Compliance Assessment for Florida Agencies

Florida Information Technology Project Management and Oversight Standards 2 Section (3), F.S. By June 30, 2015, establish project management and oversight standards with which state agencies must comply when implementing information technology projects. The agency shall provide training opportunities to state agencies to assist in the adoption of the project management and oversight standards (10), F.S. Beginning July 1, 2016, and annually thereafter, conduct annual assessments of state agencies to determine compliance with all information technology standards and guidelines developed and published by the agency, and beginning December 1, 2016, and annually thereafter, provide results of the assessments to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives. Section (3), F.S. By June 30, 2015, establish project management and oversight standards with which state agencies must comply when implementing information technology projects. The agency shall provide training opportunities to state agencies to assist in the adoption of the project management and oversight standards (10), F.S. Beginning July 1, 2016, and annually thereafter, conduct annual assessments of state agencies to determine compliance with all information technology standards and guidelines developed and published by the agency, and beginning December 1, 2016, and annually thereafter, provide results of the assessments to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives.

3 RULE TIMELINE Rule Chapter 74-1, F.A.C. - Florida Information Technology Project Management and Oversight Standards took effect Anticipated effective date for Rule Chapter 74-1, F.A.C. revisions August 1, 2016 July 16, 2015

4 COMPLIANCE ASSESSMENT TIMELINE AST Compliance Assessments Begin Agency Project Lists Due Entrance Meeting (if desired by Agency) - Agency notified of projects selected for assessment Compliance Assessment Questionnaires Due to AST Aug 1 - 5, 2016 Jul 1, 2016 Jul 26, 2015 Aug 26, 2016

5 COMPLIANCE ASSESSMENT The assessments for 2016 will be completed in less than 5 months to meet statutory deadline for reporting AST will assess each agency annually Assessment will be based on sample of an agency’s IT projects Agency will receive detailed report that includes recommendations for improvements in project management practices

6 COMPLIANCE ASSESSMENT PROCESS

7 To Agency head, cc: CIO and Inspector General COMPLIANCE ASSESSMENT PROCESS Template Provided

COMPLIANCE ASSESSMENT PROCESS 8 List all Projects  Open as of July 16, 2015 (whether currently closed or not)  All projects opened after July 16, 2015 (whether currently closed or not) Projects that were completed and closed prior to July 16, 2015 are out of scope

COMPLIANCE ASSESSMENT PROCESS 9 Project List with Details  Project Name  Project Description  R&C Category  Current Project Phase  Project Phase as of July 16, 2015  Total Cost of Project  Start Date  Finish Date  Name of Project Sponsor (with phone & )  Name of Project Manager (with phone & ) Agency methodology / process for determining project thresholds

10 R&C Category  1 Projects = 5% of projects  2 Projects = 10% of projects  3 Projects = 15% of projects  4 Projects = 20% of projects The lowest sample size will be 1 project in each R&C Category If there are no agency projects in a category that category is not assessed COMPLIANCE ASSESSMENT PROCESS

11  Brief overview of the compliance assessment process  Assessment schedule and next steps  Projects selected for assessment COMPLIANCE ASSESSMENT PROCESS

12 A Compliance Assessment Questionnaire for each project will be provided to the Agency COMPLIANCE ASSESSMENT PROCESS

13 COMPLIANCE ASSESSMENT QUESTIONNAIRE  The entire workbook is required for a single project  Questions are organized by the lifecycle phases of Initiation, Planning, Execution, Monitoring & Controlling, and Closeout  The final worksheet is for AST oversight projects only – Unless otherwise instructed, leave this sheet unanswered

14 COMPLIANCE ASSESSMENT QUESTIONNAIRE Answer the questionnaire tabs according to the project management lifecycle phase as of July 16, 2015:  If the project was not approved for Initiation = all sections of Rule Chapter 74-1, F.A.C. are required  If the project was in the planning phase = the project must undergo a Planning Gate R&C Assessment upon completion of planning activities + follow requirements of rule from that point  Execution phase = continue to operate under Agency project management procedures unless a significant change request is submitted Please do not delete worksheets that are not required!

15 COMPLIANCE ASSESSMENT QUESTIONNAIRE Fill in the project information at the top of the Report Tab – this will fill in all tabs with the Report Date, Agency, Project, Phase, and Oversight information

16 COMPLIANCE ASSESSMENT QUESTIONNAIRE  Fill in the R&C Complexity Category at the top of each applicable worksheet (even if it is the same for the entire project)  If the R&C Category has changed over the course of the project, ensure that the appropriate R&C category is selected for each phase

17 COMPLIANCE ASSESSMENT QUESTIONNAIRE  The applicable requirements for the R&C Category will be indicated by an orange box and the word “Required” in the question row  Items that are blacked out are not applicable to the R&C category selected and should be ignored

18 COMPLIANCE ASSESSMENT QUESTIONNAIRE  Review the question and select the dropdown box in the orange cell  Your choice of response is Yes – No – NA  NA = not applicable to the project / not applicable at this time  NA = If a phase has begun but work has not been completed (the compliance level will be determined upon completion of documentation)  NA = you must explain the reason for the NA answer in the Review Comments

19 COMPLIANCE ASSESSMENT QUESTIONNAIRE Use the Review Comments area to notate or explain your answers:  Notate where the information is located (Communications section of PMP dated June 12, 2016)  Notate any “No” answers to explain your answer  Notate any “NA” answers to describe how the requirement does not apply to your project (or does not apply “yet”)

20 COMPLIANCE ASSESSMENT QUESTIONNAIRE  Complete each required section of the Worksheet  All requirements (denoted by the orange box) in each worksheet must have an answer – do not leave any questions unanswered  If your project has only a portion of a phase complete (for example, if your project is currently in planning and has not yet finished some of the documentation required yet), you must respond with NA on all unfinished areas of the phase requirements and notate when this requirement will be met in the future in the Review Comments  As you are answering the questionnaire, you may leave areas unanswered while researching (save and close and resume later), but the score will not compute correctly until all questions are answered

21  Although the questions are arranged by "document" (such as Quality Plan) the purpose is to have the information required documented  Except for the R&C Assessment form and the Status Report form, AST does not require any specific document or group of documents - If the project has the informational requirements, but they are contained in a different document than the one named in the questionnaire, answer the question accordingly and note the location of the information in the Review Comments box  For example, the Planning / Risk Management section includes the requirement "The Risk Management Plan documents the roles and responsibilities of project staff assigned to project risks" - If you do not include roles and responsibilities in the Risk Management plan but have roles and responsibilities for the risk process in a different document (such as the organization and governance document) then you would mark "Yes" and notate the name of the document COMPLIANCE ASSESSMENT QUESTIONNAIRE

22 COMPLIANCE ASSESSMENT AST REVIEW AND VERIFICATION AST will rely on the documentation noted in the Review Comments section by the Agency when requesting documents for verification

23 AST will:  AST will work with the Agency to complete the compliance assessment during August  AST will include the assessment for any Agency oversight projects in the Agency CA report COMPLIANCE ASSESSMENT OVERSIGHT PROJECTS ONLY

24 AST will:  Compile overall scores for the Agency Compliance Assessment  Draft findings and recommendations COMPLIANCE ASSESSMENT PROCESS

25 AST and Agency will meet to:  Discuss the draft findings and recommendations COMPLIANCE ASSESSMENT PROCESS

26 AST will present the Agency Compliance Assessment (ACA) Report to Agency management at the Exit Meeting (or via if preferred) COMPLIANCE ASSESSMENT PROCESS

27 AST will: Aggregate and summarize all ACA Reports Prepare the AST Project Management Compliance Assessment for incorporation in AST Annual Compliance Report Submit the Report to the Executive Office of the Governor, President of the Senate, and Speaker of the House by December 1, 2016 COMPLIANCE ASSESSMENT PROCESS

28 Content of the Entrance Meeting is being covered by today’s training so Agencies may waive the meeting and receive the list of projects to assess by COMPLIANCE ASSESSMENT PROCESS

29 Questions?

30 Jane Matthews, PMP Jane Matthews, PMP ® Lisa Hopkins, PMP ® Mindy Fike, PMP ® Beverly Bonasorte, PMP ® questions to: AST PROJECT ASSURANCE OFFICE

Jason M. Allison, Executive Director/State CIO Agency For State Technology 4050 Esplanade Way, Suite 115 Tallahassee, FL