Capital Planning and Investment Control CPIC September 24

Capital Planning and Investment Control (CPIC) September 24, 2008 27 October 2021/NIH Office of the CIO

Today’s Objectives q. Share information about the NIH Capital Planning and Investment Control (CPIC) program. q. Discuss the integration of CPIC with Project Management/ Enterprise Performance Life Cycle (EPLC) Framework. 27 October 2021/Office of the NIH CIO 2

What is CPIC? q. CPIC is not a paper work exercise. q. CPIC is a systematic approach to selecting and managing IT q. CPIC is not the Exhibit 300. investments throughout the life q. CPIC is not the Exhibit 53. cycle. q. CPIC is a tool by which we can select the best mix of IT investments for the NIH Portfolio of IT Investments. 27 October 2021/Office of the NIH CIO 3

The CPIC Process Select How do you know you have selected the best IT Portfolio? • Conduct reviews • Make adjustments • Apply lessons learned Evaluate Based on your evaluation, did the system deliver the expected benefits? • Screen • Rank • Score Control Will the selected IT • Monitor progress investments be able to deliver the benefits • Take corrective actions projected at cost and schedule projected? Source: GAO 27 October 2021/Office of the NIH CIO 4 4

History of NIH CPIC q. Feb - Sept 2004: NIH CPIC Policy Work Group developed draft NIH CPIC Policy and Procedures. q. Sept 2004 – April 2006: NIH CPIC Policy and Procedures remained in draft awaiting issuance of HHS CPIC policy. q. Dec 30 2005: HHS published its CPIC policy. q. Jan – April 2006: NIH’s CPIC policy revised to conform to the HHS policy. q. May 2006: NIH’s CPIC Policy and Procedures signed by NIH CIO and transmitted to HHS. q 2007: All ICs provided documented CPIC policies and procedures. q 2008 - 2009: Ongoing integration of CPIC, EPLC, and NIH governance. 27 October 2021/Office of the NIH CIO 5 5

Why CPIC? q. CPIC provides senior management with objective information so that they can make good business decisions and invest federal funds in IT projects with a high likelihood of success and that meet the NIH mission. q. Mandated by law. 27 October 2021/Office of the NIH CIO 6

Laws q. Paperwork Reduction Act. Sets overall framework for OMB oversight of Information & IT. q. Clinger Cohen Act. Requires sound investment through capital planning that is tied to Agency missions and strategic goals. q. Government Paperwork Elimination Act. Requires agencies to ensure all transactions are electronic, when practicable, by October 2003. Along with the Electronic Signatures in Global and National Commerce Act, creates legal framework for online commerce. q. Federal Acquisition Streamlining Act. Requires agencies to identify all major investments, identify planned costs, schedule, and performance criteria and then achieve at least 90 percent of them. q. E-Gov Act. Requires agencies to support cross-agency E-Gov initiatives. Codifies the role of OMB (E-Gov Administrator and Office of E-Government), and CIO Council. Requires agencies to develop citizen and productivity-related performance measures to support agency objectives, strategic goals, and mandates. q. Federal Information Security Management Act. Requires attention to security in all agency applications and ensures agencies are accountable to OMB and Congress. q. Privacy Act. The foundation of Federal policy for protecting and sharing personal information. q. Section 508. Ensures accessibility for all. 27 October 2021/Office of the NIH CIO 7

REVIEW LEVEL CRITERIA HHS NIH IC Annual Cost >$10 M Annual Cost >$3 M Annual Cost <$3 M Life Cycle Cost >$50 M Life Cycle Cost >$20 M Life Cycle Cost <$20 M Interoperability (impacts more than one HHS OPDIV) Cross-cutting (single Dept-wide solution) Trans-NIH (solution for majority of ICs) Mandates New technology Critical Infrastructure HHS CIO Interest NIH CIO’s Designation 7% Cost, Schedule, or Performance Variance 5% Cost, Schedule, or Performance Variance Department Review 27 October 2021/Office of the NIH CIO 8

IC CPIC q. Develop and maintain a CPIC process. q. IC CIO must identify IT investments that meet the criteria for NIH and/or HHS level review. q. IC CIO must provide the NIH CIO with the IC IT investment portfolio. q. Perform CPIC reviews. q. Establish and maintain a management structure in place that performs. q. Technical reviews of IT investments and the IC IT investment portfolio. q. Business reviews of IT investments and the IC’s IT investment portfolio. q. An IC with an IT investment >$1 M (annual) must establish and maintain a formal governance structure. 27 October 2021/Office of the NIH CIO 9

Integration of CPIC and EPLC = Governance GOVERNANCE CPIC EPLC Strategic Planning 27 October 2021/Office of the NIH CIO 10

Parallel Methodologies 27 October 2021/Office of the NIH CIO 11

EPLC and CPIC Commonalities Differences q. Critical Partners q. Reviews q. Disciplined approaches q. Timing (annually vs. individual IT projects’ progress and readiness for entering next phase) q. Level of review 27 October 2021/Office of the NIH CIO 12

Critical Partners q. Departmental CPIC Policy requires critical partners to participate in the CPIC process to ensure that IT investments comply with HHS policy in the critical partners’ respective functional areas. q. Critical Partners are subject matter experts: q. Enterprise Architecture, Security and Privacy, Acquisition Management, Finance, Budget, Human Resources, Section 508, CPIC, and Performance. 27 October 2021/Office of the NIH CIO 13 13

Dual Role of Critical Partners EPLC q. Reviews project documentation for completeness and adequacy during the EPLC’s stage gate reviews. CPIC q. Reviews each IT investment’s project documentation as a member of the NIH CPIC Review Board during Select Phase. q. Determines the criteria used to review project documentation. (Criteria are updated every year before the start of the Select Phase of CPIC. ) 27 October 2021/Office of the NIH CIO 14 14

Q and A 27 October 2021/Office of the NIH CIO 15