U.S. Department of agriculture

Washington, DC  20250

 

DEPARTMENTAL REGULATION

NUMBER:

DR 3130-013

 

 

SUBJECT:  Information Technology Capital Planning and Investment Control   

DATE:

July 8, 2016

OPI:  Office of the Chief Information Officer – Information Resource Management

 

 

 

Section                                                                                                                                    Page

 

         1.    Purpose                                                                                                                 1

         2.    Background                                                                                                          1

         3.    Authorities and References                                                                                  3

         4.    Special Instructions/Cancellations                                                                        5

         5.    Scope                                                                                                                    5

         6.    Policy                                                                                                                    5

         7.    Roles and Responsibilities                                                                                    7

         8.    Acronyms and Abbreviations                                                                             10

         9.    Procedures                                                                                                          11

         10.  Policy Exceptions                                                                                               11

         11.  Compliance                                                                                                         12

         12.  Inquiries                                                                                                              12

 

 

 

1.      PURPOSE

 

This Departmental Regulation (DR) establishes United States Department of Agriculture (USDA) policy, roles and responsibilities, and authorities for implementing the Information Technology (IT) Capital Planning and Investment Control (CPIC) program and associated supporting guidance. 

 

 

2.      BACKGROUND

 

a.          The Clinger-Cohen Act (CCA) of 1996 created the Office of the Chief Information Officer (OCIO) in Federal agencies and mandates that CPIC be established to significantly improve how agencies plan, select, fund, control, and evaluate IT investments.  The Act also requires agencies to undertake enterprise architectures (EA) designed to guide the IT investment decision process.  Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, provides general guidance for the Clinger-Cohen and related Acts, including focus on linking budget formulation and execution, and achieving agency missions and specific program outcomes.  The CCA makes heads of executive agencies responsible for the management of IT investments, including:  design and implement a process to maximize the value and assess and manage the risks of the IT acquisitions of the agency; provide for the selection of IT investments, the management of those investments, and the evaluation of the results of those IT investments; use a process that shall be integrated with the processes for making budget, financial, and program management decisions; and establish goals for improving the efficiency and effectiveness of agency operations and, as appropriate, the delivery of services to the public through the effective use of IT.

 

b.         The annually updated OMB Circular A-11, Preparation, Submission, and Execution of the Budget, provides specific guidance for content and presentation of the IT Capital Asset Plan and Business Cases (formerly the Exhibit 300(s)), the Agency IT Investment Portfolio (formerly the Exhibit 53) and how agencies are to use and analyze earned value data to manage IT investment performance using an Earned Value Management (EVM) system and methodology. 

 

c.          The CCA further mandates that CPIC processes shall:  provide for the selection, control, and evaluation of agency IT investments; be integrated with the processes for budget, financial, and programmatic decision-making; include minimum criteria for considering whether to undertake an IT investment;  identify IT investments that would result in shared benefits or costs for other Federal agencies or State or local governments; provide for identifying quantifiable measurements for IT investment net benefits and risks; and provide the means for senior management to obtain timely information regarding an investment’s progress.  

 

d.         Under provisions included in the Federal Information Technology Acquisition Reform Act (FITARA), the USDA Chief Information Officer (CIO) is responsible for:  advising and assisting the USDA Secretary and other USDA senior executives in managing IT resources effectively, efficiently, and consistent with USDA priorities; using performance measures to monitor and evaluate USDA IT investments; advising senior management on whether to continue, modify, or dispose of an IT investment; promoting effective and efficient development and operation of all major IT business processes within USDA; and reviewing and approving all IT contracts or other agreements for major IT investments before such agreements are completed or IT contracts are awarded.  To support these FITARA requirements, the USDA CIO shall use the IT governance process and acquisition approval request (AAR) process to review and approve IT contracts and other formal agreements.  The USDA CIO will also  work with the Office of Procurement and Property Management (OPPM) and the Office of the Chief Financial Officer (OCFO) to determine what, if any, new contract clauses may need to be developed, as well as what is the most effective method of communicating this new requirement to USDA contracting officers throughout the department.  The USDA CIO will work with the USDA CFO and Director, Office of Budget and Program Analysis (OBPA) to prepare the annual appropriated budget request. 

 

e.          Also referenced in FITARA, the USDA CIO may use the IT governance process to review IT contracts and other agreements.  The USDA CIO may delegate review and approval of IT contracts and other agreements for non-major IT investments to a direct report or CIO officially appointed designee.

 

f.          This DR establishes policy that incorporates those CPIC oversight controls consistent with the CCA, as well as language and provisions outlined in the USDA appropriations bill, Agriculture, Rural Development, Food and Drug Administration, and Related Agencies Appropriations Act, 2015, Public Law (P.L.) 113-235, and FITARA.

 

 

3.      AUTHORITIES AND REFERENCES

 

Agricultural Act of 2014 (also known as the “2014 Farm Bill”), P.L. 113–79, February 7, 2014 

 

Agriculture, Rural Development, Food and Drug Administration, and Related Agencies Appropriations Act, 2015, P.L. 113-235, Division A, December 16, 2014

 

The Clinger-Cohen Act of 1996, Title 40 (40 United States Code (U.S.C.) 1401 et seq.) 

 

Federal Information Technology Acquisition Reform Act (FITARA), P.L. 113-291, Title VIII, Subtitle D, §831-837 (2014)

 

Federal Chief Information Officer, 25 Point Implementation Plan To Reform Federal Information Technology Management, December 9, 2010

 

Government Accountability Office (GAO), GAO-04-394G, Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, March 1, 2004

 

GAO, GAO-09-3SP, GAO Cost Estimating and Assessment Guide – Best Practices for Developing and Managing Capital Program Costs, March 2009

 

OMB, Circular A-11, Preparation, Submission, and Execution of the Budget, current year

 

OMB, Circular A-11 Supplement, Capital Programming Guide, Version 3.0, 2015

 

OMB, Circular A-130, Management of Federal Information Resources, November 28, 2000

 

OMB, Memorandum M-09-02, Memorandum for the Heads of Executive Departments and Agencies: Information Technology Management Structure and Governance Framework, October 21, 2008

 

OMB, Memorandum M-10-27, Memorandum for Chief Information Officers, Information Technology Investment Baseline Management Policy, June 28, 2010

 

OMB, Memorandum M-11-29, Memorandum for Heads of Executive Departments and Agencies, Chief Information Officer Authorities, August 8, 2011

 

OMB, Memorandum M-13-09, Memorandum for the Heads of Executive Departments and Agencies, Fiscal Year 2013 PortfolioStat Guidance:  Strengthening Federal IT Portfolio Management, March 27, 2013

 

USDA, DM 3560-000, Capital Planning & Investment Control (CPIC) for Security, February 17, 2005 

 

USDA, DM 3560-001, Security Requirements for CPIC, February 17, 2005

 

USDA, DR 3130-006, USDA Earned Value Management, June 10, 2015  

 

USDA, DR 3130-008, Definition of Major Information Technology Investments, February 27, 2015

 

USDA, DR 3130-009, Non-Major Information Technology (IT) Investments, November 18, 2015

 

USDA, DR 3130-010, United States Department of Agriculture Enterprise Information Technology Governance, December 3, 2015

 

USDA, Integrated IT Governance Framework: Guidebook, version 3.2, April 1, 2014

 

USDA, USDA Information Technology Capital Planning and Investment Control Guide, (including Appendix B – Non-major Investments Business Case), May 1, 2013

 

USDA, USDA Information Technology Strategic Plan 2014-2018, April 1, 2014

 

USDA, USDA Strategic Plan FY2014-2018, 2014

 

 

4.      SPECIAL INSTRUCTIONS/CANCELLATIONS

 

All agencies and staff offices shall align their policies and procedures to comply with this DR within six months of the date of publication.   

 

 

5.      SCOPE

 

a.          This DR applies to all USDA agencies and staff offices, employees, and contractors conducting business for and on behalf of the USDA through contractual relationships when using USDA IT resources.   

 

b.         All content of and compliance with this DR shall be incorporated into IT procurement contracts for IT goods and services associated with USDA major and non-major IT investments, as appropriate.

 

c.          This DR applies to all USDA IT investments throughout their entire life cycle, regardless of funding source, whether owned and operated by USDA, or operated on behalf of USDA.

       

d.         All USDA agencies and staff offices may use this DR as their internal CPIC policy or may create a more restrictive policy, but may not create a policy that is less restrictive, less comprehensive, or not compliant with this DR.

 

 

6.      POLICY

 

a.          USDA shall establish, maintain, and continuously update the CPIC program in   accordance with legislative regulations, OMB guidelines, and USDA guidance for all USDA IT major and non-major investments, as defined in DR 3130-008, Definition of Major Information Technology Investments, and DR 3130-009, Non-Major Information Technology (IT) Investments, respectively.  CPIC processes shall be fully aligned with DR 3130-010, United States Department of Agriculture Enterprise Information Technology Governance and integrated into the USDA’s Integrated  IT Governance Framework: Guidebook (IITGF Guidebook) – a consistent set of guidelines and best practices – to the greatest extent possible.  Both DM 3560-000, Capital Planning & Investment Control (CPIC) for Security and DM 3560-001, Security Requirements for CPIC further strengthen IT security requirements associated with this DR and the CPIC program.

 

b.        It is policy that the USDA CPIC program will:

 

(1)      Demonstrate and document clear alignment of the IT Portfolio to USDA’s mission and business objectives, and with the strategic and tactical goals identified in the current editions of the USDA Information Technology Strategic Plan and the USDA Strategic Plan FY2014-2018, or later published strategic plans;

 

(2)      Ensure sufficient and appropriate business planning and justification in the selection and control of USDA IT capital investments;

 

(3)      Implement EA transition plans by selecting IT investments that will move toward achievement of the target EA;  

 

(4)      Align with DR, DR 3130-006, USDA Earned Value Management;  

 

(5)      Implement a decision-making process in accordance with approved governance policies that appropriately balances investment benefits, costs, risks, and business priorities;

 

(6)      Monitor and report performance by measuring actual achievement of cost, schedule, and performance milestones against approved performance measurement baselines for major and non-major investments;

 

(7)      Support timely and effective monitoring and reporting of initiatives performance to established management and governance bodies as presented in DR 3130-010;

 

(8)      Ensure that IT acquisitions, as referenced in FITARA, are approved by the USDA CIO or delegated to a direct report prior to fund obligation;

 

(9)      Implement a scoring process to monitor and evaluate the performance of all IT investments based on the data and supporting documentation provided and on established IT investment scoring criteria;

 

(10)  Support the process to review the IT portfolios of all agencies and staff offices;

 

(11)  Ensure Program and Project Managers involved in CPIC activities are provided adequate training; and

 

(12)  Assess the current maturity of the USDA IT Portfolio, so that sound decisions can be made concerning the potential elimination of duplicate investments and propose solutions to move towards a shared solution environment across the IT portfolio.

 

The USDA CPIC program will leverage and integrate with any existing USDA policies, processes, procedures, and best practices surrounding EA, AARs, IT security, financial management, budget formulation and execution, risk management framework (RMF), IT governance, and performance planning.  

 

Specifically for USDA IT investments, the CPIC program shall:  reduce risk by avoiding or isolating custom designed components; structure IT investment acquisitions into modular development with a narrow scope and brief duration; require IT investments be described by and consistent with the principles of the USDA EA; employ the Agriculture System Development Life Cycle (AgSDLC) discipline, as presented in the IITGF Guidebook, to plan and execute investments (projects); align with the USDA strategic and annual performance plans; and include IT security costs and adhere to USDA security standards and policies.

 

       

7.      ROLES AND RESPONSIBILITIES

 

a.          The USDA CIO shall:

 

(1)      Serve, or designate a representative to serve, as the principal liaison to OMB regarding USDA CPIC functions and outputs;

 

(2)      Establish, implement, and maintain an effective USDA CPIC program;

 

(3)      Establish new or maintain existing IT investment and/or acquisition review thresholds, based on criteria to include, but not limited to:  initial cost, annual cost, total life cycle cost, risk, and performance metrics;

 

(4)      Serve as the signatory for all official CPIC-related correspondence with OMB;

 

(5)      Integrate the CPIC framework and data into the USDA IT governance processes to the greatest extent possible;

 

(6)      Provide online tools to support CPIC reporting activities;

 

(7)      Ensure that individuals assigned to manage USDA major and non-major IT investments are trained, qualified, and, as appropriate, certified as IT Project Managers;

 

(8)      Assist program, agency, and staff office representatives with meeting OMB reporting requirements on behalf of the Department;

 

(9)      Incorporate agency CPIC-related program deliverables into the USDA IT governance process for further deliberation by the Integrated Advisory Board and the E-Board as detailed in DR 3130-010;  

 

(10)  Address those responsibilities as delineated in Section 2d; and

 

(11)  Collaborate with the USDA CFO and OBPA Director in preparing the annual appropriated budget request.

 

b.         USDA Mission Area Under Secretaries, agency heads, or their designated representatives shall:

 

(1)      Monitor the progress of each IT investment under their purview and provide direction as needed;

 

(2)      Consult with the USDA agency or staff office CIOs in the selection of program managers with assigned responsibilities for IT investments;

 

(3)      Consult with the USDA CIO and the USDA agency and staff office CIOs about opportunities for shared services among internal programs or with agency and staff office partners;

 

(4)      Engage USDA agency and staff office CIOs in identifying short-term IT solutions that can be delivered to customers on an incremental and modular basis;

 

(5)      Assess whether IT investments and programs implementing IT solutions are aligned with mission requirements, and develop plans in consultation with their agency and staff office CIOs to take corrective actions where misalignments occur;   

 

(6)      Support the USDA CPIC program, structure, and framework for all USDA IT investments; and 

 

(7)      In coordination with the Office of Congressional Relations, consult with House and Senate Agriculture Committees to align provisions of the USDA Farm Bill legislation to promote opportunities for shared services among USDA programs.

 

c.          The USDA Information Resource Management (IRM) Associate Chief Information Officer (ACIO) shall:

 

(1)      Ensure that agencies and staff offices have training opportunities and assistance in capturing the major and  non-major IT investment data needed for discussion in the portfolio reviews; 

 

(2)      Support the process and coordinate with OBPA to capture major and non-major IT investment data that comprises the annual appropriated IT budget request to be signed off by the CIO for the USDA response to OMB Circular A-11; and 

 

(3)      Ensure IRM ACIO staff is available to assist agencies and staff offices with preparing the IT investment business cases. 

 

d.         The Director, Capital Planning and IT Governance Division (CPIGD) shall:

 

(1)       Support and maintain an effective USDA CPIC program;

 

(2)      Implement and assist in conducting IT Portfolio reviews with agencies and staff offices;

 

(3)      Manage a cadre of CPIC liaisons that are aligned to specific agencies and staff offices to lend support and assistance as needed;

 

(4)      Provide training and assistance to agencies and staff offices in capturing the major and non-major IT investment data needed for presentation and discussion at IT portfolio reviews;  

 

(5)      Receive, review, and provide an initial approval determination to any waiver request memoranda submitted by an agency and staff office;

 

(6)      Support tools used to capture major and non-major IT investment data that will be presented in the USDA response to OMB Circular A-11; and

 

(7)      Assist and provide guidance to agencies and staff offices with preparing the major and non-major IT investment business cases.

 

e.          USDA agency and staff office CIOs shall:

 

(1)      Work with the USDA CIO to align agency and staff office CPIC processes and procedures with USDA policies and federal regulations and guidelines;

 

(2)      Identify opportunities to utilize shared IT services, including the sharing of IT assets across agency lines;

 

(3)      Work with program managers to identify short-term IT solutions that can be delivered to customers on an incremental and modular basis;

 

(4)      Establish a process to turn around or terminate poorly performing IT investments;

 

(5)      Develop plans of action and milestones, which clearly describe corrective actions to be taken in order to revitalize poorly performing projects that can be turned around;

 

(6)      Provide IT discipline expertise such as cyber security oversight throughout the duration of the program;

 

(7)      Help program and project managers identify and recruit employees with the knowledge, experience, and skill sets needed to successfully manage IT investments;

 

(8)      Validates and approves agency and staff office AARs;

 

(9)      Serve as the agency and staff office decision authority and signatory for CPIC packages submitted to the Department;

 

(10)  Monitor and report performance by measuring actual achievement of cost, schedule, and performance milestones against approved performance measurement baselines for both major and non-major investments; and

 

(11)  Serve as the primary point of contact with the Department regarding the planning and execution of CPIC functions.

 

f.          USDA agency and staff office Program/Project Managers shall:

 

(1)      Possess the requisite certifications required to manage a USDA major or non-major IT investment;

 

(2)      Comply with all Federal and USDA CPIC guidelines;

 

(3)      Plan, execute, monitor and report the IT investment to achieve approved cost, schedule, and scope baselines;

 

(4)      Manage IT investment risk and alert the CPIGD CPIC liaisons of significant issues and planned corrective action;

 

(5)      Ensure that IT investment project teams comply with CPIC legislation, regulations, and other USDA guidance;

 

(6)      Adhere to and execute CPIC procedures detailed in the USDA Information Technology Capital Planning and Investment Control Guide (the “CPIC Guide”) to ensure that CPIC milestones are met;

 

(7)      Support the established USDA IT governance framework, processes, and structure, for major USDA IT investments; and

 

(8)      Share information with agency budget offices to ensure that project resources are appropriately reflected in budget materials.

 

 

8.      ACRONYMS AND ABBREVIATIONS

 

AAR                     Acquisition Approval Request

ACIO                    Associate Chief Information Officer                                                 

AgSDLC               Agriculture System Development Life Cycle

CCA                      Clinger-Cohen Act

CFO                      Chief Financial Officer

CIO                                   Chief Information Officer

CPIC                     Capital Planning and Investment Control

CPIGD                  Capital Planning and IT Governance Division

DM                        Departmental Manual

DR                        Departmental Regulation

EA                         Enterprise Architecture

EVM                     Earned Value Management

FITARA               Federal Information Technology Acquisition Reform Act

GAO                     Government Accountability Office

IITGF                    Integrated Information Technology Governance Framework

IRM                      Information Resource Management

IT                          Information Technology

OBPA                   Office of Budget and Program Analysis

OCFO                   Office of the Chief Financial Officer

OCIO                    Office of the Chief Information Officer

OMB                     Office of Management and Budget

OPPM                   Office of Procurement and Property Management

P.L.                       Public Law

RMF                      Risk Management Framework

U.S.C.                   United States Code

USDA                   United States Department of Agriculture

 

 

9.      PROCEDURES

 

A DM shall be issued which will address specific CPIC requirements, standards, procedures, and processes. Current CPIC processes and procedures are found in the CPIC Guide.

 

 

10.  POLICY EXCEPTIONS

 

All USDA agencies and staff offices are required to conform to this policy.  In the event that a specific policy requirement cannot be met as explicitly stated, the agency or staff office may submit a waiver request memorandum until a waiver form and an appeal process are provided for in the forthcoming DM.  Waiver requests shall explain the reason for the request, identify compensating controls/actions that meet the intent of the policy, and identify how the compensating controls/actions provide a similar or greater level of compliance than the policy requirement.  The waiver request is to be submitted prior to the agency or staff office undertaking the IT action, and the agency or staff office shall not move forward with the IT action until it receives a response on the waiver request.  Agencies and staff offices shall address all policy waiver request memoranda to the Director, CPIGD at capitalplanningdivision@ocio.usda.gov for review and initial determination in writing back to the agency or staff office.  If an agency or staff office wishes to appeal this initial determination, they will follow the process to be outlined in the DM.

 

 

11.  COMPLIANCE

 

On an ongoing basis, the IRM ACIO or designee, will monitor, measure, audit, report, and enforce compliance with provisions of this DR.  Specific performance measures collected by the IRM ACIO or designee will monitor how provisions in this DR have increased transparency of the USDA major and non-major IT investment decisions; have demonstrated an increase in major and non-major IT development, modernization, and enhancement investments with a decrease in major IT investment operations and maintenance spending; and have reduced the number of major and non-major IT investment corrective action plans and associated investment risks.

 

 

12.  INQUIRIES

 

Direct all questions concerning this DR to the USDA IRM ACIO at capitalplanningdivision@ocio.usda.gov.

 

 

-END-