Section 4: IT Management
This section describes the management of IT at DOL as performed under
the direction of the Office of the CIO (OCIO). It covers the key operational
process, performance management and improvement systems, human capital
requirements along with risk management. This section is not meant to act as a
substitute for key IT Management documentation (E-Government Plan and
Compliance Reports, Human Capital Strategic Plan, Enterprise Architecture
Transition Strategy, for example). Rather, this section illustrates in brief
detail, how the Department's IT strategy and IT initiatives will be managed,
coordinated, and controlled to achieve the specific IT strategic goals and the
broader Department strategic goals and Agency-level program goals.
4.1 The Management of IT at DOL
IT Program management is composed of a number of key processes and
systems that together ensure effective and timely management of the IT
initiatives within the Department. Its emphasis is on helping Agencies succeed
with their IT initiatives by expert input, regular monitoring, correctional
techniques (if progress is not on track) and quick actions to halt troubled
initiatives (and apply turn-around measures).
Critical cornerstones of IT Program management across the Department
include:
Governance |
The core operational process, by
which IT initiatives are aligned, managed, evaluated, and controlled.
|
Scorecarding
|
The standard DOL system of measuring
progress, success and failure at the IT initiative level and at the Agency IT
Program level. |
Human
Capital |
Strategic alignment of human capital
to DOL's strategic goals while ensuring enhanced training and development in
critical areas. |
Risk
Management |
The identification and management of
risks within the IT arena (internally and externally generated).
|
Forward
Planning |
IT strategies, e-Governance
planning, Agency program goal/IT initiative alignment (discussed in Section
5). |
4.2 IT Management: Governance/Operational Processes
The Department of Labor was one of sixteen Federal Agencies to receive a
green progress rating in the first quarter of 2003 by OMB for DOL's governance
and management of its IT Program. Since then, the Department's performance in
the management of IT has continued to strengthen. The primary ingredients of
the governance framework are policies, plans, measures, processes and people.
The governance structure as pictured in Figure 4 demonstrates the interaction
of the Chief Information Officer, the Management Review Board (composed of
Assistant Secretaries or their equivalents), and the Technical Review Board
(composed of senior IT personnel from each Agency, Bureau and Office). Their
roles are critical to ensuring the success of IT systems for the Department of
Labor. Under each major sub-committee - Enterprise Architecture, Capital
Planning and Investment Control, IT Architecture, IT Security, as well as the
Configuration Control Subcommittee -activities and linkages are defined.
Figure 4: IT Governance Structure
One example from DOL's IT Governance Structure illustrates
the interaction and chain of command with the IT Architecture Subcommittee.
This sub-committee receives input from the Enterprise Architecture
Subcommittee, the TRB and Offices under the CIO, to develop the technical
standards, the change management process guidelines, and maintain baselines and
version control and perform technical reviews.
As the primary operational control process, the governance
structure is critical to the successful implementation of the IT strategy and
to the success of all IT initiatives. It provides a practical set of operating
practices that minimize risks and maximizes positive (appropriately aligned)
outcomes.
4.3 Enterprise Architecture (EA) Management as a
Strategic Tool
Historically, Federal Departments have managed their IT
investments autonomously. There was little incentive for Agencies to partner
with one another in the reuse of IT investments, share IT knowledge, or explore
joint solutions. A collective, government-wide effort, supported by the CIO
Council, utilizing the Federal Enterprise Architecture (FEA), has been
undertaken in an effort to yield significant improvements in the management and
reuse of IT investments, while improving services to citizens, and facilitating
business relationships internally and externally. The FEA is a business-based
framework that provides the Office of Management and Budget and Federal
Agencies a way to monitor, analyze, and control Federal IT investments.
DOL continues to develop its Enterprise Architecture (EA),
describing the current major functions and processes, information and data
requirements, application systems, supporting IT infrastructure, and security.
DOL's framework for implementing its EA is based on Federal and commercial best
practices, and is considered an integral part of the Department's strategic and
capital planning processes. The Department responds to changing technology
conditions by combining its EA process with the capital planning and investment
management process to ensure that necessary funding is available to implement
new technologies for core business functions. Using this enterprise approach,
the Department is able to identify duplicative resources/investments, gaps, and
opportunities for internal and external collaboration resulting in operational
improvements and cost-effective solutions to business requirements.
A key component of the DOL EA framework is security. DOL is
identifying and implementing physical and logical security measures to ensure
the security of its public website, internal network, and electronic
communication channels with institutions it regulates and with examiners
working remotely in the field. Consistent with Federal mandates and its
commitment to service excellence, DOL is continuing to enhance its IT security
and privacy infrastructures.
The EA framework identifies the strategic information
assets that define DOL business processes; the information necessary to operate
these processes; the technologies needed to support business operations; and a
transition process for implementing new technologies in response to the
changing needs of the Department. The EA framework provides a structure for
organizing the products that describe existing and future DOL architectures. It
identifies the documentation products that are the key architectural
definitions created by the systems development life cycle as well as any
retrospective documentation that is required for existing IT architectures. The
framework does not include the actual documentation products; it establishes an
organizing structure, with placeholders for the continued population of the EA.
The creation and population of the EA framework enables DOL
to work in partnership with other Federal Agencies to promote interoperability
and information sharing. The populated framework also provides several benefits
within DOL, including:
- Organization of existing architectural models, life cycle
documentation artifacts, and other information assets within an enterprise-wide
structure.
- Development of retrospective documentation for selected classes of
existing architecture definitions considered essential for effective systems
management.
- Creation of enterprise-level target architecture definitions that
clearly support DOL's mission objectives and strategic business plans.
- Use of enterprise-level target architecture definitions to plan and
guide the acquisition of information technologies.
- Development of transition architectures to guide incremental
implementation planning and effective change management.
- Definition of the specific architectural models and other key life
cycle products that will be produced for each future implementation
segment.
- Development of proven architectural reference models to guide the
design of future automated systems.
As part of the EA framework initiative, DOL will use an appropriate EA
modeling toolset. The EA modeling tool will provide an integrated environment
to develop, deliver, and sustain the work products for EA.
The initial version of the framework was refined to incorporate the
lessons the Department learned by documenting the current IT infrastructure and
the development of the Target Enterprise Architecture. The EA framework
continues to serve as a guidepost in current efforts to restructure the DOL
system development life cycle manual (SDLCM) and related IT procedures. As the
EA framework continues to be used in day-to-day operations, it will continue to
be refined.
With the EA framework in place, DOL is moving to transition to the
target architecture. DOL's EA transition strategy is designed to align with the
principles of its mission and vision. It is structured to maintain the
integrity of citizen-centric and business-centric EA, while using technology to
support and further expand the Department's initiatives. This strategic
approach to transitioning is multi-layered and component based. It is further
designed for maximum impact on the efficiency and ease of use of each product,
service, and/or process (i.e., component) affected by the transition to DOL's
Target Enterprise Architecture.
4.4 Performance Measurement/DOL's Internal Scorecard Systems
The Department places a strong emphasis on measuring and managing the
performance of its IT initiatives against an agreed upon set of standards and
best practice guidelines. Two of the primary strategies that drive the DOL
approach to performance measurement include:
- Focus on outcomes to ensure that IT initiatives directly support
Department strategic goals and Agency program goals.
- Continually measure project performance against plan to ensure that
the project itself is meeting all DOL EA, capital planning, security, and SDLCM
requirements.
The OCIO is responsible for the approval and review of all DOL IT
funding budget submissions based upon criteria identified in the annual
guidance to Agencies. The OCIO also provides recommendations for funding levels
to the Deputy Secretary. The IT Program managers provide guidance to Agencies
regarding the development and measurement of performance in various documents
that include:
- U.S. Department of Labor Governance Framework for IT Investments -
Reference Guide for Capital Planning, Security, and EA (Updated February 10,
2005)
- Capital Planning and Investment Control handbook (CPIC Handbook)
At the heart of the Department's performance measurement activities is
the operation and maintenance of an OMB-consistent internal IT performance
monitoring and evaluation system for all of the IT programs and IT initiatives
within the Department.
The review of individual IT initiatives is performed on a quarterly
basis while the review of mission-critical IT programs (at the Agency-level) is
performed semi-annually at the end of the 2nd and 4th quarters. Both scoring
systems utilize a red, yellow or green scoring method common to OMB with
pre-set quantified and/or discrete targets.
The Quarterly Review Scorecard requires the assessment of five critical
project implementation aspects: mission alignment, architecture compliance,
security compliance, cost-schedule-performance compliance, and viability-risk
analysis. The internal PMA e-Government Scorecard assesses Agencies at the
program level in four areas: mission alignment, architecture compliance,
security compliance, and project management. Green is on track and within
budget. Yellow will require explanation and potentially remedial action. Red
will result in serious action by the TRB and may well result in the suspension
of the initiative by CIO Directive until major modifications have been made for
that initiative to go forward.
The standards for scoring under both systems are published to all
Agencies through the OCIO. The Quarterly Review Scorecard Criteria for IT
initiatives is maintained by the OCIO through a collaborative process with the
Agencies. Reviews or updates to this scorecard's criteria are conducted every
three months. The Internal PMA e-Government Scorecard Criteria for the
Agency-level IT Program reviews are also maintained by the EA Subcommittee and
approved by the TRB. Updates occur every six months in response to new
legislation, Presidential initiatives, OMB circulars, NIST guidance or other
external stimuli.
For illustration purposes, one of the 20 different evaluation criteria
within DOL's e-Government Scorecard Criterion guide is presented in Table 4
below. A copy of the 2005 Internal PMA e-Government Scorecard Criterion is
included in Appendix D.
Internal PMA E-Government
Scorecard Criteria, 2005 |
|
Red: Agency
or Initiative has received a red score in Security, or has failed any of the
following conditions |
Yellow:
Achievement of some core criteria; no red conditions |
Green: Must meet all core criteria; no yellow
conditions |
|
Security Documentation and
Testing Compliance Alignment With Federal And Departmental IT Security
Requirements: Compliance With Documentation And Testing Requirements Under The
Computer Security Act, Privacy Act, FISMA, OMB Security Guidance, DOL Security
Policies; DOL System Development Life-Cycle Manual (SDLCM); DOL Computer
Security Handbook (CSH); NIST Standards And Guidelines |
|
9. Certification and Accreditation:
Percentage of Systems That Are Certified and Accredited
Percentage of systems that are Certified and
Accredited, which is defined by the number of systems with Authority To Operate
(ATO), divided by the number of Major Applications (MAs), General Support
Systems (GSSs), and Local Special Purpose (LSP) systems for the Agency.
|
RED FY04 Baseline = 96.5% FY05
Target = 100%
Not within 10% of FY05 Target
|
YELLOW FY04 Baseline = 96.5%
FY05 Target = 100%
Within 10% of FY05 Target
|
GREEN FY04 Baseline = 96.5%
FY05 Target = 100%
Equal to FY05 Target. |
|
Table 4: Internal PMA E-Government Scorecard Criteria,
2005
In addition to providing written guidance, DOL reinforces
in its training programs the importance of defining and measuring outcomes tied
to DOL and Agency strategies and program goals. DOL supports training programs
in the areas of IT Governance, EA, CPIC, SDLCM, and IT Security.
DOL utilizes six primary processes to measure and ensure
that performance goals are met. These primary processes are described briefly
below.
Project Selection
The OCIO reviews investments to determine the overall
strength of their business case. OMB requires that investments meet criteria in
many areas including performance goals and measures. As part of the procurement
process, OCIO requires that investments have a Project Management Plan (PMP)
and a Work Breakdown Structure (WBS), including EA activities that include the
further development of performance metrics.
Systems Development Life Cycle
To ensure compliance with the legislative intent of
relevant IT investment laws the Department has also developed a Systems
Development Life Cycle Manual (SDLCM) that establishes the procedure for IT
initiative development from conceptualization through its operation and
maintenance phase. DOL also utilizes its e-Government Strategic Plan and Target
EA in order to ensure its IT investments are strategically aligned across the
Department and the Federal government.
Earned Value Management System
Earned Value Management System (EVMS) is a method for
measuring project performance. It indicates how much of the budget should have
been spent, in view of the amount of work done so far, and the baseline cost
for the task, assignment, or resource. EVMS is applicable to all CPIC Level 3
initiatives that are in the Select or Control phases of the CPIC process. EVMS
will also be applicable to Level 3 mixed lifecycle investments when the annual
cost of Development, Modernization, and Enhancement (DME) exceeds $1,000,000.
These exemptions do not preclude inclusion of a project that warrants special
attention because of other factors as delineated in OMB Circular A-11, such as
unusual importance to an agency's mission, high management visibility, or high
risk. DOL measures performance monthly and requires that initiatives operate
within 10% variance of planned cost, schedule, and technical performance.
IT Investment Quarterly Reviews
The OCIO reviews initiatives on a quarterly basis, and the
review schedule depends upon threshold level, viability, risk, and overall
project management. The quarterly control review process analyzes an
investment's development and management to date. The review includes a
comprehensive security review, risk analysis, mission and EA alignment
assessment, WBS review (i.e. cost and schedule), and performance measurement
updates.
EA Completion and Use Plan
DOL uses the Completion and Use Plan to milestone
continuing upgrades in the use of performance measures and metrics as part of
its ongoing EA improvement activities.
Proud-To Be - E-Gov Reviews and OMB EA
Scorecard
The Proud-To-Be Report addresses the PMA, Expanded
Electronic Government, by measuring progress in five key areas: modernization
initiatives, cost/schedule/performance objectives, security performance
measures, efficient participation in Government-wide initiatives and key
departmental milestones. Additionally, as part of OMB's review processes, DOL
reviews its EA program and the EA documentation to ensure, among other items,
that the performance measures and metrics exist and are used throughout the
organization.
4.5 Human Capital and other Resources
DOL's Human Capital strategy must be and is closely aligned
with the mission, goals, and agency programs. Moreover, it must be coordinated
with the Department's IT strategy in such a way to ensure the achievement of
the Department's IT strategic goals and desired program outcomes. DOL's Human
Capital Strategic Plan (2005) presents this alignment and the steps necessary
to achieve Human Capital goals in far greater detail. In IT strategy, human
capital plays a mission-critical role. In order to produce and implement the IT
strategy, human capital performance management requires constant monitoring and
adjustment. Specifically this effort emphasizes:
- Strategic alignment of the human capital plan to DOL's strategic
goals.
- Workforce planning and deployment with a citizen/worker mission
focus.
- Leadership and knowledge management that emphasizes continually
enhanced training, succession planning, and education.
- Critical attention to ensure the best employees are provided
opportunities for greater contribution.
- Continuation of the effort to maximize the hiring and availability
within the Department of high quality technology talent.
- Ensure that there are accountability systems in place that can be
measured and success or failure properly attributed.
- Continue to focus on e-Government initiatives through the hiring
process, HR data analysis, training, and security clearances to maximize the
DOL's staff of technologically literate individuals.
4.6 Risk Management and Critical Success Factors
Technology projects tend to fail because of poor vision, poor planning,
poor staffing, poor management support, and poor support from key stakeholders.
The Office of the CIO has taken steps to mitigate these factors.
There are many risks to an IT strategy's efficacy. Will the strategy
cover future critical aspects? Will it be adopted by future stakeholders? Does
it reflect trends in the marketplace as well as the Department? The Department
answered these questions via the collaborative process employed to develop this
IT Strategic Plan and by the IT strategy itself.
With a functioning and engaged Working Group, many stakeholder buy-in
concerns have been met directly. The Working Group - comprised of
representatives from across the Department - knows and understands the IT
strategy and its implications for future operations.
The blended IT strategy has an inherent flexibility in the way it relies
upon and builds upon existing consensus to achieve universal standards and
apply best practices. Should one aspect of the strategy not perform as well as
others, the emphasis may be shifted to account for this without dislodging the
IT strategy on the whole. The management of risk (potential failure of IT
initiatives and IT strategic goals within the Department) is addressed
principally by the governance structure (Figure 3) and the constant measurement
of progress and performance on each IT initiative (internal scorecards).
Clearly, security is a top priority and is addressed by IT Program
management and overall Department governance activities via the IT Security
subcommittee.
|