Enterprise Architecture and IT Governance: A Risk-Based Approach

The USCP had enormous challenges with its IT program and support to the internal and external stakeholders of the department, because of a fragile IT infrastructure. The IT program was not able to provide the basic assistance to the end-user, adequate reporting to middle and senior management, and lacked training of IT and end-user staff to venture into the rapidly changing technologies in network management, operating systems, data security, risk management, and systems integration, as well as, the need for innovative data management. The need for these services were exacerbated by increased demands on the IT services group and budgetary pressures restricting the resources available to accomplish the mission until an IT governance structure was adopted and the development and implementation of an enterprise architecture with corresponding risk management planning was undertaken. In order to overcome the inadequacies in the IT program, USCP established several ambitious goals for updating its strategic planning process, developing and implementing an enterprise architecture and risk management plan, setting up an IT governance structure to provide the necessary standards and guidance, as well as the relevance, accessibility, and timeliness of its information technology support. The office of information systems, set out to transforming itself into a performance-based organization. The envisioned "to be" system architecture helped USCP focus scarce assets on prioritized application and infrastructure projects to directly support USCP mission requirements, both operational and administrative. Additionally an IT security program was implemented to include compliance with FISMA; established a configuration and change management board; instituted earned value management techniques into project management activities, during the system acquisition process