February 28, 1997

Mr. John A. Koskinen, Chair
Chief Information Officer Council
Room 260, Old Executive Office Building
17th Street & Pennsylvania Ave., N.W.
Washington, DC 20503

Dear Mr. Koskinen,

On behalf of the CIO Council, the Committee on Capital Planning and IT Investment recently concluded a "Best Practices Forum" to explore and share the experience of Pilot agencies as they implement the capital planning provisions of the Clinger-Cohen Act of 1996. Enclosed is the report from the forum, Information Technology Investment: "First Practices," which outlines the emerging practices and strategic development by our Pilot agencies, as well as the discussion of other participants. The report is a record of an off-site, day-and-a-half facilitated work session held February 3-4, 1997. More than 50 people from 26 different agencies attended, highlighting the interest in this topic throughout the Government.

We designed the session to share progress among Federal agencies so that they can incorporate Information Technology investment review into their budget process for FY 1999. Members of the CIO community shared their experiences, including reports from seven Pilot demonstration agencies. The participants reported finding similar successes and challenges, even though their operating circumstances are understandably diverse.

The report summarizes "first practices," as opposed to "best practices," because we found that most agencies still are working through the processes they must install to meet the requirements of the Clinger-Cohen Act. Accompanying each practice, however, is a discussion of how the participating agencies expect to move from ‘first’ to ‘best’ practices.

We hope Agency CIO’s find the report valuable for crafting their initial investment review processes.

Sincerely,

          /s/                                                                      /s/

Joe M. Thompson                                             Paul Wohlleben
Chief Information Officer                                   Deputy Chief Information Officer             
General Services Administration                         Environmental Protection Agency       
Committee Chair                                               Session Moderator       

Enclosure

FOREWORD

The CIO Council’s Committee on Capital Planning and IT Investment is pleased to present Information Technology Investment: "First Practices." This document was the result of a day-and-a-half session held specifically to address the CIO Council’s recommendation:

Development of best practices forum for incorporation of
IT investment into department planning process very quickly
before FY 1999 budget process begins.

Woody Hall - Department of Energy
Liza McClenaghan - Department of State
Al Pesachowitz - Environmental Protection Agency
Anne Reed - Department of Agriculture
Joe M. Thompson - General Services Administration
Rear Admiral John Tozzi - United States Coast Guard
Steven Yohai - Department of Housing and Urban Development

The level of participation underscored the intense interest within the Chief Information Officers’ community in applying the principles of information technology investment management to their agencies and in complying with the provisions of the Act.

A special thanks to Paul Wohlleben, Environmental Protection Agency, for facilitating this compilation of emerging best practices and to Joe Thompson, Chief Information Officer at the General Services Administration, for creating an environment for exchanging critical ideas and leveraging expertise across Government.

For further information on the report, including an electronic copy, call John R. Adams at (202)260-3632, or reach him via electronic mail at adams.john@epamail.epa.gov.

We intend to place this document on the World Wide Web during the month of March, 1997. Look for it at http://www.itpolicy.gsa.gov.

EXECUTIVE SUMMARY

On February 3 and 4, 1997, the CIO Council Committee on Capital Planning and IT Investment Control held a "First Practices Forum" working session to identify efforts by Federal agencies to meet the requirements of the Clinger-Cohen Act, formerly known as the Information Technology Management Reform Act, or ITMRA. The intent of the session was to identify "first practices" (as opposed to the "best practices" that will eventually emerge).

Approximately 50 individuals from 26 agencies attended (see Appendix B). The attendees reported that few agencies have existing capital investment processes, and generally those are for investments other than information technology. On the other hand, all agencies recognize that they must promptly implement a capital planning process in compliance with the Act.

IT Capital Planning Pilots

Seven agencies had volunteered to launch Capital Planning Pilots during FY 1997. These efforts will feed into their FY 1999 budget processes, and the lessons learned from these pilots will be useful to all Federal agencies as they begin to establish full selection, control, and evaluation processes for IT investments within their agencies. Representatives from the following agencies presented their pilot projects during the first day of the forum:

- HUD
- Agriculture
- State
- General Services Administration
- EPA
- Coast Guard
- Energy

Results of the Forum

All participants shared ideas on the second day of the forum, building on the presentations of the first day. Nine outstanding "first practices" emerged as the agencies began to assess what works in establishing capital planning for Information Technology:

1.    Secure Senior Management Commitment and Participation.
2.    Establish an Executive-Level Investment Review Board.
3.    Select the Right Investments (Using Established Criteria).
4.    Determine Costs of Present Systems.
5.    Address Costs, Benefits, and Risks of Planned Investments.
6.    Provide Staff Analysis to the Investment Review Board that Informs Decision Making.
7.    Make Decisions when Needed.
8.    Control Initiatives Throughout the Life Cycle.
9.    Evaluate Results for Lessons Learned.

Success Factors

In addition to the "first practices," the attendees cited several critical success factors:

• Focus on agency-wide business processes.
  
• Ensure senior level management involvement in decision making.
  
• Build a shared vision throughout management.
  
• Sell the value of the analysis to decision-makers.
  
• Agency head must promote the CIO as key advisor.
  
• Make the goal of informed decision making the cornerstone of the IT investment program.
  
• Recognize that improving IT investment management will be a long term process, and plan accordingly.
  
• Ensure that investment decisions are strongly linked to mission strategic objectives.
  
• Use the investment process primarily for analysis, planning, and control, not for tracking and reporting.
  
• Present the results of the analysis in terms relevant to program managers and top management -- make the business case.
  
• Institutionalize the "Raines Rules" that state policy guidance from the Office of Management and Budget.

TABLE OF CONTENTS

Foreword

Executive Summary

I.     INTRODUCTION

II.    FIRST PRACTICES

III.   PILOT PROJECTS

APPENDICES

A.    Agenda
B.    Agencies Represented

EXHIBITS

1. Sources of Guidance
2. "Raines’ Rules," from OMB Memorandum of October, 1996
3. Investment Evaluation "Cube" from GAO’s Assessing Risks and Returns
4. Balanced Scorecard, from GSA’s Eight Steps

I. INTRODUCTION

On February 3 and 4, 1997, the CIO Council Committee on Capital Planning and IT Investment held an off-site day-and-a-half "First Practices Forum" to identify and discuss efforts by various Federal agencies to meet the requirements of the Clinger-Cohen Act, also known as the Information Technology Management Reform Act of 1996. The session agenda is provided in Appendix A.

Representatives of 26 agencies attended, including GAO and OMB in their role of overseeing implementation. The agencies described current "first practices," cited issues they are facing, and discussed lessons learned to date. The agencies in attendance are listed in Appendix B. Those in attendance ranged from agency Chief Information Officers and Deputy CIOs to managers involved in creating investment control processes, mainly at the Department level at larger agencies.

The level of participation demonstrated the intense interest within the CIO community in applying best practices of investment management within their organizations. The participants commented openly and frankly, and exchanged valuable information during the working session. Participants came away with a better understanding of the vision and grand design for investment control--as well as ideas for specific steps they could take within their agencies.

The central agencies (OMB, GAO, and GSA) are continuing to develop and issue guidance to agencies on how to meet the requirements of the Clinger-Cohen Act. Exhibit 1 on the next page lists seven major sources, including short names used elsewhere in this report.

This report also includes three exhibits which summarize key elements of the guidance issued to date. The exhibits were extracted from OMB Memorandum 97-02, commonly referred to as the Raines Rules (Exhibit 2), an evaluation "cube" from GAO’s Assessing Risks and Returns (Exhibit 3), and the "balanced scorecard" from GSA’s draft Eight Steps (Exhibit 4).

The practices described in the following sections must evolve as more and more agencies actually implement repeatable, efficient, and complete methods for IT investment management. For that reason, each ‘First Practice’ description also includes a brief roadmap of the challenges, hurdles, and incentives that they must deal with to progress from those first practices to full ‘Best Practices’.

Sources of Guidance, Including Short Title used in this Report

1. OMB/GAO Practical Guide. OMB Office of Information and Regulatory Affairs and GAO Information Policy and Technology Branch, "Evaluating Information Technology Investments: A Practical Guide," November, 1995 (15pp.)

2. OMB Fixed Assets. Executive Office of the President, Office of Management and Budget, "Circular A-11 Part 3: Planning, Budgeting, and Acquisition of Fixed Assets," July, 1996 (17pp.)

3. Raines Rules. Franklin D. Raines, "Funding Information Systems Investments," Memorandum for Heads of Executive Departments and Agencies, October 25, 1996 (3pp.)

4. The Act. Information Technology Management Reform Act of 1996 (40 U.S.C. 1401 et seq.), recently renamed via the 1997 Omnibus Consolidated Appropriations Act, Pub. L. 104-208, as the Clinger-Cohen Act of 1996.

5. GSA Eight Steps. General Services Administration, Office of Policy, Planning, and Evaluation, "Performance-Based Management: Eight Steps to Develop and Use Information Technology Performance Measures Effectively," December, 1996 (106pp.).

6. OMB Capital Programming Guide. Office of Management and Budget, "Capital Programming Guide: 12.10.96 Draft," transmitted by memorandum from John Koskinen and G. Edward DeSeve, December 17, 1996 (79pp.)

7. GAO Assessing Risks and Returns. U.S. General Accounting Office, Accounting and Information Management Division, "Assessing Risks and Returns: A Guide for Evaluating Federal Agencies’ IT Investment Decision-Making," Draft January 10, 1997 (97pp.).

Exhibit 1. Sources of Guidance

Raines’ Rules

Policy

Investments in major information systems proposed for funding in the President's budget should:

1. Support Mission —support core/priority mission functions that need to be performed by the Federal government;
2. No Alternative Source—be undertaken by the requesting agency because no alternative private sector or governmental source can efficiently support the function;
3. Work Process Reengineering—support work processes that have been simplified or otherwise redesigned to reduce costs, improve effectiveness, and make maximum use of commercial, off-the-shelf technology;
4. Business Case Analysis—demonstrate a projected return on the investment that is clearly equal to or better than alternative uses of available public resources. Return may include: improved mission performance in accordance with GPRA measures; reduced cost; increased quality, speed, or flexibility; and increased customer and employee satisfaction. Return should be adjusted for such risk factors as the project's technical complexity, the agency's management capacity, the likelihood of cost overruns, and the consequences of under- or non--performance.
5. Consistent with IT Architectures—be consistent with Federal, agency, and bureau information architectures which: integrate agency work processes and information flows with technology to achieve the agency's strategic goals; reflect the agency's technology vision and year 2000 compliance plan; and specify standards that enable information exchange and resource sharing, while retaining flexibility in the choice of suppliers and in the design of local work processes;
6. Reduce Risk—reduce risk by: avoiding or isolating custom-designed components to minimize the potential adverse consequences on the overall project; using fully tested pilots, simulations, or prototype implementations before going to production; establishing clear measures and accountability for project progress; and, securing substantial involvement and buy-in throughout the project from the program officials who will use the system;
7. Modular Contracting—be implemented in phased, successive chunks as narrow in scope and brief in duration as practicable, each of which solves a specific part of an overall mission problem and delivers a measurable net benefit independent of future chunks; and,
8. Risk Sharing—employ an acquisition strategy that appropriately allocates risk between government and contractor, effectively uses competition, ties contract payments to accomplishments, and takes maximum advantage of commercial technology.

United States Office of Management and Budget Memorandum 97-02,"Funding Information Systems Investments," October 25, 1996

Exhibit 2. Raines’ Rules from OMB Memorandum of October, 1996

The IT Investment Management Process

Exhibit 3. Investment evaluation "cube" from GAO’s Assessing Risks and Returns.

Exhibit 4. Balanced Scorecard, from GSA’s Eight Steps.

II. FIRST PRACTICES

The attendees cited a number of specific first practices, both in the discussion held and in response to a survey questionnaire circulated at the end of the session. We analyzed the citations to ensure that they reflected practices (as opposed to plans, issues, or observations) and grouped them into the following categories:

1.   Secure Senior Management Commitment and Participation.
2.   Establish an Executive-Level Investment Review Board.
3.   Select the Right Investments (Using Established Criteria).
4.   Determine Costs of Present Systems.
5.   Address Costs, Benefits, and Risks of Planned Investments.
6.   Provide Staff Analysis to the Investment Review Board that Informs Decision Making.
7.   Make Decisions when Needed.
8.   Control Initiatives Throughout the Life Cycle.
9.   Evaluate Results for Lessons Learned.

Many of the first practices came from the Pilot agencies (see Section III). Those agencies are part of the Capital Planning Pilot project sponsored by the Capital Planning and IT Investment Committee of the CIO Council. The Pilots are being implemented throughout FY 1997, so that each of the agencies can use the results as input to the Fiscal Year 1999 budget cycle. Additional observations came from the other attending agencies, which are also working on developing and issuing guidance. CIOs throughout the Government will be coordinating their agencies’ capital budget for IT expenditures under the legislation in conjunction with their agency budget formulation and execution cycles.

1. SECURE SENIOR MANAGEMENT INVOLVEMENT AND PARTICIPATION

The joint OMB/GAO Practical Guide calls senior management attention "Critical Attribute #1." Similarly, the Act says "the head of each executive agency shall design and implement in the executive agency a process for maximizing the value and assessing and managing the risks of the information technology acquisitions of the executive agency" §5122(a). And the CIO "shall be responsible for...providing advice to the head of the executive agency" §5125(b)(1).

FIRST PRACTICES

• Recognize the need for top management involvement. The participants all agreed that the highest management levels must participate. They varied in the mechanism for achieving it, some underscoring the value of senior management responsibility for investment control, and others creating IT leadership and IT investment groups with the participation of upper management.
  
  
• Use the budget process as a driver. Some agencies are using the established budget process as a link among the agency head, Chief Financial Officer, CIO, and program leadership. All agencies also recognize, of course, that IT capital planning must have a close link with the budget process.
  
  
• Involve top management in the IT Strategic Planning Board. Many agencies had already formed executive-level boards to manage information technology. At some agencies, the agency head or deputy chaired that group, which was charged with setting overall agency strategy for information resources and determining investment priorities.
  
  
• Form a Business Planning Council. Several participants reported success with having the agency head or deputy participate on an overall investment review board combining IT with decisions regarding other long-lived assets.
  
  
• Consider establishing Working Capital Funds. Some agencies use an existing structure for management of a consolidated enterprise fund as a means for involving senior management in high-level decision making.
  
  

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

Most agencies were still thinking through relationships among the CIO, the CFO, and the agency head. Common to the approaches were selecting the methods that would work inside agency culture to make sure that the highest levels are involved at critical points in the investment processes. Most believe that OMB interest in capital planning and its link to capital budgeting will soon provide another incentive for senior management to participate.

2. ESTABLISH AN EXECUTIVE-LEVEL INVESTMENT REVIEW BOARD

GAO’s Assessing Risks and Returns emphasizes the need for investment control processes that are repeatable, that is, that can recur in different budget cycles, have clear decision criteria, and document the results. Step 2 of GSA’s Eight Steps suggests formation of an Investment Review Board (IRB) as a means of combining the business domain with the technology domain to obtain consensus among the major stakeholders that IT projects in fact support agency goals and objectives.

FIRST PRACTICES

• Build on existing structures. Over half reported having an Investment Review Board already in place. One reported that they have a long-standing process, and they modified it and created a new mechanism for IT investments.

• Consider the need for multiple boards. Some agencies reported success with having both a high level business-oriented board and an IT or technical level board.

• Consider bureaus at decentralized agencies. Highly decentralized agencies are finding a need for bureau-level investment review in addition to department-level review. Not all reported that their process will require creation of a formal review board at each bureau, however.

• Centralized agencies use different approaches. Participants with central IT funding found obvious value in taking all IT funding to a review board at one time.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

The participants concluded that a "one size fits all" approach would not work. Many decentralized agencies, faced with projects financed via justifications created in the bureaus, are considering subsidiary Investment Review Boards. Those agencies face barriers as diverse as creating reporting relationships and even paper flow management. Some agencies reported challenges in shifting their boards from creation to constructive action.

3. SELECT THE RIGHT INVESTMENTS (USING ESTABLISHED CRITERIA)

OMB’s Practical Guide introduced the notion of a cyclical investment process consisting of three phases: selection, control, and evaluation. The purpose of the first phase is to "create a portfolio of IT project investments that maximizes mission performance, using a standard set of criteria for consistent comparison of projects."

OMB’s Part III to Circular A-11 (Fixed Assets) requires reporting on major acquisitions, "those requiring special management attention because of their importance to the agency mission; high development, operating, or maintenance costs; high risk; high return; or their significant role in the administration of agency programs, finances, property, or other resources."

FIRST PRACTICES

• Define thresholds for investment planning and control. Most agencies reported considering explicit threshold criteria, but for differing reasons. Cited criteria included dollar values (annual budget amount and life cycle cost are in use), percent of the agency IT budget, and qualitative criteria (such as mission critical). One agency used the GAO guideline of one percent or more of annual expenditures, along with qualitative criteria.

• Include agency infrastructure in investment portfolio. Several agencies reported explicitly recognizing infrastructure as a major investment category. Also, some agencies reported that infrastructure investment opportunities would be reviewed separately from information systems investments.

• Develop a method for selecting investments. Several attendees reported they plan to employ a top-down selection process. That is, agency management or the IRB will direct managers to submit proposals for investments needed to meet strategic plan objectives, implement target architectures, or integrate systems across programs. Another pilot agency intends to use Business Case Analyses, in the format of the investment portfolio, to resolve which of several options should be proposed for investment. Another agency intends to use the benefit and risk categories outlined in the Capital Programming Guide for ranking and analysis.

• Evaluate investments for support of goals. Agencies reported that they were solving varying problems with their IT investments. Among the strategic or mission goals for those investments were migration to open systems architectures, interoperability among bureau-level organizations (or across agencies), and R&D data processing.

• Institutionalize the "Raines Rules". One agency reported that it plans to make the Raines Rules (see Exhibit 2) a major part of the investment analysis process at the agency level. The attendees reported unanimously that they intend to do this, but many had not determined how. One cited approach is to include them in the guidance to managers proposing investments. One agency intends to combine the Raines Rules, which address mission benefit, architecture, and risk, into its portfolio data

• Make clear and useful recommendations to the agency head. One agency has defined a process to advise the agency head. Decisions and recommendations are made by an investment board, and then the CIO takes the information to the agency head for final decision. One agency plans to provide information to management using succinct summaries of the business case analysis. Another agency summarizes mission, cost, risk , and benefit into a 10-page summary for its Investment Review Board. Other agencies reported plans to provide varying levels of detail and quantitative rigor in the underlying analysis, depending on the magnitude of the investment.

• Develop an effective portfolio document. A number of the attendees reported that their agencies already have an investment portfolio, although it is often for non-IT investments. (This was generally the same group that had capital planning procedures in place for non-IT investments.) Agencies reported varying degrees of comprehensiveness of their portfolios. One agency found that sorting the investment portfolio once by benefit, then again by risk, led to additional helpful information for decision makers.

• Evaluate proposed investments for compliance with architectures. A few agencies reported considering how to do this. One agency reported using compliance with architectures as an evaluation factor, rather than a selection criterion. If the proposed investment is not consistent with planned architectures, it will not rank highly. Other agencies are considering evaluating architectural compliance on a pass/fail basis.

• Promote potential investments that are needed to achieve architectural objectives. One agency reported that its investment board has determined that infrastructure is mission critical, and therefore ranks high on the investment priorities list.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

Major challenges remaining include institutionalizing "threshold" factors for selecting investments for review, plus possibly a simplified process for reviews of investments falling below the threshold. Similarly, most agencies expect to choose investments for review (such as infrastructure) that include more than information systems narrowly defined.

4. DETERMINE COST OF PRESENT SYSTEMS

The Act requires an executive agency’s IT process to "be integrated with the processes for making budget, financial, and program management decisions within the executive agency," §5122(b)(2). OMB, through the Raines Rules, will enforce its direction regarding investments in major IT systems "through the budget process."

FIRST PRACTICES

• Determine the cost of currently operational systems. No agencies reported having fully satisfactory data on current system costs. In fact, none record such costs consistently, at useful levels, in their systems of record. Several agencies reported that they were trying to determine the cost of current systems more accurately. One agency reported that it is dealing with the challenge of identifying hidden costs. That agency is attempting to reconcile cost data from various IT budget, agency budget, and accounting systems to detect patterns of discrepancies in reporting. Another agency reported being able to determine some costs accurately. The agency then extrapolates to an estimated total cost. Agencies which centrally fund IT costs reported less difficulty in identifying costs.

• Address the full life-cycle cost of proposed investments. Several agencies have plans to address full costing issues. Issues include the need to provide managers with incentives to do full life-cycle costing, although full costing may take several years to achieve.

• Combine benefits of existing reporting. Several agencies reported using the costs tracked for reporting under Circular A-11, Exhibit 43 (Summary Report of Obligations for Information Technology) of the budget submission as the primary initial input to their Investment Control cycle.

• Establish a consistent basis. Most participants use the cost categories required for reporting under Exhibit 43 or Exhibit 300 (Fixed Assets) as the basis for Investment Control analysis. Included, particularly, were Federal salary costs as well as mainframe timesharing and telecommunications.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

Most agencies are grappling with capturing costs accurately and usefully from budgeting and accounting systems of record. Also, participants are aware of reporting requirements for IT that fall outside other required reports (e.g., total life cycle costs and planned obligations beyond the 3-year horizon for most agency budget processes). And all participants looked forward to OMB’s planned re-write of the IT cost reporting section 43 of Circular A-11, starting spring 1997.

5. ADDRESS COSTS, BENEFITS AND RISKS OF PLANNED INVESTMENTS

The Act requires that the agency head make informed investment decisions that include the projected costs, benefits, and risks of the investment. The analysis should not be restricted to the technical merits of the proposed investment, but should consider the contribution to mission performance. The fourth Raines Rule calls for investments that demonstrate a return "clearly equal to or better than alternative uses of available public resources," balancing return with risk factors. The Act requires "minimum criteria to be applied...including criteria related to the quantitatively expressed projected net, risk-adjusted return on investment and specific quantitative and qualitative criteria for comparing and prioritizing alternative information systems investment projects," §5122(b)(3).

FIRST PRACTICES

• Include all relevant costs. Agencies reported planning to consider mainframe time sharing, personnel, and training costs. One agency will categorize costs as direct, indirect, and on-going. That agency also distinguishes between maintenance and operations, on the one hand, and perfective maintenance and development, on the other.

• Choose an organizational model for review. Participants identified success with different organizational models for conducting portfolio review. One agency reported using an analysis team that presents its results to the investment board. Another agency reported that the owners of a proposed system do the initial analysis, then a cross-functional team does additional analysis of the proposal. The results are then taken to the CIO and the investment board. One agency used to have a technical group evaluate investments, which lead to an adversarial process. More recently, that agency formed a peer group with representatives from all programs. This process supports building consensus on IT investment priorities and reduces conflict. The recommendation then goes from the IRM peer group with rankings and rationale to the IRM board (headed by the CIO), where it is presented for a "sanity check." It is critically reviewed and passed on to the budget review process.

• Tie the cost analysis to the agency budget process. Several agencies reported plans to tie cost analysis to the Budget. One agency reported plans to coordinate IT investment processes with Exhibits 43 and 300 of the budget submission. That agency also plans to integrate data calls to match the budget cycle. In addition, several agencies reported that they plan to complete all cost analysis on the basis of a five year planning horizon (as required for Exhibit 300). These efforts will require that the agencies work closely with their CFOs. Finally, several agencies said they plan to work towards multi-year budgeting for investments.

• Manage risk continuously. Some agencies are considering conditional approval of projects, pending management attention to mitigation of risk. Such projects would be candidates for off-budget-cycle evaluation.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

Each agency will need to choose the organizational model for review that best fits its operations. The group reported success with adversarial, collaborative, and analytical approaches. Most agencies are wrestling with how to present useful, explicit information on investment return to decision makers. They are in the process of institutionalizing the concepts of Return on Investment, Cost Effectiveness, Cost Avoidance, and so on. All agencies intend to include costs, risks, and benefits in the investment analysis.

6. PROVIDE STAFF ANALYSIS THAT INFORMS DECISION MAKING

The OMB Capital Programming Guide includes a step, "Managing Capital Assets as a Portfolio," that allows a senior management investment review board to rank and evaluate projects. The intent is to consider the tradeoffs between "funding the operational expenses for an existing asset...and the acquisition of a new one." GSA’s Eight Steps introduces the "Balanced Scorecard" and tools from Information Economics to allow explicit rankings employing project scoring combining business and technology questions.

FIRST PRACTICES

• Make the business case. Most agencies agreed that the primary avenue for informing decision makers is through presenting the functional, or business, case to management. This approach is opposed to what is sometimes seen as a purely technical approach to IT decisions.

• Address cost, risk, and benefits. The agencies agreed that cost, risk, and benefit should be included in the analysis of alternative investments. Where possible, the analysis should be stated in fiscal terms, although other considerations, such as mission criticality, should be weighed in final decisions.

• Be brief. Agencies with existing Review Boards found that summaries of around 10 pages (supported by as much additional detail and analysis as warranted) led to a useful package for their senior management.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

Few agencies have been through a full investment review cycle. Therefore, even though they will have created repeatable processes complying with the requirements of the Act, they expect that the efficiency of their processes will evolve greatly with experience. Efficiency considerations include levels of detail appropriate for analysis as well as for communication of results to decision makers.

7. MAKE DECISIONS WHEN NEEDED

The OMB/GAO Practical Guide and the Capital Programming Guide discuss the outcome of a scoring and ranking process for IT investments. Both documents anticipate that three groups will emerge: "likely winners," with high return and low risk; "likely drop-outs," with high risk and low return; and projects that "warrant a closer look."

FIRST PRACTICES

• Be prepared to stop a project when necessary. All agencies recognized that the principal enforcement tool for IT investment control is the power of the Chief Information Officer to stop work on a project because it cannot demonstrate continuing acceptable costs, benefits, and risks. This action can be a "time-out" to develop corrective action. Or it can force cancellation of the project.

• Be prepared, also, to help. During the discussion, agencies explored the potential benefits of using the investment review and control process to detect inadequacies in certain investment proposals and provide opportunities for improving plans and reducing risks. Early warning can lead to correction of deficiencies even if a project is allowed to continue.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES
All agencies recognize that advising the agency head to deny or delay funding for a project (or to stop work on existing ones) is a difficult but perhaps necessary step. They also acknowledge that most agencies, since they are still creating processes, have yet to step up to those decisions. Further examples, sampled after the first budget cycle, will prove useful.

8. CONTROL INITIATIVES THROUGHOUT THE LIFE CYCLE

The second phase of the investment process in the OMB/GAO Practical Guide is control: "measure ongoing IT projects against their projected costs, schedule, and benefits and take action to continue, modify, or cancel them." The GAO Assessing Risks and Returns refers to a frequently cited model, "Some organizations use a traffic-light method to help make project decisions. Projects are given red, yellow, or green lights depending on how the project rated against performance measures."

FIRST PRACTICES

• Use the portfolio to manage costs and oversee implementation. One agency reported that it has procedures to manage costs and oversee execution.

• Control investments, independent of the selection process. Several agencies reported having control procedures in draft. All remaining attendees reported plans to develop procedures soon. One agency stated that it believes the key to control is the ability to map the system design back to business requirements. Another agency has a conceptual plan to set up a working group for each project with a risk level deemed to require control. The group will be led by sponsor and include at least one member from the investment board, IRM, and senior management from the customer.

• Ensure that problems are surfaced and discussed when they occur. The participants agreed that they hope to make decisions more promptly, when problems first occur, rather than delaying decisions until the budget cycle or until a GAO review occurs.

• Monitor results or outcomes. Defense agencies reported that they have had a longstanding process, the Major Automated Information Systems Review Council (MAISRC) that ensures management and technical review of large projects at major life cycle milestones. This may offer a model that can be adapted for use by other agencies.

• Manage high risk projects. About half of agencies reported that they expect to distinguish between high and low risk projects. One agency reported managing risk in part by not being the first to use new technology.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES
The selection phase, leading to advice to the agency head during the budget process, must be established by the summer of this year, 1997. The control and evaluation phases may be put in place somewhat later. We expect to see additional first practices then.

9. EVALUATE RESULTS FOR LESSONS LEARNED

The third phase of the investment process in the OMB/GAO Practical Guide is evaluation: 1) determine the actual return on investment of an implemented investment against the agency’s mission and 2) adapt the existing process to reflect "lessons learned." The GAO Assessing Risks and Returns advises closing the loop through conducting a Post-Implementation Review using a group other than the project development team.

FIRST PRACTICES

• Tie proposed investments to program initiatives. Agencies intend to evaluate "systems" (also called process-dependent work) against original and now-current requirements.

• Develop an explicit relationship to the GPRA Performance Plan and report. One agency reported that it has developed high-level performance measures for four program areas. At budget passback, the agency will ask its components for a report on achievement of performance goals. Attendees reported that they expect IT systems to get two levels of evaluation, one at the IT level, and one at the GPRA (total agency) level.

• When measuring performance, key your eye on the prize. Agencies plan to focus on key questions. Does a system deliver what its proponents said it would deliver? Is the system as delivered still consistent with business strategy? Criteria to be applied include actual versus expected results and overall schedule adherence.

MOVING FROM ‘FIRST’ TO ‘BEST’ PRACTICES

No agency reported that it has a way to measure the business impact of infrastructure or of IT that supports multiple program areas. Most report having operational measures for Local Area Networks or data centers, but face a continuing challenge to measure the business impact of these process-independent IT investments.

III. PILOT PROJECTS

Department of Housing and Urban Development
Presented by: David Cristy and Dale Scott

The focus of HUD’s pilot project was how to use Information Systems Planning information for the IT budget. HUD established a Technology Investment Board (TIB). The TIB is composed of senior management, and is chaired by the CIO. HUD also had an existing senior executive board consisting of deputy secretaries, the CIO, and the CFO.

HUD also developed a rigorous investment analysis scoring system, based on the "balanced scorecard" concept. The mechanism involves ranking proposed investments during creation of the Operating Plan by quantifying benefits, costs, and risks. HUD considers this a surrogate for good Economic Analysis. The chart used to score projects is structured by Infrastructure (servers, communications, desktop systems) and systems engineering. There is a further breakdown by type of effort: planning, corrective and adaptive maintenance, and perfective maintenance and new development.

A TIB staff team of analysts does the preliminary scoring and presents the results to the TIB. HUD would prefer that the TIB itself do scoring, but finds that not feasible.

HUD management recognizes that scores and not everything. Allowances are made for the fact that some decisions have to consider non-quantifiable and other factors.

Department of State
Presented by: Gary Gallaway and Kay Monte-White

State has a central IRM Fund, with the purpose of Departmental IRM modernization.

The Department has established an IRM Program Board to oversee fund investment. The Board consists of 12 senior officials, including the CIO, CFO, the Executive Secretary, and several Assistant Secretaries. In addition, they have established a Major IRM Program Board for investment oversight of programs whose lifecycle costs exceed $30 million or have mission-critical importance. The Major IRM Program Board is chaired by the Undersecretary of State for Management.

State uses a formalized Joint Planning Process based on previously existing process, attempting to justify investments using a "Diplomatic Readiness" concept.

Environmental Protection Agency
Presented by: Mark Day and John Adams

EPA has a designated Chief Information Officer in a separate office from the Chief Financial Officer. Most IT funding is located in separate program offices, although the agency recently created a Working Capital Fund for central funding of infrastructure costs.

The agency has an existing Executive Steering Committee for Information Resources Management, which created the IRM Strategic Plan. A new subcommittee of the ESC for IT Investment Review consisting of senior CIO, CFO, and program participants, will create the process for complying with The Act.

EPA’s conceptual process will consist of answering OMB’s three "Pesky Questions" (i.e., the Raines Rules), bring investments together for analysis in a portfolio, use the ESC to recommend go - no go decisions, and allow the CIO to advise the agency’s budget process.

Additionally, EPA intends to demonstrate Business Case Analysis, as an additional use of portfolio review, to select among competing alternatives in advance of creating an investment proposal.

Department of Energy
Presented by: Gary Crowl and Howard Lewis

Energy’s process, keyed to selling the process to top management, builds on existing work in Strategic Information Management, Integrated Project Teams, a Corporate Investment Portfolio, and a Corporate Investment Board.

The CIO participates on the Executive Committee on Information Management, which is chaired by the Deputy Secretary and Assistant Secretaries of major business lines. The portfolio will consist of information systems costing more than $500,000 per year or with a total lifecyle cost of more than $2.5 million. Also included are capital equipment or infrastructure investments greater than $2 million per year ($10 million lifecycle).

A draft DOE Information Technology Investment Guide has been circulated in draft and two investments have gone through the Strategic Information Management Process. Next steps are to develop "Info TIPS," the IT Investment Portfolio System, exercise the process at the corporate level, and establish investment boards at the program or site levels.

Department of Agriculture
Presented by: Marilyn Holland

USDA is a diverse department, consisting of 31 agencies with different missions, as well as multiple appropriations. The goal within the Department is to establish linked Capital Planning and Investment Control processes throughout the Department.

They will employ a high-level committee, the Executive IT Investment Review Board, to select, control, and evaluate investments and to provide for ongoing review of investments. The Board is chaired by the Deputy Secretary (the chief operating officer) and consists of the CIO, CFO, director of budget and policy, and several Under and Assistant Secretaries.

USDA is working on completing an Enterprise Architecture; realigning investments toward Department-wide solutions; and establishing Agency or Mission Area Boards. In process and methodology development, they are working on a information Strategic Plan; project selection; and project control and evaluation.

General Services Administration
Presented by: Joe M. Thompson

The focus of GSA’s pilot project was on the full range of IT Capital Planning, with a special emphasis on the involvement of senior management in the investment process.

GSA has established a Business Technology Council, which is attended by the Administrator and chaired by the Deputy Administrator of GSA. The Council is made up of the CFO, CIO, Chief of Staff, and leadership of GSA’s major business lines and regions. GSA has also established an IT Council, chaired by the Deputy CIO, that meets monthly to discuss the technology issues facing the agency, as well as the technical feasibility of proposed investments.

GSA has issued guidance on Capital Planning to all programs. This guidance includes rigorous criteria for selection based upon GAO’s cost, risk, and benefit paradigm. A scoring method exercised by peer review is used to assess each investment proposal’s likelihood for approval.

The Boards will meet in April 1997 to review IT Investments for the FY 1999 budget cycle. Those selected will be included in the budget process.

Scorecards which track performance, budget, and schedule are reviewed monthly. Systems, by exception, are identified for corrective action, further review, time out, or complete cancellation.

An evaluation review is planned for each system as it is implemented.

U. S. Coast Guard
Presented by: James Shaffer

The focus of the Coast Guard project was to revise the existing IT investment process and to incorporate new GPRA and Clinger-Cohen mandates. The new model is designed to be proactive, to be aligned with the GAO investment model, and to address all IT investments. The Coast Guard has considerable experience in Capital Planning in general and is building on that experience for IT investment planning.

The Coast Guard has had an IT investment process in place since 1993. The process makes use of a cross-programmatic IRM Peer Group made up of IRM and business process experts. This group does the annual evaluation of new and existing IT initiatives and establishes recommended funding levels. Inputs into the evaluation process include: Strategic IRM plans developed for each major business area, business plans, the Coast Guard IT Architecture, and the Coast Guard IRM Self Assessment based on the GAO Best Practices. The evaluations use a set of five criteria: Risk, Mission Effectiveness, Strategic Alignment, Organizational Impact and Benefit-Cost. A prioritized list of IT investments is then presented for final approval to the IRM Board made up of the Coast Guard CIO and senior managers representing all business areas. Final CIO recommendations are then forwarded for inclusion in the Coast Guard budget.

The new model addresses all IT portfolio investments and is tied directly to key budget-cycle decision points. The CIO and the IRM Board, using the Coast Guard's IT Strategy, will direct IT investments to meet the highest priority needs and will address investments at all stages of the IT Life Cycle, including Research and Development projects, new enterprise IT initiatives, ongoing projects, and operations and maintenance.

Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Energy
Department of Health and Human Services
Department of Housing and Urban Development
Department of Justice
Department of Labor
Department of State
Department of the Army
Department of Transportation
Department of Veterans Affairs
Environmental Protection Agency
Federal Emergency Management Agency
General Accounting Office
General Services Administration
GSA - Office of Governmentwide Policy
NASA
National Archives and Records Administration
OMB - Office of Federal Procurement Policy
Small Business Administration
Social Security Administration
Treasury Department
U.S. Coast Guard
U.S. Agency for International Development
U.S. Nuclear Regulatory Commission

Home | Search | Index | Map | Comments | Disclaimers | Privacy

Page last updated: 05/09/2000