P2C2 Header for Newsletter
FEDERAL SECTOR REPORT

January 2004

IN THIS ISSUE

Improve Scores on Your OMB Exhibit 300s
Link of the Month: Federal CIO CPIC Information
Consulting Services
Home Page


IMPROVE THE SCORES OF YOUR OMB EXHIBIT 300S
First of a Three-Part Series on the Federal IT Capital Planning & Investment Control Process

Funding for federal information technology (IT) projects is becoming increasingly competitive as more and more departments and agencies face a tightening U.S. budget. Major IT projects, especially new initiatives, must score well when OMB evaluates the Exhibit 300 Business Cases that support project investments.

Background. OMB has introduced a rigorous process for justifying major investments in information technology. This process is known as Capital Planning and Investment Control (CPIC), and the most visible part in the budget process is submission of the Exhibit 300 Business Case to OMB. The Exhibit 300 is defined in OMB Circular A-11, Section 300, and it is a highly structured format submitted to OMB in Extensible Markup Language (XML) code. The basic OMB guidance and a blank Exhibit 300 format are available at http://www.cio.gov/documents/s300.pdf.

Four years ago, it was possible to fill up the OMB Exhibit 300 with platitudes, a few numbers, and fuzzy promises of happy outcomes. That is no longer the case, though we still observe some 300s that are written in fantasyland. However, unless you do you your homework and prepare the 300 to score well, you risk being awarded a lump of coal or a switch rather than budget approval.

Last spring, an OMB official told me that their reviews generally focus on priorities that are not always obvious to IT system owners who oversee the preparation of the Exhibit 300s. System owners tend to provide lengthy narratives of need and justification of expenses. But they often fall short on demonstrating sound homework in the areas of alternatives, financial evaluation, earned value management, technical and business architecture, risk, and security.

Today's scoring system reminds me of a heartless banker. You could sing and dance about how your company had a great future, but he would then go into the back room and do his MBA number crunching. The computer would analyze financial ratios and flows. Regressions would lead to trend analyses. The banker would score the company and make a determination of whether to (1) provide a full line of credit if guaranteed with your life, (2) award two dollars and keep you on a short leash, or (3) offer a tin cup so you could ask for money on a Pennsylvania Avenue streetcorner.

Well, OMB may not be heartless, but if you don't score well, you may have to resort to the tin cup.

First in a Series
This is the first of a series of three articles about how to improve your agency's performance in management of the Exhibit 300 Business Case process. All three will be written within the context of the broad CPIC process because the Exhibit 300 must reflect robust CPIC management throughout a project's lifecycle.

This first article focuses on the obvious but frequently ignored fact that your Business Case must be prepared thoroughly with an intense focus on scoring well, based on OMB's criteria. The second and third articles will present:
  • Steps for Developing New Exhibit 300 Business Cases
  • How to Streamline the Enterprise Management Process for Business Cases so You Don't Drown in Paperwork
Go for the Points

This first article is perhaps the most difficult to write because it deals with the obvious: OMB decision making is driven by published and well-know rules. OMB is not arbitrary; it generally follows its rules ... sometimes relentlessly. This leaves me sounding like a nag who fusses about the obvious: "Wear your seat belt. Eat your brocolli." But the bloody fact is that many Exhibit 300 developers forget to focus on the points. Each question must be answered to score the points, and this goes for having detailed tables and timely milestone dates for risks, acquisition, and security plans.

Reviewing OMB's scoring system is about as exciting as eating broccoli, and one advance reader of this issue of the newsletter gagged on reading through OMB's language for top ratings needed to achieve a "5" on each of the ten factors. But read it anyway, and memorize the rules for maximum points. It may make the difference between budget funding and a tin cup.

Caveat: Hitch Your Investment to an Effective Program, or Figure Out How to Make the Program Effective. A good score on your Exhibit 300 Business Case is just half the battle. A great business case that supports an ineffective program will likely be torpedoed. As OMB states, "A business case may score very high based on the criteria listed below but if the program it supports is deemed ineffective there may be no business case that can be made for the investment." So you have two choices:
  • Target IT investments to effective programs that are cost efficient and achieve measurable results to stakeholders and taxpayers
  • Redesign weak programs and use IT investments as part of the strategy for a major (and measurable) turnaround.
A Perfect 50?

OMB's scoring system has 10 factors, and a perfect score on individual factors is weighted as 5. That means that a perfect Business Case would rate a score of 50, a score that we've never seen achieved. Mid-40s is as high as we've seen, and here are OMB's scoring categories:

  • 41-50 Strong documented business cases (including all sections as appropriate).
  • 31-40 Very few weak points within the business case but still needs strengthening
  • 21-30 Much work remains to solidify and quantify the Business Case
  • 11-20 Significant gaps in the required categories of the Business Case
  • 1-10 Inadequate in every category of the required Business Case
Shooting for Top Scores. In developing your Exhibit 300, you should aim to prepare a Business Case that scores in the top rank (41 - 50). For a new initiative, you will typically need three to eight months of time to prepare your business case, depending upon complexity. The Exhibit 300 form can be prepared in as little as two weeks, but it is just the tip of the iceberg: The form is a high-level document that simply summarizes the CPIC requirements. You also must do your homework, which encompasses many details:

  • Lifecycle cost analysis
  • Budget formulation and reviews
  • A project description and justification
  • Alignment with agency performance plans and the President's management agenda
  • Measurable performance goals
  • A risk analysis and risk adjusted costs
  • Cost-benefits analysis and Return on Investment
  • Acquisition Plan
  • A detailed work breakdown structure with schedule, milestones, and resources
  • Alignment with the agency and Federal Enterprise Architecture
  • Information security documents
  • A Privacy Impact Assessment
  • Alignment with the Government Paperwork Elimination Act and E-Governmen


READ OUR FIRST LOOK AT THE NEW FORMAT































Send us your resume for confidential review.
How to Score a "5" on Each Factor

To win a "5" for each factor, you need to follow OMB's criteria for achieving the maximum points. We have quoted verbatim the OMB criteria for each factor's top score:

Life-Cycle Costs Formulation (Multiple Sections). Life-cycle costs seem to reflect formulation that includes all of the required resources and is risk-adjusted to accommodate items addressed in the RM. It appears that the investment is planned well enough to come in on budget.
Supports the President's Management Agenda Items (Multiple Sections of Exhibit 300). This is a collaborative investment that includes industry, multiple agencies, State, local, or tribal governments, uses e-business technologies, and is governed by citizen needs. If the investment is a steady state investment, then an E-Gov strategy review is underway and includes all of the necessary elements. If appropriate, this investment is fully aligned with one or more of the President's E-Gov initiatives.
Performance Goals (Exhibit 300 Part I, Section I.C). Performance goals are provided for the agency and are linked to the annual performance plan. The investment discusses the agency's mission and strategic goals, and performance measures are provided.
Project (Investment) Management (Exhibit 300 Part I, Sections I.D and I.H, and overall business case). Project is very strong and has resources in place to manage it.
Alternatives Analysis (Exhibit 300 Part I, Section I.E). 5 AA includes three viable alternatives, alternatives were compared consistently, and reasons and benefits were provided for the alternative chosen.
Risk Management (Exhibit 300 Part I, Section I.F). Risk assessment was performed for all mandatory elements and risk is managed throughout the investment.
Acquisition Strategy (Exhibit 300 Part I, Section I.G). Strong Acquisition Strategy that mitigates risk to the federal government, accommodates Section 508 as needed, and uses contracts and statements of work (SOWs) that are performance based. Implementation of the Acquisition Strategy is clearly defined.
Performance Based Management System (Exhibit 300 Part I, Section I.H). Agency will use, or uses an Earned Value Management System (EVMS) that meets ANSI/EIA Standard 748 and investment is earning the value as planned for costs, schedule, and performance goals.
Enterprise Architecture (Exhibit 300 Part II, Section II.A) for IT Only. This project (investment) is included in the agency EA and CPIC process. Project is mapped to and supports the Federal Enterprise Architecture and is clearly linked to the FEA Reference Models (BRM, PRM, SRM, and TRM). BC demonstrates the relationship of the investment to the business, data, application, and technology layers of the EA.
Security and Privacy (Exhibit 300 Part II, Section II.B). Security and privacy issues for the investment are addressed, all questions are answered, and a privacy impact assessment is provided in appropriate circumstances. Security/privacy detail is provided about the individual investment throughout the life-cycle to include budgeting for SE [Security].

LINK OF THE MONTH: FEDERAL CIO COUNCIL

The Web Site of the CIO Council is a good place to check for information about IT capital planning guidance. The Council does a good job of keeping an up-to-date store of OMB-related budget documents for information technology at http://www.cio.gov/documents/fy_2005_Budget_Submissions.html.

CONSULTING SERVICES

This is a great time to explore quality options for consulting services. E-mail or call to schedule a discussion with the P2C2 Group. Tell us more about your needs, and we can recommend a solution ... complete with a project plan, a team, and a cost estimate.

CPIC BRIEFING

We have prepared a briefing for federal agencies about the CPIC process and our services. Interested? Call us to schedule an appointment for our one-hour mini-workshop.
OMB Uses A 5-Point Scale

This article focuses on top scores (the "5" rating) for each of ten factors. We believe that these should be the goals for all developers of Exhibit 300 Business Cases. However, each of the factors actually has a 5-point rating scheme, and we are providing the scheme for one factor (Security and Privacy) here:

Security and Privacy (SE) (Part II, Section II.B)

5 Security and privacy issues for the investment are addressed, all questions are answered, and a privacy impact assessment is provided in appropriate circumstances. Security/privacy detail is provided about the individual investment throughout the life-cycle to include budgeting for SE.

4 Security and privacy information for the investment is provided but there are weaknesses in the information that need to be addressed.

3 Security and privacy information for the investment is provided but fails to address the minimum requirements.

2 Security and privacy information points to an overall Agency Security Process with little or no detail at this investment level.

1 There is no security or privacy information provided for the investment.

HOME PAGE

We've just completed an intensive project to support a new enterprise-wide initiative at the U.S. Department of Agriculture. Our work involved developing the:

  • Requirements Analysis
  • Questionnaire of User Requirements
  • Lifecycle Cost Estimates and Integrated Cost Models
  • Risk Management and Mitigation Plan
  • Cost Benefits Analysis and Alternatives Analysis
  • Enterprise-Wide Implementation Plan
  • Privacy Impact Assessment
  • Initial Information Security Documentation
  • Exhibit 300.
Special thanks to all of the helpful people at USDA and our business partner, Disys, Inc.
We are continuing our work at the Department of Labor, where we look forward to supporting the Veterans Education and Training Service through our business partner, K.W. Tunnell Company, Inc.
We are also looking for additional projects. So please let us know if you hear of challenging opportunities.

Jim Kendrick
Enterprise Management Consultant
4101 Denfeld Avenue
Kensington, MD 20895

kendrick@p2c2group.com
301-942-7985

Home | Services | Articles | Resources | Results| Contact