FederalSegmentArchitectureMethodology/Identify And Prioritize Strategic Improvement Opportunities

Process Step 2: Define the Segment Scope and Strategic Intent    (3ZF4)

Activity 2.2: Identify and prioritize strategic improvement opportunities    (3ZF5)

Activity Description:    (3ZF6)

This activity consists of identifying the segment stakeholder needs, segment risks and impacts, and performance gaps. The core team uses this information to formulate the segment business needs and identify a set of high-level strategic improvement opportunities. The segment’s strategic improvement opportunities are then prioritized and selected to form the foundation through which the segment strategic intent is developed.    (3ZF7)

   (3ZF8)

Activity Inputs:    (3ZFE)

• Stakeholders and their relationships    (3ZFF)
• Business drivers and mandates    (3ZFG)
• Segment scope    (3ZFH)
• Segment context    (3ZFI)
• Segment architecture development purpose statement    (3ZFJ)
• Project plan    (3ZFK)
• Communications strategy    (3ZFL)
• List of affected organizations and their business owners    (3ZFM)
• Agency strategic plans    (3ZFN)
• Agency policies    (3ZFO)
• Executive orders Legislation    (3ZFP)
• President’s Budget    (3ZFQ)
• PART    (3ZFR)
• PAR    (3ZFS)

Tasks:    (3ZFT)

2.2.1 Review segment scope and context    (3ZFU)

This task includes analyzing the business drivers and mandates, the segment scope, and the segment context in order to begin discerning the business needs of the impacted organization(s). This includes the consideration of factors that led to the overall prioritization and selection of the segment architecture development effort such as agency strategic plans, policies, executive orders, legislation, budget priorities, and available PART and PAR program assessments. Three tasks (2.2.2, 2.2.3 and 2.2.4) are aimed at understanding the current performance state of the segment scope from three vantage points: the stakeholders’ viewpoint; unaddressed risks and impacts; and existing performance gaps (i.e., PAR, PART, and other existing performance measures)    (3ZFV)

2.2.2 Determine stakeholders’ needs    (3ZFW)

By establishing the segment scope, the core team has identified its stakeholders and their relationships and is now able to engage them in a coordinated, effective, and efficient manner. The core team engages the stakeholders to identify their key business needs, requirements and objectives / outcomes. The needs of each stakeholder (owner, participant, producer, and consumer), are elicited from the stakeholders’ perspectives to provide a basis for formulating the consolidated business needs of the segment.    (3ZFX)

There are varying methods by which stakeholders can be engaged. For instance, stakeholders might be engaged in working sessions which may include developing read-ahead materials and then facilitating working sessions to identify needs. Another possibility for engaging stakeholders is to issue a data call to collect stakeholders’ key business needs, requirements and objectives / outcomes.    (3ZFY)

2.2.3 Identify segment risks and impacts    (3ZFZ)

The core team identifies potential high-level risks and impacts associated with the segment scope and context. For example, security and privacy risks may be identified here that are not adequately addressed in the current environment. Segment architects can leverage the latest version of the Security and Privacy Profile and NIST 800-39, Managing Risk from Information Systems, to facilitate discussions to ensure adequate security controls are identified up front for addressing confidentiality, integrity and availability of key business functions. The core team may engage relevant resources by documenting factors that influence or are influenced by the identified risks and impacts. For example, the EA knowledge base(s) could be accessed to identify potentially impacted components that were undetected during high-level analysis resulting from the identified business requirements. This task provides valuable contextual information for each of the identified risks in order to develop viable mitigation strategies and plans. Working collaboratively with the relevant resources (e.g., EA, Security), the core team identifies high-level optional strategies for mitigating potential risks and impacts. Additionally, a determination at a high-level can be made as to the security categorization / security needs of the segment scope and context at a high-level at this point. Segment Architects can leverage NIST 800-60 to help identify the security needs for the segment.    (3ZG0)

These risks, impacts, and their respective mitigations contribute to formulating the business needs.    (3ZF9)

NIST 800-39 Touch Point: NIST 800-39, Sec. 3.2: The first step in building an effective organization-wide information security program is to conduct a thorough analysis of the organization’s mission and business processes informed by the organization’s enterprise architecture, identifying the types of information that will be processed, stored, and transmitted by the information systems supporting those processes.    (3ZFA)

NIST 800-60 Touch Point: NIST 800-60, Sec. 2.0: Security categorization provides a vital step in integrating security into the government agency’s business and information technology management functions and establishes the foundation for security standardization amongst their information systems. Security categorization starts with the identification of what information supports which government lines of business, as defined by the Federal Enterprise Architecture (FEA). Subsequent steps focus on the evaluation of the need for security in terms of confidentiality, integrity, and availability. The result is strong linkage between missions, information, and information systems with cost effective information security.    (3ZFB)

2.2.4 Identify performance gaps    (3ZG1)

This task includes a review of any pre-existing performance architectures, OIG/GAO reports, customer surveys, or deficiencies in achieving PAR and PART metrics that are within the segment scope identified in activity 2.1. Customer, business, process / activity, and technology performance information is collected for the “current state” in order to identify, quantify, and prioritize segment performance gaps between current and target performance metrics.    (3ZG2)

Identification of performance gaps should also include consideration and identification of opportunities within the existing segment IT strategic portfolio (e.g., overall size and complexity of the existing portfolio). This will help ensure that strategic IT portfolio opportunities are factored into the overall direction and focus of the segment architecture. For segments that include business services, this identification should also include the identification of strategic opportunities related to the optimization of the IT portfolio as it supports cross-cutting business services.    (3ZG3)

2.2.5 Formulate and prioritize business needs    (3ZG4)

This task involves the consolidation of the segment scope and context, specifically the business drivers and mandates, stakeholder needs, risks and impacts, and pre-existing performance architecture(s) and metrics. The collection of these various business needs forms the foundation through which strategic improvement opportunities are identified.    (3ZG5)

After consolidation, a review and prioritization of the business needs is conducted to define the significance of the needs in identifying a solution to the segment architecture development purpose statement. The output of this task is a set of business needs that have been prioritized and categorized based on their respective sources for traceability purposes.    (3ZG6)

2.2.6 Formulate and prioritize strategic improvement opportunities    (3ZG7)

Having prioritized and categorized the segment business needs, the core team reviews the business needs and identifies strategic improvement opportunities, which can address any number of business needs the core team deems significant.    (3ZG8)

Strategic improvement opportunities are reviewed in order to identify internal and external factors which may contribute to or detract from the achievement of the improvement(s) identified. In doing so, the prioritization and selection of the strategic improvement opportunities is aligned with the prioritized business needs of the organization as a whole.    (3ZG9)

Strategic improvement opportunities can also include the identification of specific technology improvements that can help close mission performance gaps. An example of this would be the identification of enterprise services (e.g., authentication) to close gaps related to mission risk.    (3ZGA)

Where possible, the prioritization of strategic opportunities should also reflect additional opportunities for cost savings and avoidance as well as other approaches to agency performance improvement as can be derived from greater precision and timeliness of specific investment proposals. For example, the cost performance metrics and benchmark data from the IT Infrastructure Line of Business (ITILoB) can be used to identify potential cost savings / cost avoidance opportunities associated with cost efficiencies or operational improvements in providing IT infrastructure services.    (3ZGB)

A number of analytical techniques can be leveraged to prioritize the strategic improvement opportunities. One such technique is the SWOT analysis. Additional information regarding SWOT analysis is provided in the suggested analytical technique table below, along with other techniques that can be applied during this activity.    (3ZGC)

2.2.7 Validate strategic improvement opportunities    (3ZGD)

The executive sponsor reviews and validates the prioritized strategic improvement opportunities and formally approves or rejects them.    (3ZGE)

Considerations for Enterprise Services:    (3ZGF)

Strategic opportunity analysis should include the consideration of reuse of enterprise services (e.g., trusted internet connection reuse, authentication, etc.). This analysis will ensure that technology reuse opportunities are factored into the overall strategic direction and focus of the segment architecture.    (3ZGG)

Considerations for Business Services:    (3ZGH)

Business services provide a strategic opportunity to leverage existing investments across multiple segments. Identification of performance gaps should also include consideration and identification of opportunities related to the optimization of the IT portfolio as it supports cross-cutting segment business services.    (3ZGI)

Communications Considerations:    (3ZGJ)

The segment architect may need to facilitate meetings or to provide other communication support to structure the information-gathering with the stakeholders. The executive sponsor can also be consulted to develop or adjust the communication strategy by which the stakeholders can best be engaged.    (3ZGK)

Activity Outputs:    (3ZGL)

• Stakeholder needs    (3ZGM)
• Risks and impacts    (3ZGN)
• Performance gaps (CORE)    (3ZGO)
• Strategic improvement opportunities (CORE)    (3ZGP)

Suggested Analytical Techniques:    (3ZGQ)

• Link to Stakeholder Needs (MS Word Format) - Federal Segment Architecture Working Group (FSAWG)    (3ZGR)
• Link to Risk Capture Template (MS Excel Format) - Department of Transportation (DOT)    (3ZGS)
• Link to Performance Gap Analysis (MS Excel Format) - Department of Housing and Urban Development (HUD)    (3ZGT)
• Link to SWOT Analysis (MS Word Format) - Department of Defense (DoD)    (3ZGU)
• Link to Strategic Improvement Opportunities Analysis (MS Excel Format) - Department of Housing and Urban Development (HUD)    (3ZGV)

   (3ZFD)

Next Activity: 2.3 /Define_segment_strategic_intent    (3Z7V)