OMBA-11ITManagementandReporting

1、OMB A-11 IT Management and ReportingOffice of Management and Budget StaffMay 6 and 7, 20031AgendaBuilding Better Business CasesHigh level discussion of changes for FY05Individual Areas of the Business CasesIT Security and PrivacyIntegration into the Budget ProcessFederal Enterprise ArchitectureView

2、from the Resource Management Office (Budget)Financial Management Reporting2Changes from FY04 to FY05Section 53 All terminology changed from IT project to IT InvestmentRequirement for Draft Exhibit 53 (Summer)Federal Enterprise Architecture is addedWhat it means to be Green addedLinkage to the FEA is

3、 added to the Unique Investment Identifiers3Changes from FY04 to FY05Exhibit 53Unique Investment IdentifierUnique Investment Identifier (FY2004 Process)Investment TitleInvestment DescriptionTotal Investments for 2003, 2004, and 2005Financial percentageIT Security percentageHomeland Security Priority

4、 IdentifierDevelopment, modernization, enhancement for 2003, 2004, 2005Steady State for 2003, 2004, 20054Changes from FY04 to FY05Major Investment definition:investment was a major investment in the FY 04 submission and is continuing; investment is financial management and spends more than $500,000;

5、 investment is directly tied to the top two layers of the Federal Enterprise Architecture (Services to Citizens and Mode of Delivery); investment is an integral part of the agencys modernization blueprint (EA); investment has significant program or policy implications; investment has high executive

6、visibility; investment is defined as major by the agencys capital planning and investment control process; OMB may work with the agency to declare other projects as major investments. 5Changes from FY04 to FY05Section 300Location in the budget added to the introductionPART Review QuestionsAll termin

7、ology for IT changed to investmentsFederal Enterprise Architecture addedMore specificity in every sectionMulti-Agency Business Cases and requirementsOne business case for office automation, infrastructure, and telecommunicationsAll 300s must be in XML in order to be part of the budget submissionGove

8、rnment FTE added to the summary of spendingIntro added for each section identifying how to successfully address the section6Building Better Business CasesI.A. Investment Description & I.B. JustificationA collaborative investment that includes multiple agencies, state, local, or tribal governmentsSup

9、ports the Presidents Management Agendauses e-business technologiesinvestment is governed by citizen needssupports the Federal Business Architecture published by OMBIf investment is a steady state investment, then an E-Gov strategy review is underway and includes all of the necessary elements If appr

10、opriate, this investment is fully aligned with one or more of the Presidents E-Gov initiatives I.C. Performance Goals and MeasuresFEA will be discussed later in the presentation7Building Better Business CasesI.D. Project ManagementProject is very strong and has resources in place to manage it.Projec

11、t Managers are in place and successfully managing the projectIntegrated Project Teams are in place and include the correct skill setsMembers, Roles, qualifications, and contact information for in-house and contract managersIdentification of a Project ManagerIdentification of a ContractingIntegrated

12、Project TeamSponsor/Owner Assigned? Identified?Additional Information:OMB Capital Programming Guide OPM8Building Better Business CasesI.F. Risk Inventory & AssessmentAll 19 items addressedRisk Assessment performed at outset & managed throughout the life-cycleStatus of Risk as of the date of the busi

13、ness caseIn column for status: If not completed, show the milestone(s) for completion of risk mitigationDate of the most recent Risk Management Plan9Building Better Business CasesI.E. Alternative AnalysisIdentify all viable alternativesSelect the top 3 Viable AlternativesMarket ResearchDiscuss the m

14、arket research that was done to identify innovative solutions for this investment (e.g., used an RFI to obtain 4 different solutions to evaluate, held open meetings with contractors to discuss investment scope, etc.,). Also describe what data was used to make estimates: past or current contract pric

15、es for similar work, contractor provided estimates from RFIs or meetings, general market publications, etc.10Building Better Business CasesLife cycle costs analysis for each alternative Provide Assumptions. What data was used to make the estimatesChosen alternative and whyDefine return on investment

16、Risk adjusted/Quantitative benefits-savings, otherNet Present Value by Year and Payback Period CalculationsDate of the Benefits Costs Analysis11Investments not assessing 3 viable alternatives Consequences:Most cost effective solution providing greatest benefits not chosenOpportunities to collaborate

17、 are missedInnovative solutions are not pursuedNo backup plan if alternative chosen isnt the right oneSteps For Strengthening:Identify all possible alternatives and then down-selectIncrease Market research to identify innovative solutionsBenchmark against private industryUse consistent financial cri

18、teria across alternatives12Building Better Business CasesAcquisition StrategySingle or Several ContractsWhat type of contract/task order if single If multiple contract/task orders will be used discuss the type, how they relate to each other to reach the investment outcomes, and how much each contrib

19、utes to the achievement of the investment cost, schedule and performance goals. Discuss the contract/task order solicitation or contract provisions that allow the contractor to provide innovative, transformational solutions.13Building Better Business CasesAcquisition Strategy ContinuedPerformance-Ba

20、sed if not why not. For other that firm-fixed price, performance-based contracts, define the risk not sufficiently mitigated in the risk mitigation plan, for that contract/task order, that requires the Government to assume the risk of contract achievement of cost, schedule and performance goals. Exp

21、lain the amount of risk the government will assume. Will you use financial incentives to motivate contractor performance (e.g. incentive fee, award fee, etc.)?Discuss the competition process used for each contract/task order? Full and Open Limited using schedule or commercial item, etc.14Building Be

22、tter Business CasesAcquisition Strategy ContinuedWill you use commercially available or COTS products for this investment?If yes, to what extent will these items be modified to meet the unique requirements of this investment?What prevented the use of COTS without modification?If no. Why?15Building B

23、etter Business CasesAcquisition Strategy ContinuedHow will you ensure Section 508 compliance?What is the date of your acquisition plan? Keep it updatedPercentage of hardware acquisitionPercentage of software acquisitionPercentage of services acquisition16Investments not adequately planning and manag

24、ing acquisitionsConsequences:Unclear contracts do not mitigate risk to the governmentRelationship between primes and subcontractors not well designed thereby adding to the riskFailure to include procurement experts may not identify smartest choicesSteps For Strengthening:Increase the use of performa

25、nce based contractsReduce use of Time and Material contractsEnsure that modernization strategies include performance based criteriaEnsure the procurement shop is an integral player17Building Better Business CasesI.H. Investment and Funding PlanProvides Project Management information on total project

26、 Both Contractor and Government EffortsGovernment personnel costs = salaries plus fringe benefits of 32.5% of government personnel considered to be direct and indirect labor in support of the project. Includes the project management IPT and any other government effort (e.g., programming effort for p

27、art of the overall project development effort) that contributes to the success of the project. 18Building Better Business CasesI.H. Investment and Milestone Funding PlanMust use Earned Value Management System that meets ANSI/EIA Standard 748 Must demonstrate that the investment is meeting the planne

28、d cost, schedule and performance goalsUse Operational Analysis for Steady StateUse both for mixed life-cycleLots of information about EVMS at /pm19Government Establishes the Framework for the InvestmentAgency contract defines outcome/output requirementsContract requires contractor to use EVMS - ANSI

29、/EIA 748, to build proposal, manage contract performance, and submit EVMS data to Government. Contract defines EVMS software Government will use.Process Govt will use to verify 748 system 20ESTABLISH THE BASELINE1. DEFINE THE WORKTIME2. SCHEDULE THE WORK3. ALLOCATE BUDGETS$10080602040154021I.H.2 Ori

30、ginal BaselineCost and schedule goals for phase or segment/module of investmentMajor investment milestonesWhen will they occur and costFunding agency for each milestoneThis baseline is include in all subsequent reports, even when OMB has approved changes shown in I.H.322I.H.3 Proposed/Current Baseli

31、neWhen there are changes needed to original baseline or current OMB approved baseline. Shows new milestones and costsBLANK if no changes to original baseline. 23I.H.4.A Actual Performance and VarianceAll of I.H.4 is always filled in to show current status of investment. Compares OMB approved baselin

32、e and actual outcomes for phase, segment/module by milestone Shows baseline completion date and new estimated completion date, baseline costs and new estimate to complete. 24I.H.4.B Investment Summary As of date_ Must show:Budgeted Cost of Work Scheduled (BCWS)Budgeted Cost of Work Performed (BCWP)A

33、ctual Cost of Work Performed (ACWP)Cost curve plotting BCWS, BCWP and ACWP on monthly basis25COST PERFORMANCE REPORTINGKEY DATA ELEMENTS26Earned Value Trend Analysis27I.H.4.B.4 (Cont.) Provide the following EVMS AnalysisCost Variance $ and %Cost performance indexSchedule Variance $ and % Schedule Pe

34、rformance IndexTwo independent Estimate At CompletionVariance at Completion for both EACs28I.H.4.C and D C - Analysis of the reasons for cost and schedule variances of 10% or more at time of report or EAC is projected to by 10% or moreD Provide performance variance Explain whether IPT still expects

35、to achieve performance goals. If not, explain reasons29I.H.4.E, F and GE - Discuss estimate to complete (EAC)ContractorTwo commonly used EAC formulasRationale for the EAC chosen by IPTF - Corrective actions with risk - How close to original goals will be result G - Agency Head concurrence to continu

36、e30Operating investmentsMust be monitored with an Operational Analysis System to track:How close actual annual operating and maintenance costs are to the original life-cycle estimatesWhether level or quality of performance /capability meets performance goals and continues to meet user needs31Address

37、ing IT Security, Homeland Security, and Privacy in IT Budget MaterialsKamela WhiteInformation Policy and TechnologyOffice of Management and Budgetkgwhite32IT Budget MaterialsExhibit 53, IT PortfolioIT SecurityHomeland Security300, Capital Asset Plan and Business CaseIT SecurityHomeland SecurityPriva

38、cy33Exhibit 53 IT SecurityMust report security costs per systemAssociate spending with level of performance 0 = no security controlsProvide additional information where necessaryWhat should security costs consist of?Products, procedures, personnel, etc. that are primarily dedicated to or used for pr

39、ovision of security controls:employee training, security inspections and audits, vulnerability and penetration testing.34Exhibit 53 IT Security (continued)Products, procedures, personnel, etc. that have as an integral component a quantifiable benefit to security:privacy training, system/program eval

40、uations.Supports Homeland Security means an IT investment that supports the homeland security mission areas of:Intelligence and Warning,Border and Transportation Security,Defending Against Catastrophic Threats,Protecting Critical Infrastructure and Key Assets,Emergency Preparedness and Response, and

41、Other. 35Exhibit 300 Part I. Capital Asset Plan and Business CaseIT SecurityWas this investment reviewed as part of the FY03 Federal Information Security Management Act review process?If yes, were any weaknesses found? Have the weaknesses been incorporated into the agencys corrective action plans?36

42、Part I. (continued)Has this investment been identified as a national critical operation or asset by a Project Matrix review or other agency determination?If no, is this an agency mission critical or essential service, system, operation, or asset (such as those documented in the agencys COOP Plan), o

43、ther than those identified as above as national critical infrastructures?37Part I. (continued)Homeland SecuritySupports Homeland Security means an IT investment that supports the homeland security mission areas of:Intelligence and Warning,Border and Transportation Security,Defending Against Catastro

44、phic Threats,Protecting Critical Infrastructure and Key Assets,Emergency Preparedness and Response, andOther. PrivacyWas a privacy impact assessment performed for this IT investment?38Part I. (continued)Section I.F. Risk Inventory and Assessment Identify security and privacy risks, also provide info

45、rmation of the level of risk (high, medium, or basic); andWhat factor determined the risk level (confidentiality, integrity, or availability)39Part II. Additional Business Case Criteria for ITSection II.B. Security and PrivacyHow is security funded?Level of risk and security controls?Does the IT inv

46、estment meet security requirements:up-to-date security plan?fully certified and accredited?security controls tested?users trained?incident response capability?security in contracts?40Part II. (continued)PrivacyAppropriate controls to protect privacy for systems that promote or permit public access?A

47、gency ensure that handling of personal information is consistent with govt-wide and agency policies?Performed a privacy impact assessment?41Privacy Impact Assessment (PIA)A PIA is a process for examining the risks and ramifications of collecting, maintaining, and disseminating personally identifiabl

48、e information in an information system; and for identifying and evaluating alternatives and protections to mitigate the impact to privacy of collecting personal information.PIAs are required for all major IT systems and all new systems that are requesting fundingPIAs are required for new online info

49、rmation collections under the Paperwork Reduction Act.42RMOs Viewpoint1. Negotiated Process. IT and Programmatic Considerations.Emphasize that OMB-agency negotiate the process. Investments can be disapproved on either IT (300) grounds, or programmatic grounds - or sustained for programmatic reasons

50、while a get well plan is pursued with respect to weaknesses in the IT business case.2. IT and Overall Budget Justifications Should Be Integrated. Integration Should Be Built Into An Agencys Budget Formulation Process (just as it is increasing at OMB). In FY 2005, IT justifications will matter more.IT shops and budget shops should understand well how both aspects of agency budget requests relate. More OMB account examiners and OMB