Strategy And Planning
Unlike Virtual Case File, the FBI's Sentinel project will have an architect to ensure that the system will conform with the agency's enterprise architecture. The project's sheer size requires an architect to document, map, and align the systems interfaces and communications, Azmi says.
The FBI soon will hire an independent contractor who'll audit Sentinel and report to Azmi. The CIO says Lazarevich's team will be focused on the tactics to implement Sentinel so the program office might need a set of independent eyes to keep the project on course. "Sometimes you have requirements creep, you miss a deadline," Azmi says. If parts of the project do miss deadlines or overspend their budgets by 10% or more, project managers will need to explain themselves to review boards, including those monitoring technology, investment management, and enterprise architecture. Azmi estimates that 90% of the processes in place for Sentinel didn't exist for Virtual Case File.
The IRS's modernization project suffered early on because the agency developed apps before a design was completed. "If you're trying to develop as your design is still evolving, that's usually a recipe for failure," Spires says.
That doesn't mean every project is massive. Government, like the private sector, is trying to do more projects with incremental steps and rollouts that deliver benefits along the way. Federal agencies have adopted modular or "spiral" software-development approaches to building big IT systems, where they develop, test, and deploy small parts of a system that's part of a larger architecture. "That's helpful, because you start seeing progress, and you're not spending two, three, four, five years in not deploying anything," says the GAO's Powner.
The IRS thinks smaller these days, building modular parts of its system and delivering them every six to 12 months. After developing a tax-transaction app for CADE, the IRS processed 1.4 million accounts, about 1% of all tax accounts. By 2007, the IRS projects that CADE will process 30 million accounts. One big step was required to build the infrastructure for the system, Spires says. "Now we're focused more on the business logic, on how we actually add users to CADE than build out the CADE infrastructure itself," he says.
The IRS does a formal review of the modernization performance every six months, setting new goals for the next half-year. "Six months was enough time to make a meaningful difference in developing, enhancing a process, or carrying out some other type of initiative to improve the initiative," Spires says. "If you made it too long, like a year, I didn't feel like we'd be driving enough change."
Independent auditors have praised agencies on the steps they're taking to improve the chances these high-risk programs will succeed. However, in what sounds like a mantra, the GAO seems to conclude in each of its assessments that much has improved but more work needs to be done.
Sentinel, the IRS modernization, and other high-risk projects still face the test of delivering long-term results. Cooper notes that measuring success in government IT takes a long-term view, and he points to the US-Visit program, Homeland Security's system aimed at catching terrorists when they try to enter the United States at airports and border crossings. So far, the deadlines are being met. A good start, but hardly the final standard for which government IT projects strive. "Did we successfully prevent terrorists from entering the United States? That's a very real measure," Cooper says. "But how do you actually know? It's a little too late if you find out when something blows up, God forbid. Do you blame that on US-Visit, and do you then say, 'Well, I guess US-Visit didn't actually achieve its business success?' It could take a long time for that to play out."
Illustration by Dale Stephanos