IT Management

Section 4: IT Management

This section describes the management of IT at DOL as performed under the direction of the Office of the CIO (OCIO). It covers the key operational process, performance management and improvement systems, human capital requirements along with risk management. This section is not meant to act as a substitute for key IT Management documentation (E-Government Plan and Compliance Reports, Human Capital Strategic Plan, Enterprise Architecture Transition Strategy, for example). Rather, this section illustrates in brief detail, how the Department's IT strategy and IT initiatives will be managed, coordinated, and controlled to achieve the specific IT strategic goals and the broader Department strategic goals and Agency-level program goals.

4.1 The Management of IT at DOL

IT Program management is composed of a number of key processes and systems that together ensure effective and timely management of the IT initiatives within the Department. Its emphasis is on helping Agencies succeed with their IT initiatives by expert input, regular monitoring, correctional techniques (if progress is not on track) and quick actions to halt troubled initiatives (and apply turn-around measures).

Critical cornerstones of IT Program management across the Department include:

Governance	The core operational process, by which IT initiatives are aligned, managed, evaluated, and controlled.
Scorecarding	The standard DOL system of measuring progress, success and failure at the IT initiative level and at the Agency IT Program level.
Human Capital	Strategic alignment of human capital to DOL's strategic goals while ensuring enhanced training and development in critical areas.
Risk Management	The identification and management of risks within the IT arena (internally and externally generated).
Forward Planning	IT strategies, e-Governance planning, Agency program goal/IT initiative alignment (discussed in Section 5).

4.2 IT Management: Governance/Operational Processes

The Department of Labor was one of sixteen Federal Agencies to receive a green progress rating in the first quarter of 2003 by OMB for DOL's governance and management of its IT Program. Since then, the Department's performance in the management of IT has continued to strengthen. The primary ingredients of the governance framework are policies, plans, measures, processes and people. The governance structure as pictured in Figure 4 demonstrates the interaction of the Chief Information Officer, the Management Review Board (composed of Assistant Secretaries or their equivalents), and the Technical Review Board (composed of senior IT personnel from each Agency, Bureau and Office). Their roles are critical to ensuring the success of IT systems for the Department of Labor. Under each major sub-committee - Enterprise Architecture, Capital Planning and Investment Control, IT Architecture, IT Security, as well as the Configuration Control Subcommittee -activities and linkages are defined.

Figure 4: IT Governance Structure

One example from DOL's IT Governance Structure illustrates the interaction and chain of command with the IT Architecture Subcommittee. This sub-committee receives input from the Enterprise Architecture Subcommittee, the TRB and Offices under the CIO, to develop the technical standards, the change management process guidelines, and maintain baselines and version control and perform technical reviews.

As the primary operational control process, the governance structure is critical to the successful implementation of the IT strategy and to the success of all IT initiatives. It provides a practical set of operating practices that minimize risks and maximizes positive (appropriately aligned) outcomes.

4.3 Enterprise Architecture (EA) Management as a Strategic Tool

Historically, Federal Departments have managed their IT investments autonomously. There was little incentive for Agencies to partner with one another in the reuse of IT investments, share IT knowledge, or explore joint solutions. A collective, government-wide effort, supported by the CIO Council, utilizing the Federal Enterprise Architecture (FEA), has been undertaken in an effort to yield significant improvements in the management and reuse of IT investments, while improving services to citizens, and facilitating business relationships internally and externally. The FEA is a business-based framework that provides the Office of Management and Budget and Federal Agencies a way to monitor, analyze, and control Federal IT investments.

DOL continues to develop its Enterprise Architecture (EA), describing the current major functions and processes, information and data requirements, application systems, supporting IT infrastructure, and security. DOL's framework for implementing its EA is based on Federal and commercial best practices, and is considered an integral part of the Department's strategic and capital planning processes. The Department responds to changing technology conditions by combining its EA process with the capital planning and investment management process to ensure that necessary funding is available to implement new technologies for core business functions. Using this enterprise approach, the Department is able to identify duplicative resources/investments, gaps, and opportunities for internal and external collaboration resulting in operational improvements and cost-effective solutions to business requirements.

A key component of the DOL EA framework is security. DOL is identifying and implementing physical and logical security measures to ensure the security of its public website, internal network, and electronic communication channels with institutions it regulates and with examiners working remotely in the field. Consistent with Federal mandates and its commitment to service excellence, DOL is continuing to enhance its IT security and privacy infrastructures.

The EA framework identifies the strategic information assets that define DOL business processes; the information necessary to operate these processes; the technologies needed to support business operations; and a transition process for implementing new technologies in response to the changing needs of the Department. The EA framework provides a structure for organizing the products that describe existing and future DOL architectures. It identifies the documentation products that are the key architectural definitions created by the systems development life cycle as well as any retrospective documentation that is required for existing IT architectures. The framework does not include the actual documentation products; it establishes an organizing structure, with placeholders for the continued population of the EA.

The creation and population of the EA framework enables DOL to work in partnership with other Federal Agencies to promote interoperability and information sharing. The populated framework also provides several benefits within DOL, including:

Organization of existing architectural models, life cycle documentation artifacts, and other information assets within an enterprise-wide structure.
Development of retrospective documentation for selected classes of existing architecture definitions considered essential for effective systems management.
Creation of enterprise-level target architecture definitions that clearly support DOL's mission objectives and strategic business plans.
Use of enterprise-level target architecture definitions to plan and guide the acquisition of information technologies.
Development of transition architectures to guide incremental implementation planning and effective change management.
Definition of the specific architectural models and other key life cycle products that will be produced for each future implementation segment.
Development of proven architectural reference models to guide the design of future automated systems.

As part of the EA framework initiative, DOL will use an appropriate EA modeling toolset. The EA modeling tool will provide an integrated environment to develop, deliver, and sustain the work products for EA.

The initial version of the framework was refined to incorporate the lessons the Department learned by documenting the current IT infrastructure and the development of the Target Enterprise Architecture. The EA framework continues to serve as a guidepost in current efforts to restructure the DOL system development life cycle manual (SDLCM) and related IT procedures. As the EA framework continues to be used in day-to-day operations, it will continue to be refined.

With the EA framework in place, DOL is moving to transition to the target architecture. DOL's EA transition strategy is designed to align with the principles of its mission and vision. It is structured to maintain the integrity of citizen-centric and business-centric EA, while using technology to support and further expand the Department's initiatives. This strategic approach to transitioning is multi-layered and component based. It is further designed for maximum impact on the efficiency and ease of use of each product, service, and/or process (i.e., component) affected by the transition to DOL's Target Enterprise Architecture.

4.4 Performance Measurement/DOL's Internal Scorecard Systems

The Department places a strong emphasis on measuring and managing the performance of its IT initiatives against an agreed upon set of standards and best practice guidelines. Two of the primary strategies that drive the DOL approach to performance measurement include:

Focus on outcomes to ensure that IT initiatives directly support Department strategic goals and Agency program goals.
Continually measure project performance against plan to ensure that the project itself is meeting all DOL EA, capital planning, security, and SDLCM requirements.

The OCIO is responsible for the approval and review of all DOL IT funding budget submissions based upon criteria identified in the annual guidance to Agencies. The OCIO also provides recommendations for funding levels to the Deputy Secretary. The IT Program managers provide guidance to Agencies regarding the development and measurement of performance in various documents that include:

U.S. Department of Labor Governance Framework for IT Investments - Reference Guide for Capital Planning, Security, and EA (Updated February 10, 2005)
Capital Planning and Investment Control handbook (CPIC Handbook)

At the heart of the Department's performance measurement activities is the operation and maintenance of an OMB-consistent internal IT performance monitoring and evaluation system for all of the IT programs and IT initiatives within the Department.

The review of individual IT initiatives is performed on a quarterly basis while the review of mission-critical IT programs (at the Agency-level) is performed semi-annually at the end of the 2nd and 4th quarters. Both scoring systems utilize a red, yellow or green scoring method common to OMB with pre-set quantified and/or discrete targets.

The Quarterly Review Scorecard requires the assessment of five critical project implementation aspects: mission alignment, architecture compliance, security compliance, cost-schedule-performance compliance, and viability-risk analysis. The internal PMA e-Government Scorecard assesses Agencies at the program level in four areas: mission alignment, architecture compliance, security compliance, and project management. Green is on track and within budget. Yellow will require explanation and potentially remedial action. Red will result in serious action by the TRB and may well result in the suspension of the initiative by CIO Directive until major modifications have been made for that initiative to go forward.

The standards for scoring under both systems are published to all Agencies through the OCIO. The Quarterly Review Scorecard Criteria for IT initiatives is maintained by the OCIO through a collaborative process with the Agencies. Reviews or updates to this scorecard's criteria are conducted every three months. The Internal PMA e-Government Scorecard Criteria for the Agency-level IT Program reviews are also maintained by the EA Subcommittee and approved by the TRB. Updates occur every six months in response to new legislation, Presidential initiatives, OMB circulars, NIST guidance or other external stimuli.

For illustration purposes, one of the 20 different evaluation criteria within DOL's e-Government Scorecard Criterion guide is presented in Table 4 below. A copy of the 2005 Internal PMA e-Government Scorecard Criterion is included in Appendix D.

Internal PMA E-Government Scorecard Criteria, 2005

Red: Agency or Initiative has received a red score in Security, or has failed any of the following conditions

Yellow: Achievement of some core criteria; no red conditions

Green: Must meet all core criteria; no yellow conditions

Security Documentation and Testing Compliance
Alignment With Federal And Departmental IT Security Requirements: Compliance With Documentation And Testing Requirements Under The Computer Security Act, Privacy Act, FISMA, OMB Security Guidance, DOL Security Policies; DOL System Development Life-Cycle Manual (SDLCM); DOL Computer Security Handbook (CSH); NIST Standards And Guidelines

9. Certification and Accreditation:
Percentage of Systems That Are Certified and Accredited

Percentage of systems that are Certified and Accredited, which is defined by the number of systems with Authority To Operate (ATO), divided by the number of Major Applications (MAs), General Support Systems (GSSs), and Local Special Purpose (LSP) systems for the Agency.

RED
FY04 Baseline = 96.5%
FY05 Target = 100%

Not within 10% of FY05 Target

YELLOW
FY04 Baseline = 96.5%
FY05 Target = 100%

Within 10% of FY05 Target

GREEN
FY04 Baseline = 96.5%
FY05 Target = 100%

Equal to FY05 Target.

Table 4: Internal PMA E-Government Scorecard Criteria, 2005

In addition to providing written guidance, DOL reinforces in its training programs the importance of defining and measuring outcomes tied to DOL and Agency strategies and program goals. DOL supports training programs in the areas of IT Governance, EA, CPIC, SDLCM, and IT Security.

DOL utilizes six primary processes to measure and ensure that performance goals are met. These primary processes are described briefly below.

Project Selection

The OCIO reviews investments to determine the overall strength of their business case. OMB requires that investments meet criteria in many areas including performance goals and measures. As part of the procurement process, OCIO requires that investments have a Project Management Plan (PMP) and a Work Breakdown Structure (WBS), including EA activities that include the further development of performance metrics.

Systems Development Life Cycle

To ensure compliance with the legislative intent of relevant IT investment laws the Department has also developed a Systems Development Life Cycle Manual (SDLCM) that establishes the procedure for IT initiative development from conceptualization through its operation and maintenance phase. DOL also utilizes its e-Government Strategic Plan and Target EA in order to ensure its IT investments are strategically aligned across the Department and the Federal government.

Earned Value Management System

Earned Value Management System (EVMS) is a method for measuring project performance. It indicates how much of the budget should have been spent, in view of the amount of work done so far, and the baseline cost for the task, assignment, or resource. EVMS is applicable to all CPIC Level 3 initiatives that are in the Select or Control phases of the CPIC process. EVMS will also be applicable to Level 3 mixed lifecycle investments when the annual cost of Development, Modernization, and Enhancement (DME) exceeds $1,000,000. These exemptions do not preclude inclusion of a project that warrants special attention because of other factors as delineated in OMB Circular A-11, such as unusual importance to an agency's mission, high management visibility, or high risk. DOL measures performance monthly and requires that initiatives operate within 10% variance of planned cost, schedule, and technical performance.

IT Investment Quarterly Reviews

The OCIO reviews initiatives on a quarterly basis, and the review schedule depends upon threshold level, viability, risk, and overall project management. The quarterly control review process analyzes an investment's development and management to date. The review includes a comprehensive security review, risk analysis, mission and EA alignment assessment, WBS review (i.e. cost and schedule), and performance measurement updates.

EA Completion and Use Plan

DOL uses the Completion and Use Plan to milestone continuing upgrades in the use of performance measures and metrics as part of its ongoing EA improvement activities.

Proud-To Be - E-Gov Reviews and OMB EA Scorecard

The Proud-To-Be Report addresses the PMA, Expanded Electronic Government, by measuring progress in five key areas: modernization initiatives, cost/schedule/performance objectives, security performance measures, efficient participation in Government-wide initiatives and key departmental milestones. Additionally, as part of OMB's review processes, DOL reviews its EA program and the EA documentation to ensure, among other items, that the performance measures and metrics exist and are used throughout the organization.

4.5 Human Capital and other Resources

DOL's Human Capital strategy must be and is closely aligned with the mission, goals, and agency programs. Moreover, it must be coordinated with the Department's IT strategy in such a way to ensure the achievement of the Department's IT strategic goals and desired program outcomes. DOL's Human Capital Strategic Plan (2005) presents this alignment and the steps necessary to achieve Human Capital goals in far greater detail. In IT strategy, human capital plays a mission-critical role. In order to produce and implement the IT strategy, human capital performance management requires constant monitoring and adjustment.
Specifically this effort emphasizes:

Strategic alignment of the human capital plan to DOL's strategic goals.
Workforce planning and deployment with a citizen/worker mission focus.
Leadership and knowledge management that emphasizes continually enhanced training, succession planning, and education.
Critical attention to ensure the best employees are provided opportunities for greater contribution.
Continuation of the effort to maximize the hiring and availability within the Department of high quality technology talent.
Ensure that there are accountability systems in place that can be measured and success or failure properly attributed.
Continue to focus on e-Government initiatives through the hiring process, HR data analysis, training, and security clearances to maximize the DOL's staff of technologically literate individuals.

4.6 Risk Management and Critical Success Factors

Technology projects tend to fail because of poor vision, poor planning, poor staffing, poor management support, and poor support from key stakeholders. The Office of the CIO has taken steps to mitigate these factors.

There are many risks to an IT strategy's efficacy. Will the strategy cover future critical aspects? Will it be adopted by future stakeholders? Does it reflect trends in the marketplace as well as the Department? The Department answered these questions via the collaborative process employed to develop this IT Strategic Plan and by the IT strategy itself.

With a functioning and engaged Working Group, many stakeholder buy-in concerns have been met directly. The Working Group - comprised of representatives from across the Department - knows and understands the IT strategy and its implications for future operations.

The blended IT strategy has an inherent flexibility in the way it relies upon and builds upon existing consensus to achieve universal standards and apply best practices. Should one aspect of the strategy not perform as well as others, the emphasis may be shifted to account for this without dislodging the IT strategy on the whole.
The management of risk (potential failure of IT initiatives and IT strategic goals within the Department) is addressed principally by the governance structure (Figure 3) and the constant measurement of progress and performance on each IT initiative (internal scorecards).

Clearly, security is a top priority and is addressed by IT Program management and overall Department governance activities via the IT Security subcommittee.