320 likes | 550 Views
Clinger-Cohen Act (CCA) from an OSD Perspective (Organizations to Achieve Transformation). Ray Boyd 703.602.0980 ext. 180 ray.boyd@osd.mil Commercial Policies/ Oversight Directorate. Agenda. OPENING ...................................................... Ray Boyd
E N D
Clinger-Cohen Act (CCA) from an OSD Perspective(Organizations to Achieve Transformation) Ray Boyd 703.602.0980 ext. 180 ray.boyd@osd.mil Commercial Policies/ Oversight Directorate
Agenda OPENING...................................................... Ray Boyd HISTORY OF CCA...................................... Les Bloom CCA OVERSIGHT PROCESS.................. Ray Boyd DoD 5000 CCA Table & Section 8084(FY04 Appropriations Act) ..................... Ray Boyd COMMUNITY OF PRACTICE................... Leonard Sadauskas PORTFOLIO................................................. Les Bloom CLOSING...................................................... Ray Boyd
Clinger-Cohen Act (CCA) History Les Bloom 703.602.0980 ext. 133 leslie.bloom@osd.mil
Why CCA? • Recognized • need for... • Revolutionary change • Cultural shift • Focus on results, not process GMRA ITMRA GPRA FASA CFO FARA CFO: Chief Financial Officers Act of 1990 GPRA: Government Performance and Results Act of 1993 GMRA: Government Management Reform Act of 1994 ITMRA: Information Technology Management Reform Act of 1996 FASA: Federal Acquisition Streamlining Act of 1994 FARA: Federal Acquisition Reform Act of 1996
The CCA Evolution: DoD’s Perspective LEGISLATIVE • ITMRA ‘95 • Hearing before committee on Gov’t Affairs, US Senate • DoD, OMB, & Congress negotiate changes to ITMRA ‘95 • Brooks Act • “Computer Chaos” 2/10/96: ITMRA ’96 (CCA) EXECUTIVE • InformationTechnology Oversight Improvement Group 7/16/96: Executive Order • White Paper • InformationTechnology Acquisition Resources Board October 1994 March 1995 May 1995 June 1995 July 1995 July/August 1995 February 1996
Read-Aheads • October 12, 1994 “Computer Chaos” • May 19, 1995 White Paper • June 20, 1995 Congressional Record
What Were The Problems? • Antiquated and Inefficient Computer Systems Cost Government Billions (legacy systems) (L) • IT investments fail to reach their potential to help agencies improve program effectiveness and efficiency (E) • Computer Modernization Efforts Have Failed—Why?--Inadequate: requirements analysis, cost/benefits analysis, capacity planning/management, implementation planning, testing; failure to consider alternatives; lack of internal controls (L) • Systems often cost much more than estimated, are not completed in a timely fashion, are not adjusted to changing program and technical requirements, and thus do not support real program requirements (E) • Federal Government wastes additional billions because we try to do too much at one time (megasystems). (L) • Incremental and evolutionary approaches to major systems development need to be expanded (E) • Federal Government rarely if ever examines how it does business before it automates (L) • Rather than focusing primarily on acquisition strategies late in the lifecycle process, analyze the operating processes to be improved with information technology well before our present oversight begins (E)
Fixes • Emphasize early oversight and planning (L) • Oversight that Promotes Capital Planning—Does this work have to be done?; Should our agency be doing it?; What’s the best way of performing this task? (E) • Federal spending on information technology will be treated like an investment. Similar to managing an investment portfolio, decisions on whether to invest will be made based on potential return, and decisions to terminate will be based on performance (L) • Initial investment decisions and subsequent management should be based on a comparison of quantifiable measures of benefits, risks and cost: performance management, cost, schedule, mission goals and measures (GPRA). Evaluate investments using portfolio analysis (E) • Avoid reinventing existing technology (L) • Make maximum use of commercial off-the-shelf technology (E) • Size projects to manageable levels (L) • Structure IT acquisitions into relatively short-term modules that can be easily evaluated and will allow projects to change direction (E)
Clinger-Cohen Act (CCA) Oversight Process Ray Boyd 703.602.0980 ext. 180 ray.boyd@osd.mil
DoD 5000 Requirements CCA Certification Process 2 1 ComponentCIO Confirms CCA Compliance PM Develops CCA Table Section 8088 Confirmation for Milestone Report ComponentCIO Certify CCA Compliance Certification Table/Report to DoD CIO 6 3 5 Congressional Defense Committees Coordinate / Prepare DoD Certification Package DoD CIO Certifies 4 NOTIFICATION TO CONGRESS
CCA Oversight of Programs (what we are working toward) • Develop a RISK-BASED Program for CIOs/CCA • How do we get there? • Assess the CIOs organizational ability • Educate the entire community • Selective reviews of the processes & programs • Develop Metrics to assist in the monitoring
DISA Programs (DRAFT) DRAFT
DoD 5000Clinger-Cohen Act (CCA) Table and Section 8084(FY04 Appropriations Act) Willie Moss 703.602.0980 ext. 105 willie.moss@osd.mil
CCA Compliance Matrix/ Table Table E4.T1. * For weapons systems and command and control systems, these requirements apply to the extent practicable (40 U.S.C. 1451, reference (ay)) ** The system documents/information cited are examples of the most likely but not the only references for the required information. If other references are more appropriate, they may be used in addition to or instead of those cited. ***These requirements are presumed to be satisfied for Weapons Systems with embedded IT and for Command and Control Systems that are not themselves IT systems ENCLOSURE 4
FY04 Appropriation Section 8084 CERTIFICATIONS AS TO COMPLIANCE WITH CLINGER-COHEN ACT The Chief Information Officer shall provide the Congressional Defense Committees: • Funding Baseline and Milestone Schedule • Business Process Reengineering • An Analysis of Alternatives • An Economic Analysis that includes a calculation of the return on investment • Performance Measures • An Information Assurance Strategy consistent with the Department’s Global Information Grid
The Role of a Clinger-Cohen Act (CCA) Community of PracticeToward Achieving a Transformational CCA Implementation Leonard Sadauskas 703.602.0980 ext. 102 Leonard.Sadauskas@osd.mil
Assessment of the Situation • CCA is perceived as a paper swatter rather than a tool for transformation (DONCIO, CCA Knowledge Fair 10-08-03) • Congress agrees and has been requiring program by program CCA Certifications • OMB agrees and has expanded the scope of the Exhibit 300 budget submissions to all investments > $1M • The Congressional reporting relief requested in the Defense Transformation for the 21st Century Act is on hold • RIT Pilot offers promising approach
Options • Status quo • Continue suffering certifications, other congressional reports and • IT budget reductions • Turn paper swatter into a CCA sledge hammer • May satisfy OMB and Congress, but • Likely to damage moral • Will require sizable increase in oversight workforce • Incentivize adoption of CCA as transformation tool (Based on preliminary RIT Pilot and MID 905 Streamlining initiative) • Carrot is license to manage own IT investments commensurate with risk of the investment and capability to manage the risk (risk-based oversight) • Stick is • Requirement for insight by each echelon into the next lower echelon (Net-centric access to information) • Demonstrated capability to effectively do CCA Transformation • Periodic verification at each echelon
Achieving Transformational CCA • Implement risk-based oversight • Institute process for HQ assessment of subordinate echelon capability to manage CCA compliant IT/NSS investments • Sec 804 SW Acquisition Improvement Program • Institute process for risk assessment and management of both internal and external risks • DAU Probability of Program Success (Army piloting) • Risk Radar, MITRE Risk Matrix, @Risk • Focus on coaching by OSD and Component HQ • Provide a means for discovering and sharing CCA implementation best-practices • CCA Community of Practice
A network of people with a common goal and purpose centered on critical business processes Who come together face-to-face or virtually to share & learn other’s experiences, insights, and best practices Government and Industry participation across the IT Acquisition Workforce What is a Community of Practice?
How Can a CCA Community of Practice Contribute to a Transformational CCA? • Develops a robust knowledge store to provide access to key information • Accesses expertise across the workforce • Uncovers best practices, lessons learned • Develops new knowledge about CCA problems and tasks • Develops new networking relationships • Leads to improved performance support tools • Harmonizes the Department’s CCA efforts
Next Steps • Stakeholders provide POC for CCA CoP governance • CIO, requirements and acquisition personnel join the CCA Community of Practice • Encourage members to • Contribute valuable, sharable information • Participate in online discussions • Participate in local community meetings • Serve as Subject Matter Experts • Contribute to new guidance • Join and influence the new CCA CoP at the Acquisition Community Connection: http://acc.dau.mil/cca
DoD Portfolio Policy(DRAFT) Les Bloom 703.602.0980 ext. 133 leslie.bloom@osd.mil
Policy • Information technology (IT) investments shall be managed as portfolios where decisions on what IT investments to make, modify or terminate are based on Domain goals, architectures, risk tolerance levels, potential returns, outcome goals and performance. • Portfolios shall be managed by Domains using integrated strategic planning, measures of performance, risk management techniques, integrated architectures, transition plans, and portfolio investments strategies. • Portfolio management processes shall be established and comprised of the following core activities: Analysis, Select, Control, Evaluate
Principles Portfolios shall be based on the principles of: • Centralized guidance and oversight • Stakeholder participation • Collaborative decisions, and • Decentralized execution
Initially… • Battlespace Awareness • Command and Control • Force Application • Protection • Focused Logistics • Accounting and Finance • Acquisition • Human Resource Management • Installations and Environment • Logistics • Strategic Planning and Budgeting • Technical Infrastructure
Expectations—Portfolio Review Criteria • Basics • Measurement • Governance • Architecture • State of the IT/NSS • Gaps and Opportunities • Transition Strategy • Change Management Strategy • Integration • Summary • CIO/CFO Domain Decision Memorandum
Net-Centric Governance Toolkit Acquisition Management System Planning, Programming, Budgeting, and Execution Process Joint Capability Integration and Development System • Infrastructure consistent withNC arch & standards transition • Other programs consistent withGIG Enterprise Services • New and net-centric • Legacy continued • Legacy modified • Legacy terminated • Only handle info once • Post before process • Pull vs. push • Collaboration PORTFOLIO OF CAPABILITY THREAT Evaluate Mission Select Analyze Control National Security Strategy Leadership, Governance, Integrated Architecture, Portfolio Summary Interoperable, Integrated, Secure, Effective, Affordable IT