While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
An enterprise architecture can provide significant benefits to an organization that embraces it. But many fail to tightly couple and integrate EA efforts with other enterprise programs, particularly investment management and systems development.
To be successful, the target EA and information technology initiatives must be managed within an overall investment management process: an integrated enterprise life cycle (IELC). When agencies don’t establish an IELC, problems can arise:
The challenge for most agencies is that the guidance, responsibility and skill sets for these processes can be spread across multiple organizations and are often implemented in a silo fashion. Only by viewing these processes as a whole can an agency achieve the maximum benefits.
The first step requires agreeing on a definition of the three major processes:
To be most effective, these enterprise processes need to have multiple touch points with one another. For example, IMP activities include portfolio management to prioritize and control IT initiatives. But portfolio management highly influences and is in turn influenced by the target EA’s business, application, data and technical dimensions.
As an agency develops and rolls out new initiatives, those initiatives need to mesh with the predetermined SDLC, which specifies project management and technical activities. The SDLC also should have touch points with the EA to ensure that an initiative’s evolving requirements, design and technology continue to adhere to the target EA. And the SDLC has integration points to areas in the IMP, such as project status reports and risk management.
An agency can use the Select, Control and Evaluate phases of the investment management process as the framework to integrate the EA and SDLC activities with investment controls. Following are the steps that the Architect of the Capitol has put in place to craft a governance and management approach that weaves EA, systems development and investment management together.
1. Initial Project Meeting. The project manager meets with EA representatives and members of a modernization board to get guidance on the project approval process. The board reviews project proposals to ensure EA alignment as part of the funding process.
Based on the initial understanding of scope and characteristics, the board and EA officials provide the project manager advice on topics such as ensuring conformance with EA target vision; alignment with goals, objectives and business processes; needed SDLC documents for board reviews (the business case, system concept, cost-benefit analyses and feasibility studies); and advice on engaging additional stakeholders.
2. Developing a Business Case. The project manager creates the business case for the modernization board and might also submit a detailed costing proposal, a concept of operations, additional cost-benefit analyses and resource plans.
Once approved, the project becomes part of the IT portfolio. The board then decides if the effort will impact the agency’s EA Technical Reference Model, determines what updates might be needed in the TRM, and figures out risk, cost and expected benefits.
3. Investment Review Board Approval. Next comes the IRB review. This board should have representatives from stakeholder groups throughout the agency to ensure that IT investments meet business and mission objectives and address critical issues. If the IRB denies approval, a project manager can appeal to executive management.
4. Initial Project Plan Development. The project manager next develops a draft project plan that lays out details for the upfront acquisition and analysis activities.
5. Acquisition and Source Selection. Working with the procurement team, the project manager creates the acquisition documents, and selects and procures the IT. This is a strong touch point to the EA: The organization’s enterprise architect should monitor the acquisition and source selection phase to ensure products and services align with business and technology strategies. The CIO and executive sponsor also need to review and approve the selection to ensure that the IT continues to align with overall goals, objectives and business objectives.
6. Updated Project Plan. Based on the IT solution information, the project manager updates the task, project and other plans, and tracks changes using a project management tool. As the project plan evolves, for any deviations greater than 5 percent, it’s crucial that the enterprise architect check to see if the EA transition plan will be affected.
1. Initial Project Review. The project manager meets with the project review board (PRB) to review approach and set up oversight plans, including the creation of a project review schedule. The board also will review SDLC artifacts and activities. The board provides input and guidance, addresses risks, determines milestones and approves the current project plan.
2. Baseline Project Plan. After the IRB approves the updated initial project plan, that plan becomes the baseline for measuring performance. At this point, the project manager needs to report any changes to the milestones or resource allocations to the enterprise architect so that the EA team can consider the effects on other parts of the enterprise. If there are financial impacts, the project team needs to submit them to the financial management office to ensure available funding.
3. Change Control Review. When needed, throughout the project life cycle, the project manager should also meet with a change control board to discuss any change issues or requests. The board maintains the integrity of the system life cycle, so it needs access to the documentation, code and requirements during the design and implementation of a system.
4. Project Status Reporting. Based on regular status reports from the project manager (and maintained using the reporting tool), the PRB chairman can call for a meeting with the project manager or set a board review at any time during the project’s life. The enterprise architect also needs to track these status reports, and the board needs to hold a review meeting any time deviations from the baseline reach 5 percent or more.
5. Project Status Review. The project manager updates and meets with the PRB on a regular schedule for status reviews, too. The enterprise architect needs to participate in the reviews as well — to ensure continued EA alignment. During each review, the board and EA team should check out the appropriate SDLC materials — project plan, requirements documents, design documents and test plans — to determine their quality and provide feedback.
To deal with any IT development issues, the PRB chairman will alert the CIO when necessary to review the project’s status and provide direction. If the chairman determines there are critical risks that will significantly affect the project’s outcome and alignment with business objectives and performance measures, the IRB must be notified. The IRB then can determine corrective actions or even cancel the project. The PRB chairman can request such a review at any time.
6. Update Final Project Plan. At the conclusion of the project, the project manager will create a final project plan and document lessons learned.
1. Post-Implementation Review, Surveys and Interviews. For a closeout meeting, the project manager will submit a final project plan, lessons learned, and complete system user and technical documents. It’s crucial to also gather the perspectives and insights of project participants, sponsors and end users through surveys and interviews of users, customers, program managers, project staff members, contractors and developers.
2. Process Improvement. Based on the information gathered, the agency can then make adjustments to the investment management process. At the same time, the agency needs to compare baseline project plans and costs with the actual project timeline and expenditures to improve future estimation efforts.
The lessons learned can help refine the Select and Control phases for future projects. Adjustments to the IELC process can also be made. By implementing this type of management process, an agency can answer questions about cost effectiveness and reduce business risk.
The Evaluate phase offers an opportunity to review gaps in business processes and in integration efforts, and the cost-benefit analyses let the organization determine whether the automation effort improved business functions.
Although this approach builds on the Investment Management Framework’s Select, Control and Evaluate phases, the critical component is the actual integration of the EA, IT and mission into the process.