Level

Focus

Characteristics

0

No IT Planning Program

The organization does not have an IT planning system.

1

Initial - Informal IT Planning Program

The organization has an informal IT planning process characterized by ad hoc plans and documentation. Senior management participates little in the IT planning process. There is some linkage to the budget process but little to the Government Performance and Results Act (GPRA), Government Paperwork Elimination Act (GPEA), E-Government Act (E-Gov), DOC and Federal Enterprise Architecture (FEA), IT security, Information Quality Act (IQA), and other Federal IT mandates. Milestones are used in place of performance goals.

2

IT Planning Program is Under Development

The organization develops a Strategic IT Plan (SITP) and an Operational IT Plan (OITP) and has informal IT investment review processes and ad hoc selection criteria. Senior management is involved in selected planning activities. IT goals are developed but are incomplete and not aligned with organization goals. Performance measurements are established for some IT systems but not used for management and reporting. Linkage is established between IT and budget; there is some linkage to GPRA, GPEA, E-Gov, DOC and FEA, IT security, IQA, and other Federal IT mandates. IT investment portfolios are established but incomplete.

3

Defined IT Planning Program

The SITP is current and completely addresses Departmental guidance, aligns with the goals of the organization, and has linkage to GPRA, GPEA, E-Gov, DOC and FEA, IT security, IQA, the budget, and other Federal IT mandates. Major systems are fully described and documented. Senior managers participate in a documented IT investment review process with standard criteria for the selection, control, and evaluation of IT investments. IT performance measurements have been established and are consistent with GPRA plans and the FEA=s Performance Reference Model; progress is tracked against them. The OITP is submitted annually and documents the current year=s activities.

4

Managed IT Planning Program

Senior management recognizes the importance of the contribution of IT to the organization. The IT plans and investment reviews are used actively to conduct business. Organizational personnel understand the plans and work toward meeting plan goals.

5

Optimizing B Continuous Improvement of the IT Planning Program

The organization conducts reviews of the planning process, develops metrics of the process, and implements improvements. The organization has a written policy for process improvement and allocates adequate resources for improvement activities.

Characteristics

Level 0:
No Plans

Level 1:
Initial

Level 2: Under Development

Level 3:
Defined

Level 4:
Managed

Level 5:
Optimizing

Strategic IT Plan (SITP)

No SITP.

Ad hoc SITP exists.

SITP is not current or complete.

SITP is current to within one year and complete.

SITP adheres to Departmental guidance.

SITP is used to guide IT and core business activities.

The SITP and its development process are continuously reviewed and improved.

Linkage

No linkage among planning processes.

There is some linkage between the IT planning process and the budget process but little to GPRA, GPEA, E-Gov, DOC and FEA, IT security, IQA, and other Federal IT mandates.

Linkage is established between IT and budget and there is some linkage to GPRA, GPEA, E-Gov, DOC and FEA, IT security, IQA, and other Federal IT mandates.

IT plans are linked to GPRA, GPEA, E-Gov, DOC and FEA, IT security, IQA, and other Federal IT mandates.

All plans are consistent and integrated and are used to guide IT and core business activities.

The linkage among all plans is continuously reviewed and improved.

Strategic IT Goals

No goals.

Some IT goals established.

IT goals are established but not aligned with core business goals.

IT goals directly align with core business goals.

Goals are used to guide IT and core business activities.

Goals are continuously reviewed and revised.

Performance Measurements

No performance measures.

Milestones have been established for some IT systems.

Performance measurements are established for some IT systems but are not used for management and reporting.

IT performance measurements have been established and are consistent with GPRA plans and the FEA Performance Reference Model; progress is tracked against them.

Goal success is managed through the use of performance measures.

The performance measurement process is continuously reviewed and improved.

Major Systems

No descriptions of major systems.

The SITP provides incomplete descriptions of major budget initiatives and major systems.

The SITP provides descriptions of major budget initiatives and major systems. No alignment with core business goals. Business case for each major system is documented in OMB A-11, Exhibit 300 format.

The SITP provides a high-level description of major budget year initiatives for review by the CITRB during budget review cycle. Business case for each major system is documented in OMB A-11, Exhibit 300 format.

The organization uses the system plans to manage its IT investments.

Major systems documentation and costs are continuously reviewed and updated.

IT Portfolios

No IT portfolio.

The organization has a partial list of systems and associated costs.

The organization has an IT portfolio but it is not complete or is aggregated at a very high level.

The organization has an established IT portfolio as required by OMB A-11, Exhibit 53. The portfolio is complete and accurate.

The organization uses the IT portfolio to manage its technology investments.

The portfolio and the process for developing the portfolio are continuously reviewed and improved.

Operational IT Plan (OITP)

No OITP.

The organization has ad hoc operational IT plans.

The OITP is prepared but is incomplete. It aligns only partially with the SITP.

The OITP is prepared annually at the beginning of the fiscal year. It aligns fully with the SITP and documents all systems. It is informative and includes the information required by OMB A-11, Exhibit 300.

The organization uses the OITP to conduct current year activities.

The OITP and its development process are continuously reviewed and improved.

IT Investment Review Process

No IT investment review process.

The organization has ad hoc plans and documentation.

The organization has an informal investment review process with ad hoc selection criteria.

Senior managers participate in a formal, documented investment review process for selection, control, and evaluation of IT investments.

The organization effectively uses the investment review process to guide IT investment decisions..

The IT investment review process is continuously reviewed and improved.

IT Investment Selection

No selection criteria.

The organization ranks IT investments solely by mission priority.

The organization has ad hoc selection criteria.

The organization uses standard selection criteria to rank and score IT investments

The organization uses the selection criteria effectively to select the best investments.

The selection criteria are continuously reviewed and improved.

IT Investment Control and Evaluation

No IT investment control and evaluation process. Problem IT systems are not identified.

Problem IT systems are identified only when oversight organizations review systems.

Problem IT systems are acknowledged but systematic corrective actions are not taken.

IT systems are regularly reviewed in a structured control and evaluation process. Systems that are significantly behind schedule, over budget, and/or not delivering expected benefits are identified. Corrective measures are implemented.

IT systems are managed so that they are on schedule, within budget, and deliver expected benefits.

IT systems management processes are continuously reviewed and improved.

Senior Management Involvement

No involvement of senior management in the IT planning process and investment review process.

Senior managers are aware of IT planning but have little direct involvement.

Senior managers are involved in selected IT planning activities, often associated only with budget justifications.

Senior managers are directly involved in the preparation of the SITP and review of IT investments.

Senior management uses the IT planning and investment review process to conduct business.

Senior management is continuously involved in improving the IT planning and investment review process

Stakeholder Involvement

No stakeholder involvement in IT planning and investment review.

Stakeholder needs are considered in selected planning activities.

Stakeholder needs are considered in budget justifications but only selected other planning activities.

Stakeholder needs are considered in all phases of IT planning and investment review.

Stakeholder needs drive business decisions.

The integration of stakeholder needs in the planning and investment review process is continuously reviewed and improved.

IT Security

No IT security considerations in IT planning.

IT security considerations are ad hoc and applied inconsistently in IT plans.

IT security considerations are addressed in SITPs and OITPs but are not fully integrated in the planning and investment review processes.

SITPs and OITPs reflect comprehensive strategies for IT security, including critical infrastructure protection. IT security considerations are integral to the planning and investment review processes.

Management ensures that IT security considerations are fully implemented in IT systems.

The integration of security in IT planning and investment review processes is continuously reviewed and improved.

IT Architecture

IT planning and investment review are not conducted within the context of an IT architecture.

IT plans and investment reviews are conducted within the context of an ad hoc IT architecture.

IT planning and investment review are conducted with IT architecture in mind but the IT architecture plans are incomplete.

IT planning and investment review are conducted within the context of a fully defined IT architecture that is consistent with the DOC and FEA.

IT plans and investments are managed within the context of the IT architecture that is consistent with the DOC and FEA.

The integration of IT planning, investment review, and IT architecture development is continuously reviewed and improved.