Table of Contents | Chapter 1 | Chapter 3

CHAPTER 2

STRATEGIC PLANNING FOR INFORMATION SYSTEMS

2.0       STRATEGIC PLANNING
2.1       INFORMATION TECHNOLOGY INVESTMENT MANAGEMENT (ITIM)
2.2       ENTERPRISE ARCHITECTURE
2.3       PERFORMANCE MEASUREMENT
2.4       BUSINESS PROCESS REENGINEERING
2.5       SYSTEMS SECURITY

2.0      STRATEGIC PLANNING

Strategic planning provides a framework for analyzing where the Department is and where the Department should be in the future. The agency strategic plans required by the Government Performance and Results Act (GPRA) provide the framework for implementing all other parts of this Act, and are the key part of the effort to improve performance of government programs and operations. The U.S. Department of Justice Strategic Plan guides the annual budget and performance planning. It sets the framework for measuring progress and ensuring accountability to the public. Each Bureau’s Strategic Plan is mission driven and should include a vision statement which describes the work environment to accomplish the mission. The strategic plan identifies goals, objectives and strategies in support of the bureau’s mission and vision. Bureau strategic plans are linked to the overall goals and direction the Attorney General has set for the Department. Strategic planning is not part of the SDLC, but determines what information systems projects get started and/or continue to receive funding.

2.1      INFORMATION TECHNOLOGY INVESTMENT MANAGEMENT (ITIM)

The ITIM process implements the Department’s information technology capital planning and investment control process. The ITIM process uses the “Select-Control-Evaluate” methodology recommended by OMB and GAO guidance to implement the strategic and performance directives of the Clinger-Cohen Act and other statutory provisions affecting information technology investments. The process complements the SDLC process by providing fiscal oversight of system development projects and linking IT investment decisions to Strategic goals and objectives. The DOJ ITIM Guide is available on the DOJ Intranet at: http://dojnet.doj.gov/jmd/irm/whatsnewpage.htm, then click on ITIM Guide.

2.2      ENTERPRISE ARCHITECTURE

The development of information technology architectures is a requirement of the Clinger-Cohen Act. The Department is building an enterprise IT architecture which promotes the effective management and operation of IT investments and services. This enterprise architecture (EA) provides a comprehensive, integrated picture of current capabilities and relationships (i.e., the current architecture), an agreed upon blueprint for the future (i.e., the target architecture), and a strategy for transitioning from the current to the target environment. The EA describes the information needed to carry out these business functions and processes; identifies the system applications that create or manipulate data to meet business information needs; and documents the underlying technologies (i.e., hardware, software, communications networks, and devices) that enable the generation and flow of information.

The EA is an essential tool for taking a strategic approach to planning and managing IT resources and making maximum use of limited IT dollars. It ensures the alignment of IT with the Department’s strategic goals so that business needs drive technology rather than the reverse; identifies redundancies, and thus potential cost savings; highlights opportunities for streamlining business processes and information flows; assists in optimizing the interdependencies and interrelationships among the programs and services of the Department’s various component organizations as well as with external agencies; ensures a logical and integrated approach to adopting new technologies; promotes adherence to department-wide standards including those for systems security; and pinpoints and resolve issues of data availability, utility, quality and access.

The ITIM policy and guidance uses this architecture as a key criterion for selecting a proposed investment and managing it through the life cycle. The EA processes are specifically aligned with the Select, Control and Evaluate phases of the ITIM and considered throughout the SDLC. Information on the DOJ EA can be found at http://dojnet.doj.gov/jmd/irm/imss/enterprisearchitecture/enterarchhome.html (available to DOJ Employees only).

2.3      PERFORMANCE MEASUREMENT

Performance measurement is an essential element in developing effective systems through a strategic management process. The mission, goals, and objectives of the Department are identified in its strategic plan. Strategies are developed to identify how the Department can achieve the goals. For each goal, the Department establishes a set of performance measures. These measures enable the Department to assess how effective each of its projects are in improving Departmental operations.

For the Department to make this assessment, the current performance level for each measure (performance level baseline) for the existing systems must be determined. For each project plan, as part of the cost benefit analysis, estimate the performance levels expected to be attained as a result of the planned improvements. As the project’s improvements are implemented, actual results are compared with the estimated gains to determine the success of the effort. Further analysis of the results may suggest additional improvement opportunities.

Performance Measurement, along with evaluation are the principle methods for determining if identified benefits are realized in the expected time frame.

2.4      BUSINESS PROCESS REENGINEERING

The primary underpinning of any new system development or initiative should be business process reengineering. Business process reengineering (BPR) involves a change in the way an organization conducts its business. BPR is the redesign of the organization, culture, and business processes using technology as an enabler to achieve quantum improvements in cost, time, service, and quality. Information technology is not the driver of BPR. Rather, it is the organization’s desire to improve its processes and how the use of technology can enable some of the improvements. BPR may not necessarily involve the use of technology. There are circumstances when all BPR will entail is an elimination of steps or the process. For BPR to attain large benefits, the use of information technology can be justified. Bureaus or agencies should consider BPR before requesting funding for a new project or system development effort. When BPR is applied to one or more related business processes, an organization can improve its products and services and reduce resource requirements. The results of a successful BPR program are increased productivity and quality improvements. BPR is not just about continuous, incremental and evolutionary productivity-enhancements. It also utilizes an approach which suggests scraping a dysfunctional process and starting from scratch to obtain larger benefits.

2.5      SYSTEMS SECURITY

The Federal Government has become increasingly reliant on IT systems to support day-to-day and critical operations/business transactions. Risks to system and data confidentiality, integrity, and availability can impact an organization’s ability to execute its mission or its business strategy. To minimize the impact associated with these risks, federal IT security policy requires all IT systems to be accredited prior to being placed into operation and at least every three years thereafter, or prior to implementation of a significant change. The Department goal is to define a process which ensures that Department systems are conceived, designed, developed, acquired, implemented, and maintained according to all appropriate federal guidance and are in compliance with the appropriate laws, regulations, OMB circulars, and Department orders. The DOJ IT Systems Certification and Accreditation Standard and Implementation Guidelines provides IRM managers with a single source of information for conducting certification and accreditation and provides templates for the Systems Security Plan, Security Risk Assessment, Contingency Plan, and Certification and Accreditation memorandums. The C&A process is compliant with the SDLC and the ITIM process. These guidelines can be found at http://dojnet.doj.gov/jmd/irm/imss/itsecurity/seclifecycle.html (available to DOJ Employees only).

Table of Contents | Chapter 1 | Chapter 3