud-based email-as-a-service solution to operate on a Microsoft Office 365 environment. In addition to solving its problems of email retention, such a system would prepare the IRS to comply with a governmentwide directive to manage email records in electronic format by the end of 2016.

Instead of fielding the draft, the IRS went ahead with the $12 million acquisition of subscriptions to Microsoft Office 365 ProPlus and Exchange Online, treating the buy as an upgrade.

However, it was not to be. According to the TIGTA report, "[t]he purchase was made without first determining project infrastructure needs, integration requirements, business requirements, security and portal bandwidth, and whether the subscriptions were technologically feasible on the IRS enterprise."

The report found that "IRS executives and personnel were aware that the IRS did not have the infrastructure to utilize the software on premises, but the IRS had not yet determined all of the requirements or performed the necessary cost analysis and security assessments needed to use the Microsoft Government Community Cloud when the subscriptions were acquired."

According to the report, the IRS may have violated a provision of appropriations law by not fielding the system in the same fiscal year when the funds to purchase the system were allocated by Congress.

The IRS CIO shop sees the acquisition differently.

"We want to reiterate here again that we strongly disagree with the assertions that we wasted taxpayer dollars, that we did not follow appropriate management practices and that we deviated from the [Federal Acquisition Regulation]," IRS CIO S. Gina Garza said in reply comments.

According to Garza, the purchase was part of a larger strategy to save money by purchasing software subscriptions from Microsoft, rather than buying perpetual licenses.

"The transition from a perpetual license model to a subscription model provided more flexibility and efficient management of licenses by ensuring the IRS maintains rights to the most current version of capabilities as software upgrades are released," Garza said.

The IG countered that evidence of promised savings – a figure that, according to Garza, is upward of $127 million -- was never shared by IRS. The report also noted that since the IRS had to use its existing perpetual licenses while sitting on the $12 million in EaaS subscriptions, the expenditure was "a waste of taxpayer funds."