Summary

In 2000, GAO published an exposure draft of Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity (ITIM). Built around the select/control/evaluate approach described in the Clinger-Cohen Act of 1996--which establishes statutory requirements for IT management--the framework provides a method for evaluating and assessing how well an agency is selecting and managing its IT resources. The exposure draft reflected current accepted or best practices in IT investment management, as well as the reported experience of federal agencies and other organizations in creating their own investment management processes. This new version updates the exposure draft to take into account comments that GAO has received; GAO's experiences in evaluating several agencies' implementations of investment management processes and the lessons learned by these agencies; and the importance of enterprise architecture (EA) as a critical frame of reference in making IT investment decisions. Using the framework to analyze an agency's IT investment management processes provides: (1) a rigorous, standardized tool for internal and external evaluations of these processes; (2) a consistent and understandable mechanism for reporting the results of assessments; and (3) a road map that agencies can follow in improving their processes.

The ITIM framework is a maturity model composed of five progressive stages of maturity that an agency can achieve in its IT investment management capabilities. These maturity stages are cumulative; that is, in order to attain a higher stage of maturity, the agency must have institutionalized all of the requirements for that stage in addition to those for all of the lower stages. The framework can be used both to assess the maturity of an agency's investment management processes and as a tool for organizational improvement. For each maturity stage, the ITIM describes a set of critical processes that must be in place for the agency to achieve that stage. At the Stage 1 level of maturity, an agency is selecting investments in an unstructured, ad hoc manner. Project outcomes are unpredictable and successes are not repeatable; the agency is creating awareness of the investment process. Stage 2 critical processes lay the foundation for sound IT investment processes by helping the agency to attain successful, predictable, and repeatable investment control processes at the project level. Stage 3 represents a major step forward in maturity, in which the agency moves from project-centric processes to a portfolio approach, evaluating potential investments by how well they support the agency's missions, strategies, and goals. At Stage 4, an agency uses evaluation techniques to improve its IT investment processes and its investment portfolio. It is able to plan and implement the "de-selection" of obsolete, high-risk, or low-value IT investments. The most advanced organizations, operating at Stage 5 maturity, benchmark their IT investment processes relative to other "best-in-class" organizations and look for breakthrough information technologies that will enable them to change and improve their business performance.