U.S. Environmental Protection Agency
CAPITAL PLANNING AND
INVESTMENT CONTROL (CPIC) PROCEDURES
FOR THE OFFICE OF MANAGEMENT AND
BUDGET (OMB) EXHIBIT 300
VERSION 3.0
DECEMBER 2004
OFFICE OF ENVIRONMENTAL INFORMATION (OEI)
-------�
fit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
Executive Summary
The mission of the Capital Planning and Investment Control (CPIC) process at the Environmental
Protection Agency (EPA ) is to bring the Agency into full compliance with the Clinger-Cohen Act of 1996
(CCA), by establishing a series of structured, consistent, and repeatable processes and procedures for
planning and managing its investment resources. The CCA requires that all Agencies use a three-phase,
disciplined CPIC process to acquire, use, maintain, and dispose of Information Technology (IT) systems.
To assist Federal Agencies in complying with these CCA requirements, the U.S. General Accounting
Office (GAO) has developed an Information Technology Investment Management (ITIM) Framework that
provides more specific guidance and information on the three CPIC phases mandated by the CCA -
Select, Control, and Evaluate. EPA has adopted the GAO ITIM Framework, and has molded its CPIC
process around its key tenets and components. In addition, OMB has set forth specific requirements with
respect to CCA implementation and CPIC with which EPA must comply.
The Office of Environmental Information (OEI) within EPA has the responsibility for implementing and
managing the EPA CPIC process in accordance with these requirements. Given this charge, OEI has
developed a suite of policies, procedures, and guidance to assist Agency personnel in implementing CCA
and defining a structured CPIC process.
This document - Capital Planning and Investment Control (CPIC) Procedures for the Office of
Management and Budget (OMB) Exhibit 300 - was created to serve as Standard Operating Procedures
(SOPs) to assist Agency staff in complying with the requirements of the OMB Exhibit 300 process, and
incorporates many lessons learned at EPA since the enactment of CCA. It provides a wide range of
detailed information on the current EPA CPIC process as well as recommended techniques, procedures,
and best practices for use in preparing an OMB Exhibit 300 business case.
The document answers some of the following basic questions about the EPA CPIC Process, with a focus
on the production of an OMB Exhibit 300 business case:
• Who is responsible for overseeing the CPIC process at EPA? Who is responsible for creating the
OMB Exhibit 300 business case? Who is responsible for reviewing and approving the OMB Exhibit
300 business cases?
• What is the EPA CPIC process? What are its major phases and what does each entail? What
procedures are to be followed in completing an OMB Exhibit 300 business case?
• Where do OMB Exhibit 300 business case submissions go - both within and outside the Agency?
Where can you find more information on EPA CPIC policies, processes, and related topics?
• When does an OMB Exhibit 300 business case need to be produced, reviewed, and submitted?
• Why was the EPA CPIC process created? Why is it necessary/required?
• How should you navigate each of the three phases of the EPA CPIC process in producing an OMB
Exhibit 300 business case? How should you structure your IT investments to ensure EPA and OMB
approval? How should you approach each of the wide variety of topics that must be addressed in an
Exhibit 300 business case?
Specifically, the document contains the following five sections:
• Document Summary - Describes the purpose, applicability, and structure of the document;
• The CPIC Process - Provides details on the mission and scope of the EPA CPIC process, pertinent
background information, a process overview, and an annual calendar for the CPIC process;
• The Select Phase - Details the purpose, entry criteria, process, and exit criteria for the initial CPIC
phase in which investments are screened, ranked, and selected;
CPIC Procedures for the OMB Exhibit 300 i Executive Summary
-------�
-nfit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
• The Control Phase - Provides guidance on the purpose, entry criteria, process, and exit criteria for
the second phase in the CPIC process in which investments are monitored and corrective actions are
taken as necessary; and
• The Evaluate Phase - Describes the purpose, entry criteria, process, and exit criteria for the third
phase in the CPIC process in which investments are reviewed and adjusted, and lessons learned are
applied.
The document also contains a number of appendices that provide additional resources and references as
well as "best practices" for a variety of topics related to the preparation of the OMB Exhibit 300, including:
• Appendix A, References - Details a list of references used to develop this document as well as
resources for additional information on related topics;
• Appendix B, Glossary of Terms and Acronyms - Defines terms and acronyms used throughout
this document;
• Appendix C, Quality and Information Council Charter- Describes roles and responsibilities of the
Quality and Information Council (QIC), and its relationship to other organizations involved in the CPIC
process (e.g., the Information Investments Subcommittee (IIS));
• Appendix D, Performance Measurement - Provides information on developing performance
measures for IT investments;
• Appendix E, Cost-Benefit Analysis and Alternative Selection - Provides information on
completing a Cost-Benefit Analysis (CBA) as well as evaluating and selecting investment alternatives;
• Appendix F, Risk Assessment - Provides guidance on conducting a project risk assessment for IT
capital investments;
• Appendix G, Building the Project and Funding Plan Tables - Provides direction on how to
complete the milestone tables in the OMB Exhibit 300;
• Appendix H, Enterprise Architecture and E-Government - Describes the Federal Enterprise
Architecture (FEA) and the EPA Enterprise Architecture (EA), and discusses E-Government and the
President's Management Agenda;
• Appendix I, Earned Value Management - Provides guidance on conducting earned value
management activities and calculations;
• Appendix J, Conducting a Post-Implementation Review (PIR) - Describes the purpose and
content of a PIR, as well as the methodology for completing one; and
• Appendix K, Project Management - Provides guidance on project planning and management for IT
investments.
This CPIC Procedures document, in conjunction with other EPA CPIC policies, procedures, and
guidance, will help formulate a more standardized, consistent, and repeatable process for planning and
managing capital investments across the Agency. Over time, these CPIC policies, procedures,
processes, and guidance will lead to a portfolio of investments that best meets the mission and needs of
EPA and its stakeholders.
CPIC Procedures for the OMB Exhibit 300 ii Executive Summary
-------�
fit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
Table of Contents
1 DOCUMENT SUMMARY 1
1.1 DOCUMENT PURPOSE 2
1.2 DOCUMENT APPLICATION 2
1.3 DOCUMENT STRUCTURE 2
2 THE CPIC PROCESS 5
2.1 MISSION STATEMENT 6
2.2 LEGISLATIVE BACKGROUND AND ASSOCIATED GUIDANCE 6
2.3 SCOPE 7
2.4 STRATEGIC MANAGEMENT 8
2.5 TACTICAL MANAGEMENT 9
2.6 PROCESS OVERVIEW 9
2.7 DOCUMENTATION 10
2.8 CPIC PROCESS OWNER 10
2.9 ANNUAL CALENDAR 13
3 THE SELECT PHASE 15
3.1 SELECT PHASE PURPOSE 16
3.2 ENTRY CRITERIA 16
3.3 SELECT PHASE PROCESS 16
3.3.1 IIS Approves Abstract 18
3.3.2 Identify Project Sponsor 18
3.3.3 Identify Project Manager 18
3.3.4 Develop Business Case 18
3.3.5 Finalize CPIC Submission Package 26
3.3.6 CPIC Select Phase Review 26
3.3.7 IT Investment Portfolio Decision 26
3.3.8 Funding 27
3.4 EXIT CRITERIA 27
4 THE CONTROL PHASE 28
4.1 CONTROL PHASE PURPOSE 29
4.2 ENTRY CRITERIA 29
4.3 CONTROL PHASE PROCESS 29
4.3.1 Review and Modify Business Case 31
4.3.2 Finalize CPIC Submission Package 35
4.3.3 CPIC Control Phase Review 35
4.3.4 Evaluate go/no-go decision 36
4.3.5 Funding 36
4.4 EXIT CRITERIA 36
5 THE EVALUATE PHASE 37
5.1 EVALUATE PHASE PURPOSE 38
5.2 ENTRY CRITERIA 38
5.3 EVALUATE PHASE PROCESS 39
5.3.1 Conduct PIR and Present Results 41
5.3.2 Review and Modify Business Case 41
5.3.3 Finalize Submission Package 46
CPIC Procedures for the OMB Exhibit 300 iii Table of Contents
-------�
fit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
5.3.4 CPIC Evaluate Phase Review 46
5.3.5 Evaluate go/no-go decision 46
5.3.6 Funding 47
5.4 EXIT CRITERIA 47
6 APPENDIX A - REFERENCES 48
7 APPENDIX B - GLOSSARY OF TERMS AND ACRONYMS 50
8 APPENDIX C - QUALITY AND INFORMATION COUNCIL CHARTER 56
8.1 PURPOSE, AUTHORITY AND DURATION 56
8.2 SCOPE AND FUNCTIONS 56
8.2.1 Policy, Planning and Innovation 56
8.2.2 Investment Review 56
8.2.3 Relationship Between the QIC and the WCFBoard 57
8.2.4 Management and Oversight. 57
8.3 SUBCOMMITTEES 57
8.4 RELATIONSHIP WITH THE STATES 58
8.5 ADMINISTRATIVE REQUIREMENTS 58
8.6 SUPPORT STAFF 58
9 APPENDIX D - PERFORMANCE MEASUREMENT 59
9.1 PURPOSE 59
9.2 PROCESS 59
9.2.1 Analyze How the Investment Supports the Mission and Reduces Performance Gaps 59
9.2.2 Develop IT Performance Measures that Characterize Success 60
9.2.3 Develop Collection Plan 61
9.2.4 Evaluate, Interpret, and Report Results 62
9.2.5 Review to Ensure Relevance and Usefulness 62
10 APPENDIX E - COST BENEFIT ANALYSIS AND ALTERNATIVE SELECTION 63
10.1 PURPOSE 63
10.2 PROCESS 63
10.2.1 Determine/Define Objectives 64
10.2.2 Document Solution Requirements 64
10.2.3 Choose at Least Three Alternatives 65
10.2.4 Collect Cost Data 65
10.2.5 Estimate Costs for Each Alternative 66
10.2.6 Estimate Benefits for Each Alternative 69
10.2.7 Document Assumptions 69
10.2.8 Adjust Costs for Risk 69
10.2.9 Calculate Return on Investment for Each Alternative 70
10.2.10 Evaluate Alternatives and Select Solution 72
10.3 SUMMARY OF STEPS 72
11 APPENDIX F - RISK ASSESSMENT 73
11.1 PURPOSE 73
11.2 PROCESS 73
11.2.1 Identify Risks 73
11.2.2 Analyze Risks 75
11.2.3 Control Risks 76
12 APPENDIX G - BUILDING THE PROJECT AND FUNDING PLAN TABLES 78
12.1 PURPOSE 78
12.2 TABLES 78
CPIC Procedures for the OMB Exhibit 300 iv Table of Contents
-------�
-nfit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
12.3 PROCESS 78
13 APPENDIX H - ENTERPRISE ARCHITECTURE AND E-GOVERNMENT 82
13.1 ENTERPRISE ARCHITECTURE 82
13.1.1 Purpose 82
13.2 E-GOVERNMENT 84
13.2.1 Purpose 84
13.2.2 Agency Plan 85
13.2.3 Process 85
14 APPENDIX I - EARNED VALUE MANAGEMENT 87
14.1 PURPOSE 87
14.2 PROCESS 87
14.2.1 Update the Schedule 88
14.2.2 Record Actual Costs 88
14.2.3 Calculate Earned Value Measures 88
14.2.4 Report on Earned Value 88
15 APPENDIX J - CONDUCTING A POST IMPLEMENTATION REVIEW (PIR) 90
15.1 PURPOSE 90
15.2 PIRTEAM 90
15.3 PROCESS 91
15.3.1 Initiate PIR 91
15.3.2 Analyze Quantitative Data 91
15.3.3 Analyze Qualitative Data 92
15.3.4 Issue Report 92
16 APPENDIX K - PROJECT MANAGEMENT 93
16.1 PURPOSE 93
16.2 COMPONENTS 93
16.2.1 Project Planning 93
16.2.2 Scope Management 93
16.2.3 Risk Assessment 94
16.2.4 Cost and Schedule Management 94
16.2.5 Performance 94
16.2.6 Organizational Management 95
CPIC Procedures for the OMB Exhibit 300 v Table of Contents
-------�
US", cnl/lffjnn1i
-------�
U. !J' E n'/1 r rj n 111 -j 11 i ?.t I P f o I -:• c < I o /1 f\ y -j f«c* y
1 Document Summary
CPIC Procedures for the OMB Exhibit 300
Document Summary
-------�
1.1 Document Purpose
This document describes the Environmental
Protection Agency's (EPA) Information
Technology (IT) Capital Planning and
Investment Control (CPIC) process. It
documents the process that EPA staff should
follow to manage an IT investment portfolio.
This investment management process is
mandated by the Office of Management and
Budget (OMB) and the General Accounting
Office (GAO), and allows EPA to optimize the
benefits of scarce IT resources, address the
strategic needs of EPA, and comply with
applicable policies, guidance, and laws - such
as the Electronic Government Act of 2002 (E-
Gov) Act, the Information Technology
Management Reform Act/Clinger-Cohen Act
(ITMRA/CCA), and the Federal Information
Security Management Act (FISMA).
These EPA CPIC Procedures for the OMB
Exhibit 300 (these Procedures) are based on
guidance from both the OMB and the GAO, and
incorporate "lessons learned" from EPA's
iterations through the process over the last few
years, and best practices of other Federal
Agencies and the commercial sector1.
These procedures provide CPIC requirements
and guidance necessary for developing sound,
cost-effective, and compliant IT business cases
in preparation for OMB's review and approval.
They support the portfolio management
approach, and address the strategic planning
needs of EPA. Business cases must be
prepared according to the criteria in these
Procedures to ensure that they will meet OMB's
statutory requirements, and allow EPA to ensure
continued investment funding to meet Agency
mission goals. Business Cases that are not in
good standing face serious consequences from
both EPA Management and OMB. Possible
repercussions include delays, reductions in
future funding, and possible cancellation.
1.2 Document Application
These Procedures, and the CPIC process itself,
apply to IT investments that meet the criteria of
a "major" investment. For OMB budget
reporting, all major IT investments must be
reported on the Exhibit 53 and must submit a
"Capital Asset Plan and Business Case," Exhibit
300^.
EPA uses the OMB's definition of a major
investment, which is a system or project that
meets the following criteria:
. Requires special management attention
because of its importance to agency mission
goals;
. Was a major project in the current budget
submission and is continuing;
. Is financial management and spends more
than $500,000;
. Ties directly to the top two layers of the
Federal Enterprise Architecture (FEA)
(Services to Citizens and Mode of Delivery);
. Is an integral part of the Agency's Enterprise
Architecture (EA) modernization blueprint;
. Has significant program or policy
implications;
. Has high executive visibility;
. Meets EPA core CPIC criteria, standards, or
requirements as a "major system" that aligns
with the E-Gov strategy and E-Business
solutions.
Additionally, the following must be identified as
major IT investments:
. IT investments that are E-Government in
nature or use e-business technologies
regardless of the costs;
. IT investments that have significant multiple-
agency impact;
. IT investments that are mandated by
legislation or executive order, or identified by
the Administrator as mission critical.
1.3 Document Structure
These Procedures are structured to follow the
format of the CPIC process. CPIC is a dynamic
process in which proposed and ongoing projects
1 Appendix A - References, contains a variety of
information on Agency, Federal, and commercial
best practices for use in the CPIC process.
2 Detailed information on OMB budget reporting
requirements can be found in Circular A-l 1
accessible via
www. whitehouse. gov/omb/circulars/index. html.
CPIC Procedures for the OMB Exhibit 300
Document Summary
-------�
are continually monitored throughout their
lifecycle. Successful investments and those that
are terminated or delayed are evaluated both to
assess the impact on future proposals and to
benefit from any lessons learned. CPIC
contains three phases: Select, Control, and
Evaluate. Each phase is described in a different
chapter of this document, and each chapter
contains the following common elements:
. Purpose—Describes the objective of the
phase and why it is important to IT
investment management;
. Entry Criteria—Describes the phase
requirements and thresholds for entering the
phase;
. Process—Describes the critical elements of
the business case as well as the planning
and review during that phase; and
. Exit Criteria—Describes a checklist of what
must be completed and the actions
necessary for proceeding to the next phase.
Important CPIC process, EPA policy, and OMB
Exhibit 300 scoring tips (i.e., Strive for 5!) are
highlighted in boxes.
In these boxes, the Office of
Environmental Information (OEI) has
identified some quick tips to make
business case development and CPIC
submission easier.
EPA policy boxes highlight policies that
must be followed during the lifecycle of
the investment and the CPIC process.
Strive for 5! boxes highlight information
that will ensure top scores during IT
portfolio selection and the annual OMB
budget submission.
These Procedures contain the following
sections:
1. Document Summary - The purpose
and scope of this document
2. The CPIC Process - The mission
statement, the components and the
workflow of the CPIC process at EPA.
Details the legislative requirements that
support the development of the CPIC
process
3. The Select Phase - Process EPA uses
to ensure that IT investments are
chosen that best support the agency's
mission and align with EPA's approach
toEA
4. The Control Phase - Process to
ensure that IT initiatives are developed
and implemented in a disciplined, well-
managed, and consistent fashion; that
project objectives are being met; that
the costs and benefits were accurately
estimated; and that spending is in line
with the planned budget. This promotes
the delivery of quality products and
results in initiatives that are completed
within scope, on time, and within
budget.
5. The Evaluate Phase - The Post
Implementation Review (PIR) and
Operational Analysis processes and
guidance on comparing actual to
expected results once a project or major
component has been fully implemented;
provides an understanding on how to
evaluate mature systems on their
continued effectiveness in supporting
mission requirements and to evaluate
the cost of continued support or
potential retirement and replacement
CPIC Procedures for the OMB Exhibit 300
Document Summary
-------�
fit 2// i a •/ P f G» t "j c /
5? rj c y
Appendices:
6. References - Details a list of
references used to develop this
document as well as resources for
additional information on related topics;
7. Glossary of Terms and Acronyms -
Defines terms and acronyms used
throughout this document;
8. Quality and Information Council
Charter- Describes roles and
responsibilities of the Quality and
Information Council (QIC), and its
relationship to other organizations
involved in the CPIC process (e.g., the
Information Investments Subcommittee
(US));
9. Performance Measurement -
Provides information on developing
performance measures for IT
investments;
10. Cost-Benefit Analysis and Alternative
Selection - Provides information on
completing a Cost-Benefit Analysis
(CBA) as well as evaluating and
selecting investment alternatives;
11. Risk Assessment - Provides guidance
on conducting a project risk assessment
for IT capital investments;
12. Building the Project and Funding
Plan Tables - Provides direction on
how to complete the milestone tables in
the OMB Exhibit 300;
13. Enterprise Architecture and E-
Government - Describes the Federal
Enterprise Architecture (FEA) and the
EPA Enterprise Architecture (EA), and
discusses E-Government and the
President's Management Agenda;
14. Earned Value Management
Provides guidance on conducting
earned value management activities and
calculations;
15. Conducting a Post-Implementation
Review- Describes the purpose and
content of a PIR, as well as the
methodology for completing one; and
16. Project Management - Provides
guidance on project planning and
management for IT investments.
CPIC Procedures for the OMB Exhibit 300
Document Summary
-------�
C A' '/ ' f O ri /! I C1 /',' :' D / r- f fj f'-.. r / / fj /, /> ^/ r; /-,- r; >/
2 The CPIC Process
CPIC Procedures for the OMB Exhibit 300
The CPIC Process
-------�
n ./ i? / /J f o ? i • c / ,; rj /> /; y g f / r y
2. ? Mission Statement
The Clinger-Cohen Act (CCA) of 1996 requires
that all Agencies use a three-phase, disciplined
Capital Planning and Investment Control (CPIC)
process to acquire, use, maintain, and dispose
of Information Technology (IT) systems.
In May, 2000 the Government Accounting Office
(GAO) released an exposure draft on
Information Technology Investment
Management: An Overview of GAO's
Assessment Framework. This overview
describes the CCA-mandated, three-phased
approach for investment review and
management, and a maturity model for
implementing this process. This methodology is
known as the "ITIM Framework". The three-
phase approach includes a Select Phase, a
Control Phase and an Evaluate Phase for
strategically managing major IT investments that
will have a material effect on Federal Agencies
and subsequently the Federal Government.
The Environmental Protection Agency (EPA)
has adopted the ITIM Framework of CPIC.
The mission of the CPIC Process at EPA is to
bring the Agency into compliance with Public
Law 104-106, the Clinger-Cohen Act of 1996.
Through the Office of Environmental Information
(OEI), CPIC is centrally managed to:
1. Ensure Agency sponsorship of all IT
investments;
2. Ensure alignment of IT investments with the
strategic goals of EPA;
3. Ensure alignment of IT investments with the
Enterprise Architecture (EA) of EPA and the
Federal Enterprise Architecture (FEA);
4. Ensure that each investment has a rational,
documented business case that will meet
the requirements of the Office of
Management and Budget (OMB) and Exhibit
300;
5. Ensure that IT investments are fairly
evaluated through the development of
standardized business cases;
6. Reduce the risk of investment failure by
enforcing a performance-based
measurement system;
7. Reduce the risk of project failure by
enforcing a cross-functional integrated
project team (IPT).
2.2 Legislative Background and
Associated Guidance
In addition to CCA, several other statutes
require Federal agencies to revise their
operational and management practices to
achieve greater mission efficiency and
effectiveness. These laws include:
1. The E-Government Act of 2002 (E-Gov)
requires agencies to support E-Government
initiatives, cross-agency e-business
opportunities, and implement performance
measures for E-Government projects. The
E-Gov Act requires agencies to conduct
Privacy Impact Assessments (PIAs) on
investments before developing or procuring
information technology that collects,
maintains, or disseminates information that
is in an identifiable form.
2. The Government Performance and
Results Act of 1993 (GPRA) developed the
foundation by which Federal agencies
measure how well initiatives are meeting
mission objectives.
3. The Federal Acquisition Streamlining Act
of 1994 (FASA V) requires that agencies
establish and measure performance goals
and achieve 90% of those goals, on
average.
4. The Federal Information Security
Management Act (FISMA) or Title III of the
E-Government Act of 2002, requires
agencies to have plans for information
security programs to assure adequate
information security for networks, facilities,
information systems, or groups of systems,
as appropriate. It also requires these plans
to be reviewed annually by agency program
officials and Inspector General (IG) audits of
information security programs and practices.
5. The Paperwork Reduction Act of 1995
(PRA) requires that agencies perform
information resource management activities
in an efficient, effective and economical
manner.
CPIC Procedures for the OMB Exhibit 300
The CPIC Process
-------�
-n fit 2// i a •/ P f G» t "j c / /
5? rj c y
6. The Government Paperwork Elimination
Act (GPEA). Requires agencies to provide
for electronic submission of forms, including
electronic signature and proper security.
7. The Chief Financial Officer (CFO) Act of
1990 and the Federal Financial
Management Improvement Act of 1996.
The OMB has policies and standards by
which financial management systems should
be designed, developed and operated.
Additionally, the National Archives and
Records Administration (NARA) has
recommended that electronic records related to
CPIC be stored and archived
(http://www.archives.gov/index.html). NARA has
issued guidance for maintaining and disposing
electronic CPIC records, which can be found on
the NARA website.
These Procedures focus primarily on the CCA
requirements. The CCA's objective is that
senior managers use a CPIC process to
systemically maximize the benefits of IT
investments, by documenting compliance with
applicable statutes and alignment with EA/FEA
targets:
. "The Head of each executive agency shall
design and implement in the executive
agency a process for maximizing the value
and assessing and managing the risk of the
IT acquisitions of the executive agency,"
and,
. "The process shall:
1. Provide for the selection of IT
investments to be made by the
executive agency, the management of
such investments, and the evaluation of
the results of such investments;
2. Be integrated with the processes for
making budget, financial, and program
management decisions within the
executive agency;
3. Include minimum criteria to be applied in
considering whether to undertake a
particular investment in information
systems. [This] criteria [is] related to the
quantitatively expressed projected net
risk-adjusted return on investment. [The
minimum criteria should include] specific
quantitative and qualitative criteria for
comparing and prioritizing alternative
information systems investment
projects;
4. Provide for identifying information
systems investments that would result in
shared benefits or costs for other
Federal agencies of State or local
governments;
5. Require identification of quantifiable
measurements for determining the net
benefits and risks of a proposal
investment; and
6. Provide the means for senior
management to obtain timely
information regarding the progress of an
investment, including a system of
milestones for measuring progress, on
an independently verifiable basis, in
terms of cost, capability of the system to
meet specified requirements, timeliness,
and quality."
Beyond the legislative background, there is
extensive guidance from the Federal Chief
Information Officer (CIO) Council, the OMB, the
GAO, and others in the area of IT investment
management. A list of investment management
reference guides and memos is identified in
Appendix A - References. The policy and
processes described herein are consistent with
this guidance.
2.3 Scope
The CPIC process supports and documents
executive decisions that ensure all IT
investments support EPA's mission, vision and
goals, and component agency business plans
and missions.
The CPIC process is a structured, integrated
approach to managing IT investments. It
ensures that all IT investments align with EPA
mission and support business needs while
minimizing risks and maximizing returns
throughout the investment's lifecycle. CPIC
relies on a systematic selection, control, and on-
going evaluation process to ensure each
investment's objectives support the business
and mission needs of the Agency.
. CPIC /S a policy and procedure of IT
investment strategic management. It is
CPIC Procedures for the OMB Exhibit 300
The CPIC Process
-------�
-n fit 2// i a •/ P f G» t "j c / /
5? rj c y
continuously performed throughout the
system life cycle. For simplicity, EPA uses
the Exhibit 300 format for the CPIC
documentation.
. CPIC IS NOT simply the annual budget
submission to the OMB. CPIC is an ongoing
monitoring and evaluation process, of which
the OMB submission is an output.
Through sound management of IT investments,
the Information Investments Subcommittee (IIS)
and the QIC determine the IT direction for EPA,
and ensure that IT investments are managed
with the objective of maximizing returns to the
Agency and achieving business goals.
It is essential that major IT investments within
EPA comply with these CPIC Procedures.
These are the procedures that each Office is
expected to use to manage its major IT
investments. Office level CPIC processes and
procedures must be at least as stringent as the
OMB Exhibit 300 requirements dictate, and in
compliance with these Agency-level CPIC
procedures.
Major investments are considered to be strategic
for the Agency and thus, have a greater
documentation burden, including being
individually reported to OMB on an Exhibit 300.
They are also included in the Major IT
Investment Portfolio. The thresholds for a
project to be considered "major" are described in
Section 1.2 - Document Application.
2.4 Strategic Management
Strategic Management builds long term success
for businesses and organizations by ensuring
that all perspectives, or viewpoints of an
organization are considered during planning and
decision-making.
The success of EPA's IT investments directly
affects the ability of Offices within EPA to
execute business plans and fulfill missions.
CPIC enables the Agency to view its IT
investments strategically, thus ensuring they are
aligned with the overall goals and objectives of
the Agency.
Additionally, emphasis is placed on:
. Alignment with Agency wide EA, FEA, and
support of the President's Management
Agenda (PMA);
. Project risk management;
. OMB budget submissions;
. Security;
. Privacy;
. Performance; and
E-Gov
The long-term success of EPA is directly linked
to achieving its strategic goals and objectives.
The five strategic goals of EPA are:
1. Clean Air - Protect and improve the air so it
is healthy to breathe and free of levels of
pollutants that harm human health or the
environment.
2. Clean and Safe Water - Ensure drinking
water is safe. Restore and maintain oceans,
watersheds and their aquatic ecosystems to
protect human health, support economic and
recreational activities, and provide healthy
habitat for fish, plants and wildlife.
3. Preserve and Restore the Land -
Preserve and restore the land by reducing
and controlling risks posed by releases of
harmful substances; promoting waste
diversion, recycling, and innovative waste
management practices; and cleaning up
contaminated properties to levels
appropriate for their beneficial reuse.
4. Healthy Communities and Ecosystems -
Protect, sustain, or restore the health of
people, communities and ecosystems using
integrated and comprehensive approaches
and partnerships.
5. Compliance and Environmental
Stewardship - Improve environmental
performance through compliance with
environmental requirements, preventing
pollutions and providing environmental
stewardship. Protect human health and the
environment by encouraging innovation, and
providing incentives for governments,
CPIC Procedures for the OMB Exhibit 300
The CPIC Process
-------�
-n fit 2// i a •/ P f G» t "j c / /
5? rj c y
businesses, and the public that promote
environmental stewardship.
Additionally, EPA has cross-goal strategies that
will contribute toward progress of the five goals
described above. These strategies involve
administration, financial management, legal
services, and processes employed to help
accomplish objectives. These strategies cover
the different perspectives, or views, of the
Agency.
1. Partnerships
2. Information
3. Innovation
4. Human Capital
5. Science
6. Homeland Security
Strategic management concerning IT
investments at EPA is governed by the IIS and
the QIC. The IIS and the QIC are chartered to
review major IT investments to ensure that they
will fulfill mission performance requirements at
EPA, follow guidelines of the GAO and the
OMB, and ensure that EPA complies with
statutory regulations. See Appendix C - QIC
Charter for more information on the roles and
responsibilities of these two organizations within
EPA.
2.5 Tactical Management
Tactical Management is the day-to-day
monitoring of strategic objectives. For example,
CPIC processes promote oversight to ensure
that project management to develop the Major IT
Investment Portfolio follows sound tactical
management practices. Through the CPIC
process, the Agency can enforce:
Accurate
analysis;
Acquisition
Agency;
budgeting and cost benefit
strategies that benefit the
Project planning that emphasizes achieving
milestones on time and on budget;
Real-time corrective measures by analyzing
project trends using earned value
calculations.
Consistent tactical management reduces both
project and strategic risks by providing project
managers with proven, reusable processes and
tools that enable efficient monitoring of time,
vendors, and costs.
2.6 Process Overview
At the highest level, the CPIC process is a
circular flow of EPA's IT investments through
three sequential phases of Select, Control and
Evaluate.
. Select Phase— Project Managers compile
the information necessary for supporting a
detailed proposal assessment. Executive
decision-makers assess each proposed
investment's support of EPA's strategic and
mission needs. Investment analyses are
conducted and the QIC chooses the IT
projects that best support the mission of the
organization, adhere to Federal and Agency
security requirements, align with EPA's
approach to EA, and are prepared for
success.
. Control Phase—EPA ensures, through
timely oversight, quality control, and
executive review, that IT initiatives are
developed and implemented in a disciplined,
well-managed, and consistent manner.
. Evaluate Phase - Actual results of the
implemented projects are compared to
expectations to assess investment
performance. This is done to assess the
project's impact on mission performance,
identify any project changes or modifications
that may be needed, and revise the
investment management process based on
lessons learned. Mature, or steady state
systems are assessed to ascertain their
continued effectiveness in supporting
mission requirements, evaluate the cost of
continued maintenance support, assess
potential technology opportunities, and
consider retirement or replacement options.
Each of these three phases is structured in a
similar manner using a set of common elements.
These common elements provide a consistent
and predictable flow and coordination of
activities within each phase. The common
elements are defined by the OMB-developed
Exhibit 300 template. Contact OEI for the most
CPIC Procedures for the OMB Exhibit 300
The CPIC Process
-------�
recent version of the OMB Exhibit 300, and
question-by-question EPA guidance3.
Completing one CPIC phase is necessary
before beginning a subsequent phase. Each
phase is overseen by the IIS and the QIC, which
ultimately approves or rejects an investment's
advancement to the next phase. This ensures
that each investment receives the appropriate
level of managerial review and that coordination
and accountability exist.
2.7 Documentation
At EPA, the CPIC process is documented and
submitted to OEI and the QIC using OMB's
Circular A-11, and Exhibit 300.
Table 2.1 lists all of the sections of the Exhibit
300 as of the Fiscal Year 2005 budget
submission, and how the sections are
emphasized, progressing through the three
CPIC phases. This table offers suggestions for
cascading changes. Every business case is
different, so OEI will help identify how changes
will affect the business plan.
2.8 CPIC Process Owner
The CPIC process is primarily supported and
maintained by EPA's Office of Environmental
Information. Contact OEI with questions about
these Procedures or the CPIC process.
While OEI is responsible for the enterprise and
portfolio process and guidance, each Office
must maintain its own investment planning and
management functions to fulfill CPIC goals and
objectives.
At EPA, prior to submitting documentation to
OEI, all business cases must be reviewed and
signed by the Offices' Senior Resource Official
(SRO), as part of the Offices' local CPIC
process.
Each fiscal year (FY), there is a possibility that
OMB guidance for the Exhibit 300 process will vary
from the previous year's guidance. To assist Exhibit
300 preparers, EPA produces a question-by-question
guidance document separate from this document, and
distributes it to the preparers. It contains more
specific "how-to guidance" for each OMB Exhibit
300 question than these procedures, and can be found
on the OEI intranet after publication. The current
version of the OMB Exhibit 300 can be found by
accessing the current version of Circular A-11, via
the following link:
http ://www. whitehouse. gov/omb/circulars/index. html
Current versions of the Agency's CPIC guidance can
be located via the following link:
http://intranet.epa.gov/CPIC/.
CPIC Procedures for the OMB Exhibit 300
10
The CPIC Process
-------�
£rj-y-jr'&.nfiivf!i-si:j
Table 2.1: Exhibit 300 Sections through the CPIC Process
SECTION
I. A
I.B
I.C
I.D
I.E
I.F
I.G
DESCRIPTION
Project Description
Justification
Performance Goals
Program
Management
Alternatives
Analysis
Risk Inventory
Acquisition
Strategy
SELECT
Describe what the
investment is
Emphasize the
mission performance
gap and the solution
Develop no more than
5 ways to measure
investment success.
List the names, roles,
responsibilities and
contact information of
the team
Emphasis is on
developing three
viable alternatives, one
of which may include
continuing with the
"as-is" system or
solution.
Emphasis is on
identifying risks in the
1 9 areas and planning
how to manage those
risks. Costs must be
included
Emphasis is on
performance-based
contracting and
spreading risk from the
Agency to the
contractor
CONTROL
Modify the description if
necessary. Major changes
indicate that there will be
adjustments in many sections of
the document.
If there are minor changes here,
look for changes in the
Description and Performance
Goals. Major changes indicate
review of Alternatives Analysis
and EA and may require a kick-
back to the Select phase
(Select).
If there are minor changes, look
for adjustments in the
Description and Justification
section. Major changes indicate
required review of Alternatives
Analysis and EA, and may
require a kick-back to Select.
Ensure the contact information
is correct. If there are major
changes to the Integrated
Project Team (IPT), analyze
project risk in the Risk
Inventory.
Any changes at this phase will
be a result of a major
adjustment to another section
such as EA, Project and
Funding Plan and Security.
Most likely, the project will be
kicked-back to Select.
Minor adjustments should be
well documented. Major
changes may affect the entire
project. Depending on the risk-
type adjusted, the investment
may need to go through
Definition and Select again.
Minor changes will most likely
affect the Project and Funding
Plan. Major changes most likely
will affect the Risk Inventory as
well. The project may be put on
hold until project risks are
mitigated.
EVALUATE
Modify the description if
necessary. Major changes
indicate that there will be
adjustments in many sections of
the document.
Indicate whether current
business practices are the most
advantageous and cost-effective
to the Agency. If there are
minor changes here, look for
changes in the Description and
Performance Goals. Major
changes indicate a review of
Alternatives Analysis and EA
and may require a kick-back to
Select.
Emphasis will be on whether the
investment is meeting baseline
goals. If not, analyze the
variance and describe why the
investment is failing to meet
goals. Determine if the
investment is eligible for re-
design or modernization.
Ensure the contact information
is correct. If there are major
changes to the IPT, analyze
project risk in the Risk
Inventory.
Must be performed with a
future-focus in E-Gov strategy
and web services or other e-
business tools. This analysis
ensures that the implemented
solution continues to be the best
choice, and returns the greatest
benefit to the Agency.
Any changes at this phase will
be a result of a major
adjustment to another section
such as EA, Project and
Funding Plan and Security.
Most likely, the project will be
kicked-back to the Select phase.
Minor adjustments should be
well documented. Major
changes may affect the entire
project. Depending on the risk-
type adjusted, the investment
may need to go through
Definition and Select again.
There should be no changes to
this section unless the project is
going through modernization. If
so, the project should enter the
CPIC Select phase.
CPIC Procedures for the OMB Exhibit 300
11
The CPIC Process
-------�
SECTION
I.H
II.A
II. B
DESCRIPTION
Project and
Funding Plan
Enterprise
Architecture
Security and
Privacy
SELECT
If this is the first CPIC
cycle for this project,
only fill in table 1.H.2.
If this is not the first
CPIC cycle for this
project and there are
changes to the
approved baseline, fill
in tables 1.H.3 and
1.H.4.
Map the investment's
components to the
FEAandEPA
reference models.
Describe the security
plan developed in the
System Life Cycle
(SLC) Definition phase
and ensure that at
least 1% of the budget
is spent on security.
When investments are
in the initial and
planning (acquire)
stage, a PIA must be
completed with current
updates and approved
annually.
CONTROL
Governance boards are looking
for overruns and management
issues. Minor changes will be
proposed in the appropriate
table, and may also affect the
Risk Inventory and Acquisition
Strategy. Major changes may
temporarily halt funding until
issues and risks are resolved.
Minor changes should be
documented. Major changes
due to external factors will affect
the Justification, Performance
Goals and Alternatives Analysis.
If the investment no longer
serves the need, the investment
will most likely go back through
Definition and Select.
Minor changes may affect the
Project and Funding Plan.
Major changes may affect the
system Justification and
possibly halt funding.
When investments are in the
Full Acquisition and Steady
State (use) stage, a PIA must
be reviewed annually but only
completed every three years.
An e-mail certification is
required annually.
EVALUATE
There will be only one entry in
this section for a fully
implemented steady-
state/operations and
maintenance project. Analyze
ongoing costs against budgeted
costs and determine cost
overruns.
All answers must be with a
focus on e-Gov strategy. The
only changes in EA for steady-
state/operations and
maintenance projects will be if
the Agency has changed its EA
structure. If so, changes here
may affect Justification,
Performance Goals and
Alternatives Analysis.
Determine if the investment is
still aligned with the strategic
goals of the Agency, and if not,
make the decision to retire the
investment or modernize it.
The only changes in security for
steady-state/operations and
maintenance projects will be if
the Agency has changed its
security goals and
requirements. If so, changes
here may affect the project plan.
Determine if the investment is
still aligned with the strategic
goals of the Agency, and if not,
make the decision to retire the
investment or modernize it.
When investments are in the
Mixed Life Cycle (maintain)
stage, a PIA is required every
three years. However, a review
must occur every year to ensure
no substantial
changes/modification have
occurred that would require a
new submission.
CPIC Procedures for the OMB Exhibit 300
12
The CPIC Process
-------�
U.S. Environmental Protection Agency
2.9 Annual Calendar
There are five different EPA areas that make up
the CPIC and related budget processes. An
annual calendar, with tasks, is shown below.
In March, the Program Offices turn in one-page
abstracts of new IT Investments that contain a
description of the investment, the spending
summary, and the justification of the project to
OEI.
The IIS reviews the abstracts and initially scores
them as red, yellow or green. Greens will be
included with the budget submission, yellows
need additional justification work, and reds are
immediately rejected.
From this, the IIS develops the preliminary
portfolio and notifies the Program Offices that
need to complete business cases for the Select
phase.
Over the summer, the Program Offices, with
help from the EA and CPIC Teams, and the OEI
Subject Matter Experts (SMEs), develop or
modify their business cases and/or Privacy
Impact Assessments.
When the business cases are finalized and are
submitted to OEI, the IIS will review them for
inclusion in the Major IT Investment Portfolio,
and forwards recommendations to the QIC. The
QIC makes the final decision.
Table 2.2: EPA Budget Calendar
Feb
Mar
Apr
May
June
BUDGET
PROCESS
Annual Planning
Meeting guidance
issued
Goal Meetings held
• Spring planning
meeting
• Budget guidance
issued to Agency
• Proposals due to
OCFO
• Budget forum
• Planning and
Budget
submission
guidance issued.
CPIC TEAM
Data call to Program
Offices to update and
revise abstracts
CPIC Reviews for
high-risk investments
Update reporting
database with
Operating Plan
budget numbers
Training with
preparers
PROGRAM
OFFICES
Respond to data call
for abstracts
Update/revise any
projects scored
"yellow" by
subcommittee
Ensure decisions
made on preliminary
portfolio development
are shared with the
Program Offices'
resource community
for budget formulation
IIS
Review and preliminary
approval of draft
portfolio based upon
abstracts' red, yellow
and green scoring
• Re-visit projects
scored "yellow" for
possible inclusion
in portfolio
• Decisions shared
with SBO's for
inclusion in
preliminary budget
formulation
QIC
CPIC Procedures for the OMB Exhibit 300
13
The CPIC Process
-------�
U.S. Environmental Protection Agency
July
Aug
Sept
Oct
Nov
Dec
Jan
BUDGET
PROCESS
Agency prepares
annual plan and
budget justification to
OMB
Annual plan and
budget
OMB conducts budget
review meetings with
EPA
OMB passback to
EPA.
EPA incorporates
OMB passback
decisions to create
President's budget
(PRESBUD)
EPA completes
annual plan and
budget for Congress,
due first Monday in
February
CPIC TEAM
• Interviews with
preparers to help
complete
business cases
. OMB's final
guidance
released
Finalize business
cases and reporting
Submit Exhibit 300s
and Exhibit 53 to
OMB
Updates Exhibit 300s
for OMB passback
Data call to provide
updated actuals and
revised PRESBUD
figures
Submit updated
Exhibit 300s and
Exhibit 53s to OMB
for PRESBUD
submission
PROGRAM
OFFICES
Work with CPIC and
EA Teams and SMEs
during interviews to
help complete
business cases
and/or Privacy Impact
Assessments
Finalize business
cases working with
OEI staff to update
reporting and prepare
OMB submission
Update financial
systems with actuals
and PRESBUD
numbers based on
passback
IIS
Review and give final
approval of
recommended IT
portfolio for the QIC's
approval
Review and give final
approval of
recommended IT
portfolio for the QIC's
approval
QIC
• Final approval
of IT portfolio
• Approval of
sequencing
plan
CPIC Procedures for the OMB Exhibit 300
14
The CPIC Process
-------�
,:.
Pfrj!*c(i.tjfi Au-jfsf:
3 The Select Phase
Select Phase
• Screen
• Rank
• Select
CPIC Procedures for the OMB Exhibit 300
15
The Select Phase
-------�
U. !»'. En
-f\g v
3.1 Select Phase Purpose
This phase of the Capital Planning and
Investment Control (CPIC) process is very
important. During this phase, the sponsoring
Office will define the need for the investment,
explain the solution, and finalize the CPIC
submission that complies with Agency and
Federal planning and information requirements.
In this phase, the Integrated Project Team (IPT)
will need to demonstrate to the Information
Investments Subcommittee (IIS) and the Quality
and Information Council (QIC) that this
investment is the best use of Agency funds to fill
the mission performance gap, and should be
included in the Agency's Investment Technology
(IT) Investment Portfolio.
Proper planning, documentation, and review is
critical not only to funding, but it also sets
success expectations for this solution, and the
IPT that manages it. When this business case is
approved, it will be the baseline by which to
evaluate the progress and performance of the
investment through the remainder of its life
cycle.
3.2 Entry Criteria
Prior to entering the Select Phase:
1. The IIS approved the system abstract;
2. A performance gap in mission success
was identified;
3. An IPT was established to analyze
solutions to fill that gap (see 3.3.4.4);
4. The IPT developed a solution through
System Life Cycle (SLC) Definition, and
that solution is considered a major
investment. See Appendix B -
Glossary of these Procedures for a
definition;
5. A business case was developed to
propose the solution for funding;
6. The business case was approved and
signed by the Office's Senior Resource
Official;
7. The Project Sponsor gained a funding
commitment from the Office.
Projects in SLC "Definition" need to get
through this CPIC "Select" process before
entering SLC "Development".
3.3 Select Phase Process
In the Select Phase, the Environment Protection
Agency's (EPA) IT investments are screened to
ensure they best support EPA's mission and
target Enterprise Architecture (EA). Individual
investments are ranked in terms of technical
alignment and projected performance as
measured by cost, schedule, benefit, and risk,
against other IT systems. Milestones and
review schedules are also established for each
investment during the Select Phase.
Business cases developed during the Select
Phase ensure that project teams have well
defined business and strategic requirements, a
security analysis required by the EPA System
Life Cycle Management Policy and other EPA
and Federal security policies and guidance, a
Privacy Impact Assessment (PIA), performance
measures, a cost benefit analysis, as well as
completion of other project planning efforts in
preparation for inclusion in the Agency's
investment portfolio and movement to the
Control Phase.
The IIS and the QIC review recommended
investments in good standing, and select those
that will be included in the Major IT Investment
Portfolio. A separate meeting is held for all
other investments requiring improvements prior
to selection.
CPIC Procedures for the OMB Exhibit 300
16
The Select Phase
-------�
IIS approved
system abstract
Identify Project
Sponsor
Identify Project
Manager
Develop Business
Case
Is Business
Case
complete?
Finalize CPIC
Submission
CPIC Select Phase
Review
IIS Review and
Recommendation to QIC
Enter Control
Phase
YES
Add
investment to
IT Portfolio?
Figure 3.1. The Select Phase Decision Process Flowchart
CPIC Procedures for the OMB Exhibit 300
17
The Select Phase
-------�
U.'J
E:n y >l r &fj tn 2 n i s i p.r o I -c; c 11 o 11 -A y £.! ft t y
3.3.1 IIS Approves Abstract
Developing a business case is a time-
consuming and often costly process. At EPA,
Offices are asked to submit a system abstract
for an initial assessment prior to developing the
business case. The preparation of the abstract
is important, as it provides documentation that
supports the later development of a more
detailed business case.
An abstract is a one-page summary of the
proposed system that includes a description of
the system, its goals and objectives, a summary
of spending, security requirements, and an EA
overview.
The IIS will evaluate the proposed system
solution to determine if the Office should
proceed with its definition or IIS will evaluate
against criteria. This process begins in March.
3.3.2 Identify Project Sponsor
The Project Sponsor should have been identified
during SLC Definition Phase. The Project
Sponsor should be a senior individual in the
organization with requisite management,
technical, and business skills to lead the
investment or supervise a designated Project
Manager.
Commercial and government best practices
show that IT investments championed by a
business leader have the best chance for
successful implementation. The Project
Sponsor is the business leader responsible to
the IIS and the QIC for the investment as it
continues through the CPIC process. The
project sponsor must review the System
Management Plan (SMP) and associated
decision documents at each SLC phase before
the system may advance to the next phase. The
review and approval must be documented in the
system decision documents. This commitment
by the Project Sponsor to the IIS and the QIC
represents accountability for the investment.
At EPA, the Project Sponsor is responsible for
allocating funding, and for compliance with EA
and CPIC policies and processes.
3.3.3 Identify Project Manager
The Project Manager should have been
identified during SLC Definition Phase. If not,
the Project Sponsor identifies a Project
Manager, who will be responsible for the day-to-
day operations of the system, including all
necessary documentation for EA and CPIC
processes and review project manager
qualifications.
The Project Manager selected should possess
the following qualifications:
. Three years experience managing IT
projects of similar size and scope, and OEI-
Sponsored 32-hour PM training; or
. PM certification, by or equivalent to the
Project Management Institute (PMI)
requirements, and dedication to the project
on a full-time basis.
3.3.4 Develop Business Case
Business cases are a tool that the Agency uses
to ensure that its IT dollars are invested wisely,
and put to use in areas where the Agency's
needs are greatest. They also help to ensure
that the system owner has a solid plan in place
for achieving results that provide mission-critical
capabilities and efficiencies where they did not
exist previously.
Business case development involves justifying
the need for the investment by matching it to
business requirements and Agency strategic
goals, and showing that risk, security, cost and
development have been planned for
appropriately. The goal of the business case is
to show the Agency that this investment is the
best alternative for the Agency.
Start with the work you've already done in
your System Management Plan. Then
prepare your CPIC submission by using
the Exhibit 300 format to focus your
attention on required elements.
CPIC Procedures for the OMB Exhibit 300
18
The Select Phase
-------�
U.'j. Z
Agency
EPA uses Exhibit 300 from OMB circular A-11
as the documentation for the business case4. All
parts of the Exhibit 300 will need to be filled in
during the Select Phase of the CPIC process.
Start with the work already done in the System
Management Plan to avoid conflict and
duplication of effort. SLC policy states that in
the Definition Phase, the system team must:
1. Define an EPA business need;
2. Document the purpose, scope and
requirements of the proposed information
system; and
3. Begin security planning and develop a
security risk assessment and PIA.
The next section will describe the different
sections of the Exhibit 300, and will provide a
description of what needs to be documented.
Please refer to Table 2.1: Exhibit 300 Sections
through the CPIC Process in Section 2 - CPIC
Process to see what should be emphasized in
each section of the Exhibit 300 for the Select
Phase.
3.3.4.1 Project Description
The project description summarizes the
investment from a user and technical
perspective. Describe who the customer is,
what the need is, and what the system solution
is. The Description is a summary of the
business case.
Describe the system assumptions, such as:
. What other Agency departments will this
system rely on?
. What are the data and process inputs that
the system requires to function properly?
It may be easier to write the description
last, highlighting the main points of your
business case.
4 OMB Exhibit 300 guidance can be found in section
300 of the current year's Circular A-11 at
http://www.whitehouse.gov/omb/circulars/
The description may include support for
assumptions such as user interview
documentation, process diagrams (showing
touch-points between departments), data
diagrams, etc.
3.3.4.2 Justification
The justification will begin with a performance
gap analysis to identify mission gaps in EPA's
strategy. A performance gap analysis is a
forward-looking and continuous analytical
activity that evaluates the capacity of the Agency
and/or the Agency's assets to satisfy existing
and emerging demands for services.
Examples of potential needs include those
related to economic and demographic trends,
statutory requirements, or an industry-developed
technological opportunity.
The Project Sponsor determines how analysis
should be conducted to validate, quantify, and
prioritize the proposed need by challenging the
IPT to "think outside the box". It is important to
have a functionally diverse project team that will
provide different perspectives to this strategic
analysis. The types of questions the team can
ask itself are:
. What are the strengths, weaknesses,
opportunities and threats to the Agency that
have resulted in this performance gap?
o Identify and quantify projected demand
for services based on input from
diverse sources such as: state and
educational communities; architecture
and strategic plans; and performance
and supportability trends of established
systems. Identify the affected user and
customer bases.
. What are the Agency's goals, and the
organizational pains that will prohibit those
goals from being reached?
. Does the Agency have the organizational
capacity to fulfill its goals now and in the
future?
o Identify and quantify projected
technological opportunities that will
enable EPA to perform its mission
more efficiently and effectively.
CPIC Procedures for the OMB Exhibit 300
19
The Select Phase
-------�
o Identify and quantify the need for
existing and projected services based
on information from field organizations,
the EA, and IT investment portfolio that
defines what is in place and what is
approved for implementation.
A higher priority will be placed on
investments that are directly related to E-
Gov initiatives. See the latest release of
the E-Gov strategy to see if yours does!
http://www.whitehouse.gov/omb/egov/site
_map.htm
The justification should clearly describe either
the capability shortfall and the impact of not
satisfying the shortfall on customers and
stakeholders or the technological opportunity
and the increase in efficiency it will achieve. Do
this by describing how the investment will help
achieve EPA's strategic goals. The justification
also must describe the criticality and timeframe
of the need, and roughly estimate the resources
the Agency should commit to resolving it based
on worth, criticality, and the scope of likely
changes to the Agency's IT Investment Portfolio.
This information forms the basis for establishing
the priority of this need in competition with all
other Agency investments.
Strengthen the need for this system by including
research and statistics.
Higher scores will be awarded to business
cases that show a direct relationship
between the investment and mission
needs, and specifically, how performance
measures can influence the achievement of
mission-critical strateciic goals.
3.3.4.3 Performance Goals and
Measures
The Government Performance and Results Act
(GPRA) provides a mandate to federal agencies
to account for program results through the
integration of: strategic planning, budgeting,
and performance measurement. GPRA requires
agencies to prepare strategic plans, annual
performance plans, and annual performance
reports that linking program effectiveness with
expenditure of funds. Performance goals and
measures are a critical part of the investment's
business case, and provide a baseline by which
to evaluate its success.
Performance goals are the objectives of the
system. Goals should be designed with all
layers of EA in mind: Business, Data and
Information, Service Component, Technology,
and Performance.
Describe goals as targets - for example: The
new help desk application will track issue
resolution time with 95% accuracy within three
years of implementation. The targets can be
graduated, for example the new help desk will
provide 80% accuracy in the first year, 90% in
the second year and 95% in the third year.
The Project Sponsor will facilitate developing
quantifiable performance measures that focus
on outcomes. See Appendix D - Performance
Measurement, provide examples to develop
and write Performance Goals and
Measurements.
Higher scores will be awarded to business
cases that describe both the baseline and
target performance goals and measures.
Describe how you will achieve the target
measures for that extra point!
The Project Manager is responsible for
documenting the goals and measurements in a
format for CPIC review. Be sure to include
baseline trends for comparison to new targets.
3.3.4.4 Program Management
The Program Office IPT represents expertise
from functional areas as required by the
specifics of the investment. In addition to the
functional experts on the team, a Capital
Planning Analyst from the Office of
CPIC Procedures for the OMB Exhibit 300
20
The Select Phase
-------�
U 3 , •£ n •/,/ /••£/ ft /? i £ r 1 1 si i Pro i & c y j& ft
c y
Environmental Information (OEI) will provide
guidance to the IPT throughout the CPIC
process.
The IPT should, at a minimum, consist of
functional experts in the following areas:
. Project Sponsor with program experience
. Project Manager who will oversee the day-
to-day operations of the project and
investment
. IT Manager with experience in the proposed
technology
. Security Specialist
. Agency Budget Analyst
. Contracting Specialist
. Program Office Architect
. Stakeholders or Collaborating Partners
Additional staff may be added from other
functional areas as needed. These people may
serve on multiple IPTs.
the best, an Alternatives Analysis with costs and
benefits must be completed
All EPA information system development
projects must have a documented,
designated Project Sponsor and Project
Manager. See the EPA Interim Agency
System Life Cycle Management Policy,
Agency Directive 2100.4, and System Life
Cycle Management Procedures
(http://intranet.eoa.ciov/rmDolicv/infoman.ht
m) for the latest requirements.
Include the roles, qualifications and contact
information for all members of the IPT in the
CPIC documentation to show that the IPT
represents all functional areas affected by the
investment.
3.3.4.5 Alternatives Analysis
The business case provides the necessary
information to build support and make funding
decisions for an investment. In order to
convince the IIS and the QIC that this solution is
Higher scores will be awarded to business
cases with three viable alternatives that
were consistently compared, and have well
documented assumptions.
Alternative One should be status quo - what are
the costs if the system is not developed?
Alternatives Two and Three should be selected
as viable technical and business approaches.
Refer to the Federal EA Reference Models for
potential alternatives. Develop a life-cycle for
each alternative and the costs and benefits for
each element involved in those life-cycles.
At a minimum, one alternative considered by
every project must include use of EPA WCF
services. If use of EPA WCF services is not a
viable business and/or technical alternative for
the project, then the business case must have at
least three additional viable technical and
business alternatives in addition to the EPA
WCF services alternative, for a total of at least
four.
Examples of cost elements are:
. Hardware including depreciation
. Software including releases
. Development Costs
. Program Costs
. Operations and Maintenance
Cost data can be collected from a variety of
sources such as:
. Historical Agency Databases
. Current System Costs
. Market Research
. Publications
If you're having trouble finding actual cost
information, contact your Agency Budget
Analyst for standard rates.
CPIC Procedures for the OMB Exhibit 300
21
The Select Phase
-------�
Analyze the benefits that the alternatives will
provide in both quantitative and qualitative
terms. Sometimes the cheapest alternative isn't
the best so don't immediately preclude
alternatives due to cost constraints!
High returns on investment may be awarded to
more expensive solutions that provide the most
qualitative benefits such as: most improved
mission performance in accordance with GPRA;
increased quality of data; increased flexibility
and responsiveness to stakeholders; and
increased employee satisfaction. Quantify these
benefits and include them in the CBA of the
selected alternative. The cost benefit analysis
(CBA) must be risk-adjusted, meaning that the
probability of the risk occurring was taken into
consideration when calculating project costs.
Discount the annual costs to calculate the net
present value of the investment, and identify in
what year the investment will break even. Use
the current discount rates (DRs) published by
the OMB. Contact OEI for help finding the
correct rates.
The important thing to remember is that each
alternative must be compared in a consistent
manner, and if it isn't (for example, using
contractors for development of one alternative
and employees for the development of another),
the reason for the difference must be clearly
explained. "We have the capability in-house to
develop Alternative Two, we don't for Alternative
Three."
Select the best alternative after weighing all of
the factors and describe the reasons why it was
selected. Also include the reasons why the
other two alternatives were not selected. The
IIS and the QIC want to be able to evaluate the
methods and reasons for chosen alternative.
Refer to Appendix E - Cost Benefit Analysis
and Alternative Selection for more information
on how to complete this section of the
documentation.
3.3.4.6 Risk Inventory
The OMB requires that a risk inventory and
assessment is completed for all major IT
investments, and that risk is actively managed.
Many projects fail because risks, both obvious
and hidden, aren't identified and planned for.
The first thing to know is that there is no way to
eliminate risk completely. The focus of a Risk
Inventory in the CPIC Select Phase is to identify
risks and plan how to manage risks to an
appropriate level in order to protect invested
funds. The OMB requires the Risk Inventory to
cover the 19 risk types listed below. See
Appendix F - Risk Assessment, for more
information.
1. Schedule - the project schedule slips.
2. Initial Costs - Actual costs exceed
estimates.
3. Life-cycle Costs - Actual costs exceed
estimates.
4. Technical Obsolescence - The technology
chosen becomes outdated prior to the end
of the life-cycle, and the return on
investment isn't realized.
5. Feasibility - The selected alternative is
wrong.
6. Reliability of Systems - The system doesn't
meet uptime standards and expectations.
7. Dependencies and interoperability between
this system and others - Success of this
investment relies heavily on the success and
continuation of other systems.
8. Asset Protection - The investment is difficult
to protect, for example it is located in an
unsecured building.
9. Risk of Creating a Monopoly for future
procurements - The investment relies on
one contractor for operations and
maintenance, so costs cannot be controlled
through procurement procedures.
10. Management Capability - The Program
Offices do not have the capacity to manage
the investment and surrounding processes
and systems.
11. Risk of Failure - The investment has a high
probability of not closing the mission gap
and will not return the benefits expected.
12. Organizational and Change Management -
Employees are resistant to learning new
processes and accepting the new
investment.
13. Business - Decision to develop and
implement the investment is a bad business
decision.
CPIC Procedures for the OMB Exhibit 300
22
The Select Phase
-------�
14. Data/Information - Success of the
investment relies heavily on accurate data
and information.
15. Technology - Success of the investment
relies heavily on technology components.
16. Strategic - The investment will not close
mission performance gaps.
17. Security - Protected data may be
compromised. Classify the risks here as
high, medium or basic.
18. Privacy - Data contained in the system is
regulated by privacy laws and requires
special planning.
19. Project Resources - The development of the
system relies heavily on specific project
resources, or required resources are scarce.
In the documentation, describe how each risk
type will potentially affect the project. If the risk
type will not affect the project or investment,
describe why. Think about the ways that risks
can be managed, such as "Security risk will be
managed by conducting periodic security
reviews", or "The project will be managed by a
PMI certified Project Manager". Include the
date the risk was identified and the probability of
occurrence.
The risk plan should include milestones and
target dates for each risk mitigation strategy. In
the Risk Inventory, describe what milestones
need to occur until the risk is adequately
managed.
3.3.4.7 Acquisition Strategy
A smart acquisition strategy can help mitigate
many of the project risks discussed in the
previous section. If using contractors to develop
the system, EPA promotes the use of fixed price
or performance-based contracts to help spread
schedule and cost risk away from the Agency
and onto the contractor.
The IPT's Contracting Officer can provide advice
to help establish a contracting strategy that will
mitigate risk to the government while utilizing
performance-based contracts.
Higher scores will be awarded to projects
with performance-based or fixed price
contracts. Work with your Contracting
Officer to develop the best contract for
your project.
The use of pre-packaged components over
custom programs usually reduces the amount of
time to implementation, and also alleviates small
programming bugs and testing issues.
Also, the acquisition strategy must allow for a
solution that is Section 508 compliant. Section
508 of the Rehabilitation Act of 1973 requires
that federal agencies develop, procure, maintain
or use electronic and IT that is accessible to
federal employees and citizens with disabilities.
3.3.4.8 Project and Funding Plan
Project milestones are submitted as part of the
business case as baseline expectations of the
project costs and schedule. They will be
approved by the IIS, the QIC and the OMB and
will serve as the project baseline to help monitor
performance success of the development and
implementation. Once approved, these
milestones should not change without approval
from the IIS, the QIC and the OMB. See
Appendix G - Building the Project and Funding
Plan Tables, for examples on how to correctly fill
in the tables.
Transfer the milestones of the project plan into
Exhibit 300 as part of the CPIC submission.
Required information for the Select Phase are
the milestone descriptions, projected start and
end dates with calculated duration in days, and
the planned cost for each milestone. If this is a
multi-agency project, identify the agency that is
responsible for funding each milestone.
The plan must be tracked using a performance-
based tool that meets American National
Standards Institute/Electronic Industries Alliance
(ANSI/EIA) Standard 748. Standard 748 is more
of a process than a program, and organizes 32
project management criteria that focus on cost,
schedule and performance goals into five main
areas:
CPIC Procedures for the OMB Exhibit 300
23
The Select Phase
-------�
U.S. Environmental Protection Agency
• Organization
. Accounting
. Revisions and Data Maintenance
. Planning, Scheduling and Budgeting
. Analysis and Management Reports
In the Select Phase, EVMS isn't required, but
historical information should be collected and
tracked for future reporting and use. Make sure
the tools are in place for retaining project
management data.
3.3.4.9 Enterprise Architecture
The CPIC process emphasizes alignment of the
investment with Federal and Agency
architectures. The IIS, the QIC, and the OMB
will rate investments that closely map to the
reference models higher than those that do not.
Investments that don't map to the architecture
reference models are at risk of losing funding.
Enterprise Architecture analysis will review the
alignment of proposals to the EPA and Federal
Enterprise Architectures.
To learn more about EPA's EA, reference the
strategic documentation or engage the Program
Office Architect on the IPT staff. Contact the
Offices' EA personnel or the EA team at OEI for
more help. There are also two web pages on
the EPA intranet that contain information on the
EPA EA, accessible via the following links:
http://intranet.epa.gov/architec:
http://intranet.epa.gov/CPIC/FY2006/EA.
Additionally, the Federal Enterprise Architecture
(FEA) Program Management Office (PMO) also
contains a wealth of information on the FEA
Reference Models (www.feapmo.gov)
Appendix H - Enterprise Architecture and E-
Government of this document discusses EA,
the President's Management Agenda and E-
Government further.
Figure 3.2. EPA's Enterprise Architecture (EA) Framework
Applications
Technology
Conceptual Framework
Federal Business Architecture
(BRM, Cross Agency E-Gov, Pres Mngt Agenda)
EPA Business Architecture (Processes, Functions)
Data Architecture
[Data Entities, Data Classes, Data Flows)
Application Architec
(Applications, Interfaces, Information Flows)
DEnv.&
Health
Business Domains
I I Research & I I Admin.
1 Enterprise
Wide
Science
Systems
Cross-
cutting
CPIC Procedures for the OMB Exhibit 300
The Select Phase
-------�
The IIS and the QIC will evaluate the new
solution against alternatives to determine if it is
the most viable solution that encompasses all
layers. If not, the solution may need to be
redesigned before the investment is approved.
Answers to the following questions will help
determine if the investment solution has been
adequately planned:
. Does the solution support core/priority
mission functions that need to be performed
by the Agency and the Federal
Government?
. Have business process efficiencies been
considered as part of the solution?
. Does the solution provide opportunities for
interfaces or system-sharing with other
Agencies?
. Does procurement for the solution take
advantage of enterprise-wide IT acquisition
contracts?
To score a 5, each component of the
investment must be mapped to the
FEA's Reference Models. See
Appendix H— Enterprise Architecture
and E-Government for more
information.
• Does the solution support work processes
that have been simplified or otherwise
redesigned to reduce costs, improve
effectiveness, and make maximum use of
commercial-off-the-shelf (COTS)
technology?
. Does the solution align with Agency
standards for EA Planning, Security &
Privacy, and E-Government Planning?
3.3.4.10 Security and Privacy
EPA's System Life Cycle policy states that a
comprehensive, baseline security plan is
completed during the system's Definition Phase.
The security plan involves identifying security
risks to data (including privacy standards) and
assets, while controlling security costs.
Security spending must be at least 1% of
your total IT investment budget.
Currently, management of data and information
within EPA is decentralized. Each Office will
have its own policies on the type of security that
is required for its investments. When developing
the security plan, be sure to follow the Office's
policies as well as the criteria required by the
System Life Cycle process. The CPIC
requirement at EPA is that security spending
must be at least 1% of the total budget.
Security risks should be listed and described,
with corresponding mitigation strategies. Cost of
the mitigation strategies should include
alternatives with the best solution selected and
reasons given for the selection.
The E-Government Act of 2002 requires
agencies to conduct Privacy Impact
Assessments (PIAs) on investments before
developing or procuring information technology
that collects, maintains, or disseminates
information that is in an identifiable form. In
addition, any information in an identifiable form
permitting the physical or online contacting of a
specific individual, if identical questions has
been posed to, or identical reporting
requirements imposed on, 10 or more persons,
other than agencies, instrumentalities, or
employees of the Federal Government.
The PIA is a process for examining the risks and
ramifications of collecting, maintaining and
disseminating information in identifiable form. It
provides a framework for considering the privacy
implications of information collected on
individuals and where potential disclosure risks
may lie. Privacy issues must be addressed
when systems are being developed and privacy
protections must be integrated into the
development life cycle of automated systems.
Privacy concerns should always be considered
when requirements are being analyzed and
decisions are being made about data collection,
usage, storage, and system design.
CPIC Procedures for the OMB Exhibit 300
25
The Select Phase
-------�
The PIA is commensurate with the size of the
information system being assessed, the
sensitivity of information that is in an identifiable
form in that system, and the risk or harm from
unauthorized release of that information.
3.3.5 Finalize CPIC Submission
Package
Review the completed business case and
supporting documentation based upon
procedural documentation provided by OEI each
year. Make sure all of the areas that the QIC
and the OMB rate highly are covered. A few
extra minutes could mean the difference
between a funded project, and a postponed
project. Note that projects that provide
insufficient business case documentation will not
be included in the IT Investment Portfolio nor
forwarded to the OMB as part of EPA's IT
funding request.
3.3.6 CPIC Select Phase Review
In this step, the business case submission will
be reviewed for accuracy and completeness in:
1. CPIC process steps;
2. Whether it is the best solution available
for the requirements;
3. Whether it is well documented in the
right format and all supporting
documentation is included.
First, OEI reviews the business case to ensure
that all process steps have been completed.
OEI provides any comments and/or questions to
the IPT through the contact information supplied
with the submission. That contact person works
with the OEI to address the issues and furnish
details as requested.
When complete, OEI forwards the updated
package to the QIC, who will rely on the IIS to
provide a thorough business case review in
accordance with Select Phase criteria. All
business cases must be as thorough as possible
to ensure that they can be ranked fairly against
each other in the next step.
The IIS then forwards its investment
recommendation to the QIC for its final decision.
3.3.7 IT Investment Portfolio
Decision
The QIC is responsible for building an IT
portfolio with investments that complement each
other and Agency goals. The QIC will review
the US' recommendation and consider placing
this investment into its portfolio by focusing
mainly on overall risk tolerance of the Agency
and how this investment fits into that risk
tolerance. The QIC will also consider how the
investment enables the Agency to reach its
strategic goals.
Here are some more points that the QIC may
use in their overall IT portfolio evaluation:
. Is the investment alternative consistent with
Agency EAs by integrating work processes
and information flows with technology to
achieve the Agency's Strategic Goals;
reflect the Agency's technology vision and
specify standards that enable information
exchange and resource sharing?
. Is the investment alternative being proposed
because no alternative in the private sector
or government can support the function
more efficiently?
. Does the investment ensure that security is
built into and funded as part of the EA and in
accordance with OMB policies?
. Does the investment reduce risk by avoiding
or isolating custom-designed components,
use fully-tested pilots, simulations or
prototype implementations?
. Does the investment's project plan establish
clear measures and accountability for
project progress and have secure buy-in by
users and stakeholders?
. Does the investment acquisition strategy
appropriately allocate risk between the
Agency and the contractor (if used),
effectively use competition, tie contract
payments to accomplishments and take
maximum advantage of commercial
technology?
If the QIC approves the investment, the decision
is implemented and a review schedule for the
Control Phase will be established in concert with
the OEI and the IIS.
CPIC Procedures for the OMB Exhibit 300
26
The Select Phase
-------�
3.3.8 Funding
At EPA, the Project Sponsor and Project
Manager are responsible for obtaining funding
through Office level budgeting and funding
sources and processes. CPIC submissions for
the Select Phase should not be submitted until
this commitment is obtained.
Secured funding at the Office level does not
guarantee that the project will be approved for
the IT Investment Portfolio. The QIC has the
final say in whether the investment will be
selected for the Portfolio, and presented to the
OMB.
3.4 Exit Criteria
Prior to exiting the Select Phase, investments
must have:
1. Identified business needs for the investment;
2. Established performance goals and
quantifiable performance measures;
3. A fully developed project plan that details
quantifiable objectives including an
acquisition schedule, project deliverables,
and projected costs;
4. A diversified IPT that represents all
functional areas of the Agency that are
impacted by the investment;
5. Identified costs, schedule, benefits, and
risks;
6. Established security, and architecture goals
and measures;
7. A fully Aligned Privacy Impact Assessment
8. Obtained Office-level funding commitments;
9. Been selected for the IT Investment
Portfolio.
10. Obtained the QIC's approval to enter the
Control Phase.
Projects that aren't selected can be resubmitted
at subsequent reviews.
CPIC Procedures for the OMB Exhibit 300
27
The Select Phase
-------�
,j.
rr/if
i£t I
4 The Control Phase
Control Phase
• Monitor Progress
• Take Corrective
Actions
CPIC Procedures for the OMB Exhibit 300
28
The Control Phase
-------�
U.!»'.. E 'n '//YD n w vsi 1211 ^ r o ! t- c i I u i / A y =! n c /
4. ? Control Phase Purpose
The objective of the Control Phase is to ensure
that the acquisition, development and
implementation of investments is done in a
controlled manner, on time, and within budget.
Emphasis is placed on the Project and Funding
Plan. Additionally, investments should be
closely tracked against the various components
identified in the Risk Inventory and Assessment
developed in the Select Phase. Corrective
actions are proposed if the project is off-
schedule.
Although the Environmental Protection Agency
(EPA) usually selects new investments annually,
the Control Phase is an ongoing activity. It
requires the continuous monitoring of ongoing
Information Technology (IT) initiatives through
the development and implementation lifecycle.
Additionally, periodic summary reviews are
completed based on the review schedule
completed during the Select Phase.
The Control Phase results in a decision to
continue, modify, or terminate a program. This
decision is based on reviews at key milestones
during the program's development lifecycle.
The focus of these reviews is on the
investment's progress through development and
implementation, as costs and benefits change.
Reviews focus on schedule and performance
goals being met; risks being minimized and
managed; and whether the investment will
continue to meet Agency goals and strategic
needs.
Depending on the review's outcome, decisions
may be made to suspend funding or make future
funding releases conditional on corrective
actions.
4.2 Entry Criteria
Prior to entering the Control Phase:
. Investments must have a completed Exhibit
300 approved by the Office's SIRMO;
. Passed through the Information Investments
Subcommittee (IIS) and Quality and
Information Council (QIC) reviews;
. The investment is part of the IT Investment
Portfolio, and has received funding.
Once the investment enters the Control Phase,
the Integrated Project Team (IPT) will monitor
the investment throughout development and
report the investment's status to its sponsors
and oversight groups.
Major Investments in SLC "Development
and Implementation" need to get through
this CPIC "Control" checkpoint before
entering SLC "Operations and
Maintenance."
4.3 Control Phase Process
During the Control Phase, an investment
progresses from acquisition to implementation.
The Office of Environmental Information (OEI)
and the Project Sponsor provide the IIS and the
QIC with investment reviews to assist them with
portfolio management. Issues may be either
project-driven or compliance-driven.
Project-driven issues are those that are caused
by the investment itself.
. Was there an error in planning?
. Was the right alternative selected?
. Has the acquisition strategy changed?
. Was the original project and funding plan
accurate?
Compliance-driven issues are caused by
external factors.
. Have user requirements changed?
. Are there externally driven risks that have
affected the Risk Inventory and plan?
. Has the Agency's Enterprise Architecture
(EA) been modified?
. Have the Agency's strategic goals changed?
The following flowchart shows the process of the
Control Phase.
CPIC Procedures for the OMB Exhibit 300
29
The Control Phase
-------�
Review and Modify
Business Case
Is Business
Case
complete?
CPIC Control Phase
Review
Finalize CPIC
Submission
In project
meeting cost
and schedule
targets?
Are
corrective
measures
acceptable?
Is alternative
still the best?
Cease
Development,
redesign solution
and move to
Select Phase
Cease
Development,
move to Evaluate
Phase and
conduct PIR.
Figure 4.1 - The Control Phase Decision Process Flowchart
CPIC Procedures for the OMB Exhibit 300
30
The Control Phase
-------�
4.3.1 Review and Modify
Business Case
The most efficient way to prepare the Capital
Planning and Investment Control (CPIC)
submission is to use the Exhibit 300 developed
during the last CPIC cycle, and it is
recommended that preparers utilize this prior
year template until the current year's template is
available. This document should complement
the System Lifecycle documentation, and is
designed to effectively summarize and
communicate the points in which OEI and the
QIC are most interested.
While all sections of the Exhibit 300 must be
reviewed, in the Control Phase, monitoring
activities and sections such as the Project and
Funding Plan and Risk Inventory and
Assessment sections are emphasized.
Refer to the table in Section 2 - CPIC Process
to identify which sections are emphasized and
how changes in one section may affect other
sections.
4.3.1.1 Project Description
While this section isn't as heavily emphasized in
the Control Phase as it is in the Select Phase,
revisit the description submitted during the
previous CPIC cycle to see if there are any
changes from a user and technical perspective.
4.3.1.2 Justification
The justification section of the business case
aligns the reason why the agency should invest
in the system with the business requirements. It
justifies the cost of the investment.
When monitoring the investment during this
phase, the Project's Sponsor and Manager
should evaluate the assumptions made during
the Select phase to ensure that the inputs that
the investment will rely upon will continue to be
available throughout its life. Changes in
assumptions may require modifications to
design or to performance goals. Make sure that
the changes are thoroughly cascaded
throughout the project plan, System Life Cycle
(SLC) documentation and Exhibit 300.
The following questions should help in
determining if there are changes in the project
description.
. Have the customers changed?
. Will the solution continue to satisfy their
needs?
. Will those originally relying upon outputs
from this system continue to do so?
. Are there any changes to the required data
and process inputs? How will those
changes affect this investment?
. Have the strengths, weaknesses,
opportunities and threats to the Agency that
have resulted in this critical need changed?
o Revisit and quantify projected demand
for services identified during the Select
Phase. If new sources have surfaced,
complete the same analysis as was
done during the Performance Analysis
step. It is important to maintain the
same level of detail and analysis,
ensuring that the baseline can be
consistently evaluated.
. Does the Agency still have the
organizational capacity to fulfill its goals now
and in the future?
o Identify and quantify projected
technological opportunities that will
enable EPA to perform its mission
more efficiently and effectively.
o Identify and quantify the need for
existing and projected services based
on information from field organizations,
the EA, and IT investment portfolio that
defines what is in place and what is
approved for implementation.
If the justification has weakened, the investment
may need to be re-designed, or development
terminated.
4.3.1.3 Performance Goals and
Measures
Performance goals are the objectives of the
system. These goals should be designed with
all layers of EA in mind: Strategic Business,
Data, Applications, and Technology. Describe
goals as targets - for example: The new help
desk application will track issue resolution time
CPIC Procedures for the OMB Exhibit 300
31
The Control Phase
-------�
U.H. •En¥if'[)nfi'
-------�
3. Gather the analysis conducted on all of the
sections of the Exhibit 300 during this CPIC
cycle and create a new Risk Inventory by
following the same process as before. Be
sure to consider the same types of risk,
which are listed below for review:
1. Schedule
2. Initial Costs
3. Life-cycle Costs
4. Technical Obsolescence
5. Feasibility
6. Reliability of Systems
7. Dependencies between this system and
others
8. Asset Protection
9. Risk of Creating a Monopoly for future
procurements
10. Management Capability
11. Risk of Failure
12. Organizational and Change
Management
13. Business
14. Data/Information
15. Technology
16. Strategic
17. Security
18. Privacy
19. Project Resources
See Appendix F - Risk Assessment, for an in-
depth approach to identifying and planning for
the risks listed above.
4. Conduct a GAP analysis between the
baseline and the new Risk Inventory. Are
there any changes? If so, what are the
effects of these changes? How do the
changes affect:
. Risk Priority
. Risk Description
. Probability of Occurring
. Cost to Mitigate the Risk
. Cost to the Agency if the Risk Occurs
5. Finally, be sure to update the plan for this
CPIC submission.
4.3.1.7 Acquisition Strategy
In the Select Phase, an acquisition strategy was
selected to help mitigate many of the project
risks identified in the previous section. During
the Control Phase, the acquisition strategy
should be reviewed for changes in contractors,
price and deliverables if the contract is
performance-based.
Review the project and funding plan first, then
meet with the Contracting Officer if changes to
the project plan will result in changes to
previously negotiated contracts.
If there are changes to the acquisition strategy,
the QIC and OMB will look for related changes
to the Project and Funding Plan, as well as the
Risk Inventory.
4.3.1.8 Project and Funding Plan
This section is the most important section of the
CPIC submission for the Control Phase.
During the Select Phase, the Project Manager
translated the milestones of the project plan into
the Exhibit 300 as part of the CPIC submission.
During the Control Phase, the Project Manager
will need to thoroughly analyze the development
of the investment and measure the project plan
against the baseline submitted during the Select
Phase. The baseline submitted during the
Select Phase cannot be modified in the Exhibit
300 unless approved by the QIC and OMB.
The plan must be tracked using a performance-
based tool that meets ANSI/EIA Standard 748.
Standard 748 is more of a process than a
program, and organizes 32 project management
criteria that focus on cost, schedule, and
performance goals into five main areas:
. Organization
. Accounting
. Revisions and Data Maintenance
. Planning, Scheduling and Budgeting
. Analysis and Management Reports
CPIC Procedures for the OMB Exhibit 300
33
The Control Phase
-------�
P;or#c
To ensure that the project has been planned
realistically, key personnel and Subject Matter
Experts (SMEs) for functional areas should be
identified and labor costs quantified.
American National Standards Institute/
Electronic Industries Alliance (ANSI/
EIA) Standard 748 is a process that
emphasizes earned value management.
When tracking schedule and costs you
CANNOT adjust your CPIC-approved
baseline!
A project plan with a WBS and milestones was
developed during the SLC Definition Phase and
approved through CPIC Select Phase. During
the Control Phase, collect actual information on
the resources allocated and expended since the
beginning of the project. Gather analysis
conducted on the other sections of the business
case to ensure that the investment is still aligned
with the business case submitted during the
previous CPIC submission.
For consistency, use the gap analysis conducted
during review of the other Exhibit 300 sections to
identify changes to the project plan.
All changes to the investment and project plan
baseline are considered "proposed" until they
are approved by the QIC and OMB. Be sure to
document the reasons for the changes,
referencing changes in other sections of the
Exhibit 300 such as EA, or Security, or
Performance Goals.
Accurately recording your baseline
milestones and actual time and costs will
ensure a higher score in this section. If
you have questions, contact OEI.
Refer to Appendix G - Building the Project
and Funding Plan Tables for a description on
how to complete the tables.
The next part of planning for the project is to
complete Earned Value Management (EVM)
activities using an earned value management
system (EVMS). EVM allows the Project
Manager, the QIC, and the OMB to predict how
much the investment will cost and how long it
will take to develop and implement, taking cost
and schedule slippages into consideration. The
EVMS is an approved method to help complete
the analysis.
Based on the project's historical cost and
schedule trend, calculate how the historical
trend will affect the remainder of the project.
The primary purpose of this assessment is to
ensure that the project is on schedule, and to
help identify issues or deficiencies that require
corrective action. See Appendix I - Earned
Value Management for a detailed description of
how to complete this section.
This section is becoming more and more
important to the IIS, the QIC and the OMB, so
compliance is mandatory. If there is no EVMS in
place for the project, or if there's a lack of
historical data to use, contact OEI for
alternatives.
Correctly providing EVMS data will
ensure top scores for this section.
EVMS is becoming more and more
important to QIC and OMB so
compliance is mandatory. If you don't
have the data or tools for your
calculations, contact OEI.
Establish whether the Estimate at Completion
(EAC) is on track with original assumptions. If
there are variances, plan and submit corrective
actions. If the variances are greater than 10%,
the project team must provide corrective actions
to help justify if the project should continue. In
some instances, where the business justification
may no longer exist or be as strong, or if
significant changes to the cost, schedule, and
CPIC Procedures for the OMB Exhibit 300
34
The Control Phase
-------�
U.H. •En¥if'[)nfi' 10% variance in
cost and schedule
CPIC Procedures for the OMB Exhibit 300
35
The Control Phase
-------�
First, OEI reviews the business case to ensure
that all process steps have been completed.
OEI provides any comments and/or questions to
the IPT, through the contact information supplied
with the submission. That contact person works
with the OEI to address the issues and furnish
details as requested.
Next, OEI forwards the updated package to the
QIC who will rely on the IIS to provide a
thorough business case review in accordance
with Control Phase criteria. If the project is
troubled, the IIS will evaluate that the corrective
measures suggested are valid and comply with
Agency risk tolerances. The IIS then develops
recommendations for the QIC to make a
decision on whether to this project should
continue.
4.3.4 Evaluate go/no-go decision
During this step, the QIC determines if the
project should continue, be modified, or
cancelled.
If the project is meeting assumptions and there
are no foreseeable issues before the next CPIC
submission, the initiative continues in the
Control Phase.
If the project is troubled, the QIC will evaluate
the US' recommendation and answers to the
following questions to determine if the project
can be modified or be cancelled.
. Is the IPT representative of all functional
areas affected by the project? Are they fully
engaged?
. Is the Project Sponsor engaged? Is the
Project Manager experienced and skilled
with troubled projects?
. Have there been organizational or
environmental changes that will significantly
affect project progress?
. Are the corrective measures proven?
. Does the acquisition strategy spread risk to
hired contractors? Is the contract
performance-based? Are they working to
meet deadlines?
. Does the mission performance gap still
exist? Is the investment still a viable
solution? Have there been material
changes in the technology selected?
. Are the requirements and work scope
constantly changing?
. Have the performance goals changed
materially? Will the solution still deliver
expected benefits and help the Agency
achieve its strategic goals?
. Does the project have good data for EVM?
Does the data show that project slippage
can be absorbed during the remainder of the
project?
. Is the Risk Inventory complete? Are current
risks identified and are the mitigation plans
well thought? Are the mitigation plans
viable?
If the QIC agrees with the modification, a revised
review schedule is established in concert with
OEI and the IIS. This formal monitoring of
investment progress, and the determination of
risks and returns, will continue throughout the
Control Phase.
If the QIC cancels the project, the QIC will
determine if the project should be re-designed in
SLC Definition. An investment that still has
strategic value will most likely go back to
Definition. An investment without strategic value
will most likely have its funding stopped at this
point.
4.3.5 Funding
During the Select Phase, the Project Sponsor
and Project Manager secured a funding
commitment from the Office for the life of the
investment.
If there are any funding issues, raise them with
their funding office and Senior Resource Official
(SRO).
4.4 Exit Criteria
Prior to exiting the Control Phase, investments:
. Are fully developed, tested and implemented
. Have shown that they will deliver the
benefits projected
. Obtained the QIC's approval to enter the
Evaluate Phase
CPIC Procedures for the OMB Exhibit 300
36
The Control Phase
-------�
r,1'/ / / rj n f i i £' n 11\ I P f
5 The Evaluate Phase
Evaluate Phase
• Review
Adjust
Apply
Lessons
Learned
CPIC Procedures for the OMB Exhibit 300
37
The Evaluate Phase
-------�
Enviru -n
r & ! v c / / .0 //
2? a c y
5.1 Evaluate Phase Purpose
As noted in the Government Accounting Office's
(GAO) Assessing Risks and Returns: A Guide
for Evaluating Federal Agencies' IT Investment
Decision-Making, "the Evaluation Phase 'closes
the loop' of the Information Technology (IT)
investment management process by comparing
actuals against estimates in order to assess the
performance and identify areas where decision-
making can be improved." This is done to
assess the investment's impact on mission
performance, identify any investment changes or
modifications that may be needed, and measure
benefits to the Agency.
The Evaluate Phase focuses on outcomes:
. Determine whether the IT investment met its
performance, cost, and schedule objectives;
. Ascertain the continued effectiveness in
supporting mission requirements and
evaluate the cost of continued maintenance
support;
. Consider potential retirement or replacement
of the investment;
. Determine the extent to which the Capital
Planning and Investment Control (CPIC)
process improved the outcome of the IT
investment.
Outcomes are measured one of two ways:
1. If the project is newly implemented, by
completing a Post-Implementation Review
(PIR)
2. If the project is considered in System Life
Cycle (SLC) "Operations and Maintenance"
phase, or "Steady-State", by completing an
Operational Analysis
A PIR is mandated by the Office of Management
and Budget (OMB) and is conducted by an
independent party (i.e., contractors or a different
Integrated Project Team (IPT) or an ad-hoc
project team of Environmental Protection
Agency (EPA) employees), to enforce
objectivity. Recommended guidance states that
the IPT actively assist the PIR team. The PIR
team begins by collecting performance data and
comparing actual to projected performance to
determine the system's efficiency and
effectiveness in meeting performance and
financial objectives. It includes a methodical
assessment of the investment's costs,
performance, benefits, documentation, mission,
and level of stakeholder and customer
satisfaction. The PIR should be conducted
within six to eighteen months of full
implementation.
The OMB also requires that all investments in
the Operations and Maintenance phase of their
system life cycle have an Operational Analysis
conducted in accordance with the Capital
Programming Guide issued in 1997. See
Appendix A - References for a web link to this
guide.
An Operational Analysis is defined as "[a
tracking method of] the system to measure the
performance and cost of an operational asset
against the baseline established in the Planning
Phase. This information will allow agency
resource managers to optimize the performance
of capital assets. Additionally, operational
analysis may indicate the need for the
acquisition of a new capital asset. The system
established should have the capability to provide
simple, easy to understand information that can
be used by managers to make sound
management decisions." In this case, the
activities conducted during the Planning Phase
are the same as those that are conducted during
the CPIC Select Phase.
EPA feels that by thoroughly analyzing the
investment for the CPIC Evaluate phase, an
Operational Analysis is conducted, as the
desired results of the Operational Analysis and
the CPIC Evaluate phases are the same.
5.2 Entry Criteria
Before entering the Evaluation phase, an
investment:
. Has been implemented, becomes
operational, or goes into production;
. Was cancelled prior to implementation. A
PIR must be conducted on all cancelled
projects to determine what went wrong;
. Has a confirmed PIR schedule, if applicable;
. Is in the Operations and Maintenance phase
of the System Life Cycle;
. Obtained the QIC's approval to enter the
Evaluate Phase.
CPIC Procedures for the OMB Exhibit 300
38
The Evaluate Phase
-------�
Enviru -n
r & ! v c / / .0 //
2? a c y
5.3 Evaluate Phase Process
During the Evaluate Phase, fully operational
investments are continually monitored for
stability, performance, outages, maintenance
activities, costs, resource allocation, defects,
problems, and system changes. If the
investment is newly implemented, a PIR must be
completed within six to eighteen months of
implementation. Waiting six months after
implementation will provide enough test data.
Waiting after eighteen months increases the risk
of spending money on an investment that is not
meeting the Agency's performance gaps.
During the PIR, actual performance collected is
compared to performance projections made
during the Select Phase. If the variances are
greater than 10%, the Quality and Information
Council (QIC) will determine if the Agency
should continue to fund the investment and carry
out correcting modifications.
Once the investment enters the Evaluate Phase,
the IPT will monitor the investment through
annual Operational Analyses (or, completing the
Exhibit 300 during the CPIC cycle), and report
investment status to the investment's sponsors
and oversight groups.
The following flowchart shows the process of the
Evaluate Phase.
CPIC Procedures for the OMB Exhibit 300
39
The Evaluate Phase
-------�
Will the
Investment
Newly
Implemented
Conduct PIR Review
Review and Modify
Business Case
CPIC Evaluate
Phase Review
Finalize CPIC
Submission
Benefit from
Change or
Modernization
Will
Investment
continue-
"GO"?
Send to SLC
Definition phase and
CPIC Select
Continue in
Evaluate Phase
Retire
Investment
Figure 5.1. The Evaluate Phase Decision Process Flowchart
CPIC Procedures for the OMB Exhibit 300
40
The Evaluate Phase
-------�
U .
.
ft ft ? t- /v ?a .'
/7 # '.; s? /./ c y
5.3.1 Conduct PIR and Present
Results
The PIR is usually scheduled by the Information
Investments Subcommittee (IIS) and the QIC
during the Control Phase. For a newly deployed
initiative, the PIR should take place between six
and eighteen months after the system is
operational to provide time to gain performance
information. In the case of a terminated system,
it should take place immediately because the
review will help define any "lessons learned" that
can be factored into future IT investment
decisions and activities. See Appendix J -
Conducting a Post Implementation Review
for instructions.
The PIR should be conducted by a team who is
independent of the system ownership. Either an
independent consulting company can be hired to
conduct the review, or an IIS team designated
by the QIC can conduct it. Members of the IPT
can assist.
At the heart of the PIR is the IT investment
evaluation in which the Agency looks at the
impact the system has had on customers, the
mission and program, and the technical
capability. The IT investment evaluation focuses
on three areas:
1. Impact to stakeholders—The evaluation
team typically measures the impact the
system has on stakeholders through user
surveys (formal or informal), interviews, and
feedback studies.
2. Ability to deliver the IT performance
measures (quantitative and qualitative)—
The system's impact to mission and
program goals is carefully evaluated to
determine whether the system delivered
expected results. This information is
compared to the investment's original
performance goals.
3. Ability to meet baseline goals—The
following areas are reviewed to determine
whether the investment is meeting its
baseline goals:
. Cost—Actual lifecycle costs to date;
. Return—Actual lifecycle returns to date;
. Funding Sources—Actual funds
received from planned funding sources;
. Schedule—Original baseline and actual
initiative schedule;
. Architectural Analysis—Determine
whether the initiative supports the
Agency's approach to EA standards or
what modifications are required to
ensure initiative compliance outside the
original architectural baseline;
. IT Accessibility Analysis—Determine
whether the initiative addresses
accessibility for persons with disabilities,
how the requirements were managed,
and impact on the architecture;
. Risk Analysis—Identify initiative risks
and how they were managed or
mitigated, as well as their effects, if any;
and
. Systems Security Analysis—Identify
initiative security risks and how they
were managed or mitigated as well as
security performance measures.
. Privacy Impact Analysis—Identify
privacy risks and how they were
managed or mitigated.
After the post-implementation data has been
collected and reviewed, the PIR team and the
Project Sponsor prepare and present a formal
PIR presentation to the IIS and the QIC. If the
review has resulted in a variance of greater than
10% from the original baseline, the initiative may
need to be re-prioritized in light of changing
business, organizational, financial, or technical
conditions. The presentation should summarize
the investment evaluation and provide a
summary of recommendations.
5.3.2 Review and Modify
Business Case
Each investment in the Evaluate Phase will be
assessed during the annual investment review
to ensure that it should continue to receive
funding. This assessment is also called an
Operational Analysis. See Appendix B -
Glossary of Terms and Acronyms for a
definition of Operational Analysis.
CPIC Procedures for the OMB Exhibit 300
41
The Evaluate Phase
-------�
Additionally, investments in the Evaluate Phase
that are considered Steady State must go
through an E-Government strategy review to
demonstrate alignment with and support of E-
Government initiatives. To prepare for the
annual investment reviews, start with the Exhibit
300 that was submitted during the last CPIC
cycle, and analyze and modify the sections as
needed for this cycle. Refer to the table in the
CPIC Process section to identify which sections
are emphasized and how changes in one
section may affect others.
5.3.2.1 Project Description
Revisit the description submitted during the
previous CPIC cycle to see if there are any
changes from a user and technical perspective.
In monitoring the investment during this phase,
the System's Owner and Manager should
evaluate the assumptions made during the
previous submission to ensure that the inputs
the investment will rely upon will continue to be
available throughout its life.
Changes in assumptions may require
modifications to design or to performance goals.
Make sure that the changes are thoroughly
cascaded throughout the project plan, SLC
documentation and Exhibit 300. As in the
previous submission, don't go into too much
detail, this really is a summary of the business
case.
5.3.2.2 Justification
During the Operations and Maintenance phase
of the SLC, the System's Owner and Manager
need to evaluate the performance analysis and
investment justification presented in the earlier
CPIC submissions. Relevant questions are the
same as in the Control phase, with a new
emphasis on customer satisfaction and cost-
effectiveness.
The following questions should help in
determining if there are changes in the project
description.
. Have the customers changed?
. Will the solution continue to satisfy
performance requirements?
Will those originally relying on outputs from
this system continue to do so?
Are there any changes to the required data
and process inputs? How will those
changes affect this investment?
Have the strengths, weaknesses,
opportunities and threats to the Agency that
have resulted in this critical need changed?
o Revisit and quantify projected demand
for services identified during the
previous cycle. If new sources have
surfaced, complete the same analysis
as was done during the performance
analysis step. It is important to
maintain the same level of detail and
analysis, ensuring that the baseline
can be consistently evaluated.
Have Agency goals, and the organizational
pains identified during the previous cycle
changed?
Does the Agency still have the
organizational capacity to fulfill its goals now
and in the future?
o Identify and quantify projected
technological opportunities that will
enable EPA to perform its mission
more efficiently and effectively.
o Identify and quantify the need for
existing and projected services based
on information from field organizations,
the EA, and IT investment portfolio that
defines what is in place and what is
approved for implementation.
Were user/customer assessments
conducted using tools such as surveys and
community inputs? Are customers and
stakeholders happy with the results of the
system and will they continue to support it?
Were costs accurately estimated? Is the
investment on budget and will it continue to
be?
Does the investment comply with E-
Government initiatives?
Has there been a significant increase in the
number, type, or category of individuals
about whom records are maintained?
Increases attributable to normal growth
should not be reported.
CPIC Procedures for the OMB Exhibit 300
42
The Evaluate Phase
-------�
€ n v -I
i '} n i ?.s 1 P-f 9 1 e £ I i o // A y £? /j c
Did a change occur that expands the types
or categories of information maintained?
Did a change that alters the purpose for
which the information is used?
. Will this require a change to equipment
configuration (either hardware or software)
that creates substantially greater access to
the records in the system of records?
If the justification has weakened, the investment
may need to be re-designed, modernized, or
retired.
5.3.2.3 Performance Goals and
Measures
In the Evaluate phase, performance goals are
heavily analyzed. Success or failure of the
investment is based on how well it performs
against expectations. Are the customers and
stakeholders satisfied with the product and
service that they are receiving? Is the Agency
recognizing the benefits it expected? Is the
Federal Government getting the return on
investment that was estimated?
Evaluating the performance of the investment is
a continuous job. Additionally, the performance
goals and measures themselves need to be
analyzed; Do the measures need to be adjusted
to reflect changes in customer requirements?
Are they truly representative of the overall
environment and system that the investment
operates in? Are they difficult to track?
There are various tools and methodologies
available to help analyze performance
measures. Refer to Appendix D -
Performance Measures as a guide to industry
best practices. For more information on industry
best practices and the best way to evaluate the
investment, contact the Office of Environmental
Information (OEI).
The evaluation may result in design
modifications or alterations to the investment. In
this case, the redesigned component will enter
SLC Definition phase, and CPIC Select.
Additional funding needs to be reviewed by the
QIC to determine if the change to the investment
will continue to result in the highest returns to
the Agency. Contact OEI for guidance on how
to submit the business case.
Performance evaluation may result in the
redesign of a system component. This
part of the investment will need to go
through CPIC Select and Control until it
is implemented, and the project becomes
"Mixed Life-Cycle."
If there are no changes to the Performance
Goals and Measures, describe that a thorough
review of the current goals and measures was
conducted, explain the review process, and
conclude that no modification is needed.
5.3.2.4 Program Management
This point of the CPIC process is a good time to
evaluate the team. Does the skill mix still
contribute toward development of the
investment? Does the project still have
representation from required functional areas?
Is the project being adequately managed? Do
the team members have adequate time to
provide input to the project?
If there are changes to the project team, be sure
to take a close look at the project's Risk
Inventory plan for potential negative effects.
Describe the evaluation process and document
if there are changes and why.
If there is a change in the IPT, OEI will
look for effects to the risk management
plan. Be sure to look for project risk
effects due to IPT weaknesses, and
document your process.
CPIC Procedures for the OMB Exhibit 300
43
The Evaluate Phase
-------�
i/.i;
On the Exhibit 300, provide the names and
contact information of the project team, as well
as their skill sets and responsibilities.
5.3.2.5 Alternatives Analysis
Alternatives Analysis for Steady State
investments in the Evaluate Phase focuses on
E-Government strategy and review, ensuring
that the investment uses emerging technology.
Every year, the IPT should conduct an
Alternatives Analysis to ensure that the
investment is functioning using the most cost-
effective and modern technologies and
processes. The E-Government review should
evaluate e-business technologies and web
services such as XML, J2EE and .Net. These
technologies enable seamless data sharing and
collaboration across different operating systems.
Refer to the FEA Technical Reference Model as
a resource for emerging technologies that the
Federal Government uses in its EA.
Investments that will continue to provide
performance benefits may qualify for the
Agency's modernization blueprint and specially
allocated funds.
The investments with the strongest
business justification will be awarded
funding in the year they qualify for
modernization so be sure to continue with
thorough business case review and
analysis.
5.3.2.6 Risk Inventory
During the Evaluate phase, risks are monitored
for external influences such as changes in the
IPT, changes in technology, changes to EA or
changes in Agency leadership or funding.
Follow the process used during the Control
Phase, now concentrating on external
pressures. The process is repeated below.
1. Begin with the Risk Inventory prepared
during the previous CPIC cycle - this is the
baseline.
2. With the IPT, identify any new or existing
internal risks based upon review of the Work
Breakdown Structure (WBS), Project Plan,
Risk Checklist, and stakeholder interviews.
Financial, technical, operational, schedule,
legal and contractual, and organizational
risks should be identified and analyzed.
3. Gather the analysis conducted on all of the
sections of the Exhibit 300 during this CPIC
cycle and create a new Risk Inventory by
following the same process as before. Be
sure to consider the same types of risk,
which are listed below for review:
1. Schedule
2. Initial Costs
3. Life-cycle Costs
4. Technical Obsolescence
5. Feasibility
6. Reliability of Systems
7. Dependencies between this system and
others
8. Asset Protection
9. Risk of Creating a Monopoly for future
procurements
10. Management Capability
11. Risk of Failure
12. Organizational and Change
Management
13. Business
14. Data/Information
15. Technology
16. Strategic
17. Security
18. Privacy
19. Project Resources
4. See Appendix F - Risk Assessment, for an
in-depth approach to identifying and planning
for the risks listed above.
5. Conduct a GAP analysis between the
baseline and the new Risk Inventory. Are
there any changes? If so, what are the
effects of these changes? How do the
changes affect:
CPIC Procedures for the OMB Exhibit 300
44
The Evaluate Phase
-------�
U. !»'. Ei:fty
. Risk Priority
. Risk Description
. Probability of Occurring
. Cost to Mitigate the Risk
. Cost to the Agency if the Risk Occurs
6. Finally, be sure to update the plan for this
CPIC submission.
5.3.2.7 Acquisition Strategy
In the Select Phase, an acquisition strategy was
chosen to help mitigate many of the project risks
identified in the previous section. Even if the
investment is fully implemented and is
operational, contractor teams involved in day-to-
day operations and maintenance need to be
evaluated during this CPIC phase.
Review the project and funding plan first, then
meet with the Contracting Officer if changes to
the project plan will result in changes to
previously negotiated contracts.
If there are changes to the acquisition strategy,
the QIC and OMB will look for related changes
to the Project and Funding Plan, as well as the
Risk Inventory.
5.3.2.8 Project and Funding Plan
Review the ongoing funding plan to determine if
costs have been estimated correctly. Make
budgeting adjustments if the original costs have
not been estimated correctly.
Projects with a cost slippage of greater
than 10% must go through a special OEI
review outside the normal CPIC
schedule, and may lose funding.
A variance of greater than 10% will require a
special OEI review. Use Earned Value
Management (EVM) software to calculate
estimates at the completion of the project.
Provide explanations on why the investment has
a cost overrun, and plan corrective actions. Be
sure to include the original cost estimates for
comparison. The goal of this section as part of
the Evaluate Phase is to provide enough
information to the IIS and the QIC so that they
may decide whether to continue the investment
as is, modify, or retire it.
Changes to the tables due to modification will be
submitted as part of Select.
5.3.2.9 Enterprise Architecture
During the Evaluate phase, the investment is
assessed against the Agency Enterprise
Architecture (EA) to ensure that it continues to
comply with the EA and any E-Government
initiatives or strategies. If the investment has
not been through a formal architecture review
since its last CPIC cycle, go through each of the
questions listed on the Exhibit 300 and
objectively answer each one. Map the
investment components to the Federal
Enterprise Architecture (FEA) Reference Models
and the EPA EA. If there are changes to the
investment identified in other sections, be sure
to inform to the EA Team.
Refer the latest E-Government documentation to
ensure accuracy. Reference Appendix H -
Enterprise Architecture and E-Government
for descriptions on how the two topics relate.
Changes to the architecture may indicate
modifications to the investment. Be sure to
review performance goals and measures to set
expectations during these changes.
5.3.2.10 Security and Privacy
Legislative policy requires that security and
privacy be assessed during the life of an
investment. Make sure the system continues to
meet all current security and privacy rules and
regulations.
CPIC Procedures for the OMB Exhibit 300
45
The Evaluate Phase
-------�
U.:J.
cost and schedule
is in trouble -
10% variance in
To obtain information on the current laws,
contact the Office's Information Security Officer,
OEI's Technical Information Security Staff, or
the Agency Privacy Act Officer. Please refer to
the following EPA Intranet site for more
information on security topics and contacts:
http://intranet.epa.gov/itsecurity/incidents.htmltfc
hart
5.3.3 Finalize Submission
Package
EPA allows CPIC submission using the Exhibit
300 of the A-11. Contact OEI for the most
recent version.
Review the completed business case and
supporting documentation, making sure all of the
areas that the QIC and the OMB rate highly are
covered. A few extra minutes could be the
difference between a funded and retired
investment. Investments with insufficient
business case documentation will not be
included in the IT Investment Portfolio or
forwarded to the OMB as part of EPA's IT
budget request.
When finished, submit the documentation first to
the Budget Office for signatures of its Senior
Budget Official, Senior Information Resource
Management Official and Senior Resource
Official.
Then submit the business case to OEI. Be sure
to provide contact information when submitting
the business case to OEI.
5.3.4 CPIC Evaluate Phase
Review
In this step, OEI will review the business case
for accuracy and completeness in:
1. CPIC process steps
2. PIR, if required
First, OEI reviews the business case to ensure
that all process steps have been completed.
OEI provides any comments and/or questions to
the IPT, through the contact information supplied
with the submission. That contact person works
with the OEI to address the issues and furnish
details as requested.
When complete, OEI forwards the updated
package to the QIC, who will rely on the IIS to
provide a thorough business case review in
accordance with Evaluate Phase criteria,
determining if it can optimally continue to
support mission/user requirements and the
Agency's strategic direction. If the investment is
troubled, the IIS will evaluate the corrective
measures suggested for validity and compliance
with Agency risk tolerances. The IIS develops
recommendations for the QIC to make a
decision on whether to keep this investment as
part of the Agency IT Investment Portfolio as is,
modify or replace the investment, or retire it.
5.3.5 Evaluate go/no-go decision
During this step, the QIC determines if the
investment should continue, be modified or
replaced, or retired.
If the project is meeting assumptions and there
are no foreseeable issues before the next CPIC
submission, the investment continues in the
Evaluate Phase.
If the project is troubled, the QIC evaluates the
IIS' recommendation and answers the following
types of questions to determine if the investment
can be modified, replaced, or cancelled.
. Is the IPT representative of all functional
areas affected by the investment? Is it fully
engaged?
. Is the Project Sponsor engaged? Have
there been organizational or environmental
changes that will significantly affect
investment success and return on
investment?
. Does the business need still exist? Is the
investment still a viable solution? Have
there been material changes in the
technology selected?
CPIC Procedures for the OMB Exhibit 300
46
The Evaluate Phase
-------�
• Have the performance goals changed
materially? Will the solution still deliver
expected benefits and help the Agency
achieve its strategic goals?
. Are costs accurately estimated? Are there
unexpected spikes? Will the benefits of the
investment continue to outweigh the costs
and is the return on investment within
Agency guidelines?
. Is the Risk Inventory complete? Are current
risks identified and are the mitigation plans
well planned? Are the mitigation plans
viable?
If the QIC agrees with the modification, a revised
review schedule is established in concert with
OEI and the IIS. This formal monitoring of
investment progress and the determination of
risks and returns will continue throughout the
Select Phase.
If the QIC cancels the project, the QIC will
determine if the project should be re-designed in
SLC Definition. An investment that still has
strategic value will most likely go back to
Definition. An investment without strategic value
will most likely be retired.
5.3.6 Funding
Funding for the investment should be committed
by the Office. If there are any funding issues,
raise them with the funding office and Senior
Resource Official (SRO). Despite having a
funding commitment, the QIC may still decide to
retire the investment.
5.4 Exit Criteria
Exiting the Evaluate Phase means one of two
things:
1. The investment will be modified and go
through the Select Phase again or
2. The investment will be retired.
If the entire investment is to be modified or
modernized, the entire business case package
will remain as one and will enter the Select
Phase.
CPIC Procedures for the OMB Exhibit 300
47
The Evaluate Phase
-------�
6 Appendix A - References
Assessing Risks and Returns: A Guide for
Evaluating Federal Agencies' IT Investment
Decision-Making, U.S. General Accounting
Office, Accounting and Information Management
Division, February 1997.
Capital Programming Guide, Office of
Management and Budget, July 1997.
http://www.whitehouse.gov/omb/circulars/a11/cp
gtoc.html
Circular A-11: Preparing and Submitting Budget
Estimates, Office of Management and Budget,
August 2003.
http://www.whitehouse.gov/omb/circulars/a11/03
toc.html
Circular A-76: Performance of Commercial
Activities, Office of Management and Budget,
March 2003.
http://www.whitehouse.gov/omb/circulars/a11/03
toc.html
Circular A-94: Discount Rates to be Used in
Evaluating Time-Distributed Costs and Benefits,
Office of Management and Budget, January
2003.
http://www.whitehouse.goV/omb/circulars/a094/a
094.pdf
Circular A-127: Financial Management
Systems, Office of Management and Budget,
July 2003.
http://www.whitehouse.goV/omb/circulars/a127/a
127.html
Circular A-130: Management of Federal
Information Resources, Office of Management
and Budget, February 8, 1996.
http://www.whitehouse.goV/omb/circulars/a130/a
130trans4.pdf
Clinger-Cohen Act of 1996 (formerly the
Information Technology Management Reform
Act [ITMRA]).
http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=104_cong_public_laws
&docid=f:pub!106.104.pdf
Cost-Benefit Analysis Evaluation Guide,
National Institutes of Health, Center for
Information Technology, Office of the Deputy
Chief Information Officer, August 2000.
Agency of Defense Handbook: Work
Breakdown Structure, U.S. Agency of Defense,
MIL-HDBK-881, www.acq.osd.mil/pm/newpolicy/
wbs/wbs.html, January 2, 1998.
Don't Ignore the Intangibles, Keen, Jack, CIO
Magazine, August 15, 2003, www.cio.com
Earned Value Management Implementation
Guide, U.S. Agency of Defense, www.acq.
osd.mil/pm/currentpolicy/jig/evmig1.htm,
Octobers, 1997.
Earned Value Management Systems (EVMS)
Basic Concepts, Project Management Institute,
www.acq.osd.mil/pm/paperpres/sean_alex/
s1d009.htm.
Evaluating Information Technology Investments,
Office of Management and Budget, February
1995.
Executive Guide: Leading Practices in Capital
Decision-Making, U.S. General Accounting
Office, Accounting and Information Management
Division, December 1998.
FEA References Models, 2004.
http://www.feapmo.gov/
Fleming, Quentin W., Earned Value Project
Management: A Powerful Tool for Software
Projects, Primavera Systems, Inc.,
www.stsc.hill.af.mil/
crosstalk/1998/jul/value.html, July 1998.
Guide to Implementing IT Capital Planning and
Investment Control, U.S. Agency of Agriculture,
Office of the Chief Information Officer, April 19,
1998.
Guide to IT Capital Planning and Investment,
U.S. Agency of Energy, September 1999.
CPIC Procedures for the OMB Exhibit 300
48
Appendix A - References
-------�
Implementing Best Practices: Strategies at
Work (Draft), Report of the Capital Planning and
IT Investment Committee of the Federal CIO
Council, August 1997.
Information Technology Investment
Management: A Framework for Assessing and
Improving Process Maturity (Exposure Draft),
U.S. General Accounting Office, Accounting and
Information Management Division, May 2000.
Information Technology Investment
Management: An Overview of GAO's
Assessment Framework (Exposure Draft), U.S.
General Accounting Office, Accounting and
Information Management Division, May 2000.
Introduction to NIH IT Performance Measures,
National Institute of Health, Center for
Information Technology, Office of the Deputy
Chief Information Officer, May 9, 2000.
Investigative Report of Senator Fred Thompson
on Federal Agency Compliance with the Clinger-
Cohen Act, U.S. Senate, Committee on
Governmental Affairs, October 20, 2000.
Investment Management Guide (Revised Copy),
U.S. Agency of Justice, January 1999.
Investment Management Process System
Description, Version 2.1, U.S. Customs Service,
May 15,2000.
IT Capital Planning and Investment Guide, U.S.
General Services Administration, Office of the
Chief Information Officer, October 1997.
Lagas, Robert, Cost-Benefit Analysis Guide for
NIH Projects, National Institutes of Health,
Center for IT, Office of the Deputy Chief
Information Officer, May 1999.
Hall, Elaine M., Managing Risk: Methods for
Software Systems Development, Addison-
Wesley, Reading, MA, January 1998.
Performance-Based Management: Eight Steps
to Develop and Use Information Technology
Performance Measures Effectively, U.S. General
Services Administration, Office of Government
wide Policy, December 1996.
Recommended Criteria for IT Investment
Decision-Making Under Implementation of
ITMRA '96, U.S. Agency of Defense Office of
the Assistance Secretary of Defense for
Command, Control, Communications, and
Intelligence (ASD, C3I), August 1997.
Smart Practices in Capital Planning, The
Federal CIO Council, Capital Planning and IT
Management Committee, Industry Advisory
Council (IAC), October 2000.
VA Information Technology Capital Investment
Guide, U.S. Agency of Veteran Affairs, June 15,
2000.
Wilkens, Tammo T., Earned Value, Clear and
Simple, Los Angeles County Metropolitan
Transportation Authority, www.acq.osd.mil/pm/
paperpres/wilkins_art.pdf.
US EPA, Enterprise Architecture Status Report
2003, Septembers, 2003,
http://intranet.epa.gov/architec.
CPIC Procedures for the OMB Exhibit 300
49
Appendix A - References
-------�
7 Appendix B - Glossary of Terms and
Acronyms
Term
Actual Cost of Work
Performed (ACWP)
Alternatives Analysis
Baseline
Benefit
Best Practices
Budgeted Cost for Work
Performed (BCWP)
Budgeted Cost of Work
Scheduled (BCWS)
Business Case
Business Process
Capital Asset
Capital Planning and
Investment Control
(CPIC)
Chief Financial Officer
(CFO) Act of 1990
Clinger-Cohen Act (CCA)
of 1996
Configuration
Management
Control Phase
Definition
The costs actually incurred and recorded for work performed within a
given time period. An EVM calculation.
An analysis to compare and evaluate the costs and benefits of various
alternatives for meeting a requirement for the purpose of selecting the
alternative that is most advantageous to the enterprise.
An unchanging estimate, or starting point, for measurement.
Quantifiable or non-quantifiable advantage, profit, or gain.
Processes, practices, or systems used by public and private
organizations that perform exceptionally well and are widely recognized
as improving an organization's performance and efficiency in specific
areas. Successfully identifying and applying best practices can reduce
business expenses and improve an organization's efficiency.
The sum of the budgets for completed work packages and completed
portions of open work packages, plus the applicable portion of the
budgets for level of effort and apportioned effort. An EVM calculation.
The sum of all WBS element budgets that are planned or scheduled for
completion. An EVM calculation.
Structured proposal for business improvement that functions as a
decision package for organizational decision-makers. A business case
includes an analysis of business process performance and associated
needs or problems, proposed alternative solutions, assumptions,
constraints, and risk-adjusted CBA.
A collection of related, structured activities or chain of events that
produce a specific service or product for a particular customer or group of
customers.
Tangible property, including durable goods, equipment, buildings,
installations, and land.
A centralized, three-step process by which Agencies will comply with the
Clinger-Cohen Act and better manage IT investments. See CCA.
Enhances general management functions of the Office of Management
and Budget to improve the efficiency and effectiveness of the Federal
Government.
Formerly the IT Management Reform Act, requires that all Agencies use
a disciplined CPIC process to acquire, use, maintain and dispose of IT.
One of five categories of network management defined by the
International Standards Organization. As it relates to cyber security
services, configuration management is the process of adding, deleting,
and modifying connections, addresses, and topologies within a
system/network.
The second CPIC phase that requires ongoing monitoring of IT
investments against schedules, budgets, and performance measures.
CPIC Procedures for the OMB Exhibit 300
50
Appendix B - Glossary of Terms and
Acronyms
-------�
P?*]){>,'cfi
Term
Cost
Cost-Benefit Analysis
(CBA)
Cost Post Performance
Index (CPI)
Cost Variance (CV)
Customer
Discount Factor (DF)
Discount Rate (DR)
Earned Value
Earned Value
Management
Effectiveness
Efficiency
Enterprise Architecture
(EA)
Estimate at Completion
(EAC)
Estimate to Complete
(ETC)
Evaluate Phase
Exhibit 300
Federal Enterprise
Architecture (FEA)
Reference Models
Definition
Direct and indirect expenses plus any periodic or continuing financial
outlays of operations and maintenance.
A technique used to compare the various costs associated with an
investment or project with the benefits it proposes to return. CBA should
address and account for both tangible and intangible factors.
Earned value divided by the actual cost incurred for an investment.
Earned value minus the actual cost incurred for an investment.
Groups or individuals who have a business relationship with the
organization; those who receive or use, or are directly affected by the
products and services of the organization.
The factor that translates expected benefits or costs in any given future
year into present value terms. The discount factor is equal to 1/(1 + i)t
where ; is the interest rate and t is the number of years from the initiation
date for the program or policy until the given future year.
The interest rate used in calculating the present value of expected yearly
benefits and costs.
Calculated benefits that the investment creates, to date. Takes into
consideration revenue and cost savings.
A structured approach to project management and forecasting including
comparisons of actual and planned costs, work performed, and schedule.
An assessment of the qualitative level of achievement of program goals
and the intended results, as defined in strategic or other plans or
documentation or in legislation. Sometimes characterized as doing the
right things.
A measure of the relative amount of resources used in performing a
given unit of work. Sometimes characterized as doing things the right
way. Can involve unit costing, work measurement (standard time for a
task), labor productivity (ratio of outputs to labor inputs), or cycle time.
A process for ensuring that an organization's goals and business are
supported by information resources
The actual costs incurred, plus the estimated costs for completing the
remaining work.
The cost necessary to complete all tasks from the actual cost of work
performed end date through the investment's conclusion.
Capital planning phase that requires IT investments to be reviewed once
they are operational to determine whether investments meet
expectations. The third CPIC phase.
The form on which business cases for major IT investments are
submitted to the OMB as part of the budget process. EPA uses this form
for the CPIC process.
Documents containing best practices as defined by the Federal
Government's Program Management Office. The documents are:
. Technical Reference Model (TRM)
. Performance Reference Model (PRM)
. Service Component Reference Model (SRM)
. Business Reference Model (BRM)
Data Reference Model (DRM)
CPIC Procedures for the OMB Exhibit 300
51
Appendix B - Glossary of Terms and
Acronyms
-------�
P?*]){>,'c
Term
Financial System
Fiscal Year (FY)
Functional Requirements
General Accounting
Office (GAO)
Government
Performance and Results
Act(GPRA)of 1993
Hardware/Equipment
Identifiable Form
Information Investments
Subcommittee (IIS)
Information System (IS)
Information Technology
(IT)
Information Technology
Investment Management
(ITIM)
IT Investment
IT Investment Portfolio
Infrastructure
Definition
An information system used for any of the following:
. Collecting, processing, maintaining, transmitting, or reporting data
about financial events
. Supporting financial planning or budgeting activities
. Accumulating and reporting cost information
. Supporting the preparation of financial statements
The Federal budget year; spans the dates October 1 - September 30.
A description of system capabilities or functions required to execute a
required process such as a communication link between several
locations or generating specific reports.
Audits agencies for compliance with CCA. Has published guidance on
investment management.
Requires Federal Agencies to establish standards by which to evaluate
investments.
Includes any equipment used in the automatic acquisition, storage,
manipulation, management, movement, control, display, switching,
interchange, transmission, or reception of data or information (e.g.,
computers and modems); capital and non-capital purchases or leases.
Any representation of information that permits the identity of an individual
to whom the information applies to be reasonably inferred by either direct
or indirect means.
Addresses mission priorities and trade-offs for information investment
proposals from the perspective of Clinger-Cohen Act requirements, the
Systems Modernization Fund, and the Agency's Information Plan. The
Subcommittee is co-chaired by the Deputy CFO and supports the QIC in
making recommendations to the Chief Financial Officer and the Chief
Information Officer on the appropriateness of information investments.
A discrete set of information resources organized for the collection,
processing, maintenance, transmission, and dissemination of information
in accordance with defined procedures, whether automated or manual.
Any equipment or interconnected system or subsystems or equipment
used in the automatic acquisition, storage, manipulation, management,
movement, control, display, switching, interchange, transmission, or
reception of data or information.
Methodology developed by the GAO that proposed a three-phase
process and organizational maturity. Provided the basis for the three-
phase CPIC process.
The most appropriate term used by OMB and EPA to reflect any IT
system, project, program, or initiative. OMB Circular A-11 differentiates
between major IT investments and non-major IT investments. All dollars
spent on information technology are considered investments, whether
they support an IT system, program, or governance effort of IT
investment management processes.
All IT investments that EPA funds.
The IT operating environment (e.g., hardware, software, and
communications).
CPIC Procedures for the OMB Exhibit 300
52
Appendix B - Glossary of Terms and
Acronyms
-------�
P?*]){>,'c
Term
Integrated Project Team
(IPT)
Major IT Investment
Net Present Value (NPV)
Office of Environmental
Information (OEI)
Office of Management
and Budget (OMB)
Operational Analysis
Opportunity Costs
Paperwork Reduction Act
(PRA)of 1995
Payback Period
Performance Gap
Analysis
Performance Goals
Definition
Project team that manages the investment from definition through
retirement. Consists of functionally diverse people.
An IT project and system that meets criteria established by the OMB, and
must follow the EPA CPIC process. A major investment is one that:
. Requires special management attention because it is important to
the Agency's mission;
. Was reported as major in the most recent OMB submission and is
continuing;
. Is for financial management and the investment exceeds $500,000;
. Is directly tied to the top two layers of the FEA;
. Is an integral part of the Agency's modernization blueprint;
. Has significant program or policy implications;
. Has high executive visibility;
. Is defined as major by the Agency's CPIC process.
The difference between the discounted present value of benefits and the
discounted present value of costs. Also referred to as the discounted net.
The department of EPA who is responsible for the central CPIC process
and compliance with OMB requirements.
White House Department responsible for all budgeting and financial
management for the Federal Government.
From the Capital Programming Guide, it is "[a tracking method of] the
system to measure the performance and cost of an operational asset
against the baseline established in the Planning Phase. This information
will allow agency resource managers to optimize the performance of
capital assets. Additionally, operational analysis may indicate the need
for the acquisition of a new capital asset. The system established should
have the capability to provide simple, easy to understand information that
can be used by managers to make sound management decisions."
EPA considers the Evaluation Phase of CPIC and an Operational
Analysis the same.
Cost of not investing in the initiative or cost of a forgone option.
Minimizes the paperwork burden for citizens by using Federal information
to strengthen decision making, accountability, and openness in
Government and society, etc.
The number of years it takes for the cumulative dollar value of the
benefits to exceed the cumulative costs of an investment.
Preliminary research performed to determine the viability of the proposed
initiative by performing an alternatives analysis, including market
research and extensive interviews with subject matter experts.
A desired endpoint or purpose of an operation or activity.
CPIC Procedures for the OMB Exhibit 300
53
Appendix B - Glossary of Terms and
Acronyms
-------�
P?*]){>,'cfi
Term
Performance Indicator
Performance
Management
Performance Measures
Post-Implementation
Review (PIR)
Privacy Impact
Assessments (PIAs)
Project Description
Project Plan
Quality and Information
Council (QIC)
Return
Return on Investment
(ROI)
Definition
Description of:
. What is to be measured, including the metric to be used (e.g.,
conformance, efficiency, effectiveness, costs, reaction, or customer
satisfaction)
. Scale (e.g., dollars, hours, etc.)
. Formula to be applied (e.g., percent of "a" compared to "b," mean
time between failures, annual costs of maintenance, etc.)
. Conditions under which the measurement will be taken (e.g., taken
after system is operational for more than 12 hours, adjusted for
constant dollars, etc.)
One of the five categories of network management defined by the
International Standards Organization. As it relates to cyber security
services, a set of procedures and practices for measuring and recording
resource utilization.
Method used to determine the success of an initiative by assessing the
investment contribution to predetermined strategic goals. Measures are
quantitative (e.g., staff-hours saved, dollars saved, reduction in errors,
etc.) or qualitative (e.g., quality of life, customer satisfaction, etc.).
A review of an investment or project that compares the actual cost,
schedule, performance, and other results achieved against the conditions
that existed prior to the implementation of the investment. A PIR is
conducted after an investment or project has been completed and is fully
operational. It can also provide valuable "lessons learned" to be applied
to future investments or projects.
A process for examining the risks and ramifications of collecting,
maintaining and disseminating information in identifiable form. The PIA
is framework for considering the privacy implications of information
collected on individuals and where potential disclosure risks may lie.
Brief overview of initiative of no more than 1 00 words to include:
. Short summary of proposed initiative
. Statement of the business functions or processes the initiative
supports
. Brief summary of benefits resulting from the initiative (tangible or
intangible).
A document that describes the technical and management approach to
carrying out a defined scope of work, including the project organization,
resources, methods, and procedures and the project schedule.
Advise and assist the National Program Manager and Chief Information
Officer (NPM/CIO) of the Information Office in developing and
implementing the Agency's quality and information goals and policies.
The difference between the value of the benefits and the costs of an
investment. In a CBA it is computed by subtracting the Total Discounted
Costs from the Total Discounted Benefits, and is also called the Total
Discounted Net.
A percentage calculated by dividing the Total Discounted Net by the
Total Discounted Costs. To express it as a percentage, multiply by 100.
It can also be expressed as (Total Discounted Benefits minus Total
Discounted Costs) divided by Total Discounted Costs.
CPIC Procedures for the OMB Exhibit 300
54
Appendix B - Glossary of Terms and
Acronyms
-------�
P?*]){>,'cfi
Term
Risk
Risk Adjusted Return on
Investment
Risk Assessment and
Management Plan (Risk
Inventory)
Risk Management
Schedule Variance
Security
Security Analysis
Security Plan
Select Phase
Software
Strategic Management
Subject Matter Expert
(SME)
Sunk Cost
System Life Cycle (SLC)
Tactical Management
User Requirements
Variance at Completion
(VAC)
Definition
A combination of: the probability that a threat will occur, the probability
that a threat occurrence will result in an adverse impact, and the severity
of the resulting impact.
Adjustment of Return on Investment for the annual cost of risk based on
the probability of a risk occurring.
A description of potential cost, schedule, and performance risks, and
impact of the proposed system to the infrastructure. Includes a
sensitivity analysis to articulate the effect different outcomes might have
on diminishing or exacerbating risk. Provides an approach to managing
all potential risks.
The process concerned with identifying, measuring, controlling, and
minimizing risk.
Earned value minus the planned budget for the completed work.
Measures and controls that ensure the confidentiality, integrity,
availability, and accountability of the information processes and data
stored by a computer.
A formal analysis conducted by the agency security analyst or designee
for the purpose of determining the importance of the information,
assessing risks, formulating mitigation strategies, and other measures
needed to safeguard the system.
Description of system security considerations such as access, physical or
architectural modifications, and adherence to Federal and EPA security
requirements.
Capital planning phase used to identify all new, ongoing, and operational
investments for inclusion into the IT portfolio. The first CPIC phase.
Any software specifically designed to make use of and extend the
capabilities of hardware/equipment.
Ensures that all perspectives, or viewpoints of an organization are
represented equally during planning and decision-making.
Person who has a lot of knowledge on one subject and who can provide
requirements or test the functionality of the system.
A cost incurred in the past that will not be affected by any present or
future decisions. Sunk costs should be ignored in determining whether a
new investment is worthwhile.
The duration of the system life organized into five phases: definition,
acquisition or development, implementation, operation and maintenance,
and termination.
The day-to-day monitoring of strategic objectives.
The technical requirements for hardware, software, facilities, personnel,
procedures, technical data, personnel training, spares, repair parts, and
consumables needed to test, deploy, operate, and maintain a system,
network, investment, or project. Also called Customer or Stakeholder
Requirements.
The difference between the total budget assigned to a contract, WBS
element, organizational entity, or cost account and the estimate at
completion; represents the amount of expected overrun or under run.
CPIC Procedures for the OMB Exhibit 300
55
Appendix B - Glossary of Terms and
Acronyms
-------�
-nfit2//ia•/ PfG»t"jc//rjn Ay5?rjcy
8 Appendix C - Quality and Information
Council Charter
This Appendix contains parts of the QIC Charter,
released in 1999 that relate to the CPIC
process. It was prepared by the Office of
Information Transition & Organizational Planning
and is provided in this document to show how
business cases are examined and evaluated by
the QIC.
Note: Some of the content in this section is
still in the process of being updated.
Updated information will be included in
subsequent versions. Sections marked as
"Removed" in the text that follows indicate
particular sections of the original QIC
Charter that were removed or deleted after
initial publication, e.g., Section (2-1), Section
(2-3).
8.1 Purpose, Authority and
Duration
(1-1) This document charters EPA's QIC. The
purpose of the QIC is to advise and assist the
National Program Manager and Chief
Information Officer (NPM/CIO) of the Information
Office in developing and implementing the
Agency's quality and information goals and
policies. The Council provides an efficient
mechanism through which senior Agency
officials can raise and debate strategic
information issues facing the Agency. It offers
the NPM direct access to those officials to obtain
their counsel on, and commitment to, quality and
information strategies and policies.
(1-2) On matters internal to his or her program,
including budget preparation, the NPM/CIO has
the authority to make decisions unilaterally or in
consultation with the QIC, as he/she considers
appropriate. On strategic directions, major
investment decisions, and significant policy
issues that affect the Agency at large or the
operations of multiple EPA programs, the NPM
will inform and consult with the QIC prior to
reaching a decision. In determining the authority
of the NPM vs. the role of the QIC, in general,
the QIC will provide focus on "what" the
Agency's information direction, needs, or
priorities should be; while the NPM/CIO authority
will focus on "how" those directions, needs, or
priorities are carried out.
(1-3) The Quality and Information Council is
considered a permanent EPA body. Its charter
can be amended by a two third's vote of the
Council membership or in response to direction
from the Administrator or Deputy Administrator.
This charter shall be periodically reviewed and
updated as necessary, as outlined in Section (5-
15).
8.2 Scope and Functions
8.2.1 Policy, Planning and
Innovation.
(2-1) Removed5
(2-2) The QIC will function as a forum in which
ideas and issues from the NPM and other QIC
members can be raised and vetted. It will
provide an opportunity for cross-office exchange
and development of ideas on quality and
information. It is intended to stimulate the
creation of internal partnerships on information
strategies, initiatives and opportunities for
efficiency. It should encourage forward-looking
discussions of current and emerging issues.
(2-3) Removed
8.2.2 Investment Review.
(2-4) By working with the NPM/CIO, the QIC will
develop criteria for information investment
decisions. Information investments include
resources that affect programs and regions,
including review of business case analyses to
support investment and return-on-investment,
the Systems Modernization Fund, major data
5 Indicates that this section, and others in the original
QIC Charter were removed or deleted after initial
publication.
CPIC Procedures for the OMB Exhibit 300
56
Appendix C - Quality and Information
Council Charter
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
acquisitions, and systems development
activities. It may eventually include major
Agency investments in such information
activities as monitoring and modeling.
(2-5) The QIC will review strategic and priority
information investments for consistency with
Agency criteria and the Agency's Information
Plan. It will assess the fit between individual
office proposals and the multi-year plan. The
QIC will work through the Information
Investments Subcommittee (IIS) to accomplish
this (see sections (3-1) and (3-3)).
(2-6) On the advice of the QIC, the NPM/CIO
will recommend proposals to the Chief Financial
Officer for investment consideration during the
Agency's budget formulation process.
(2-7) The QIC will establish a relationship with
the Working Capital Fund Board sufficient
enough to assure consistency between actions
taken by the two groups.
8.2.3 Relationship Between the
QIC and the WCF Board
(as revised from Section III-E of the Charter for
the Working Capital Fund Board)
(E) Quality Information Council/WCF Board
Relationship:
EPA's Quality Information Council and the WCF
Board coordinate their separate decision making
responsibilities related to the provision of IT
services in the following areas:
. QIC inclusion of specific criteria to assess
impact on WCF service offerings in making
funding decisions to implement information
strategic initiatives;
. WCF Board inclusion of specific criteria to
assess impact on the QIC's investments in
making funding decisions on WCF services
and rates;
. WCF Board consideration of the services
which implement the QIC's strategies as
potential WCF services;
. WCF Board consideration of information
capital acquisitions for new architecture, as
supported by the QIC's concurrence on
consistency with the Agency's strategic
direction for information; and
. The QIC's consideration of major
information investments recommended by
the WCF Board for inclusion in the Agency's
information investment process.
Support staff to the QIC and the WCF Board will
also coordinate by attending the meetings of
both committees/boards. In addition, the staffs
will exchange meeting materials, minutes,
decision papers, and business case analyses
and other justifications supporting capital
investments, with the goal of keeping both
groups informed on issues affecting each other
and appropriately involved in the decision-
making process. Notwithstanding the above
coordination commitments, the QIC and WCF
Board both retain full authority to make final
recommendations to the CIO/CFO within their
areas of responsibilities outlined in their
respective charters.
8.2.4 Management and
Oversight.
(2-8) The QIC will act to improve consistency in
implementation of Agency quality and
information policies. It will serve as a review
mechanism to ensure that a program office's or
region's information projects are consistent with
established Agency quality and information
policies or standards. Council members will
ensure implementation of Agency-wide policies,
as partners with the NPM/CIO in furthering the
quality and information agenda of the Agency.
(2-9) Removed
8.3 Subcommittees
(3-1) The QIC will establish 4 permanent
subcommittees to address information issues
facing the Agency. These are:
1. Quality Subcommittee
2. Information Investments Subcommittee
3. Information Technology Subcommittee
4. Collection and Access Policy Subcommittee
At its discretion, the QIC may create short term
or ad hoc groups as either subcommittees or
work groups within subcommittees.
(3-2) Removed
CPIC Procedures for the OMB Exhibit 300
57 Appendix C - Quality and Information Council
Charter
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
(3-3) The Information Investments
Subcommittee will address mission priorities and
trade-offs for information investment proposals
from the perspective of Clinger-Cohen Act
requirements, the Systems Modernization Fund,
and the Agency's Information Plan. The
Subcommittee will be co-chaired by the Deputy
CFO and will support the QIC in making
recommendations to the Chief Financial Officer
and the Chief Information Officer on the
appropriateness of information investments.
(3-4) The IT Subcommittee will address
executive-level issues regarding the Agency's IT
infrastructure including customer and mission
needs that require technical solution, long-term
technology planning, and systems integration.
(3-5) Removed
(3-6) Removed
(3-7) Removed
(3-8) Upon chartering of the QIC, panels
operating under the EMMC and their associated
workgroups will be discontinued. The functions
of these panels will be assigned to the QIC and
the OEI or to ORD. As necessary to address
the issues considered by these panels, the OEI
or ORD may reconstitute or restructure panels
or work groups. The QIC and the OEI will
assume responsibility for Agency policy on
environmental monitoring, such as Performance
Based Measurement Systems (PBMS), cross-
agency efforts to improve the consistency and
quality of Agency methods, and developing an
agency-wide monitoring strategy. The ORD will
be responsible for Agency policy on the
accreditation of laboratories and for
implementation of PBMS.
(3-9) Subcommittees will be chaired by the
QIC's members, and will be composed of the
QIC or senior Agency officials with a perspective
on the issues under the Subcommittee's
purview. They will be co-chaired by a QIC
member and by an SES executive in the
Information Office, as appropriate to respond to
governing legal and regulatory requirements.
(3-10) Removed
(3-11) As necessary, Subcommittee Chairs will
be empowered to select staff for workgroups to
develop proposals and options for
Subcommittee or Council consideration.
(a) Workgroup members will be designated by
the Subcommittee Chair with advice from
affected programs and regions.
(b) Workgroups will be given a specific charge
and lifespan. In general, workgroups should not
continue beyond their stipulated lifespan.
(3-12) Removed
8.4 Relationship with the States
Removed
8.5 Administrative
Requirements
Removed
8.6 Support Staff
Removed.
CPIC Procedures for the OMB Exhibit 300
58 Appendix C - Quality and Information Council
Charter
-------�
9 Appendix D - Performance
Measurement
9.1 Purpose
Performance measurement is the process
whereby an organization establishes the
parameters within which programs, investments,
and acquisitions reach the desired results in
support of mission goals.
Performance measures are set during the Select
Phase and are assessed during Control and
Evaluate phases. The focus of performance
measurement is on outcomes rather than
outputs, or, how well the IT investment enables
the program or agency to accomplish its primary
mission and close performance gaps.
Performance measurement should not only
address operational performance measures of
input, activities, and output, but also track
resources and activities of the surrounding
processes integrated with the investment.
Performance is evaluated using two
criteria - effectiveness and efficiency.
Effectiveness demonstrates that an
organization is doing the right things,
while efficiency demonstrates that an
organization is doing things the right
way.
Performance measure data can be time-
consuming and costly to collect; therefore it is
very important to ensure their effectiveness.
When developing performance measures, make
sure they are:
. Strategically relevant. Factors should matter
and make a difference, promote continuous
and perpetual improvement, focus on the
customer and are agreed to by
stakeholders;
. Short, clear, and understandable;
. Measurable and meaningful, appropriate to
the organizational level; and
. Linked to activity and provide a clear
relationship between cause and effect, focus
on managing resources and inputs, and can
be discarded when utility is lost or when
new, more relevant measures are
developed.
9.2 Process
Performance measures are developed through a
series of steps. It is important to understand
that developing measures is only one part of the
more comprehensive process. After measures
are developed, baseline information is gathered,
(if it does not already exist), and performance
information is collected, analyzed, and
interpreted.
The following five steps are completed during
the different phases of the CPIC process. Steps
one and two are completed during the Select
Phase. Step three can be completed during the
Control phase as a milestone in the project plan.
Steps four and five are completed during the
Evaluate Phase.
1. Analyze how the investment supports the
mission goals and objectives and reduces
performance gaps
2. Develop IT performance objectives and
measures that characterize success
3. Develop collection plan
4. Collect data and evaluate, interpret, and
report results
5. Review process to ensure it is relevant and
useful
9.2.1 Analyze How the
Investment Supports the
Mission and Reduces
Performance Gaps
Effective, outcome-based performance
measures are derived from the relationship
CPIC Procedures for the OMB Exhibit 300
59
Appendix D - Performance Measurement
-------�
between the new investment and how users will
apply its outputs. The linkage between users'
requirements and proposed investments, or
those that are already part of the Agency IT
Investment portfolio, is the key activity in this
step.
This concept is often described as a method of
strategically aligning programs and support
functions with the agency's mission and
strategic priorities. The first step is to identify
the organization's performance gap, the critical
tasks necessary to close the gap, and the
strategies that will be implemented to complete
those tasks. Begin with the mission analysis
conducted as part of the investment's
justification for a head start on this step. Make
sure the mission analysis addresses the
following questions:
. What will the system do? What are its major
functions or feature? What is the purpose of
that system? How is it used?
. Is this system a stand-alone system or is it
used or integrated with another large
system?
. What aspects of the system, service, and
information quality are needed for the
system to perform optimally or acceptably?
. Identify who will use the system. What is
the principal business task they perform?
How will using the system help them with
that task?
. How does completion of that task contribute
to a business function?
. How does completion of the business
function contribute to achievement of the
program goals?
. How does completion of program goals
contribute to organizational goals and
Agency goals?
Determine whether there are related IT
investments that impact the mission area and
goals selected. Understand the relationships
between various IT investments that address the
same or similar needs to help identify potential
areas for consolidation.
Once the mission is clearly defined, perform a
gap analysis to understand how it can improve
mission performance. The analysis begins with
the premise that it will improve effectiveness,
efficiency, or both. To accomplish this, define
requirements and answer following questions:
. Why is this application needed?
. How will the added functionality help users
accomplish the mission?
. How will the added functionality improve
day-to-day operations and resource use?
Work with users to develop a baseline
measurement of the current as-is state for
comparison to the to-be state so gaps can be
calculated. For example, the investment is
successful when the gap is reduced by "x"
amount.
9.2.2 Develop IT Performance
Measures that Characterize
Success
Well-designed performance measures define
success criteria for the investment. The
following questions will help to qualify each
measure:
. Is it useful for monitoring progress and
evaluating the degree of success?
. Is it focused on outcomes that stakeholders
will clearly understand and appreciate?
. Is it practical? Does it help build a reliable
baseline and cost-effectively collect
performance data at periodic intervals?
. Can the performance measure be used to
determine the level of investment risk and
whether the investment will meet
performance targets?
A positive response to each question ensures
that the performance measure will effectively
and efficiently measure the IT investment.
Additionally, this process will help to limit the
number of performance measures so
management attention is focused on those that
have the greatest priority or impact.
Change criteria if it is too difficult to measure.
Or, if the measure has indirect rather than direct
outcomes, use "surrogate" performance
measures that mirror actual outcomes. For
example, it is difficult to measure the direct
benefit of computer-based training (CBT)
systems, but a surrogate measure might be the
CPIC Procedures for the OMB Exhibit 300
60
Appendix D - Performance Measurement
-------�
percentage of staff achieving certifications
through the CBT, which is easy to count.
Of the possible measures, select one or more to
report performance against each performance
gap. Keep in mind that one measure may
provide information for more than one gap. The
objective is to select the fewest number of
measures that will provide adequate and
complete information about progress.
Selecting the fewest performance measures is
important because data collection and analysis
can be costly. When selecting performance
measures, ensure that the benefit of information
received is greater than the costs, and that data
collection does not hinder accomplishment of
primary missions.
Costs are determined by calculating the amount
of dollars and staff effort required to collect,
store, and analyze data. When calculating
costs, consider whether they are largely
confined to initial or up-front costs, or will occur
throughout the IT lifecycle. For example, the
cost of developing and populating a database
may have a large initial cost but will diminish
significantly overtime.
Answer the following questions to help
determine the cost of tracking a specific
performance indicator:
. What data are required to calculate the
performance measure?
. Who collects the data and when? How will it
be stored and reported?
. What is the verification and validation
strategy for the data collection?
. What is the method to ensure the quality of
the information reported?
In addition to determining costs, it is also
necessary to determine the baseline
performance, target performance, and expected
time to reach the target. The baseline value is
the starting point. If performance measures are
currently in use, historical data will provide the
baseline. Otherwise determine the baseline by
using reasonable analysis methods such as:
. Benchmarks from other agencies and
private organizations
. Initial requirements
. Internal historical data from existing systems
. Imposed standards and requirements
To determine the target value, obtain
stakeholder requirements for the new system.
Targets may be graduated over time, especially
for IT investments that are being installed or
upgraded or as environmental factors change.
Consider how much time it will take to reach the
goal when determining performance success.
For example, if the target is reached two years
after originally planned, the investment's ROI will
be lower than originally calculated, and the
investment may be a financial failure.
9.2.3 Develop Collection Plan
To ensure performance data is collected in a
consistent, efficient, and effective manner, it is
useful to develop and publish a collection plan
so all participants know their responsibilities and
can see their contributions. The collection plan
details the following items:
. Activities to be performed
. Resources to be consumed
. Target completion and report presentation
dates
. Decision authorities
. Individuals and responsibilities for data
collection
The collection plan answers the following
questions for each performance measure:
. How is the measurement taken?
. What constraints apply?
. Who will measure the performance?
. When and how often are the measurements
taken?
. Where are the results sent and stored, and
who maintains results?
. What is the cost of data collection?
While costs should have been considered during
the previous step, the actual cost will be more
evident at this stage. Excessively costly
performance measures should be replaced by
less costly ones, without sacrificing results.
Consider revisiting the collection plan to
determine less costly procedures. For example,
a sampling may produce accurate results at
CPIC Procedures for the OMB Exhibit 300
61
Appendix D - Performance Measurement
-------�
significantly less cost than counting every
occurrence.
To ensure data is being collected in a cost-
effective and efficient manner, it is involve the
team when developing performance measures.
The collectors will do a much better job if they
believe the performance measures are valid and
useful, and they will have insight regarding the
best way to collect the data.
9.2.4 Evaluate, Interpret, and
Report Results
To evaluate performance, compile data, and
report it according to the collection plan that was
constructed in the previous step. Use the
following questions when evaluating the data:
. Did the investment exceed or fall short of
expectations? By how much and why?
. What were the unexpected benefits or
negative impacts to the mission?
. What adjustments can and should be made
to the measures, data, or baseline?
. What actions or changes would improve
performance?
This evaluation reveals any needed adjustments
to the IT investment or performance measures.
It also helps surface any lessons learned that
could be fed back to the CPIC process.
9.2.5 Review to Ensure
Relevance and Usefulness
To ensure that performance measures are still
relevant and useful, answer the following
questions:
. Are the measures still valid?
o Have higher-level mission or IT
investment goals, objectives, and
critical success factors changed?
o Are threshold and target levels
appropriate in light of recent
performance and changes in
technology and requirements?
o Can success be defined by these
performance measures?
o Can improvements in mission or
operations efficiency be defined by the
measures?
o Have more relevant measures been
discovered?
Are the measures addressing the right
things?
o Are improvements in performance of
mission, goals, and objectives
addressed?
o Are all objectives covered by at least
one measure?
o Do the measures address value-added
contributions made by overall
investment in IT and/or individual
programs or applications?
o Do the measures capture non-IT
benefits and customer requirements?
o Are costs, benefits, savings, risks, or
ROI addressed?
o Do the measures emphasize the
critical aspects of the Agency?
Are the measures the right ones to use?
o Are measures targeted to a clear
outcome (results rather than inputs or
outputs)?
o Are measures linked to a specific and
critical organizational process?
o Are measures understood at all levels
that must evaluate and use them?
o Do the measures support effective
management decisions and
communicate achievements to internal
and external stakeholders?
o Are measures consistent with
individual motivations?
o Are measures accurate, reliable, valid,
and verifiable?
o Are measures built on available data at
reasonable costs and in an appropriate
and timely manner for the purpose?
o Are measures able to show interim
progress?
Are measures used in the right way?
o Are measures used in strategic
planning (e.g., to identify baselines,
gaps, goals, and strategic priorities) or
to guide prioritization of program
initiatives?
CPIC Procedures for the OMB Exhibit 300
62
Appendix D - Performance Measurement
-------�
o Are measures used in resource
allocation decisions and task, cost, and
personnel management?
o Are measures used to communicate
results to stakeholders?
10 Appendix E - Cost Benefit Analysis
and Alternative Selection
10.1 Purpose
Current laws and regulations require agencies to
conduct a CBA prior to deciding whether to
initiate, continue, or implement an IT investment.
The level of detail required varies and should be
commensurate with the size, complexity, and
cost of the proposed investment.
The CBA supports decision-making and helps
ensure resources are effectively allocated to
support mission requirements. The CBA is
listed under the Alternatives Analysis section of
the Exhibit 300, and should demonstrate that at
least three alternatives were considered and the
chosen alternative is the most cost-effective in
the context of budgetary and political
considerations.
To select viable alternatives, refer to the FEA to
identify potential alternatives for partnering or
joint solutions. Other possible alternatives
include:
. In-house development versus contractor
development;
. In-house operation versus contractor
operation;
. Current operational procedures versus new
operational procedures; or
. One technical approach versus another
technical approach.
The CBA should include comprehensive
estimates of the projected benefits and costs for
each alternative. General rules are that costs
associated with both tangible and intangible
benefits should be included. Try to assign
numeric costs to intangible benefits so they can
be included in the calculations. Sunk costs
(costs incurred prior to the project start date)
and realized benefits (benefits incurred prior to
the project start date) should not be considered.
At the end of the analysis, the alternative that
provides the greatest net benefit to the agency
should be selected.
10.2 Process
The most thorough way to estimate costs is to
break down each alternative into its simplest
parts and link the parts together. Not only does
this ensure that all parts were planned for, but it
provides linkages back to customer
requirements.
This section of the document will provide sample
tables to use in the CBA, and provides step-by-
step guidance though this very detailed and
time-consuming process.
The CBA process can be broken down into the
following steps:
1. Determine/define objectives
2. Document solution requirements
3. Choose at least three alternatives
4. Collect cost data
5. Estimate costs for each alternative
6. Estimate benefits for each alternative
7. Document assumptions
8. Adjust costs for risk
9. Calculate Return on Investment for each
alternative
10. Evaluate alternatives and select solution
Each of these steps is detailed in the following
sections. By far, the best way to collect and
maintain cost data is by using a spreadsheet
program. A lot of related tables will be created
during this exercise, so linking the tables
together via the spreadsheet will make analysis
faster and more accurate.
CPIC Procedures for the OMB Exhibit 300
63
Appendix D - Performance Measurement
-------�
U . 3 . En
I %
/ v y s? /_•• c y
10.2.1 Determine/Define
Objectives
Start with the Justification section of the CPIC
documentation (Exhibit 300), and include
background information such as staffing, system
history, and customer satisfaction data when
defining the objectives.
10.2.2 Document Solution
Requirements
The system requirements is the first table in the
cost-benefit analysis. Use the requirements that
were identified during the Definition phase of the
System Life Cycle. For the as-is alternative,
requirements will default to the current state,
which will function as a baseline for the other
alternatives.
If customer or user requirements weren't
identified during SLC Definition, estimate what
the requirements are using broad categories
such as:
. Functional capabilities - what functions will
the customers/users require to gain access
to the system and data, and how will they
interface with the system? What functions
will any integrated systems require?
. System performance - what are the
processing requirements for successfully
delivering the functional capabilities?
. System capacity - what is the storage
requirement for this system? What type of
data will be stored? Also include security
requirements.
. System reliability - what is the allowable
downtime? Can the system go down every
night for backup, or is it required to be
available 24x7? The higher the reliability
requirements, the higher the cost, so plan
this carefully.
After determining the requirements, begin the
table by listing the requirements down the side
as the row headings and the system
components across the top as the column
headings. Do this for each alternative, using the
table below is an example. The following list is a
sample of system components:
. Software
o Manufacturer
o Name
o Version number
o Year acquired
o License term
o Hardware requirements
o Annual maintenance
. Hardware
o Manufacturer
o Make/Model/Year
o Cost
o Power requirements
o Expected life
o Maintenance requirements
o Operating characteristics (e.g., size,
speed, capacity, etc.)
o Operating systems supported
. Peripherals
o Printers
o Scanners
o External storage drives
o PDAs
. Physical Facilities
o Location
o Size
o Capacity
o Structure type
o Availability
CPIC Procedures for the OMB Exhibit 300
64
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
U. 2. E ft y i /• D n fa i' n £>a i P.t fj (i' c 'I i tj r-t A g ~j u c y
Table 10.1 - Map of User Requirements to System Components
Req u i rement/System
Component
Functional Capabilities
1. Contains workflow module
2. Contains Imaging capabilities
System Performance
1. Image and index 60
documents per minute
2. Full text search and retrieval
within 15 seconds of mouse click
System Capacity
1. Secure, onsite storage
2. Storage growth rate of 5 TB
per year
System Reliability
1. Access Jam - 12pm EST
2. 30 day backup schedule, 30"1
day saved for 12 months.
Software
XYZ Content
Management
Solution workflow
add-in. 25 user
licenses.
ABC Imaging add-in.
25 user licenses.
XYZ Content
Management
Solution. 25 user
licenses
Popular DBMS. 5
developer licenses.
Popular DBMS. 5
developer licenses.
Popular DBMS will
accommodate.
Popular DBMS will
accommodate
backup scripts.
Hardware
5 Dedicated
workstations for
scanning documents.
- Personal
Computers
- LAN connections
5 Servers
5 Disk Jukeboxes
Peripherals
5 ABC Scanners
42 tapes of G
manufacture.
Physical
Facilities
One at each
identified EPA
location in X region.
One at each
identified EPA
location in X region.
5 fireproof vaults for
tape storage at each
EPA location in X
region.
10.2.3 Choose at Least Three
Alternatives
EPA follows OMB's guidelines and requires
three alternatives for business case analysis,
with one alternative being as-is, to continue with
no change. Each viable technical approach
should be included as an alternative. When
selecting the alternatives, be sure to plan the
investment's lifecycle, which is when the system
will either be retired or replaced with upgraded
technology. If the alternatives have different
lifecycles, be sure to explain the reasons why.
10.2.4 Collect Cost Data
To calculate how much it will cost to design,
develop and run each of the alternatives, collect
data from various sources. Do this for all three
Alternatives. EPA recommends that the
following cost elements are included in the
business cases. Examples of cost elements
are:
• Hardware, whether leased or purchased:
o Supercomputers, mainframes,
minicomputers, microcomputers,
disk drives, tape drives, printers,
telecommunications, voice and data
networks, terminals, modems, data
encryption devices, and facsimile
equipment.
• Software, whether leased or purchased:
o Operating systems, utility programs,
diagnostic programs, application
programs, and commercial-off-the-
shelf (COTS) software.
• Development Costs, whether developed by
employees or consultants:
o Personnel costs including
compensation and benefits.
o Opportunity costs
CPIC Procedures for the OMB Exhibit 300
65
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
• Program Costs are related costs for the
entire program, including personnel to run
the system and related processes.
• Operations and Maintenance are ongoing
hardware and software costs after initial
purchases.
o Hardware upgrades and software
licensing and software patches.
o Upgrades and consulting.
o Training fees associated with
upgrades.
To find cost information, start with the data
sources listed below:
. Historical Organization Data—If contracts
were used to provide system support in the
past, they can provide the estimated future
cost of leasing and purchasing hardware
and hourly rates for contractor personnel.
Contracts for other system support services
provide comparable cost data for the
development and operation of a new
system.
. Current System Costs—Current system
costs can be used to price similar
alternatives.
. Market Research—Quotes from multiple
sources, such as vendors, Gartner Group,
IDC Government, and government-wide
agency contracts (GWACS), can provide an
average, realistic price.
. Publications—Trade journals usually
conduct annual surveys that provide general
cost data for IT personnel. Government cost
sources include the General Services
Administration (GSA) pricing schedule and
the OMB Circular A-76, "Performance of
Commercial Activities" supplemental listing
of inflation and tax rates.
. Analyst Judgment—If data is not available
to provide an adequate cost estimate, the
CBA team members can use judgment and
experience to estimate costs. To provide a
check against the estimates, discuss
estimated costs with other IT professionals
or the IPT's budget analyst.
. Special Studies—Special studies can be
conducted to collect cost data for large IT
investments. For example, the Federal
Aviation Administration (FAA) used three
different in-house studies to provide costs
for software conversion, internal operations,
and potential benefits. These data sources
became the foundation for their CBA.
. Personnel Costs—Personnel costs are
based on the guidance in OMB Circular
A-76, "Supplemental Handbook, PART II—
Preparing the Cost Comparison Estimates."
Government personnel costs include current
salary by location and grade, fringe benefit
factors, indirect or overhead costs, and
General and Administrative costs.
. Depreciation—The cost of each tangible
capital asset should be spread over the
asset's useful life (i.e., the number of years it
will function as designed). OMB prefers that
straight-line depreciation be used for capital
assets.
10.2.5 Estimate Costs for Each
Alternative
Create the cost table by transferring the system
components from the column headings in Table
10.1 table created in 10.2.2 to the row headings
in Table 10.2, shown below. The cost elements
described above become the column headings,
as shown below. Fill in the costs for each
intersection. The result is a cost that can be
tracked back to each requirement. If the
investment becomes too costly, requirements
can be analyzed and eliminated, with the
associated costs accurately tracked through.
CPIC Procedures for the OMB Exhibit 300
66 Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
U. 2. E ft y i /• D n fa i' n £>a i P.t fj (i' c 'I i tj r-t A g ~j u c y
Table 10.2 - Cost of each System Component by Cost Element
System Component/Cost
Element
XYZ Content Management
Solution workflow add-in. 25
user licenses.
ABC Imaging add-in. 25
user licenses.
5 Dedicated workstations for
scanning documents.
- Personal Computers
- LAN connections
5 ABC Scanners
System Component/Cost
Element
Popular DBMS. 5 developer
licenses.
5 Servers
5 Disk Jukeboxes
42 tapes of G manufacture
for each location
- 5 fireproof vaults for tape
storage at each EPA
location in X region.
Hardware
Leased or
Purchased
N/A
N/A
PCs = $25,000
LAN drops =
$500
$3,000 each =
$15,000
(includes first
year support)
Hardware
Leased or
Purchased
N/A
$50,000 for all.
$150,000
$10,500
$5,000
Software
Leased or
Purchased
$50,000 upfront
licensing fee
$50,000 upfront
licensing fee
Operating
systems
included in H/W
cost.
Included in H/W
cost.
Software
Leased or
Purchased
100,000 5 server
licenses, 5
developer
licenses
N/A
Included in cost
of H/W
N/A
N/A
Development
Costs
XYZ consulting to
set up initial
workflows and train
5 superusers at
each location =
$10,000
Train 5 imaging
personnel included
in $10,000 above.
N/A
N/A
Development
Costs
Sunk cost - utilize
on-staff DBAs.
N/A
Consulting fees for
setup and DBA
training = $10,000
N/A
N/A
Program Costs
Sunk cost - not
included.
5 incremental
HC as imaging
specialists, one
at each location.
$500,000
annually.
50 Additional
support hours =
$5,000 annually.
Included in line
above.
Program Costs
Sunk cost -
utilize on-staff
DBAs.
N/A
N/A
5 tapes a year =
$250
N/A
Operations and
Maintenance
$25,000 annual
maintenance fee
for 25 licenses.
$25,000 annual
maintenance fee
for 25 licenses.
PC upgrades
$25,000 every 5
years.
Support
contracts with
ABC beginning
year 2 = $5,000
annually.
Operations and
Maintenance
Annual server
and developer
licenses =
$15,000 annually
Service contract
with Popular,
$10,000 annually
Service contract
= $10,000
annually
N/A
N/A
CPIC Procedures for the OMB Exhibit 300
67
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
U. 2. E ft y i /• D n fa i' n £>a i P.t fj (i' c 'I i tj r-t A g ~j u c y
Perform a quick summary of the dollars spent in each fiscal year by system component, as shown in
Table 10.3. The Total column is what will be reported on the Exhibit 300 for this Alternative.6
Goes into Alternative
table in Exhibit 300.
Table 10.3 - Dollars Spent for each Cost Element by Year
Cost
Element
/Year
Hardware
Software
Development
Program
O&M
Total
Fiscal
YeaM
256,000
200,000
30,000
0
486,000
Fiscal
Year 2
0
0
0
505,250
90,000
595,250
Fiscal
YearS
0
0
0
505,250
90,000
595,250
Fiscal
Year 4
0
0
0
505,250
90,000
595,250
Fiscal
YearS
0
0
0
505,250
115,000
620,250
Total
256,000
200,000
30,000
2,021,000
385,000
2,892,000
Additionally, the OMB requires a Summary of Spending for Investment Stages. To help with
that reporting, summarize the data again by lifecycle phase. All three different lifecycle phase
names are listed below.
Table 10.4 - Dollars Spent for each Cost Element by Life Cycle Phase7
CPIC Phase
Project Stage
EPASLC
Phase
Hardware
Software
Development
Program
O&M
Total
Select
Planning
Definition
0
0
0
0
0
0
Control
Acquisition
Development
256,000
200,000
456,000
Implementation
30,000
30,000
Evaluate
Steady - State
Operations and
Maintenance
2,021 ,000
385,000
2,406,000
Termination
0
0
0
0
0
0
Total
2,892,000
At this point, the cost for each phase can be:
1. Traced back to original system requirements;
2. Summarized into the CPIC phases for the Exhibit 300; and
3. Included in the investment's SLC documentation.
7
Hardware = 25,000 + 500 + 15,000 + 50,000 + 150,000 + 10,500 + 5,000 = 256,000
Software = 50,000 + 50,000 + 100,000 = 200,000
Development = 10,000 + 10,000 + 10,000 = 30,000
Program = 500,000 + 5,000 + 250 = 505,250
O&M = 25,000 + 25,000 + 5,00 + 15,000 + 10,000 + 10,000 = 90,000 plus year 5 add an additional 25,000 = 115,000
CPIC Select = OMB Planning = SLC Definition;
CPIC Control = OMB Acquisition = SLC Development and Implementation;
CPIC Evaluation = OMB Steady - State = SLC Operations and Maintenance, and Termination.
CPIC Procedures for the OMB Exhibit 300
68
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
fit 2// i a •/ P f G» t "j c / /
5? rj c y
10.2.6 Estimate Benefits for Each
Alternative
Complete the following activities to identify and
estimate the value of benefits:
Define Benefits—Benefits are the services,
capabilities, and qualities of each alternative.
They're also known as the return from an
investment or realized savings. The following
questions will help define benefits for IT systems
and enable alternative comparisons:
. Accuracy—Will the system improve
accuracy by reducing data entry errors?
. Availability—How long will it take to develop
and implement the system?
. Compatibility—How compatible is the
proposed alternative with existing
procedures?
. Efficiency—Will one alternative provide
faster or more accurate processing?
. Maintainability—Will one alternative have
lower maintenance costs?
. Modularity—Will one alternative have more
modular software components?
. Privacy—Does one alternative provide
better safeguards for protecting the data
collected, disseminated, or maintained.
within the investment?
. Reliability—Does one alternative provide
greater hardware or software reliability?
. Security—Does one alternative provide
better security to prevent fraud, waste, or
abuse?
Identify Benefits—Every proposed IT system
should have identifiable benefits for both the
organization and its customers. Organizational
benefits include flexibility, organizational
strategy, risk management and control,
organizational changes, and staffing impacts.
Customer benefits include improvements to the
current IT services and the addition of new
services. Have the collaborating stakeholders
on the IPT will help to identify and determine
how to measure and evaluate the benefits.
Establish Measurement Criteria—Establishing
measurement criteria for benefits is crucial
because the GPRA and the Clinger-Cohen Act
(CCA) emphasize tangible benefits related to the
organization's overall mission and goals. See
Appendix D—Performance Measurement for
guidance on how to develop performance
measures.
Classify Benefits—Benefits that are "capable of
being appraised at an actual or approximate
value" are called tangible benefits. Benefits that
cannot be assigned a dollar value are called
intangible benefits.
Estimate Tangible Benefits—Estimate the
dollar value of benefits by determining their fair
market value. Market value is the price that a
private sector organization would pay to
purchase a product or service. Use the sources
listed in 10.2.4 as sources of this data.
Quantify Intangible Benefits—Quantify
intangible benefits by identifying hidden or
related data that can be quantified. For
example, an increase in morale is an intangible
benefit that is hard to measure. But a reduction
in the number of missed workdays, or a
reduction in employee turnover can be
measured.
Create a table similar to Table 10.3, with the list
of benefits as row headers and the Fiscal Years
as column headers. Calculate the total benefits
per year. Unless the investment has an
immediate positive impact on the Agency, don't
expect to see any benefits until after the
investment is fully implemented.
10.2.7 Document Assumptions
It is important to document all assumptions and,
if possible, justify them on the basis of prior
experiences or actual data. Use this as an
opportunity to explain why some alternatives are
not included. If an alternative is eliminated
because it is not feasible, the assumption should
be clearly explained and justified.
10.2.8 Adjust Costs for Risk
The OMB requires that the risk adjusted return
on investment is compared for each alternative
CPIC Procedures for the OMB Exhibit 300
69
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
in order to determine which one is the best
solution.
Risk can be quantified into a dollar amount, or
"Risk Adjustment." To quantify the risk
adjustment, follow the steps below:
1. Conduct a risk analysis by conducting a
review as described in Appendix F -
Risk Assessment.
2. Estimate the probability that the risk will
occur.
3. Estimate the cost to the Agency if the
risk occurs.
4. Calculate the cost of risk for the
investment by multiplying the cost by the
probability percentage. Add the totals
for each risk area.
5. Divide the total by the number of risks.
6. Add the amount in #5 to each annual
cost. In the table below, $48,267 is the
Risk Adjustment.
Table 10.5 - Annual Risk Adjustment
Risk Area
Probability of Occurring
Cost if Occurs
Total
Technical
4.0%
$1,100,000
$44,000
Strategic
22.0%
$90,000
$19,800
Security
Total Probable Cost
Divided by No. Risk Areas
Total Annual Risk Adjustment
9.0%
$900,000
$81,000
10.2.9 Calculate Return on
Investment for Each
Alternative
After costs and benefits for each alternative
have been identified and calculated for each
fiscal year, they need to be adjusted for risk and
converted to present value dollars so they can
be fairly compared.
For example, one alternative has a 5-year
investment and a second has a 10-year
investment. The 5-year investment will return a
net benefit of 5 million dollars and the 10-year
investment will return a net benefit of 7 million
dollars.
At first glance, it looks like the 10-year
investment is the better choice, as the return is 2
million dollars greater than the first. However,
dollars weaken as time goes on, meaning that a
dollar gained in year 10 is worth less than a
dollar gained in year 5.
In other words, 5 million dollars gained over 5
years are worth more than 7 million dollars
gained over 10 years.
Present values are calculated by multiplying the
future value times the discount factors published
in the OMB Circular A-94. Contact OEI for the
correct DRs to use as they change annually.
Using a table in a spreadsheet program, list the
years down the side as row headers. The
column headers will be the following, in this
order. See Table 10.6 as an example.
1. Annual Cost (AC)
2. Risk Adjusted Annual Cost (RAAC)
3. Annual Benefit (AB)
4. Discount Rate (DR)
5. Discounted Cost (DC)
6. Discounted Benefit (DB)
7. Net Present Value. (NPV)
Drop the Yearly Totals from Table 10.3 and the
related benefits table that was created in step
10.2.6 and calculate:
1. DC = RAAC x DR
2. DB = ABxDR
3. NPV = DB-DC
CPIC Procedures for the OMB Exhibit 300
70
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
Table 10.6 - Net Present Value for Alternative 2
Year
1
2
3
4
5
Total
Annual Cost
(AC)
486,000
595,250
595,250
595,250
620,750
2,892,500
Risk
Adjusted
Annual Cost
(RAAC)
534,267
643,517
643,517
643,517
669,017
3,133,835
Annual
Benefit (AB)
0
700,000
1 ,000,000
1 ,000,000
1 ,000,000
3,700,000
Discount
Rate (DR)
0.9667
0.9035
0.8444
0.7891
0.7375
Discounted
Cost (DC)
RAACxDF
516,476
581,418
543,386
507,799
493,400
2,642,479
Discounted
Benefit (DB)
ABxDF
632,450
844,400
789,100
737,500
3,003,450
Net Present
Value (NPV)
DB-DC
-516,476
51,032
301,014
281,301
244,100
360,971
Sum each row in the NPV column to calculate the total NPV. Do this for each Alternative. The Net
Present Value is $360,971, meaning that future benefits outweigh future costs by $360,971.
Return on Investment (ROI) is used as a quick way to see by what percent the benefits outweigh the
costs. In Table 10.7, for Alternative 1, the benefits outweigh costs by 50%. For Alternative 2, the benefits
outweigh costs by 14%.
Table 10.7 - Return on Investment for each Alternative
Alternative
1
2
3
Discounted
Cost (DC)
500,000
2,642,479
1 ,900,000
Discounted
Benefit (DB)
750,000
3,003,450
2,000,000
Net Present
Value (DB-DC)
250,000
360,971
100,000
Return on
Investment
(DB/DC)
1.50
1.14
1.05
In addition to evaluating the alternatives based on ROI, payback period should be taken into
consideration. The payback period is the point of time when the investment crosses from being in the
'red' to being in the 'black'. Using the cash flows from Table 10.6, we can see in which year the payback
occurs. To calculate the payback, add the NPV from Year 2 to Year 1, and then from Year 3, and so on.
Table 10.8 - Payback Period for Alternative 2
Year
1
2
3
4
5
Total
Discounted
Cost (DC)
RAACxDF
516,476
581,418
543,386
507,799
493,400
2,642,479
Discounted
Benefit (DB)
ABxDF
632,450
844,400
789,100
737,500
3,003,450
Net Present
Value (NPV)
DB-DC
-516,476
51 ,032
301,014
281 ,301
244,100
360,971
Cumulative
NPV (Payback)
-516,476
-465,444
-1 64,429
116,871
360,971
For Alternative 2, the payback period is
somewhere between Year 3 and Year 4, when
the Cumulative NPV crosses $0. In conclusion,
despite a positive Discounted Net beginning in
Year 2, the investment doesn't provide value
until Year 4.
CPIC Procedures for the OMB Exhibit 300
71
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
10.2.10 Evaluate Alternatives and
Select Solution
Net Present Value, Return on Investment and
Payback Period all should be taken into
consideration when evaluating the alternatives.
The clear choice based on NPV alone may not
be so clear when the payback period is taken
into consideration.
For example, the Return on Investment for
Alternative 1 is clearly the best. Benefits
outweigh costs by 50%. However the payback
period may be later in life than the other two
alternatives.
After a clear winner is determined by evaluating
the alternatives using numeric data, evaluate the
alternatives again using intangible data, and
what strategically makes sense.
For example, if Alternative 1 is the current as-is
process, despite having the highest ROI of 1.5,
is it strategically the best alternative for the
Agency? What if one of the other Alternatives is
an E-Government initiative? Or will bring the
Agency in line with the FEA? It's possible that
the alternative with the highest return simply isn't
the best strategic solution.
10.3 Summary of Steps
Cost Benefit Analysis is a time-consuming and
detailed evaluation that results in selection of an
investment alternative. Using a spreadsheet
program to develop the tables and link the
calculations makes the process easier and more
accurate. These tables can be used cycle after
cycle as new variables are filled in.
Here is a summary of the steps, and how one
leads to the next.
Step 1 - Define the investment objectives.
Step 2 - Document solution requirements and
map the solution to the requirement using a
table.
Step 3 - Select at least three alternatives that
will provide the functionality, as shown in Table
10.1.
Step 4 - Collect cost data for the system
components identified in Table 10.1, for each
alternative identified in Step 3.
Step 5 - Estimate the cost for each alternative
by transferring the system components from
Table 10.1 into a new table, and mapping the
cost element for each component in that new
table. See Table 10.2 as an example. The
result is identification of the cost for each
element of each system component, and
traceability back to solution requirements.
In a second new table, map the annual cost to
the fiscal years. The result is the cost of each
System Life Cycle phase by Fiscal Year. See
Table 10.3 as an example.
In a third new table, transfer the cost elements
and map the cost elements to the system life
cycles. The result is cost of each System Life
Cycle phase in total. See Table 10.4 as an
example.
Step 6 - Estimate the benefits for each
alternative. Calculate the dollar value of benefits
by Year.
Step 7 - Document all cost and benefit
assumptions for each alternative.
Step 8 - Calculate the annual risk adjustment
and the risk adjusted costs by year. See Table
10.5 as an example.
Step 9 - Calculate Return on Investment for
each alternative. Subtract annual costs from
annual benefits to get a net annual cash flow.
Apply DRs obtained from OMB to the net annual
cash flows, resulting in the Net Present Value.
See Table 10.6 as an example. Calculate the
Return on Investment for each alternative. See
Table 10.7 as an example. Calculate the
payback period for each alternative. See Table
10.8 as an example. Validate assumptions if
required.
Step 10 - Evaluate and Select. Using the Net
Present Value, the Return on Investment and
the Payback Period, select the best alternative.
Take intangible benefits into consideration if
required.
CPIC Procedures for the OMB Exhibit 300
72
Appendix E - Cost Benefit Analysis and
Alternative Selection
-------�
-En >y
r fj // ff.i v
P f '
f i z >/ 1 o '/ > A y $ n cy
11 Appendix F - Risk Assessment
11.1 Purpose
Risk is part of any capital investment.
Identifying and controlling risks during the Select
Phase can have a significant impact on the
investment's overall success. However, risk is
not the only consideration for investment
evaluations. Investments with high technical risk
may be selected if the investment is deemed a
strategic or operational necessity. Other
investments may be selected simply because
they have low risk and require few resources.
Conducting a risk assessment and controlling
risk is a continuing process throughout the
investment lifecycle, and is required at EPA.
11.2 Process
The risk evaluation process contains three
steps:
1. Identify risks
2. Analyze risks
3. Control risks
11.2.1 Identify Risks
The OMB requires that all IT investments are
evaluated against a list of 19 risks. Those risks
are:
1. Schedule - the project schedule slips.
2. Initial Costs - actual costs exceed
estimates.
3. Life-cycle Costs - actual costs exceed
estimates.
4. Technical Obsolescence - the technology
chosen becomes outdated prior to the end
of the life-cycle, and the return on
investment isn't realized.
5. Feasibility - the selected alternative is
wrong.
6. Reliability of Systems - the system doesn't
meet uptime standards and expectations.
7. Dependencies and interoperability between
this system and others - success of this
investment relies heavily on the success and
continuation of other systems.
8. Asset Protection - the investment is difficult
to protect, for example it is located in an
unsecured building.
9. Risk of Creating a Monopoly for future
procurements - the investment relies on one
contractor for operations and maintenance,
so costs cannot be controlled.
10. Management Capability - the Agency does
not have the capacity to manage the
investment and surrounding processes and
systems.
11. Risk of Failure - the investment has a high
probability of not closing the mission gap
and will not return the benefits expected.
12. Organizational and Change Management -
employees are resistant to learning new
processes and accepting the new
investment.
13. Business - decision to develop and
implement the investment is a bad business
decision.
14. Data/Information - success of the
investment relies heavily on accurate data
and information.
15. Technology - success of the investment
relies heavily on technology components.
16. Strategic - the investment will not close
mission performance gaps.
17. Security - protected data may be
compromised. Classify the risks here as
high, medium or basic.
18. Privacy - data contained in the system is
regulated by privacy laws and require
special planning.
19. Project Resources - the development of the
system relies heavily on specific project
resources, or required resources are scarce.
Risk identification consists of determining and
documenting to what extent, if at all, these 19
CPIC Procedures for the OMB Exhibit 300
73
Appendix F - Risk Assessment
-------�
risks will impact the investment. The
identification and associated analysis is a
continuing process that should be done
periodically throughout the investment lifecycle.
To identify the risks, look at both internal and
external factors.
Internal risks are those that can be directly
controlled within the project. Use mechanisms
such as historical information, work breakdown
structure (WBS), project plans, risk checklists,
and interviews to identify internal risks. Internal
risks should then be grouped into the following
risk areas:
Financial Risk—Risks that could result in
additional, unexpected funding, such as scope
creep, sponsorship changes, cost overruns,
legal dispute outlays, cost of lost
information/data, hardware/software failure and
replacement, cost to correct design errors or
omissions, and potential cost of relying on a
single vendor.
Technical Risk—Risks caused by inaccurately
predicting the investment's lifecycle. These can
result from a failure to attain expected benefits
from the investment, inaccurate investment cost
or duration estimates, failure to achieve
adequate system performance levels, failure to
adequately integrate a new system with existing
hardware and software, or failure to integrate
organizational procedures or processes.
Technical risk can be determined by the
following factors:
. Investment Size:
o Number of project team members
o Project duration
o Number of organizational agencies
involved in the investment
o Size of programming effort (e.g., hours)
. Investment Structure:
o Complexity of effort (e.g., number of
interfaces with other systems, etc.)
o Security vulnerabilities
o New system or renovation of existing
system (s)
o Organizational, procedural, or
personnel changes resulting from the
system
o User perceptions and willingness to
participate
o Management commitment
o Level of user involvement
. Project team's familiarity with:
o Proposed business or application area
o Target development environment,
tools, and operating system
o Development of similar systems
. User group's familiarity with:
o System development process
o Proposed application or business area
o Similar investments
o New technology
Operational Risk—Risks associated with the
policies, procedures and processes of the
Agency. For example, how well the IPT works
as a team.
Schedule Risk—Whether or not the investment
is completed and implemented in accordance
with original estimates. Concerns may include
governmental regulation deadlines, project
management experience, schedule timeframe,
resource availability and competency, and
contractor capabilities.
Legal and Contractual Risks—The investment
ramifications that could result from developing
an information system. Risks increase when
outside organizations are involved. Risks may
include, but are not limited to:
. Contract protests
. Copyright infringements
. Non-disclosure
. Labor laws
. Foreign trade regulations (limiting encryption
techniques)
. Financial reporting standards
. Software ownership in joint ventures
. License agreements
CPIC Procedures for the OMB Exhibit 300
74
Appendix F - Risk Assessment
-------�
U. 2. E ft y i /• D n fa i' n £>a i P.t fj (i' c 'I i tj r-t A g ~j u c y
Organizational Risk—Risks associated with
key stakeholders and their view of the
investment. Redistribution of power is the single
greatest element that will increase
organizational risk. Increasing stakeholder buy-
in lowers organizational resistance to change.
11.2.2 Analyze Risks
Analyze each risk based on an assessment of
likelihood and impact. Numerous activities are
used to analyze risks and obtain a complete risk
assessment to aid in developing risk
management and control strategies. The
following provides a summary of activities to
assist in risk analysis:
. Group similar and related risks into
categories to assist in identifying related
risks as well as identifying potential
dependencies between risks.
. Determine risk drivers or variables that
affect the probability and impact of identified
risks.
. Determine the root cause or source of risk.
. Use risk analysis techniques and tools such
as simulation or decision trees to assess
trade-offs, interdependencies, and timing of
identified risks.
. Estimate risk factor or risk exposure.
Multiply probability of occurrence or
likelihood with the consequence or impact
(in financial terms) if the risk occurred. See
Table 11.1 - Risk Inventory
Appendix E - Cost Benefit Analysis and
Alternative Selection.
Rank and prioritize risks.
CPIC documentation requires that a Risk
Inventory and Assessment be completed and
updated for each CPIC phase and submission.
Use the template provided in the Exhibit 300.
The table below represents the information in
the Exhibit 300.
. Date Identified is the date the risk was
discovered.
. Area of Risk is the risk category, based on
similar characteristics. See section 11.2.1
for examples.
. Description is the actual risk itself.
. Probability of Occurrence is expressed in
terms of high, medium and basic. This
probability is also used to calculate risk-
adjusted costs in the alternatives analysis.
EPA recommends these ranges for the
calculation: High is 66% -100%. Medium is
34% - 65%. Basic is 0% - 33%.
. Strategy for Mitigation is the steps the
Project's Sponsor or Manager will take to
reduce the probability of the risk occurring.
. Current Status is how far along the Strategy
for Migration is, or the steps remaining in the
mitigation plan.
Date
Identified
07/01/03
08/15/03
08/15/03
Area of
Risk
Financial
Schedule
Technical
Description
Business Rules
continue to change,
resulting in higher
development fees.
Developers are spread
out across buildings
and off-site due to
space restrictions.
Communication is
restricted.
Financial system
replacement requires a
lot of customization.
Probability of
Occurrence
Medium
High
Medium
Strategy for
Mitigation
Ensure integrator
has valid
business rules,
reduce rework.
Develop intranet
site for project
management and
code library.
Ensure integrator
is highly skilled.
Current
Status
In
Progress
Completed
Completed
CPIC Procedures for the OMB Exhibit 300
75
Appendix F - Risk Assessment
-------�
U.'Z. E,fr/-lritfjfjiiifn.til P'
11.2.3 Control Risks
Developing and executing a strategy for
migration is part of controlling risks. The
development of a risk management plan assists
in addressing each risk and whether to accept,
avoid, transfer, or reduce the impact of the risk,
including determining risk controls based upon
available resources and identifying responsible
parties.
Plans should include identifying the appropriate
risk control strategy, objectives, alternatives,
mitigation approach, responsible parties,
resources required, activities, actions taken to
date, and results achieved.
As the risk management plan is an evolving
strategy that ensures a higher probability of
success for the investment, it should be updated
continually as risks change throughout the
lifecycle.
Risks can rarely be completely eliminated,
however they can be controlled. If the following
controls or risk mitigation strategies are in place,
the likelihood of risk decreases.
11.2.3.1 Financial Controls
• Perform Cost Benefit Analysis
. Implement a rigorous investment
management program
. Utilize Earned Value Management, share in
savings and other contracting approaches,
to help control costs
. Purchase liability insurance
. Establish clear benefits to be realized
. Use competitive bidding for each investment
design increment
11.2.3.2 Technical Controls
• Reengineer the process first;
. Use development lifecycle methodology/
structure
. Use project planning/management software
. Use appropriately trained personnel;
. Divide the investment into increments;
. Isolate custom design portions of the
investment
. Assign a Project Manager (preferably with
Project Management Institute or similar
organization certification) to be accountable
for the investment
. Conduct pilot tests
11.2.3.3 Operational Controls
• Use a strategic information management
framework
. Establish clear requirements and objectives
. Use a change management program to
minimize organizational disruption
. Adequately train organization and provide
follow on support
. Establish performance metrics and monitor
metrics using a reporting system
. Establish a communication plan
11.2.3.4 Schedule Controls
• Use contractual incentives for quality or
timeliness
. Use contractual penalties for missed
deadlines
. Use contractual incentives for meeting or
beating deadlines
. Use project management software
. Use an experienced/certified Project
Manager and/or provide the necessary
training to the Project Manager
. Set realistic expectations and manage those
expectations;
. Use outsourcing to augment scarce internal
resources.
11.2.3.5 Legal and Contractual
Controls
• Create a software license management
program
. Review all applicable laws
. Apprise contracting personnel of potential
legal concerns and contract disputes
. Maintain communication with contractors to
minimize contract disputes
. Provide multiple termination opportunities
within a contract
CPIC Procedures for the OMB Exhibit 300
76
Appendix F - Risk Assessment
-------�
U.S. E'fr/'}r&.t,)Hivftr~ii r-
11.2.3.6 Organizational Controls
• Obtain "buy-in" from top management early
in planning stages
Work closely with end-users to establish
system requirements
Maintain good communication with all
stakeholders
CPIC Procedures for the OMB Exhibit 300
77
Appendix F - Risk Assessment
-------�
12 Appendix G - Building the Project
and Funding Plan Tables
12.1 Purpose
Throughout the investment's development the
QIC and the OMB are looking for areas that may
affect funding and ROI. The Project
(Investment) and Funding Plan section of the
Exhibit 300 is designed to capture the baseline
milestones of the investment's development and
any changes to that baseline. Changes to
baseline milestones may indicate:
. Cost slippages
. Schedule slippages
. Addition or reduction to project scope
12.2 Tables
EPA's CPIC process allows business case
submission to be completed on the Exhibit 300
of the OMB's circular A-11. In the Exhibit 300,
the Project and Funding Plan section is made up
of:
. Three tables that list project milestones,
schedules, and costs
. The EVMS table and calculations
Other questions related to EVMS. EVMS is
discussed in Appendix I
This appendix covers how to successfully
complete the three milestone tables, which are:
1. The original baseline
2. New baseline with OMB-approved changes
3. Actual outcomes compared to approved
baseline
12.3 Process
The first table contains the original milestones,
costs and schedules for the project. Ideally,
these milestones are developed and submitted
for the first time during the CPIC Select Phase.
For projects that are coming into compliance
with EPA's CPIC process, document the current
project plan. This table should never change. A
sample table is shown below:
CPIC Procedures for the OMB Exhibit 300
78
Appendix G - Building the Project and
Funding Plan Tables
-------�
Table 12.1 - Original Baseline
Cost and Schedule Goals: Original Baseline for a Phase/Segment/Module of Project
Description of Milestone
1. Conduct Architectural
collaboration and develop EA plan.
2. Validate User Requirements and
create Use Cases
3. Develop User Interface Screens
4. Integrate UI Screens with Call
Module Code
Schedule
Start
Date
1/02
3/02
4/03
11/03
End
Date
6/02
3/03
9/03
1/04
Duration
(in days)
180
360
180
90
Completion date: January 2004
Planned Cost
50,000
100,000
200,000
50,000
Funding Agency
EPA
EPA
EPA
EPA
Total cost estimate at completion:
$400,000
Regardless of the CPIC phase the business
case is in, if the project calls for changes to the
milestones, the estimated cost or the schedule,
the modified plan is placed, in its entirety, in the
second table. A sample table is shown below.
In this example, if a milestone needed to be
added to the baseline, 5 milestones would
appear Table 12.2. If a milestone needed to be
removed, 3 milestones would appear in Table
12.2. If there were no additions or deletions to
the number of milestones, but the costs and
schedules changed, 4 milestones would appear,
but with different dates or planned costs.
The updates to the plan shown in Table 12.2 are
considered proposed until the QIC and the OMB
approve them. Once approved, this new plan
remains unchanged until a need for modification.
In the example, let's say that Milestone 4 needs
to be removed, and that the UI Screens will be
tested as part of Milestone 3. Due to this
change, the schedule for Milestone 3 will extend
from 180 days to 270, and the cost will increase
to $250,000. The total number of days and the
cost of $400,000 remain the same, but the
projected end date is backed up to November
2003. The new project plan is proposed below:
CPIC Procedures for the OMB Exhibit 300
79
Appendix G - Building the Project and
Funding Plan Tables
-------�
Table 12.2 - Proposed Changes to Base Milestones
Cost and Schedule Goals: Propc
Pha
Description of Milestone
1. Conduct Architectural collaboration
and develop EA plan.
2. Validate User Requirements and
create Use Cases
3. Develop User Interface Screens and
Test
sed X
se/Segmen
or Current (OMB-Approv
t/Module of Project
Schedule
Start
Date
1/02
3/02
4/03
End
Date
6/02
3/03
12/03
Duration
(in days)
180
360
270
Completion date: November 2003
ed) Baseline for a
Planned
Cost
50,000
100,000
250,000
Funding Agency
EPA
EPA
EPA
Total cost estimate at
completion: $400,000
Be sure to explain the reasons for the changes.
For example, a reason for this phase having the
same amount of cost for a shorter duration is
because the total effort of 810 days remained
the same.
In the example, this plan with these changes,
has not yet been approved, so the "Proposed"
line in the table header is "X'd". Had the plan
been previously approved, the "OMB-Approved"
line would have been "X'd"
The OMB guidance for these tables states that
only milestones for the current funding phase be
included, however the IIS and the QIC require
that the entire project is show so they can review
the entire project plan to ensure that it was
developed in accordance with EPA System Life
Cycle guidelines. Additionally, including the
entire project plan will show that changes to the
plan are properly cascaded through all tasks and
milestones, and that earned value management
metrics are calculated for the entire investment,
not just a small piece of it. As a general rule,
EPA wants to see the entire picture of the
project as much as possible.
The third table is used to compare actual costs
and schedule results against the baseline. In
the example, let's say that Milestones 1 and 2
are completed, but not as originally anticipated.
Milestone 1 went slightly over schedule,
Milestone 2 was completed on time and within
budget. Milestone 3 is on schedule and budget.
CPIC Procedures for the OMB Exhibit 300
80
Appendix G - Building the Project and
Funding Plan Tables
-------�
Table 12.3 - Actual MS. Baseline
Comparison of OMB-Approved Baseline and Actual Outcome for Phase/Segment/Module of a Project
Description of
Milestone
1. Conduct
Architectural
collaboration and
develop EA plan.
2. Validate User
Requirements and
create Use Cases
3. Develop User
Interface Screens
4. Integrate UI
Screens with Call
Module Code
OMB-Approved Baseline
Schedule
Start
Date
1/02
3/02
4/03
11/03
End
Date
6/02
3/03
12/03
1/04
Duration
(in days)
180
360
270
90
Planned
Cost
50,000
100,000
200,000
50,000
Funding
Agency
EPA
EPA
EPA
EPA
Completion date: OMB -approved baseline: January, 2004
Total cost: OMB-approved baseline: $400,000
Actual Outcome
Schedule
Start Date
1/02
3/02
4/03
4/03
End Date
8/02
3/03
12/03
12/03
Percent
Complete
100%
100%
78%
78%
Actual Cost
65,000
100,000
156,000
39,000
Estimated completion date: November, 2003
Estimate at completion: $415,000
If these tables are completed as described in
this Appendix, the three variables for earned
value can be calculated easily. Budgeted cost
of work scheduled (BCWS), budgeted cost of
work performed (BCWP), and actual cost of
work performed (ACWP) can be completed. In
this example, the analysis date is October, 2003
and the baseline from Table 12.1 is used to
calculate BCWS, since the modified plan
proposed in Table 12.2 has not yet been
approved by the QIC and the OMB. For the
BCWS calculation, the work for Milestone 4 has
not started.
From Table 12.1. BCWS = 50,000 + 100,000 + 200,000 = 350,000
From Table 12.3. BCWP = 50,000 + 100,000 + ((200,000+50,000) * 78%) = 345,000
From Table 12.3. ACWP = 65,000 + 100,000 + ((200,000+50,000) * 78%) = 360,000
Based on BCWS from Table 12.1, the project should have three milestones completed at a cost of
$350,000.
The actual work performed to date had a budget (BCWP) of $345,000, indicating a schedule slip - the
project behind in schedule for Milestone 3 because we have added the work for Milestone 4 -originally it
was expected that $200,000 would be spent by October, 2003, but only $195,000 has been spent.
After calculating the actual cost for the actual work performed (ACWP), the schedule slip for Milestone 1
cost the project an additional $15,000.
CPIC Procedures for the OMB Exhibit 300
81
Appendix G - Building the Project and
Funding Plan Tables
-------�
nyjfryf},/.ri-vni&)
13 Appendix H - Enterprise Architecture
and E-Government
13.1 Enterprise Architecture
13.1.1 Purpose
As with a house or the human body, different
systems work in their entirety, with a distinct
purpose, and in conjunction with each other to
make the whole function efficiently. For
example, a house is made up of: a structural
system, a plumbing system, a heating system, a
security system, an electrical system, etc.
Business organizations are made of up
complete and distinct systems that work
together to create an efficient architecture: a
technology system, a system of business
processes, a data organization and maintenance
system, a security system, a system to retrieve
data that makes it meaningful (applications), etc.
If one system isn't well designed, or isn't
effectively integrated with the others, the
business will risk its resources dealing with the
constraints of a poorly-functioning system within
its architecture. The systems rely on each other,
with technology being the supporting foundation
of the "house." The picture below shows the
main systems that make up a successful EA.
The Federal Government has defined five
systems that make up what an Agency's EA
should be. These five systems will be published
in documents called reference models. The five
are:
1. Performance Reference Model (PRM)-
describes ways to enhance performance
information and how to describe
performance in strategic terms.
2. Business Reference Model (BRM)-
describes the lines of business and internal
functions that are performed by the federal
government.
3. Data Reference Model (DRM)- describe the
common types of data that are exchanged
within the federal agencies and between the
federal government and citizens.
4. Service Component Reference Model
(SRM)- describes commonly used business
processes and functions that represent an IT
system.
5. Technical Reference Model (TRM)-
provides details and definitions of current
and emerging e-business technologies and
the platforms they run on.
Agencies are required to create their own EA
reference models, and compare them to those of
the Federal Government. This alignment is the
responsibility of the Chief Architect, and is not
part of the CPIC process.
As part of the CPIC process, business cases
must map investments to the PRM, BRM, SRM
and TRM. Use the EA section of the Exhibit 300
as a basis for the EA evaluation.8 During the
Evaluate Phase, the new investment's alignment
with the Agency's EA is critical in proving that
EPA will invest new funds into projects that
support PMA, FEA and the Agency's E-
Government goals and objectives. The Control
Phase should focus on whether any of the
baseline PMA, FEA or EPA goals have
changed, and if the project should be
redesigned to reflect those changes. During the
Evaluate Phase, steady-state projects must go
through an E-Government review to ensure that
they either remain aligned, or are eligible for
8 There is a wide array of EA guidance available on
the internet via the Federal Enterprise Architecture
(FEA) Program Management Office web site
(www.feapmo.gov) for use in mapping IT
investments to the appropriate FEA Reference
Models. The EPA Intranet also provides a wide
range of materials on the FEA and EPA EAs,
including detailed guidance for use in mapping
individual projects to the FEA and EPA reference
models. The following two EPA Intranet links are
valuable sources of information on EA-related
matters and guidance:
http://intranet.epa.gov/cpic/FY2006/EA. and
http://intranet.epa.gov/architec
CPIC Procedures for the OMB Exhibit 300
82 Appendix H - Enterprise Architecture and E-
Government
-------�
Agency modernization funds. The next section
explains what E-Government is, and provides
the criteria for the mandatory E-Government
review.
Investments also must map to EPA's Enterprise
Architecture (EA). The EPA EA is comprised of
a framework using the Federal Enterprise
Architecture Framework (FEAF) and the Chief
Information Officer Council's guidance. As
depicted in Figure 13.1, on the left is the
hierarchical structure of the FEAF (Goals,
Business, Data, Applications, and Technology).
On the right is EPA's breakdown of elements of
the FEAF, showing the domain architectures
and component architectures.
The domain architectures are: 1) the
Environmental and Health Protection
Architecture (EHPA), which supports regulatory
and voluntary programs focused on
environmental and human health protection; 2)
the Research and Science Architecture (RSA),
which supports research and science activities,
such as environmental assessments, toxicology
studies, and risk management; and 3) the
Administrative Systems Architecture (ASA),
which supports the internal operations, service
delivery, and infrastructure that enables EPA to
achieve its environmental and health protection
mission.
Figure 13.1 - Federal Enterprise Architecture (FEA) Reference Models
Federal Enterprise Architecture (FEA)
CO
^s
Owned
By
"•"•"•Qlg'tjT""
Business
Owners
J
V
Owned by
Federal
CIO Counc
Performance Reference Model (PRM)
• Inputs, outputs, and outcomes
• Uniquely tailored performance indicators
•N
:il
7
>
Business Reference Model (BRM)
• Lines of Business
• Agencies, customers, partners
I » Service Component Reference Model (SRM)
• Service domains, service types
• Business and service components
• Business-focused data standardization
• Cross-agency information exchanges
• Service component interfaces, interoperability
• Technologies, recommendations
Component-Based Architecture
CPIC Procedures for the OMB Exhibit 300
83
Appendix H - Enterprise Architecture and E-
Government
-------�
U.S. Environmental Protection Agency
Figure 13.2 - EPA's EA Framework
Applications
Technology
Conceptual Framework
Federal Business Architecture
IBRM, Cross Agency E-Cov, Pres Mngt Agenda)
EPA Business Architecture (Processes, Functions)
c?
Data Architecture
(Data Entities, Data Classes, Data Flows)
Application Architecture
(Applications, Interfaces, Information Flows)
Business Domains
I Env.& I Research & f ~\ Admin.
I Health L
I Enterprise
Wide
Science
1 Systems
I Cross-
cutting
13.2 E-Government
13.2.1 Purpose
The E-Government initiative began in July 2001
as an effort to use IT as a tool to eliminate
wasted federal spending, reduce the paperwork
burden on citizens and businesses and improve
the government response time to citizens. E-
Government is guided by three principles:
1. Investments must be citizen-centered
2. Investments must be results-oriented
3. Investments must be market-based
The E-Government program focuses on two
efforts: modernizing IT investments through
principles of E-Business and integrating IT
investments across agencies to promote
economies of scale.
The E-Government Act was signed by the
President on December 17, 2002 and became
effective on April 17, 2003. The Act:
1. Advocates a more citizen-focused approach
to current government-wide IT policies and
programs;
2. Establishes an Office of Electronic
Government in the OMB to coordinate IT
policy;
3. Formalizes the establishment of a CIO
Council;
4. Permanently reauthorizes and amends
agency information security requirements
through the Federal Information Security
Management Act (FISMA);
5. Protects the confidentiality of certain types
of data across the government and allows
key statistical agencies to share business
data through the Confidential Information
Protection and Statistical Efficiency Act
(CIPSEA);
6. Supports activities that OMB and the
executive branch are already pursuing under
the PMA's expanding electronic government
initiative.
CPIC Procedures for the OMB Exhibit 300
84
Appendix H - Enterprise Architecture and E-
Government
-------�
U . 3 . En
I %
/ v
s? /_•• c y
13.2.2 Agency Plan
As a result of the initiative started in 2001, and in
anticipation of compliance with the Act, the
Agency has developed a strategic framework for
meeting the challenges and opportunities of
service delivery in an E-Government
environment. EPA is involved in over half of the
E-Government initiatives that span all four
sectors of PMA.
In July, 2002, EPA released its Strategic
Information Plan (the Plan), which outlines how
it will achieve its goals and objectives for E-
Government and provide government and
citizens with fast, relevant, and integrated
information to better protect human health and
the environment. The Plan outlines six "over-
arching" information management goals:
1. Use - Improve the use of environmental
information to support decision-making,
activity cost accounting, and results-based
management;
2. Data - Collect appropriate data and provide
high-quality and integrated information;
3. Technology - Strengthen EPA's information
infrastructure to improve Agency operations
and the security, collections, and exchange
of information;
4. Access - Enhance public access to useful
and understandable information;
5. Governance - Adopt an enterprise-wide
approach to make and implement
information management decisions;
6. People - Invest in human capital.
13.2.3 Process
EPA's existing and proposed IT investments will
be evaluated to ensure that Internet-based and
other electronic information, services, and
program delivery channels have been
sufficiently considered. Investments must align
with EPA business goals and objectives and
EPA's E-Government mission, vision, goals, and
objectives.
New and existing investments must be
evaluated against a comprehensive set of
criteria. Use the questions below as a basis for
the evaluation.
13.2.3.1 PMA
Does the investment support the President's
Management Agenda item of Expanding
Electronic Government?
13.2.3.2 EPA Business Goals, E-
Government Goals
• Does the project make use of IT and its
practical applications in re-engineering
traditional government processes? Are they
consistent with the goals and objectives of
the Strategic Information Plan?
. Does the investment support:
o Government to Citizen services
o Government to Government services
o Government to Business services
o
Internal Efficiencies
. What level of changed service delivery is
provided by the IT investment? Does it
provide information only, does it allow the
customer to interact or transact business, or
does it transform the business?
13.2.3.3 Collaboration:
• Does this investment support one agency,
multiple agencies, or the entire Federal
Government?
. Does the investment leverage existing or
proposed IT investments?
. Does the investment unify and simplify
program delivery and eliminate redundancy
in system development and information and
data collection efforts?
. Does the investment use an E-Government
Service Delivery Channel? If so, does the
proposal describe how other delivery
channels will still be supported and describe
the scheduled phase out of these services, if
applicable? If this investment is not using
an E-Government/lnternet-based delivery
channel for any of its end-to-end processing,
why not?
. How will improvement to end-to-end
processes and "e" enabling them provide
value to external customers and/or internal
improvements in efficiency and
effectiveness?
CPIC Procedures for the OMB Exhibit 300
85 Appendix H - Enterprise Architecture and E-
Government
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
. Does the investment enable sharing of
information more quickly and conveniently
between EPA employees and agencies
and/or federal and state, local, and tribal
governments?
13.2.3.4 Planning & Assessment
• Does the investment provide for increased
customer-centered government? Who are
the customer groups with the greatest
impact?
. Has business process reengineering been
conducted?
. Has the readiness of customer groups been
determined? What is the current baseline of
electronic services users? What is the
projected user base at 6, 12, and 18 months
after implementation?
. Does the investment address legislative
priorities, GAO material weaknesses, OMB
guidelines, or IG findings?
. Does the investment identify, examine and
employ, where appropriate, industry best
practices?
. Does the investment reduce the reporting
burden on citizens, public and private
entities and employees? For information
collection from the public, does the
investment identify the information collection
package control number and associated
forms numbers and title and the level of the
service provided, (i.e., print, fill, save,
submit, transmit)?
. Does the investment expand the reach and
participation of EPA programs (i.e., increase
the numbers of beneficiaries)? Does the
proposed investment generate revenue, if
applicable?
. Does the investment describe the
information and records to be created and
the associated records management
requirements from creation to disposition,
such as records scheduling, migration, etc.?
. Does the investment identify performance
measurements associated with the E-
Government delivery channel?
13.2.3.5 Change Management
Component:
• Does the proposal include a change
management component?
. Does the investment address the awareness
and training requirements to effect change?
. Has the proposal considered governance,
communications, training and other change
management needs?
13.2.3.6 Citizen-Focus
• Have specific performance measures and
indicators that are geared to citizens' needs
been identified?
. Does the investment deploy existing or
create easy-to-find points of access to EPA
services such as FirstGov.gov?
. Will a marketing or communications plan
promote the products and services to the
public, to other government agencies and
business partners?
13.2.3.7 Budget/Finance
• Does the investment reduce or eliminate
redundant expenditures within EPA?
. Can multiple agencies collaborate or pool
resources?
13.2.3.8 Architecture and
Infrastructure
• Does the investment describe the
technology components required to support
this investment, (e.g., web browser, web
server, e-signature, etc.)?
. Does the investment advance IT priorities in
the areas of EA, telecommunications, and
information management?
Have security-related components
addressed and coordinated?
been
Does the investment focus toward using
web service technologies such as XML,
J2EEor.NET?
CPIC Procedures for the OMB Exhibit 300
86 Appendix H - Enterprise Architecture and E-
Government
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
14Appendix I - Earned Value
Management
14.1 Purpose
Earned Value Management (EVM)9 is a program
management technique that uses an
investment's past performance and work as
indicators of the investment's future, enabling
the project's management team to evaluate and
gain insight into its actual schedule and financial
progress.
The OMB requires that EVM be used on all
major IT investments, and EPA has also
followed that requirement with its CPIC process
and documentation. EVM uses historical costs
and completion dates to see into the future,
allowing a quick determination if the project is on
schedule, and within budget. If it isn't, corrective
measures can be taken to get the project back
on track.
The earned value methodology requires an
investment to be fully defined at the outset. The
minimum amount of information that is required
to implement EVM includes:
. Planned investment start and end dates
. Total investment budget
. List of milestones with planned start and end
dates
. Budgeted percentage of work performed for
each milestone
. Planned expenditures for each milestone
This approach provides accurate and reliable
assessments from as early as 15 percent
completion of the investment's lifecycle. Studies
show that investments that are over budget at
this point will result in cost overruns.
Studies also show that once a cost overrun is
identified, it can generally be reduced by only 10
9 Additional information and guidance on EVM is
available on EPA's CPIC website at
http://intranet.epa.gov/cpic/laws.htm
percent, which indicates the need to support
early awareness of potential cost and schedule
risks. Early investment assessment and
identification of cost and schedule variances is
critical for the overall success of the investment,
and supports improved cost and schedule
control.
14.2 Process
Before beginning the process, become familiar
with the terms and concepts of earned value.
Earned value is a series of simple calculations
that result in a variance between what was
originally planned, and what actually happened.
EVM concentrates on cost and schedule. Terms
used are:
1. Budgeted Cost of Work Scheduled
(BCWS) - ESTIMATED amount of work,
and ESTIMATED amount of cost to do that
work: the baseline.
2. Actual Cost of Work Performed (ACWP) -
ACTUAL cost incurred to accomplish the
ACTUAL work that has been done to date:
the expenses.
3. Budgeted Cost of Work Performed
(BCWP) - ESTIMATED cost to complete the
ACTUAL work that has been done: what the
cost should have been for completed work.
Before beginning to use earned value
management, complete the following project
management tasks (see Appendix K - Project
Management):
Develop a WBS
. Define investment activities
. Allocate costs to each WBS element
. Schedule each activity
. Evaluate the investment's status
CPIC Procedures for the OMB Exhibit 300
87
Appendix I - Earned Value Management
-------�
Once this initial work is completed, it will be
easier to periodically assess the investment's
performance and complete the following four
steps in the earned value management process.
14.2.1 Update the Schedule
Update scheduled activities when they are
started, completed, or with the remaining
duration as of the analysis date. For unfinished
activities, report the percentage of completion is.
Work that results in concrete deliverable
products (e.g., reports, studies, briefings, etc.),
is easily measured. For work that isn't easily
measured, use a special "earning rule." A
common "earning rule" is to report percent
complete according to completed milestones
within an activity.
14.2.2 Record Actual Costs
After updating the schedule, record actual costs
from the investment's accounting system, or
provide estimates.
14.2.3 Calculate Earned Value
Measures
After recording the actual costs for the reporting
period, calculate earned value measures for the
required elements within the Exhibit 300.
Budgeted Cost of Work Scheduled (BCWS)—
Sum all of the budgets for the work that was
scheduled to be done as of the date of analysis.
Budgeted Cost for Work Performed
(BCWP)—Sum all of the budgets for tasks or
milestones that have actually been completed as
of the date of the analysis. Add in any additional
cost for work in progress. Additionally, include
any budget percentage of fixed overhead that is
allocated to the investment.
Actual Cost of Work Performed (ACWP)—
Using the same work performed assumption in
the BCWP calculation, sum the actual expenses
incurred for the work performed and the fixed
overhead.
All of the required project summary values in the
Exhibit 300 can be calculated using these three
numbers. The chart in the next step provides an
example of how to calculate the values.
14.2.4 Report on Earned Value
The OMB, via the Exhibit 300, requires that the
following results be calculated and reported to
project governance as well as the OMB during
the annual budgeting cycle.
Using the following scenario, values are
calculated:
A sample investment has a life cycle cost of
$10,000 with a completion date of 12 months
beyond the analysis date. The baseline cost of
work scheduled is $1,000, the project is ahead
of schedule by 20%, so the budgeted cost of
actual work performed is $1,200, but the project
has exceeded its cost estimates, so the ACWP
is $2,000.
Therefore;
BAC = 10,000
BCWS = 1,000
BCWP = 1,200
ACWP = 2,000
CPIC Procedures for the OMB Exhibit 300
88
Appendix I - Earned Value Management
-------�
P?*]){>,'cfi
Table 14.1 - Sample Investment Summary Chart
Project (Investment) Summary (Cumulative)
Cost Variance (CV) = (BCWP - ACWP)
Cost Variance % = (CV/BCWP) x 100%
Cost Performance Index (CPI) = (BCWP/ACWP)
Schedule Variance (SV) = (BCWP - BCWS)
Schedule Variance % = (SV/BCWS) x 100%
Schedule Performance Index (SPI) = (BCWP/BCWS)
Two independent Estimates at Completion (EAC):
1 . ACWP + ((1 /CPI) x (BAG - BCWP)
2. ACWP + ((1/CPI x 1/SPI) x (BAG - BCWP)
Variance at Completion (VAC) = BAG - EAC for 1 and 2 above
Variance at Completion % (VAC/BAC) x100% for 1 and 2 above
Estimated Cost to Complete (ETC)
Expected Completion Date
Calculation
1 ,200 - 2,000
-800/1 ,200 x 1 00
1 ,200/2,000
1 ,200 - 1 ,000
200/1,000x100
1 ,200/1 ,000
2,000 + ((1/.60) x 10,000 - 1200)
2,000 + ((1 /.60 x 1 /1 .20) x 1 0,000 -
1 ,200)
10,000-16,667
10,000-14,222
-6,667/1 0,000 x 100
-4,222/10,000x100
Range based on EAC
Date based on Life Cycle
Value
-800
-66.67%
.60
200
20%
1.20
16,667
1 4,222
-6,667
-4,222
-66.7%
-42.2%
1 4,222 -
16,667
X Date
If this investment wasn't 20% ahead of
schedule, the amount of funds needed to
complete the lifecycle would be around $16,667.
But, since the project is ahead of schedule at
this point, the amount of funding estimated is
$14,222. At this point in time, the project
manager and Project Sponsor should ask
themselves:
1. Why is the project ahead of schedule?
2. Why are the costs so far above estimates?
Possible conclusions may be that the project is
overstaffed, and while the work is being
completed quickly, it is costing too much.
Possible corrective measures may be to replace
more costly, senior project members with less
costly, junior members, or maybe there are just
too many people on the staff.
CPIC Procedures for the OMB Exhibit 300
89
Appendix I - Earned Value Management
-------�
fit 2// i a •/ P f G» t "j c / /
5? rj c y
15Appendix J - Conducting a Post
Implementation Review (PIR)
15.1 Purpose
Post-Implementation Reviews are conducted as
part of the Evaluation Phase of the CPIC
process. PIRs are required by the OMB, and
help determine whether investments have
achieved expected benefits, such as lowered
cost, reduced cycle time, increased quality, or
increased speed of service delivery.
The PIR has a dual focus:
. It provides an assessment of the
implemented investment, including an
evaluation of the development process.
. It indicates the extent to which EPA's
decision-making processes are sustaining or
improving the success rate of IT
investments.
Conduct the PIR between six and eighteen
months after an investment has been
implemented to provide adequate time to collect
operating data and results.
If a project or investment is terminated, the PIR
occurs immediately.
15.2 PIR Team
A team of fully trained personnel should conduct
the PIR. However, in order to ensure the review
is conducted objectively, the PIR team should be
independent and only be assisted by members
from the IPT under review.
Credibility of the review relies on the
competency of the PIR team. Therefore, the
team should be fully trained in conducting PIRs,
should be led by an experienced project
manager, should have access to supporting
tools, and should have full Agency support.
Rely on tested and reusable tools such as
templates, assessment methods and project
plans. Additionally, ensure that the PIR team is
following the most recent EPA policies and
procedures on how PIRs are to be conducted
within the Agency.
The PIR team should review the following
investment elements:
. Mission alignment
. EA alignment
. Performance measures
. Project management
. Customer acceptance
. Business process support
. IPT
. Cost versus anticipated savings
At a minimum, the PIR team will evaluate
stakeholder and customer satisfaction with the
end product, mission impact, and technical
capability, as well as provide decision-makers
with lessons learned so as to improve the
investment decision-making process.
The review will provide a baseline to decide
whether to continue the system without
adjustment, to modify the system to improve
performance or, if necessary, to consider
alternatives to the implemented system. Even
with the best system development process, it is
possible that a new system will have problems
or even major flaws that must be solved to
obtain full investment benefits. The PIR should
provide decision-makers with useful information
on how best to modify a system, or to work
around the flaws in a system, to improve
performance and bring the system further in
alignment with the identified business needs.
If the PIR is being conducted after an investment
or project's termination, it should focus on the
reasons why the investment failed and how the
Agency can improve itself.
CPIC Procedures for the OMB Exhibit 300
90
Appendix J - Conducting a Post
Implementation Review (PIR)
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
?5.3 Process
As detailed below, there are four major steps in
conducting a PIR. These steps are designed to
follow GAO guidance in its report Information
Technology Investment Management, A
Framework for Assessing and Improving
Process Maturity, May 2000, Version 1.
15.3.1 Initiate PIR
The PIR team initiates a review by preparing
and sending a memorandum to the Project
Sponsor stating the review has begun. The
memorandum should include a schedule for the
planned review and indicate any areas that may
receive special review emphasis.
15.3.2 Analyze Quantitative Data
Quantitative data is easily measured with
numbers. Quantitative data can include the
dollar amount of costs, the dollar amount of
benefits, the number of days to complete a task,
the dollars associated with risks and the
percentages or numbers associated with
performance, to name a few.
The PIR team gathers quantitative data on cost,
returns, risk, schedules and performance
metrics from the IPT. Analysis involves
conducting cost benefit analysis and analysis of
project schedules and impacts that resulted in
schedule slippages.
15.3.2.1 Cost Benefit Analysis
A review of the costs and returns begins with the
cost benefit analyses provided in the Exhibit
300. The PIR team will review the analysis for
each CPIC submission to ensure that the
changes to the calculation are supported and
that the calculation hasn't changed simply to
show the investment in the best light.
Next, the team will audit the costs associated
with the line items to ensure that they are
reasonable and that no actual costs were left out
of the calculation. Actual costs can be
compared against historical organization data,
market research, publications, and special
studies for validity. The annual risk adjustment
is audited using the same methodology,
ensuring that the risk adjustment is reasonable.
Benefits are more difficult to quantify and must
be tested to ensure that they were contributed
solely by this investment. Percentage
contributions must also be tested. The team will
quantify increases in accuracy, availability,
improved efficiency and reliability by estimating
how much it would cost the Agency if the
investment wasn't developed. External studies
are used to validate the actual amounts
associated with benefits for reasonability.
The DRs used in the Exhibit 300 submissions
are audited to ensure that they are the correct
rates issued by the OMB Circular A-94. New
discounted amounts are recalculated, along with
the return on investment. If there is a variance
to estimate of 10% or more, the IPT should
recommend corrective measures and develop
the costs and benefits associated with those
corrective measures.
Total Discounted Benefits
Less Total Risk Adjusted Discounted Cost
= Net Present Value
Net Present Value
Divided By Total Risk Adjusted Discounted Cost
= "Risk Adjusted" ROI
Many investment portfolios have minimum ROI
criteria, and if the investment under review
doesn't meet the minimum percentage, the PIR
and IPT will need to develop corrective
measures, as described above.
15.3.2.2 Performance Measurement
Analysis
First, the review team will review the baseline
performance measures to ensure that they are
reasonable for this type of investment.
Next, the review team will use data gathered
from the IPT, and validated by independent
sources, to determine if the investment has
actually performed to expectations. Note that
many newly implemented systems may not have
sufficient data to guarantee an accurate
evaluation, so the experience of the PIR team
with the investment and technology under
review will add credibility to the evaluation. In
the absence of certain statistics, the review team
may perform onsite observations to measure
specific criteria.
CPIC Procedures for the OMB Exhibit 300
91
Appendix J - Conducting a Post
Implementation Review (PIR)
-------�
U . 3 . En
I % c / v o / v A y s? /_•• c y
15.3.3 Analyze Qualitative Data
Qualitative data isn't as easily measured as
quantitative data. Qualitative data includes
items such as customer satisfaction, project
justification, and technology assessments.
The PIR team gathers data on user
requirements, project justification, decision
factors, risk factors, and the solution design.
User requirements and customer satisfaction
can be obtained by interviewing all stakeholders
and collaborating partners. The interviews
should help the team develop an understanding
of the system's goals, objectives and benefits as
described in the business case. Additionally, the
interviews will help the team determine how
efficiently and effectively the system's
objectives, goals, performance measures, and
benefits are being achieved, as well as identify
system deficiencies and enhancement needs.
The PIR team will evaluate the technological
solution to ensure that it was the best alternative
available in terms of design, security, speed,
reliability, and use of e-business technologies. It
will also evaluate the process by which the
decision was made to proceed with the chosen
solution to ensure that the decision was
independent and not coerced by internal or
external forces.
The review team attains any existing investment
documentation and analyzes the information to
understand the investment scope, generate
interview and survey questions, prepare for
system overview briefings, and plan the PIR.
The review team also reviews any existing
reports and memos from prior CPIC cycles to
uncover any findings or outstanding issues.
15.3.4 Issue Report
After comments are received from the Project
Sponsor, the review team prepares the Final
Report and submits it for the IIS, the QIC and
OEI for review. Findings and recommendations
must be clear, concise and well supported by all
data gathered to avoid any misunderstandings.
The report will be submitted as part of the
Evaluate Phase of the CPIC process. It is
hoped that corrective measures recommended
as part of the PIR will be fully analyzed and
planned for in the current CPIC cycle so any
corrective measures identified or required can
begin as soon as possible.
The PIR team may also develop process
improvement suggestions for the review
process, which should be submitted to OEI as
part of the report.
CPIC Procedures for the OMB Exhibit 300
92
Appendix J - Conducting a Post
Implementation Review (PIR)
-------�
ni
16Appendix K - Project Management
16.1 Purpose
Project Management is a crucial element for IT
investment success. It involves executing
management practices that will ensure
successful investment development and
implementation. Project Management involves
areas such as project planning, scope
management, cost, schedule, performance, risk,
and organizational management. The Project
Manager is ultimately responsible for the
investment's success and for ensuring that the
investment delivers the functionality and
capabilities expected by stakeholders. One of
the greatest project management challenges is
identifying risks and executing management
techniques that mitigate the risks to ensure
timely and successful completion.
16.2 Components
Project Management involves assessing and
completing the following components to help
ensure the investment's successful completion.
16.2.1 Project Planning
Project planning provides a foundation on which
to base anticipated efforts and related costs.
Additionally, it helps identify investment
components and illustrates these components in
a project plan. Project planning includes:
. Scope definition
. Activity identification
. Activity duration estimation
. Activity sequencing
. Cost estimation
. Schedule development
. Project staffing/resourcing
. Work breakdown structure
. Project plan development
Investments typically involve multiple complex
components that may interface with other
proposed/existing systems or data. Integrating
components can be challenging, so use a Work
Breakdown Structure (WBS) to support
improved integration and management. A WBS
provides a management framework by
separating the investment lifecycle into distinct,
manageable components related to various
activities and interfaces. Each component is
defined with appropriate activities and tasks. An
individual or team is assigned to the lowest task
level, which enables the Project Manager to
more effectively estimate the cost and schedule
for completing the individual components,
supporting sequencing activities and identifying
interdependencies. The WBS also provides a
basis to identify milestones and develop
resource and schedule estimates.
Table 16.1 provides an example of a WBS. The
first column contains activity or task numbers.
The second column contains the names of the
activities or tasks. In the table, activity 100 is a
high level activity. The lowest-level activities
that need to be completed to "Define Project"
are listed as activities 10 through 70. If the
project manager decides to insert three detailed
activities for "Define Project Scope" he or she
would create new activities and number them
21,22, and 23.
16.2.2 Scope Management
Scope management frames what is expected of
the investment's ultimate capability and
functionality, directly impacting functional and
system requirements development. After setting
scope criteria, maintain requirements traceability
throughout the project lifecycle and implement
configuration management procedures to
effectively manage scope creep. Project scope
should be based on the business requirements
identified during the Select Phase and traced
throughout the project lifecycle. By continuously
reviewing user requirements through the SLC
and CPIC processes, project changes and risks,
and ultimately scope, are managed.
CPIC Procedures for the OMB Exhibit 300
93
Appendix K - Project Management
-------�
U. 3. .En y / r & n n i z> n i ;i I P f o i 'j "f: -I i o r* A g ti ft r y
Table 16.1 - Sample Work Breakdown
Structure
Project Plan
100
10
20
30
40
50
60
70
200
10
20
30
40
50
60
70
80
90
300
10
20
30
MPMP1
Define Project
Determine Project Objectives
Define Project Scope
List Project Products
Determine Project Constraints
Select Project Approach
Determine Project Standards
Assess Project Risks
Make Project Plan
Define Work Breakdown Structure
Determine Activity Dependencies
Define Project Milestones
Determine Project Organization
Estimate Effort
Allocate Resources
Schedule Activities
Develop Budget
Assess Project Risks
Obtain Project Approval
Assemble Project Plan
Present Project Plan
Agree to Project Plan
Milestone PMP1
Link system features, functions, and capabilities
to original customer requirements throughout the
entire planning, acquisition, design and
implementation phases to ensure accurate
system or network design. The work completed
as part of the Cost Benefit Analysis forms a
structure for this linkage. Refer to Appendix E -
Cost Benefit Analysis and Alternative
Selection for examples.
16.2.3 Risk Assessment
Risk is inherent in every investment so don't
expect to eliminate risk completely. Expect to
develop effective risk mitigation strategies,
manage them actively, and adjust them to
changes in internal and external pressures.
A Risk Inventory and Assessment is required
during SLC Definition and CPIC Select, and
should be used as part of the project plan to
ensure consistency. Refer to Appendix F -
Risk Assessment for a tutorial on how to
develop a risk mitigation strategy. Include the
tasks and milestones from this strategy into the
project plan.
16.2.4 Cost and Schedule
Management
Effective investment management involves
establishing cost and schedule baselines.
Collect information, analyze, and compare it to
original projections and the current baseline.
Identify variances and take appropriate actions
including communicating problems and
corrective measures with senior management.
Corrective measures should be recorded in the
CPIC documentation in the Project and Funding
Plan section of Exhibit 300. The OMB is
requiring the use of Earned Value Management
techniques and tools to identify cost and
schedule slips early enough to correct. Refer to
Appendix I - Earned Value Management as a
tutorial on how to complete this part of the
business case and project management.
16.2.5 Performance
An investment's ultimate objective is to meet or
exceed the Agency's performance gap by
ensuring the investment satisfies stakeholder
performance expectations and business
requirements. In the Select Phase, performance
planning includes defining performance
measures and identifying activities required to
ensure performance objectives will be met (see
Appendix D - Performance Measurement).
This may include benchmarking to establish a
baseline and to further refine the investment's
performance objectives. The Control Phase
includes a continuous monitoring of the
performance baseline including quality reviews,
tests, or pilot tests. In the Evaluate Phase, a
PIR helps compare actual investment
performance with expectations (see Appendix J
- Conducting a Post-Implementation Review).
Performance management is a continuous
activity that evaluates how well the investment
and IPT perform.
CPIC Procedures for the OMB Exhibit 300
94
Appendix K- Project Management
-------�
niter; l
16.2.6 Organizational
Management
Organizational management skills needed to
manage an investment include project staffing,
communications, and organizational
understanding. Project Managers should be
able to identify the needed skill sets and assign
appropriate personnel to accomplish a given set
of activities. Project Managers should also have
the requisite interpersonal and leadership skills
to communicate with both the project team and
stakeholders, including possessing a vision for
the investment and how to best meet
stakeholder expectations, as well as ensuring
the project team is able to focus on assigned
tasks/activities. Additionally, Project Managers
should be able to communicate and build
consensus with key stakeholders, since this
ultimately impacts the investment's success or
failure.
CPIC Procedures for the OMB Exhibit 300
95
Appendix K- Project Management
-------�
Document Control
Date
11/14/03
3/23/04
3/31/04
4/28/04
5/7/04
6/29/04
7/1/04
7/8/04
12/30/04
Version
1.0
2.0
2.1
2.2
2.3
2.4
2.5
2.6
3.0
Section
All
All
All
All
Executive Summary
All
Various
5
Various
Reason
Completed
Incorporates new
information, and
changes in
information contained
in version 1 .0
Incorporates OEI
CPIC Team changes
Incorporates OEI
CPIC Team changes,
including a new
Executive Summary
Incorporates
additional OEI
changes
Change from Draft to
Interim
Incorporates
additional OEI Senior
Management changes
Incorporates EPA
Security Intranet Site
Link
Incorporates feedback
received from EPA
Portfolio Managers
during the BY 2006
CPIC cycle.
By
OEI
OEI
OEI
OEI
OEI
OEI
OEI
OEI
OEI
The purpose of the Document Control Section/Matrix is to ensure that reviewers are reading and
editing the most current version of the document. Version Control is necessary to ensure that
edits are not neither overlooked nor duplicated, and that said changes can be undone if necessary.
CPIC Procedures for the OMB Exhibit 300
96
Document Control
-------�
f'D'isiJ .*TJ/o ft-'effort *i €/£: ^ c y
APPROVED: /J DATE:
Mark Day, Director
Office of Technology Operations and Planning
CPIC Procedures for the OMB Exhibit 300 97 Concurrence
-------� |