ISA 201 Intermediate Information System Acquisition

Transcription

1 ISA 201 Intermediate Information System Acquisition

2 Lesson 4

3 Learning Objectives Today we will learn to: Given the decision to develop a DoD IT/SW system, select the appropriate acquisition strategies to promote the most effective technical and business solution. - Recognize the characteristics of possible acquisition models for an IT/SW Acquisition Strategy. - Identify relevant considerations that influence the acquisition strategy of a software-reliant system. Given an overview of the Business Capability Acquisition Cycle (BCAC), identify the objective of the Capability Need Identification phase. Given a DoD IT/SW acquisition program, describe the Capital Planning and Investment Control (CPIC) responsibilities for IT Portfolio management. Given a DoD IT/SW acquisition scenario, apply appropriate laws, policies, directives and guidebooks to guide the acquisition. - Describe the impact of Title 40/CCA on acquisition of Information Technology (IT). - Apply the eleven (11) compliancy requirements of Title 40/CCA to a given DoD IT System. 3

4 Lesson Overview Lesson Plan Planning Considerations - Exercise Product-Tailored Acquisition Models - Exercise Business Capability Acquisition Cycle DODI Focus on Performance Following the Law 4

5 Thoughts on Planning "In preparing for battle I have always found that plans are useless, but planning is indispensable." Gen D. D. Eisenhower "To be prepared is half the victory." Cervantes "It pays to plan ahead. It wasn't raining when Noah built the ark." Unknown "Prior proper planning prevents painfully poor performance." 5

6 Why the Focus on Upfront Planning? 6

7 Planning and DoDI

8 Exercise: Planning a Software Acquisition Scenario 1: An Enterprise Resource Planning (ERP) application to manage financial planning functions for the Air Force Materiel Command. The system recently received an ADM at MS A for entering the TMRR phase. Estimated Total Life Cycle Cost of the System is $525M Scenario 2: A C4I System providing targeting info to the Army s Advanced Missile System. The system recently received permission to release a Development RFP for work in the EMD phase. Estimated RDT&E cost of the System is $200M Scenario 3: A major upgrade to the weapons management system, containing both hardware and software upgrades, to handle new threats on a fielded tactical fighter aircraft. The system recently received an ADM at MS A for entering the TMRR phase. Estimated Life Cycle Cost of the System is $530M Scenario 4: A web-based data management system for CENTCOM to manage incoming intelligence data. The system has been classified by the DoD as a major, highly sensitive classified program. The system recently received an ADM at MS B for entering EMD. Estimated Life Cycle Cost of the System is $120M Scenario 5: An advanced UAV system for collecting intelligence data via link 16 as needed by the force commander. The system recently received an ADM at MS C for eventual fielding. Estimated Life Cycle Cost of the System is $590M 8

9 Exercise: Planning a Software Acquisition Use the current DoDI to research and prepare a brief for the class on the following: 1. Acquisition Model best fitting the scenario (pages 8 15) 2. Appropriate ACAT/MAIS level (Enclosure 1, Table 1) 3. The next major lifecycle event? (Enclosure 1, Table 2) 4. The documentation requirements* for the next major lifecycle event (indicate whether it is new or and update) (Enclosure 1, Table 2) *Note: To identify the documentation requirements (task 4), you can use either the or the Milestone Document Identification Tool found at: 9

10 Lesson Overview Lesson Plan Status Planning Considerations Product-Tailored Acquisition Models - Exercise Business Capability Acquisition Cycle Focus on Performance Following the Law 10

11 Product-Tailored Acquisition Models (DoDI ) Four basic models are tailored to the dominant characteristics of the acquisition The hybrids are described because many products will require combining models Model 1: Hardware Intensive Program Model 2: Defense Unique Software Intensive Program Model 3: Incrementally Deployed Software Intensive Program Model 4: Accelerated Acquisition Program Model 5: Hybrid Program A (Hardware Dominant) Model 6: Hybrid Program B (Software Dominant) The models provide baseline approaches. A specific program should be tailored to the unique character of the product being acquired. 11

12 Defense Unique Software Intensive System (Model 2) The number and type of builds will depend on system type. 12

13 Incrementally Deployed Software Intensive System (Model 3) 13

14 Hybrid Program A (HW Dominant) Model 5 14

15 Hybrid Program B (SW Dominant) Model 6 15

16 Lesson Overview Lesson Plan Status Planning Considerations Product-Tailored Acquisition Models - Exercise Business Capability Acquisition Cycle Focus on Performance Following the Law 16

17 Acquisition Model Selection - Exercise Select one of the models for JTAMS development, explain the model in additional detail (include risk), and justify your selection. Selected Model Depiction Model: Model Overview (including risk): Justification (Why this model): REFERENCES: DoDI and the JTAMS Overview for LSN 4 (Exercise Folder); See Student Template 17

18 Lesson Overview Lesson Plan Status Planning Considerations Product-Tailored Acquisition Models Business Capability Acquisition Cycle Focus on Performance Following the Law 18

19 Business Capability Acquisition Cycle (BCAC) What is a Defense Business System? - An information system operated by, for, or on behalf of the Department of Defense, including financial systems, mixed systems, financial data feeder systems, and information technology and information assurance infrastructure, used to support business activities, such as acquisition, financial management, logistics, strategic planning and budgeting, installations and environment, and human resource management. What differentiates a Business System from a C2 or Platform IT system? Why develop a separate Acquisition Process for DBS systems? 19

20 Why BCAC? DoDI milestones, models and documentation did not provide the proper structure for managing business systems Tailoring for a business system often took too much time and effort, making it hard to justify the benefits it produced The biggest differences from previous state of practice - Alignment of acquisition, functional, infrastructure and IT investment governance to streamline decision-making - Information-centric approach to evaluating programs rather than reliance on acquisition and requirements documentation 20

21 Benefits of BCAC Aligns acquisition of DoD business systems to commercial best practices Achieves performance improvements, efficiencies and effectiveness Ensures acquisition is a joint responsibility of the functional and acquisition communities Drives toward COTS and existing GOTS solutions and away from home-grown, customized solutions Establishes tailorable ATP decision points to deliver business capabilities Complete lifecycle management of business systems under 10 U.S.C

22 Policy and Guidance DODI , Business Systems Requirements and Acquisition for the Business Capability Acquisition Cycle (BCAC); February 2, Removes DBS from the DoDI policy and process model - Applies to: DoD, OSD, Mil Deps, Joint Staff, CCMDs, DoD IG, Defense Agencies, DoD Field Activities, and all DoD Components - Supporting resources - BCAC Community of Practice - DCMO Investment Review Guidance - BCAC Concept of Operations Other materials are being planned and will live on the Community of Practice (new BCAC CCA Compliance Checklist tailored for DBS) 22

23 BCAC Overview 5 Step Process 1. Capability Need Identification 2. Business Solution Analysis 3. Business System Functional Requirements & Acquisition Planning 4. Business System Acquisition Testing & Deployment 5. Capability Support Keys to Success Authority to Proceed (ATP) to Next Phase Teamwork, not stovepipes Inputs Processes Outputs Decision Authority may change but leaders must stay involved throughout Information, not Documents BCAC is cyclical and flexible with steps repeating as necessary in order to drive more rapid achievement of intended outcome(s) 23

24 BCAC Overview 25

25 BCAC Decisions and Artifacts 26

26 Business System Categories (DoDI ) I II III Category/Reason for Designation Priority defense business system expected to have a total amount of budget authority over the period of the current FYDP in excess of $250,000,000; or DCMO designation as priority based on complexity, scope, and technical risk, and after notification to Congress Does not meet criteria for Cat 1, and: Expected to have a total amount of budget authority over the period of the current FYDP in excess of $50,000,000 DCMO or MILDEP CMO designation as requiring CMO certification Decision Authorities Requirements Validation/ CMO Cert: DoD DCMO or as delegated MDA: DAE or as delegated (not below CAE) CCA compliance: DoD CIO (joint) otherwise Component CIO Cybersecurity Strategy: DoD CIO Requirements Validation/ CMO Cert: MILDEP CMO or as delegated MDA: CAE or as delegated CCA compliance: DoD CIO (joint) otherwise Component CIO Cybersecurity Strategy: DoD CIO Does not meet criteria for Cat II All Decision Authorities same as Cat II, except CMO certification not required 27

27 Lesson Overview Lesson Plan Status Planning Considerations Product-Tailored Acquisition Models Business Capability Acquisition Cycle Focus on Performance Following the Law 28

28 Legislative and Policy Drivers The Chief Financial Officers Act of 1990 Government Performance and Results Act of 1993 The Paperwork Reduction Act of 1995 Federal Financial Management Improvement Act of 1996 The Clinger-Cohen Act of 1996 The President s Management Agenda of 2002 OMB Circular A 11 OMB Circular A

29 Federal Focus on Performance GPRA Strategic Plan Goals Strategic IT Plan Goals IT Performance Measures Operational IT Plan GPRA APP Goals Performance Measures President s Mgt Agenda IT Performance Measures Portfolio Summary Goals IT Investment Portfolio IT Investments IT Budget Major IT Business Case Goals IT Investment Architecture, FEA Security GPEA, Info Quality, Acquisition Strategy IT Performance Measures Business Case/ Benefit cost Analysis Acquisition Planning Budgets GPEA Security Architecture Accessibility 30

30 IT Investment Planning Must ensure IT investments are aligned with and support the DoD strategic plan and Information Resources Management (IRM) Strategic Plan 2 Parts Agency Portfolio and Major IT Investment Business Cases Reporting to OMB - Agency IT Portfolio Summary - Agency Cloud Spending Summary - Agency IT Infrastructure Spending Summary - Major IT Business Case - Major IT Business Case Detail IT Portfolio Summary ref: OMB Circular No. 11, Section 55 & OMB Circular No. 11, Section 25.1 Major IT Business Case ref: OMB Circular No. 11, Section 55 & OMB Circular A

31 Why Report? Required by OMB 1/ to review, evaluate and compare agency's IT spending. Supports Clinger Cohen Act Requirement Supports the Federal Information Technology Acquisition Reform Act (FITARA), passed by Congress in December 2014 Gives an understanding and allows comparison of spending on new capabilities, modernization, and maintenance Captures IT security costs for all IT investments as required by the FISMA 1/ OMB IT Capital Planning Guidance issued through OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) 32

32 Agency IT Portfolio The President's Budget Agency IT Portfolio Summary is a complete report of all IT resources within the Agency. Agencies are required to submit all of their IT budget-related costs to OMB annually. The Agency's complete IT Portfolio must be reported for all major and non-major IT Investments, including migration-related and funding contributions to IT shared services. IT funding levels reported in the Agency IT Portfolio Summary should be consistent with the Agency's budget materials and should be categorized based upon the following four (4) parts: DoD guidance for submission of the IT Budget is at DoD Financial Management Regulation (DoD R), Volume 2B, Chapter 18 33

33 Major IT Business Case Justification, planning, and implementation of an individual capital asset included in the Agency IT Portfolio Summary Key artifacts of the Agency s Enterprise Architecture (EA) and IT Capital Planning and Investment Control (CPIC) processes. Two components: - Major IT Business Case: Data on the strategic relevance, planning, budgeting, and technical capability for Agency Major IT Investments. - Major IT Business Case Details: Captures Investment plans and performance data. 34

34 Major IT Business Case Developed and maintained annually by the Program Office based on the determination of the DoD CIO. Contents include: Major IT Business Case: - Section A: General Information - Section B: Investment Detail - Section C: Life Cycle Costs - Section D: Acquisition/Contract Strategy - Section E: Systems Inventory (Administrative Services and Support Systems only) - Section F: Cost & Capabilities (for IT Security and Compliance Standard Investment(s) only) Major IT Business Case Details: - Section A: General Information and Risk Data - Section B: Project Plan and Execution Data - Section C: Operational Data 35

35 Lesson Overview Lesson Plan Status Planning Considerations Product-Tailored Acquisition Models Business Capability Acquisition Cycle Focus on Performance Following the Law 36

36 What is the Clinger Cohen Act? Information Technology Management Reform Act (ITMRA) and Federal Acquisition Reform Act (FARA) combined Attempt to resolve the following perceived issues: - Money spent on IT was spent with no Business Process Improvement in mind - Little improvement in mission performance from $$ spent on IT - Implementation of ineffective information systems resulted in waste, fraud, and abuse - Outdated approaches to buying IT did not adequately take into account the competitive and fast paced nature of the IT industry and the continuing evolution of IT equipment and SW 37

37 Purpose of CCA/Title 40 "To ensure Information Technology (IT) investments provide measurable improvements in mission performance" Title 40/CCA poses three questions: Are the functions consistent with mission? Could the functions be performed more economically by private sector (or another government agency)? Have the functions been redesigned and reengineered before applying new technology? 38

38 CCA Compliance in DoD For all programs that acquire IT, including NSS, at any acquisition category (ACAT) level, the Milestone Decision Authority (MDA) will not do the following until CCA Compliance is confirmed: - initiate a program nor an increment of a program, - or approve entry into any phase of the acquisition process that requires formal acquisition milestone approval. The DoD Component will not award a contract for the applicable acquisition phase until: - The sponsoring DoD Component or program manager has satisfied the applicable requirements of the CCA as shown in Table 9 in Enclosure 1 of this instruction; and - The DoD Component Chief information Officer (CIO), or their designee, confirms compliance with the CCA. 39

39 CCA Compliance Actions Required Program Documentation 1 ***Make determination that the acquisition supports core ICD approval priority functions of the Department 2 *** Establish outcome-based performance measures ICD, CDD, CPD and APB linked to strategic goals. approval 3 *** Redesign the processes to reduce costs, improve effectiveness and maximize the use of COTS technology. Approval of the ICD, Concept of Operations, AoA, CDD, and CPD 4 * No private sector or government source can better Acquisition Strategy page XX, support the function. para XX; AoA page XX 5 * An Analyses of Alternatives has been conducted. AOA 6 * An economic analysis has been conducted that includes a calculation of the return on investment; or for non-ais programs, an LCCE has been conducted. Program LCCE; Program Economic Analysis for MAIS * For weapons systems and command and control systems, these requirements apply to the extent practicable (40 U.S.C. 1451) ** The system documents/information cited are examples of the most likely but not the only references for the required information. If other references are more appropriate, they may be used in addition to or instead of those cited. *** These requirements are presumed to be satisfied for Weapons Systems with embedded IT and for Command and Control Systems that are not themselves IT systems. 40

40 CCA Compliance 7 8 Actions Required There are clearly established measures and accountability for program progress The acquisition is consistent with the DoDIN (DoD Information Network) policies and architecture, to include relevant standards Program Documentation Acquisition Strategy page XX, para XX; APB APB (Interoperability KPP); C4ISP (IER s) 9 The program has an information assurance strategy that is consistent with DoD policies, standards, and architectures, to include relevant standards Cybersecurity 10 To the maximum extent practicable, (1) modular contracting has been used, and (2) the program is being implemented in phased, successive blocks, each of which meets part of the mission need and delivers a measurable benefit, independent of future blocks Acquisition Strategy page XX, para XX 11 The system being acquired is registered. DoD IT Portfolio Repository DON (DITPR-DON) 41

41 Title 40/CCA Impacts DoD Chief Information Officer (CIO) Registration of Mission Critical or Mission Essential IT systems Required for all IT systems including weapon systems Institutionalized in the DoDI

42 Summary Today we learned to: Given the decision to develop a DoD IT/SW system, select the appropriate acquisition strategies to promote the most effective technical and business solution. Recognize the characteristics of possible acquisition models for an IT/SW Acquisition Strategy. Identify relevant considerations that influence the acquisition strategy of a software-reliant system. Given an overview of the Business Capability Acquisition Cycle (BCAC), identify the objective of the Capability Need Identification phase. Given a DoD IT/SW acquisition program, describe the Capital Planning and Investment Control (CPIC) responsibilities for IT Portfolio management. Given a DoD IT/SW acquisition scenario, apply appropriate laws, policies, directives and guidebooks to guide the acquisition. Describe the impact of Title 40/CCA on acquisition of Information Technology (IT). Apply the eleven (11) compliancy requirements of Title 40/CCA to a given DoD IT System. 43