DevEX - reference for building teams, processes, and platforms
CIO Support Services Framework Part I of II - Andy Blumenthal
1. How to Strengthen the Office of the CIO: Part 1 8/7/09 8:32 AM
How to Strengthen the Office of the CIO: Part 1
Aug 6, 2009, By Andy Blumenthal
Editor's Note: This is a two-part article on strengthening the office of the CIO to improve IT operations.
Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best
practices and implementation.
Information technology is plagued with what federal CIO Vivek Kundra recently called "magnificent
failures." A recent research survey by the Standish Group identified that more than 80 percent of IT projects
were either failing or significantly at risk. Another article described the CIO's role as a nearly impossible
job, trying to manage day-to-day firefighting with limited to no ability to get control and manage
strategically.
We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on
requirements and fail to deliver on time, within budget and to specifications.
The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects
and putting the CIO and other IT leadership back in the driver's seat, by ensuring that the structural
components for success are identified, elevated and resourced appropriately.
The focus of this article is to identify, describe and link the core elements that make up and support an
Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the
CIO is properly supported, program and project management can be executed with strategic intent and
alignment.
It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program
management today, such as the Federal Enterprise Architecture (FEA), Information Technology
Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project
Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and
International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in
its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at
architecture planning, ITIL on service support and delivery, PMBOK on project management and so on.
What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a
bigger picture.
http://www.govtech.com/gt/articles/707997?printall Page 1 of 4
2. How to Strengthen the Office of the CIO: Part 1 8/7/09 8:32 AM
Image copyright by Andy Blumenthal
So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so
that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or
ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his
or her strategy must drive technology operations rather than just fighting fires.
In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little
supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT
operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to
make decisions based on gut, intuition, politics and subjective management whim.
Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still
like blind people grasping in the dark for answers. This framework corrects the structural defects in today's
IT organization that cause this situation to occur.
The CSSF has six major components:
1. Enterprise Architecture (EA) -- for strategic, tactical, and operational planning in the organization. EA
includes all perspectives of the organization's architecture including: performance, business, information
(data and geospatial), services (or systems), technology, security, and human capital (this last one is
currently missing from the Federal Enterprise Architecture).
In EA planning, we develop the current architecture--where we are today in terms of business and
technology resources, the target--where we want to be in the future through business process improvement
http://www.govtech.com/gt/articles/707997?printall Page 2 of 4
3. How to Strengthen the Office of the CIO: Part 1 8/7/09 8:32 AM
and technology enablement, and the transition plan--how do we get from where we are today to where we
want to be in the future.
More mature EA's provide business, data, and systems models, and identify gaps, redundancies,
inefficiencies, and opportunities in the business and IT and recommend business process improvement,
reengineering, and new technologies to improve organizational performance.
2. Capital Planning and Investment Control (CPIC) or IT governance -- manages the IT investment
decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to
put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on
investment, minimize or mitigate risk and provide for strategic alignment to the business.
CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are
followed, such as information sharing and quality, interoperability, component reuse, standardization,
simplification, cost-efficiency, and of course security.
3. Project Management Office (PMO) -- oversees the effective execution on the IT projects. These
projects derive from the EA technical roadmap and transition strategy and from IT investment decisions
coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a
project to include scope, schedule, cost, quality, project resources, integration, communications, and more,
from the initiation of a project through its closeout. Project managers typically develop the work breakdown
structures, project schedules, and monitor and manage progress to these.
4. Customer Relationship Management (CRM) or IT service management -- for managing service and
support to our customer with "one call does it all". As opposed to customer management within IT
operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the
CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction,
generating and managing customer requirements, supporting business case development, and handling
internal business complaints, issues, and coordinating problem resolution with IT operations.
5. IT Security (ITS) -- how we conduct IT security policy and planning. This function encompasses how
we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an
operational IT function. This functional area includes preparing certifications and accreditations, risk
assessments, security plans, vulnerability testing, security awareness training, and security policies. IT
security ensures the confidentiality, availability, integrity, and privacy of the organizations information.
6. Business Performance Management (BPM) -- how we measure and drive performance, so we know
whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing,
analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform
which programs and projects that are on track, challenged and in jeopardy of failure.
Typically BPM provides for a drill-down capability, so high-level "red-yellow-green" program/project
indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making
course corrections. BPM should provide a feedback mechanism for how the IT function is performing and
drive continuous process and performance improvement in the CIO organization.
Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable
Office of the Chief Information Officer (OCIO) in the center.
http://www.govtech.com/gt/articles/707997?printall Page 3 of 4