20 Jun Using CPIC to Improve Security and Enhance Managed Services
By Jerry Black, Vice President and Director of the PM Center of Excellence
Three years ago, we highlighted the potential of Capital Planning Investment Control, or CPIC, in enabling Federal CIOs to make better-informed decisions about IT spending, while offering transparency to the American taxpayer about how IT dollars are being spent. While CPIC has been mandated by the U.S. federal government for several years and has gained significant adoption, the adoption rate varies across different departments and agencies, and each has specific timelines for implementing it. In addition, ongoing efforts are being made to improve the maturity of CPIC process to support its adoption and to improve IT investment management across the Federal government.
There are two benefits to CPIC that have risen in importance since we first wrote about it. Over the past few years, the Federal government has increased its focus on cybersecurity to protect critical information and systems. IT capital investments managed via the CPIC process can help agencies maintain control over their IT landscape and safeguard critical assets. For example, CPIC’s ability to help organizations identify “Shadow IT” – IT spending not reported through the CPIC process mandated by the Office of Management and Budget (OMB) – is key. Unauthorized and uncontrolled IT systems, applications, and services may lack proper security measures, leaving sensitive government data and systems at risk of breaches, data leaks, or cyberattacks.
The second notable benefit of CPIC is its provision of robust tools for organizations to evaluate and enhance their managed services approaches. Federal departments and agencies are increasingly turning to managed services providers (MSPs) to manage and maintain government IT infrastructure, allowing agencies to focus on their core responsibilities. CPIC supports various aspects of managed services, including informed decision-making, cost optimization, accountability, performance management, risk mitigation, and continuous improvement. Through CPIC, agencies can make data-driven decisions regarding the selection and optimization of managed services, leading to better cost management, improved service delivery, and enhanced governance. Moreover, CPIC facilitates ongoing performance monitoring, risk assessment, and the implementation of necessary improvements, enabling agencies to continually enhance the value and effectiveness of their managed services.
CPIC Processes and Tools Continue to Mature
This year, the OMB has begun to roll out tools for agencies to benchmark their progress as processes continue to mature across the Federal government. Several years ago, OMB adopted the Technology Business Management (TBM) framework into the CPIC reporting guidance in an effort to provide more granularity in IT spending. As described by the TBM Council, the framework is designed to enable the federal government to run IT like a business, drive innovation and business transformation, improve services to citizens, add cost transparency, and increase accountability to taxpayers.
Currently, TBM is advancing in its maturity. Initially, it allows organizations to align IT and finance cost pools, followed by the establishment of performance metrics and benchmarks to evaluate the effectiveness and efficiency of IT investments (known as the IT Towers layer). Subsequently, it encourages organizations to implement the Solutions layer, which focuses on managing the cost, quality, and value of IT solutions and applications within the organization. Leveraging the Solutions layer in TBM empowers organizations to have better control over IT solution costs, make improved decisions, optimize resource allocation, enhance governance, and align IT with business objectives. These benefits significantly contribute to overall IT and organizational performance, enabling organizations to derive greater value from their IT investments.
Criterion has a wealth of experience in assisting our Federal customers in comprehending, implementing, and maturing CPIC processes. Regardless of where you currently stand in your adoption journey, we can assist you in realizing the advantages of managing IT expenditures more efficiently and effectively. Our services encompass enhancing security, supporting innovation, and driving business transformation.