1.5.3 Agency IT Authorities – OMB Guidance
This section consists of language from OMB guidance that further demarcates, expands upon, or clarifies IT authorities assigned to agencies. This language directly or indirectly tasks the CIO with duties or responsibilities pertaining to IT investment management. See sections on OMB Memoranda and OMB Circulars for more information about these forms of OMB guidance. See sections on Office of Inspector General (OIG) and Government Accountability Office (GAO) to review how compliance with policies is measured.
- Conduct definitive technical, cost, and risk analyses of alternative design implementations, including consideration of the full life cycle costs of IT products and services, including but not limited to, planning, analysis, design, implementation, sustainment, maintenance, re- competition, and retraining costs, scaled to the size and complexity of individual requirements; and
- Ensure that all acquisition strategies, plans, and requirements (as described in FAR Part 7), or interagency agreements (such as those used to support purchases through another agency) that include IT are reviewed and approved by the purchasing agency’s CIO. purchases through another agency) that include IT are reviewed and approved by the purchasing agency’s CIO. (OMB Circular A-130. Managing Information as a Strategic Resource. Page 14.)
IT Investment Management
Agencies are responsible for establishing a decision-making process that shall cover the life of each information system and include explicit criteria for analyzing the projected and actual costs, benefits, and risks, including information security and privacy risks, associated with the IT investments. Agencies shall designate IT investments according to relevant statutes, regulations, and guidance in OMB Circular A-11, and execute processes commensurate with the size, scope, duration, and delivery risk of the investment. The IT investment processes shall encompass planning, budgeting, procurement, management, and assessment. For further guidance related to investment planning, refer to OMB Circular A-11, including the Capital Programming Guide. (Ibid)
Information Management and Access
- Incorporate the following steps, as appropriate, in planning, budgeting, governance, and other policies:
- Federal information is properly managed throughout its life cycle, including all stages through which the information passes, such as: creation, collection, use, processing, storage, maintenance, dissemination, disclosure, and disposition;
- Federal information is managed with clearly designated roles and responsibilities to promote effective and efficient design and operation of information resources management processes within their agency.
- Establish policies, procedures, and standards that enable data governance so that information is managed and maintained according to relevant statute, regulations, and guidance.
- Collect or create information in a way that supports downstream interoperability among information systems and streamlines dissemination to the public, where appropriate, by creating or collecting all new information electronically by default, in machine-readable open formats, using relevant data standards, that upon creation includes standard extensible metadata in accordance with OMB guidance. (Ibid)
Information Technology Investments
Agencies must submit information on their respective information technology (IT) investment portfolios, using the required formats, as applicable, as stated in the [annual] IT Budget – Capital Planning Guidance. This section provides general guidance related to reporting on IT and the templates used to collect that information. Section 25.5 provides electronic links to the definitions and specific reporting instructions and exhibits related to budgeting for investments in IT. (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Section 55.1. 2020.)
As part of the Budget process, OMB is required to develop and oversee a process for IT budgeting and portfolio management, with a detailed focus on all major capital investments, to include “analyzing, tracking, and evaluating the risks, including information security risks, and results of all major capital investments made by an executive agency for information systems.” 40 U.S.C. 11302. OMB also is responsible for IT Portfolio oversight (44 U.S.C. 3602), i.e., the use of information technologies to enhance access of information and delivery of services; and to increase the effectiveness, efficiency, service quality, or transformation of government operations. (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Section 55.2. 2020.)
Data Center Consolidation
The head of each covered agency, assisted by the CIO of the agency, is required to submit to OMB annually 1) a comprehensive inventory of the data centers owned, operated, or maintained by or on behalf of the agency, and 2) a multi-year strategy to achieve the consolidation and optimization of these data centers. Each agency, under the direction of its CIO, must submit quarterly updates on their progress towards activity completion, consolidation & optimization metrics, and cost savings realized through the implementation of their strategy. (OMB M-19-19. Update to Data Center Optimization Initiative (DCOI). 6/25/2019.)
Investment Management Reporting
An agency’s IT investment management and reporting of IT investments must clearly demonstrate that each investment is needed to help meet the agency’s strategic goals and mission and show how governance processes are used to plan, select, develop, implement, and operate those IT investments. Furthermore, each IT investment should demonstrate the enabling and improvement of mission and program performance by providing meaningful data. Agencies demonstrate the IT Investment requirements and governance processes through Agency Major IT Business Cases, supporting documentation, Information Resources Management Strategic Plan, Enterprise Roadmap, and Agency IT Portfolio Summary submissions. The agency must further demonstrate how the investment supports a business line or enterprise service performance goal as documented in the agency’s enterprise architecture (EA), and annual Enterprise Roadmap submission to OMB. (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Section 55.4. 2020.)
[OMB M-10-27 Information Technology Investment Baseline Management Policy memorandum] provides policy direction regarding development of agency IT investment baseline management policies and defines a common structure for IT investment baseline management policy. Baselined plans act as a guide throughout the life of an investment to provide a basis for measuring performance, identify who is accountable for the deliverables, describe the implementation approach and interdependencies, identify key decisions, and embed quality assurance and reviews. Ultimately, baseline management demonstrates that a project is under financial and managerial control.
To provide a cohesive policy towards baseline management, this memorandum integrates the requirements in OMB Circular A-11, Part 7, and Federal Acquisition Regulation Subpart 34.202 with Federal IT Dashboard practices and guidance. This policy only addresses the establishment, management, and change to investment baselines. Agencies should reference other OMB requirements, including Circular A-130 and the Capital Programming Guide, to describe full lifecycle management of IT capital investments.
Agencies [should have created or updated] existing IT investment baseline management policies within 90 days of issuance of this policy and develop training plans for personnel with investment oversight and program management responsibilities that at a minimum address the policies outlined in Appendix A of this memorandum.
Appendix A. Per FAR Subpart 34.2 and OMB’s Capital Programming Guide, a supplement to Circular A-11, Part 7, agencies shall implement an Integrated Baseline Review (IBR) or baseline validation process as part of an overall investment risk management strategy.
Agency policy shall address: (I) establishing an investment baseline; (II) rebase lining an investment; (III) notifying OMB of new and changed baselines; (IV) managing and monitoring baselines via the use of performance management systems, (V) Federal IT Dashboard reporting requirements; and (VI) policy specific for Major IT Programs of the Department of Defense. (OMB M-10-27. Information Technology Investment Baseline Management Policy. 6/28/2010.)