Transcript ITIM Process Assessment

Standards in Government IT
Management Process Improvement
Road Map to IT Success
Presented by Stephen Hyland and Steven Tauber
1
Agency is Responsible for Meeting
Legislative and Regulatory Mandates
Government
Performance and Results Act of 1993
(GPRA)
–
Is the primary legislative framework through which agencies are required
to set strategic goals, measure performance, and report on the degree to
which goals were met. It requires each federal agency to develop
strategic plans that cover a period of at least 5 years and include the
agency's mission statement; identify the agency's long-term strategic
goals, and describe how the agency intends to achieve those goals
through its activities and through its human capital, information, and other
resources.
Information
Technology Management Reform Act of
1996 (Clinger-Cohen Act)
-
2
Link IT investments to agency accomplishments and establish and
measure processes for selecting, managing, and controlling IT
investments
Agency is Responsible for Meeting
Legislative and Regulatory Mandates
(cont’d)
OMB
Circular A-130: Management of Federal
Information Resources
-
Monitor and evaluate the performance of information resource
investments through a capital planning and investment control process,
and provide advice on whether to continue, modify, or terminate a
program or project
-
Advise the agency head on budgetary implications of information
resource decisions
-
Be an active participant throughout the annual agency budget process in
establishing investment priorities for agency information resources
E-Government Act of 2002 (FISMA)
– To enhance the management and promotion of electronic Government
services and processes, and by establishing a broad framework of
measures that require using Internet-based information technology to
enhance citizen access to Government information and services.
3
OMB’s Circular A-11 Requires the
Annual Filing of Information

Exhibit 300 -- Planning, Budgeting, Acquisition and
Management of Capital Assets
–
–

Exhibit 53 – Information Technology and EGovernment
–
–
4
used to report Major System Acquisitions
Is the basis for OMB approved funding
OMB IT budget approval is based on this report.
Is one of the reports OMB uses to ensure that Capital projects are in
compliance with the Capital Planning and Investment Control
requirements.
GAO Established an Approach for Life
Cycle Management of IT Investments
?
How do you
know you have
selected the
best projects?
Select
Phase
• Screen
• Rank
• Select
Evaluate
Phase
• Conduct
reviews
• Make
adjustments
• Apply lessons
learned
?
Are the systems
delivering what
you expected?
5
?
Control
Phase
• Monitor progress
• Take corrective
actions
How are you
ensuring that
projects deliver
benefits?
GAO’s ITIM Vision: Framework for
Organizational Improvement





6
Improve the likelihood that IT investments will be
completed on time and on budget
Promote a better understanding and management
of IT-related risks
Ensure that IT investments are selected based on
their merits by a well-informed decision-making
body
Implement process management improvement
ideas and innovations
Increase the business value and mission
performance improvements of IT investments
GAO’s ITIM Vision: Framework for
Organizational Improvement
Enterprise and
Strategic Focus
Stage 5
Leveraging IT for
Strategic Outcomes
Stage 4
Improving the
Investment Process
Stage 3
Developing a Complete
Investment Portfolio
Stage 2
Building the
Investment Foundation
ProjectCentric
7
Stage 1
Creating Investment
Awareness
Investment benchmarking and IT-enabled change
management techniques are deployed to
strategically share business outcomes.
Process evaluation techniques focus on improving
the performance and management of the
organization's IT investment portfolio.
Comprehensive IT investment portfolio selection
and control techniques are in place that incorporate
benefit and risk criteria linked to mission goals and
strategies.
Repeatable investment control techniques are in
place and the key foundation capabilities have been
implemented.
There is little awareness of investment management
techniques. IT management processes are ad hoc,
project-centric, and have widely variable outcomes.
What ITIM Means to the Gov’t CIO






8
Enterprise-wide focus on IT investment
management
Evaluates all areas of CIO activities
Rigorous, standardized tools for evaluations of an IT
investment management strategy
Identifies policy deficiencies and efficient corrective
actions
Simplifies the completion of required filings for
funding of IT investments: OMB Exhibit 300B
Consistent and understandable mechanism for
reporting results to agency executives, Congress,
GAO, and other interested parties
What is an ITIM Assessment?
9

Objectively evaluates the existing information
technology investment maturity

Produces a road map for prioritizing and meeting
legislative and regulatory mandates (GAO and OMB)
and meeting mission goals

Establishes strategies for effectively managing
information resources across the enterprise and
identifies areas with maximum ROI

Fosters collaboration through the adoption of
standards that bridge functional and organizational
boundaries
Holistic Approach to ITIM Maturity
Assessment
Enterprise
Architecture
Information
Security
Budget and
Planning
Hardware,
Software &
Services
Acquisition
Software
Development
IT Investment
Management
Operations
and
Maintenance
Human
Capital
Data
Management
10
Records
Management
Approach Provides a Framework for
Continuous Process Improvement
Evaluate
Progress
Plan
Project
Execute
Plan
Plan
Implementation
11
Assess
Current
State
Envision
Future
State
Phases of ITIM Assessment
Methodology
PHASE 1
Plan Project
Identify and Scope
Processes to be
Analyzed
Obtain Executive
Management
Support
Confirm Strategic
Objectives
Select Project Team
Assess Current
State
Define Standards
and Establish
Measurable Criteria
Evaluate Current
Policy/Processes
and Documentation
Identify Gaps and
Key Improvement
Opportunities
PHASE 4
Create
Transition
Strategy
Execute
Transition
Strategy
Monitor and
Evaluate
Progress
Educate/Train on
Processes, Policies,
Procedures & Tools
Determine
Transition Rate
Constraints
Define Technology
Requirements
Institute and
Execute Policies
Develop Transition
Strategy
Finalize
Recommendations
Manage Change
12
Monitor
Performance
Institute and
Execute Processes
Define
Organizational
Requirements
Define Benefits
Assess
Organizational
Change Readiness
PHASE 3
Identify Best
Practices
Define
Policy/Process
Requirements
Identify Key
Stakeholders
Develop Project
Plan
Envision Future
State
PHASE 2
Evaluate
Performance
Institute and
Execute Procedures
Enterprise Architecture

Measure compliance with legislative and regulatory standards

Provide integration with Federal Government EA Frameworks
– OMB’s FEA, Federal CIO Council’s FEAF, Treasury’s TEAF, and
DoD’s C4ISR
– E-Gov Common Reference Model

Establish a baseline for conducting future Enterprise
Architecture self-assessments to measure progress
–
–
13
GAO’s A Framework for Assessing and Improving Enterprise
Architecture Management, Version 1.1
CIO Council’s Practical Guide to Federal Enterprise Architecture
Information Security
14

Measure compliance with legislative and regulatory standards
– Government Information Security Reform Act (GISRA)
– Computer Security Act
– Paperwork Reduction Act

Identify opportunities for effectively managing Information
Security at an enterprise level

Establish a baseline for conducting future Information Security
self-assessments to measure progress
– CIO Council’s Federal Information Technology Security
Assessment Framework
– NIST Security Self-Assessment Guide for Information Technology
Systems (NIST SP 800-26)
– NIST Contingency Planning Guide for Information Technology
Systems (NIST SP 800-34)
Budget and Planning

15
Measure compliance with legislative and regulatory standards
–
OMB Circular A-11, Part 7: Planning, Budgeting, Acquisition and
Management of Capital Assets
–
OMB Program Assessment Rating Tool (PART)
–
President’s Management Agenda: Agency Scorecards

Identify opportunities for effectively managing Budget and
Planning across the enterprise

Establish a baseline for conducting future Budget and Planning
self-assessments to measure progress
IT Human Capital
16

Measure compliance with legislative and regulatory standards
– Clinger-Cohen Act
– OMB Circular A-130
– GAO IT Investment Management Framework

Identify opportunities for effectively managing Human Capital at
an enterprise level

Establish a baseline for conducting future Human Capital selfassessments to measure progress
– Office of Personnel Management Human Capital Framework
– Software Engineering Institute’s People Capability Maturity Model
Software Development
17

Measure compliance with legislative and regulatory standards
– Clinger-Cohen Act
– OMB Circular A-130
– GAO IT Investment Management Framework

Identify opportunities for effectively managing Software
Development life cycle at an enterprise level

Establish a baseline for conducting future Software
Development self-assessments to measure progress
– Software Engineering Institute Capability Maturity Model (SEI
CMM)
– Software Engineering Institute Capability Maturity Model
Integration (SEI CMMI)
– ISO 9000
IT Hardware, Software & Services
Acquisition
18

Measure compliance with legislative and regulatory standards
– Clinger-Cohen Act
– OMB Circulars A-11, A-130, and A-109
– Federal Acquisition Streamlining Act (FASA)

Identify opportunities for effectively managing
Hardware/Software Acquisition across the enterprise

Establish a baseline for conducting future HW/SW Acquisition
self-assessments to measure progress
– GAO IT Investment Management Framework
– Software Engineering Institute Software Acquisition Capability
Maturity Model (SEI SA-CMM)
Records Management
19

Measure compliance with legislative and regulatory standards
– Government Paperwork Elimination Act
– 5 USC Sec. 522 - Freedom of Information Act
– 40 CFR Part 16 - Privacy Act

Identify opportunities for effectively managing Records
Management at an enterprise level

Establish a baseline for conducting future Records Management
assessments to measure progress
– NARA Records Management Self-Evaluation Guide
Data Management

Measure compliance with legislative and regulatory standards
–
20
Section 515 of P.L. 106-554: Data Quality Act

Identify opportunities for effectively managing Data and
Information at an enterprise level

Establish a baseline for conducting future Data Management selfassessments to measure progress
– Michael Brackett’s Ten Best Practices for Effective Data Quality
– Larry English’s Improving Data Warehouse and Business
Information Quality
Operations and Maintenance
21

Measure compliance with legislative and regulatory standards

Identify opportunities for effectively managing Operations and
Maintenance activities at an enterprise level

Establish a baseline for conducting future Operations and
Maintenance self-assessments to measure progress
– IT Service Capability Maturity Model (ITS CMM)
– Software Engineering Institute Software Engineering Capability
Maturity Model (SEI SE-CMM)
ITIM Process Improvement Methodology

Provides an adaptable methodology based on needs and
objectives

Evaluate status against legislative and regulatory requirements
–
–

Provides roadmap for achieving your IT vision
–
–

–
Provide execution assistance, specifically in areas of business process
re-engineering, and template and tool evaluation and selection
Metrics of success
Implement and Evaluate
–
22
Produce Transition Strategy, including Communications, Quality
Assurance, and Risk Management Plans
Provide ROI basis for decisions
Execute Transition Strategy
–

Define Evaluation Criteria/Standards
Perform Gap Analysis and produce detailed Recommendations
Support planning and execution of ongoing monitoring strategies,
processes, and tools (self-assessments or independent)
Presenters


23
Stephen Hyland
The Orkand Corporation
Program Manager
(703) 648-5938
[email protected]
Steven Tauber
BearingPoint
Manager, Federal eGovernment
(703) 747-7131
[email protected]