DOC

Treasury IT CPIC Policy Guide - REVISED Oct 06

By Debra Gonzalez,2014-05-24 03:31
13 views 0
The Federal Information Security Management Act (FISMA) Department of Defense Handbook: Work Breakdown Structure, U.S. Department of Defense,

    Information Technology

     CAPITAL PLANNING & INVESTMENT CONTROL

     POLICY GUIDE

    October 2006

    Version 11

     Treasury IT CPIC Policy Guide 1

Revision History

September 2005: First official version (albeit subtitled ―Version 5‖) approved by Technical

    Investment Review Board (TIRB)

October 2005:

? Date of Guide revised from September 2005 to October 2005; version number changed from

    Version 5 to Version 6

    ? Roles and Responsibilities: Updated definitions of TIRB, Treasury CPIC Team and Critical

    Partners

March 2006:

? Updated EVM definitions in Earned Value Management Appendix

    ? Date of Guide revised from October 2005 to March 2006; version number changed from Version

    6 to Version 7

July 2006:

? Date of Guide revised from March 2006 to July 2006; version number changed from Version 7

    to Version 8

    ? Added Appendix and reference for Internal Exhibits 300

    ? Added Appendix and reference for Treasury Interpretation of Investment Life-Cycle Definitions

    ? Added Appendix and reference for Treasury Internal Watch List

August 2006:

? Incorporated performance measures references into Chapter 4 and Performance Measurement

    Appendix

    ? Date of Guide revised from July 2006 to August 2006; version number changed from Version 8

    to Version 9

    ? Deleted Earned Value Management Appendix and added reference to Treasury EVM Policy

    Guide

    ? Added references and links to Treasury‘s IT Capital Planning and Investment Control,

    Alternatives Analysis and Risk Management Policy Guides

    ? Deleted Net Present Value Calculation Method Appendix

    ? Deleted Treasury Scoring Methodology Appendix

October 2006 [Two separate updates performed]:

? Added new Appendix describing processes for closing and merging major IT investments, and

    updated Table of Contents accordingly

    ? Acknowledged requirement for PMs to certify, and Bureau CIOs to concur to the quarterly EVM

    and performance data

    ? Incorporated new Operational Analysis process into Chapter 5 and removed the Steady State

    Review process

    ? Updated Appendix nomenclature and related Appendix references throughout the Guide

    ? Date of Guide revised from August 2006 to October 2006; version number changed from

    Version 9 to Version 10

    ? Revised all references to ―Bureau/Project/Program Sponsor‖ to ―Business Owner‖

    ? Updated Control Process Flow, steps 2, 3, and 4 to reflect current protocol

    ? Version number changed from Version 10 to Version 11

     Treasury IT CPIC Policy Guide 2

    TABLE OF CONTENTS

    EXECUTIVE SUMMARY ................................................................................................................ 4 CHAPTER 1 -- INTRODUCTION .................................................................................................... 6

    PURPOSE ......................................................................................................................... 6

    SCOPE .............................................................................................................................. 8

    GOVERNANCE AND INVESTMENT PRINCIPLES ............................................................ 8

    ROLES AND RESPONSIBILITIES ....................................................................................10 CHAPTER 2 -- PRE-SELECT PHASE ..........................................................................................13

    PURPOSE ........................................................................................................................13

    SCOPE .............................................................................................................................13

    ENTRY CRITERIA ............................................................................................................13

    PROCESS ........................................................................................................................13

    EXIT CRITERIA ................................................................................................................14 CHAPTER 3 -- SELECT PHASE ...................................................................................................15

    PURPOSE ........................................................................................................................15

    SCOPE .............................................................................................................................15

    ENTRY CRITERIA ............................................................................................................16

    PROCESS ........................................................................................................................16

    EXIT CRITERIA ................................................................................................................16 CHAPTER 4 -- CONTROL PHASE ...............................................................................................17

    PURPOSE ........................................................................................................................17

    SCOPE .............................................................................................................................17

    ENTRY CRITERIA ............................................................................................................17

    PROCESS ........................................................................................................................17

    MAJOR IT INVESTMENTS ......................................................................................................17

    NON-MAJOR IT INVESTMENTS ..............................................................................................20

    EXIT CRITERIA ................................................................................................................20 CHAPTER 5 -- EVALUATE PHASE ..............................................................................................22

    PURPOSE ........................................................................................................................22

    SCOPE .............................................................................................................................22

    ENTRY CRITERIA ............................................................................................................22

    PROCESS ........................................................................................................................23

    POST-IMPLEMENTATION REVIEW ..........................................................................................23

    OPERATIONAL ANALYSIS ......................................................................................................26

    EXIT CRITERIA ................................................................................................................28 APPENDIX A -- TREASURY INFORMATION SYSTEM LIFE CYCLE ...........................................29 APPENDIX B -- TREASURY IT SECURITY POLICY ....................................................................30 APPENDIX C -- PROJECT MANAGER QUALIFICATIONS ..........................................................31 APPENDIX D -- PROJECT MANAGEMENT .................................................................................34 APPENDIX E -- PERFORMANCE MEASUREMENT .....................................................................37 APPENDIX F -- INTERNAL EXHIBITS 300 ...................................................................................43 APPENDIX G -- TREASURY INTERPRETATION OF INVESTMENT LIFE-CYCLE DEFINITIONS 45 APPENDIX H CLOSING AND MERGING MAJOR IT INVESTMENTS .......................................47 APPENDIX I TREASURY INTERNAL WATCH LIST ..................................................................48 APPENDIX J -- REFERENCES .....................................................................................................50

     Treasury IT CPIC Policy Guide 3

Executive Summary

The Clinger-Cohen Act (CCA) of 1996 requires agencies to use a disciplined Capital Planning and

    Investment Control (CPIC) process to acquire, use, maintain and dispose of information technology

    (IT). It also encourages the use of performance- and results-based management of these

    investments. The Federal Acquisition Streamlining Act requires that IT investments be tied to

    mission and strategic goals, have cost, schedule and performance goals; and achieve on average

    90 percent of these goals.

    Treasury‘s CPIC process is a dynamic process in which IT investments are selected and then continually monitored and evaluated to ensure each chosen investment is well managed, cost

    effective, and supports the mission and strategic goals of the organization.

    Recognizing both the importance of IT investments to the organization and its role in supporting the

    success of these investments, Treasury‘s Office of the Chief Information Officer (OCIO) is engaged in an on-going effort to establish, maintain, and actively support the IT investments‘ analysis and

    decision-making environment. This environment consists of three key components: a repeatable

    process, supporting tools, and executive decision-makers:

    ? Processes Capital Planning and Investment Control (CPIC) is Treasury‘s primary process

    for making decisions about which IT initiatives and systems Treasury should invest in and

    creating and analyzing associated rationale for these investments.

    ? Tools The primary tool for IT portfolio and investment management is the Treasury IT

    Portfolio Management Tool. This web-based tool is used to support Treasury investment

    decision-making and IT investment submissions to OMB. The OCIO maintains and

    supports the Tool.

    ? Executive decision makers Consists of two executive review bodies the Treasury

    Investment Review Board (TIRB) and the Treasury Executive Investment Review Board (E-

    Board), both of whom oversee the process and are primary stakeholders in the success of

    the Department.

    The trend of Treasury‘s portfolio has been upward over the years. Moderating this growth and

    ensuring that sound investment decision-making is done throughout the investment lifecycle is key

    to continued support and management of Treasury‘s IT assets.

    THIS GUIDE

    The Treasury Information Technology (IT) Capital Planning and Investment Control (CPIC) Policy

    Guide identifies the processes and activities necessary to ensure that Treasury‘s IT investments are

    well thought out, cost effective, and support missions and business goals of the organization. It is

    based on guidance from both the Office of Management and Budget (OMB) and the Government

    Accountability Office (GAO) and incorporates ―lessons learned‖ from Treasury‘s self-scoring

    iterations.

    At the highest level, the CPIC process is a circular flow of Treasury‘s IT investments through the

    following four sequential phases:

    ? Pre-Select Phase Executive decision-makers assess each proposed IT investment in

    terms of how it supports Treasury‘s mission and strategic objectives. Project Managers

    compile information necessary for supporting a proposed investment.

    ? Select Phase Investment analyses are conducted and the TIRB and then E-Board

    chooses those IT investments that best support the mission of the organization and

    Treasury‘s approach to enterprise architecture.

     Treasury IT CPIC Policy Guide 4

? Control Phase Treasury ensures, through timely management oversight, quality control,

    and executive review, that IT initiatives are developed and executed in a disciplined, well-

    managed, and consistent manner.

    ? Evaluate Phase After the system or investment has been implemented and becomes

    operational (or after the roll-out of a major functionality), actual results are compared to

    expectations to assess investment performance. The goal of Evaluate is to gather lessons

    learned and identify potential candidates for modification, acceleration, replacement or

    retirement.

    All four phases are structured in a similar manner using a set of common elements. These common

    elements provide a consistent and predictable flow and coordination of activities within each phase.

    Beyond the detailed CPIC process and activity description, this Guide also provides:

    ? A link to Treasury‘s mission, strategic goals and objectives, as well as Bureau-specific

    strategic goals -- http://www.treas.gov/offices/management/budget/planningdocs/treasury-

    strategic-plan.pdf

    ? A link to the all Treasury CPIC policy guides located at the CPIC Resource Center website

    https://hqapps.treas.gov/CPICResourceCenter/ (in the Treasury CPIC Policies & Guides

    folder):

    o IT CPIC Policy Guide

    o Alternatives Analysis Policy Guide

    o Earned Value Management Policy Guide

    o Risk Management Guide

    o Baseline Change Request Policy

    ? An overview of Treasury‘s Information System Life Cycle (ISLC) Directive and a link to the

    companion ISLC Manual see Appendix A

    ? Reference to Treasury‘s IT Security program and policies – see Appendix B ? References and guidance on how to:

    o Prepare a business case go to the CPIC Resource Center website

    https://hqapps.treas.gov/CPICResourceCenter/ and click on Exhibits 300/53.

    o Assess and Document Project Manager (PM) Qualifications -- see Appendix C

    o Manage IT projects see Appendix D

    o Develop performance measures for IT projects see Appendix E

    o Internal Exhibits 300 See Appendix F

    o Correctly characterize investment milestones as either Development, Modernization

    or Enhancement (DME) or Steady State (SS) -- see Appendix G

    o Close or merge major IT investments see Appendix H ? Policy and information on Treasury‘s Internal Watch List -- see Appendix I

    ? A list of references used to create this document see Appendix J

     Treasury IT CPIC Policy Guide 5

Chapter 1 -- Introduction

    PURPOSE

    This Guide outlines the Department of the Treasury‘s Information Technology (IT) Capital Planning

    and Investment Control (CPIC) process as envisioned in the Clinger-Cohen Act of 1996, the Office

    of Management and Budget‘s (OMB) Circular A-130 (Management of Federal Information

    Resources) and other related guidance and regulations.

    The goal of this Guide is to establish and maintain long-range strategic planning and a disciplined

    budget process as the basis for efficient management of Treasury‘s IT Investment Portfolio. The

    processes are designed to promote informed decision making with timely oversight and executive

    review. This will enhance the ability of the Treasury to achieve Bureau missions and performance

    goals with the lowest lifecycle costs and the least risk.

    This Guide describes which activities occur during the Pre-Select, Select, Control, and Evaluate

    Phases, the individual(s) responsible for performing these activities, when the activities are initiated,

    when they need to be completed, procedures to be followed and expected results. It will be

    updated on a periodic basis to reflect ―lessons learned‖ and changes in Treasury, legislative and

    OMB guidelines.

    LEGISLATIVE BACKGROUND AND ASSOCIATED GUIDANCE

    Several statutes focus on improving the mission efficiency and effectiveness of federal agencies by

    streamlining their operational and management practices. These laws include:

    ? The Chief Financial Officers Act of 1990 (CFO)

    ? The Government Performance and Results Act of 1993 (GPRA)

    ? The Federal Acquisition Streamlining Act of 1994 (FASA)

    ? The Paperwork Reduction Act of 1995 (PRA)

    ? The Clinger-Cohen Act of 1996 (CCA)

    ? The Government Paperwork Elimination Act of 1998 (GPEA)

    ? The Federal Information Security Management Act (FISMA)

    ? The E-Government Act of 2002 (P.L. 107-347)

    This Guide is based on the IT aspects of these laws and focuses specifically on the CCA

    requirements which require a structured CPIC process to systemically maximize the benefits of

    IT investments. The CCA specifically states:

    ? ―The Head of each executive agency shall design and implement in the executive

    agency a process for maximizing the value and assessing and managing the risk of the

    information technology acquisitions of the executive agency.‖

    ? ―The process shall:

    1. Provide for the selection of information technology investments to be made by the

    executive agency, the management of such investments, and the evaluation of the

    results of such investments;

    2. Be integrated with the processes for making budget, financial, and program

    management decisions within the executive agency;

    3. Include minimum criteria to be applied in considering whether to undertake a

    particular investment in information systems, criteria related to the quantitatively

    expressed projected net risk adjusted return on investment and specific quantitative

     Treasury IT CPIC Policy Guide 6

    and qualitative criteria for comparing and prioritizing alternative information systems

    investment projects;

    4. Provide for identifying information systems investments that would result in shared

    benefits or costs for other Federal agencies of State or local governments;

    5. Require identification of quantifiable measurements for determining the net benefits

    and risks of a proposed investment; and,

    6. Provide the means for senior management to obtain timely information regarding

    the progress of an investment, including a system of milestones for measuring

    progress, on an independently verifiable basis, in terms of cost, capability of the

    system to meet specified requirements, timeliness, and quality.‖

GOVERNANCE PROCESS

    IT governance provides the framework for decision-making and accountability required to ensure IT

    investments meet the strategic and business objectives of the Department in an efficient and

    effective manner. Two Department-level review boards have been established to provide executive

    oversight to Treasury‘s IT investment planning and management and ensure compliance with the

    guidance from Congress, OMB, and the General Accountability Office (GAO):

    1. Treasury Executive Investment Review Board (E-Board)

    2. Technical Investment Review Board (TIRB)

    Figure 1 illustrates the framework by which the Governance bodies function and manage IT

    investments at the Treasury.

    Figure 1: Governance Framework

     Treasury IT CPIC Policy Guide 7

SCOPE

    It is expected that each Treasury Bureau will have a CPIC process to manage its own IT portfolio.

    The Treasury Office of the Chief Information Officer (OCIO) will only review investments that have

    been selected by the Bureaus through their respective CPIC processes. Bureaus are expected to

    have pre-select and select processes at the Bureau-level where funding requests are examined,

    evaluated and selected through an objective process before submitting IT investment requests

    through the Bureau‘s Chief Financial Officer organization to the Treasury OCIO, the TIRB and

    ultimately to the E-Board. The Bureaus must also have processes in place for managing the

    acquisition phase of funded investments and providing timely reporting for the TIRB and E-Board

    Control reviews. Bureaus are encouraged to conduct periodic portfolio evaluations and develop

    processes to support the TIRB and E-Board reviews.

    All Treasury IT investments must comply with this Guide. The processes described

    represent the overarching framework with which all Bureau processes must comply and

    integrate. Bureau processes must support the overall Treasury process and cannot be

    contradictory to this Guide.

    Periodic TIRB and E-Board reviews will be focused on IT investments that are defined as ―major‖

    strategic investments for the Treasury. The TIRB and E-Board may also choose to periodically

    conduct portfolio level reviews of the non-major IT investments. In addition, the Treasury CPIC

    Team or the TIRB may conduct random audits of selected investments in the non-major IT portfolio.

    The thresholds for an investment to be considered ―major‖ are described in the following section.

    GOVERNANCE AND INVESTMENT PRINCIPLES

In developing Treasury‘s vision for Capital Planning and Investment Control, the following metrics

    will be used to measure the overall health and status of Treasury‘s business cases, and assist in

    our decision-making and governance of Treasury‘s IT investment portfolio:

    1. The 10 Investment Principles (see Table 1: Investment Principles)

    2. Benchmarks for key measurement areas, including:

    a. Enterprise Architecture

    b. Budget Growth

    c. Portfolio Risk

    d. Portfolio Value

    e. Cost and Schedule Health

    f. Strategic Alignment

Applying these metrics to each major IT investment will result in well-developed business cases

    being placed on a ―Model E-300 List‖ and poorly performing investments placed on a ―Watch List.‖ Investments on the Watch List will require corrective action plans.

The table describes each of the Investment Principles in detail. More importantly, it lists a series of

    key questions that need to be asked in order to address each Principle.

     Treasury IT CPIC Policy Guide 8

    Table 1: Investment Principles

Investment Principle Description/Key Questions

     1. Ensure that project clearly supports ? Does the project align to one of Treasury‘s critical Key Bureau and department strategic objectives. Business Objectives (KBO) and strategic goals?

    ? Is the portfolio of Treasury investment s more heavily aligned

    to one KBO?

    ? Does Treasury need to maintain or modify this distribution? 2. Ensure IT assets are secure and comply ? Is the level of investment IT security for each investment and with FISMA requirements. for the portfolio appropriate given the assessment of security

    health and compliance?

    ? What is the increase in IT Security spending? Can this

    increase be justified? Has the investment been through

    Certification & Accreditation (C&A)? What is date of last

    C&A? Does it have a recent Security Plan?

    ? Was it on the OMB ―Watch List‖ last year? 3. Consolidate duplicative initiatives under a ? Are there duplicative systems that support the same sub- lead investment for a line of business. functions? ? What percentage of systems have overlapping functions?

    ? Does Treasury need to maintain or modify this distribution? 4. Evaluate the level of growth in steady-? Given Treasury‘s strategic objectives, what is the state investments. appropriate % investment in the steady state portfolio? ? What is the required level of growth in the steady state

    portfolio to achieve this distribution? 5. Moderate the level of growth in ? Given Treasury‘s strategic objectives, what is the development IT investments. appropriate % investment in the Development portfolio?

    ? What is the required level of growth in the Development

    portfolio to achieve this distribution? 6. Ensure that project risk levels are ? Are all 19 OMB mandatory risk areas addressed? managed, and alternatives are considered ? Do all identified risks have current mitigation plans? for high risk projects. ? Do these investments have viable alternatives? 7. Ensure that IT investments are returning ? Are the Return on Investment (ROI) and benefits calculations value to the taxpayer and the government. complete and supportable?

    ? Is the ROI negative or positive? What is the NPV for the

    project?

    ? Does the project provide a mission-critical function or one

    that is mandated by legislation?

    8. Ensure that current investments are ? Is the cost or schedule variance over or under budget by meeting cost, schedule and performance more than 10%? goals. ? How does the cost estimate from the project compare to the

    summary of spending requested in the budget?

    ? Has the project been re-baselined in the past two years?

    ? Have assets in the planning or acquisition stages completed

    a full EVM analysis? Have assets in the steady state and

    mixed life stages completed an operational review? 9. Validate that investments‘ Project ? What % of investments comply with OMB‘s PM capabilities Managers have requisite skills to manage requirements? projects. ? For those projects that do not comply, are the risks high? Are

    cost and schedule variances within the acceptable range?

    Does this comply with FISMA requirements? 10. Drive infrastructure purchases through ? What enterprise agreements exist for large, shared enterprise agreements. infrastructure investments? Shared services?

    ? What % of the Treasury portfolio is using these agreements?

    For those that are not, has the appropriate

    justification/decision been presented to the TIRB?

     Treasury IT CPIC Policy Guide 9

THRESHOLDS FOR MAJOR IT INVESTMENTS

    Major IT investments are those that meet at least one of the following criteria. Projects that do not

    meet at least one of these criteria are considered ―non-major‖ investments.

     OMB-Specific Criteria (per OMB Circular A-11):

     Requires special management attention because of its importance to the mission or

    function of the agency, a component of the agency or another organization;

     Is for financial management and obligates more than $500,000 annually;

     Has significant program or policy implications;

     Has high executive visibility;

     Has high development, operating, or maintenance costs; or

     Is defined as ―major‖ by the agency‘s capital planning and investment control

    process.

     Treasury-Specific Criteria:

     Total lifecycle costs exceed $50 million;

     Has an annual budget of $5 million or higher; or,

     Significantly impacts more than one Bureau.

    ROLES AND RESPONSIBILITIES

    The following decision-making bodies and personnel have been assigned the responsibilities

    described below.

    E-Board The Treasury Executive Investment Review Board (E-Board) is the governing and

    approval body responsible for ensuring that proposed investments (both IT and non-IT) meet

    Treasury strategic, business, and technical objectives. The E-Board is chaired by Treasury‘s

    Deputy Secretary, co-vice-chaired by the Treasury Chief Information Officer (CIO) and the Assistant

    Secretary for Management (ASM), and staffed by the Bureau Heads. All decisions made by the E-

    Board are final. [The E-Board Charter is located on the Treasury CPIC Resource Center website.

    Go to https://hqapps.treas.gov/CPICResourceCenter/ and click on CPIC Governance.]

    TIRB The Technical Investment Review Board (TIRB) recommends policy for CPIC, shared

    infrastructure, enterprise architecture and security. The TIRB makes recommendations on technical

    and funding matters to the E-Board. It also conducts periodic reviews of the portfolio and key

    investments. It is responsible for evaluating potential and existing major investments for adherence

    to Department and OMB capital planning criteria, and for technical feasibility. It also assesses

    alignment of investments with Treasury Architecture and procurement standards. The TIRB is

    chaired by the Treasury CIO and composed of all Bureau CIOs. [The TIRB Charter is located on

    the Treasury CPIC Resource Center website. Go to https://hqapps.treas.gov/CPICResourceCenter/

    and click on CPIC Governance.]

    IT Governance Sub-Councils These TIRB subordinates provide input on developing Treasury-

    wide standards for CPIC, enterprise architecture and security and act as liaisons between the OCIO

    and the Bureaus to communicate and assist with the implementation of standards and guidelines.

    They also play an active role in providing tool configuration requirements. The CPIC Sub-Council

    supports the TIRB by providing leadership in formulating and implementing CPIC policies and

    programs in the Department, providing a forum for Bureaus to discuss CPIC issues and

    requirements, and making recommendations to the TIRB.

    Treasury CPIC Team The Treasury CPIC Team is comprised of Treasury Chief Information

    Officer personnel and is responsible for investment management oversight of the CPIC process.

    The CPIC Team develops Bureau level IT portfolio expertise and provides input and

     Treasury IT CPIC Policy Guide 10

Report this document

For any questions or suggestions please email
cust-service@docsford.com