Federal IT Capital Planning and Investment Control
()
About this ebook
Federal IT Capital Planning and Investment Control is the first book to provide a comprehensive look at the IT capital planning and investment control (CPIC) process. Written from a practitioner's perspective, this book covers a range of topics designed to provide both strategic and operational perspectives on IT CPIC. From planning to evaluation, this valuable resource helps managers and analysts at all levels realize the full benefits of the CPIC process.
•Explore the full range of IT investment principles and practices
•Learn CPIC project management techniques including earned-value management, integrated baseline review, cost-benefit analysis, and risk-adjusted cost and schedule estimates
•Identify strategies to improve how your organization manages its IT portfolio and selects, controls, and evaluates investments
•Discover how to leverage scarce IT resources and align investments with program priorities
•Benefit from the in-depth coverage—excellent for the experienced as well as those new to the CPIC process
Thomas G. Kessler DBA, CISA
Thomas G. Kessler, DBA., CISA, has over 30 years of experience as a manager, strategic planner, and information systems specialist. He was a consultant to more than 30 federal agencies from 1996 to 2006. Prior to establishing his own consultancy, Dr. Kessler worked for the Board of Governors of the Federal Reserve System, Westinghouse Electric Corporation, and the Maryland State Judiciary. Dr. Kessler is co-author of The Business of Government: Strategy, Implementation, and Results, with Patricia A. Kelley. He is a frequent speaker at professional conferences.
Related to Federal IT Capital Planning and Investment Control
Related ebooks
Achieving Excellence Optimizing IT Department KPIs for Success Rating: 0 out of 5 stars0 ratingsInformation Governance: Concepts, Strategies, and Best Practices Rating: 4 out of 5 stars4/5M&A Information Technology Best Practices Rating: 0 out of 5 stars0 ratingsGovernance of IT: An executive guide to ISO/IEC 38500 Rating: 0 out of 5 stars0 ratingsPerformance-Based Project Management: Increasing the Probablility of Project Success Rating: 0 out of 5 stars0 ratingsThe Business Analyst as Strategist: Translating Business Strategies into Valuable Solutions Rating: 0 out of 5 stars0 ratingsIT Maintenance: Applied Project Management Rating: 0 out of 5 stars0 ratingsCIO Best Practices: Enabling Strategic Value With Information Technology Rating: 4 out of 5 stars4/5Analytics and Big Data for Accountants Rating: 0 out of 5 stars0 ratingsBusiness Analysis : Learn in 24 Hours Rating: 0 out of 5 stars0 ratingsIT Governance to Drive High Performance: Lessons from Accenture Rating: 0 out of 5 stars0 ratingsOrganization Development: Developing the Processes and Resources for High-Tech Businesses Rating: 0 out of 5 stars0 ratingsManaging Electronic Records: Methods, Best Practices, and Technologies Rating: 2 out of 5 stars2/5Auditing Information Systems and Controls: The Only Thing Worse Than No Control Is the Illusion of Control Rating: 0 out of 5 stars0 ratingsAuditing Information Systems: Enhancing Performance of the Enterprise Rating: 0 out of 5 stars0 ratingsAuditing with the Computer Rating: 0 out of 5 stars0 ratingsBusiness Analytics: Leveraging Data for Insights and Competitive Advantage Rating: 0 out of 5 stars0 ratingsStrategy Mapping: An Interventionist Examination of a Homebuilder's Performance Measurement and Incentive Systems Rating: 0 out of 5 stars0 ratingsA Government Librarian’s Guide to Information Governance and Data Privacy Rating: 0 out of 5 stars0 ratingsGuide to Business Data Analytics Rating: 5 out of 5 stars5/5Staying the Course as a CIO: How to Overcome the Trials and Challenges of IT Leadership Rating: 0 out of 5 stars0 ratingsSarbanes-Oxley IT Compliance Using Open Source Tools Rating: 4 out of 5 stars4/5Business Intelligence Guidebook: From Data Integration to Analytics Rating: 4 out of 5 stars4/5Business Intelligence: The Savvy Manager's Guide Rating: 4 out of 5 stars4/5Data Quality: Empowering Businesses with Analytics and AI Rating: 0 out of 5 stars0 ratingsThe Government Manager's Guide to Earned Value Management Rating: 0 out of 5 stars0 ratingsIT Audit, Control, and Security Rating: 0 out of 5 stars0 ratingsPredictive Analytics for Human Resources Rating: 5 out of 5 stars5/5Enterprise Business Intelligence and Data Warehousing: Program Management Essentials Rating: 4 out of 5 stars4/5
Industries For You
Uncanny Valley: A Memoir Rating: 4 out of 5 stars4/5Weird Things Customers Say in Bookstores Rating: 5 out of 5 stars5/5All the Beauty in the World: The Metropolitan Museum of Art and Me Rating: 4 out of 5 stars4/5INSPIRED: How to Create Tech Products Customers Love Rating: 5 out of 5 stars5/5YouTube Secrets: The Ultimate Guide to Growing Your Following and Making Money as a Video I Rating: 5 out of 5 stars5/5Becoming Trader Joe: How I Did Business My Way and Still Beat the Big Guys Rating: 5 out of 5 stars5/5Hoax: Donald Trump, Fox News, and the Dangerous Distortion of Truth Rating: 3 out of 5 stars3/5The Best Story Wins: How to Leverage Hollywood Storytelling in Business & Beyond Rating: 5 out of 5 stars5/5Grocery: The Buying and Selling of Food in America Rating: 4 out of 5 stars4/5Excellence Wins: A No-Nonsense Guide to Becoming the Best in a World of Compromise Rating: 5 out of 5 stars5/5The Market Gardener: A Successful Grower's Handbook for Small-Scale Organic Farming Rating: 4 out of 5 stars4/5Bottle of Lies: The Inside Story of the Generic Drug Boom Rating: 4 out of 5 stars4/5Sweet Success: A Simple Recipe to Turn your Passion into Profit Rating: 5 out of 5 stars5/5Disney's Land: Walt Disney and the Invention of the Amusement Park That Changed the World Rating: 4 out of 5 stars4/5The Best American Food Writing 2018 Rating: 4 out of 5 stars4/5Energy: A Beginner's Guide Rating: 4 out of 5 stars4/5YouTube 101: The Ultimate Guide to Start a Successful YouTube channel Rating: 5 out of 5 stars5/5Bad Pharma: How Drug Companies Mislead Doctors and Harm Patients Rating: 4 out of 5 stars4/5How We Do Harm: A Doctor Breaks Ranks About Being Sick in America Rating: 4 out of 5 stars4/5The Reckoning Rating: 4 out of 5 stars4/5The Art and Making of the Dark Knight Trilogy Rating: 5 out of 5 stars5/5Setting the Table: The Transforming Power of Hospitality in Business Rating: 5 out of 5 stars5/5Summary of Salt Sugar Fat: by Michael Moss | Includes Analysis Rating: 0 out of 5 stars0 ratings
Reviews for Federal IT Capital Planning and Investment Control
0 ratings0 reviews
Book preview
Federal IT Capital Planning and Investment Control - Thomas G. Kessler DBA, CISA
FEDERAL IT CAPITAL PLANNING AND INVESTMENT CONTROL
FEDERAL IT CAPITAL PLANNING AND INVESTMENT CONTROL
Thomas G. Kessler
Patricia A. Kelley
8230 Leesburg Pike, Suite 800
Vienna, VA 22182
703.790.9595
Fax: 703.790.1371
www.managementconcepts.com
© 2008 by Management Concepts, Inc.
All rights reserved. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by an information retrieval system, without permission in writing from the publisher, except for brief quotations in review articles.
Printed in the United States of America
Library of Congress Cataloging-in-Publication Data
Kessler, Thomas G., 1953-
Federal IT capital planning and investment control / Thomas G. Kessler and Patricia A. Kelley.
p. cm.
ISBN 978-1-56726-222-3
1. Administrative agencies—Information technology--United States—Management. 2. Information technology—United States—Finance. 3. Administrative agencies—Information resources management—United States. I. Kelley, Patricia, 1960– II. Title.
JK468.A8K47 2008
352.3’802854678—dc22
2007045013
10 9 8 7 6 5 4 3 2 1
About the Authors
Thomas G. Kessler, DBA, CISA, has over 30 years of experience as a manager, strategic planner, and information systems specialist. He was a consultant to more than 30 federal agencies from 1996 to 2006. Prior to establishing his own consultancy, Dr. Kessler worked for the Board of Governors of the Federal Reserve System, Westinghouse Electric Corporation, and the Maryland State Judiciary. He is a doctor of business administration, master of business administration, and certified information systems auditor. Dr. Kessler is co-author of The Business of Government: Strategy, Implementation, and Results, with Patricia A. Kelley. He is a frequent speaker at professional conferences. Dr. Kessler can be contacted at Tom.Kessler@yahoo.com
Patricia A. Kelley, DPA, CISA, has over 25 years of strategic planning, program evaluation, and operational management experience. She has provided management consulting support to more than 30 federal agencies including the Department of Labor, the National Institutes of Health, the Federal Railroad Administration, the Court Services and Offender Supervision Agency, the National Science Foundation, the Federal Communications Commission, and the Small Business Administration. Dr. Kelley has held senior management positions with the Federal Reserve Board and advised Board members on policy issues regarding the efficiency and effectiveness of the Board’s operations. She has also worked extensively with the Federal Reserve Banks on automation and payment system policy matters and acted as the liaison to other federal banking regulators. Previously Dr. Kelley evaluated the effectiveness of various federal programs for the U.S. Government Accountability Office. Dr. Kelley can be contacted at pattycsm@aol.com.
Contents
Preface
Acknowledgments
INTRODUCTION The Legislative Basis for Improved IT Management
Federal CPIC Requirements
The Clinger-Cohen Act
Congressional Intent: Increased Efficiency
Procurement
Empowerment and Responsibilities
Agency Responsibilities
Chief Information Officer Responsibilities
Other Provisions
Implementing Clinger-Cohen: From Law to Regulation
OMB Circular A-130
PART 1 Implementing CPIC and Integrating It with the Budget Process
CHAPTER 1 Overview of Capital Planning and Investment Control
Maximizing Return on Investment
Roles and Responsibilities
Agency Head
Assistant Secretaries
Senior Program Managers
Chief Information Officer
Chief Financial Officer
Chief Acquisition Officer
End-Users/Customers
Agency Sponsor
Investment Champion
Investment Manager
The CPIC Organizational Structure
IT Investment Review Board
CPIC Support Group
Integrated Project Team
Phases of the CPIC Process
Planning Phase
Selection Phase
Control Phase
Evaluation Phase
CPIC Artifacts
Implications of the CPIC Process
CHAPTER 2 CPIC Planning and Selection Phases
CPIC Planning Activities
Updating the Enterprise Architecture and Setting IT Security and Privacy Priorities
Analyzing the IT Portfolio
Updating the IT Capital Plan
Identifying New Investment Opportunities
Preparing Supporting Information to Update IT Business Cases
Collecting In-Use Asset Review Results
Conducting Independent Baseline Reviews
CPIC Selection Activities
Preparing for the CPIC Selection Phase
Analyzing New Investment Opportunities
Selecting Investments for the Agency IT Portfolio
Integrating CPIC and the Agency Budget Process
CPIC as a Forum for IT Policy Issues
CHAPTER 3 CPIC Control and Evaluation Phases
CPIC Control Activities
Earned-Value Management as Control Tool
Preparing for ITIRB Control Reviews
ITIRB Control Reviews
Investment-Level Control Responsibilities
CPIC Evaluation Activities
Operational Analyses and Post-Implementation Reviews
How Control and Evaluation Activities Relate to Planning and Selection Activities
PART II Positioning CPIC as a Global Agency Process
CHAPTER 4 Strategically Positioning CPIC within the Organization
The Importance of CPIC: A Mandate for Stewardship and Strategic Management
Key Elements of an Effective CPIC Process
Implement CPIC and Integrate It with the Budget Process
Change the Agency’s Culture
Create an Inventory
Change the IT Culture
Develop an Architecture
Improve IT Asset Performance
Improve IT Development Performance
Manage Portfolio Performance
Implications
Improving the Existing CPIC Process
CHAPTER 5 Integrating CPIC and Enterprise Architecture
Agency Enterprise Architecture
Integrating CPIC and the Enterprise Architecture
Approaches to Integration
Steps to Achieve Successful Integration
Design the Integration Process
Develop and Enforce EA Review Procedures
Conduct CPIC-EA Integration Training
Implications of the Federal Enterprise Architecture
CHAPTER 6 IT Portfolio Analysis: Evaluation Techniques and Methods
IT Portfolio Analysis Principles
Portfolio Analysis Process and Methodology
Methods for Analyzing the IT Portfolio
Portfolio Analysis Criteria
Cross-Portfolio Redundancy
System-to-System Information Exchange
Technological Compatibility
Alignment with Agency Mission and Goals
Functional Balance
Risk Distribution
Technological Maturity
Alignment with E-Government Initiatives
Other Considerations
Communicating Portfolio Analysis Results
Portfolio Analysis Tools
CHAPTER 7 Operational Analysis and Post-Implementation Reviews
What Is an Operational Analysis?
Which Assets Should Be Reviewed?
Who Should Be on the Operations Review Team?
What Should Be Reviewed?
Performance Assessment
Cost Assessment
Technology Assessment
Security and Privacy Assessment
Other Factors
Future Scans
Conducting an Operational Analysis
Planning
Data Collection
Data Analysis
Reporting
Outcomes of an Operational Analysis
Taking Action
Post-Implementation Reviews
PART III Individual Investments: Maximizing ROI and Minimizing Risk
CHAPTER 8 Communicating with a Business Case
What Is a Business Case and Why Is It Important?
Key Elements of an IT Business Case
Writing an Effective Business Case
Investment Summary and Justification
Investment Spending Plan
Asset Performance Information
Alternatives Analysis
Risk Analysis
Project Performance Information
How the ITIRB Uses Business Case Information
CHAPTER 9 Alternatives Analysis
Identifying and Selecting Alternatives
The Federal Approach to IT Cost-Benefit Analysis
Investment Benefits
Investment Costs
Other Cost-Benefit Considerations
Presenting Alternatives Analysis Results
Periodic Updates to the Alternatives Analysis
CHAPTER 10 Identifying and Mitigating Project Risk
Building Skyscrapers and Software
Reasons for System Development Project Failures
Early Project Risks
Design and Technology Risks
Project Management Risks
Risk Management
Defining Risk
Defining Risk Management
Identifying Risks
Evaluating Risk
Mitigation Strategies
Risk Management throughout the Project Life Cycle
Risk Management as a Paperwork Exercise
Risk Management as a Key Element of Portfolio Management
CHAPTER 11 Using Earned-Value Management to Control Cost and Schedule Variance
What Is Earned-Value Management?
The Relationship between EVM and CPIC
Developing EVM Estimates
EVM Calculations
Other Considerations about EVM
Reviewing and Challenging EVM Estimates and Reports
Considerations in Modifying an EVM Baseline
EVM as a Key CPIC Tool
CHAPTER 12 Conducting an Independent or Integrated Baseline Review
IBR Objectives
Planning and Preparing for the IBR
Identifying IBR Personnel and Resources
Delineating Roles, Responsibilities, and Expectations
Preparing the IBR Project Plan
Training and Preparing the IBR Team
Announcing and Initiating the Review
Conducting Fieldwork
Examining Estimates
Compiling Fieldwork Results
Debriefing the IT Project Team, CPIC-SG, and ITIRB
The IBR Report
Follow-Up Activities
Revising the Baseline
PART IV Realizing the Full Benefits of a CPIC Process
CHAPTER 13 CPIC Special Topics
Information Technology Infrastructure
Scope and Scale
CPIC Implications
Infrastructure and the ITIRB
Infrastructure and Business Cases
Infrastructure, Enterprise Architecture, and Operational Analysis
Infrastructure Innovation
Security and Privacy
Acquisition Management
Incorporating These Key Issues
CHAPTER 14 Measuring, Monitoring, and Evaluating Portfolio Performance
Critical Success Factors
Factor 1: The Right People with the Right Skills and the Right Attitude
Factor 2: Centralized Control over IT Spending
Factor 3: Fully Embracing Investment and Portfolio Management Principles
Factor 4: IT People Who Sell Investments
Factor 5: The Integrity of the CPIC Process
Factor 6: A Strategic Enterprise Perspective
Factor 7: Success Determined through Measurement
Challenge Questions
Conclusion
APPENDIX Legislative and Regulatory Requirements
Chief Financial Officers Act of 1990
OMB Circular A-94
The Government Performance and Results Act of 1993
Government Management Reform Act of 1994
The Paperwork Reduction Act of 1995
Federal Financial Management Improvement Act of 1996
Information Technology Management Reform Act of 1996 (Clinger-Cohen Act)
OMB Memorandum M-97-02, Funding Information Systems Investments
OMB Circular A-130
Glossary
Bibliography
Index
Preface
Government agenciesi have a responsibility to the public to make full use of information technology (IT) as a means to achieve their missions effectively and efficiently. This statement seems self-evident, but the reality is that full use of IT resources is difficult to achieve for many reasons. To begin with, it is not easy to envision the innovative ways that IT can be used to achieve program outcomes, especially when emergent technologies are in their developmental stages. For example, when the personal computer was introduced in the early 1980s, agencies continued to believe that mainframe computing was the best strategy. It took five or more years for most agencies to appreciate the benefits that could be achieved through personal computing and to implement adoption strategies for personal computers, local area networks, word processing, and integrated e-mail systems. Today no one can envision a world without these technologies.
Another barrier to fully using IT is the frequency of changes in senior leadership within an agency, which tends to disrupt the continuity of innovative initiatives. Changes in administration and the political appointment process often lead to dramatic policy shifts, resulting in the initiation of new projects and the termination of projects started under prior administrations. Political turnover is so common in the federal government that many career civil servants adopt a wait and see
attitude toward new initiatives and requirements. As a result, initiatives can take longer or be discontinued before they are implemented.
Another factor is that program leaders often have a bias toward human- and process-centric innovation rather than technological innovation because they have higher comfort levels with and control over the former. It is only in recent years that non-IT managers have gained sufficient confidence and experience with IT to become significantly involved in technology discussions and decisions.
Maximizing return on IT investment requires a comprehensive, agency-wide process that recognizes and treats technology investments as capital assets. Capital planning and investment control (CPIC) is such a process. Implementing a CPIC methodology offers numerous benefits by:
1. Positioning technology as a key business enabler that increases potential for innovative application of technology to the achievement of mission and program objectives
2. Encouraging greater partnership and joint responsibility among program and IT leadership for applying IT resources for their greatest benefit and treating the entire portfolio of IT systems and applications as a critical enterprise asset
3. Changing the mindset from a project orientation to an agency-wide asset orientation, enabling optimal short- and long-term investment decision-making
4. Reducing the risk of IT initiatives
5. Providing visibility into IT asset performance throughout the asset life cycle
The purpose of this book is to guide executive leaders, senior program managers, and IT professionals through the full range of IT investment principles and practices in an effort to convey both an understanding and a methodology for implementing and using CPIC processes. We wrote it from a practitioner’s perspective rather than an academic one. The book targets managers and analysts at all levels and uses examples rather than models to convey concepts. The approaches represent our strategies based on a variety of written and personal influences. Some of the concepts and methodologies in the book may need to be adjusted as they are adapted and, over time, they may be overridden by regulatory changes by the Office of Management and Budget (OMB) or other federal agencies, but we have tried to offer a diverse set of topics that offer something for everyone.
For those who are new to the federal government or CPIC, the contents provide comprehensive coverage. For those who have extensive CPIC experience, the early chapters may simply communicate what they already know, but the later chapters may provide new insight regarding advanced topics.
If there is one single group that we most hope to influence through this book, it is senior agency program managers and policy makers. The Clinger-Cohen Act (formerly known as the Information Technology Management Reform Act of 1996)ii was enacted to get the attention of this group, to require them to become more involved, and to shape their involvement so that approval and funding of IT initiatives would better represent the efficient market forces that are the foundation of the U.S. economy. Their participation, as described in this book, would mimic Adam Smith’s invisible hand,
serving to drive inefficient or poorly performing IT projects out of business.
We hope that senior executives read this book and use it to shape agency culture in a way that benefits both their agencies and U.S. taxpayers.
How to Use This Book
This book provides federal executives, managers, analysts, and other staff members from program, IT, and administrative areas with extensive guidance for understanding, implementing, reviewing, and improving their IT governance processes. The requirements established by OMB following the passage of the Clinger-Cohen Act serve as a framework for guiding the discussion, but the principles set forth are intended to go well beyond mere compliance with those requirements.
IT projects are usually complex and risky. There is a long track record of projects that have not succeeded. This book was written to assist in the process of making positive changes, to inform new IT analysts and managers, and to provide assistance in implementing new and more rigorous reporting, monitoring, and management activities.
The Four Parts of the Book
Part I: Implementing CPIC and Integrating It with the Budget Process
Part II: Positioning CPIC as a Global Agency Process
Part III: Individual Investments: Maximizing ROI and Minimizing Risk
Part IV: Realizing the Full Benefits of a CPIC Process
The 14 chapters cover a range of topics and are designed to provide both strategic and operational perspectives on IT capital planning and investment. Topics are discussed, for the most part, in nontechnical terms so that they appeal to a wide and diverse range of readers. As the chapters unfold, readers will sense the interrelationship and progression of topics. Readers who are new to the CPIC process are encouraged to read the book sequentially, while those with a good grounding can skip to the topics that interest them most.
The book is organized into an introduction and four parts. The introduction provides a description of CPIC and discusses the laws and regulations upon which it is based. Part I (Chapters 1–3) explains CPIC and describes the CPIC planning, selection, control, and evaluation phases. These chapters are most useful to those who are new to the federal CPIC process and those who are looking for ideas about how to improve existing processes.
Chapter 1 provides a thorough overview of the four CPIC phases—planning, selection, control, evaluation—and the roles and responsibilities of the people involved in the CPIC process. Chapter 2 provides a more detailed discussion of the planning and selection phases and provides criteria for assessing new investments. It also discusses how to integrate CPIC with the agency budget and use CPIC as a forum for discussing IT policy issues. Chapter 3 describes the CPIC control and evaluation phases. It reviews the function of an agency’s IT investment review board (ITIRB) and describes the ITIRB’s role in reviewing investment performance for assets that are either in development or already operational. Chapter 3 also introduces the earned-value management methodology and lays out a process for conducting control reviews.
Part II (Chapters 4–7) explains how to position CPIC as a global process within an agency. These chapters are useful to readers looking to improve the strategic use of technology throughout the agency. The chapters focus on the use of IT across an agency, aligning IT with strategic goals, and performance analysis of existing portfolio investments.
Chapter 4 provides the key elements necessary for an effective CPIC process and an audit tool for evaluating it and making improvements. Chapter 5 describes the importance of integrating the CPIC process with the agency’s enterprise architecture. This is an important subject, but one that often does not get sufficient attention from senior management because of perceptions that enterprise architecture is a technical initiative rather than an agency-wide strategic planning tool. The chapter is nontechnical and uses laymen’s terms and practical examples to illustrate why enterprise architecture is integral to an effective CPIC process.
Chapter 6 discusses portfolio analysis and evaluation techniques. It is useful to readers who are still trying to build and refine their IT portfolios and to use them in a meaningful way to make resource allocation decisions. Chapter 7 describes how to conduct operational analyses and post-implementation reviews for in-use investments. It also provides advice and guidance on which assets should be reviewed, how reviews should be conducted, potential outcomes, and actions that should be taken as a result.
Part III (Chapters 8–12) focuses on individual investments. Readers who are developing a business case or managing the development of a new IT asset will find these chapters especially helpful. Chapter 8 provides an overview of the business case: why it is necessary and how it is used, its components, and strategies for effectively writing the various sections. It also includes questions that ITIRB members can use when reviewing a business case and questioning the representatives of an investment team.
Chapter 9 describes an approach for identifying viable alternatives that achieve investment goals and requirements and explains how to develop cost-benefit analyses for each alternative. Chapter 10 provides a sobering view of the high failure rate of IT projects and the need for a strong risk-management strategy. Those who are embarking on a large IT investment will particularly benefit from reading this chapter.
Chapter 11 analyzes the use of the earned-value management (EVM) methodology for measuring cost and schedule variance. Because OMB requires that EVM be used for all major development projects, it is important that both oversight and project personnel understand EVM principles, concepts, and methodology. The chapter describes common EVM terms and calculations, and explains the relationship between EVM and CPIC.
Chapter 12 describes how to conduct an integrated baseline review (IBR). It explains what an IBR is and discusses IBR benefits, how to prepare for it, the team’s roles and responsibilities, evaluation criteria, and approaches for communicating results.
Part IV (Chapters 13 and 14) concludes the book by providing insight into how to realize the full benefits of the CPIC process. The content of Part IV is based on our extensive personal experience and observations. Chapter 13 addresses three special CPIC topics: infrastructure, security and privacy, and acquisition management. These areas deserve special attention because they have a more targeted focus than the overall CPIC process and they therefore present special challenges. Chapter 14, the final chapter, presents the critical success factors that differentiate success and failure in an IT investment. It also contains a list of typical questions that we have been asked by government officials charged with implementing and managing a CPIC process, and our responses to those questions.
The supplemental CD has over 40 additional resources to help you understand the IT investment process. It gives quick reference to public documents, current government management regulations, and federal enterprise architecture case studies, with links to a variety of online resources. The contents of the CD represent the latest information available as of February 2008. Readers should visit sites such as www.whitehouse.gov/omb, www.gao.gov, and www.cio.gov to obtain the most current information about IT CPIC.
Thomas G. Kessler
Patricia A. Kelley
i Federal organizations are referred to as agencies
throughout the book, even though there are various forms of organization, including departments, bureaus, and independent agencies.
ii Clinger-Cohen Act, U.S. Public Law 104-208, September 30, 1996. Online at http://www.cio.gov/Documents/it_management_reform_act_Feb_1996.html (accessed December 2007).
Acknowledgments
Since the passage of the Clinger-Cohen Act in 1996, many talented and dedicated civil servants and contractors have worked diligently to understand, embrace, and support its implementation. Hundreds, possibly thousands, of Office of Management and Budget (OMB), agency, and contractor personnel have worked to develop and implement information technology capital planning and investment control, enterprise architecture, security assessment, and other related processes. We have been privileged to work with them, learn from them, train them, and help them along the way. The presidents, senators, and representatives who have served over the past decade can never know or fully appreciate the dedication and commitment of those who serve the cause of improving and reforming information technology management practices. We express our sincere gratitude for the efforts of all those who have toiled in relative obscurity to make a difference.
Special thanks are extended to Sandra McGill and her team at the Centers for Disease Control and Prevention in Atlanta and her predecessor, Brenda White. Whether they accept their due praise or not, they made substantial progress. The Social Security Administration’s Capital Planning and Investment Control team, including Alan Deckard and Andy Berry, and their training coordinator, Beth Walker, are to be commended for their continuing commitment to meeting OMB requirements. Frederick Meyer, Robert Lagas, Carl Metzger, and Mark Raiffa influenced our thinking and kept us motivated, and we are grateful for their contributions. Special thanks are extended to Dr. Charles Ehart, Stephen Hampton, Barbara Sabur, and Michele Sousa for their professionalism, friendship, and excellent technical support.
There are many others whose names are not mentioned, but who have made important and lasting contributions. To all who have worked with us over the past decade in an attempt to make a difference, we extend our gratitude and appreciation.
Writing a book is no small feat, as we learned in this endeavor. We thank the members of the Management Concepts team, who did not lose faith even though this book was delivered well beyond our original time frame. Jack Knowles and Myra Strauss were very helpful in discussing potential topics and encouraging the writing of this book, and in providing ongoing support through the writing and publication process.
INTRODUCTION
The Legislative Basis for Improved IT Management
Initiative is doing the right thing without being told.
—VICTOR HUGO, FRENCH AUTHOR
Capital planning and investment control (CPIC) is a set of practices and procedures for managing the entire set of a government agency’s information technology (IT) resources as if it were a financial portfolio. It is a decision-making process for aligning investments with the agency mission; for selecting investments that are in the best interests of the agency as a whole; and for identifying, managing, and mitigating risk that causes projects to fail. CPIC establishes a mind-set of strategic thinking and stewardship that can, over time, become part of an agency’s organizational culture.
The ultimate objective of the CPIC process is to ensure maximum return on IT investment. The process requires establishing goals for the IT portfolio, ensuring that existing assets are performing well and providing a positive return on investment, and fully scrutinizing potential new investments to determine how they will perform individually and how they will fit in the portfolio as a whole. The CPIC process also ensures that the portfolio is diversified and that the portfolio risk characteristics are consistent with the organization’s risk-tolerance level.
Implementing an effective CPIC process often necessitates changes to an agency’s organizational culture—its long-established ways of doing business—especially with regard to adopting macro-level IT management practices, ensuring the availability of sufficient information for making decisions about each individual investment and the entire set of resources, and raising the level of discussion, dialogue, and decision-making to the agency level.
Federal CPIC Requirements
In the federal government, management reform gained significant attention during the mid-1990s as a series of large-scale IT projects suffered setbacks and, in some