>Toward A Federal Enterprise Architecture Board

>

A Federal Enterprise Architecture Board (FEAB) would provide “teeth” to further implementing enterprise architecture across government.

We have a Federal Enterprise Architecture (FEA) that provides a government wide framework for architecture strategy and planning, but we do not have a FEA Board to govern the subsequent IT investments through capital planning and investment control (CPIC). CPIC is the governance process whereby we select, control, and evaluate new IT investments.

Interestingly, The Federal CIO Council’s Architecture Alignment and Assessment Guide (October 2000) specifically calls for complementary EA and CPIC functions (see graphics).

In this paradigm, the enterprise architecture (EA) informs, guides, drives the CPIC, and in turn the decisions from the CPIC governance process updates the EA planning, so that the EA and CPIC processes are seen as mutually supportive.

In the federal government, we have departmental and agency architectures and boards that serve to plan and govern IT investments at their respective levels. However, as we seek to build greater standardization, interoperability, and reuse across government with IT initiatives that cut across traditional government boundaries driven and guided by the Federal CIO and Federal CIO Council, there is a need for a FEAB to review new and major changes to IT investments.

There would be many purposes for the FEAB.

  • Strategic alignment: One would be to ensure strategic alignment not to any single department or agency mission, but rather to the greater federal government strategy and policy. Some examples of this would be data center consolidation, green IT, open government, and more.
  • Streamlining of investments: Additionally, the FEAB would assess IT investments to ensure that there is no overlap or opportunities for consolidation of initiatives. OMB performs some of this function today, but a FEAB would augment their capability with IT subject matter experts from across the government.
  • Other key benefits: Of course, the FEAB would also look at things like return on investment measures, risk mitigation plans, technical compliance to federal architecture standards and mandates (security, privacy, records, FOIA, Section 508, etc.).

The FEAB would not be a substitute for the EA Boards that provide oversight functions at the department and agency levels, but would provide governance for the largest and riskiest IT initiatives and those that cut across different agencies.

While the OMB currently assesses IT investments using Exhibits 300s and 53s, which include EA assessment questions, the FEAB would provide a governance board made up of cross-cutting governmental IT subject matter experts to vet these business cases from an EA perspective thoroughly and provide recommendations to the Federal CIO Council and the OMB on approval or denial. Therefore, and not unimportantly, the stand-up of a FEAB would add an important human factor to the Federal Enterprise Architecture and make it “real.”

Of course, with a portfolio of some 10,000 IT systems, the FEAB would not be able to govern every new Federal IT investment. Therefore, it would be critical to establish thresholds that would be practical for implementation.

I would envision the FEAB being chaired by the Federal Architect and the board being a recommendation body to the Federal CIO Council and the Office of Management and Budget, Executive Office of the President.

Critical initiatives by Federal CIO Vivek Kundra to effectively manage (i.e. CPIC control phase) IT investments through the Federal IT Dashboard and TechStat sessions would be augmented by the FEAB work to carefully recommend for selection (i.e. CPIC select phase) new federal IT investments.

Together, I see the federal select and control mechanisms of CPIC functioning in harmony to enhance governments IT planning, investment decision-making, and execution. Essentially, the FEA (architecture) and FEAB (governance) on the “front-end” will guide new IT investments, and the IT Dashboard and TechStat sessions on the “back-end” will ensure IT investments are properly progressing for the taxpayer based on cost, schedule, and performance measures.

In summary, the Federal Enterprise Architecture Board would be the governance arm of the Federal Enterprise Architecture, and serve as a support to the IT leadership of the Federal CIO, the Federal CIO Council, and the IT budgetary functions performed by the Office of Management and Budget.

>Why EA and CPIC?

>

Note: This is not an endorsement of any vendor or product, but I thought this short video on enterprise architecture planning and capital planning and investment control/portfolio management was pretty good.

>The CIO Support Services Framework Improves IT Operations

>http://www.meritalk.com/include/flow_player/FlowPlayerDark.swf?config=%7Bembedded%3Atrue%2CbaseURL%3A%27http%3A%2F%2Fwww%2Emeritalk%2Ecom%2Finclude%2Fflow%5Fplayer%27%2CvideoFile%3A%27%2E%2F%2E%2E%2F%2E%2E%2F%2E%2Fuploads%5Fvideo%2F1000%2F523%2F108%2Eflv%27%2CinitialScale%3A%27scale%27%2CcontrolBarBackgroundColor%3A%270x01406C%27%2CautoBuffering%3Atrue%2CautoPlay%3Afalse%7D

>How to Strengthen the Office of the CIO – Part II

>

Punlished at Government Technology

[Editor’s Note: This article is the second in a series that explores the CIO Support Services Framework in government.]

In Part 1 of The CIO Support Services Framework, I presented the six major components needed to support the public CIO in managing IT strategically and proactively. In this article, I will explain what IT best practices framework inform these six components and propose a structure for implementing it.

The six CIO Support Services Framework (CSSF) functions are distinct areas that require subject-matter expertise and need to be managed based on the various IT best practice frameworks. While I am not endorsing any particular best practice government or industry framework, below is a sampling according to CSSF functional area:

Enterprise Architecture (EA) — Federal Enterprise Architecture (FEA), Department of Defense Architecture Framework (DoDAF), and The Open Group Architecture Framework (TOGAF).

Capital Planning and Investment Control (CPIC) — Office of Management and Budget (OMB) Circular A-130–“Management of Federal Information Resources” and the Control Objectives for Information and related Technologies (COBIT) by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

Project Management Office (PMO) — the Project Management Book of Knowledge (PMBOK) by the Project Management Institute is the de facto standard project management best practices from initiation through project closeout.

Customer Relationship Management (CRM) — the IT Infrastructure Library (ITIL) by the United Kingdom’s Office of Government Commerce (OGC) and International Standards Organization (ISO) 20000–“IT Service Management.” While both are very much operational frameworks, they can also be used to guide service and support at a strategic level in the OCIO.

IT Security (ITS) — the Federal Information Security Management Act (FISMA), various Federal Information Processing Standards (FIPS) from the National Institute of Science and Technology (NIST), and International Organization for Standardization ISO/IEC 17799 — Information Technology Code of Practice for Information Security Management.

Business Performance Measurement (BPM) — the Balanced Scorecard (BSC) by Kaplan and Norton from Harvard Business School — examines financial, customer, internal business process, and learning and growth measures for the organization.

Although each of the six main functional areas and their supporting best practice frameworks are unique, they can and will overlap, and it is imperative that the OCIO develop a simple and streamlined process for managing these, so that IT and business personnel are not confused or burdened by redundant or circuitous IT processes that hinder, rather than spur innovation and agility. For example, while EA planning guides CPIC IT investment decisions, those decisions inform the next round of EA planning — it is inherently cyclical. Nevertheless, we must ensure that the overall process flow between all six areas is as clear and simple as possible.

I like to use the example of a Monopoly game board as an analogy for how IT processes should ideally progress from “Go” all the way through — logically, and more or less sequentially — without project mishap, ending up on the OMB Watch List for risky IT projects, the equivalent of landing in Monopoly “jail.”

The CSSF provides the functional resources to fully support the OCIO and provide the capability to move from simply fighting day-to-day operational problems to strategically managing IT service provision, improving performance and increasing program and project success, through:

Planning (EA)

Investing (CPIC)

Executing (PMO)

Servicing (CRM)

Securing (ITS)

Measuring (BPM)

Each of these OCIO component functions is helpful in managing IT by providing the CIO the capability to better plan, invest, execute, service, secure and measure — but these are not stand-alone functions — they are all necessary and complementary.

An organization can have the best EA plan, but without the structured investment processes of CPIC, the plan will not drive, guide, influence and shape IT investment decision-making. In fact, I would propose that CPIC is an enforcement mechanism for carrying out the EA plan.

Similarly the organization can have a wonderful CPIC process for making IT investment decisions, but without a PMO to develop and enforce sound PM policies and practices, IT projects will continue to fail miserably. With an effective PMO, we will have more successful project execution, but without CRM to manage customer requirements and service and support issues, we run a very high risk of rolling out IT capabilities that the customer neither wants nor is happy with. Further, CRM will increase customer satisfaction, but without ITS, CIOs will not ensure the security of the information and systems that the users are depending on.

Finally, with ITS, CIOs will provide users for information security, but without BPM, will miss the opportunity to perform structured performance measurement and management, so that the CIO has visibility to how IT is performing in all areas and on an ongoing basis and can take timely corrective action as needed.

Most organizations either don’t do any of these CSSF functions well or they don’t do them all. The six components need to be executed together — the whole being greater than the sum of its parts. Further, I would propose that the six CSSF functions be implemented under the auspices of the CTO of the organization in order to centralize and holistically manage the functions in support of the CIO.

The result is that the CIO is better supported, without being overwhelmed, and the CTO has a clear mandate for strategically implementing the CIO’s vision for the organization.

Of course, one of the biggest challenges to implementing the CSSF is finding and allocating the needed funding to support these OCIO functions. IT operations tend to be underfunded already and stuck in the perpetual firefighting mode. Executives often fearf siphoning the needed money or people away from the short-term firefight to work on long-term strategy and implementation. This is a serious mistake!

Firefighting is a losing battle if you attack only the symptoms, but never address the cause or core strategic issues. Moreover, in the fast-paced technology environment of the 21st century, no IT leader can afford to be looking backward — managing legacy systems that do not leverage modern technologies, techniques and methodologies for information sharing, collaboration and business intelligence.

If you are spending close to 100 percent on IT operations today, is it really unreasonable to allocate 3 to 5 percent of this to strategy, planning and control? Of course, this needs to adjust when IT budgets get extremely large or small and as the complexity of the organization shifts.

As the prior chief enterprise architect of the U.S. Coast Guard and of the United States Secret Service, I have always been a deep proponent of EA and CPIC to drive better IT investment decision-making. However, now as the chief technology officer (CTO) of the Bureau of Alcohol, Tobacco, Firearms and Explosives, I more fully understand how the CSSF functions and interplay are needed for the CIO to perform effectively.

Clearly EA and CPIC are not enough to adequately support the CIO’s needs, and thus, they need to be extended with PMO, CRM, ITS and BPM. Moreover, these areas function best that function together for the reasons I mentioned prior — it’s a clear domino effect, where astute planning, sound governance, skilled project management practices, competent customer service, solid IT security and meaningful performance measurement are all necessary for the CIO to manage IT more strategically and effectively.??This is why I firmly believe that the CIO Support Services Framework is how we are going to have to manage IT to achieve genuine success for the CIO in the 21st century and beyond.

_______________________________________

Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.

>How to Strengthen the Office of the CIO – Part I

>

Published at Government Technology

[Note: This is a two-part article on strengthening the office of the CIO to improve IT operations. Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best practices and implementation.]

Information technology is plagued with what federal CIO Vivek Kundra recently called “magnificent failures.” A recent research survey by theStandish Group identified that more than 80 percent of IT projects were either failing or significantly at risk. Another article described the CIO’s role as a nearly impossible job, trying to manage day-to-day firefighting with limited to no ability to get control and manage strategically.

We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on requirements and fail to deliver on time, within budget and to specifications.

The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects and putting the CIO and other IT leadership back in the driver’s seat, by ensuring that the structural components for success are identified, elevated and resourced appropriately.

The focus of this article is to identify, describe and link the core elements that make up and support an Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the CIO is properly supported, program and project management can be executed with strategic intent and alignment.

It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program management today, such as the Federal Enterprise Architecture (FEA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at architecture planning, ITIL on service support and delivery, PMBOK on project management and so on. What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a bigger picture.

 

Image copyright by Andy Blumenthal

So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his or her strategy must drive technology operations rather than just fighting fires.

In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to make decisions based on gut, intuition, politics and subjective management whim.

Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still like blind people grasping in the dark for answers. This framework corrects the structural defects in today’s IT organization that cause this situation to occur.

The CSSF has six major components:

1. Enterprise Architecture (EA) — for strategic, tactical, and operational planning in the organization. EA includes all perspectives of the organization’s architecture including: performance, business, information (data and geospatial), services or systems), technology, security, and human capital (this last one is currently missing from the Federal Enterprise Architecture).

In EA planning, we develop the current architecture–where we are today in terms of business and technology resources, the target–where we want to be in the future through business process improvement and technology enablement, and the transition plan–how do we get from where we are today to where we want to be in the future.

More mature EA’s provide business, data, and systems models, and identify gaps, redundancies, inefficiencies, and opportunities in the business and IT and recommend business process improvement, reengineering, and new technologies to improve organizational performance.

2. Capital Planning and Investment Control (CPIC) or IT governance — manages the IT investment decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on investment, minimize or mitigate risk and provide for strategic alignment to the business.

CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are followed, such as information sharing and quality, interoperability, component reuse, standardization, simplification, cost-efficiency, and of course security.

3. Project Management Office (PMO) — oversees the effective execution on the IT projects. These projects derive from the EA technical roadmap and transition strategy and from IT investment decisions coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a project to include scope, schedule, cost, quality, project resources, integration, communications, and more, from the initiation of a project through its closeout. Project managers typically develop the work breakdown structures, project schedules, and monitor and manage progress to these.

4. Customer Relationship Management (CRM) or IT service management — for managing service and support to our customer with “one call does it all”. As opposed to customer management within IT operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction, generating and managing customer requirements, supporting business case development, and handling internal business complaints, issues, and coordinating problem resolution with IT operations.

5. IT Security (ITS) — how we conduct IT security policy and planning. This function encompasses how we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an operational IT function. This functional area includes preparing certifications and accreditations, risk assessments, security plans, vulnerability testing, security awareness training, and security policies. IT security ensures the confidentiality, availability, integrity, and privacy of the organizations information.

6. Business Performance Management (BPM) — how we measure and drive performance, so we know whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing, analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform which programs and projects that are on track, challenged and in jeopardy of failure.

Typically BPM provides for a drill-down capability, so high-level “red-yellow-green” program/project indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making course corrections. BPM should provide a feedback mechanism for how the IT function is performing and drive continuous process and performance improvement in the CIO organization.

Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable Office of the Chief Information Officer (OCIO) in the center.

In creating a strong OCIO, the CIO Support Services Framework wisely separates the policy, planning and oversight functions from the IT operations. This is beneficial in two main ways: First, this enables the CIO to strategically and proactively direct IT operations, rather than being in perpetual firefighting and reactive mode. Second, the separation of duties — strategy from operations — creates a healthier organizational dynamic and interplay in IT, where the fox is not left guarding the chicken coop.

Part 2 of this article will explore IT best practice frameworks and implementation of the CIO Support Services Framework.

_____________________________________

Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.

>CIO Support Services Framework

>The CIO Support Service Framework (CSSF) has 5 major components:

  1. Enterprise Architecture–for strategic, tactical, and operational planning
  2. Capital Planning & Investment Control (or IT governance)–for managing the IT investment decision process (i.e. “putting those plans to work”)
  3. Project Management (or a project management office)–to effectively execute on the programs and projects in the transition strategy
  4. Customer Relationship Management (or IT service management)–for managing service and support to our customer (i.e. with a single–belly button; one call does it all)
  5. Business Performance Management–how we measure & drive performance (like with an IT executive dashboard–so we know whether we are hitting the target or not!)

Together these five areas make up a holistic and synergistic set of CIO support functions.

So that we move the mindset of the CIO from fighting day to day operational problems to instead strategically managing IT service provision through:

  • Planning
  • Investing
  • Executing
  • Servicing
  • Measuring

This is how we are going to achieve genuine success for the CIO in the 21st century and beyond.

>Andy Blumenthal Presents How Enterprise Architecture is Transforming Government (June 2009)

>Check out this SlideShare Presentation: