Process Step 3: Define Business and Information Requirements    (3ZJA)

Activity 3.1: Determine current business and information environment associated with strategic improvement opportunities    (3ZJB)

Activity Description:    (3ZJC)

This activity includes an analysis of the current business and information environment in the context of the strategic improvement opportunities identified in process step 2. Specifically, the architects need to define and analyze the portions of the current business and information architecture that are relevant to the strategic improvement opportunities and the common / mission services identified in process step 2. The intent is to analyze the current business and information environment so that in subsequent activities any adjustments to the current state can be determined and strategic improvement opportunities can be achieved.    (3ZJD)    (3ZJE)

Activity Inputs:    (3ZJF)

Tasks:    (3ZJI)

3.1.1 Determine the value chains for the common / mission services    (3ZJJ)

Using the common / mission services maturity levels identified during process step 2, this task focuses on the processes that the business area must perform in order to deliver those services. The task should begin with a high-level focus on the key business processes that deliver services, with the intent of identifying the critical chain of processes that deliver value. The common / mission services maturity framework matrix serves as a scoping tool to ensure that the segment architecture effort maintains focus on the services that require attention, so the segment can meet its performance objectives.    (3ZJK)

First, the services that are currently produced by the business area (from the common / mission services maturity levels in process step 2) should be reviewed. Then, for each current product and service, the business area’s current chain of processes will be diagramed using a value chain. The value chain drawing is a high-level logical ordering of processes that provides an overview of how value (i.e., product or service) is produced. The core team should not default to an “analysis paralysis” mode; if the current value chain of processes is determined to be ad-hoc, or if consensus cannot be determined, this step may highlight a major segment architecture finding and result in a recommendation for process definition, optimization and standardization. A segment may contain several value chains; for a manageable scope, however, the focus should be on the few that most require attention.    (3ZJL)

Documenting the value chains is an important mechanism for determining the elements of the business architecture associated with the strategic improvement opportunities and target services from process step 2. By focusing in on a specific value chain, the architects can perform additional business architecture analysis on the areas of impact, based on the segment’s strategic intent.    (3ZJM)

3.1.2 Define the business function model and associate it to the value chain    (3ZJN)

The purpose of this activity is to associate the processes in the value chain to their associated business function(s). This step is helpful in identifying the magnitude of the business functions that will be affected by potential process improvements. In the case of processes that deliver enterprise services (e.g., geospatial, infrastructure), a full mapping is not required, although understanding the magnitude of functions affected is helpful in determining future implementation level impacts (e.g. scalability).    (3ZJO)

Business areas are decomposed to define a hierarchy that includes functions and processes. A business function is a logical set of business processes performed on a continual basis that has no specific beginning or end point. Functions are decomposed into processes, which are a group of related business activities usually executed in a sequential fashion to achieve an intermediate or end-result product or service.    (3ZJP)

A business function model is created to show the critical business processes identified in the value chain analysis in the context of the business area functions and Federal Enterprise Architecture (FEA) Business Reference Model (BRM). Existing reference models that catalogue enterprise business functions may be used in structuring the functional hierarchy, but the processes in the business function model must be consistent with the processes defined in the value chain models. The intent of this documentation is to ensure that the processes are in context with the business functions and that the appropriate mappings to the FEA BRM are established.    (3ZJQ)

3.1.3 Analyze existing IT investments that relate to the business processes    (3ZJR)

Existing business cases include a wealth of valuable business and performance information. Architects should research these business cases to learn more about the existing business and information environments and any associated deficiencies relevant to the strategic intent and performance architecture developed in process step 2. During this task, the architect should identify which of the existing investments are related to the segment and then analyze the existing exhibit 300 and 53 information to prepare a summary of the characteristics of the portfolio—number of investments, total dollar value, and development vs. steady state spending percentage. Associating existing IT investments to business processes aids in determining the level of automation that currently exists in executing these processes, as well as potential redundant solutions that support the same business processes.    (3ZJS)

In addition to current investments, the architect should analyze whether proposed future investments are consistent with the strategic direction for the segment as determined by the preceding process step. The analysis should identify investment efficiency opportunities within the segment in the form of 1) potentially redundant investments for consolidation and 2) opportunities to reprogram/restructure investments to align more closely with the segment architecture strategy and performance objectives. Investments can also be analyzed relative to support for overall strategic performance improvement opportunities, as identified in program assessments (e.g., Performance Assessment Rating Tool (PART)). This information will be analyzed more closely in determining business value when the technical architecture is developed in process step 4.    (3ZJT)

3.1.4 Analyze processes and determine high-level information requirements, including organizational relationships    (3ZJU)

Within the segment, based on its strategic improvement opportunities, certain processes may be of key interest. In many cases, business processes are defined at a level too high to determine where deficiencies in performance or service delivery are occurring and may need to be decomposed to the activity level. Critical business processes should be defined at the activity level to derive high-level information requirements for the segment. Although this methodology does not prescribe a standard modeling notation for this task, at a minimum, processes should be modeled to depict information inputs, outputs and value-added activities to perform the process. The architect should analyze the activities associated with the key processes in the value chains previously defined to determine critical fault points in processes that may require process optimization. The architect should concentrate analysis on the information within the process flows to determine high-level information requirements, which should also include information security and risk requirements.    (3ZJV)

To establish the information security and risk requirements, it is necessary to conduct an “impact analysis, or security categorization, which uses the mission-based and management and support information types from NIST Special Publication 800-60 to assign appropriate FIPS 199 impact levels for the security objectives of confidentiality, integrity, and availability of the information” (as stated in NIST Special Publication 800-39).    (3ZJW)

The analysis during this task should also identify the organizations that perform the processes and activities. Interactions across organizational boundaries in performing the business processes should be described so that ownership and accountability can be analyzed. These interactions can be described using swim-lane diagramming techniques. In many instances, the analysis of organizational relationships to processes and activities can yield critical insight into a segment’s current state environment. Overall, it is important to document processes and activities to a level that is meaningful based on the strategic improvement opportunities, including effective delivery of services identified in process step 2. Extended process modeling efforts are not recommended unless clearly warranted based on the segment’s needs defined in process step 2.    (3ZJX)

NIST 800-39 Touch Point: NIST 800-39, Sec. 3.2: Conducting the security categorization process as an organization-wide exercise helps ensure that the process accurately reflects the criticality, sensitivity, and priority of the information and information systems that are supporting organizational mission/business processes and is consistent with the organization’s enterprise architecture.    (3ZJY)

3.1.5 Assess current information sources    (3ZJZ)

Through the documentation of the business processes and information flows, the architect should become familiar with the information requirements critical to the segment. During this task, the architect performs a qualitative analysis of the usefulness of key as-is information sources. The intent of this task is to document the sources of information in the current state before qualitatively assessing them along the key dimensions of accuracy, completeness, consistency, precision, timeliness, uniqueness, and validity. During the development of the systems and services architecture in process step 3, activity 3, existing information sources will be analyzed to determine whether they require adjustment so they can achieve the target information requirements identified in process step 3, activity 2.    (3ZK0)

Part of the development of target information services is identifying target authoritative data sources (ADS) for key shared information. Myriad data sources for the same information, which become inconsistent because of differences in data management practices, are a root cause of process and information delivery failure. During this step, recommendations for candidate ADS may be developed. The goal of ADS identification is to determine the most trusted sources of data by information class and data entity through a structured analysis. This analysis produces DRM and SRM touch points for information exchanges.    (3ZK1)

Considerations for Enterprise Services:    (3ZK2)

Enterprise services will likely result in the requirement for standardization of service management processes across the enterprise. When developing an enterprise services segment, the analysis of the as-is business environment may need to be limited so that all processes across all affected organizations are not defined, but rather that the affected business functions and key business process information sources are analyzed.    (3ZK3)

For example, when implementing enterprise service management for IT infrastructure services, the focus should be on identifying opportunities for adopting shared business practices. It may be necessary to identify requirements for key service management processes such as asset management and determine the extent to which such requirements are already practiced within existing business processes without performing a detailed as-is analysis of asset management processes across multiple organizations and / or sub-agencies within the enterprise.    (3ZK4)

Considerations for Business Services:    (3ZK5)

Cross-cutting business services may result in the standardization of service delivery processes across the enterprise. When developing a business services segment, the analysis of as-is business environment may need to be limited to the extent of necessary in order to be able to identify the affected business functions and key business process information sources that need to be standardized in order to deploy the cross-cutting business services.    (3ZK6)

For example, when implementing a cross-cutting business services for financial management, the focus should be on identifying the requirements and opportunities for standardizing business practices to enable cross-cutting solutions without performing a detailed as-is analysis of varied existing business service delivery processes across multiple organizations and / or sub-agencies within the enterprise.    (3ZK7)

Communications Considerations:    (3ZK8)

Business experts must be actively engaged to identify business functions properly, especially in situations where a formal business function model is not available.    (3ZK9)

Activity Outputs:    (3ZKA)

Suggested Analytical Techniques:    (3ZKG)    (3ZKL)

Next Activity: 3.2. /Determine_business_and_information_improvement_opportunities    (3ZKM)