Recommended Roadmap for IT Modernization in Government This roadmap is not a waterfall model, but rather a circular model. This is because modernization is not a single event, but rather an ongoing process requiring continuous attention. By treating modernization as a process, organizations can better manage technology investments and continue to stay on pace with change, rather than having to engage in a costlier “catch up” situation.Finally, a feedback loop from each stage to the prior stage reflects the fact that modernization solutions need to be continuously assessed and considered. With the feedback loop, important insights can be gathered and made actionable...Any successful modernization effort addresses the people, processes, and technologies currently in place and develops a plan to reduce risk, promote adoption, and realize benefits.This report distills the essence of numerous modernization strategies and experiences into theroadmap approach recommended in Figure 6, and is consistent with the guidance on implementing MGT.IBM Center for The Business of GovernmentCTBG_a11d00e8-2dfe-11df-91fe-13597a64ea2aDr. Gregory S. DawsonAuthor -- Dr. Gregory S. Dawson is a Clinical Associate Professor at the Center for Organization Research and Design (CORD) within the College of PublicPrograms at Arizona State University and is also an Assistant Professor inthe W. P. Carey School of Business.Dr. Dawson was awarded his PhD in Information Systems from the TerryCollege of Business at the University of Georgia.Prior to becoming an academic, Dr. Dawson was a Partner in the GovernmentConsulting Practice at PricewaterhouseCoopers, joining PwC (formerly Coopers& Lybrand) in the Washington, D.C., office and later relocating to Sacramento,California. Dr. Dawson was a leader in the field of public sector outsourcing aswell as information systems implementation. He has worked extensively withthe federal government (including Central Intelligence Agency, Department ofDefense (Army, Navy, Air Force and Marines), the Federal Deposit InsuranceCorporation (FDIC), and the Bureau of the Census, among others) and with avariety of state governments (including Virginia, North Carolina, Pennsylvania,New York, and California). After leaving PwC, Dr. Dawson was a Director atGartner, working in the state and local government practice.Dr. Dawson is also the President of the Association for Information SystemsSpecial Interest Group on IS Leadership and co-leads a track on IS leadershipat a major IS conference. His research is primarily focused on information systems leadership and innovation in the public sector. His work has been published in a variety of top academic and practitioner journals. His research hasbeen published in Journal of the Association for Information Systems,Decision Support Systems, Organization Science, Journal of ManagementInformation Systems, ACM Transactions on Management InformationSystems, Communications of the Association for Information Systems,InformationWeek and numerous Brookings Institution reports.IntervieweesList of Those Interviewed for This Project.Bo ReeseChief Information Officer, Office of Management and Enterprise Services, State ofOklahomaDavid BrayCurrently Executive Director for the People-Centered Internet coalition and formerChief Information Officer of the FCCDickie HowzeChief Information Officer, State of LouisianaEd TonerChief Information Officer, State of NebraskaJohn MacMillanChief Information Officer, Commonwealth of PennsylvaniaRenee WynnChief Information Officer, NASAStu DavisChief Information Officer and Assistant Director of Administrative Services,State of OhioTodd KimbrielChief Information Officer and Deputy Executive Director, Texas Department ofInformation Resources, State of TexasGovernment IT is modernized_e0a8aa2c-2296-11ea-b7e2-f3d51983ea00To better manage technology investments and continue to stay on pace with change._e0a8ab44-2296-11ea-b7e2-f3d51983ea00PrinciplesImplicit in modernization are several core principles, which in many ways are present in any innovative approach to solving existing problems:ExecutionPrinciple 1: Most organizations are good at generating modernization ideas (e.g., cloud or SaaS) but weaker at bringing the ideas to fruition. As a result, modernization advocates often get frustrated by organizational inertia to enact change, and quickly give up.InclusivenessPrinciple 2: Modernization ideas both big and small emerge from every part of the organization and all may have merit. It is important not to rely solely on a single individual (e.g., the CIO) or even a small group of individuals to generate all valid modernization ideas.FocusPrinciple 3: Modernization is a process and not an event. So, while tempting to focus on the short term, modernization must remain a strategic focus of the organization. Doing otherwise merely solves an immediate problem while setting up the organization for an unending future of crisis-centric approaches.PrioritizationPrinciple 4: All modernizations are not created equal. Some modernizations involve quick-hit technology-centric solutions, while other modernizations are longer-term efforts that require substantial personnel and process-centric changes.ResourcesPrinciple 5: Modernization is a complex undertaking and requires dedicated resources with specialized knowledge and skill for successful program execution. If sufficient and appropriate resources are not available in-house, outside support may be required.ManagementPrinciple 6: Industry can provide valuable insight in adapting private-sector practices into the public sector. However, this process needs to be very carefully managed and deployed.PlanningForm and charter the core modernization team and establish their overarching goals_e0a8ac16-2296-11ea-b7e2-f3d51983ea00Stage 0In this stage, modernization starts to move from concept to action...Major outputs:• Project charter document• High-level plan for modernizationTeamAppoint team lead and cross-functional core team members._e0a8ad42-2296-11ea-b7e2-f3d51983ea00Step 0.1Agency Director (or designate)Primary responsibilityIn the first step (0.1), the agency director, likely in concert with the entire organizational leadership structure, formalizes IT modernization as a key agency goal and forms the core modernization team that will guide the modernization effort. The core team should act as anexecutive steering committee for the project, and team members should have sufficient staturewithin the organization to command respect and be able to cajole or, if necessary, forceactions. The CIO can act in the role of core team leader, consistent with the role of the CIOunder FITARA. In this context, the CIO is more of a “first among equals” who leads by persuasion. This will ensure that the project has required executive support, key to successful implementation and called for under the MGT Act.Charter, Governance & GoalsDevelop/approve project charter, establish governance protocols and codify goals for the modernization effort._e0a8aee6-2296-11ea-b7e2-f3d51983ea00Step 0.2Core Team LeaderPrimary responsibilityIn the second step (0.2), the core team, under the facilitation of the core team leader, develops a project charter document to guide the interaction between team members, clearly establishes a governance structure for the organization, and codifies overall goals for modernization.As previously discussed, core team members should stratify numerous modernization goalsinto levels of importance, consistent with overall federal guidance. Additionally, the projectcharter should include the guiding principles of a communication plan to inform and educateagency staff, including mission leaders and cross-functional personnel.To prevent modernization from being an “IT thing,” the communications plan should frame theactivity as involving business issues that happen to have an IT component. Similarly, the planshould address people and process in addition to the technology. By framing the plan aroundbusiness problems, modernization is far more likely to be accepted by senior management andcross-functional staff. This keeps the focus on business issues and agency mission issues thatMGT supports.Once developed, the project charter should be reviewed and approved by the Agency Directorand then distributed as appropriate under the communications plan.PlanDevelop/socialize high-level plan for modernization._e0a8afcc-2296-11ea-b7e2-f3d51983ea00Step 0.3Core TeamPrimary responsibilityAfter the project charter has been approved, work on a high-level plan for modernization (step0.3) can begin. The plan will have numerous tracks to be developed and rationalized, andthese tracks should generally align to the people-process-technology triad needed for long-termmodernization. In addition, tracks should be cross-functional rather than system-centric. Forexample, procurement related issues across systems can be treated together in the processtrack, shifting the modernization dialog from a system-by-system approach to an enterpriseview.The high-level plan should not fall victim to “paralysis by analysis” and should focus on thebroad brush strokes necessary to get modernization moving. Said differently, the high-levelplan should create a scaffolding by which each modernization initiative can hang and evolve,rather than being fully comprehensive.Once the high-level plan is developed, each core team member needs to socialize the planwith key internal and external stakeholders—not for approval, but rather to gain beneficialinsights and support for the plan.Finally, these plans could be submitted to a central authority – for example, OMB at theFederal level -- to track implementation progress. This creates a momentum for moving forward on modernization since successes and lessons learned will be highlighted. Second, itoffers an avenue for cooperation and sharing best practices among agencies.Environment & PerformanceAssess current environment and establish performance deltas._e0a8b0b2-2296-11ea-b7e2-f3d51983ea00Stage 1Objective: Capture the organization’s as-is state in order to have a baseline of organizational assets and to define relevant performance deltas...In this stage, the organization begins to understand what it has and how far it needs to go to accomplish its modernization goals, consistent with the template for TMF funding.Major outputs:• Inventory of current assets• Readiness reportAssetsPlan and conduct an inventory of current assets._e0a8b198-2296-11ea-b7e2-f3d51983ea00Step 1.1Core TeamPrimary responsibility -- The core team should develop a data capture strategy that will ensure that all of the relevant data is captured for each system. At a minimum, the document should capture:• Technology (including hardware, software, and telecommunications infrastructure)• Type of technology (brand, manufacturer, etc.)• Age (initial purchase date and any major upgrades since then)• Estimated useful life• Usage (number of users, concurrent, named, etc.) ^• People• Number/type of people performing all tasks associated with the system• Experience of people• FTEs assigned ^• Internal business processes and functions, and external contracts• Internal business processes and functions• Hardware contracts, maintenance, duration• Software contracts, maintenance costs, duration• Services contracts, costs, number of peopleWork GroupsPrimary responsibilityDickie HowzeCIO Howze of Louisiana followed this strategy as well. His goal was to “leave the lights on”while they learned what they had inherited, to understand and document the “as-is.” Oncethey understood the current environment, they were able to make informed decisions on whatto consolidate, what to standardize on, who would help, and what the processes would be.John MacMillanThis effort is not a walk in the park. As noted earlier, when MacMillan of Pennsylvania askedstate IT offices which programming languages their applications were built with, the most frequent answer was “I don’t know” or “I am not sure.” Considerable digging may be required toget the correct answer.In the first step (1.1), the organization, led initially by the core team, plans and conducts aninventory of all of the relevant systems, including technology, people, and processes. Initially,each core team member should lead work groups to capture the major systems that are partof their department. As one federal CIO said, “if you don’t get a handle on what you have, itcould be nearly impossible to define a roadmap, identify duplication of applications drainingresources, or make a business case for new IT investments and projects.” ...Once this document has been developed, work teams for the various offices can begin theinventory. Generally speaking, most of the inventory work can be done via email and on-lineforms, but each function can devise its own data-capture strategy. The output of this step is acomplete, enterprise-wide inventory.It is important to also capture people and process data in addition to the systems data. Simplyput, people use technology to solve business problems and use processes to implement andmanage technology. As Reese of Oklahoma noted, technology can come and go but peoplehold the institutional knowledge of how the business works. Without this focus, as peoplemove on the institutional knowledge will be lost and services will suffer. This will also helpensure that knowledgeable staff can make reasonable estimates to meet repayment requirements, like those in the TMF.PerformanceDetermine performance deltas._e0a8b27e-2296-11ea-b7e2-f3d51983ea00Step 1.2Core TeamPrimary responsibilityRenee WynnAt NASA, Wynn divides assets into three categories: keep, decommission, and modernize.“Keep” assets are satellites that generally have a 7–10-year life cycle (although some havebeen functioning since the 1970s). NASA does what it can to upgrade these assets, but the primary focus is on managing them from a cybersecurity position. Wynn describes “decommission” assets as looking at future business needs and tracking backwards to current processing needs, to see what the future requires from a technology, people, and processstandpoint. If no future business need exists, the system is decommissioned. If a future needexists, the system (people, process, and technology) are “modernized” (or upgraded). Thisapproach focuses on the future needs of the organization rather than just the status quo.Michael HermusMichael Hermus, U.S. Department of Homeland Security Chief Technology Officer, recommends that CIOs “take legacy systems that are the most expensive to operate and divide theminto two categories: those that get a lot of attention and support core business needs, andthose that aren’t part of the core business. Then, take the ones that aren’t part of the corebusiness and decommission them.”In the next step (1.2), performance deltas for each system can be determined. There arenumerous ways to do this...This report recommends the use of performance deltas as follows. The first piece, businessgoals, focuses on how well the system meets its primary business purpose, addressing multiple relevant questions: Is the system fully compliant with its core mission? Are critical datesgenerally met? Are users generally satisfied with performance? Are there any upcoming mandates that would require a major overhaul (e.g. analytics)? Have any performance issues beennoted either internally or externally to the agency?The second piece focuses on systems vulnerability, defined broadly as including cybersecurityobsolescence, staffing, and other factors. Putting the two pieces together allows for stratifyingsystems as shown in Figure 6...From the chart, systems can be placed in one of the four quadrants in order to develop an initial stratification. Systems in Quadrant 4, low business goal achievement and high vulnerability, would naturally rise to the top of modernization efforts, while those with high businessgoal achievement and low vulnerability (Quadrant 2) would be less pressing. A similar prioritization is part of the TMF funding criteria.ReadinessAssess modernization readiness._e0a8b382-2296-11ea-b7e2-f3d51983ea00Step 1.3Work GroupsPrimary responsibilityIn the final step (1.3), work teams would develop a readiness profile for each system. Thereadiness profile should focus on readiness for cross-functional goals, including analytics andshared services, and address technology, people, and process readiness. In this step, systemswill begin to cluster together in terms of stratification and readiness. Systems in the low-business-goal and high-vulnerability quadrant that is more ready for cross-functional goal achievement would rise to the top.All of the readiness information, along with the supporting documentation, should be preparedby the work groups and then reviewed and validated by the core team. This ensures that thecore team takes a cross-agency perspective and can readily understand better targets.ExecutionIdentify and begin to execute the modernization strategy._e0a8b486-2296-11ea-b7e2-f3d51983ea00Stage 2In this stage, the focus is on identifying and executing the modernization strategy with key insights gained from prior steps...Outputs:• Modernization guidance• Initial modernized systemsInitiativesIdentify cross-functional initiatives._e0a8b58a-2296-11ea-b7e2-f3d51983ea00Step 2.1Core TeamPrimary ResponsibilityPublic SectorThe U.S. is the leader in cloud adoption—but the public sector is considerably behind, despitethe federal “cloud first” policy commenced in 2011.Professional Services CouncilThe Professional Services Council’s (PSC)2016 Federal CIO Survey found that only 5 percent of federal IT leaders felt that sufficienteffort had been made to move strongly into the cloud...Procurement rules need to be updated as the cross-functional initiatives are being developed,to ensure that they work together. The PSC has listed necessary procurement changes as goodstarting points, including:• adopting performance-based contracting• supporting consumption-based purchasing for cloud computing• taking advantage of current flexibility in the Federal Acquisition Regulation (FAR) to speedintroduction of new technologies• discouraging the use of lowest-price technically-acceptable (LPTA) evaluations for complextechnology procurements Federal GovernmentMigrating to the cloud can be a winfor the federal government, since adequate knowledge of how to do it and a strong base ofservice providers exist. It fits the “do once, use many times” approach.This is not to suggest that everything should be moved to the cloud. Certain data has a muchhigher requirement for protection, and analysis needs to be undertaken to ensure that a cloud provider can provide equal or better security under federal guidance. Applications that are notappropriate (either technically or programmatically) for the cloud should still be consideredtargets for in-place modernization.Government AgenciesThe other cross-functional initiative that should be on the forefront is an expansion of theshared, reusable enterprise services that span government agencies, reducing duplication ofmajor business systems (e.g., Financial Management, HR, payroll, and benefits). These sharedservices can be commercially owned, or government owned and commercially supported.Federal Aviation AdministrationSeveral agencies have already ventured into the shared services model (among others, theseinclude the Federal Aviation Administration at DOT, the Financial Management Services atTreasury, the Department of Commerce, the Department of Veterans’ Affairs, and the GeneralServices Administration), and are seeing some success. Shared services could span acrossagencies or expand fully within an agency.Financial Management ServicesDepartment of CommerceDepartment of Veterans’ AffairsGeneral Services AdministrationThe General Services Administration’s UnifiedShared Services Management Office is leading significant activity in this space, working withOMB and both customer and provider agencies. This is also consistent with the MGT and similar precepts that encourage use of commercial products and services.OMBIn the first step (2.1), the core team needs to identify and formalize cross-functional initiatives. These initiatives, many of which are part of “long tail” discussion, can be leveragedacross the enterprise and include such things as moving to the cloud, implementing cognitivecomputing, and shared services models of usage. The entire enterprise can benefit, but thecosts should not be placed on any single system or program. By focusing on cross-functionalinitiatives, the core team can also align progress with individual initiatives.It makes sense that cloud computing initiatives are among the first to be implemented, sincethey are the most mature of modernization initiatives and offer the quickest potential savings...Both moving to the cloud and implementing shared enterprise systems requires significanttransition work, including planning for necessary downtime. Clearly, business demands willdrive how quickly this can happen and in what order.Running in parallel with this step is the task of updating old and cumbersome procurementprocesses. Previously, most modernizations were associated with purchasing new hardwareand software, and the procurement vehicles fit that model. However, a significant percentageof upcoming modernizations will be based on acquiring a service rather than a product.TargetsDevelop and apply the modernization scoring rubric to select initial modernizationtargets._e0a8b6a2-2296-11ea-b7e2-f3d51983ea00Step 2.2Core TeamPrimary ResponsibilityEd TonerToner of Nebraska suggests that the easiest place to start modernization is at the heart ofthe organization—its network. Once Toner created a single network from the “mess” of numerous networks, modernization targets became much easier to identify and implement.For example, after Toner fixed the network “mess,” he could build a business case to createa private cloud for the state. Rather than using a commercial cloud provider, the CIO’soffice drives private cloud activity and passes savings along to user agencies.John MacMillanMacMillan of Pennsylvania takes a risk-based approach to identifying and selectingmodernization initiatives. He looks at the supportability and sustainability of the currentenvironment relative to the needs of the business, assessing both technology and labormarket support issues. The CIO then takes a portfolio approach to decide what initiativesto undertake and when. MacMillan carefully selects high and low-risk initiatives to be donetogether, to stretch the organization but without introducing undue risk. Cloud technologyis a good example of the need for planning. According to MacMillan, while cloud technology can be a great solution to modernization and relieve internal network pressures,organizations need to avoid the “siren’s song” of the cloud and ensure that the systems are“right placed” to improve performance and reduce risk.Stu DavisDavis of Ohio made an interesting discovery while working with agencies to modernize andmigrate their IT infrastructure. He found that the agencies with strong IT processes anddiscipline often vied to be first in modernizing, while many reluctant agencies did not haveformalized processes. Davis attributes this to the incredible scrutiny that modernizationputs on the agency. Generally speaking, a well-performing IT organization will be comfortable with scrutiny, while under-performing IT organizations will be uncomfortable.David BrayBray suggests looking for quick wins in order to build momentum for larger initiatives. InBray’s case, selecting the first initiative was easy. The Chairman of the FCC in 2014 wasat a function at the Commission’s Gettysburg offices when he noticed that consumers wereall filling out hardcopy forms. He encouraged Bray to identify a better solution. This led theCIO team to modernize the consumer helpdesk as a quick win with the backing of theChairman.OMBOnce modernization targets have been selected and initial planning has taken place, performance metrics for each initiative should be developed and the planning documents and performance targets should be developed for tracking, publication, and central coordination (byOMB in the federal environment).In the second step (2.2), the agency needs to develop a scoring system34 to guide modernization progress based on the drivers for the modernization developed in the project charter discussed in Table 1, consistent with guidance provided under MGT. Once defined, a scoringsystem can help with selecting modernization candidates in a host of ways.Various State and Federal experiences demonstrate different approaches to prioritization ...At this point, the organization needs to decide whether to use a two-step or a greenfieldmodel; each could be of value. In cases where full functionality needs replacement, the greenfield model may be preferable. In cases where customer-facing functionality needs immediatereplacement but the backend functionality is relatively stable, a two-step approach may bepreferable.A new and final consideration for modernization targets will be the newly issued rules surrounding the IT modernization funds authorized under the MGT Act. While the operationalprocesses for this fund are just now being shared, the criteria for project funding will be animportant determinant for project selection.ExecutionExecute modernization initiatives._e0a8b7c4-2296-11ea-b7e2-f3d51983ea00Step 2.3Work TeamsPrimary ResponsibilityFBIAs evidenced by the FBI VCF’stroubled implementation, stakeholders often pile on requirements that may not directly relateto the targeted modernization effort. To resolve problems like this, Agile approaches can be avaluable strategy to address these issues.FCCIn the FCC case, since the overall goal was to shift away from 207 legacy systems that were“on-premise” in agency-operated servers and move them to the cloud in an extremely shortperiod of time, the risk of migration issues was real. As a result, the FCC approached thiscomplex effort in phases, with the first demonstration phase (replacing the customer help center) accomplished in six months and for about $450,000—vs. what had been quoted for alegacy, on-premise approach of 12-16 months and $3.2 million. The FCC CIO team showedthat modernization was possible, and the team could then start to address more complicatedlegacy issues with greater momentum.AgenciesIn concept, agencies may wish to halt legacy system funding as modernization initiativesunfold, but this may not be practical to support continued mission support and delivery.PSCAspointed out by the PSC report, delaying or canceling such contracts could put the governmentat an unacceptable level of risk.In the final step (2.3), modernization execution begins. There are myriad ways to modernize,but the most compelling involves Agile development methods... An Agile strategy will enable the agency to planand execute a phased approach that achieves quick wins to increase momentum while reducing resistance. This is a pragmatic means of dealing with the considerable planning and effortassociated with a large-scale modernization effort, since sufficient evidence from the privateand public sectors shows that larger projects more frequently fail than smaller projects. Agilealso lowers risk and allows for mid-course corrections as required.InitiativesMeasure and track initiatives._e0a8b8fa-2296-11ea-b7e2-f3d51983ea00Stage 3Objective: To track and measure the success of initiatives.Output:• ReportsMetricsCapture and report metrics._e0a8ba4e-2296-11ea-b7e2-f3d51983ea00Step 3.1–3Government Coordinating OfficesOnce these metrics have beenagreed upon and the scoring has been accepted, the appropriate government coordinatingoffice (OMB at the federal level) should track the achievement of metrics as well as adjustments necessary to improve performance, also consistent with the MGT Act guidance.OMBThe final step is to track successes, failures, and lessons learned from each modernization initiative, using performance metrics discussed in step 2.3... Theremay also be advantages to implement performance incentives at this point, such as gain sharing or share-in-savings approaches. While the federal government does not have a great dealof experience in implementing such models, data from the private sector and the States showthat this may be of value for multi-year modernizations.Finally, the metrics will indicate when additional modernization efforts are necessary, whichcompletes the loop back to Stage 0. Additional modernizations are inevitable and need to beanticipated.2018-03-312019-12-19http://www.businessofgovernment.org/sites/default/files/A%20Roadmap%20for%20IT%20Modernization%20in%20Government_1.pdfOwenAmburOwen.Ambur@verizon.net