OMB A-11 IT Management and Reporting Office of Management and Budget Staff May 6 and 7, 2003
Agenda <ul><li>Building Better Business Cases </li></ul><ul><ul><li>High level discussion of changes for FY05 </li></ul></...
Changes from FY04 to FY05 <ul><li>Section 53  </li></ul><ul><ul><li>All terminology changed from IT project to IT Investme...
Changes from FY04 to FY05 <ul><li>Exhibit 53 </li></ul><ul><ul><li>Unique Investment Identifier </li></ul></ul><ul><ul><li...
Changes from FY04 to FY05 <ul><li>Major Investment definition: </li></ul><ul><ul><li>investment was a major investment in ...
Changes from FY04 to FY05 <ul><li>Section 300 </li></ul><ul><ul><li>Location in the budget added to the introduction </li>...
Building Better Business Cases <ul><li>I.A.  Investment Description & I.B.  Justification </li></ul><ul><ul><li>A collabor...
Building Better Business Cases <ul><li>I.D. Project Management </li></ul><ul><ul><li>Project is very strong and has resour...
Building Better Business Cases <ul><li>I.F. Risk Inventory & Assessment </li></ul><ul><ul><li>All 19 items addressed </li>...
Building Better Business Cases <ul><li>I.E. Alternative Analysis </li></ul><ul><ul><li>Identify all viable alternatives </...
Building Better Business Cases <ul><ul><li>Life cycle costs analysis for each alternative </li></ul></ul><ul><ul><ul><li>–...
Investments not assessing 3 viable alternatives  <ul><li>Consequences: </li></ul><ul><ul><li>Most cost effective solution ...
Building Better Business Cases <ul><ul><li>Acquisition Strategy </li></ul></ul><ul><ul><li>Single or Several Contracts </l...
Building Better Business Cases <ul><li>Acquisition Strategy Continued </li></ul><ul><ul><li>Performance-Based – if not why...
Building Better Business Cases <ul><li>Acquisition Strategy Continued </li></ul><ul><ul><li>Will you use commercially avai...
Building Better Business Cases <ul><li>Acquisition Strategy Continued… </li></ul><ul><ul><li>How will you ensure Section 5...
Investments not adequately planning and managing acquisitions <ul><li>Consequences: </li></ul><ul><ul><li>Unclear contract...
Building Better Business Cases <ul><li>I.H. Investment and Funding Plan </li></ul><ul><ul><li>Provides Project Management ...
Building Better Business Cases <ul><li>I.H.  Investment and Milestone Funding Plan </li></ul><ul><ul><li>Must use Earned V...
Government Establishes the Framework for the Investment <ul><li>Agency contract defines outcome/output requirements </li><...
ESTABLISH THE BASELINE <ul><li>1.   DEFINE THE WORK </li></ul>TIME 2.  SCHEDULE THE WORK 3.  ALLOCATE BUDGETS $ 100 80 60 ...
I.H.2 Original Baseline <ul><li>Cost and schedule goals for phase or segment/module of investment </li></ul><ul><li>Major ...
I.H.3 Proposed/Current Baseline <ul><li>When there are changes needed to original baseline or current OMB approved baselin...
I.H.4.A  Actual Performance and Variance <ul><li>All of I.H.4 is always filled in to show current status of investment.   ...
I.H.4.B Investment Summary  <ul><li>As of date___  Must show: </li></ul><ul><li>Budgeted Cost of Work Scheduled (BCWS) </l...
COST PERFORMANCE REPORTING KEY DATA ELEMENTS
Earned Value Trend Analysis
I.H.4.B.4 (Cont.) Provide the following EVMS Analysis <ul><li>Cost Variance $ and  % </li></ul><ul><li>Cost performance in...
I.H.4.C and D  <ul><li>C - Analysis of the reasons for cost and schedule variances of 10% or more at time of report or EAC...
I.H.4.E, F and G <ul><li>E - Discuss estimate to complete (EAC) </li></ul><ul><ul><li>Contractor </li></ul></ul><ul><ul><l...
Operating investments <ul><li>Must be monitored with an Operational Analysis System to track: </li></ul><ul><ul><li>How cl...
Addressing IT Security, Homeland Security, and Privacy in IT Budget Materials Kamela White Information Policy and Technolo...
IT Budget Materials <ul><li>Exhibit 53, IT Portfolio </li></ul><ul><ul><li>IT Security </li></ul></ul><ul><ul><li>Homeland...
Exhibit 53  <ul><li>IT Security </li></ul><ul><ul><li>Must report security costs per system </li></ul></ul><ul><ul><li>Ass...
Exhibit 53 – IT Security (continued) <ul><ul><li>Products, procedures, personnel, etc. that have as an integral component ...
Exhibit 300 – Part I. Capital Asset Plan and Business Case <ul><li>IT Security </li></ul><ul><ul><li>Was this investment r...
Part I. (continued) <ul><ul><li>Has this investment been identified as a national critical operation or asset by a Project...
Part I. (continued) <ul><li>Homeland Security </li></ul><ul><ul><li>Supports Homeland Security  means an IT investment tha...
Part I. (continued) <ul><li>Section I.F. Risk Inventory and Assessment   </li></ul><ul><ul><li>Identify security and priva...
Part II.  Additional Business Case Criteria for IT <ul><li>Section II.B. Security and Privacy </li></ul><ul><ul><li>How is...
Part II. (continued) <ul><li>Privacy </li></ul><ul><ul><li>Appropriate controls to protect privacy for systems that promot...
Privacy Impact Assessment (PIA) <ul><li>A PIA is a process for examining the risks and ramifications of collecting, mainta...
RMO’s Viewpoint <ul><li>1.  Negotiated Process.  IT and Programmatic Considerations. </li></ul><ul><li>Emphasize that OMB-...
RMO’s Viewpoint <ul><li>4.  Relation of Exhibit 300s and PARTs . </li></ul><ul><li>If an IT investment contributes to a pr...
Upcoming SlideShare
Loading in …5
×

OMB A11 IT Management

530 views
427 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
530
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OMB A11 IT Management

  1. 1. OMB A-11 IT Management and Reporting Office of Management and Budget Staff May 6 and 7, 2003
  2. 2. Agenda <ul><li>Building Better Business Cases </li></ul><ul><ul><li>High level discussion of changes for FY05 </li></ul></ul><ul><ul><li>Individual Areas of the Business Cases </li></ul></ul><ul><ul><li>IT Security and Privacy </li></ul></ul><ul><ul><li>Integration into the Budget Process </li></ul></ul><ul><ul><ul><li>Federal Enterprise Architecture </li></ul></ul></ul><ul><ul><ul><li>View from the Resource Management Office (Budget) </li></ul></ul></ul><ul><li>Financial Management Reporting </li></ul>
  3. 3. Changes from FY04 to FY05 <ul><li>Section 53 </li></ul><ul><ul><li>All terminology changed from IT project to IT Investment </li></ul></ul><ul><ul><li>Requirement for Draft Exhibit 53 (Summer) </li></ul></ul><ul><ul><li>Federal Enterprise Architecture is added </li></ul></ul><ul><ul><li>What it means to be Green added </li></ul></ul><ul><ul><li>Linkage to the FEA is added to the Unique Investment Identifiers </li></ul></ul>
  4. 4. Changes from FY04 to FY05 <ul><li>Exhibit 53 </li></ul><ul><ul><li>Unique Investment Identifier </li></ul></ul><ul><ul><li>Unique Investment Identifier (FY2004 Process) </li></ul></ul><ul><ul><li>Investment Title </li></ul></ul><ul><ul><li>Investment Description </li></ul></ul><ul><ul><li>Total Investments for 2003, 2004, and 2005 </li></ul></ul><ul><ul><li>Financial percentage </li></ul></ul><ul><ul><li>IT Security percentage </li></ul></ul><ul><ul><li>Homeland Security Priority Identifier </li></ul></ul><ul><ul><li>Development, modernization, enhancement for 2003, 2004, 2005 </li></ul></ul><ul><ul><li>Steady State for 2003, 2004, 2005 </li></ul></ul>
  5. 5. Changes from FY04 to FY05 <ul><li>Major Investment definition: </li></ul><ul><ul><li>investment was a major investment in the FY 04 submission and is continuing; </li></ul></ul><ul><ul><li>investment is financial management and spends more than $500,000; </li></ul></ul><ul><ul><li>investment is directly tied to the top two layers of the Federal Enterprise Architecture (Services to Citizens and Mode of Delivery); </li></ul></ul><ul><ul><li>investment is an integral part of the agency’s modernization blueprint (EA); </li></ul></ul><ul><ul><li>investment has significant program or policy implications; </li></ul></ul><ul><ul><li>investment has high executive visibility; </li></ul></ul><ul><ul><li>investment is defined as major by the agency’s capital planning and investment control process; </li></ul></ul><ul><ul><li>OMB may work with the agency to declare other projects as major investments. </li></ul></ul>
  6. 6. Changes from FY04 to FY05 <ul><li>Section 300 </li></ul><ul><ul><li>Location in the budget added to the introduction </li></ul></ul><ul><ul><li>PART Review Questions </li></ul></ul><ul><ul><li>All terminology for IT changed to investments </li></ul></ul><ul><ul><li>Federal Enterprise Architecture added </li></ul></ul><ul><ul><li>More specificity in every section </li></ul></ul><ul><ul><li>Multi-Agency Business Cases and requirements </li></ul></ul><ul><ul><li>One business case for office automation, infrastructure, and telecommunications </li></ul></ul><ul><ul><li>All 300s must be in XML in order to be part of the budget submission </li></ul></ul><ul><ul><li>Government FTE added to the summary of spending </li></ul></ul><ul><ul><li>Intro added for each section identifying how to successfully address the section </li></ul></ul>
  7. 7. Building Better Business Cases <ul><li>I.A. Investment Description & I.B. Justification </li></ul><ul><ul><li>A collaborative investment that includes multiple agencies, state, local, or tribal governments </li></ul></ul><ul><ul><li>Supports the President’s Management Agenda </li></ul></ul><ul><ul><li>uses e-business technologies </li></ul></ul><ul><ul><li>investment is governed by citizen needs </li></ul></ul><ul><ul><li>supports the Federal Business Architecture published by OMB </li></ul></ul><ul><ul><li>If investment is a steady state investment, then an E-Gov strategy review is underway and includes all of the necessary elements </li></ul></ul><ul><ul><li>If appropriate, this investment is fully aligned with one or more of the President's E-Gov initiatives </li></ul></ul><ul><li>I.C. Performance Goals and Measures </li></ul><ul><ul><li>FEA will be discussed later in the presentation </li></ul></ul>
  8. 8. Building Better Business Cases <ul><li>I.D. Project Management </li></ul><ul><ul><li>Project is very strong and has resources in place to manage it. </li></ul></ul><ul><ul><li>Project Managers are in place and successfully managing the project </li></ul></ul><ul><ul><li>Integrated Project Teams are in place and include the correct skill sets </li></ul></ul><ul><ul><li>Members, Roles, qualifications, and contact information for in-house and contract managers </li></ul></ul><ul><ul><li>Identification of a Project Manager </li></ul></ul><ul><ul><li>Identification of a Contracting </li></ul></ul><ul><ul><li>Integrated Project Team </li></ul></ul><ul><ul><li>Sponsor/Owner Assigned? Identified? </li></ul></ul><ul><ul><li>Additional Information: </li></ul></ul><ul><ul><ul><li>OMB Capital Programming Guide </li></ul></ul></ul><ul><ul><ul><li>OPM </li></ul></ul></ul>
  9. 9. Building Better Business Cases <ul><li>I.F. Risk Inventory & Assessment </li></ul><ul><ul><li>All 19 items addressed </li></ul></ul><ul><ul><li>Risk Assessment performed at outset & managed throughout the life-cycle </li></ul></ul><ul><ul><li>Status of Risk as of the date of the business case </li></ul></ul><ul><ul><ul><li>In column for status: If not completed, show the milestone(s) for completion of risk mitigation </li></ul></ul></ul><ul><ul><li>Date of the most recent Risk Management Plan </li></ul></ul>
  10. 10. Building Better Business Cases <ul><li>I.E. Alternative Analysis </li></ul><ul><ul><li>Identify all viable alternatives </li></ul></ul><ul><ul><li>Select the top 3 Viable Alternatives </li></ul></ul><ul><ul><li>Market Research </li></ul></ul><ul><ul><li>Discuss the market research that was done to identify innovative solutions for this investment (e.g., used an RFI to obtain 4 different solutions to evaluate, held open meetings with contractors to discuss investment scope, etc.,). Also describe what data was used to make estimates: past or current contract prices for similar work, contractor provided estimates from RFIs or meetings, general market publications, etc. </li></ul></ul>
  11. 11. Building Better Business Cases <ul><ul><li>Life cycle costs analysis for each alternative </li></ul></ul><ul><ul><ul><li>– Provide Assumptions. What data was used to make the estimates </li></ul></ul></ul><ul><ul><li>Chosen alternative and why </li></ul></ul><ul><ul><ul><li>Define return on investment </li></ul></ul></ul><ul><ul><ul><li>Risk adjusted/Quantitative benefits-savings, other </li></ul></ul></ul><ul><ul><li>Net Present Value by Year and Payback Period Calculations </li></ul></ul><ul><ul><li>Date of the Benefits Costs Analysis </li></ul></ul>
  12. 12. Investments not assessing 3 viable alternatives <ul><li>Consequences: </li></ul><ul><ul><li>Most cost effective solution providing greatest benefits not chosen </li></ul></ul><ul><ul><li>Opportunities to collaborate are missed </li></ul></ul><ul><ul><li>Innovative solutions are not pursued </li></ul></ul><ul><ul><li>No backup plan if alternative chosen isn’t the right one </li></ul></ul><ul><li>Steps For Strengthening: </li></ul><ul><ul><li>Identify all possible alternatives and then down-select </li></ul></ul><ul><ul><li>Increase Market research to identify innovative solutions </li></ul></ul><ul><ul><li>Benchmark against private industry </li></ul></ul><ul><ul><li>Use consistent financial criteria across alternatives </li></ul></ul>
  13. 13. Building Better Business Cases <ul><ul><li>Acquisition Strategy </li></ul></ul><ul><ul><li>Single or Several Contracts </li></ul></ul><ul><ul><ul><li>What type of contract/task order if single </li></ul></ul></ul><ul><ul><ul><li>If multiple contract/task orders will be used discuss the type, how they relate to each other to reach the investment outcomes, and how much each contributes to the achievement of the investment cost, schedule and performance goals. </li></ul></ul></ul><ul><ul><li>Discuss the contract/task order solicitation or contract provisions that allow the contractor to provide innovative, transformational solutions. </li></ul></ul>
  14. 14. Building Better Business Cases <ul><li>Acquisition Strategy Continued </li></ul><ul><ul><li>Performance-Based – if not why not. </li></ul></ul><ul><ul><li>For other that firm-fixed price, performance-based contracts, define the risk not sufficiently mitigated in the risk mitigation plan, for that contract/task order, that requires the Government to assume the risk of contract achievement of cost, schedule and performance goals. Explain the amount of risk the government will assume. </li></ul></ul><ul><ul><li>Will you use financial incentives to motivate contractor performance (e.g. incentive fee, award fee, etc.)? </li></ul></ul><ul><ul><li>Discuss the competition process used for each contract/task order? </li></ul></ul><ul><ul><ul><li>Full and Open – Limited using schedule or commercial item, etc. </li></ul></ul></ul>
  15. 15. Building Better Business Cases <ul><li>Acquisition Strategy Continued </li></ul><ul><ul><li>Will you use commercially available or COTS products for this investment? </li></ul></ul><ul><ul><li>If yes, to what extent will these items be modified to meet the unique requirements of this investment? </li></ul></ul><ul><ul><li>What prevented the use of COTS without modification? </li></ul></ul><ul><ul><li>If no. Why? </li></ul></ul>
  16. 16. Building Better Business Cases <ul><li>Acquisition Strategy Continued… </li></ul><ul><ul><li>How will you ensure Section 508 compliance? </li></ul></ul><ul><ul><li>What is the date of your acquisition plan? </li></ul></ul><ul><ul><ul><li>Keep it updated </li></ul></ul></ul><ul><ul><li>Percentage of hardware acquisition </li></ul></ul><ul><ul><li>Percentage of software acquisition </li></ul></ul><ul><ul><li>Percentage of services acquisition </li></ul></ul>
  17. 17. Investments not adequately planning and managing acquisitions <ul><li>Consequences: </li></ul><ul><ul><li>Unclear contracts do not mitigate risk to the government </li></ul></ul><ul><ul><li>Relationship between primes and subcontractors not well designed thereby adding to the risk </li></ul></ul><ul><ul><li>Failure to include procurement experts may not identify smartest choices </li></ul></ul><ul><li>Steps For Strengthening: </li></ul><ul><ul><li>Increase the use of performance based contracts </li></ul></ul><ul><ul><li>Reduce use of Time and Material contracts </li></ul></ul><ul><ul><li>Ensure that modernization strategies include performance based criteria </li></ul></ul><ul><ul><li>Ensure the procurement shop is an integral player </li></ul></ul>
  18. 18. Building Better Business Cases <ul><li>I.H. Investment and Funding Plan </li></ul><ul><ul><li>Provides Project Management information on total project – Both Contractor and Government Efforts </li></ul></ul><ul><ul><ul><li>Government personnel costs = salaries plus fringe benefits of 32.5% of government personnel considered to be direct and indirect labor in support of the project. Includes the project management IPT and any other government effort (e.g., programming effort for part of the overall project development effort) that contributes to the success of the project. </li></ul></ul></ul>
  19. 19. Building Better Business Cases <ul><li>I.H. Investment and Milestone Funding Plan </li></ul><ul><ul><li>Must use Earned Value Management System that meets ANSI/EIA Standard 748 </li></ul></ul><ul><ul><li>Must demonstrate that the investment is meeting the planned cost, schedule and performance goals </li></ul></ul><ul><ul><li>Use Operational Analysis for Steady State </li></ul></ul><ul><ul><li>Use both for mixed life-cycle </li></ul></ul><ul><ul><li>Lots of information about EVMS at www.acq.osd.mil/pm </li></ul></ul>
  20. 20. Government Establishes the Framework for the Investment <ul><li>Agency contract defines outcome/output requirements </li></ul><ul><li>Contract requires contractor to use EVMS - ANSI/EIA 748, to build proposal, manage contract performance, and submit EVMS data to Government. </li></ul><ul><li>Contract defines EVMS software Government will use. </li></ul><ul><li>Process Govt will use to verify 748 system </li></ul>
  21. 21. ESTABLISH THE BASELINE <ul><li>1. DEFINE THE WORK </li></ul>TIME 2. SCHEDULE THE WORK 3. ALLOCATE BUDGETS $ 100 80 60 20 40 15 40
  22. 22. I.H.2 Original Baseline <ul><li>Cost and schedule goals for phase or segment/module of investment </li></ul><ul><li>Major investment milestones </li></ul><ul><ul><li>When will they occur and cost </li></ul></ul><ul><ul><li>Funding agency for each milestone </li></ul></ul><ul><li>This baseline is include in all subsequent reports, even when OMB has approved changes shown in I.H.3 </li></ul>
  23. 23. I.H.3 Proposed/Current Baseline <ul><li>When there are changes needed to original baseline or current OMB approved baseline. </li></ul><ul><li>Shows new milestones and costs </li></ul><ul><li>BLANK if no changes to original baseline. </li></ul>
  24. 24. I.H.4.A Actual Performance and Variance <ul><li>All of I.H.4 is always filled in to show current status of investment. </li></ul><ul><li>Compares OMB approved baseline and actual outcomes for phase, segment/module by milestone </li></ul><ul><li>Shows baseline completion date and new estimated completion date, baseline costs and new estimate to complete. </li></ul>
  25. 25. I.H.4.B Investment Summary <ul><li>As of date___ Must show: </li></ul><ul><li>Budgeted Cost of Work Scheduled (BCWS) </li></ul><ul><li>Budgeted Cost of Work Performed (BCWP) </li></ul><ul><li>Actual Cost of Work Performed (ACWP) </li></ul><ul><li>Cost curve plotting BCWS, BCWP and ACWP on monthly basis </li></ul>
  26. 26. COST PERFORMANCE REPORTING KEY DATA ELEMENTS
  27. 27. Earned Value Trend Analysis
  28. 28. I.H.4.B.4 (Cont.) Provide the following EVMS Analysis <ul><li>Cost Variance $ and % </li></ul><ul><li>Cost performance index </li></ul><ul><li>Schedule Variance $ and % </li></ul><ul><li>Schedule Performance Index </li></ul><ul><li>Two independent Estimate At Completion </li></ul><ul><li>Variance at Completion for both EACs </li></ul>
  29. 29. I.H.4.C and D <ul><li>C - Analysis of the reasons for cost and schedule variances of 10% or more at time of report or EAC is projected to by 10% or more </li></ul><ul><li>D – Provide performance variance </li></ul><ul><ul><ul><li>Explain whether IPT still expects to achieve performance goals. If not, explain reasons </li></ul></ul></ul>
  30. 30. I.H.4.E, F and G <ul><li>E - Discuss estimate to complete (EAC) </li></ul><ul><ul><li>Contractor </li></ul></ul><ul><ul><li>Two commonly used EAC formulas </li></ul></ul><ul><ul><li>Rationale for the EAC chosen by IPT </li></ul></ul><ul><li>F - Corrective actions with risk - How close to original goals will be result </li></ul><ul><li>G - Agency Head concurrence to continue </li></ul>
  31. 31. Operating investments <ul><li>Must be monitored with an Operational Analysis System to track: </li></ul><ul><ul><li>How close actual annual operating and maintenance costs are to the original life-cycle estimates </li></ul></ul><ul><ul><li>Whether level or quality of performance /capability meets performance goals and continues to meet user needs </li></ul></ul>
  32. 32. Addressing IT Security, Homeland Security, and Privacy in IT Budget Materials Kamela White Information Policy and Technology Office of Management and Budget [email_address]
  33. 33. IT Budget Materials <ul><li>Exhibit 53, IT Portfolio </li></ul><ul><ul><li>IT Security </li></ul></ul><ul><ul><li>Homeland Security </li></ul></ul><ul><li>300, Capital Asset Plan and Business Case </li></ul><ul><ul><li>IT Security </li></ul></ul><ul><ul><li>Homeland Security </li></ul></ul><ul><ul><li>Privacy </li></ul></ul>
  34. 34. Exhibit 53 <ul><li>IT Security </li></ul><ul><ul><li>Must report security costs per system </li></ul></ul><ul><ul><li>Associate spending with level of performance </li></ul></ul><ul><ul><li>0 = no security controls </li></ul></ul><ul><ul><li>Provide additional information where necessary </li></ul></ul><ul><li>What should security costs consist of? </li></ul><ul><ul><li>Products, procedures, personnel, etc. that are primarily dedicated to or used for provision of security controls: </li></ul></ul><ul><ul><ul><li>employee training, security inspections and audits, vulnerability and penetration testing. </li></ul></ul></ul>
  35. 35. Exhibit 53 – IT Security (continued) <ul><ul><li>Products, procedures, personnel, etc. that have as an integral component a quantifiable benefit to security: </li></ul></ul><ul><ul><ul><li>privacy training, system/program evaluations. </li></ul></ul></ul><ul><li>Supports Homeland Security means an IT investment that supports the homeland security mission areas of: </li></ul><ul><ul><li>Intelligence and Warning, </li></ul></ul><ul><ul><li>Border and Transportation Security, </li></ul></ul><ul><ul><li>Defending Against Catastrophic Threats, </li></ul></ul><ul><ul><li>Protecting Critical Infrastructure and Key Assets, </li></ul></ul><ul><ul><li>Emergency Preparedness and Response, and </li></ul></ul><ul><ul><li>Other. </li></ul></ul>
  36. 36. Exhibit 300 – Part I. Capital Asset Plan and Business Case <ul><li>IT Security </li></ul><ul><ul><li>Was this investment reviewed as part of the FY03 Federal Information Security Management Act review process? </li></ul></ul><ul><ul><ul><li>If yes, were any weaknesses found? </li></ul></ul></ul><ul><ul><ul><li>Have the weaknesses been incorporated into the agency’s corrective action plans? </li></ul></ul></ul>
  37. 37. Part I. (continued) <ul><ul><li>Has this investment been identified as a national critical operation or asset by a Project Matrix review or other agency determination? </li></ul></ul><ul><ul><ul><li>If no, is this an agency mission critical or essential service, system, operation, or asset (such as those documented in the agency's COOP Plan), other than those identified as above as national critical infrastructures? </li></ul></ul></ul>
  38. 38. Part I. (continued) <ul><li>Homeland Security </li></ul><ul><ul><li>Supports Homeland Security means an IT investment that supports the homeland security mission areas of: </li></ul></ul><ul><ul><ul><li>Intelligence and Warning, </li></ul></ul></ul><ul><ul><ul><li>Border and Transportation Security, </li></ul></ul></ul><ul><ul><ul><li>Defending Against Catastrophic Threats, </li></ul></ul></ul><ul><ul><ul><li>Protecting Critical Infrastructure and Key Assets, </li></ul></ul></ul><ul><ul><ul><li>Emergency Preparedness and Response, and </li></ul></ul></ul><ul><ul><ul><li>Other. </li></ul></ul></ul><ul><li>Privacy </li></ul><ul><ul><li>Was a privacy impact assessment performed for this IT investment? </li></ul></ul>
  39. 39. Part I. (continued) <ul><li>Section I.F. Risk Inventory and Assessment </li></ul><ul><ul><li>Identify security and privacy risks, also provide information of the level of risk (high, medium, or basic); and </li></ul></ul><ul><ul><li>What factor determined the risk level (confidentiality, integrity, or availability) </li></ul></ul>
  40. 40. Part II. Additional Business Case Criteria for IT <ul><li>Section II.B. Security and Privacy </li></ul><ul><ul><li>How is security funded? </li></ul></ul><ul><ul><li>Level of risk and security controls? </li></ul></ul><ul><ul><li>Does the IT investment meet security requirements: </li></ul></ul><ul><ul><ul><li>up-to-date security plan? </li></ul></ul></ul><ul><ul><ul><li>fully certified and accredited? </li></ul></ul></ul><ul><ul><ul><li>security controls tested? </li></ul></ul></ul><ul><ul><ul><li>users trained? </li></ul></ul></ul><ul><ul><ul><li>incident response capability? </li></ul></ul></ul><ul><ul><ul><li>security in contracts? </li></ul></ul></ul>
  41. 41. Part II. (continued) <ul><li>Privacy </li></ul><ul><ul><li>Appropriate controls to protect privacy for systems that promote or permit public access? </li></ul></ul><ul><ul><li>Agency ensure that handling of personal information is consistent with gov’t-wide and agency policies? </li></ul></ul><ul><ul><li>Performed a privacy impact assessment? </li></ul></ul>
  42. 42. Privacy Impact Assessment (PIA) <ul><li>A PIA is a process for examining the risks and ramifications of collecting, maintaining, and disseminating personally identifiable information in an information system; and for identifying and evaluating alternatives and protections to mitigate the impact to privacy of collecting personal information. </li></ul><ul><li>PIAs are required for all major IT systems and all new systems that are requesting funding </li></ul><ul><li>PIAs are required for new online information collections under the Paperwork Reduction Act. </li></ul>
  43. 43. RMO’s Viewpoint <ul><li>1. Negotiated Process. IT and Programmatic Considerations. </li></ul><ul><li>Emphasize that OMB-agency negotiate the process. Investments can be disapproved on either IT (300) grounds, or programmatic grounds -- or sustained for programmatic reasons while a &quot;get well&quot; plan is pursued with respect to weaknesses in the IT business case. </li></ul><ul><li>2. IT and Overall Budget Justifications Should Be Integrated. Integration Should Be Built Into An Agency's Budget Formulation Process (just as it is increasing at OMB). In FY 2005, IT justifications will matter more. </li></ul><ul><li>IT shops and budget shops should understand well how both aspects of agency budget requests relate. More OMB account examiners and OMB analysis will be devoted to reviewing IT justifications in FY 2005 than ever before, and final budget decisions will depend on these reviews. OMB needs to understand how IT fits into overall programmatic requests across the agency. Agencies should work with their RMO on IT integration into the overall Budget Submission. E-Gov Plans should be integrated with the other PMA initiatives (Financial Management, Human Capital, Competitive Sourcing, and Budget and Performance Integration). </li></ul><ul><li>3. Early Submission of &quot;Draft Exhibit 53s and Exhibit 300s.&quot; </li></ul><ul><li>OMB will be discussing with agencies &quot;draft Exhibit 53&quot; submissions, to clarify early such things as expected lists of major investments, how mapping IT investments to the FEA lines of business is being addressed, how consolidated infrastructure requests will be handled, and other issues. </li></ul>
  44. 44. RMO’s Viewpoint <ul><li>4. Relation of Exhibit 300s and PARTs . </li></ul><ul><li>If an IT investment contributes to a program with a PART, A-11 calls for addressing whether the IT investment relates to closing a gap identified in the PART. </li></ul><ul><li>5. Joint Business Cases. </li></ul><ul><li>When two or more partners are working together on a investment or elements of a investment, it should be clear not just what is being done, but what unnecessary things are not being done. That is really the true test of joint business case . The managing partner will take the lead for the business case and capital asset planning, including submitting the joint 300 to OMB. Partnering agencies should ensure their collaboration and funding are appropriately represented in the 300 prior to submission to OMB. All participants will reflect multi-agency investments as specific line items on their exhibit 53s. </li></ul>

×