Integrated IT Governance Process

1
Integrated IT Governance Process

• May 2007

2
Defining Integrated IT Governance

• ...the set of responsibilities and practices
  exercised by senior management of the enterprise
  designed to establish and communicate strategic
  direction, ensure realization of goals and
  objectives, mitigate risk, and verify that
  assigned resources are used in an effective and
  efficient manner.
• --- IT Governance Institute (ITGI), 2003

ITGI is a research think tank that exists to be
the leading reference on IT-enabled business
systems governance for the global business
community. ITGI publishes and maintains COBIT
(Control Objectives for Information and related
Technology). Versions 1, 2, and 3 of COBIT were
published in 1996, 1998, and 2000 respectively.
3
Would you like a 20 increase on your ROI?

• Companies with effective IT governance have
  profits that are 20 higher than other companies
  pursuing similar strategies.
• Weill and Ross

4
IGP Goals

• Transparent and timely decisions
• Leverage cross agency opportunities for improved
  citizen services and cost savings
• Increase information security and stakeholder
  privacy
• High fiscal accountability budget request
  supported by project planning
• Implement a consistent USDA IT infrastructure
• Measurable returns from our IT investments
• Compliance with federal and presidential mandates

5
You are already doing much of IGP

• You already are
• Planning your investments (major and non-major)
• Requesting acquisition approvals
• Managing your projects

6
IGP simply pulls these threads together
Acquisition Approval
Planning
Managing Projects
7
USDA already is required to approve any IT
acquisition over 25K.
Acquisition Approval Process
Planning
Is it Part of an approved investment? In line
with USDA architecture?
Approved Acquisition Request
Acquisition Request
Procurement Implementation
Detailed investment information allows us to
answer these questions.
8
IGP simply frontloads the information collection
Acquisition Approval Process
Planning
Is it Part of an approved investment? In line
with USDA architecture?
Approved Acquisition Request
Acquisition Request
Procurement Implementation
If we collect the information when we know it,
the whole process will be easier, more efficient.
9
When do we know the information?
Planning
Acquisition
Implementation
Strategic approach Business case Alternatives
analysis Expected benefits Project
schedule Acquisition plan Project costs
Contract type Specific product version Vendor
Cost variance Schedule variance Estimated cost to
complete
These monitor the implementation of each specific
acquisition (contract) as well as the overall
project.
These need to be specific by the time of the AAR
On well-planned projects, these get increasingly
detailed and accurate as the project progresses.
10
Providing the IGP information is easy
Yes, there are 155 potential categories per system
But we expect that the average system will only
have 12 15 applicable categories
Simply complete the applicable systems tab with
the few applicable categories
11
Providing the IGP information is easy
Yes, there are 155 potential categories per system
But we expect that the average system will only
have 12 15 applicable categories
Simply complete the applicable systems tab with
the few applicable categories
And the Investment tab is automatically
populated.
12
eAuthentication Example
13
To Accomplish This, the IGP Team Will

• Use portfolio analysis (at both agency and USDA
  levels) to identify new IT investment
  opportunities)
• Evaluate new IT requirements in light of
• USDAs current infrastructure and target
  architectureincluding standards for technology,
  privacy, security, etc.
• What each agencys mission requires.
• Provide agency Heads, CIOs and CFOs with line of
  sight on IT investments from planning, through
  acquisition and implementation, and to ROI.
• Make consistent use of IT rules, plans,
  standards, etc., easier