CITRB Expectations

February 8, 2007

Commerce IT Review Board
Expectations

The Commerce Information Technology Review Board (CITRB) serves as the Department of Commerce’s authority to select, control, and evaluate information technology capital investments.

Four circumstances require an operating unit to come before the CITRB:

• Budget request for new funds either for an existing investment or a new investment – presentation in May/June as part of Department budget formulation process. These investments are reviewed because they merit special attention due to their sensitivity, mission criticality, or risk potential or are Department-wide systems; systems where resources are shared between operating units and/or the Department; or systems with life cycle costs over $25 million. The Commerce Chief Information Officer (CIO), acting on evaluations from the Board, provides recommendations to Secretary and Deputy Secretary through the Office of Budget.

• Request for a delegation of procurement authority (DPA) – anytime during the calendar year based on the operating unit’s need. A DPA is the CIO’s permission for entering into a contract. A DPA is needed for all investments over $10 million and selectively below $10 million. The Commerce CIO, acting on recommendations from the Board, makes a decision on whether to grant the requested DPA.

• System or Control Review – the CITRB will periodically request a status review of the Department’s ongoing investments meeting the definition in bullet 1. This will generally occur at least once every three years. The Commerce CIO, acting on evaluations from the Board, recommends the continuation or termination of investments under development at key milestones or when the investments fail to meet performance, cost, or schedule criteria.

• Post implementation Review (PIR) – upon completion of an investment or a key phase of an investment. The CITRB will request a PIR to identify lessons learned that can be applied to other investments. PIRs will often be combined with System Reviews, particularly for investments under development after completion of a key phase of the investment.

Operating Unit Responsibilities:

• Provide briefing slides, project manager and contracting officer resumes, and an Exhibit 300 Capital Asset Plan and Business Case, and if a DPA is - Under IT security, provide a presentation slide showing the dates of the security plan and certification and accreditation for each inventory system number associated with the investment.


• Focus on the information technology to be employed in the proposed investment.


• Make the case that the proposed use of IT dollars is aligned with strategic plans, supports mission requirements, complies with architecture goals, minimizes investment risk, and demonstrates a positive return on the investment. Specifically in the presentation, address the criteria. These are the criteria the Board will use to rate and rank the investment. Each criterion as well as the individual subcriteria must be addressed in the presentation. Also, operating unit presenters must include other important elements.

o Several slides should state the purpose of the presentation, provide sufficient context so that the Board will readily understand what technologies the investment uses, and the programmatic purpose of the investment.


o If action items were generated by the Board in previous presentations of the investment to the Board, then discuss how they have been addressed.


o Provide a crosswalk from the financial summary information in the Exhibit 300 to budget submission lines.


o Explicitly address how the investment supports the principles of e-government, making processes and interactions with the public and other stakeholders more useful and efficient.


o Address the acquisition strategy for the investment to include contract scope, length, and use of options. Identify type of competition, evaluation criteria, and small business participation. Describe what performance-based contacting methods will be employed, e.g., performance metrics, award fee, and incentives,


o Include slides depicting the last year of earned value management (EVM) data for development projects and/or a summary of the operational analysis for steady state projects. A graphical depiction of the EVM data may be most helpful. For the operational analyses, address the four key criteria: customer results, strategic and business results, financial performance, and innovation.


o Under IT security, provide a presentation slide showing the dates of the security plan and certification and accreditation for each inventory system number associated with the investment. Explain how IT security is managed for the investment. Discuss the IT security funds available to the investment. List any identified plans of actions and milestones (POA&Ms) associated with the investment.


o Under IT architecture, provide slides that explain how the investment aligns with the operating unit’s and the DOC enterprise architectures, including how the investment fits within the portfolio of investments. A graphical depiction may be most helpful. Explain how redundancies are being eliminated, if applicable. Identify new technologies.


o Generally avoid acronyms; however, if used, include an appendix to the presentation.


o As a general rule, the presentation should consist of no more than 25 slides.

• Depending on the investment’s maturity, different factors require particular attention:

o For an investment in the planning stage, highlight mission benefits, alternatives, and risks including how you will mitigate them. Account for the full life cycle. Identify a target outcome and show how this investment would measurably advance the operating unit’s critical mission goals. Demonstrate how the proposed IT investment supports work processes that have been simplified or redesigned to reduce costs and improve effectiveness. Identify the project and acquisition management strategies to find the right people with the right skills, implement performance-based contracts, encourage maximum use of commercial-off-the-shelf software, take a modular approach to system design and development, and ensure that security is built into the design of the system.


o For investments under development, assess progress against the baseline schedule, budget, and functional criteria. Describe the role of the earned value management system used in managing the IT investment. For DPAs, include EVM for the steady state part of the investment if it exists. Address the role of IT security procedures and funds allocated to security. If this investment replaces a legacy system, discuss the transition plan. Address any former Board findings, corrective actions, and recommendations.


o Following investment implementation, assess lessons learned. How and why did actual cost, schedule, risks and their mitigation, and performance differ from what was planned? Address full life cycle operations and maintenance including plans for replacement of key personnel, periodic technology refreshment, and eventual system retirement.

CITRB Roles:

• Review materials submitted by the operating unit. Pose questions to seek clarification on the overall merits of the proposed investment and the risk particular to the investment. Determine whether or not the project represents a good investment decision.

• Provide evaluations and rationale to the Commerce CIO. Provide a rationale for each score that is entered on the evaluation sheet. The Board may stipulate caveats to accompany an authority to proceed.

• Participate in an executive session after operating unit presentations to identify salient issues and concerns among Board members. Review action items from previous meetings as required.

• The CIO will formally notify the operating unit CIO of the Board’s decision. In most cases a memorandum will be employed to issue a DPA, recommend budget approval, or allow the investment to proceed as appropriate to the individual circumstance. The memorandum may include contingencies or required action items.

• See the CITRB charter for more detail.

Office of the Chief Information Officer (OCIO) Staff Roles:

• OCIO staff will assemble a team and conduct a technical review to analyze all investments prior to the investment’s presentation before the Board. The Technical Review Team will be chaired by the OCIO with membership from the Office of Budget, Office of Acquisition Management and Financial Assistance, and other Office of the Secretary organizations as required. Operating unit representation may be requested by the Team.

The Technical Review Team findings will be sent to the Board members one week prior to the date of the OU’s presentation to the CITRB to highlight key issues concerning the investment for the Board members.