Next-Generation Governance

Enhanced Decisionmaking Through a Mission-Focused, Data-Driven Approach April 2011

A white paper prepared by Booz Allen Hamilton: Center of Excellence for Strategic Technology and Innovation

by Fred Knops
knops_frederick@bah.com

Michael Isman
isman_michael@bah.com

Jon Judah
judah_jonathan@bah.com

Frank Landefeld
landefeld_frank@bah.com

Table of Contents

Executive Summary............................................................................................................. 1 The Evolution of Governance ............................................................................................... 1 The Case for ChangeToday . ............................................................................................. 3 Embracing Next-Generation Governance ............................................................................... 4 Setting the FoundationCore Enablers of Next-Generation Governance . ................................ 5 Using Governance to Enable Mission Delivery ...................................................................... 5 Taking a New Look at Measuring and Mitigating Risk ............................................................ 6 Decision Agility . .............................................................................................................. 6 Conclusion ........................................................................................................................ 7 About the Authors............................................................................................................... 8 About Booz Allen................................................................................................................. 9 Principal Offices................................................................................................................ 10

Next-Generation Governance
Enhanced Decisionmaking Through a Mission-Focused, Data-Driven Approach
Executive Summary
The Administrations recently released 25 Point Implementation Plan to Reform Federal Information Technology Management highlights what federal program managers (PM) have long known: Governance processes for managing information technology (IT) programs need significant improvement. Governance boards often lack sufficient data for effective decisionmaking and measurement of risk; numerous approval gates slow progress without enhancing oversight; and the overall decision process often struggles to keep pace with rapid technological advancements such as cloud computing, mobile communications, social networking, and biometric identification. Adding to the impetus for change are shrinking budgets, constrained funding models, and increased scrutiny of federal programs that are aimed at not only eliminating redundancies and waste but also ensuring delivery of promised capabilities.
Several recent examples further underscore the emerging need for improved IT governance. The Government Accountability Office (GAO) recently highlighted the impact of constrained decisionmaking on a large technology modernization program in the Department of Defense,1 citing a lack of thorough alternatives analysis and performance data in supporting key milestone decisions. Another study2 of 24 major IT projects across the Government determined that half of the projects had not even received a selection review by an oversight board. Both studies indicated that governance processes and numerous decision structures were in place at the organizations; however, leadership at these agencies had not appropriately factored information particularly, risk and cost datainto its decisions. Federal agencies need a Next-Generation Governance model that streamlines and strengthens decisionmaking by putting information at the center of IT governance. This new model harnesses the capabilities of richer data sets and new, powerful
1 GAO-11-150, Information Technology: Better Informed Decision Making Needed on Navys Next Generation Enterprise Network Acquisition.

analytic tools to not only give decisionmakers transparent insight into program performance but also enable rapid information sharing and real-time reporting to support a faster, more agile process. This approach aligns portfolio investment decisions with mission objectives to help decisionmakers allocate resources among programs in a way that reduces mission and program risks. Our experience in helping agencies apply the principles of Next-Generation Governance shows that this new model can reduce the burdens and cost of governance while improving oversight, delivering programs on schedule and within budget, and advancing mission objectives.

The Evolution of Governance

Technology governance has significantly evolved since the Mainframe era of the 1960s. In those early days, IT decisions aligned closely with other traditional management functions such as accounting, operations, and marketing because technology consisted primarily of hard asset purchases for mainframes that resided in physical locations at an organization. As keepers of powerful calculation tools, newly minted IT organizations centralized decision authority and exerted strong influence over business units seeking technology solution for mission delivery. As the Mainframe era gave way to the personal computer in the 1980s, IT decision authority spread to business units, each of which was now procuring new business applications for its individual needs, driving exponential growth of tools and systems across organizations. As the millennium approached and Y2K preparations peaked, organizations began realizing the extent to which technology dominated their budgetsdriving new conversations about how to obtain value through consolidation and reuse. Exhibit 1 illustrates how these generational milestones directly affected the scale of decision authority and complexity across organizations.

2 GAO-09-566, Information Technology: Federal Agencies Need to Strengthen Investment Board Oversight of Poorly Planned and Performing Projects.

Department-level governance models implemented in the late 1990s were re-cast around core technology processes such as systems development, capital planning, and architecture, further spreading the scope, complexity, and quantity of decisions to multiple stakeholders. As we enter a new millennium in which technology increasingly exists in the cloud and decisions are based on a collaborative, portfoliodriven approach, the net compounding effect of these previous generations of governance has produced a complicated relic that must be directly addressed by IT organizations, particularly in the Federal Government. Federal agencies have taken strides to help address challenges surrounding the evolution of technologies and the resulting decision processes. The ClingerCohen Act (formerly, Information Technology Management Reform Act of 1996) provided agencies with a governance framework by mandating planning and investment processes to improve the way in which agencies purchase and use IT assets. Until the ClingerCohen Act was passed, IT spend was reported after Exhibit 1 | Evolution of IT Governance

agency and departmental budgets were formulated and reported. Clinger-Cohen began the process of examining the return on investment for IT, particularly around people, processes, and technology. Over the years, agencies have successfully established various steering committees and review boards to oversee a range of governance activities, such as setting IT investment priorities and creating standardized approaches to IT management. As a result of the Obama Administrations emphasis on transparency and accountability, agencies have begun documenting more clearly their IT investment decisions. Similarly, programs and websites such as the Federal IT Dashboard, Open Government Initiative, Recovery. gov, and Data.gov have required agencies to carefully plan their investment strategies and collect data to measure the effectiveness of their activities. These and other governance mechanisms were designed to improve decisionmaking by giving federal leaders the information they would need to allocate scarce IT resources efficiently.

Source: Booz Allen Hamilton

Nevertheless, despite these well-intentioned efforts, effective IT governance remains an elusive goal for many agencies. According to US Chief Information Officer (CIO) Vivek Kundras 25-point reform plan of December 2010, Too often, federal IT projects run over budget, behind schedule, or fail to deliver promised functionality. Why have governance programs failed to deliver on their promise of robust program management and oversight? Discussions with CIOs, PMs, and other IT executives across federal agencies revealed a growing consensus that the underpinnings of current governance philosophies have outlived their usefulness. In particular, the underlying issues discussed below hamper the current state of the art: 1. An ever-increasing focus on process and compliance has made governance processes burdensome rather than a catalyst for program success and mission enablement. CIOs and oversight entities throughout Government are struggling to find ways to break the stranglehold that governance processes have on program efficiency and success. The systems engineering life cycle (SELC) for one of our clients requires no less than 140 distinct documents in support of the various milestones and gate reviews. For another client, each program is subject to more than 20 governance entities, including an enterprise architecture board, chief information security officer board, and acquisition review board. This proliferation of governance requirements is forcing many federal IT PMs to spend more time satisfying reporting and compliance mandates than actually leading the development and deployment of IT capabilities in support of their agencys mission. For these PMs, the burden of governance threatens to outweigh the benefits of strengthened oversight and mitigation of risk. 2. Current governance techniques and funding models were devised in a less connected age. Todays governance models do not take full advantage of social media, tools, and processes that allow for the rapid and transparent exchange of rich information and data within and among

agencies. Consequently, governance processes are often linear, hierarchical, and comparatively slow. Communications between PMs and their executives frequently are conducted in isolation from similar conversations occurring in related programs, hindering the decisionmakers ability to collaborate across a portfolio of similar efforts. Adding to this challenge is the relatively static funding models of most agencies, many of which were designed for longer term programs and thus constrain the ability for IT leaders to collaborate and innovate across projects and investments. Over time, governance has become less of a program aid and more of an exercise in getting approvals and checking boxesan exercise that focuses on process rather than outcome. Our support to many federal PMs also finds that the existing governance approaches they have observed across the Federal Government are often viewed as punitive to the PM and the program. Rather than providing the help and guidance that PMs need to successfully deliver positive results from their programs, governance processes present additional challenges to overcome. Similarly, because programs are often evaluated in isolation, governance processes do not provide agency executives with the information they need for allocating and deploying IT resources in the most efficient way to support the agencys mission.

The Case for ChangeToday

These governance challenges are not necessarily new; federal leaders have recognized the need for reform and have made changes periodically to improve governance processes. But a number of ongoing trends have sparked the needand opportunityfor transformative change. For example, the economic recession and sky-rocketing deficits have made reform absolutely imperative. Most federal agencies are preparing for the potential for several years of declining budgets; however, expanding mission sets and citizens eager for information and a greater return on their tax dollar investment will require federal leaders to consider additional resources to support sharing of information and key decisions. As such, agencies cannot afford cumbersome and costly governance processes. The pace of technology change and insertion also has

become so rapid that legacy governance processes cannot keep IT projects moving with the required speed through the various governance gates and checkpoints. Agencies need governance processes that can help them swiftly deploy IT systems and capabilities capabilities that, coincidentally, are needed to help Government run more efficiently. Finally, the past decade has seen exponential growth in information and data across the public sector. CIO organizations have been diligently defining information taxonomies and data sets across their organizations. After years of information architecture efforts, agencies now sit atop vast quantities of information about their programs and systems; if placed in appropriate analytical models, this information would create an opportunity for more informed, transparent decisions. The advancement of technologies supporting data availability and transparency (e.g., cloud computing, mobile technologies, mashup technologies, dashboards, social media) further empower agencies to access and use this data and information efficiently and effectively. The Office of Management and Budgets (OMB) 25-point reform plan begins to address some of the governance challenges with new and important changes. For example, the plan calls for restructuring agency investment review boards along the lines of TechStat accountability sessions to spur more aggressive oversight and faster action to fix troubled programs. The plan not only advances the role of agency CIOs and the Federal CIO Council to become a more active arbiter in key technology initiatives but also proposes an overhaul of the existing investment process in favor of a more efficient and accurate process that provides more effective tools for monitoring the health of IT programs. The goal of the improved exhibits is to reduce the reporting burden, increase data accuracy, and make the exhibits a more authoritative management tool. While IT projects throughout the government will always have risks, there are no excuses for spectacular failures, the 25-point plan asserts, concluding that with streamlined governance and experienced program managers, issues can be caught early and course corrections can be made without wasting time and money.

OMBs initiatives represent a solid, well-informed start to reforming governance, but Booz Allen Hamilton believes that the governance issues facing federal IT organizations require broader changes to the overall governance model. Our Next-Generation Governance model incorporates the concepts outlined in the 25-point plan into a governance framework that not only streamlines processes but also supports and empowers PMs, closely aligns governance decisions with mission objectives, and leverages the rich data sets now brimming at agencies to improve decisionmaking at every step in the process.

Embracing Next-Generation Governance

Next-Generation Governance provides a framework to help CIOs and other leaders understand how they can use available tools and data to not only manage individual programs but also coordinate program portfolios within agencies and across the Government. In particular, the framework can help agencies build data-driven governance that ensures compatibility, consistency, and efficiency in federal IT investments. Booz Allens framework is based on organizations viewing IT decisionmaking through three key lenses (see Exhibit 2): mission enablement, risk mitigation, and decision agility. Because the inefficiencies and issues being addressed are deep rooted and interdependent, we have found that addressing change across these lenses simultaneously is the key to success. For example, consider an agency that provides various financial products and services to citizens. In a time of economic hardship, the agency may face significant pressure to meet its mission sooner (mission acceleration), perhaps using technology tools that are new to the agencys architecture that introduce broader risk exposure to citizen identities and data (risk mitigation). Consequently, the agency must convene key decisionmakers across the organization more frequently, with little time for data calls and lengthy due diligence (decision agility). Traditional governance models might seek to isolate technology risks from program or mission risks at this agency, prolonging decision timelines and hindering mission achievement; conversely, a next-generation approach aims to

Exhibit 2 | Booz Allens Next-Generation Governance Framework

into manageable portfolios that align to mission sets is essential to effective governance. More broadly, data.gov and transparency.gov demonstrated the new paradigm agencies face in publishing information on their investments. New guidelines mandating IT investment data be published to public sites are only the first step in opening up the vault of data and information that lie within many federal agenciesand organizations that embrace this new level of transparency represent the pioneers of NextGeneration Governance, demonstrating a willingness to share decisions (and outcomes) with broader stakeholder communities. Empowered Program Management. Management science has long espoused the value of empowered middle management; however, enabling the growing cadre of PMs to make more key decisions requires organizations to flatten existing, hierarchical governance models. Further, transparency breeds accountability and self-correcting behavior, which drives a program management culture that views governance bodies as support entities versus punitive authorities.

Source: Booz Allen Hamilton

address these components by leveraging a series of core enablers to arrive at better, more transparent decisions in less time and with a deeper understanding of the risks in play.

Setting the FoundationCore Enablers of Next-Generation Governance

When evaluating governance structures, many organizations focus immediately on board constitution or decision criteria as opportunities for change or improvement. Although these areas are critical to any governance model, our experience has indicated that three core elements enable a Next-Generation Governance approach: Robust Data. Data is the lifeblood of effective decisionmaking, and organizations possess an unprecedented volume of information upon which they can apply to improve their ability to make better decisions. The critical success factor, however, is the ability for agencies to effectively understand which data can improve decisionmaking through effective analytics without taxing resources through data calls and laborious information requests that prolong the decision process. Transparent, Portfolio-Driven Approach. Given the volume and complexity of Federal IT investments, the ability to distill technology programs and investments

Using Governance to Enable Mission Delivery

Federal IT decisionmakers hold fiduciary responsibility to the American taxpayer and thus are required to take steps to ensure that technology investments are thoroughly reviewed before receiving approval or funding. Too often, however, agencies implement elaborate decision structures, committees, and boards that move knowledge and information farther away from the true goal or mission being pursued. Governance models fail to leverage many of the recent advances in communications and analytics technology, such as social media and dashboarding tools. Therefore, IT investments become scattered across an organization, leading to a dilution of mission focus through added administration, resource conflicts, and inefficient communications. In place of this approach, IT decisionmakers should consider constructing portfolios of investments that align to a single or small group of mission objectives that the entire organization can understand clearly. By collecting programs into areas of common

missionregardless of where these programs fall in the overall organizationthe trade space for program resource allocation is bounded more properly. By closely aligning investments to mission, senior executives can make better, more effective decisions that have meaning to all stakeholders. Although this concept is not new (e.g., organizations for years have sought to construct IT portfolios that align to strategic goals and objectives), the advent of robust analytical tools that eliminate the need for time-consuming data calls allows even the most junior decisionmakers in an organization to allocate more time to examining how their programs directly affect mission success. Most importantly, by aligning programs against a cooperative mission set, the question can be asked, How can these programs work together to navigate required governance reviews more efficiently, rather than act against one another for resources? Although some programs may not require expedited delivery, many suffer from ongoing delays attributed simply to competition from other programs seeking to achieve similar outcomes. By adapting governance to screen for opportunities for collaboration (through enterprise architecture and IT portfolio management), mission delivery can be accelerated to potentially reduce program management costs through decreased oversight and support costs.

anticipate risk. New applications integrate different data from disparate data silos and offer a new way to mine data, connect discrete data elements, and identify trends in ways that could never have been achieved a few years ago. Furthermore, new methods for evaluating risk are going well beyond traditional approaches of measuring, estimating, and multiplying threat, vulnerability, and consequence. New simulation tools help better understand possible outcomes. New methods have been created for quantifying previously difficult to measure indicators of risk such as analytical hierarch processes, which draw on algorithms to better define risk across projects within a portfolio. Lastly, the state of the art has advanced dramatically in the ability to visualize and map risk for mission portfolio leaders. Consequently, it is now possible to draw relationships between factors, provide decisionmakers a greater ability to ask what if questions, and view the analytical consequences in real time. With this new generation of tools and analytical structures, risk becomes the optimal vehicle against which to assess program probability of success and rebalance the allocation of resources: improving the ability for Next-Generation Governance teams to effectively identify, plan, communicate, and execute risk mitigation strategies.

Taking a New Look at Measuring and Mitigating Risk

As any PM can attest, risk is difficult to quantify. Risk can take many formsfrom mission delivery risk to technology risk to program (cost and schedule). Given its subjectivity, risk is often relegated to a color-coded cell in a monthly status report or governance artifact. However, ineffective risk management remains a top cause of program failure and a top priority for audit and assessment organizations when analyzing a program or portfolio of investments. Simply stated, data on risk (i.e., project risk and mission delivery risk) is the most precise and reliable measure of expected program success. Over the past few years, significant advances have been made in the ability to monitor, measure, and

Decision Agility
Many PMs can tell stories of shopping around for approval through multiple oversight boards and committees, each making minor (or significant) tweaks until by the time the final approval is received, the PM must return to the first board with a program in hand that might not resemble the one that the board had seen earlier. This vertical model of governance is inherently corrosive to speed and agility, and in todays connected world, often fails to make use of modern tools and technologies (e.g., social media) to make faster and more informed decisions. Achieving a more agile decision process starts with the PM. Specifically, the PM must feel comfortable raising issues in a supportive environment that seeks to solve the problem and not punish the messenger. PMs have a secret weapon in the array of modern data and analytics tools that help frame and visualize

the ramifications of specific decisions or governance issues. The governance structure in which PMs operate also must be flexible enough to avoid the need to shop around decisions to obtain consensus from large, diverse boards but instead provide targeted advice and input through smaller, focused entities such as executive steering committees (ESC) that foster greater collaboration between PMs and executives across the organization. The OMBs introduction of the TechStat session has served as a governance disrupter by driving agencies to examine the agility of their decision models and have frank conversations on program status with senior federal officials. TechStat is based on the CitiStat model that leaders and elected officials use in major urban areas (e.g., Baltimore and Washington, DC) to track specific data and information that in turn could lead to more informed decisions and faster results, often saving cities millions of dollars in waste and abuse. Although TechStat sessions are an excellent catalyst for driving change in governance and a keen example of decision agility, agencies that adopt a true next-generation approach to governance will seek to instantiate the TechStat concept for both troubled and healthy programs as a means to accelerate mission and mitigate risk.

Examine Workloads. Working with your primary governance bodies (EA, Capital Planning, SDLC), consider commissioning a study to examine the level of effort required for completing the full scope of governance requirements at your agency. Many agencies have little insight into the amount of effort required by PMs of their major investments to meet data calls and gate reviews. Outputs from this study can provide significant insight into where your agency might be able to combine governance reviews and/or streamline processes. Conduct Data Due Diligence. Existing governance boards should have a solid understanding of the information being presented to them regularly; furthermore, the information source should be well known and qualified. Information used to assess and measure risk should be evaluated carefully to determine whether additional analyses is needed to support more robust risk management. Make Connections. Using insights from EA and portfolio management practices, begin engaging IT PMs for investments spanning multiple mission areas. In particular, consider current methods of communication and collaboration between these teams and governance boards, with a focus on opportunities for improvement. Booz Allen, working with our federal clients, has seen the impact that a broad transformation of governance philosophy can have on program speed, sustainability, and mission impact. Building on our deep expertise in program management, risk analysis, and organizational change and design, our experts have developed an approach for helping federal agencies achieve NextGeneration Governance grounded in best practice and tailored to the unique needs of the 21st century public sector organization. Our approach starts with a deconstruction of our clients governance structure across data, policies, decisions, and boards and examines how these factors can be optimized within the Next-Generation Governance concepts outlined in this paper. The result is a set of focused improvements that helps agencies tackle tough decisions collaboratively, transparently, and dynamically.

Conclusion
Federal IT leaders face a new paradigm in how their organizations must approach technology decisions. Unprecedented pressure to meet mission in shorter timeframes with fewer resources requires a new way of thinking about how decisions are made within their organizations, with particular focus on accelerating mission, mitigating risk, and designing more agile governance models. Taken together with the advent of robust data, a transparent, portfolio-driven approach, and an empowered team of PMs, Booz Allen sees a next generation of IT governance emerging across the federal landscape. Federal IT leaders can take several steps to help advance governance efforts at their agencies today and establish a foundation for Next-Generation Governance:

About the Authors

Fred Knops is a Senior Vice President with Booz Allen Hamilton and one of the firms officers leading a team of more than 5,000 IT strategy, systems development, infrastructure, and acquisition professionals who support the firms government clients in trade, defense, and homeland security. During his tenure at the firm, Mr. Knops has leveraged his deep IT and telecommunications expertise to serve clients throughout the United States, Europe, and Latin America in industries that include telecommunications, financial services, and energy. His current clients include senior leadership at the Department of Homeland Security. Michael Isman, a Washington, DC-based Vice President at Booz Allen Hamilton, leads the firms business supporting the central agencies of Government such as the General Services Administration, Office of Personnel Management, Executive Office of the President, Congress, and National Archives and Records Administration. He also is a senior leader in the firms Technology business and Strategic Technology and Innovation Center of Excellence, leading the IT Strategy and Enterprise Architecture Communities of Practice. Mr. Isman has collaborated with clients on the delivery of several critical areas that have had government-wide implications such as federal lines of business, human resource services, IT Governance, IT strategic planning, enterprise transformation, acquisition solutions, investment decision solutions, records management, and support for federal policy implementation across various topics. Jon Judah, a Senior Associate at Booz Allen Hamilton, has more than 12 years of professional experience providing IT strategy and program management support to various public and private sector organizations. Mr. Judah currently leads the firms investment in IT Governance research and has supported multiple clients in creating oversight boards and governance structures. Specifically, he has focused on helping large, federated organizations improve their IT Governance and portfolio management capabilities and serves as a senior advisor to clients at the Department of Homeland Security and Federal Reserve. Frank Landefeld is a Senior Associate with Booz Allen Hamiltons Strategic Technology and Innovation Center of Excellence. Mr. Landefeld has more than 15 years of experience in engagement management, requirements analysis, solution design, systems engineering, acceptance testing and end-user training of technology and capability modernization programs working with clients across the commercial and federal marketplace.

About Booz Allen

Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Today, the firm is a major provider of professional services primarily to US government agencies in the defense, intelligence, and civil sectors, as well as to corporations, institutions, and not-for-profit organizations. Booz Allen offers clients deep functional knowledge spanning strategy and organization, engineering and operations, technology, and analyticswhich it combines with specialized expertise in clients mission and domain areas to help solve their toughest problems. The firms management consulting heritage is the basis for its unique collaborative culture and operating model, enabling Booz Allen to anticipate needs and opportunities, rapidly deploy talent and resources, and deliver enduring results. By combining a consultants Contact Information: Fred Knops Senior Vice President knops_frederick@bah.com 703/902-7004 Michael Isman Vice President isman_michael@bah.com 202/508-6505 Jon Judah Senior Associate judah_jonathan@bah.com 202/508-6500 Frank Landefeld Senior Associate landefeld_frank@bah.com 703/984-1718 problem-solving orientation with deep technical knowledge and strong execution, Booz Allen helps clients achieve success in their most critical missionsas evidenced by the firms many client relationships that span decades. Booz Allen helps shape thinking and prepare for future developments in areas of national importance, including cybersecurity, homeland security, healthcare, and information technology. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and has annual revenues of over $5 billion. Fortune has named Booz Allen one of its 100 Best Companies to Work For for seven consecutive years. Working Mother has ranked the firm among its 100 Best Companies for Working Mothers annually since 1999. More information is available at www.boozallen.com.

To learn more about the firm and to download digital versions of this article and other Booz Allen Hamilton publications, visit www.boozallen.com.
9

Principal Offices
ALABAMA Huntsville CALIFORNIA Los Angeles San Diego San Francisco COLORADO Colorado Springs Denver FLORIDA Pensacola Sarasota Tampa GEORGIA Atlanta HAWAII Honolulu ILLINOIS OFallon KANSAS Leavenworth MARYLAND Aberdeen Annapolis Junction Lexington Park Linthicum Rockville MICHIGAN Troy NEBRASKA Omaha NEW JERSEY Eatontown NEW YORK Rome OHIO Dayton PENNSYLVANIA Philadelphia SOUTH CAROLINA Charleston TEXAS Houston San Antonio VIRGINIA Arlington Chantilly Falls Church Herndon McLean Norfolk Stafford WASHINGTON, DC

The most complete, recent list of offices and their addresses and telephone numbers can be found on www.boozallen.com by clicking the Offices link under About Booz Allen.

www.boozallen.com

2011 Booz Allen Hamilton Inc.

04.051.11