February 14, 2006

Instructions for Completing the OMB Exhibit 300,

Capital Asset Plan and Business Case

Which IT investments require an Exhibit 300?

What is the purpose of the Exhibit 300?

What is the schedule for updating and submitting an Exhibit 300?

Is the Exhibit 300 Information used in any other OMB Exhibits?

Who is responsible for developing the Exhibit 300?

What is OMB’s basis for determining if an investment is at risk?

Do Infrastructure, Office Automation and Telecommunications (I/OA/T) investments require an Exhibit 300?

Do Enterprise Architecture (EA) investments need an Exhibit 300?

Where do I enter the Exhibit 300 information?

On what should an Exhibit 300 for an operational system focus?

May an Exhibit 300 be publicly released?

Part I. Title and Screening (Yes/No) Questions

Part I. Summary of Spending for Project Stages Table and Life Cycle Budget and Financing Table

I.A. Investment Description

I.B. Justification

I.C. Performance Goals and Measures

I.G. Acquisition Strategy

I.H. Project and Funding Plan

Part II. Additional Business Case Criteria for Information Technology

Section II.B Security and Privacy

What if I have additional questions regarding the Exhibit 300 or eCPIC?

These instructions complement and reinforce the Office of Management and Budget’s (OMB) guidance on developing the Exhibit 300, Capital Asset Plan and Business Case, in support of funding for major information technology (IT) investments as contained in OMB Circular A-11, Part 7 . In addition these instructions address custom fields added by the Department to the Exhibit 300 primarily to populate and verify the Exhibit 53 and other required reports.

An Exhibit 300 must be developed for major investments. A major investment is a system or investment that requires special management attention because it:

• Was defined as a major project in the previous fiscal year

• Is a financial system costing more than $500,000 in any one fiscal year

• Has high executive visibility

• Has significant program or policy implications

• Has been determined to be major by OMB or Commerce’s Capital Planning and Investment Control process

• Any investments that are not major are referred to as “non-major.”

The Exhibit 300 business case is a high level summary of the investment’s current justification and management plans including a project plan, benefit-cost analysis, alternatives analysis, acquisition plan, risk management plan, human resources management plan, enterprise architecture and IT Security plan. In the case of IT investments that are proposed or underway, this information is used by the operating unit, the Department’s Capital Investment Technology Review Board (CITRB), and OMB to determine if investment funding should be recommended or continued. For investments that are now steady state, the Exhibit 300 is used to review the investment’s current status and, assess how well the investment is accomplishing its goals. In addition, the Exhibit 300 is required when requesting a delegation of procurement authority from the CIO through the CITRB or the Acquisition Review Board to proceed with a large contract.

The Exhibit 300 information in Commerce’s on-line electronic Capital Planning and Investment Control system (eCPIC) should be kept up to date. The operating units are expected to review and approve the Exhibit 300 before it is submitted to the Commerce Information Technology Review Board (CITRB), Acquisition Review Board (ARB) or the Department Office of the CIO as part of the budget review process. At a minimum, all exhibit 300s are reviewed by the Department in August for submission to OMB in early September as part of the Department budget request. Following the OMB Passback in late November, updated Exhibit 300s are reviewed by the Department for submission to OMB in early January in support of the President’s Budget to Congress.

Yes, eCPIC extracts data from the major and non-major Exhibit 300s to produce the Exhibit 53 IT Investment Portfolio report, which lists all IT funding broken out by major activity. Each OU may generate an Exhibit 53 that contains only data from the OU. Exhibit 53s for the whole Department are submitted in September and January to OMB. The information in the Exhibit 300 and Exhibit 53 is also used to verify the data in the Exhibit 52 for financial systems and the Federal Information Security Management Act (FISMA) report on security expenditures for IT systems.

Developing an investment business case and summarizing the results in an Exhibit 300 are the responsibility of the Project Manager and the operating unit CIO. Following completion of the project or its main goals, the Exhibit 300 will be the foundation for any post-implementation review.

The basis for OMB’s rating is the Exhibit 300 scoring criteria explicitly defined in OMB Circular A-11 Section 300. Currently, business cases receiving an overall score of less than 31 or score 3 or less in IT Security are placed on OMB’s Watch List and may not be recommended for funding.

I/OA/T are defined by OMB as “… all IT investments that support common user systems, communications, and computing infrastructure. These investments usually involve multiple mission areas and might include general LAN/WAN, desktops, data centers, cross-cutting issues such as shared IT security initiatives, and telecommunications.”

The Department produces a single Exhibit 300 covering all I/OA/T investments. This business case, which appears in Part 2 of the Department’s Exhibit 53, IT Portfolio Funding, consolidates all of the operating units I/OA/T investments not directly associated with a specific programmatic goal. Each operating unit must submit this information to the Consolidated Infrastructure Team (CIT) Project Manager so that a single Exhibit 300 can be created. The specific information requested will be defined in the IT Budget Call.

Starting with the 2007 budget cycle each agency’s EA investments are reported separately as non-major investments.

All Exhibit 300 Business Cases, as well as information on non-major systems, are entered into eCPIC. This on-line system, accessible throughout the Department, collects and stores the Exhibit 300s and automatically generates the Exhibit 53. In completing the Exhibit 300, answer all the questions. If an answer isn’t yet known, state the reason and/or date or milestone when the information will be available.

An operational system’s Exhibit 300 should demonstrate that the investment undergoes operational analysis to ensure that it is meeting its cost, schedule and performance goals. As part of the operational analysis the Exhibit 300 should reflect the results of an “E-Government Strategy” review to analyze and identify smarter, more cost effective methods for achieving the desired goal. For further information see the Department’s Operational Analysis and Performance Reporting guidance.

Exhibit 300s submitted to the Department and OMB during the budget process are considered pre-decisional pending their approval by OMB and inclusion in the President’s Budget, and may not be publicly released per OMB Memoranda 01-17 and 01-21. Exhibit 300s that are publicly released in response to a Freedom of Information Act (FOIA) request or at the initiation of the operating unit must be redacted to remove security, procurement-sensitive, or other non-public information. This redaction may also include out-year funding and alternative analyses that impact a current or proposed acquisition contract. Responses to all FOIA requests must be coordinated with your operating unit FOIA officer.

How do I answer the Has this project been reviewed by. (CFO, Project Manager, Investment Board, Procurement Executive. ) questions if no review has occurred yet?

Generally a No answer to these and most other yes/no questions will cause OMB’s IT investment reviewers to recommend no funding for that investment. All major Department of Commerce IT investment initiatives are reviewed by the Commerce Information Technology Review Board (CITRB) when they are first proposed. This Board includes the CFO and the Procurement Executive.

What is the basis for creating a unique ID number for an investment?

Section 53 of OMB Circular A-11 defines the unique ID (UID) code associated with each investment as summarized below.

• For the sample UID 006-00-02-13-01-3201-24-118-062

• First 3 digits — Department code, “006” for Commerce

• Fourth and fifth digits — Operating unit code, “03” is used to identify Department-wide investments such as Commerce Business Systems

• Sixth and seventh digits — Portion of the Exhibit 53, i.e. Infrastructure/ Office Automation/Telecommunications “02,” Mission Area Systems “01,” Enterprise Architecture and Planning “03,” Grants Management “04”

• Eighth and ninth digits – A Mission Area that is selected from an automated pick list. Some Mission Areas are defined by operating units, other mission areas such as “01” for Financial systems are Department-wide categories. Contact the eCPIC system administrator if your operating unit wants to add a mission area.

• Tenth and eleventh digits – Indicates type of investment. “01” is for a major investment, a non-major is “02.”03 represents an IT investment that is part of a larger asset with an existing business case. 04 identifies a major IT investment for which another agency has the lead management and reporting responsibility

• Twelfth through fifteenth digits – A unique 4 digit project code. Each operating unit has been assigned a number range. Per the listing below “3201” identifies this as a NOAA investment.

o PMA E-Gov – 0001 through 0050

o Dept-wide – 0051 through 0299

o OS, OGC –— 0300 through 0599

o OIG –- 0600 through 0699

o ESA and BEA — 5000 through 5499

o BIS –- 5500 through 5999

o Census – 4000 through 4999

o EDA – 6000 through 6499

o ITA — 6500 through 6999

o MBDA — 0900 through 0999

o NOAA – 3000 through 3999

o NIST, TA/OTP – 7000 through 7299

o NTIA — 7300 through 7499

o NTIS — 2000 through 2199

o PTO – 8000 through 8999

• Sixteenth and seventeenth digits – Specifies the kind of investment or year it was first reported. An E-Government initiative endorsed by the President’s Management Council (PMC) or an individual agency’s participation in a PMC E-Government initiative is identified by a “24.”

• Eighteenth, nineteenth, and twentieth digits - Maps to the primary Business Area and Line of Business from the Federal Enterprise Architecture Business Reference Model (FEA BRM) as follows:

o 1XX: Primary mapping to the Services for Citizen layer

§ Investments that map to Services for Citizens must also show a Mode of Delivery mapping in the BRM table in the Exhibit 300.

o 2XX: The Mode of Delivery may NOT be used as a primary mapping layer

o 3XX: Primary mapping to the Support Delivery of Services layer

o 4XX: Primary mapping to the Management of Government Resources layer

The Business Reference Model lists and defines each of the business lines and their sub-functions.

• Twenty-first, Twenty-second, and Twenty-third digits — Identify the primary Sub-Function within the FEA BRM Line of Business that this IT investment supports.

Can an Exhibit 300’s funding be split into multiple Exhibit 53 investment or mission areas?

No, OMB requires that each Exhibit 300 have a unique user ID that refers to only one investment on Exhibit 53. If an investment falls into two or more mission areas, keep all the funding under the most important mission area for that investment.

What does “the “Program Number and Name” mean?

Commerce does not use program numbers. Program name represents the lowest level in the budget submission document that funds this investment. Write the operating unit’s account name, activity or line office and, if applicable, sub-activity, and line item. Ask your budget office for clarification.

When is an investment a mixed life cycle type?

If budget year funding is provided for more than one of the project stages (Planning, Acquisition, and Maintenance) then it is mixed. Steady State is synonymous with the Maintenance stage shown in the Summary of Spending table.

When is an investment considered development, modernization and enhancement (DME), not steady state?

Steady State investment is for routine maintenance, helpdesk support and refreshment of completed systems. Any significant activity required to substantially increase the investments capability and capacity, especially when it is needed by a specific time, qualifies as a development effort. From a project management perspective, if an activity has risks that are distinct from the steady state effort then it is a development project.

When is an investment considered fully funded?

According to OMB guidance all projects are supposed to be fully funded. The key criterion distinguishing fully funded from incrementally funded is whether the funding is sufficient to provide a useful end product. Some examples of fully funded projects are ones where funding completes the planning stage or where funding is sufficient to develop an application that collects, generates, or distributes useful data.

How do I know if the investment is covered by GPEA?

If you are uncertain whether your investment is included under the Government Paperwork Elimination Act (GPEA) provisions regarding information collection from the public, contact your operating unit’s GPEA Coordinator or Jennifer Jessup at JJessup@doc.gov .

How do I know if the investment needs a Privacy Impact Assessment and what does it involve?

Privacy Impact Assessments (PIA) are conducted to ensure adequate protection as required under the Privacy Act. The Office of the Chief Information Officer is responsible for developing IT privacy policy and guidance concerning when a Privacy Impact Assessment (PIA) is required. An operating unit must conduct a PIA for any Commerce IT system that collects and maintains personally identifiable information (name, address, social security number) from the public. The PIA results in a statement that identifies ways to enhance privacy protections in information systems and to ensure that they are adequate. This statement guides system owners and developers in assessing privacy through the early stages of development when requirements are being analyzed and decisions made about data use and system design. To create the PIA statement you must gather data and analyze privacy issues relating to the system and identify and resolve privacy risks. Operating units may conduct discretionary PIAs as they deem necessary for sensitive information other than personally identifiable information. Examples of PIAs may be found at the IRS and PTO websites.

How do I know if the investment has been reviewed as part of FISMA?

All IT systems and IT security programs must be self-assessed annually. See section 6.3.1 of the IT Security ProgramPolicy and Minimum Implementation Standards, as well as section II.B.2.C below for details.

How do I identify the appropriate Homeland Security category for the investment?

Check yes to the Homeland Security designation only if the investment has been included in OMB’s Homeland Security (HS) Database Crosscut or has been nominated for inclusion in the HS database by the Department. Select only the category under which the investment is identified in the HS database.

How do I determine if an investment is National Critical, Mission Critical, or a Business Essential service?

Systems are National Critical where the mission served, or the information that the system processes, affects the security of critical national infrastructures or key national assets. Systems are designated as national critical only by the DOC Critical Information Assurance Officer (CIAO) – who is the DOC CIO. Through the CITRB process, new national critical systems are identified. These systems normally carry a high sensitivity for at least one of three security elements: confidentiality (e.g. unauthorized disclosure could result in loss of life); integrity (e.g. unauthorized modification or inaccurate data such as severe weather warnings could result in loss of life); or availability (e.g. service interruptions cannot exceed 72 hours without significant impact on the national economy).

Mission critical systems are associated with an agency’s mission-specific or agency-specific activities and often vary from agency to agency. These systems also support services to citizens and business partners through various delivery functions such as e-commerce transactions, statistical information calculation and disclosure, and decennial census required by law. Business Essential systems support internal activities common to most agencies, and are associated with support services and internal management of agency resources. NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems provides more information for categorizing information and information systems.

What/where are the Performance Assessment Rating Tool recommendations?

Over the next few years OMB plans to review all governmental agency programs using the Program Assessment Rating Tool (PART) comprising assessment criteria on program performance and management. These assessments often identify specific IT weaknesses or organizational weaknesses that might have an IT solution. Every year OMB will evaluate whether progress has been made towards addressing the previously published PART recommendations. See the PART recommendations . which are part of the President’s Budget.

How is the Financial Percentage used?

The financial percentage field in the eCPIC Exhibit 300 is used to generate a financial systems cost estimate. This is aggregated by operating unit and compared and reconciled against the Inventory of Financial Systems and the Exhibit 52 (Summary of Financial Systems). Coordinate with your operating unit’s financial systems reporting office when calculating this percentage to ensure consistency between the Exhibit 300, Exhibit 53 and Exhibit 52.

How do I calculate the percent funding for IT Security?

Estimate the full cost of maintaining the IT investment’s confidentiality, integrity, and availability. This cost should include an appropriate share of centrally funded security activities such as, awareness training, intrusion detection, incident response, and security certification and accreditation if these are not otherwise reported on the Exhibit 53. Also include the estimated value of security requirements that are embedded in programs, functions, or applications. Be sure to enter a non-zero value as a zero percent response will indicate that the system is not secure.

The same value, e.g. 2%, for all investments is not acceptable. Each investment must be evaluated independently. The IT security percentage reported for each investment is used to calculate the total IT security budget for each operating unit. Coordinate with your unit’s IT Security Office to ensure that this calculation agrees with the IT Security funding data each operating unit transmits in its September FISMA report.

What distinguishes the Planning and Acquisition Stages from the Maintenance Stage?

The Planning and Acquisition stages in the Summary of Spending table (SOS) are the same as Development/modernization/enhancement (DME) on the Exhibit 53, while the Maintenance stage is the same as Steady State. OMB Exhibit 53 guidance defines planning and acquisition as changes or modifications to existing systems that improve capability or performance, [and] changes mandated by Congress or agency leadership. . Prototype funding must be reported in the Acquisition stage. Include under the Maintenance stage funding for operating and maintaining the system at current capability and performance level. This encompasses the cost of corrective active and replacement of broken equipment. Major functional enhancements, modernization or replacement of a portion of an operational system is included under the planning and/or acquisition stages.

What is the difference between budgetary resources and outlays?

Budgetary resources represent how much money you are allowed to spend based on the budget authority provided (or requested) in the Appropriations Act, including any limits placed on the use of reimbursable funding. Normally the budgetary resources amount in the Summary of Spending table matches the annual budget request. Budgetary resources can also include direct appropriations, working capital funds, and revolving funds. Outlays, also called disbursements, represent payment of obligations, and are expected to closely match the section I.H. Actuals and planned outyear spending. Major investments often plan on outlay rates of 35% per year. As a result, the final year or two of an investment may have $0 budgetary resources but significant outlays. Check with your budget office to derive the appropriate outlay rate and verify the prior year disbursement amount.

Should FTE funding be included in each Project Stage?

Yes, the FTE total displayed at the bottom of the Spending for Project Stages table should equal the FTE amount included in each of the three stages above.

Should funds received from or provided to other federal agencies be reported?

To avoid double counting across government, funds received from another federal agency towards a Commerce IT investment are not entered in the Summary of Spending table. Funding received from other agencies should be identified in the Investment Description, section I.A. Also, non-governmental funding may be identified in the funding sources table under the account heading “reimbursable funding.” If such funding is included in the (Section H) Spend Plan then it must be separately identified and the funding source properly identified in the column “funding agency.” A recommended alternative for tracking funding from other agencies is to attach a comprehensive spend plan/actuals spreadsheet onto the investment’s eCPIC folder.

IT funding DOC sends to another agency must be reported under that investment’s name in Commerce’s Exhibit 53. If the recipient agency is the managing partner of the investment then it and not DOC maintains the Exhibit 300. For the investment’s unique identifier use the 4 digit UID and Business Reference Model codes provided by the lead agency. Entering 04 in the 10th and 11th digits of the project’s UID identifies it as funding provided to another agency.

What if an investment is funded from multiple appropriation accounts?

Use the pick list in eCPIC Exhibit 300, Part I, Life Cycle Budget and Financing table to identify each appropriation account’s name and number. Then enter the funding amount from each appropriation. The annual total and grand total from this table must match the budgetary resources annual and grand totals on the Summary of Project Spending table. If an appropriation account cannot be found on the eCPIC list, call the eCPIC Help Desk. Note that all tables in eCPIC record figures in thousands of dollars. Summary of Spending totals are automatically converted to millions of dollars upon export to the Exhibit 53. Internal reimbursements should only be accounted in a single investment’s budget, either the giver or the receiver. Reimbursements that are included in the receiving investment’s budget should be accounted for in a separate funding source line that clearly identifies where the funds originate. If reimbursable funds are included in the SOS table then they also need to be included in the other Exhibit 300 sections such as the spend plan, and EVM calculations.

What if funding comes from more than one budget line?

Identify in the Initiative Summary Sheet form in eCPIC the funding coming from each budget line (account, sub activity, line item, program) supporting this investment. Save this Initiative Summary Sheet in eCPIC under the investment’s resource library.

Should there be a direct linkage between the Summary of Project Spending amounts and the figures shown in I.E.3. the financial table for the selected alternative, and I.H. project and fund plan?

Yes, the linkage between the figures in all three tables should be clear. This linkage is made clearer by formatting the financial tables in Section E and H using the stages (Planning, Development, and Maintenance) displayed in the Summary of Project Spending table.

What sort of description is appropriate?

Provide a short summary of what the investment is, what it has achieved or will achieve, and where it is in the Capital Planning and Investment Control (CPIC) process, for example, “reviewed and approved by the NOAA IT Review Board and Commerce IT Review Board.” If the investment is related to a larger E-Government or Line of Business initiative, describe how this investment supports the larger effort.

Should the description focus on the technical solution or the investment’s purpose?

The Exhibit 300 is a business case, not a technical solutions document. Focus on what problem this investment solves and how the solution is linked to measurable outcomes. The intended audience is people whose familiarity with the program/function is largely limited to this description.

What goes under the Assumption section?

Describe what resources need to be available or what activities need to be accomplished that are outside the scope of this investment in order to achieve this investment’s goals. This is also the best place to provide background information for other sections that don’t allow free form text, for example, assumptions behind information in the performance measure, alternatives analysis, or project schedule sections.

What is appropriate supporting documentation?

Support your business case by citing third party studies or market research that identify the need and/or verify the appropriateness of the proposed solution. Where possible, provide dates when the documentation was completed. Refer to industry benchmarks where appropriate. Many DOC operating units subscribe to benchmarking services.

What is the President’s Management Agenda (PMA) as cited in OMB’s scoring criteria?

The PMA priorities are strategic management of human capital, competitive sourcing, improving financial performance, expanded electronic government (E-government), and budget and performance integration. Identify, with supporting details, the one PMA priority that the investment best supports (most IT investments are tied to the e-government PMA strategy). Where applicable include any current or planned collaboration with other agencies and organizations in and outside of the Federal Government to reinforce that the investment meets OMB’s e-government criteria. See PMA for detailed information.

What qualifies as a multi-agency initiative?

Describe any financial or significant non-financial resources contributed by other non-Commerce agencies. If there are such contributions then you must specify the nature of the partnering arrangement with the contributing agencies.

What’s an appropriate response to the reengineering question?

Business process reengineering should always occur before a process is automated. A negative response would suggest a serious weakness in the project plan.

When should Table 2 be used?

All goals for FY 2006 and onward should be entered in the Performance Reference Model (PRM) Table 2. Use performance measures that are part of the Annual Performance Plan or that can be tied directly to those measures.

What if the only tangible achievements are historical?

Focus the business case on the value of future achievements, not past gains from already sunk costs.

How many measures are needed during the project life cycle?

Starting the year the project is completed a minimum of one performance goal per year is required in each of the four areas of the Federal Enterprise Architecture’s (FEA) Performance Reference Model (PRM), which cover outcomes, outputs, and inputs. Strive to identify performance measures that have a clear connection (line of sight) to each other and to your operating unit’s annual performance goals. See below and the latest PRM for details and examples.

During planning and development select performance measures that certify or demonstrate the impact of completed phases, for example incremental production increases, IT security certification and/or accreditation for a system or sub-system” or “completed documentation of use cases. However, do not repeat what is entered in the Section I.H Project and Funding Plan tables.

Do performance measures need to be customer focused?

Yes, at least some of the performance measures should explicitly address who the customers are and how the investment will benefit them. This is especially important for projects in the operations and maintenance stage where a crucial question is whether customers are receiving the benefits they expect from the system.

What are the Measurement Areas and Measurement Categories cited in Table 2?

Table 2, which should be used for all new investments, requires the identification of the measurement area and category for each performance measure. The PRM identifies four measurement areas and several groupings within each area that describe the attribute or characteristic measured as follows:

• Mission and Business Results — Outcome measure tied to level 1 (Services for Citizens) and 3 (Management of Government Resources and Support Delivery of Services) of the FEA Business Reference Model. The measurement categories are services provided, support for services, management of resources, and financial

• Customer Results — Outcome measure tied to level 1 and 3 of the FEA Business Reference Model. Measurement categories: satisfaction, service coverage, quality, timeliness

• Processes and Activities — Output measure that defines the direct effect of daily activities and broader processes. Aligned with level 2 (Mode of Delivery) of the FEA Business Reference Model. Measurement categories: financial, productivity and efficiency, cycle time, quality

• Technology — Inputs, key enablers measured through their contribution to outputs. Measurement categories: financial, quality and efficiency, information and data, reliability and availability, user satisfaction

What is meant by baseline and should it remain constant?

A baseline is a specific quantitative or qualitative measure that existed or was established before the investment began and thus does not change over time. For example a baseline storm warning lead time of 12 minutes would be compared against the proposed performance targets for years 3, 4, and 5, to assess the net benefit from this investment.

What is meant by performance improvement goal?

Describe the performance target in narrative terms, for example, Improve Tornado Warning Lead Times. Then, under planned performance metric, translate the goal into a measurable amount, e.g. 7 minutes for 2005 and 8 minutes by 2007.

Do the Project Manager, Contract Officer, and Project Sponsor need to be different people?

Yes; each position must be held by a different person.

What information should we provide besides names?

Specify the Project Manager’s experience and training including project management certification. State the certification level of the project as well as the certification level of the Project Manager.

What skills should be represented on the Integrated Project Team?

An Integrated Project Team (IPT) should be composed of a qualified project manager, necessary personnel from the user community as well as budget, accounting, procurement, value management, and other functions as appropriate for the stage and complexity of the project.

Does the Project Manager need to be working full time on that investment?

Yes, the Project Manager needs to be devoted full time to each proposed investment. Having one person as project manager of more than one major investment is an unacceptable project risk as good management practices, supported by OMB, state that one person cannot provide sufficient monitoring and control of multiple investment.

How does a Project Manager become validated as qualified?

Each Project Manager is required to enter their experience and other qualifications into a standard Commerce resume format that is found in the eCPIC application’s Resource Library. Send this to your operating unit CPIC representative for submission to the Department’s CIO Office. The Department will review the information and validate if the qualifications are appropriate for the size and complexity of the investment that is being managed. The eCPIC Resource Library contains a matrix table comparing the assessment of a project’s size and complexity (on a 1 to 3 scale) with the qualifications needed by a project manager (also on a 1 to 3 scale.

Why do I need to provide the Project Manager’s Qualifications status?

The project manager’s qualification status field feeds the Exhibit 53. All project managers should be evaluated or undergoing evaluation to meet the OMB qualifications for a PM. This field may be left blank for investments in the Enterprise Architecture part of the Exhibit 53.

What if the Project Manager doesn’t have project management certification?

If the Project Manager doesn’t have certification, describe what training she/he will receive to achieve that goal. Identify and initiate project management teams, sponsors, and project management training now if you haven’t yet done so, so you can answer affirmatively to all the questions in this section.

What if there are more than three alternatives?

More than three alternatives can be listed, but only three will go to OMB. In the Alternatives Analysis table’s “Send to OMB” column, mark True next to alternatives to be submitted to OMB. Examples of alternatives include buy-it, out source it, or build-it yourself. Other possible alternatives are incrementally improve or totally rebuild. Meld and summarize choices to show at least three distinct alternatives. For operational systems, focus on future-oriented alternatives such as collaboration with other agencies, or transforming the current process by adopting e-business technologies such as XML, Java, or .Net.

How often does the alternatives analysis need to be updated?

It should be updated approximately every three years to account for new technological solutions and changes in the operational environment, or whenever a major shift in system strategy is proposed.

Does the alternative analysis need to account for risk?

Yes, among other criteria, qualitative risk needs to be considered along with a projected net, risk-adjusted return on investment for each project stage (planning, development and maintenance).

What is included in the Life Cycle Cost table?

The Life Cycle costs should include costs for all investment phases design, acquisition and operations and maintenance. Two minimize confusion include all costs already incurred and displayed in the summary of spending table. See below for instructions on defining cost elements.

What are cost elements and should they be organized by project stage?

Cost elements are the major cost categories of an investment, for example government personnel, vendor services, vendor personnel, hardware/equipment, software, inter-agency services, and supplies/other. As defined in OMB Circular A-11 these cost elements are separated into project phases and the cost of risk must be accounted for either as an explicit entry or contained within other cost elements.

Do the amounts in the Life Cycle Costs table need to match the summary of spending table?

Yes. The expectation is that if the alternatives analysis is properly done then the annual estimated costs for the selected alternative should be very similar to the totals in the Summary of Project Spending table.

What is needed besides the financial comparison in choosing among alternatives?

Incorporate issues such as risk, mission contribution, security, and timeliness in addition to financial criteria. The business case is more easily understood when the benefits and non-financial factors are grouped by the alternative strategy they’re associated with.

Is a cost-benefit spreadsheet template available?

Yes, a spreadsheet template is in the eCPIC Resource Library under the folder entitled Cost Benefit/EVA. Use benchmarks and market studies to identify the cost of alternatives.

Which cost/benefits are included?

Do not include sunk costs (costs incurred before the investment is scheduled to begin and cannot be recovered). Do calculate costs that would be avoided if this investment was approved. Note that the alternative of leaving an existing system in place may still have significant direct costs for system maintenance, repair, parts replacement, technical support as well as potentially substantial indirect costs in terms of foregone mission opportunities.

Do costs and benefits need to be discounted?

Yes. The discount factors for investments of various time spans are published in OMB Circular A-94 and updated periodically.

Which Return on Investment (ROI) measure should I use?

There are numerous ROI formulas that are used to evaluate investments such as ROI %, net present value (NPV), pay back period, and internal rate of return (IRR). Use the ROI that makes the most sense for your operating unit’s time horizon and investment criteria. Smaller, shorter term investments are often measured by their payback period while the ROI % or Net Present value is usually applied in measuring the benefit of higher cost, long term investments (ROI % is [(Discounted benefits — discounted costs)/ discounted costs] x 100%). A positive ROI, NPV, pay back, and IRR will occur only if the project’s financial benefits exceed their costs, so generally these measures won’t provide useful information unless societal benefits are included in the financial table prepared for the selected alternative (Table I.E.3).

What is the goal of the risk inventory?

Use the risk inventory to identify all key project risks and describe how they will be mitigated. It should summarize the findings of a more detailed Risk Management Plan. In listing mitigation measures, include technical solutions and cite the modular design strategies that will be used. Depending on the specific project a modular approach helps reduce several risks including technical obsolescence, lack of interoperability with other investments, risk of creating a monopoly for future procurements, and overall technical risk.

How is the question identify my highest risks and mitigation strategies” different than what is requested in the risk inventory?

The risk inventory structure is not always ideal for identifying the most likely risks. Only the top few risks, those that have high potential to affect cost and/or schedule, should be discussed here.

What risk assessment factors need to be addressed?

Separately address each of the 19 risk areas/factors listed in the Exhibit 300 instructions, and document updates to your risk management plan as the investment cycle proceeds.

How should the risk management inventory align with other sections of Exhibit 300?

The Project Manager should be able to cross-walk from each item on the risk management table to the risk-adjusted costs displayed for each investment stage of the selected alternative analysis table and project and fund plan table. Also, there should be a direct correlation between the risks/mitigation identified in the risk management plan with the cost and schedule variances identified in the spend plan.

What is an example of an acceptable Risk Inventory and assessment?

Use the table below as a guide to identify risks facing the investment in each of the 19 risk categories.