GTA Update CIO Council March 17, 2008

Georgia Technology Authority 2 Early completion shows team’s focus and dedication RFQC requested proposals for two streams ▪Infrastructure: data centers, mainframes, servers, PCs, laptops ▪Managed network services: state’s wide area network Qualifying service providers to be announced by April 7 Only qualifying vendors can respond to upcoming RFPs RFQC Issued 10 Days Early

Georgia Technology Authority 3 Looking Ahead Release RFPs: April 2008 Sign contracts with External Service Providers: October 2008 Transition services: November 2008 – March 2009 TRANSFORMATION: November 2008 onward This is transformational change

Georgia Technology Authority 4 Transformation Will Affect All Agencies If you are not involved now, an agency with similar requirements is involved Many processes will change Enterprise agencies working with GTA to ensure success  Office of Planning and Budget  Administrative Services  State Personnel Administration  Procurement  Billing  Budgeting  Planning  Asset management

Georgia Technology Authority 5 The New GTA Business model that reflects an outsourced infrastructure ▪“Do less, manage more” Must lead the institutionalization of transformation and change ▪Governance plays a large role Vision, mission and values must reflect the Governor’s priorities and the spirit of the New Georgia

Georgia Technology Authority 6 State IT Expenditures and Priorities GTA’s Business Model Services for Georgians

Service Management Organization (SMO) CIO Council March 17, 2008

Georgia Technology Authority 8 Roadmap for Briefing I.Two things going on at GTA ▪GTA Restructure ▪Building the Service Management Organization II.Introducing the Service Management Organization ▪What is an Service Management Organization (SMO)? ▪Why do we need an SMO III.An SMO for GTA ▪What does the SMO look like? ▪How has the SMO been designed? ▪How do the SMO functions relate to the best practice model

Georgia Technology Authority 9 GTA is Restructuring State finance and budget based primarily on an Agency Model – “one year at a time” GTA as an authority prices, delivers, bills and collects for services – “over multiple years” Our business model had been “shoehorned” into an Agency Financial Model - “insufficient detail” GTA will be restructured into a “thin” corporate layer and a robust operating layer Functions will be re-aligned under the COO so that the business can operate and report efficiently This “Operating Layer” will be the new Service Management Organization for the State of GA What’s different About GTA?

Georgia Technology Authority 10 Model Thin Corporate Layer ▪Enterprise Relationships Robust Operating Layer (COO) ▪Coordinate the delivery of services to agencies Technology Officer Enterprise Technology Planning Administrative Officer Information Security Officer Operations Officer Marketing Officer SMO ESP 2 ESP 1 CIO Etc…

Georgia Technology Authority 11 CIO Vendor Management Administrative Services Retained Services Client Relationship Product Services Operations Officer COO Enterprise Service Solutions To manage the relationship between GTA and infrastructure providers to ensure business receives quality, cost effective, reliable and scaleable infrastructure services Enterprise Disaster Recovery Enterprise Solutions To leverage the best practice technologies and processes from the infrastructure service providers to drive change in enterprise functions Operational Component of GTA transforms into a Service Management Organization What Happens to Operations?

Georgia Technology Authority 12 Service Management Organization An organization set-up to manage the relationship and services by both External and Internal Service Provider(s) SMO terminology is commonly associated with outsourcing arrangements although the management principles are used where an internal provider / management arrangement has been established The SMO is typically established as part of the retained organization, and draws on IT as well as other functions to support the effective management of the arrangement The SMO is established as a single point of accountability within an organization for the effective management of the provider(s) What is an SMO ?

Georgia Technology Authority 13 Why do we need an SMO? Formal operating model  To provide a disciplined approach in managing the external service provider(s)  To advance the maturity of the State with regards to using external service providers  To ensure the provider delivers to the contract  Provide a uniform escalation point for Vendor relationship and delivery issues

Georgia Technology Authority 14 How are we formalizing the SMO? Key Deliverables  Define and implement a common set of processes, procedures, and protocols as part of formalizing a SMO operating model to provide a disciplined approach in managing the external service provider(s)  Identify the key touch points between GTA, agencies and the Service Provider(s) and define the interactions that take place at those touch points  Integrate and align Service Provider requirements for interacting with, and delivering services to, GTA and the agencies

Georgia Technology Authority 15 What does an SMO look like ? SMO RSO Retained Service Organization VMO Vendor Management Organization ASO Administrative Services Organization CRO Customer Relationship Organization PSO Products & Services Organization GTA Customers External Service Providers

Georgia Technology Authority 16 SMO Components Governance and Oversight Organization Structure (Roles and Responsibilities) Operational and Management Processes ESP Processes SMO Processes SMO Criteria Drivers Objectives Principles Critical Success Factors Metrics

Georgia Technology Authority 17 Defining the SMO - Criteria What is driving the creation of the SMO? Drivers What are guiding principles for the SMO? Principles What does the SMO need to accomplish? Objectives What is needed for the SMO to be successful? Critical Success Factors How will success be measured? Metrics

Georgia Technology Authority 18 TPI SMO Design Methodology How does the SMO interact with other functions within the enterprise & with external providers when executing its core processes? What are the key processes that the SMO executes in order to exercise its mandate? What is the mandate of the SMO function? How should the SMO be funded and how should it recover its costs? What governance bodies will be required to ratify decisions and resolve escalated issues? Based on the organizational construct, what job roles are required to execute the processes? Charter Process Relationships Organization People & Skills Governance $ Current Activities Initial Draft Charter Team working first 6 of “Top 10” Processes How should the SMO be organized in order to execute these processes in an efficient manner?

Georgia Technology Authority 19 The SMO Process Model TPI has identified and classified 30 Processes by SMO Discipline Most of these processes will be owned by GTA, some by the Service Providers and a few may be shared There may be additional processes required which are unique to GTA’s situation

Georgia Technology Authority 20 TPI SMO Disciplines

Georgia Technology Authority 21 C01 Contract Administration C02 Contract Change Management C03 Contract Issue Management C06 Governance Library F01 Invoice Validation F02 Performance Credits, Earnbacks, and Critical Milestones F07 Billing P01 Performance Analysis & Service Delivery Management P02 Service Requests & Authorization R01 Governance The “Top 10” processes

Georgia Technology Authority 22 What is a Process? ▪A defined and documented sequence of goal- oriented actions ▪that are undertaken by authorized people ▪that can be repeated over time ▪to deliver a pre-determined output ▪where measured performance can be improved over time (to reduce time, reduce resources, reduce cost or to improve quality) ▪and that is only to be deviated from as the result of an informed and conscious business decision

Georgia Technology Authority 23 Process Document - Design Every document in the suite is consistent in design SMO discipline area and process name in header Revision control and confidentiality statement in footer Styled like a business document; ISO 9002 compliant

Georgia Technology Authority 24 Header information: ▪Header: GTA, Discipline Name, Process Name ▪Process name, process no., release date, version ▪Author, reviser, approver ▪Process owner, title ▪Attachments, description ▪Audience 1. Purpose 2. Entry Criteria/Catalyst event 3. Included in process 4. Outside of process 5. Inputs 6. Outputs 7. Exit Criteria 8. Related Contract Terms and Conditions 9. Retained Records and Disposition 10. Process Flowcharts 11. Visio 2003 Document Embedding 12. Document List 13. Touchpoints 14. Keywords 15. Definitions (may be put in the process aid, if one is used) 16. Revision Control ▪Revision version ▪Date ▪Revised by ▪Approved by ▪Description Footer: Company Confidential, Page Number (of pages), revision number, revision date Detailed Process Document Content

Georgia Technology Authority 25 The Level 1 process is the highest level of process development Shows the sequence of Level 2 processes Identifies the documents that are inputs or outputs of the process “at a glance” All processes are documented in word and represented as flow charts (Visio) Process Approach – Level 1 Flow Chart

Georgia Technology Authority 26 The Level 2 Process is the next level of detail down from Level 1 Simple swimlanes for GTA, Agency, and Service Provider Documents are shown at the step in the Level 2 process where they are used Process Approach – Level 2 flow charts

Independent Verification and Validation: Project Assurance Process CIO Council March 17, 2008

Georgia Technology Authority 28 IV&V / Project Assurance Process Agenda What is IV&V? – Description When is IV&V Used? – Project Phases Who are the Key Participants of IV&V? – Stakeholders How does GTA ensure Value with IV&V? – Performance Feedback on Assurance Process?– New Approach IT Project Governance – Strategy Why Conduct a Self-Assessment?– Gauges Risk How to Conduct an Assessment?– Tool

Confidential - Georgia Technology Authority 29 What is IV&V? A 3 rd Party, Value-added approach for ensuring:  Technology projects meet their objectives  Project deliverables meet quality and customer expectations  Costs are within project budget  Schedules are met Required for Projects over $1 million IV&V is an “insurance policy” for Project Risk ______________________________________

Confidential - Georgia Technology Authority 30 When is IV&V Used? Four Basic Stages during a Project  Business Justification (Rarely)  Planning / Procurement (Recommended)  Implementation (Required)  Benefits Realization (Recommended)

Confidential - Georgia Technology Authority 31 Who are the Key Participants of IV&V? Primary Reporting to: Provides Advice & Council to: Provides Recommendations to: Reports to, as needed: Executive Sponsor GTA Executive Director Business Owner(s) GTA EPMO Director Project Manager GTA Engagement Manager Steering Committee Enterprise Critical Project Review Panel

Confidential - Georgia Technology Authority 32 How does GTA ensure Value with IV&V? IV&V PERFORMANCE MANAGEMENT IV&V PERFORMANCE MANAGEMENT  Manages supply and demand for IV&V services  Measures the value IV&V provides to Agencies  Measures compliance with IV&V Standard Standard Practices drive efficient and cost-effective program _________________________________________

Confidential - Georgia Technology Authority 33 Feedback on Assurance Process Feedback on Assurance Process Comparing Value against Level of Risk ________________________________________________ Current “Pain Points” Current “Pain Points”  One Size Fits All  Cost We are considering a New Approach We are considering a New Approach Assessment > Assurance > Accountability

Confidential - Georgia Technology Authority 34 IT Project Governance Framework for translating strategy into results ________________________________________________________ Assessment – Do we have the capabilities to deliver? Assurance – How well are we performing? Accountability – Did we realize the expected benefits?

Confidential - Georgia Technology Authority 35 Why Conduct a Self-Assessment? A Gauge of Project Risk ____________________________________ Results of Self-Assessment will determine level of Risk: HighExtended IV&V Medium Normal IV&V Low IV&V Lite

Confidential - Georgia Technology Authority 36 How to Conduct an Assessment? Beta version of Procurement Self-Assessment Tool reviews:  Project Management  Procurement Planning  Requirements Management  RFx Development (Scope and T&Cs)  RFx Publication  Evaluation and Award When available, via online self-assessment tool ______________________________________

Confidential - Georgia Technology Authority 37