State of Illinois Department of Innovation and Technology ......Department of Innovation and Technology IT Governance Guidebook . ... Increasing the opportunity to leverage IT investments

IT Governance Guidebook

Revision 2.0

Updated March 2017

State of Illinois Department of Innovation and Technology IT Governance Guidebook

State of Illinois | IT Governance Guidebook 2

Contents

Document Purpose and Overview 4

1.0 Executive Summary 5

1.1 Overview 5

1.2 What is IT Governance? 5

1.3 The Benefits of IT Governance 6

1.4 State of Illinois IT Governance 7

2.0 How IT Governance Works 9

2.1 Governance Strategy 10

2.2 Board Membership & Meetings 11

2.3 Governance Oversight 12

2.4 Governance Operations 13

2.5 Governance Processes 15

2.6 IT Standards 17

2.7 IT Strategic Planning 19

2.8 The IT Governance Process in Action 20

3.0 Project Governance 21

3.1 Descriptions and Purpose of Each Gate 21

3.2 Project Governance Thresholds 24

4.0 Operational Definitions 25

4.1 Roles and Responsibilities 25

4.2 General Definitions 26

Appendices 30

Appendix A: Templates 31

Board Membership Tracking Template 31

Board Meeting Minutes Template 32


IT Project Assessment Tool 33

Project Business Case Template 34

Project Dependencies Template 35

Risk Potential Assessment Worksheet Template Sample 36

Project Risk Assessment Matrix 36

Pre Implementation Checklist 37

Appendix B: Strategic Planning Processes 38

Appendix C: Cluster Groupings 39


Document Purpose and Overview

The purpose of this document is to describe the State of Illinois’ IT Governance structure and the associated operational processes. It is intended to provide state agency leaders, project managers and IT professionals with a holistic view of IT Governance, how it runs and the roles of key stakeholders within the process. The information described herein will provide the reader with guidance necessary for integrating agency, cluster and enterprise IT activities with the State of Illinois’ IT Governance processes and tools.


1.0 Executive Summary 1.1 Overview

Many states are facing serious challenges in realizing the benefits of technological innovation, the State of Illinois is no different. Further, an analysis of the State’s current IT operations identified gaps in the State’s service delivery model relative to industry leading practices. Findings included the need to establish a new business model that supported integrated service delivery, increased IT resource sharing, better alignment of IT priorities with business needs and greater agility and innovation.

In 2016, Illinois set out to change this narrative by embarking on a complete transformation of its IT service delivery and portfolio management approach. The goals of this Transformation initiative were to modernize State’s IT capabilities, better protect the privacy of citizen information and meet the demand for greater efficiency and integration.

Out of IT Transformation came a recognition of the need to develop a stronger, more robust IT governance structure and the processes to support it.

The State formed an IT Governance working group composed of agency participants, business leaders and statewide IT leaders to develop a new approach to technology oversight and planning that supported collaboration in a multi-tier organizational structure.

Guiding principles for design included:

Incorporating an annual IT strategic planning process that aligned IT investments with State priorities

Engaging in a budgeting process that supported these strategic decisions

Promoting collaboration by including board members from a variety of agencies in formal processes to drive interaction and shared decision making

Improving project performance by establishing a common set of performance measures and elevating specific project decisions to the appropriate level

Increasing the opportunity to leverage IT investments across the enterprise by driving the adoption of standard technologies

The resulting State of Illinois IT Governance model described in this guidebook is based on these principles, lessons learned from other states and professional experience.

1.2 What is IT Governance?

The purpose of IT Governance is to use technology resources more efficiently and effectively to achieve broader enterprise goals, maximize benefits and minimize risk.

IT Governance refers to the structure and processes that an organization uses to align its IT strategy with its business strategy. Further, effective governance ensures that the IT organization stays on track to achieve objectives and delivers affordable, quality IT services.

IT Governance provides the policies, procedures and processes for making and managing IT decisions. It assigns authority while promoting a collaborative approach to balancing IT investments across the range of business priorities. Moreover, IT Governance implements the


practice of reviewing IT projects in order to confirm that the IT environment remains secure, reliable and sustainable; and measuring key performance indicators to monitor the quality of IT service delivery. Governance needs to be agile enough to address the changing needs of the business.

1.3 The Benefits of IT Governance

Robust IT Governance confers numerous benefits, including:

Defined roles and responsibilities for IT decision making

Processes and procedures with clear purposes and outcomes

A higher degree over the direction of overall IT spending that allows for interoperability and shared assets across agencies

Enterprise-wide standards and best practices for technology

Greater alignment IT with the organizational goals and strategy

Stronger relationship between the costs and benefits of IT investments

A defined portfolio management process that allows the State to manage priority projects

Optimizes IT operations through more standard provisioning of services

Transparency around IT service rates and service levels

These benefits are only realized when the entire organization - all of the State’s agencies - supports and participates in the prioritization and processes necessary to optimize the State’s IT investments in support of the State’s overall mission and objectives.


1.4 State of Illinois IT Governance

The State of Illinois’ IT Governance model is managed by the Department of Innovation and Technology (DoIT) under the leadership of the Secretary of DoIT The model engages State leaders and IT professionals in setting strategy, providing oversight and operating the IT business.

Figure1 describes State of Illinois’ IT Governance model.


Figure 1: The State’s Three Levels of Governance—Strategy, Oversight and Operations—and the Boards/Groups at Each Level

The Advisory Board of Directors (ABoD), the Enterprise Services and Rates Committee (ESRC) and the Enterprise Architecture Committee (EAC) provide strategic advice and counsel to IT leadership on business priorities, service needs, IT standards, performance levels and rate-setting methodology.

DoIT leadership - the Secretary of DoIT and the chiefs of the various IT disciplines (the CXOs) - interacts with the Advisory Board and Committees to gather insights, formulate the IT strategy and oversee the implementation of the strategy through DoIT’s operating units. The Secretary of DoIT is accountable for the overall IT strategy and service levels. The CXOs, in addition to overseeing the services and capabilities of their discipline, are also responsible for overseeing governance processes, establishing performance standards and reporting to the Governance boards. IT Governance processes are carried out by various IT planners, architects and standards working groups in DoIT’s operational units.

The components and processes of the Governance model are explained in greater detail in the chapters that follow.


2.0 How IT Governance Works The State of Illinois IT Governance model is designed to promote a better, more effective way of managing the State’s investments across the enterprise. It delivers business value, strategically manages risk, leverages resources, and measures performance. Through the model, IT opportunities are compared, so that the State can evaluate its choices and prioritize the opportunities that provide the greatest contribution to enterprise business goals. The model also establishes monitoring and reporting that allows the enterprise to confirm that IT investments are achieving the expected level of benefits and performance.

The model was designed based on the following principles:

Build a simple structure with limited layers and processes

Establish the appropriate authority needed to set direction, standards and resolve issues

Clarify the enterprise-wide view of IT and provide deeper insights into IT decisions within agencies and clusters

Foster Statewide collaboration and the involvement of a wide set of stakeholders from agencies, clusters and business leaders

IT Governance activities are organized into several key processes with clear roles and responsibilities. These processes allow the enterprise to identify and quantify IT investment opportunities; apply common IT standards to enable sharing, interoperability, and normalization of IT resources; monitor the performance of its investments and engage in quality day-to-day service delivery.

This section provides an overview of the organizational bodies and units that implement IT Governance for the State of Illinois.

Figure 2: Governance Inputs, Activities and Outputs


2.1 Governance Strategy

The State of Illinois’ governance model includes three bodies that advise DoIT in developing and implementing the State’s IT plan, prioritizing investments and delivering IT services.

1. Advisory Board of Directors – Confirms that DoIT’s Enterprise IT Strategy is in alignment with business objectives and provides executive oversight and resource prioritization.

2. Enterprise Services & Rates Committee – Guides the portfolio of enterprise IT services, monitors associated service levels and endorses transparent chargeback rates.

3. Enterprise Architecture Committee (in formation) - Reviews and validates Enterprise IT standards.

These boards meet routinely to set direction, review matters in their respective domains and resolve enterprise coordination issues. Board activities are described in Table 1.

Board Activities

Advisory Board of Directors

• Provide executive oversight and accountability

• Review and approve Enterprise IT Strategic Plan in alignment with business strategy

• Set direction and guide priorities for resource allocation

• Monitor the delivery of key technology programs and initiatives

• Ratify annual IT charge-back rates.

• Promote standardization across the enterprise

• Resolve escalated issues

Enterprise Services & Rates

Committee

• Review service portfolio against needs

• Identify existing enterprise IT services for retirement and approve new services

• Review results of IT services delivery to confirm effectiveness

• Review and monitor SLAs

• Approve transparent and reasonable chargeback rates

Enterprise Architecture Committee

• Monitor the development of the IT standards portfolio

• Review the recommendations of the IT Standards Committees

• Adopt IT standards for the State’s infrastructure, applications, data and security

• Resolve escalated issues

Table 1: IT Governance Boards Key Activities


2.2 Board Membership & Meetings

Effective governance requires having the right stakeholders represented when both establishing the State’s IT strategy and making key operational decisions. The State of Illinois’ governance boards are comprised of individuals who have the skills, experiences and level of engagement necessary to move the State’s IT strategy forward.

The Advisory Board of Directors, as the body responsible for ensuring that IT strategy aligns with the State’s overall vision, mission and objectives, is appointed by the Governor’s Office. The Chief Information Officer chairs the Advisory Board of Directors and is responsible for delivery of the IT strategy and achievement of services levels.

The following tables describe the target composition and selection criteria for the State’s IT governance boards.

Table 2: Board of Directors Membership Criteria and Meeting Cadence


Table 3: Enterprise IT Services & Rates Committee Membership Criteria and Meeting Cadence

Table 4: Enterprise Architecture Committee Membership Criteria (in formation)

2.3 Governance Oversight

While DoIT’s entire leadership team is responsible for IT service delivery, the following roles are primarily engaged with the Governance Boards and share responsibility for ensuring that Enterprise IT governance processes are consistently followed:

Chief Information Officer chairs the Advisory Board of Directors and is responsible for delivering the State’s technology plan and service levels.


Chief Technology Officer chairs the Enterprise Services & Rates Committee and sets the technological vision for the enterprise.

2.4 Governance Operations

There are five primary operating units support the State’s IT governance model.

1. Service Planning & Management Group 2. Enterprise Portfolio Management 3. Enterprise Applications 4. Enterprise Architecture 5. Cluster CIOs & Agency CIOs

Services Planning and Management Group (SPMG)

The Services Planning and Management Group (SPMG) spearheads the effective operation of the Enterprise Services & Rates Committee and compiles a quarterly report on IT service performance and compliance with SLAs.

Enterprise Portfolio Management Office (EPMO)

The EPMO serves as a central point of collaboration among the Board of Directors and other participants in the project governance process. The EPMO is responsible for supporting governance activities, primarily:

Facilitating collaboration of governance bodies, specifically the Board of Directors

Managing project review and approval processes Reviewing and communicating requests for information and decisions Establishing gate entrance and exit criteria for project governance Conducting project gate reviews to enforce IT standards and gate requirements Publishing Project Health Reports with mitigation plans for “At Risk” projects Escalating critical issues to the Secretary of DoIT and Board of Directors

As the EPMO matures, the office will provide resources to support stakeholders’ projects from beginning to finish.

The project governance process is described in greater detail in Section 3.0.

Enterprise Applications

Enterprise Application staff are primarily responsible for development and maintenance of applications that serve enterprise-wide needs. Additions to the enterprise application portfolio and changes to existing applications are considered during the strategic planning process and further prioritized by the ABoD, if applicable based on the size of the project. Additions and changes to the enterprise application portfolio that meet the definition of a “project” are reviewed by the EPMO.

Enterprise Architecture

The Chief Enterprise Business Architect and Chief Enterprise Technical Architect report to the Chief of Enterprise Applications. The IT Standards Working Groups are organized and chaired by Enterprise Architecture (EA) staff, who are responsible for publishing the performance, business,


data, application and infrastructure standards (security standards are maintained by the Chief Information Security Officer’s office). EA staff also interact with the EPMO on the review of project proposals for adherence to IT Standards.

Cluster CIOs & Agency CIOs

The State of Illinois’ IT operating environment organizes agency IT operations into “clusters”. A cluster is a group of agencies that share similar missions and constituencies. As a result, the agencies within a cluster often also share similar customers and data; business processes; and common IT needs and services.

Cluster similarities serve as the basis for sharing technologies and identifying interoperable and interrelated IT initiatives. In this way, clusters serve an important role in coordinating the separate IT needs and priorities of agencies and communicating them to the enterprise level. Clusters also provide consolidated support to agencies by representing their interests in the IT service delivery, strategic planning and portfolio management processes.

As part of their central design, each cluster has its own CIO. The Cluster CIOs report to the Secretary of DoIT. As shown below in Figure 3, the cluster and cluster leader (Cluster CIO) play an important role in driving collaboration and resource sharing. The Cluster CIO is responsible for understanding and communicating the priorities and needs of his or her member agencies. As part of this, the Cluster CIO reviews agency projects before they are reviewed by the EMPO as part of the strategic planning and portfolio management processes. The Cluster CIO also helps to communicate back to agencies where collaboration and resource sharing can take place. Likewise, the Cluster CIO serves as the agent communicating cluster needs for shared services at the enterprise level.

Reporting to the Cluster CIO are the Agency CIOs. The primary role of the Agency CIO is to understand the Agency’s strategic direction, maintain Agency-specific applications and advocate for Agency needs. They are the primary liaison with Cluster CIOs to confirm alignment of strategic priorities between their Agency and DoIT. Agency CIOs also drive service delivery closest to the end user, particularly for agency-specific applications.

Together Cluster CIOs and Agency CIOs also monitor the health of IT projects in their respective areas, enforce adherence to IT standards and escalate risks and issues to DoIT leadership.

For a full listing of the agencies as they relate to clusters, please refer to Appendix C.


Figure 3: Different Level of Services Provided in New IT Governance Model

2.5 Governance Processes

The work of IT Governance is accomplished through four primary governance processes. Figure 4 provides an overview of these processes. By consistently deploying governance processes - submitting IT investments for reivew, surfacing risks and issues; and monitoring performance and measuring expected benefits – the Enterprise will ensure that stays on track to achieve its business objectives and provides measurable results.

Figure 4: Overview of IT Governance Processes

IT Project Governance

The purpose of IT project governance is to develop a return on investment profile for IT initiatives, assess risk, identify opportunities to leverage existing solutions and enforce IT standards. The process is managed by the EPMO whose staff collaborate with project managers, Cluster CIOs, CIOs and DoIT solution architects to move projects through a series of review gates with defined inputs and outputs. IT project governance gate requirements are further explained in Section 3.0. IT needs and projects are entered in the Enterprise Project Portal (EPM) after they have been qualified by the sponsoring Agency based on the Agency’s business priorities. The project governance process helps project proposals mature to the point where risks, especially around


security and data, are known and managed; and there has been sufficient planning around resources needs.

Service Management

The Service Management process delivers a set of IT services in line with customer needs and provides a consistent, high-quality customer experience. Effective service management requires adherence to standardized process, continuous measurement against key performance indicators and planning for changing customer needs.

Together the Agencies, Clusters and/or DoIT identify the need for new services and submit requests to Service Operations. When a significant new service cannot be easily rendered, the request is routed to the Service Planning and Management Group for evaluation.

The SMG brings forward service proposals to the Enterprise IT Services & Rates Committee, which approves or declines the new/retired service proposal and the associated rate. Successful approval of a new service results in the development of the new capability as facilitated by the Service Planning and Management Group in conjunction with the service delivery owner (potentially subject to IT project governance) and publication in the Service Catalog with associated rates.

Service Planning and Management Group reviews service metrics and evaluates services against SLAs. The Fiscal office reviews services rates against service costs.

Program and Project Management

A ‘project’ is defined as a temporary IT endeavor designed to produce a unique product, service or result with a clear beginning and end undertaken to meet unique goals and objectives. A ‘program’ is a set of related projects centered on a particular business or technology capability, such as Enterprise Resource Planning (ERP), Content Management, or Going Mobile.

Project management is the process by which schedules, requirements, tasks, risks and costs are tracked to understand if the effort will produce its expected value. Program management is similar, but involves greater focus on fostering coordination, collaboration and sharing in order to optimize a series of investments. These processes can be a function of an EPMO, but at this early stage in the maturity of DoIT’s governance model, project and program management oversight is a responsibility distributed across DoIT, Cluster CIOs, CIOs and agency staff.

Portfolio Management

IT Governance best practice calls for the organization to identify IT investments that have implications for the business strategy of the overall enterprise and manage these projects and programs as a portfolio to better understand overall risk, return on investment potential and shared services opportunities. The two areas of focus for Portfolio Management are:

• Portfolio Balancing – Translating the State strategy into prioritized programs and projects and balancing the risk of project implementation against the value derived from that project.

• Portfolio Oversight – Instituting regular ‘checkpoints’ at which performance of the initiatives is reviewed to asses overall project health, and determining whether enterprise goals are being met.


2.6 IT Standards

In order to achieve the greatest value from the State of Illinois’ IT investments, technologies and resources should be leveraged across the enterprise. To achieve this goal, the State of Illinois uses a consistent set of IT standards established by IT Governance Boards. These common policies and standards for technology and processes are adopted across the enterprise.

Policies are a governing principle that provide the basis for standards and carry the highest authority in the organization.

Standards identify a set of approved technologies that should be used for a particular function, or a common process to carry out an activity.

Standards Development

The process for developing IT standards has both start-up activities as well as repeatable activities. As part of start-up activities, standards have to be identified and publicized. In terms of repeatable activities, standards have to be updated as technology and business requirements change. The steps for developing the standards can be found in Figure 5.

Figure 5: Standards Development Process Steps

Standards Adoption

As of the time of the writing the state Chief Enterprise Business Architect is recommending the adoption of the Policy Framework from Federal OMB Circular A-130 and Business Architecture (Governance Process) Standards the Federal Enterprise Architecture Framework V2 (FEAF-ii). Both of these are well defined at the Federal Government level and have been in place and evolving since the 1980s with a major update published in June of 2016. Since not all of the standards at the Federal level will apply at the state level, the standards committee will identify those that do apply, and publish the standards set applicable for State of Illinois IT Projects. At this time the document set is under review and planned to be published at a date in the future. The process the Standards Committee is following can be found in Figure 6.


Excerpt from “Illinois Enterprise Architecture Standards Strategy”

Initial Charters will be established by the Enterprise Architecture Sub-Committee and concurred with the DoIT Advisory Board. These charters specify the responsibilities for each IT Standards Working Group, as well as details on overall cadence and any prioritization guidance from the leadership.

Each workgroup will then be convened by the respective Enterprise Architect and leader(s) will be designated to lead the group in a defined meeting cadence to accomplish their respective charters. First order of business will be to produce the IT Standards Roadmap for their domain. This will be accomplished as follows:

The development of Enterprise IT Standards will follow the FEAF-ii Reference Architecture Taxonomy which identifies three progressive levels of detail for each discipline. Domain (i.e. Business Sector, Data Domain, Application Domain, Infrastructure Domain) being the most general classification, followed by Area (i.e. Business Function, Data Subject, Application Area, Infrastructure Area), and Category (i.e. Business Service, Data Topic, Application Category, Infrastructure Category) as the most detailed classification for a discipline. Using this taxonomy, each IT Standards Working Group will prioritize areas which the group considers the highest risk due to lack of standardization, and will develop a roadmap for their respective standards development (to be concurred with the overall Enterprise Architecture Sub-Committee).

Based on the approved roadmap, the working group should ensure that there is proper representation to address the first wave of standards development/ratification, and should appoint one or more subject matter lead(s) with accountability for the content of the recommended standard.

The process for developing/ratifying an IT Standard is based on the FEAF-ii Collaborative Planning Methodology and is as follows:

1. The “Organize and Plan” Stage starts with “Identifying and Validating” (Cataloging) any existing published and/or informal standards for the assigned Domain/Area/Category.

2. Next, the “Research and Leverage” step involves a review and analysis of the cataloged standards will be conducted to identify which standards can be consolidated, reused, expanded, redacted, or otherwise rationalized into a target set of capability, process, and product standards.

3. The last step in this Stage is “Define and Plan” which involves finalizing the game plan to produce work group recommendations, and building the task assignments/backlog for the team to work through in the next Stage.

4. Following review and approval of the game plan by the Enterprise Architecture Sub-Committee, the “Implement and Measure” Stage starts with “Invest and Execute” where the team schedules the tasks/backlog according to their game plan and workgroup availability and then follows that schedule to create the identified standards. Once each standard recommendation is developed, it will go through the appropriate review and feedback steps with the defined stakeholders (often already on the working group, but may include key individuals outside the team), and then ratification by the Enterprise Architecture Sub-Committee.

5. The last step (“Perform and Measure”) begins with planning socialization, communication, and statewide rollout (often in releases of several standards across


working group domains as determined by the Enterprise Architecture Sub-Committee). When published and rolled out, the Enterprise Architects will work with IT Governance, GOMB Budgeting for Results, Procurement, Talent Management, Operations, and others to monitor standards compliance planning and enforcement across all Executive Branch Agencies.

Figure 6: Five Step Collaborative Planning Methodology for Standards Development

2.7 IT Strategic Planning

The IT strategic planning process helps the organization prioritize enterprise IT investments and align them with the State’s strategic business goals. The result of the process is a State of Illinois IT Strategic Plan that provides guidance for a three- to five-year cycle, and is updated annually to account for changes in technology, priorities and budget allocations.

The IT Governance model aligns the IT strategic planning process with the State of Illinois annual budgeting cycle. Connecting strategic planning and budgeting provides IT and budget decision makers’ insight into IT priorities for the enterprise and an understanding of how IT investment opportunities will support the State’s business objectives. It also allows for DoIT leadership and GOMB leadership to discuss spending and human resource needs and allocations for the coming year in a concrete way.

By documenting a plan for IT investment and reviewing progress against that plan, the strategic planning process allows for continuous improvement in IT activities and the ability to correct course when goals and activities become misaligned. The IT strategic plan provides a mechanism for IT and the business to communicate and collaborate both in the development of the plan and in future discussions about IT needs. With a 3- to 5-year horizon, the State’s IT strategic plan allows for a longer term perspective in making investments.

Process

The IT strategic planning activities align with the budget calendar.

Summer: The State identifies its strategic goals, concurrent with the development of agency and cluster IT strategic plans and goals.

It is imperative to the proper functioning of the IT Governance model that agencies engage in their own strategic planning process to qualify their technology needs and confirm alignment with the results the business is looking to achieve. In terms of project portfolio management,


the model refers to this process as “Gate 0”. It is only after Agency business leaders, Agency CIOs and Cluster CIOs have engaged in this process that technology needs, ideas and project proposals should be entered into the EPM tool.

Fall: Spend plans, project charters and performance data for the IT Portfolio are compiled by the EAG. All of the information is presented to the IT Summit, which is an opportunity for agency business and IT leaders to discuss the balance of investment across the various Portfolio programs and projects and the prioritization and optimization of future IT spending to support the State’s strategic business goals

Output

The end result of these steps is the State of Illinois’ IT Strategic Plan that includes:

Statement of the State’s strategic IT objectives

Description of current IT landscape

Identification of IT program/project priorities for agencies, clusters and the enterprise

Identification of new shared IT service requirements and priorities

Discussion of new issues and mitigation strategies

Description of updates to previous fiscal year plan

Status and progress of previous fiscal years’ goals and initiatives

2.8 The IT Governance Process in Action

Successful IT Governance requires clear processes with effective handoffs. Figure 7 below describes three case studies, at a high level, when there is need for: (1) developing a new product, (2) requesting a new service, (3) DoIT’s ongoing service activities.

Figure 7: High Level Governance Process


3.0 Project Governance One element of the overall Governance model is the area of Project Governance. The Enterprise Portfolio Management Office (EPMO) is tasked to provide process guidelines for all IT projects, including entrance and exit criteria for each stage gate in the project’s lifecycle. The EPMO will conduct project reviews in each gate to monitor compliance to gate criteria throughout the project’s lifecycle.

Six Project Stage Gates, Gate 0 – Gate 5, exist in the project lifecycle as highlighted in Figure 8.

Figure 8: Stage Gates for IT Projects

3.1 Descriptions and Purpose of Each Gate

Gate 0 – Agency Prioritization – In this gate, a project idea or need is identified by an Agency (or Agencies) and prioritized to move forward as an IT project. Although each agency may have its own prioritization process, a recommended process flow can be found in Appendix B. Once a project is “approved” by the agency’s prioritization process to move forward, the project moves out of Gate 0 is put into the EPM portal. During the entry of the project into the EPM portal (in Gate 1) the project manager will be asked a series of 7 questions.

Gate 1 – Identify and Validate – In this gate, the prioritized project is entered into the EPM Portal for potential inclusion in the IT project portfolio. All projects are entered in the portal to enable the enterprise to oversee the portfolio and identify reuse opportunities, identify common needs across agencies, or identify projects that can be expanded to meet another agency need. Upon project input, seven IT implication questions need to be answered by the project manager. Project Governance is initiated based on the answers to the questions. If a project does not have IT implications, the project is tagged as Governance Not Required.

Gate 2 – Research and Leverage – This gate’s focus is on the project’s business case, the business capabilities the project is trying to achieve (content management, workflow, etc.) and a “rough order of magnitude” of the project’s cost and Return on the Investment (ROI). A project’s “return on investment” is the quantifiable benefit that flows to the State as a result of the project investment. Benefits include cost avoidance or cost reduction, to the business or IT; increased revenue; and a reduction in improper payments. While it is difficult to quantify benefits in the public sector and projects are sometimes initiated simply to fulfill a mandate, calculating together the full cost and known benefits of a project is an essential exercise. As part of the business case, it is also important to state the qualitative benefits as well.


Gate 2 also focuses on the potential to leverage an existing solution to meet an agency’s need or common business requirement. PMs and CIOs should also be researching the marketplace to better understand solutions that may meet the business need. The exit criteria for this gate includes a rough order of magnitude ROI, defined high-level business requirements, and an identified solution path (build, buy, reuse) for the project.

Gate 3 – Detailed Planning – This gate includes developing detailed business and technical requirements for the project. As the project scope is refined and a high-level project schedule is developed the business case and its ROI calculations become more definitive. The output of this gate is a fundable project plan. If the solution path is to go out for RFP, the RFP is ready to be issued upon funding approval.

Gate 4 – Detailed Design – This gate is where the project detailed design, network diagrams, design blueprints and detailed spending plans occur. Review of technical needs in this gate are conducted to assess network capacity implications, standards compliance, security requirements and long term support needs for the project. Completion of this gate includes a signed contract (if applicable), assigned resources, committed funding and a detailed project plan.

Gate 5 – Invest and Execute – Projects that get to this gate are officially prioritized, funded, and “In Flight”. This is where development and testing occurs. Monthly health check reviews are conducted on these projects through project steering committees to monitor the scope, schedule, and costs for the project throughout the development cycle. At the end of this gate, a pre-implementation checklist is completed and signed off by all stakeholders to validate compliance with standards and confirm support requirements are in place prior to “going live”.

Further, the Enterprise Applications Group (EAG) monitors projects that have enterprise implications based on the potential for reuse among agencies, the project risk profile or the investment level (see the discussion of Project Governance Thresholds in Section 3.2 below) and reports on the progress of these projects to the ABoD. Each project in this portfolio will have an Executive Steering Committee made up of stakeholders, chaired by the Chief of Enterprise Applications. Figure 9 describes the Portfolio Project Steering Committees structure. The EAG has the authority, and responsibility, to develop mitigation plans for projects when they are underperforming, and to even recommend cancellation in the appropriate circumstances. The BOD has final authority in those cases.

Go Live – At this point in the project lifecycle, IT governance via the EPMO and Stage Gates is complete. The project steering committee however, will continue to monitor the project implementation and conduct periodic health checks for the project. The recommendation is to continue those health checks on large implementations for a period of one year or until the implementation is running smoothly and supporting the business needs expected from the project.


Figure 9: Operational Overview for Portfolio Project Steering Committees

Gate Entrance and Exit Criteria

Entrance and exit criteria for each gate has been established for IT projects. As part of the gate reviews the EPMO or CIOs will monitor all projects as they move through the project lifecycle for compliance. Project Managers are responsible to collect/maintain project documentation for all gate criteria.

Table 6: Gate Entrance and Exit Criteria


Templates for the business case, risks, and dependencies have been defined for project managers to use when moving through the gates. These can be found in Appendix A.

3.2 Project Governance Thresholds

All projects must meet IT standards and requirements before implementation can begin. The risk associated with some projects however, may be low and may not require the detailed project governance overseen by the EPMO. Thresholds have been defined to guide the organization in assessing the level of Governance oversight required. Regardless of the oversight level however, the Cluster CIOs and/or CIOs for each agency are required to make sure gate criteria and IT standards are met for every project. Proposed thresholds and review oversight for projects are in the table in Figure 10:

Balancing: Key Strategic Project Selection Criteria

Figure 10: Working Project Thresholds

It is important to note, projects under $500,000 must still move through the review processes prescribed by IT Project Governance and meet gate criteria, but the review is conducted by the Agency CIO and Cluster CIO.


4.0 Operational Definitions A common understanding of terminology and roles and responsibilities, is critical to successful implementation of the Governance model as well as any new initiative an organization embraces. Terminology enables the organization to clearly communicate, understand roles and responsibilities, and successfully execute implementation for the operation.

4.1 Roles and Responsibilities

Management activities are performed by DoIT resources as defined in the table below.

Term Definition

Governance Boards Advisory Board of Directors (ABoD) provides guidance on strategic investment decisions by interpreting business strategies and defining priorities as inputs to the Enterprise IT strategy. The Board monitors the delivery of key technology programs and initiatives and ratifies annual IT charge-back rates.

Enterprise Services & Rates Committee (ESRC) addresses the definition, delivery and quality of IT Services to the customer base. The ESRC also conducts an annual review of the IT rate setting methodology, rate structures and service level agreements (SLAs).

Enterprise Architecture Committee (EAC) reviews and validates Enterprise IT standards.

Executive Steering Committees (ESCs) established for high profile projects to monitor project progress and facilitate issue resolution and risk management through periodic program health checks.

Executive Leadership Team

Secretary of DoIT chairs the Board of Directors and is responsible for the delivery of the Enterprise IT strategy and achievement of services levels.

Chief Technology Officer chairs the Enterprise Services and Rates Committee and sets the technological vision.

Chief Financial Officer develops annual technology charge back rates and makes recommendations to the ESRC.


Term Definition

Operational Groups

The Enterprise Portfolio Management Office (EPMO)

conducts the governance process for all IT projects and interacts with agencies, CIOs and Cluster CIOs to provide advice and guidance on technology considerations as projects move through gate reviews. Coordinates project health checks on projects over $500,000 and reports to the ABoD on the project pipeline.

Service Planning & Management Group is responsible for aligning technology services and capabilities with customer needs, including monitoring KPI performance in order to direct continuous improvement activities.

Enterprise Architecture drives IT business, applications, infrastructure, data, and security standards development and compliance across the enterprise, coordinates the work of the IT Standard Working Groups and makes recommendations to the EAC.

Enterprise Applications monitors and reports to the ABoD on the status and health of IT projects with enterprise implications.

Project Sponsors Agency Directors, CIOs, Cluster CIOs

Identify potential projects from their Agencies and provide project profiles for their project or program (with assistance from other resources as necessary)

“Sign-off” on all projects submitted for consideration for submission into the EPM Portal

Secure funding for their project

Ensure that approved projects perform according to plan and meet technology gate requirements

Project Managers Supply project information and completes the project profile in the EPM portal

Ensure that the project performs according to plan and meet technology gate requirements

Manage the delivery of assigned projects (e.g., plan, execute, track, budget)

Provide project performance criteria to management as required

Organizational Resources DoIT is responsible for providing the IT enablers to allow agencies to meet their specific agency objectives. At present Technical resources are still spread across all agencies, but roll under the DoIT Agency Umbrella.

4.2 General Definitions

Throughout this document a variety of terminology is used. The table below contains definitions for commonly used terms in Governance and Project Management Processes.


Term Definition

Asset Capacity Analysis Analysis conducted to understand the physical needs to support selected projects (e.g., equipment, building)

Business Case A formal, written document intended to convince a decision maker to approve an IT project. The business case includes the problem statement, analysis of the situation, solution options, project description, cost-benefit analysis and recommendations. A well-crafted business case explores all feasible approaches to a given problem and enables business owners to select the option that best serves the organization.

Business Intelligence The ability to improve business knowledge and insight

Business Risks Risks that affect the business; may include considerations of how customer service, public relations, other investments, etc. may be affected by specific activities or projects

Cost Avoidance Prevention, elimination or deferment of expenses

Cost Effectiveness Leveraging resources to generate the return on investment; May involve cost avoidance, cost reduction and revenue generation

Cost Reduction Reduction in expenditures

Customer Satisfaction The ability to improve customer interactions – DoIT is a service organization

EPMO Enterprise Portfolio Management Office – Team that manages the portfolio of the state’s projects. They are not project managers e.g., a (Project Management Office) rather the EPMO defines the governance process and requirements to launch IT projects throughout the project lifecycle.

EPM Portal Project database that hosts high level project information (description, start date/end date, agency, gate status, etc.) and links to project documentation

Enterprise All agencies in the State of Illinois

Financial Capacity Analysis

Analysis conducted to understand ability to finance selected projects

Human Resource Capacity Analysis

Analysis conducted to determine ability to source or execute selected projects; Internal resource skill sets and capacity must be measured and external resource availability must be established

Mandates Activities required by either legal or policy requirements

Operational Initiatives Activities that are ongoing or reoccurring

Portfolio Manager Person assigned to manage the Portfolio of IT projects

Portfolio Management The holistic view of IT projects through which the enterprise gains better visibility into risk management, return on investment, project prioritization and shared services opportunities

Process Improvement The ability to implement efficiencies and effectiveness of business processes


Term Definition

Productivity Improvement The ability to increase operational productivity

Program A group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually – e.g., IT Transformation is a Program with Consolidation projects, Service Management projects, governance projects, etc., under the program umbrella.

Project Temporary undertaking to create a specific product or service with a defined start and end point that when attained, signify completion.

Project Management Application of knowledge, skills, tools and techniques to project activities to meet stakeholder needs and expectations from a project.

Project Portfolio A collection of projects (and/or programs) that are grouped together to facilitate the effective management of that work to meet strategic business objectives

Project Profile Specific project information compiled in the RAP Management database; Used during the evaluation and prioritizing processes

Project Server Web based tool that enables project managers to create a master schedule, allocate resources and store work products for a project.

Project State Current stage in development of a specific project:

Gate 0 – Agency Prioritization

Gate 1 - Identify and Validate

Gate 2 – Research and Leverage

Gate 3 – Detailed Planning

Gate 4 – Detailed Design

Gate 5 – Invest and Execute

Return on Investment (ROI)

A percentage calculation showing the ratio of savings the enterprise expects resulting from the investment expenditures for a project. A positive ROI is favorable, a negative ROI is unfavorable.

Rough Order of Magnitude (ROM)

An estimate of costs, resource needs and ongoing expenses for a project used to determine a Return on Investment

Stakeholders Any person or group with a vested interest in the outcome of a project or plan

Strategic Initiative A strategic initiative is an endeavor intended to achieve three interrelated outcomes:

1. A boundary-spanning vision or “strategic intent”

2. Realization of important benefits to “strategic” stakeholders and

3. Transformation of the organization

All strategic initiatives are programs, but not all programs are strategic initiatives.


Term Definition

Strategic Management An integrated approach for managing in a rapidly changing environment by building consensus of a shared vision and by gaining support and participation of employees

Strategic Objective A narrow, explicit statement of intent; objectives should be SMART – specific, measurable, accountable, realistic, and time bound

Strategic Planning The continuous and systematic process guiding members of an organization to make decisions about its future, develop the necessary procedures and operations to achieve that future, and determine how success is to be measured

Strategic Priority Key issue toward which the agency directs its efforts

Thresholds Guidance on the level of project governance required based on investment and risk of the project.


Appendices The Appendix sections that follow provide a more detailed perspective on the tools and processes highlighted in the previous sections and can be understood as follows:

Appendix A: Templates - Board Membership Tracking Template, Governance Boards Meeting Minutes Template, IT Project Assessment Tool, Project Governance Templates for Business Case, Risk Assessment and Dependencies, Pre-implementation checklist

Appendix B: Strategic Planning-Provides detailed steps of the year long process for IT strategic planning.

Appendix C: Cluster Groupings-Provides a reference for understanding which agencies are grouped within each cluster.


Appendix A: Templates The following templates and tools have been developed to help the State of Illinois transition to its new Governance model. These templates and tools will help the state remain organized as well as help with objectivity in the portfolio management process.

Board Membership Tracking Template

This template is designed to help the state track the qualifications of its board members and confirm the Boards have a mix of individuals with the targeted experience. For each Board Member, the following information will be tracked:

Agency Name

Role at Agency

Start and End of Term

Target Composition Role


Board Meeting Minutes Template

This template is designed to provide consistency between the two governance boards in documenting action items and decisions made.


IT Project Assessment Tool

This tool is designed to help the Enterprise Portfolio Management Office (EPMO) decide which projects should continue in the approval process and the priority the projects should be given. This tool compares a project's value to its risks.


Project Business Case Template


Project Dependencies Template

Figure XX Dependency Template

v


Risk Potential Assessment Worksheet Template Sample

Project Risk Assessment Matrix


Pre Implementation Checklist


Appendix B: Strategic Planning Processes

The Strategic Planning process begins by gathering data from across the enterprise, including the State’s strategic IT goals, as well as cluster and agency IT goals, plans and budgets. The EMPO gathers and analyzes that data to prepare for the IT Summit. The outputs from the IT Summit are discussed with GOMB to identify financial resourcing. The Strategic Planning process is broken down into the timing, goals and activities identified below.

1. Define Enterprise Goals

Secretary of DoIT and Board of Directors review list of specific programs and goals (for the upcoming fiscal year and for the next 3 to 5 years) for IT

Align with the business goals identified by the Governor

2. Incorporate Agency/Cluster Priorities

Cluster/Agency CIOS and Governance Boards develop lists of priorities and key projects that support their organizations business goals

Cluster/Agency CIOS and Governance Boards identify enterprise shared service and new technology needs

Clusters submit priorities and needs to EMPO

3. Review Enterprise Progress

EMPO reviews progress against the previous year IT Strategic Plan

EMPO works to identify enterprise level projects worthy of pursuit based on agency/cluster project submissions, identified needs, or opportunities for collaboration

4. Define Shared Priorities

Conduct IT Summit:

EMPO presents overview of SOI Strategic Objectives as defined by CIO and Board of Directors

EMPO provides overview and analysis of cluster/agency strategic plans and key projects as submitted by clusters/agencies

Attendees review projects to identify commonalities, benefits, risks, and implementation considerations

Attendees discuss shared goals and IT investments as well as identify highest priority projects for enterprise and budget endorsement

Clusters/agencies discuss service requirements and identify service priorities

Attendees review standards, processes and exceptions, and new technologies

5. Support Priorities with Funding

Conduct Budget Conversations

GOMB, Secretary of DoIT, and Board of Directors discuss goals and strategies identified in the IT Summit

GOMB incorporates IT projects and priorities into budget recommendations

GOMB presents IT funding allocation

6. Finalize

Strategic Plan

EMPO compile inputs and draft the State of Illinois IT Strategic Plan

Review plan with CXOs and Board of Directors and update as needed

Publish plan

Conduct briefing meetings with stakeholders as necessary


Appendix C: Cluster Groupings Below are the agency groupings that form the State of Illinois clusters as of August 2016.

Documents

State of Illinois Department of Innovation and Technology ......Department of Innovation and Technology IT Governance Guidebook . ... Increasing the opportunity to leverage IT investments