information resources management college national defense university ea development and authority...
TRANSCRIPT
![Page 1: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/1.jpg)
Information Resources Management CollegeNational Defense University
EA Development and Authority
Con Kenney3 August 2010
“A global learning community for government’s most promising information leaders.”
![Page 2: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/2.jpg)
2
Agenda
Useful applications of EA Simple Lifecycle Model To apply EA the agency must align, integrate, and
informate its controls Controls Many IT Investments Don’t Deliver Reducing IT Investment Failure Where to Start? It Depends.
![Page 3: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/3.jpg)
3
Useful applications of EA
Performance of IT Investments (Portfolio ROI) Cost and efficiency of IT infrastructure (TCO) Service-enablement of information systems (Reuse) Business process reengineering (Process cost) Delivery of new offerings (Public value) Reorganization (Clarity of message rated by
employees) Strategy-making and testing (Executive
participation)
![Page 4: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/4.jpg)
4
Simple Lifecycle Model
Vision/Mission
Strategy
Portfolio
ProblemsSolutions
MatchesSponsors
Candidate Solutions
Rating & Ranking Candidate Solutions
Recommended Solutions
Approved Solutions
Budgeted SolutionsImplementation
Operations
Enterprise Architecture, Program Performance and Financial Performance Management
![Page 5: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/5.jpg)
5
To apply EA the agency must align, integrate, and informate its controls
Organizational decisions depend on controls – EA is one of many
To support decisions EA has to be part of the controls EA depends on other controls such as asset inventory or IT
standards and supports other controls such as strategic planning or budgeting
Informated Controls can give decision-makers information about the state and performance of organizational processes and tools for intervening to improve performance
If the controls are inconsistent, the information produced by them will be inconsistent, and the EA will be less useful
The absence of certain controls such as data management may prevent EA from delivering much value at all
![Page 6: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/6.jpg)
6
Enterprise
Mission
Business Management
Federal-wide
IT Controls
Federal-wide Controls
Exhibit 300 Exhibit 53 FISMA PMA GPRA OMB PART OMB circulars OPM rules FAR GAO Audits
![Page 7: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/7.jpg)
7
Enterprise
Mission
Business Management
Federal-wide
IT Controls
Enterprise-wide Controls
Strategic Plan Budget and budget
guidance Acquisition policy Personnel policy Enterprise Architecture Certification and
Accreditation Performance reporting Organizational orders Operational policy e.g.
CM
![Page 8: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/8.jpg)
8
Enterprise
Mission
Business Management
Federal-wide
IT Controls
Mission Controls
Mission-specific policy and orders
Instruction manuals Strategic plan Budget Portfolio Operational QC and QA Hiring and training
practices Job design Technical standards
![Page 9: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/9.jpg)
9
Enterprise
Mission
Business Management
Federal-wide
IT Controls
Business Management Controls
Budget guidance Committing Obligating
Acquisitions guidance Initiating Acquiring Deploying Decommissioning
HR personnel management policies
Physical security
![Page 10: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/10.jpg)
10
Enterprise
Mission
Business Management
Federal-wide
IT Controls
IT Controls
IT standards Solution development
lifecycle methodology Logical security Boundary protection Identity management Encryption Approved devices Network access Service desk Change management Asset inventory
![Page 11: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/11.jpg)
11
Many IT Investments Don’t Deliver
Given the scale of government programs, sometimes large IT investments are unavoidable
According to a long-term study of IT investments by the Standish Group Only one-third of all IT investments deliver the
expected functionality about on time and on budget
Evidence suggests that the probability of a failed IT investment rises with its cost
![Page 12: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/12.jpg)
12
Reducing IT Investment Failure
The processes required to conceive of, architect, choose, fund, implement, and operate IT investments span many organizational disciplines (strategy, finance, solution development, etc)
Looking at these processes together as a system helps us see many disconnects
According to the IT literature, the biggest causes of IT investment failure are a lack of business support, inadequate program management, and misunderstood requirements
![Page 13: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/13.jpg)
13
Key Controls for Portfolio Management (PfM)
Enterprise
Mission
Business
Federal
IT
Exhibit 300Exhibit 53FISMAPMAGPRA
OMB PAROMB circularsOPM rulesFAR
GAO Audits
Strategic PlanBudget and budget guidanceAcquisition policyPersonnel policy
Enterprise ArchitectureCertification and Accreditation
Performance reportingOrganizational ordersOperational policy e.g. CM
Mission-specific policy and ordersInstruction manualsStrategic planBudgetPortfolioOperational QC and QAHiring and training practicesJob designTechnical standards
Budget guidanceCommittingObligating
Acquisitions guidanceInitiatingAcquiringDeployingDecommissioning
HR personnel management policiesPhysical security
IT standards
Solution development lifecycle methodologyLogical securityBoundary protectionIdentity managementEncryptionApproved devicesNetwork accessService desk
Change managementAsset inventory
![Page 14: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/14.jpg)
14
Key Steps to FAA PfM over time
“Getting to Green” in the PMA Scorecard Establishing EA policy in our acquisition system Compiling an inventory of IT assets Chartering investment, architecture, and technology review boards Agreeing to IT standards Modeling portfolio management process Strengthening configuration management policy Developing “investment roadmaps” to document our transition
strategy Establishing portfolio management policy Piloting portfolio management
![Page 15: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/15.jpg)
15
Complex mesh of stakeholders and controls
Step Stakeholders Controls
“Getting to Green” Federal, Enterprise PMA, EA
EA in acquisitions Enterprise, Business, IT Acquisition policy, Acquisitions guidance
IT asset inventory IT Asset inventory
Chartering boards Federal, Enterprise, IT PMA, GAO Audits, EA
Modeling PfM Federal, Enterprise GAO Audits, EA
IT standards IT IT standards
Configuration management policy
Mission, IT Operational policy, Change management
“Investment roadmaps” Enterprise, Mission Strategic plan, Budget
PfM policy Federal, Enterprise GAO Audits, Strategic Plan,
Budget, EA
Piloting PfM Mission Strategic plan, Budget,
Portfolio
![Page 16: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/16.jpg)
16
Where to Start? It depends.
Current state of the organization Stable vs. in flux Happy vs. unhappy stakeholders Well-funded vs. subsistence
Strategic challenges facing the organization More of the same vs. transformation Stakeholder support vs. opposition
Concerns of authorizing agencies OMB passback GAO audits IG reports
Strengths of the IT leaders Skills Relationships with key internal and external partners Understanding of the agency’s mission and processes
![Page 17: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/17.jpg)
17
Backup
![Page 18: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/18.jpg)
18
Overview of Changes to Controls over time
Exhibit 300Exhibit 53FISMAPMAGPRAOMB PARTOMB circularsOPM rulesFARGAO Audits
Strategic PlanBudget and budget
guidanceAcquisition policyPersonnel policyEnterprise ArchitectureCertification and
AccreditationPerformance reportingOrganizational ordersOperational policy eg. CM
Mission-specific policy and orders
Instruction manualsStrategic planBudgetPortfolioOperational QC and QAHiring and training practicesJob designTechnical standards
Budget guidance
Committing
Obligating
Acquisitions guidance
Initiating
Acquiring
Deploying
Decommissioning
HR personnel management policies
Physical security
IT standardsSolution development
lifecycle methodology
Logical securityBoundary protectionIdentity managementEncryptionApproved devicesNetwork accessService deskChange managementAsset inventory
Key
Pre-2003 xxxxxxx
2003-5 xxxxxxx
2006-8 xxxxxxx
2009-11 xxxxxxx
![Page 19: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/19.jpg)
19
Key Controls for Cost and efficiency of IT infrastructure
Enterprise
Mission
Business
Federal
IT
Exhibit 300Exhibit 53FISMAPMAGPRAOMB PAROMB circularsOPM rulesFARGAO Audits
Strategic Plan
Budget and budget guidanceAcquisition policyPersonnel policyEnterprise ArchitectureCertification and AccreditationPerformance reportingOrganizational orders
Operational policy e.g. CMMission-specific policy and ordersInstruction manualsStrategic plan
BudgetPortfolioOperational QC and QAHiring and training practicesJob design
Technical standards
Budget guidanceCommittingObligating
Acquisitions guidanceInitiatingAcquiringDeployingDecommissioning
HR personnel management policiesPhysical security
IT standardsSolution development lifecycle methodologyLogical securityBoundary protectionIdentity managementEncryption
Approved devicesNetwork accessService deskChange managementAsset inventory
![Page 20: Information Resources Management College National Defense University EA Development and Authority Con Kenney 3 August 2010 “A global learning community](https://reader030.vdocuments.us/reader030/viewer/2022032605/56649e7c5503460f94b7d865/html5/thumbnails/20.jpg)
20
Mechanism/
Benefit
EA Govern-
ance
Standards Method-
ology
Tools Asset
Disco-very
Asset Lifecycle
IT Strategy Pro Forma IT Budget
Search Cost Mod Mod Mod Mod High High High High High
Compliance Cost
Low Mod Mod Mod High High High High High
Non-compliance cost
Low Low Mod Mod High High High High High
Unnecessary & redundant investment
Mod Mod Mod High High High High High High
Lifecycle reuse
Low Low Low Mod High High High High High
IT Optimization
Low Low Low Low Mod Mod High High High
Cumulative Benefits of Controls