Full Text
General Management and Operations IT Study OGDEN CITY, UTAH I FEBRUARY 2014 GERNERAL MANAGEMENT AND OPERATIONS STUDY OF THE INFORMATION TECHNOLOGY DIVISION ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 2 I P a g e Table of Contents 1 Introduction 4 1.1 Ogden City Overview 4 1.2 Project Background and Overview 4 1.3 Scope of Review 5 2 Management Summary 7 2.1 Summary of Observations 7 2.2 Benchmarking Comparisons 9 2.3 Major Recommendations 10 2.3.1 IT Strategic Goal 11 2.3.2 IT Strategic Goal 13 2.3.3 IT Strategic Goal 20 2.3.4 IT Strategic Goal 22 3 Information Technology Assessment 25 3.1 Overview 25 3.2 Organization 28 3.2.1 Governance 28 3.2.2 Personnel 29 3.2.3 User Satisfaction 30 3.2.4 IT Leadership 32 3.3 Administration 32 3.3.1 Delivery 32 3.3.2 IT Governance 35 3.3.3 Policy 38 3.4 Technology 39 3.4.1 Internet 39 3.4.2 Network 41 3.4.3 Applications 43 3.4.4 End-User Computing 47 4 Cost of Services Analysis 49 4.1 Cost of Services Commentary 53 Appendix A: End-User Survey 55 Appendix B: Return on Investment Policy and Model 56 Appendix C: Sample Polices 64 Appendix D: Service Level Metrics 67 Performance Classifications 67 Proposed Ogden City SLA Scorecard 68 Measurement Definitions and Calculation 75 Appendix E: Cost of Services Assumptions 80 4.1 General 80 4.2 80 4.3 Operating 80 ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 3 I P a g e 4.4 Capital 81 4.5 Overhead 81 Appendix F – Benchmarking Detail 82 Appendix G – Sample Partnership Agreement 83 ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 4 I P a g e 1 Introduction 1.1 Ogden City Overview Ogden, Utah was established in 1851 and shortly became the junction of the Union Pacific and Central Pacific railroads, which established it as a central transportation hub for all rail traffic moving east/west and north/south and served as the basis for the growth and for the diverse culture that exists today. Since 1992, the City of Ogden has been governed by a Mayor-Council form of government, which means there is a full-time Mayor and a part-time City Council. The Mayor has administrative and executive responsibility whereas the City Council has legislative responsibility. It is now governed by a seven-member City Council with four members representing a specific district and three members that are elected at large. The population of Ogden today is approximately 83,000 people, contained within twenty-seven square miles. The City has a diverse population, with differing needs that must be met by six City departments, which are all supported by a highly centralized IT division. The City operates with a total general fund budget of $51.4 million and 875 staff members, which are a mix of full and part time employees. The employees’ IT needs are supported by an IT division consisting of 19 employees, who work to serve the IT needs of the City departments. 1.2 Project Background and Overview The Ogden City Council has commissioned this study of the Information Technology department to evaluate the efficiency and effectiveness of the department, as well as, compare cost and size of the Ogden City IT operations to the similarly sized communities both inside of Utah and nationally. The IT operation within the City was restructured within the last year to provide the City with better, more cost effective IT services. There has also been a concerted effort within that time to improve the level of customer service and project management services throughout the City. To a large extent, the current operation is a highly functional, successful organization that is garnering high customer satisfaction ratings and is working to build relationships with its customers to better understand the departmental operations in an effort to be more proactive to the needs of the customers. The purpose of this study is to identify those opportunities within the departmental operations that do exist and to offer recommendations to help the department improve them to create a better technology experience overall. The primary goal for implementing technology is to enhance existing business processes performed by individual departments and across the City. Technology is intended to enhance these business processes by: Making them more efficient Making them more effective Improving decision-making Providing enhanced customer service to both internal and external customers Improving access to information ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 5 I P a g e Reducing costs As such, the goal in conducting an IT Study is to provide a coordinated, planned approach toward the deployment of technology with the intention of supporting the business goals of the organization and work in partnership that works to improves the effectiveness of business processes performed within the organization by supporting the needs of the department through technology 1.3 Scope of Review The Information Technology Assessment for the City encompasses a review of Organization, Administration, and Technology as depicted below along with key questions that were considered during the assessment: During project initiation activities, we worked with City staff to refine the scope of the assessment in connection with these three IT assessment areas. The table on the following page, which is broken down by each of these areas, shows each of the topical areas for review. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 6 I P a g e Scope of Review Organization Administration Technology Governance Organization structure Organization benchmarks Succession planning Staff compensation Support Staff complement Staff development Job descriptions Performance evaluations Recruiting User liaisons Steering Committee role User Satisfaction Responsiveness Effectiveness Communication IT Leadership Technical Business Delivery Project Mgmt. approach Service level agreements Problem reporting Helpdesk Administration Network / workstation management Software deployment Performance reporting Methods / tools Application development IT Strategy Long range planning Project prioritization Technology procurement Budgeting Project portfolio mgmt. Business case development Standards Operating procedures Policy User policies & procedures IT policies & procedures Business continuity planning Vendor Management Vendor management External service providers Outsourcing Internet Remote access Web site & security Content mgmt.. Web strategy Data Data ownership Data integrity Data security Data warehousing Data backup Network (LAN/WAN) Servers NOS Cabling Network electronics Storage Security Applications Enterprise Software applications GIS Security Reporting Interfaces Databases Platforms and tools Departmental / Site specific applications End-User Computing Workstation strategy Office automation Operating system Refresh ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 7 I P a g e 2 Management Summary 2.1 Summary of Observations Overall we observed that the City of Ogden has a high functioning IT Division. The management team within IT appears to be competent, and is interested in continually improving their approaches to best serve the City. This is evidenced by the quality of the technical infrastructure, the quality and morale of the IT staff and by the use of sophisticated IT management techniques regarding IT governance, use of business and communication strategies. The current leadership of the City, including the Mayor, City Council and Chief Administrative Officer are in the process of shifting the city’s expectations of the IT Division. City leadership appears to be adopting a more advanced view of IT as an investment. As such, concepts such as overall return on investment and improved customer service are of growing importance. This is evidenced by the shift from “building” to “buying” software applications, the establishment of an IT Steering Committee, and a growing awareness of inefficient, paper-based processes that can/should be streamlined using technology. Our major recommendations are designed to assist the City of Ogden to: 1) Continue to align IT services with the current vision of City leadership 2) Continue to increase the City’s return on its investments in technology and it services 3) Continue to improve IT customer services The following page is a summary of key observations identified during the Information Technology Assessment process divided by and Weaknesses. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 8 I P a g e Management and Elected Official support of IT as a strategic resource IT has a competent management team that communicates well and works as a cohesive unit Staff morale and enthusiasm for their work is high Infrastructure is strong and reliable The City has shifted from a “build” to a “buy” strategy around software acquisitions Established Customer Account team for business analysis and project management that seem to be exceeding the goal of increasing customer relationships and customer service Existence of IT Steering Committee formed within the last 2 years Strong customer service culture is imparted to staff by constant coaching and training by the management team The introduction of new IT concepts such as governance, business and daily stand up meetings place Ogden’s IT organization ahead of most other municipal IT organizations Weaknesses No central IT “Strategy” Replacement plans are in existence, but they are not completely funded Customers don’t understand or trust the current system of chargeback for IT services IT does not have a formal liaison program There are a large number of paper- based processes within the City. City-wide demand for end user training was an articulated need by many of the customers interviewed. Inconsistency with end user support interactions at the help desk There is not a great deal of enthusiasm for the current financial system and it is not being moved forward in a strategic manner based on the wide belief that it is to be replaced in the near future. The GIS area is in need of a strategic direction and some of the resources allocated to the program have been distributed to other interests and responsibilities ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 9 I P a g e 2.2 Benchmarking Comparisons The following graphs highlight how Ogden City’s IT spending and staffing compare to other organizations. As shown Ogden City spending is higher than neighboring communities. This is most likely due to the amount of software maintenance and fixed contractual service costs that exist in the City today. This is further exacerbated by the lack of processes to define the entire costs of new technology measured over its lifespan, rather than just acquisition costs when technology is requested. It should be noted, that the spending per employee is very comparable to similarly high performing IT organizations. Specifically, when compared to other “college towns” and high performing cities (i.e. Ann Arbor and Round Rock), the total IT spend per employee is within the expected range.. $5,643 $4,443 $2,284 $3,626 $4,267 $3,486 $6,824 $4,200 $0.0K $1.0K $2.0K $3.0K $4.0K $5.0K $6.0K $7.0K $8.0K Ogden City, UT Peer Average Sandy City, UT Salt Lake City, UT West Jordan, UT Provo City, UT Ann Arbor, MI Round Rock, TX Total Organizational IT Budget / Total Staff ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 10 I P a g e This graph compares the percentage of IT staff of the organization as compared to the total amount of staff. Ogden City has a higher percentage of staff members in IT than the average of the sample, but that is largely due to the part-time staff that is used in Customer support. Comparatively, the City appears to be appropriately staffed inside of IT. Additional Benchmarking information can be found in Appendix F. 2.3 Major Recommendations Plante Moran has organized our major recommendations within four IT Strategic Goals. These goals are designed to: 1. Ensure that the City’s future technology investments and IT Services are aligned and prioritized in accordance with City management and Council. 2. Ensure that the City optimizes the use of its IT investment. 3. Build upon the Customer Service framework to create deeper Partnerships with major technology users. Establish, communicate and implement a framework of standards, policies, and procedures that results in a consistent methodology for the achievement of operational excellence. 4. Ensure that the investment in technology and staffing are occurring according to the correct priorities. 2.9% 2.3% 1.2% 1.6% 1.9% 2.8% 2.4% 1.9% 0.0% 0.5% 1.0% 1.5% 2.0% 2.5% 3.0% 3.5% Ogden City, UT Peer Average Sandy City, UT Salt Lake City, UT West Jordan, UT Provo City, UT Ann Arbor, MI Round Rock, TX Total Organizational IT Staff / Total Staff ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 11 I P a g e 2.3.1 IT Strategic Goal Ensure that the City’s future technology investments and IT Services are aligned and prioritized in accordance with City management and Council. Objectives: 1. Refine existing processes that directly relate to project planning, budgeting and deployment- related processes. 2. Ensure that technology decisions and acquisitions are consistent and aligned with City priorities. 3. Develop and regularly update an annual technology plan. Actions: 1. Establish a standard project initiation protocol. City technology projects are defined as those projects that utilize computerization concepts and related technologies that can involve informational or financial transactions, or introduce new or changed business processes. Technology projects that are subject to review include initiatives that require Information Technology Division resources or other departmental resources, that provide the basis for capital projects, unscheduled technology requests, and/or those that might impact citywide systems, networks, or infrastructures. Projects that have already been approved and are undergoing scope changes or require increased funding must undergo this review process to continue. Questions regarding whether a project needs to go through the review process should be forwarded to the Information Technology (IT) Manager. This process will be used to develop and advance project requests with the assistance of the City IT Steering Committee and other identified persons for the purpose of submitting them for approval, prioritization, and inclusion in the Capital Planning and budgeting process. 2. Create a Project Portfolio Management process. Numerous projects are currently underway, and several future IT projects have been identified. We recommend creating a single master Project Portfolio Template that contains all significant projects. It is anticipated that this project list will be incorporated into the City IT Strategic Plan as the sole source project list that is utilized for planning, budgeting and project management. In the near term, it is anticipated that these projects will be incorporated into a project review process to determine the feasibility of proceeding forward with implementation. Projects and initiatives defined in development of the Plan have been further classified as follows: Departmental Projects: A project that is specific to a particular department and is not dependent on other projects outside of the department. City-wide Projects: A project that will impact either multiple departments or the entire enterprise implementation of a new document management and imaging system). IT Operational Projects: A project that may not be readily apparent to departments/ but provides some level of improvements to the underlying organization around technology, administration of technology or technical infrastructure of the City. Further, reports based on the attributes of the project portfolio may easily be generated. As the key below shows, each technology project initiative, whether approved or in the planning stages, shares the same consistent attributes in the Master Project Portfolio Template. Many of these attributes, such as high level cost estimates and timing, are meant to place projects in a category for planning purposes. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 12 I P a g e 3. Create and routinely update an annual strategic technology plan. Consider developing an annual technology plan as part of the City budgeting process. The annual review process should be initiated by the IT Manager, supported and affirmed by the Technology Steering Committee and submitted to City management and Council as the city wide technology budget request. The annual process should minimally confirm organizational goals, monitor progress of prior year actions and tactics, and adjust planned projects to ensure alignment with City business needs. This proactive planning and budgeting process can serve as the primary management control over IT spending and investment. Currently, the City has established a separate IT Fund, within the General Fund, and utilizes a “Chargeback System” to internally recoup IT expenditures. While chargeback systems are generally effective at monitoring and controlling expenditures, the variance analysis conducted occurs after the expenditure of funds. As such, chargeback systems are inherently reactive, and not a particularly effective approach for directing IT investment. Column Value Description Project # xxxx Autogenerated 4 digit number assigned by ITS to identify a specific project. Referenced in other ITS project documents and reports. Request text Short description of project or project title Classification Departmental The project primarily benefits a specific department. Enterprise The project directly benefits mulitple departments or all departments. IT Operational The project is for IT infrastructure or other 'back end' IT operations. Requesting Customer name Name of person who has made this request. Alignment With IT Strategic Plan 1 Project does not align with the current IT Strategic Plan 2 Project has indirect and partial alignment with the IT Strategic Plan 3 Project has direct but not complete alignment with the IT Strategic Plan 4 Project is directly and completely algined with the IT Strategic Plan Risk 1 Project has no or only risk factors are not going to affect the scope and schedule. 2 Project has risk factors which may affect the scope and schedule of the project but the ability to mitigate and manage the risk appears reasonable. 3 Project has risk factors which may affect the scope and schedule of the project and the ability to mitigate those risks is uncertain. Description/Goal text Paragraph (2-3 sentences) describing the project scope and the primary goal(s). Project # Cross Reference xxxx, xxxx, … Project which are related to this project. Timing I=Immediate Anticipate project will become Active within 90 Days. M=Medium Anticipate project will become Active during current fiscal year. N=Near Anticpate project will become Active during next fiscal year. L=Long Future project, time frame unknown but not within current or next fiscal year. Cost $ Total project cost estimated at less than $10,000. Total project cost estimated between $10,000 and $50,000. Total project cost estimated between $50,000 and $100,000 Total project cost estimated greater than $100,000. Department Priority 1 High. Department has indicated this project has sigificant benefits for them, Benefit has been calculated and it is positive. 2 Medium. Department has indicated this project has benefits but the benfit has not or cannot be determined. 3 Low. Department has indicated this project is needed but is not as urgent as other requests and should be addressed subsequent to Medium and High benefit projects. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 13 I P a g e We recommend converting over time to a process of planning/budgeting and monitoring of the IT expenditures, as described above. We believe that this approach offers as strong a control over expenditures as a chargeback system, but also offers an improved ability to direct investments in technology to ensure alignment with City priorities. We recommend instituting this change over 2 to 3 budget cycles (running both systems) to ensure an effective transition. 2.3.2 IT Strategic Goal Ensure that the City optimizes the use of its IT investment. Objectives: 1. Enhance the technology governance process to direct and oversee the acquisition, development and deployment of technologies which meets ROI guidelines. 2. Link the annual City budget process to the annual technology plan to ensure alignment of the investments. 3. Ensure that employees receive adequate training. 4. Invest in adequate training Actions: 1. Enhance the current IT Steering Committee There is a need to enhance the process to evaluate the impacts of applying technology that extend, expand, or improve the services available to City employees, residents, businesses, civic groups, or other interested parties. A proposed Technology Review process addresses the need for the City to review and prioritize appropriate technology projects for implementation. The review process offers a consistent framework for the City to develop and evaluate project requests. The review process is a method of identifying technical and organizational impacts related to technology projects. This process will not deal with detailed project design, engineering, coding, or implementation specifics. Technology projects that are subject to review include initiatives that require Information Technology resources or other departmental resources, that provide the basis for capital projects, unscheduled technology requests, and/or those that might impact Citywide systems, networks, or infrastructures. This process will be used to develop and advance project requests for approval, prioritization, and inclusion in the Capital Planning and budgeting process. As the graphic below summarizes, the Management Team provides direction: IT Management implements technology programs based on that direction; IT staff deliver the programs and provide feedback and service levels back to the Management Team. Formal communication between all levels is critical to the success of the IT Governance Model. The makeup of the IT Management team consists of The IT Manager and his direct reports. The IT governance committee reflects the current membership of the current IT Steering Committee, which is comprised of IT management, select City management, and key department heads are either a large consumer of IT or have an expressed interest in the technology direction of the City. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 14 I P a g e The Roles and Responsibilities Matrix on the following pages further outlines the specific IT Governance authority: Management Team Solid IT Direction Clear Coordinated Alignment Procedures IT Leadership and Management Competent Management Systems PPM Staff Training Standards IT Staff Service Delivery Helpdesk E-Government ERP GIS Server Virtualization ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 15 I P a g e Ogden City, Utah Proposed IT Governance Structure IT Policies & Procedures IT Standards Annual Technology Planning Annual Technology Budget Departmental and Line of Business Projects City-wide Projects City Council Review and approve technology plans Approval as part of the budget Review and approve budgets and requests to City Council Approval of funding Approve funding for major projects Approve funding for projects Mayor/CAO Communicate IT procedures Citywide Approval of Policies and Procedures Communicate standards Citywide Review and approve budgets and requests. Authorize and support enterprise level projects IT Leadership Team Review and recommend IT procedures to the IT Governance Committee Enforce IT standards Review and update, as needed, the Information Technology Strategies in terms of relevance and priority Participate in annual planning process Develop and maintain the project prioritization criteria and weightings Review, rank and prioritize ad hoc committee project requests to the IT Governance Committee. Initiate a Leadership Team subcommittee to evaluate enterprise initiative feasibility Monitoring of City- wide Projects ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 16 I P a g e IT Policies & Procedures IT Standards Annual Technology Planning Annual Technology Budget Departmental and Line of Business Projects City-wide Projects IT Governance Committee Approve IT procedures Approve IT standards Recommend to Mayor/CAO, as needed, the strategic technology imperatives in terms of relevance and priority Approve ROI model Review and approve project prioritization criteria and weighting Review, rank and prioritize ad hoc committee, CIP and non-CIP project requests Provide oversight to major projects Give life to potential Citywide initiatives that may originate from multiple sources Initiate subcommittee to evaluate Citywide initiative feasibility Conduct periodic monitoring of Citywide projects. IT Manager Recommend policies and procedures to the Leadership Team for approval Recommend IT Standards to Leadership Team for approval Identify IT standards that need to be developed. IT Manager to participate on Leadership Team and IT Governance Committee Draft updates to the Strategic Plan Draft updates to the Tactical Plan Develop recommended IT budget Consider Collaboration Opportunities (Alliance Partners) Benchmarking Trends Approval of all Tactical Plan items and IT projects based on Standards, IT Strategic Plan and Tactical Plan Approval of all Tactical Plan items and IT projects based on Standards, IT Strategic Plan and Tactical Plan ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 17 I P a g e IT Policies & Procedures IT Standards Annual Technology Planning Annual Technology Budget Departmental and Line of Business Projects City-wide Projects Ad-Hoc Committee (Line of Business) Understand the relevance of developed IT policies and procedures to the technology standards function As needed, develop IT procedures in areas deemed necessary by the Leadership Team Understand the relevance of developed IT standards as it applies to the subcommittee's charge Review deviation requests from City IT standards and recommend to the Leadership Team Develop ROI and budget requests for Line of Business and City-wide Projects Identify Departmental and Line of Business Projects and articulate benefits Provide strong leadership/ support for approved projects May provide project oversight to multi- departmental projects Department IT Liaison Staff Understand the relevance of developed IT policies and procedures to their Line of Business (LOB) Communication channel between IT and departments Understand the relevance of developed IT standards as it applies to their IT initiatives Initiate requests to deviate Review and update, as needed, technology goals applicable to the LOB Review and rank departmental IT initiatives Often first line of support for departmental applications *Often first line of support for enterprise software where the department “owns” the software expertise User Groups Understand the relevance of developed IT policies and procedures to the application which is the focus of the User Group Understand the relevance of developed IT standards as it applies to the application Assist in the prioritization of projects Often first venue for consensus on system decisions Often first venue for consensus on cross functional decisions for enterprise systems ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 18 I P a g e IT Policies & Procedures IT Standards Annual Technology Planning Annual Technology Budget Departmental and Line of Business Projects City-wide Projects IT Staff As needed, develop IT policies and procedures in areas deemed necessary by the Leadership Team Identify areas where IT procedures need to be developed Participate in the development of IT procedures Implement recommended and approved IT procedures Assist with the development and communication of IT standards for those areas that are deemed as core to the City IT function Initiate requests to deviate Provide input to Plan Work with departments in developing project ROIs Provide staff capacity input to the Leadership Team Coordinate with department IT staff, or perform directly Support City-wide Projects Coordinate with Department IT staff Department IT Staff (e.g. Police) Review and provide feedback on draft IT policies and procedures Participate in the development of IT procedures that impact their area of operation Implement approved IT procedures, as appropriate Adhere to and support the developed IT procedures Review and provide feedback on draft IT standards Adhere to and support the developed IT standards Initiate requests to deviate Provide input to Plan Participate in development of project ROIs Identify IT initiatives for the upcoming fiscal year Coordinate with central IT Implement department level projects where appropriate Coordinate with central IT ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 19 I P a g e 2. Establish a technology review process that considers Return on Investment. The current challenge in managing the significant technology initiatives underway at the City is that an ‘IT project’ is not defined using consistent criteria, priorities are not defined or communicated with stakeholders, and existing project management tools are cumbersome and time consuming. Currently, IT staff have challenges in balancing their day-to-day work, emergency fixes, and long-term projects. It is difficult to develop fixed project schedules and resource assignments, when operational activities take precedence over some ongoing projects. Improvements to IT Governance (decision making) at the City will better clarify how projects are approved and specifically how a priority is assigned to a project. Improvements will also clarify and better communicate technology project decisions. The City can realize many benefits by developing and implementing a comprehensive and unified approach towards identifying and prioritizing technology projects. Such benefits of a prioritization process include: Generating more complete and quantifiable analyses Gaining more positive consensus-building for participants Streamlining for decision making Gaining an understanding of the true costs of IT Creating a transparent process so customers can track the progress of their requests A structured, but flexible Technology Review Process is proposed to include project identification, analysis, cost justification, approval, and implementation. The process should incorporate the following: An understanding as to the source of technology-related projects/initiatives A determination as to how these projects should be forwarded for review A determination as to how these projects should be reviewed A framework to measure and track IT Division performance and progress on projects The implementation of this process will help to insure that the project decision process is efficient, consistent, and transparent. The complementary piece to a technology review process is an analysis on projects Return On Investment (ROI). ROI tools can be used to estimate the total cost of ownership for IT related projects. The purpose of the analysis is to aid decision making by enabling the City to analyze the benefits, including hard and soft savings, as compared with the cost, both internal and external, for implementing technology projects. When quantifying the costs and benefits, consideration should be given to both “hard” and “soft” costs and benefits. For purposes of the cost benefit analysis, these terms are defined as follows: Hard Costs: Those costs directly attributable to the project that will result in the direct outlay of money. Typically these are budgeted cost items. For example, technology/vendor costs for a new system. Soft Costs: Those costs or use of resources directly attributable to the project that do NOT result in the direct outlay of money. Typically these are not budgeted items. For example, internal project staffing costs. Hard Benefits: Those benefits directly attributable to the project that will result in direct savings or revenues and impact actual expenditures or revenues. For example, reduction or elimination of current technology costs including system support costs for systems intended to be replaced. Soft Benefits: Those benefits or resource efficiencies directly attributable to the project that do not result in the direct saving of money or direct inflow of money. For example, projected improvements in staff efficiency (measured in hours) that allow reallocation of staff time to other more value-added activities. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 20 I P a g e A robust ROI model can be set up to provide a potential Internal Rate of Return (IRR) calculation and the Net Present Value (NPV) of all the IT projects. Additionally, the model can provide the ability to create and adjust a Sensitivity Analysis for projected project savings. A sample “return on investment” policy and model can be located in Appendix B. 3. Integrate technology planning and budgeting processes. We recommend linking the Capital Plan and Budget Cycle with the Technology Review Process. Projects that are to be considered by the Mayor/CAO and the City Council should be submitted. Departments will have to submit Capital Project Request documentation or incorporate the project into their Operating Budget for consideration of available project funding. Based on the prioritized Project Portfolio and appropriation levels set for the upcoming budget, the Management Services Director and IT Director will prepare the capital plan and operating budget for the IT Division. The operating budget projects requested by sponsoring department will have to be included as part of the upcoming operating budget. The capital and operating Budget is presented to the Mayor/CAO for his consideration and inclusion or exclusion in the upcoming year’s budget proposal. The Project Portfolio costs and the funding sources will be listed in the Budget and identify whether the project is part of the capital plan or in the operating budget. The Mayor/CAO will review this and a decision will be made as to which projects will be forwarded or postponed to a later year. This Project Portfolio is approved by the Mayor/CAO and submitted to Council as part of the next year budget. 4. Invest in Adequate Training We suggest reexamining past training practices to ensure that staff are appropriately trained to ensure mastery of new technology investments. In several instances, City staff questioned whether they and their coworkers had been adequately trained on new and existing technologies. Frequently, the Customer Account Coordinator type positions can assist in the development of staff training plans. 2.3.3 IT Strategic Goal Build upon the Customer Service framework to create deeper Partnerships with major technology users. Establish, communicate and implement a framework of standards, policies, and procedures that results in a consistent methodology for the achievement of operational excellence. Objectives: 1. Establish a formal IT Liaison program. 2. Establish consistent policies and procedures as part of the development and deployment of technology-based solutions. 3. Expand the skillset of the IT staff to include project management best practices and IT vendor management techniques. Actions: 1. Develop a formal IT Liaison program. The purpose of the Liaison or Subject Matter Expert is to assist the requesting department in the development of the business, functional, and technical requirements for a Technology Project. If requested, they are to review projects for clarity and completeness prior to forwarding project requests to the IT Steering Committee. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 21 I P a g e Developing an IT Liaison program will increase end users’ interaction with IT staff and projects, and help them to feel a sense of involvement and ownership for the role of IT throughout the City. Formalizing this program would also take strides to address some of the support and alignment issues and help to coordinate the efforts of end users and central IT staff. The following initiatives would increase interaction and cross-training, and would enable the department staff to perform more support and planning functions: Communicate roles and desired skill set for department liaison positions. This includes clearly defined responsibilities for supporting Department users while adhering to IT standards and best practices. Identify current staff as potential liaison and conduct IT skill assessments. Include liaisons in interactions with the Central IT Division, in order to propagate best practices and standards, as well as provide cross-training opportunities. In addition to the increased communication with and from end users through the liaison program, central IT should continue to improve the communication process by implementing tools and techniques such as: Using bulletin boards/forums such as SharePoint to share expertise and communicate status of projects. This will likely require some end user training. Increasing exposure in the City newsletter and develop a separate quarterly IT newsletter to better inform City staff on IT related activities and initiatives. 2. Establish base technology related policies and procedures. The lack of documented policies prevents the enforcement of certain best practices such as password restrictions, storage management, etc. The City should formalize, document and enforce key policies (network & computer usage, security policy, job responsibilities, etc.). The creation of accurate job descriptions will create awareness of key responsibilities, provide accountability, and allow individuals to focus on strategic projects that can impact the future of the City. 3. Expand IT Staff Skillset. The IT Division has shifted its philosophy toward a “Buy vs. Build” strategy in recent years. We have identified a need for expanded training in order to deliver the best service possible to user departments. We recommend specifically evaluating the skills of IT project managers to ensure they are adequately trained in the following: Project management discipline; particularly recommend the PMI Institute trainings. Vendor management, including the development of IT Statement of Work and Contracts. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 22 I P a g e 2.3.4 IT Strategic Goal Ensure that the investments in technology and staffing are occurring in the correct areas and to enable better customer service. Objectives: 1. Strengthen the technology infrastructure 2. Solidify support around applications and technology 3. Review and replace outdated ERP technology (Eden) 4. Ensure appropriate staffing Actions: 1. Telephone System The currently installed telephone system is the result of many years of partial component replacement and patchwork upgrades that has resulted in the telephone system having some components that are over 20 years old. At this time, the City is in danger of a prolonged partial outage if the components in the system that are no longer manufactured or supported happen to fail. A significant redesign to incorporate more modern components may need to take place to restore service to the City. In addition, many of the features that are found in modern telephone system, such as integration with desktop computers, advanced call processing, call applications, and advanced desk sets are not easily available with the current system. It is recommended that a project to replace the entire phone system with a modern, Voice over IP (VoIP) telephone system. 2. Security Concurrently to assessment timing, a new set of policies was adopted by department heads that should help to address some of the concerns that were expressed by IT and departmental staff. It is important that these new policies are communicated and distributed to staff so that there is education and understanding around how the new policies change how staff work and what is expected of them when they are released. It is also important that City Management support the new policies and to also help IT enforce them. 3. Disaster Recovery The City lacks a formal Disaster Recovery Plan, but does perform some items to ensure that critical data is replicated to an off-site location. The City is susceptible to outages, with no pre-determined, Return to Operation (RTO) times for applications, no standby hardware, and no pre-determined site to be brought online in the case of a total building loss. The City should make it a priority to at least create a plan on how it would recover from a total building loss situation and work with the customers to determine how long they can feasibly without their application before harm comes to the organization or the citizens. From that point, a plan can be established on how best to meet those objectives and how much will need to be budgeted. It is likely that the plan will need to be phased in over time and over multiple budget cycles. 4. Enterprise Applications There are a number of Enterprise applications and “near” enterprise applications (those that span over two or three departments, such as Cartegraph) that are currently being supported by IT. The following are recommended actions that need to be taken on some of the applications. Eden - The City currently uses Tyler Technology’s Eden ERP system that was implemented in 1999. The purchasing, invoicing, receivables, payroll, budgeting, and permitting functions within the system have been decentralized to the departments. The majority of departments noted that, although IT has been good at applying the latest updates, the Eden system is at the end of its lifecycle and offers limited capability to assist the City streamline its numerous paper based processes. Because of this, the City should conduct a study for the replacement for Eden. In doing so a thorough ERP needs assessment should be completed. All departments and ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 23 I P a g e stakeholders should be engaged in defining requirements for the new system and key stakeholders from each department should be involved in the implementation of any new system. By taking this approach, it will help ensure that the new system meets the needs of the City and also has a properly trained user base from the beginning. GIS – Geographic Information Systems, or specifically the ESRI software, is currently being supported by two staff members that are currently working inside the Operations division of the department. The two staff members not only have GIS duties, but have other assignments that cause them to divide their time between GIS and the other duties, resulting in large amounts of time taken away from the GIS program and the further development of the GIS program for the City. There is also no champion within the department for GIS and no strategic plan that guides the development of the technology. We recommend that efforts should be made to lessen the non-GIS duties faced by the current staff and to sharpen the focus of the current team so that they can advance the technology within the City. This can be accomplished by the creation of a GIS Coordinator position either out of one of the existing positions or by creating a new position, the creation of a GIS steering committee to create and advance the GIS vision, and finally, a GIS strategic plan that documents and prioritizes the City’s GIS initiatives for the next few years. The strategic plan should be a jointly produced document that is created by the GIS Coordinator, GIS and appropriate IT management, and the GIS steering committee to help guide the GIS staff through their priorities. Cartegraph – The Cartegraph software is used mainly in the Public Works area to track work orders, staff time, and assets in that department, as well as a new, expanded installation in the Fleet area. Despite difficulties implementing the system in Fleet, there may be some potential to expand the use of this software in other areas of the City, such as facilities Management. Because of the tight GIS integration, the software is currently supported mostly by a GIS staff member, who spends much of the support time of the software dedicated to non-GIS functionality within the software. This work could be better handled by a Customer Support Specialist II, freeing up the GIS staff member to concentrate more on ESRI GIS enhancement and support 5. Staffing The staffing of the department is sufficient for the technology owned by the city and provides most customers the service levels that they desire. Aside from the conversion or addition of a GIS coordinator for the City as mentioned above, the other area that could benefit from a staffing adjustment is the Customer Support area. The Customer Support area maintains the help desk, desktop break/fix, and most application support. The help desk and desktop break fix area are mostly staffed with Part-time FTE’s which have been historically staffed by college students from Weber University, but there are instances in which this is not the case. The students work part-time and have a flexible schedule which often means that they are in and out of the office and don’t work a straight schedule Monday through Friday, in addition to only working 4 days instead of 5. The main issue with the part time staffing is that problems that aren’t solved right away and have to be transferred to other support staff often have to be referred back to the customer, who has to explain the problem once more to the new technician. 6. Collaboration There may be some opportunity for partnerships in the general geographic area, though none have been thoroughly vetted for suitability for the City. Weber County has indicated that because of the heavily customized programs they operate, they are not in a position for a partnership at this time. However, Weber State University could prove to be a very viable partner, building on the “college town” collaboration efforts already underway. Many of the City’s IT staff are already hired while attending or shortly after graduating from the University, but there is no formal program or relationship that has been established. Overtures could be made to the University’s IT department to discuss the possibilities to leverage infrastructure, software packages, staffing, or a disaster recovery site for the City. 7. Administrative Rights Assignment for Police Department In interviews with both IT staff and the Police Department staff, there were concerns raised with the proper level of network and administrative network access for the Police department IT personnel, that is ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 24 I P a g e complicated because of the need to balance the needs of the Police Department to protect its information with the needs of central IT to protect and administer the entire network, including the Police Department and its data. While some compromises have been made and some access was granted, the parties remain generally unsatisfied with the current level of access. The Federal Bureau of Investigation publishes a policy, the Criminal Justice Information Services Security Policy or “CJIS” that is to be used in the administration of law enforcement data at the federal, state and local levels. The CJIS policy is a document that addresses the administration of Criminal Justice data in two of its sections. The first section to address this issue is CJIS Section 3.2 that defines what a “Criminal Justice Systems Agency” or “CSA” is. It defines a CSA as “a court, a governmental agency, or any sub-unit of a governmental agency which performs the administration of criminal justice pursuant to a statute or executive order and which allocates a substantial part of its annual budget to the administration of criminal justice. State and federal Inspectors General Offices are included.” (CJIS Section 3.2.4) Include within the above section, it mentions the need for the head of the individual CSA to select a Chief Security Officer (CSO) that is ultimately in charge of the security and operation of the systems (software, hardware, networks, etc.) that have access to criminal justice data. The policy does not indicate whether the “head” of the agency is the top city official or the top law enforcement official. According to the definition of the CSA, it could be either. Essentially, all of the information contained within police and records systems as well as personally identifiable data that is kept on shared drives, etc. is all the same “System” by definition, since it’s on the City’s network. If the Police Department itself was named as the Criminal Justice Systems Agency (CSA), the Police Chief would then be the head of the CSA and would be required to name a Chief Security Officer (CSO) for the City. If a member of the Police Department was named as the CSO, then that individual would be responsible for the administration of the City’s entire infrastructure according to the policy, since the systems are all on the same network. This could be avoided by separating the Police Department and City’s network so that they are managed separately, but with the Central IT Department that is currently in place with the department, this is not an efficient way to manage and enterprise network as it creates duplicate work for individuals and is not recommended. In Section 5.1.1 of the CJIS policy, it goes on to detail that a memo of understanding is to be written that is to detail out the responsibilities of the CSO and who is in charge of what aspects of the system. CJIS Section 5.1.4 goes on to give the example of, “A local police department executed a Memorandum of Understanding (MOU) for the interface with their state CSA. The local police department also executed an MOU…with the county information technology (IT) department for the day-to-day operations of their criminal-justice infrastructure.”, so it is possible to have the IT Department work as the “agent” for the Police Department in this role, but the CSO would retain ultimate authority over the entire “system”. In conclusion, we would consider it best practice to name one of the IT Department’s network administrators who have oversight of all of the City’s security systems to the CSO role to manage the system as “one” system. If a Police Department employee was named to the CSO role, then the networks would have to be split, effectively creating dual environments to avoid having the Police Department personnel manage the entire network and infrastructure, which is not efficient or practical for the City. Ultimately, the City should contact the State Police and implement an accountability structure that is consistent with what the state recommends and that works best for Ogden. Further, an accountability structure should be formalized in a memo of understanding (MOU) between the Police Department and the City. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 25 I P a g e 3 Information Technology Assessment 3.1 Overview The overall goal for implementing technology is not for the technology itself, but rather to enhance existing business processes and customer service within the City. Technology is intended to enhance these business processes by: Making them more efficient Making them more effective Improving decision-making Providing enhanced customer service to both internal and external customers Improving access to information Reducing costs As part of the assessment, each of the assessment areas were reviewed and assessed to include the maturity rating of the item and the risk to the City relative to not performing the suggested actions. The following scales have been developed to measure the maturity and risk levels for the various IT assessment areas: It is very rare that a 5-star rating is given in any area, as it represents an absolute best practice in the industry. Plante Moran recommends organizations identify strategic or high value service areas and strive for 4-stars or better in those areas. In addition, depending on an organization’s tolerance for risk, Plante Moran recommends moderate or low level of risk. Any high risk areas should be addressed immediately. The table below provides a summary of maturity and risks associated with the assessment areas identified for the IT review: Rating Maturity Description Risk Level Best Practice in the Industry Low Mature or Fully Implemented Moderate ▲ Progressing / Fair High Improvements Identified Needs Significant Improvement ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 26 I P a g e Assessment Maturity Risk Organization Governance Organizational Structure Centralization ▲ Succession Planning ▲ Personnel Staff Complement Staff Development Job Descriptions Recruiting User Satisfaction Responsiveness Effectiveness Communication ▲ IT Leadership Technical Business Administration Delivery Project Management Approach ▲ Service Level Agreements ▲ Problem Reporting Helpdesk Administration ▲ Network / Workstation Management Software Deployment Methods / Tools Application Development ▲ IT Governance Governance Approach User Liaisons ▲ Technology Budgeting/Funding Technology Procurement ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 27 I P a g e Assessment Maturity Risk Project Portfolio Management ▲ Business Case Development ▲ Policy Policies & Procedures Standards Technology Internet Remote Access ▲ Website & Security ▲ Content Management Web Strategy ▲ Network Servers ▲ Network Electronics Telecommunications Storage Security ▲ Data Backup Applications Enterprise Software Applications ▲ GIS Reporting ▲ Interfaces ▲ Platforms and Tools Department / Site Specific Applications ▲ End-User Computing Workstation Strategy ▲ Office Automation Operating System Refresh ▲ ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 28 I P a g e 3.2 Organization 3.2.1 Governance Maturity Risk 3.2.1.1 Organizational Structure Observations The organization has adjusted to the reorganization over the past year and it is working well for the most part. The “Operations” area is by far the largest area in the department and may benefit from having functions split from it. GIS is embedded in operations and currently has no strategic focus. Customer Support has many part-time positions in the “Technician I” job title and has large turnover in staff. Consequently, internal knowledge is not maximized as it should be within the team and time is spent re-solving issues repeatedly as they appear. Opportunities GIS needs to be separated out into its own unit, either reporting to the IT Manager or, if left inside of Operations, a GIS coordinator should be named to take responsibility for that program so that it can advance. Consider changing 2 of the System Support Technician I positions to full time. Maturity Risk 3.2.1.2 Centralization ▲ Observations There is no clear centralization/decentralization strategy, though the City is very centralized for its delivery of IT services, leaving some customers wanting for a more immediate response, personalized service. Opportunities Using this report as a guide, create a decentralization strategy that works for the City. It should be a balance of dedicated IT staff to departments, a formal IT liaison program, and department head and manager participation. Maturity Risk 3.2.1.3 Succession Planning ▲ Observations Large turnover and the part-time, varying schedules in the Customer Support area have led to inconsistent handoffs and uneven customer service in that area. There is no formal succession planning program in place. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 29 I P a g e Maturity Risk 3.2.1.3 Succession Planning ▲ Opportunities Consider changing 2 of the System Support Technician I positions to full time to be able to market the position to an experienced, more stable hire. Conduct research during annual staff evaluations to determine interest in staff members that are interested into advancing into management or higher level technical positions. Formalize a mentorship program to guide and encourage those interested in advancing their careers. 3.2.2 Personnel Maturity Risk 3.2.2.1 Staff Complement Observations Nearly all positions have a backup identified that can serve as at least limited backup support in the case of a primary support person not being available. There are some instances that the backup person is new to the position and is still becoming acquainted with the systems or technology. Opportunities Continue to plan for backup support internally and possibly rely on outside vendors in the case that the skillset is not available or when a deeper skillset is needed. Maturity Risk 3.2.2.2 Staff Development Observations A concerted effort to highlight customer service training within the department has resulted in a marked improvement in the level and quality of IT service delivery. Opportunities The opportunity to get training should be offered to staff in both technical and non- technical courses. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 30 I P a g e Maturity Risk 3.2.2.3 Job Descriptions Observations Job descriptions were recently updated and are reasonable for the duties that the staff are assigned. Opportunities Continue to monitor the job descriptions and update job duties as necessary. Maturity Risk 3.2.2.4 Recruiting Observations Recruiting is done in conjunction with Human Resources. A relationship has been developed with Weber University to help fill some of the Customer Support needs as they arise. Most of the Support Technician I positions are filled from the University because of its part-time nature and flexible scheduling. Opportunities Continue to work with Weber University for recruiting when it makes sense to do so. Consider forming a formalized intern program with the University that can help round out staff and can help to educate members of the community, while the employed student could get class credit. 3.2.3 User Satisfaction Maturity Risk 3.2.3.1 Responsiveness Observations Overall, users were very satisfied with the responsiveness of IT. User acknowledged that problems are resolved in an appropriate timeframe and that IT staff are available during the hours when they need assistance. Opportunities Continue to focus on delivering excellent customer service. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 31 I P a g e Maturity Risk 3.2.3.2 Effectiveness Observations Users noted via the departmental interviews and user surveys that their interactions with the Help Desk are typically positive and effective. Users also mentioned that they are typically informed when a problem cannot be resolved within the promised time. Occasionally, users said that IT is unable to resolve their problems because they might not have the specialized skills to do so. Opportunities Ensure that the IT staff is provided with up-to-date training on all relevant applications that are used within the City. Maturity Risk 3.2.3.3 Communication ▲ Observations Effective communication within exists within IT between management and staff, and the use of periodic “stand up” meetings adopted to facilitate communications between staff members is used as an effective tool for lateral communication. There are occasional issues with communication between the IT Division staff and end users. This is especially noted when issues have to be escalated to another staff member, or if a ticket is laterally transferred to another technician for resolution. Several departments mentioned that IT is sometimes ineffective because of turnover at the Help Desk. This causes some end users frustration when they must explain the issue to several technicians. Some departments noted that IT staff sometimes show up unannounced to their offices and are not easily identified as City IT employees. This has caused some safety concerns in those departments. Opportunities Focus on communication between Help Desk technicians when an issue is transferred. Strengthening this will help alleviate the majority of concerns that end users have about IT. Consider having IT staff dress in a way that identifies them as a member of information technology. Ensure that end users know when to expect an IT staff member to arrive at their workstation. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 32 I P a g e 3.2.4 IT Leadership Maturity Risk 3.2.4.1 Technical Observations Sound technical decisions are being made in most cases, taking into consideration the future, cost, and adoption of the technologies being deployed Opportunities None. Maturity Risk 3.2.4.2 Business Observations The management team of the department seems well situated and able to run the division effectively Opportunities None. 3.3 Administration 3.3.1 Delivery Maturity Risk 3.3.1.1 Project Management Approach ▲ Observations Some departments mentioned that projects sometimes seem to take longer to complete than originally planned. A Project Methodology was developed for use at the City that details the steps for initiating projects, having projects approved, prioritized, tracked and ultimately implemented. There is currently only a single process for handling all types of customer projects, regardless of the size and level of effort required. IT maintenance projects are generally not tracked by the Customer Account area and do not have a project management process attributed to them. Opportunities Ensure that projects are properly scoped so that timelines are set correctly. Projects and project documentation should be sized accordingly for the amount of money being spent and the time allocated to it. All projects should not follow the same path to completion. Consider creating a simpler P.M. approach for smaller projects. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 33 I P a g e Maturity Risk 3.3.1.2 Service Level Agreements ▲ Observations There are no formal Service Level Agreements formalized with the departments. Opportunities A minimal service level agreement or “partnership agreement” should be formally executed with the individual departments to help to clarify the departmental responsibilities versus IT or an external support organization. A sample Partnership agreement has been included in Appendix F. Maturity Risk 3.3.1.3 Problem Reporting Observations Problem reporting is done via the centralized Helpdesk, using the “Track-It” software system Users are able to submit tickets online as well as via phone call and receive a ticket number to refer back to when further inquiry to a problem is needed. Department users had mostly positive comments regarding the ticket system. Opportunities None Maturity Risk 3.3.1.4 Helpdesk Administration ▲ Observations There are six Customer Support staff members that normally staff the Help Desk and are supplemented by two other Customer Support III employees. The majority of the Help Desk employees are part-time employees with varying work schedules. The transient nature of the positions has led to inconsistent support from the helpdesk, yet it maintains a relatively high level of customer satisfaction according to the user survey. There is a “Solutions” tab in the Help Desk system that is used to help troubleshoot common, likely issues, but it is in need of a content refresh and lacks official procedures for adding and deleting content. Customers report having to explain issues repeatedly as issues are moved to other staff members for resolution, indicating a need for a better documentation and hand off procedure. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 34 I P a g e Maturity Risk 3.3.1.4 Helpdesk Administration ▲ Opportunities Shifting the Help Desk to a more permanent state by changing two of the positions to full time will help to resolve some of the concerns around consistency and escalations that were conveyed during interviews, but weren’t necessarily reflected in the survey. Maturity Risk 3.3.1.5 Network / Workstation Management Observations LAN Desk is used for remote control of desktops, as well as application distribution and management. Users do not have administrative access to desktops in most cases. GPO’s are used to manage workstation settings and behaviors. Opportunities Consider migrating the LAN Desk program to Microsoft System Center Configuration Manager, as the City already owns the Client licenses to the product under the Microsoft Enterprise Agreement. Maturity Risk 3.3.1.6 Software Deployment Observations All software is deployed automatically via the LAN Desk console. Opportunities None Maturity Risk 3.3.1.7 Methods / Tools Observations There is a lack of understanding around the IT decision making process. Most end users agree with the need for a coordinating IT process and vision, which will be created as part of this planning process ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 35 I P a g e Maturity Risk 3.3.1.7 Methods / Tools Opportunities The recommended governance process provides for an appropriate amount of input into the process. The governance committee will serve as the conduit from the department to the customers to communicate IT initiatives and the results of the planning progress. Maturity Risk 3.3.1.8 Application Development ▲ Observations All application development is currently handled by outside contractors. The decision criteria for selecting applications (i.e. based on compatibility with existing systems vs. the user defined functionality), has been established, but is not always followed by departments during software selection projects. Opportunities In the long term, some development skills in-house will be inevitable as SharePoint and other toolsets are purchased that will make contracting out of these services more expensive. Contracting of these services today seems to be working in the short term. 3.3.2 IT Governance Maturity Risk 3.3.2.1 Governance Approach Observations Historically, the IT function had been controlled by the administration and had not been viewed as a strategic asset. The current administration appears to view the IT function differently, and has articulated an interest in making some investment in technology. An IT Steering Committee, comprised of selected Department Directors, was formed within the past 2 years to provide input into desired IT investments. IT is accounted for in a separate fund, and is expected to financially breakeven based upon a system of user chargebacks. This appears to be the primary method for managing and holding the IT division accountable. Opportunities The City leadership appears to be in the process of shifting the philosophical view of IT from one of Cost Control toward one of Strategic Investment. This will require a change in IT Governance Approach in order to be most effective. The IT Steering Committee is an appropriate start toward an effective IT governance model. We recommend expanding upon this concept to more fully engage City Leadership and to more formally plan future IT investments. The IT chargeback model is consistent with a Cost Control philosophy of IT. This method is inherently reactive focusing City Leadership discussions on past events (the prior year technology spend). We recommend a more robust IT planning and ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 36 I P a g e Maturity Risk 3.3.2.1 Governance Approach budgeting process to proactively plan the coming year(s) IT investments, and a gradual phase out of the chargeback approach. A suggested governance model is included in the appendix. Maturity Risk 3.3.2.2 User Liaisons ▲ Observations IT staffing is predominantly confined to the IT division. There are various “super users” located in departments throughout the City (e.g. Police, Facilities, other) “Super users” are staff who demonstrate IT skills by using technology to assist their department to transform operations in some manner (e.g. Real Time Crime Center). IT does not have a formal liaison program. Opportunities Consider creating a formal IT liaison program, led by the IT Division. The IT liaison program is intended to create an ongoing, 2way discussion between the IT Division and user departments. IT liaison programs provide “Super users” with IT vision/direction, training, access to expanded technologies. Liaison programs provide the IT Division with an extension of the central IT staff, an opportunity to achieve greater standardization, ongoing feedback regarding customer satisfaction, input regarding IT policy matters. Maturity Risk 3.3.2.3 Technology Budgeting/Funding Observations IT costs are allocated to the departments based on a cost allocation and chargeback model. IT costs, and revenues, are tracked in a separate fund. The IT fund is monitored by City Council as the primary control and accountability mechanism to monitor IT investments. Opportunities Continue to utilize the Cost of Services Model provided in this report to understand the City’s actual annual costs of providing IT services, especially to help decide which services to offer and at what cost. Create and utilize a 3 year budget projection, incorporating recurring and one time expenditures. An IT Plan, updated annually by the IT Steering Committee, should serve as the basis for budget requests, to City management and council. Continue to refine the City decision making process by considering the return on investment of technology items. See model in Appendix. Provide City Council with the IT Plan and provide periodic updates as an ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 37 I P a g e Maturity Risk 3.3.2.3 Technology Budgeting/Funding additional accountability mechanism to evaluate IT investments. Maturity Risk 3.3.2.4 Technology Procurement Observations Technology is procured through competitive bids, state contracts, and cooperative purchasing agreements in some cases. The purchasing staff works with IT well to help procure items efficiently and expediently Opportunities None. Maturity Risk 3.3.2.5 Project Portfolio Management ▲ Observations The City does a great job at tracking the list of upcoming and active projects. The listing lacks the resourcing of staff in projects, so in some cases, staff are overbooked into too many projects concurrently The Customer Account area is responsible for the management of the project portfolio. A Technology steering committee has been established, but it does not yet select or prioritize projects chosen during the planning process. There is no enterprise tool in place that is used to track active project progress or to plan the resources needed for projects. Opportunities Use the governance template provided to introduce the portfolio management tools that are part of the process. Additionally, investment into a fully functional project tracking tool may be a good investment to track costs, time, and breadth of projects. Maturity Risk 3.3.2.6 Business Case Development ▲ Observations There are few “Return on Investment” or “Total Cost of Ownership” studies being performed on projects. Larger projects sometimes have these documents created for them, but it is on an occasional basis. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 38 I P a g e Maturity Risk 3.3.2.6 Business Case Development ▲ Opportunities For more accurate, long term budgeting purposes a business case for each project should be developed every time. This will work to give the organization a deeper understanding of the underlying costs associated with a project, such as hardware and support costs. 3.3.3 Policy Maturity Risk 3.3.3.1 Policies and Procedures Observations The City has an outdated Acceptable Use Policy (AUP) that requires significant updates. There are new user and security policies that are being put in place. There were concerns voiced by IT about gaining customer buy-in and being able to implement the policies fairly and completely. A formal backup policy is in place. There are some procedures in place for departmental operations, but there is a general need for more formalized procedures around a few areas such as documentation of servers and systems, problem escalation, and the “Solutions” tab. It was mentioned often in both customer and staff interviews that previously, it has been difficult to gain buy-in and support of the existing policies, so there was some concern going forward about the enforcement of the new policies as well. Some departments commented that they did not have a clear understanding of any social media policy at the City. Opportunities New policies have been recently approved around and are in the process of the being adopted. It is crucial to gain City Management’s support of the new policies and their enforcement. The Data Security policy is more geared toward device disposals and re- deployment and does not cover everyday data security policies. The list of supplied policies appears to be incomplete. See Appendix B for a listing of standard policies. Ensure that any current or new policies are communicated to all stakeholders. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 39 I P a g e Maturity Risk 3.3.3.2 Standards Observations Existing standards appear to be relatively formal and documented, though there were concerns voiced by IT staff about customer departments procuring their own equipment in some cases. The City has standardized on Alcatel Lucent networking hardware and HP Computer System servers and workstations. Opportunities None. 3.4 Technology 3.4.1 Internet Maturity Risk 3.4.1.1 Remote Access ▲ Observations Remote Access is available via Cisco VPN for the customers and using Net Motion for law enforcement. The Police Department reported problems with dropped connections and lost sessions while using the Net Motion product inside of the police vehicles. The Fire Department uses Sprint Air Cards and the Police Department uses T- Mobile Air Cards. The Fire Department is struggling with coverage with their Sprint Air Cards, and they have been told that they would have better coverage with T-Mobile Air Cards. Opportunities Check the setup of the Net Motion server for best practice configurations from the software company. Additionally, continue to work with T-Mobile to rule out connectivity and modem configuration issues. Migrate both the Police and Fire Departments to the same Air Cards for consistency with coverage and maintenance after the issues have been resolved. Maturity Risk 3.4.1.2 Website and Security ▲ Observations Most users expressed growing dissatisfaction with: the current web development services provider, the ease of use of the web site, and the ability to meet growing demand for integration with other City applications. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 40 I P a g e Maturity Risk 3.4.1.2 Website and Security ▲ Opportunities Determine if SharePoint is the best solution for the City from input from the users and customers of the system. The recommended course of action is to maintain a standard, robust web based tool set that can be used for both external and internal web sites, as well as collaboration sites and a tool that can be used to route work to other staff members or departments. Maturity Risk 3.4.1.3 Content Management Observations The Recorder’s Office is legally responsible for the records on the departments' websites, but sometimes departments create their own websites without assistance from IT, leaving the Recorder and IT unaware of some websites. Several departments stated that they would like to have more control over their web content, and they would like to have the ability to update content with more frequency. Opportunities Establish and enforce a formal website content management policy so that IT and the Recorder are aware of all web-hosted content. Maturity Risk 3.4.1.4 Web Strategy ▲ Observations Some departments expressed a desire to be able to do more business with their customers online. The City web sites are mostly hosted by GoDaddy.com. There are some application web sites hosted by the City for individual departments, such as Police. The tools used to update the websites are somewhat technical in nature, so who can edit the sites is limited. Opportunities Expand e-business capability on the City’s website. Consider expanding website capabilities to take online payments or submittals, where applicable. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 41 I P a g e 3.4.2 Network Maturity Risk 3.4.2.1 Servers ▲ Observations The City has 140 production servers and several SANs from two manufacturers. This does not include any test or vendor provided servers. Nearly all servers used are from HP. Approximately 75% of the physical servers are greater than three-years old. The six primary VMware servers are five years old. There are thirteen VMware servers in place hosting 140 servers. When possible, servers are purchased with a four-year (next business day) warranty and workstations are purchased with a three-year (next business day) warranty. Opportunities Continue the strategy of Virtualizing Physical servers, when possible. Replace the Primary VM servers as soon as possible to limit exposure to outages. Maturity Risk 3.4.2.2 Network Electronics Observations Some infrastructure upgrades to address equipment age, changing needs, and capacity on the core switches will need to be assessed in the next few budget cycles. The City has connectivity from the Municipal Center (network hub) to 28 sites. There is a mix of connectivity speeds and connections ranging from 10 GB city provided fiber at the City’s larger locations, down to 6MB site to site VPN connections to sites such as firehouses. The skillsets needed to support the Alcatel-Lucent Network Equipment may be harder to locate as that manufacturer is not as commonly installed as others, so the trained personnel are not as available and it is important to grow that talent from within to avoid a single point of failure. There is a need for more wireless coverage inside of City Buildings. Opportunities Consider migration of Network Electronics at replacement time to one that is more widely accepted to have an easier time finding skillsets to support the equipment. Contact customers and determine where the wireless coverage needs to be expanded. Ensure that important public spaces and conference rooms are covered as a priority. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 42 I P a g e Maturity Risk 3.4.2.3 Telecommunications Observations A hybrid of VoIP and TDM telephones are used. 16 sites have VoIP and seven sites TDM/PBX sets are used, but they are all connected to the Avaya Systems that are interconnected. There are approximately 550 handsets in use on the various systems. A funding request to significantly upgrade and modernize the system was submitted as a capital request for next year. Currently, an Avaya Modular messaging voicemail system is used Key components of the data and voice systems are over 20 years old and cannot be maintained by the vendor. There are maintenance contracts on the areas of the system that are still supported. The amount of time to resolve issues depends on the criticality and availability of parts for the system. Opportunities Capital funding has been requested to alleviate the issues facing the system. If that funding is not granted, than a project should be launched to determine where the most vulnerable parts of the system are at and how they could be replaced as part of a refresh project. Maturity Risk 3.4.2.4 Storage Observations The City has both NetApp and Lefthand Storage Area Networks in place. The NetApp SAN system has a raw capacity of 30TB and useable capacity of 19 TB. There are 5 Lefthand SANs or consolidated disk arrays in use varying from 3-9 years in age. Opportunities Consider the expansion needs of the City’s SAN as well as a possible duplicate SAN infrastructure that will be used in Disaster Recovery. Maturity Risk 3.4.2.5 Security ▲ Observations There is a difference of opinion between the Police Department and IT and as to whether or not the city is in compliance with CJIS policy. The City uses Sophos Endpoint Antivirus on servers and workstations for endpoint security and disaster recovery. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 43 I P a g e Maturity Risk 3.4.2.5 Security ▲ Opportunities Further discussion is needed into the matter to determine whether or not the City is in compliance. However, the City is operating similarly to how other jurisdictions with law enforcement responsibilities operate. Maturity Risk 3.4.2.6 Data Backup Observations The city utilizes a partner (St. George) to host some of its near-line backup data. A formal backup policy is in place. The City uses Disk-to-Disk and Disk-to-Tape and Disk to Remote site for backup. Full backups are performed daily Opportunities None. 3.4.3 Applications Maturity Risk 3.4.3.1 Enterprise Software Applications ▲ Observations The City currently uses Tyler Technology’s Eden ERP system that was implemented in 1999. The purchasing, general ledger, licensing, invoicing, receivables, payroll, budgeting, and permitting functions within the system have been decentralized to the departments. The majority of departments noted that, although IT has been good at applying the latest updates, the Eden system is at the end of its lifecycle. Several departments mentioned that they are uncertain that they are using their current applications to their fullest potential because they were never formally trained on the systems. Some departments expressed that they have no application that can be used to track grants and projects, which is highly desired. The Eden application is used for permits city-wide. That portion of the application is also hosted at the vendor. Several users stated that it can be difficult to extract data from the enterprise systems, primarily with regards to Eden and Incode Utility Billing systems. Some department heads noted that there is not much collaboration between departments and their divisions with regards to how technology is used to address business needs. This can cause two departments to use separate applications ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 44 I P a g e Maturity Risk 3.4.3.1 Enterprise Software Applications ▲ with overlapping functionality, or it can cause one department to have gaps that could be met using an existing application in a different department. There is not a unified, City-wide, strategy to address the growing demand for document management. Opportunities When considering a replacement for Eden, ensure that the City conducts a thorough ERP needs assessment. All departments and stakeholders should be engaged in defining requirements for the new system. Key stakeholders from each department should be involved in the implementation of any new system. By taking this approach, it will help ensure that the new system meets the needs of the City and also has a properly trained user base from the beginning. When implementing new enterprise applications –and before selecting any new applications to replace aging ones – ensure that users have been properly trained on the applications so that all relevant functionality is being fully utilized. When considering a replacement for Eden, assess the return on investment of a Project and Grants module or software package, and evaluate alternative systems approaches to streamline paper intensive financial and HR processes. A process needs to take place to determine what enterprise level document management system is to be used citywide. The process should essentially mirror an RFP process to allow a comparison of the functionality of the systems that are available on the market today. Maturity Risk 3.4.3.2 GIS Observations Several departments noted that they do not believe that IT is taking much care with keeping GIS layers up to date. Some departments would like there to be an interface between the utilities companies and the GIS system so that gas and electrical lines can be viewed in the system. The Airport would like to use GIS functionality to track property rentals and other business needs. Opportunities Consider further decentralizing GIS data entry to the departments so that the departments are responsible for their own data entry. Consider options for collecting and inputting external utility data into GIS. Identify potential uses for GIS at the Airport by having open discussions to gather requirements and identify business needs. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 45 I P a g e Maturity Risk 3.4.3.3 Reporting ▲ Observations Overall, the Departments expressed that there is a general lack of reporting capability from many of the City's applications. IT uses Reports to create reports out of Eden. Departments can request that IT creates reports for them. Some departments mentioned that IT seems to push back when asked to create new reports using Reports. Opportunities Departments are reliant on having accurate, relevant reports so that they can most effectively address the needs of their customers. IT should consider expansion of report writing out into the departments as long as a useable data set can be presented to the end users to create their own reports. The users would need training on Reports to make this feasible. Several departments mentioned wanting this functionality and visibility into their systems. Maturity Risk 3.4.3.4 Interfaces ▲ Observations Some of the department-specific applications do not have interfaces built between them. For instance, refuse billing is done through Incode, but the data must be dual entered into Cartegraph. Opportunities Consider interfacing the City’s applications so that data does not need to be entered in multiple systems. When implementing a new financial system, identify all of the current and potential future interfaces so that they can be incorporated into the final system design. Maturity Risk 3.4.3.5 Platforms and Tools Observations SharePoint is in limited use in the Police Department, but there is a Citywide need for the technology that would work to reduce the amount of Paperwork and provide for some of the document management needs of the City. LANDesk is being used to manage desktops and to distribute applications. A Microsoft Enterprise Agreement is in place, but it could be more fully used. For example, only 2 of the 6 products that are made available to the City are being used. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 46 I P a g e Maturity Risk 3.4.3.5 Platforms and Tools Opportunities Explore the possibility of more fully using the benefits that are provided by the Enterprise Agreement. Some of the products that are included are: Online email Spam filtering, SharePoint Team Licenses, Forefront desktop and server virus protection, and System Center Configuration Manger. There are additional products that would be available if the desktop licensing were to be upgraded to the “Enhanced” level makes advanced SharePoint Licensing, Exchange Voice Licenses, and Excel Forms functionality. Maturity Risk 3.4.3.6 Departmental / Site Specific Applications ▲ Observations Some departments use Cartegraph for operations management. While user satisfaction was generally good, several users mentioned that they are unable to easily get data out of the system. Some users also noted that they do not believe that the system is being used as widely as it can be throughout the city nor is it being used to its full capabilities. Cartegraph is a growing application that is being used in more departments, but the support for it is mostly provided by a GIS staff member. The continuing deployment and support needs for this product are taking focus away from the GIS program. The Prosecutor’s Office does not current use a document management system, and the Office is starting to consider procuring a document management system to alleviate issues associated with paper. The Fire Department has been moving its fire records to ImageTrend from FDM, with a target of January 2014 for completion. The Building Services Division is using Basecamp for project management, which is an inexpensive and relatively simple application. One of the benefits that was identified with the application is that is allows the Division to circumvent Eden, although permits are still issues through Eden. The City does not currently have a contract management system. Opportunities Ensure that Cartegraph is being used by all divisions and departments that have relevant business needs. Sometimes a unit may not realize that they have a gap that can be bridged using existing technology in another unit. This same philosophy can be used for all applications being used by departments. Encourage technology discussions between business units. Position IT as an expert in the functionality of existing systems so that IT can better advise departments on software functionality and possibly expand the use of existing software before a software acquisition is made. The knowledge already exists within the department, but it is not marketed as a skillset. As the Prosecutor’s Office begins to seriously consider moving to a document management system, they should first be encouraged to explore using the current Worldox system that is already in use on the civil side of the City Attorney’s Office. If the Worldox system cannot meet the needs of the entire City Attorney’s Office, ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 47 I P a g e Maturity Risk 3.4.3.6 Departmental / Site Specific Applications ▲ the Office, in conjunction with the City as a whole, should consider selecting a new system that can be used Citywide. Continue to assist the Fire Department with moving their records to the ImageTrend application. Identify other departments and divisions that have a need for project management software, and consider expanding the use of Basecamp to those departments. Consider implementing a contract management system for use by the City Attorney’s office and any other department that manages a significant volume of contracts. 3.4.4 End-User Computing Maturity Risk 3.4.4.1 Workstation Strategy ▲ Observations Several department users noted that they are restricted from performing updates to non-enterprise applications (i.e. Adobe applications) on their workstations without intervention from IT. Some departments expressed a desire to be able to access their commonly used applications in a mobile environment. Opportunities Consider more frequent automated software distributions on user workstations so that IT is not burdened by needing to respond to routine software updates. When assessing current applications and selecting new applications, take mobility into consideration. Identify the specific needs of each department and address those needs through the application assessment process. Maturity Risk 3.4.4.2 Office Automation Observations Office 2010 is used throughout the organization and a Microsoft Enterprise Agreement is in place to ensure future upgrades. Opportunities At the time of the next upgrade cycle, investigate whether Office 365 is feasible for the City to migrate on to. Because of the recent Exchange investments, it doesn’t make sense at this time to move the email and office productivity suite to the cloud. However, there may be a cost advantage in 2-3 years when looking to upgrade the Exchange servers again. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 48 I P a g e Maturity Risk 3.4.4.3 Operating System Observations The predominant operating system used on the servers is Microsoft Windows 2003. However, there are many Windows 2008 servers as well. As a part of the natural upgrade process, the operating systems will be standardized to Windows 2008R2 Opportunities None. Continue to upgrade servers as software is upgraded and compatible with the new Operating System and when hardware is replaced. Maturity Risk 3.4.4.4 Refresh ▲ Observations Some departments mentioned that the hardware replacement schedule is unclear or that the timeframe does not work for their department. Some workstations are approaching 7 or more years of age because replacement plans are not fully funded Workstations that require more resources are replaced more often and older, higher powered machines are handed down to other users, referred to as tiering. Sometimes one workstation being replaced will result in up to four or more workstation “bumps” Opportunities Publicize the hardware replacement schedule and ensure that it meets the unique needs of each department. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 49 I P a g e 4 Cost of Services Analysis The following cost of service analysis reflects all costs incurred by the City to support each tower of service based on the following categories: Labor. Includes salaries, overtime, and benefit costs budgeted for IT staff. Operating. Includes all other on-going costs such as application maintenance and phone service. Capital. Includes annualized cost for capital purchases based on the expected lifespan. Debt Service and Revenue were also considered as part of this analysis, but the IT Division does not directly use debt service instruments for funding. Additionally, no sources for revenue were identified in the financial documents that were used for this analysis. Assumptions regarding the Cost of Service analysis are included in Appendix E: Cost of Services Assumptions. By knowing these costs, the City will be well positioned to evaluate options available in the IT marketplace. The following chart illustrates the City’s cost of services by major service component: The following chart illustrates a percent cost breakdown by cost category. $251,224 $396,468 $426,345 $939,275 $1,223,525 $408,700 $216,779 $182,823 $1,407,277 $396,468 $1,560,540 $3,906 $426,345 $38,000 $553,464 $0.M $0.4M $0.8M $1.2M $1.6M Infrastructure General Support Applications Disaster Recovery Governance & Management Cable TV Network General Overhead Cost/Revenue by Major Service Component Labor Operating Capital ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 50 I P a g e 18.5% 36.0% 52.2% 11.3% 46.9% 44.0% 29.1% 9.5% 15.7% 31.3% 0% 25% 50% 75% 100% Labor Operating Capital Major Cost Components by Cost Type Infrastructure Applications General Support General Overhead Governance & Management Cable TV Network Disaster Recovery ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 51 I P a g e The following chart illustrates a cost breakdown by minor cost category: $397,299 $90,966 $414,882 $373,896 $75,581 $54,653 $197,042 $91,864 $107,562 $19,964 $1,445,276 $95,301 $3,906 $426,345 $38,000 $553,464 $0.M $0.4M $0.8M $1.2M $1.6M Network/ Telecommunications Operations GIS Services Radio/Wireless Data Center Operations Phone System Security Help Desk Desktop Support Database Administration GIS Application Development Application Maintenance Application Deployment & Support Disaster Recovery IT Strategy and Leadership Cable TV Network General Overhead Cost by Minor Service Component Labor Operating Capital ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 52 I P a g e The following chart illustrates resource allocation in the form of FTEs per major service component: 3.14 1.94 4.34 1.46 4.08 0.00 0.04 0 1 2 3 4 5 Infrastructure Applications General Support General Overhead Governance & Management Cable TV Network Disaster Recovery FTEs by Major Service Component ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 53 I P a g e The following chart illustrates the percent of labor costs by major cost component: 4.1 Cost of Services Commentary Compared to other public entities and accounting for the different sizes in each entity’s IT budget, Ogden City spends more than others on approximately 30% of its IT services and less than others on approximately 50% of its IT services. In order to compare costs to other communities, the Department’s overhead expenses were allocated to the services based on the weighted average expense for each service. Those services for which Ogden City spends more are network/telecommunications operations (including radio/wireless, the phone system, and the cable TV network) and business applications (including GIS services). For those services in which Ogden City is spending more than others, the City could benefit from determining alternative strategies for providing such services (such as changes to internal operations or identifying a third party to provide the services). Those services for which Ogden City spends less are security, desktop support, database administration, and disaster recovery. As discussed in the previous sections of this report, Ogden City would benefit from increasing its investment in these services. This cost of services analysis provides insight into how Ogden City is operating today along with an assessment of how the City’s costs compare to other IT Divisions in public entities. This information is the beginning of a continuous improvement process. With this information, the City is ready to take 14.7% 50.0% 24.6% 25.4% 20.0% 45.8% 9.8% 20.0% 14.7% 40.6% 4.1% 9.1% 10.0% 10.8% 0% 25% 50% 75% 100% IT Operations IT Communications Geographic Information Systems (GIS) Percent of Labor Costs by Major Cost Component Infrastructure General Support Applications Disaster Recovery Gov. & Mgmt. General Overhead ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 54 I P a g e additional steps that can help it strive toward providing services more efficiently and effectively. Such steps could include: Preparing an expectation of future annual IT costs (such as for the next five years) and creating a plan for evolving into its desired IT Division. Calculating the costs of services per a respective unit of measure (such as help desk costs per number of City employees) and comparing this cost to the estimated cost of using a third party to provide such services. Determining the drivers that impact the IT Division’s costs, in order to charge end-user departments for services, providing appropriate incentives and disincentives for using IT services. With this information, Ogden City can strive to meet its employees’ and citizens’ needs efficiently and effectively, enabling other resources (including City staff and funds) to provide even greater value. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 55 I P a g e Appendix A: End-User Survey As part of the IT Assessment process, an end-user technology and services survey was conducted. The goals of the survey included assessing the satisfaction of technology users and identifying technology needs. The survey and survey data collected was managed externally by Plante Moran. To encourage participation, a survey invitation was distributed by the City’s management to all staff with City-issued email addresses. City staff were directed to a web-based survey and informed that their suggestions and individual response to the survey would remain confidential and only summarized results would be provided to City management. The survey remained available for over two weeks and multiple messages were sent during that timeframe encouraging them to complete the survey by the deadline if they had not done so already. Of the 875 City staff invited, 359 staff participated and 299 staff fully completed the survey which on average took 10 minutes to complete. This reflects a 41% response rate which can be considered very high for such a survey and adequate to place reasonable assurance in the accuracy of the results. Complete survey results for each category have been provided to the City under separate cover and are not included inside this report. A highlight of key results is provided on the following chart: Question Positive Response IT Staff are “customer service” oriented. 94% Interaction with the Help Desk is positive and effective. 92% IT Staff “listen” to my needs and provide an action plan to resolve the request (when feasible). 90% IT staff think creatively and innovatively. 86% Overall, I am satisfied with the level of direction and leadership from IT staff. 81% IT Decision Makers provide a clear vision for the future direction of technology. 67% There is a clear process for how technology related projects are identified, reviewed, prioritized and executed. 62% ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 56 I P a g e Appendix B: Return on Investment Policy and Model Section 1 SUMMARY Project portfolio management (PPM) facilitates decision making, through evaluation, selection, prioritization, balancing, and execution of the work, realization of benefits and feedback of results for process improvement. Project portfolio management is not project management. Rather, project management is an essential tool of project portfolio management. The purpose of the IT Project Portfolio Management Policy is to identify, prioritize and balance IT projects so that appropriate resources can be applied in a timely manner to ensure successful project management and achieve the City’s operational and financial goals. The project portfolio as the primary tool to support IT decision-making and will demonstrate the relationship between current and planned investments. DEFINITIONS Portfolio - a collection of projects or programs and other work that are grouped together to facilitate effective management of that work to meet strategic business objectives. Program – a group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually. Project – a temporary endeavor undertaken to create a unique product, service or result. Other Work - work that is not characterized as a project or program but which management has determined it will include in the portfolio management process because of its call on the same resources, e.g. Initiatives. Business Case - a key document in the early life of a project or program that describes the reasons and the justification for its undertaking based on its estimated costs, the risks involved and the expected future business benefits and value. It provides the basis for selection and authorization of further effort on a project's definition, planning and estimating. Benefit - an outcome of the project that is perceived as beneficial by a stakeholder. Executive - that part of a whole organization or Business Unit responsible for governance and stewardship, i.e., strategic planning, administering and managing their entire part of their organization. Program Management Office (PMO) – a group that defines and maintains standards for project management and project portfolio management within the organization. Project Management - the application of knowledge, skill, tools, and techniques to project activities to meet the project requirements. Operations - that part of an organization responsible for the on-going deployment and support of services. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 57 I P a g e CITED/RELATED POLICIES AND DOCUMENTS IT Project Request Form (Section 2) IT Project Scoring Form (Section 3) IT Master Project List (Section 4) POLICY The IT Project Management Office (IT – PMO) manages Project Portfolio Management (PPM) o The Program Management Office will define and manage PPM for IT. PPM as owned by the PMO will be the IT office of record and will be the single source of truth regarding project status. That means: o PMO will maintain the IT master project list o PMO will be conversant in major project status and IT resource loads at any given point in time o PMO will communicate key information to all IT staff members on a regular at a minimum) basis All potential projects shall be requested through the IT Project Portfolio Management Process. All potential projects shall be proposed by completing the IT Project Request form (Appendix A) and IT Project Scoring form (Appendix o The form will include sufficient information regarding the priority of the potential work so as to enable IT management to make decisions about where it is placed in the context of ongoing work. All projects require some form of project management to be successful. At a minimum, PPM requires that all IT projects will be responsible for to provide the following outputs into the portfolio management process: o Project charter (including a project owner and team members) o Functional requirements o Project schedule o Resource requirements o project status using standard PMO document Application of this policy will be phased in: ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 58 I P a g e o Phase I will provide for a rapid deployment of a minimum set of procedural steps that will address the highest priority issues quickly (See Phase I Procedure section below). o Phase II and beyond will mature the process and benefit from lessons learned in previous phases and will be initiated by a revision to this policy. Disciplinary Action Violation of this Project Portfolio Management Policy may result in disciplinary action up to and including termination of employment. Approvals Required Approvals and concurrence of the Chief Information Officer (CIO), or by delegation IT Managers are required for further revisions to this policy. PROCEDURE Project Intake Potential new projects are initiated by completing the Project Request form and submitting it to the PMO via email. o A majority of the new potential work will be initiated by the CIO, IT Managers, Security Officer, Admin Manager or PM – Lead, from customer contact or as a result of upgrades, audits or other internal processes Customers will be engaged in this process to assist IT with the completion of this form o Other potential work will originate with user contact with the IT Help Desk Help Desk will route unique, non-operational work to the appropriate Deputy Director who will evaluate the request and determine if it should be routed to the PMO as a potential project or back into the IT Service Management process The PMO will acknowledge the new request via email The PMO will review the request for completeness. If incomplete, the requestor will be notified and the request will be returned. The complete request will be scored by the requestor with PMO assistance if necessary. The complete request and score will be added to the bi-weekly PPM agenda and reviewed at the meeting. Management of the Master Project List PMO will hold bi-weekly meetings where new projects are introduced and vetted. Attendees are: CIO, IT Managers, Audit Officer, Security Officer, Admin Manager and PM – Lead. The agenda for this meeting will be: o Review of status updates from project owners o Verification of existing project priorities ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 59 I P a g e o Review of resource availability (human and financial) o Introduction of new potential projects o Group discussion on where new projects fit within existing priorities Approved requests will be prioritized based on scoring, requested timeline and resource availability The PMO will assign a project number to the approved request and notify requestor of approval status and targeted start date o If an approved request is prioritized above an active project, communication to the impacted lower priority project and resource manager will be required by the PMO Approved request will be assigned a project manager by the PMO when the actual project start date is determined Non-approved requests will be returned to the requestor by the PMO with comments regarding non-approval ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 60 I P a g e Section 2 IT Project Request Form Project Name Request Date Project Type New Application Application Upgrade Other Requestor Name Phone Department Dept # Department Sponsor Phone Business Analyst/UL Phone Project Overview Description: What is being proposed? Provide a brief description. Objective(s): What is the purpose of the proposed project? Highlight benefits for your department and City. Strategic Fit: What City and/or department strategic objective(s) will be met by the proposed change? Impact: What other systems/services, departments or resources will be impacted by the proposed change? Risk(s): What are the risks of doing the project? What are the risks of not doing the project? Doing: Not doing: Mandate: Is there a mandate for this proposed change? Date Required: Click here to enter a date. Budget: Is funding required? What is the funding source? ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 61 I P a g e Funding Required: Choose an item. Amount (if funded): Funding Year: Choose an item. Funding Source and Amount: County State Federal Timeframe: What is the estimated start and end date? Estimated Start Date: Estimated End Date: Milestones: High level dates to assist with resource planning. Requirements Click to enter a start date. Click to enter an end date. Design / RFP Click to enter a start date. Click to enter an end date. Architecture Ready Click to enter a start date. Click to enter an end date. Development / Configuration Click to enter a start date. Click to enter an end date. Testing Click to enter a start date. Click to enter an end date. Operations Ready Click to enter a start date. Click to enter an end date. Go Live Click to enter a start date. Click to enter an end date. IT Only: Date Received: PMO Review Date: Business Case Required: Yes No IT Review Date: Project Approved: Yes No Requestor Notify Date: Comments: ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 62 I P a g e Section 3 IT Project Scoring Form No allignment (0 pts) 0 Required (12) Is this project Required? (Select best one only) Required to sustain Operations (+12 pts) 0 Required to reduce risk pts) 0 Required to reduce cost pt) 0 Not Required (0 pts) 0 Flexibility (12) Is the project timeline flexible? (Select best one only) Required in fewer than 12 months pts) 0 Required in fewer than 18 months pts) 0 Required within 2 years pt) 0 No Required Deadline (0 pts) 0 Need of System (12) Is it an urgent need for the County? (Select best one only) Urgent for County(+8 pts) 0 Pressing need of the County(+4 pts) 0 Urgent for Department pts) 0 Pressing need for Department(0) pts) 0 0 Reach/support customer base (10) What users will be impacted? (Select best one only) Internal and external? (+10 pts) 0 External only? pts) 0 Internal only? pts) 0 Single department only pts) 0 Increase effectiveness (10) Does it improve ability of City staff or their customer to do task? (Select best one only) Improvement for City staff and customer (+10 pts) 0 Improvement for City staff or customer pts) 0 No improvement for City staff or customer pt) 0 Current State (10) What is the state of the current system? (Select best one only) Completely inadequate / End of Life / New System (+10 pts) 0 Functioning, but close to end of life pts) 0 Functioning, but could be better pt) 0 System Upgrade (0 pts) 0 0 Staff or System Reduction (10) What is the effect on staff or systems reduction? (Select best one only) Addresses unnecessary / likely redundancy (+10 pts) 0 Reduce Head Count / Systems pt) 0 No Change in Staff or Systems pts) 0 Additional staff / systems needed for support pts) 0 Operational cost (10) Is there a positive ROI? (Select best one only) Will pay for itself and generate revenue? (+10 pts) 0 Implemented to avoid cash expenditure pts) 0 No effect (0 pts) 0 Increase 0 0 Totaled Priority Score 0 Urgency (110) Category Sub-Total Impact (30) Category Sub-Total Financial (20) Category Sub-Total ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 63 I P a g e Section 4 Master Project List Components: The master project list is an excel file which include the following information for each project: Status – Active, Pending, Proposed, Archived Project ID – Project Identifier given to project once approved and active Priority – determined by project scoring form and PPM Balancing exercise Project Name – Name and description of project Project Type – Compliance, Strategic Investment, Incremental Upgrade IT Division – Technical Services, Enterprise Services, Governance, Other Dependency – Other project dependencies Start Date – Estimated beginning date of project End Date – Estimated end date of project Budget Amount – Approved Budget Amount Sponsor – Project decision maker Department – Department(s) involved with the project Project Manager – Assigned project manager Phase – Imitation, Planning, Executing, Closing Project Health – Green, Yellow, Red Executive Summary – Summary of activity and status ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 64 I P a g e Appendix C: Sample Polices Sample Policy Policy Purpose / Content Antivirus Policy This policy defines how organizational resources are protected against intrusion by viruses and other malware. At a minimum, the policy identifies how servers and workstations are scanned, signature updates, email virus and malware scanning, email attachments, etc. Patch Management Policy This policy is required to establish a minimum process for protecting the organizational computers on the network from security vulnerabilities. This policy will determine how updates are done for both servers and workstations and who is responsible for performing the updates along with specifying the tools used to perform system updates. Remote Access Policy This policy defines standards for connecting to the organizational network and security standards for computers that are allowed to connect to the organizational network. This policy should also specify how remote users can connect to the main organizational network and the requirements for each of their systems before they are allowed to connect. Incident Response Plan (IRP) The IRP defines what constitutes a security incident and outlines the incident response phases. At a minimum, this should address what constitutes an incident, incident response goals, incident planning, and the incident response life cycle. Data Management and Retention Policy Data retention policy defines the types of data and their retention requirements. In addition the retention policy describes the procedures for archiving the information and guidelines for destroying the information. Portable Storage Policy A policy should be developed that either prohibits the use of USB drives or allows their usage with proper standards. Password Policy This policy is a designed to enhance compute security by encouraging users to employ strong passwords and use them properly. User Access Policy This policy defines the users who have access to and control of sensitive or regulated data. This policy is designed to minimize risk to organizational resources and data by establishing privileges for users of data and equipment on the network to the minimum allowable while still allowing users to perform job functions without undue inconvenience. This policy should be very specific and refined based on the needs of the organization. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 65 I P a g e Sample Policy Policy Purpose / Content Infrastructure Refresh Policy The purpose of a refresh policy is to ensure technology (network, servers, storage, backup, telecom, workstations) do not become obsolete. A comprehensive policy can be created or individual policies can be developed for each area. Help Desk Policy This policy identifies the proper method for requesting assistance from the IT helpdesk. This will assist IT in providing enhanced service, developing appropriate software training needs, and assessing the suitable level of staff needed to handle the volume of requests. Change Management Policy The purpose of the change management policy is to manage changes in a rational and predictable manner so that end-user and other IT staff can plan accordingly. A formal written change request must be submitted for all changes, both scheduled and unscheduled. Security Penetration Testing Policy This policy is designed to establish a protocol to routinely evaluate the security of the City’s IT network systems by simulating an attack from a malicious source. Computer and Internet Usage Policy/Acceptable Use Policy The policy is set of rules applied by the City’s that restrict the ways in which the network, internet access and other systems may be used in order to mitigate the risk of inappropriate use. Data Backup Policy The purpose of the data backup policy is to protect data in the organization to be sure it is not lost and can be recovered in the event of an equipment failure, intentional destruction of data, or disaster. Email Usage Policy This policy can be incorporated within an Acceptable Use Policy (AUP) and is intended to address appropriate use of email and or other communications systems, as well as ownership of both the systems and the communications themselves. Social Media Policy This policy is intended to address the purpose of social media in the City, identifying responsibilities of the citizens and staff, encouraging and providing guidelines in consideration of the expected audience. IT Asset Management Policy The purpose of the IT asset management policy is to join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 66 I P a g e Sample Policy Policy Purpose / Content Mobile & Personal Device Policy The purpose of the mobile & personal device policy is to ensure compliance with federal regulations governing privacy and security of information, and to protect confidential data in the event mobile electronic data device loss or theft. The policy also defines the appropriate usage of these devices when used to access the City’s resources. Compliance Policy This policy is intended to present how the City defines compliance (e.g. HIPAA, etc.) and the compliance function’s role and responsibilities regarding the management of compliance risks. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 67 I P a g e Appendix D: Service Level Metrics Performance Classifications The following represents the Classification Levels used in connection with the proposed Ogden City Service Level Agreement Measures. Classification Level Meets one or more of the following Urgent Severity Issue affecting entire system; System down; Potential direct patient care affected; and/or Data integrity at risk; Critical Severity Issue affecting single critical production function; System operating in materially degraded state; and/or Material financial impact High Severity Minor failure has occurred; and/or Data entry or access is impaired on a limited basis Medium Severity System is operating with minor issues that can be circumvented Low Severity Request for assistance, information or services that are routine in nature ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 68 I P a g e Proposed Ogden City SLA Scorecard The following Ogden City SLA Scorecard indicates the Measures and Performance Levels which will be used to evaluate the performance of the Technical Services Department in delivering IT Services and Projects. Staffing Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure- ment Period Staffing Annual Staff Retention Rate N/A 90% 80% Within 5 business days of the end of Measurement Period Annually Staff Education Plans Compliance N/A 75% 60% Within 5 business days of the end of Measurement Period Annually Suggested Source: HR/IT Management Measure Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure- ment Period Quality Failed Change Management Requests N/A 5% 10% Within 5 business days of the end of Measurement Period System Availability (Up Time) 100% 99.9% 99.0% Within 5 business days of the end of Measurement ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 69 I P a g e Measure Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure- ment Period Period Network Availability (Up Time) 100% 99.9% 99.0% Within 5 business days of the end of Measurement Period Telecommunications Availability (Up Time) 100% 99.9% 99.0% Within 5 business days of the end of Measurement Period Suggested Source: Remedy/HP Openview Client Satisfactions Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure- ment Period Client Satisfaction Annual Client Satisfaction Score 5.00 4.5 4.0 Within 5 business days of the end of Measurement Period Annually Client Satisfaction Scores 5.00 4.5 4.0 Within 5 business days of the end of Measurement Period Project Client Satisfaction Scores 5.00 4.5 4.0 Within 5 business days of the end of Measurement Duration of Project ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 70 I P a g e Client Satisfactions Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure- ment Period Period Project Milestone Client Satisfaction Scores 5.00 4.5 4.0 Within 5 business days of the end of Measurement Period Duration between Milestone Activities Suggested Source: Help Desk Surveys and Formal Surveys Responsiveness Measure Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Responsiveness Tickets Resolved First Contact 70% 80% 60% Within 5 business days of the end of Measurement Period Initial Response Time – Business Hours – Phone Call, Instant Message N/A Immedi ate 10 Min. Within 5 business days of the end of Measurement Period Initial Response Time – Business Hours – Email, On-Line Ticket N/A 15 Min. 30 Min. Within 5 business days of the end of Measurement Period Initial Response Time – After Hours N/A 15 Min. 30 Min. Within 5 business days of the end of Measurement ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 71 I P a g e Responsiveness Measure Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Period Time to Resolve Urgent Severity N/A 12 hrs 24 hrs Within 5 business days of the end of Measurement Period Time to Resolve Critical Severity N/A 24 hrs 2 days Within 5 business days of the end of Measurement Period Time to Resolve High Severity N/A 24 hrs 5 days Within 5 business days of the end of Measurement Period Time to Resolve Medium Severity N/A 24 hrs 5 days Within 5 business days of the end of Measurement Period Time to Resolve Low Severity N/A 5 days 10 days Within 5 business days of the end of Measurement Period Central Helpdesk Measures – Suggested Source: Remedy Responsiveness Measures Performance Levels Critical Performance Levels Reporting Performance Levels ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 72 I P a g e Benchmark Goal Floor Reporting Period Measure -ment Period Responsiveness Tickets Resolved First Contact N/A 25% 20% Within 5 business days of the end of Measurement Period Initial Response Time – Business Hours – Phone Call, Instant Message N/A Immedi ate 10 Min. Within 5 business days of the end of Measurement Period Initial Response Time – Business Hours – Email, On-Line Ticket N/A 15 Min. 30 Min. Within 5 business days of the end of Measurement Period Initial Response Time – After Hours N/A 15 Min. 30 Min. Within 5 business days of the end of Measurement Period Time to Resolve Urgent Severity N/A 12 hrs 24 hrs Within 5 business days of the end of Measurement Period Time to Resolve Critical Severity N/A 24 hrs 2 days Within 5 business days of the end of Measurement Period Time to Resolve High Severity N/A 24 hrs 5 days Within 5 business days of the end of Measurement Period Time to Resolve Medium Severity N/A 24 hrs 5 days Within 5 business days of the end of Measurement Period ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 73 I P a g e Responsiveness Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Time to Resolve Low Severity N/A 5 days 10 days Within 5 business days of the end of Measurement Period Suggested Source: Wireless Asset Management System Projects Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Projects Projects within Budget 100% 90% 80% Within 5 business days of the end of Measurement Period Projects Timely Completion 100% 90% 80% Within 5 business days of the end of Measurement Period Suggested Source: To Be Determined Projects Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 74 I P a g e Projects Measures Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Project Milestones Milestones within Budget 100% 90% 80% Within 5 business days of the end of Measurement Period Milestones Timely Completion 100% 90% 80% Within 5 business days of the end of Measurement Period Suggested Source: To Be Determined Financial Measure Performance Levels Critical Performance Levels Reporting Performance Levels Benchmark Goal Floor Reporting Period Measure -ment Period Financial Operational Budget Variance 0% 5% 15% Within 5 business days of the end of Measurement Period ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 75 I P a g e Measurement Definitions and Calculation Measure Description Calculation Staffing Staff Retention Rate Percent IT staff retained (T ÷ HC) x 100 = % Where: T = Total turnover count per calendar month HC = Total head (FTE) count on the first day of the calendar month Staff Education Plans Compliance Percent compliance with IT staff education plans (CC ÷ CP) x 100= % Where: CC = Total count of courses completed by staff members CP = Total count of courses planned Measure Description Calculation Quality Failed Change Management Requests Percent of change management requests which fail (FR ÷ TR) x 100=% Where” FR=Total count of the failed change management requests TR=Total count of the change management requests System Availability (Up Time) Percent of total possible time available per month for mission critical systems according to predefined service hours; does not include scheduled downtime (24 × M – O) ÷ (24 × M) × 100 = % Where: M = number of days in the measurement period O = Outage time in hours for each affected service The measurement period for service availability is each calendar month. Outage time for service availability will begin when an incident is reported. Network Availability (Up Time) The time all network segments (including internet connectivity) are available according to predefined service hours; does not include scheduled downtime. (24 × M – O) ÷ (24 × M) × 100 = % Where: M = number of days in the measurement period O = Outage time in hours for each affected service The measurement period for service availability is each calendar month. Outage time for service availability will begin when an incident is reported. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 76 I P a g e Measure Description Calculation Telecommunications Availability (Up Time) The time all telecommunication services (including voicemail, PBX, & VoIP) are available according to predefined services hours; does not include scheduled downtime. (24 × M – O) ÷ (24 × M) × 100 = % Where: M = number of days in the measurement period O = Outage time in hours for each affected service The measurement period for service availability is each calendar month. Outage time for service availability will begin when an incident is reported. Measure Description Calculation Client Satisfaction Annual Client Satisfaction Score The measure of customer satisfaction by distributing, collecting, and analyzing standard surveys to users based upon problem tickets. Average of all scores from the survey responses (1 – 5, where 5 is the highest level of satisfaction). Customer Satisfaction Score The measure of customer satisfaction by distributing, collecting, and analyzing standard surveys to users based upon problem tickets. Average of all scores from the survey responses (1 – 5, where 5 is the highest level of satisfaction). Project Client Satisfaction Score The measure of customer satisfaction by distributing, collecting, and analyzing standard surveys to users based upon completion of a specific project. Average of all scores from the survey responses (1 – 5, where 5 is the highest level of satisfaction). Project Milestone Client Satisfaction Score The measure of customer satisfaction by distributing, collecting, and analyzing standard surveys to users based upon completion of a specific project milestone. Average of all scores from the survey responses (1 – 5, where 5 is the highest level of satisfaction). Measure Description Calculation Responsiveness Tickets Resolved First Contact Percent of problem work orders resolved upon first contact by an IT staff member with the user. RFC ÷ TWO × 100 = % Where: RFC = Help Desk tickets resolved during first contact with the Help Desk ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 77 I P a g e Measure Description Calculation TWO = Total Help Desk tickets Initial Response Time – Business Hours – Phone Call, Instant Message The time it takes a user to receive a response to a phone call or instant message to the Help Desk during business hours. Date/Time of Response – Date/Time of Contact (Call/Instant Message) = Initial Response Time Initial Response Time – Business Hours – Email, On-Line Ticket The time it takes a user to receive a response to an e-mail or on-line ticket to the Help Desk during business hours. Date/Time of Response – Date/Time of Contact (Email/On-Line Ticket) = Initial Response Time Initial Response Time – After Hours The time it takes a user to receive a response after reporting an issue to the Help Desk after business hours. Date/Time of Response – Date/Time of Contact = Initial Response Time Time to Resolve Urgent Severity The time it takes a user to receive a solution or circumvention after reporting an issue to the Help Desk during normal business hours for urgent severity ticket. Date/Time of Resolution – Date/Time of Initial Response = Time to Resolve Time to Resolve Critical Severity The time it takes a user to receive a solution or circumvention after reporting an issue to the Help Desk during normal business hours for critical severity ticket. Date/Time of Resolution – Date/Time of Initial Response = Time to Resolve Time to Resolve High Severity The time it takes a user to receive a solution or circumvention after reporting an issue to the Help Desk during normal business hours for high severity ticket. Date/Time of Resolution – Date/Time of Initial Response = Time to Resolve Time to Resolve Medium Severity The time it takes a user to receive a solution or circumvention after reporting an issue to the Help Desk during normal business hours for medium severity ticket. Date/Time of Resolution – Date/Time of Initial Response = Time to Resolve ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 78 I P a g e Measure Description Calculation Time to Resolve Low Severity The time it takes a user to receive a solution or circumvention after reporting an issue to the Help Desk during normal business hours for low severity ticket. Date/Time of Resolution – Date/Time of Initial Response = Time to Resolve Measure Description Calculation Projects Projects within Budget The total number of Projects during the previous twelve- month period that were completed with no more than ten percent (10%) variance from the approved Project budget agreed between IT and the customer (B ÷ T) × 100 = % Where: B = Total count of projects completed within budget. T = Total count of approved/active projects. Projects Timely Completion The total number of Projects during the previous twelve- month period that were completed with no more than ten percent (10%) variance from the approved Project timeline agreed between IT and the customer. (D ÷ T) × 100 = % Where: D = Total count of projects completed on time. T = Total count of approved/active/assigned projects. Milestones within Budget The total number of Project Milestones during the previous twelve-month period that were completed with no more than ten percent (10%) variance from the approved Project budget agreed between IT and the customer. (B ÷ T) × 100 = % Where: B = Total count of project milestones completed within budget. T = Total count of approved/active project milestones. Milestones Timely Completion The total number of Project Milestones during the previous twelve-month period that were completed with no more than ten percent (10%) variance from the approved Project timeline agreed between IT and the customer. (D ÷ T) × 100 = % Where: D = Total count of project milestones completed on time. T = Total count of approved/active/assigned project milestones. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 79 I P a g e Measure Description Calculation Operational Budget Variance The difference between the IT Operational Budget and the actual amounts (ACT – TSB) ÷ TSB × 100 = % Where: ACT = Total of Actual Expenditures TSB = Total Technical Services Budget Amount ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 80 I P a g e Appendix E: Cost of Services Assumptions The following assumptions were used as the basis for performing the cost of service analysis: 4.1 General Scope of Analysis. Costs reflect services provided by the Ogden City Information Technology Division. Costs incurred directly by other City departments for technology services are not included. Further, costs for services typically not provided by local government technology departments (e.g. cable television) are included to reflect the current scope of services provided by IT. 4.2 Labor Fully-Loaded Costs Definition. Labor reflects the total fully-loaded cost for all currently budgeted positions within the department and includes the following cost types: Salaries FICA Disability Health / Dental / Life Benefits Payroll / Benefit Overhead Post-Employment Benefits / Retirement Workers’ Compensation Source. All figures used were sourced from financial documents provided by Ogden City for FY2013. Actual vs. Budgeted Salary. The total fully-loaded cost for each position is based on the actual salaries and benefits provided to each employee. The budgeted total fully-loaded cost for each position may not be consistent with the actual employee salary based on each employee’s current merit level or positions that are under-filled, for example. Service Component Allocation. Each employee estimated the percent of time they devote to each of the 15 minor service components included in the analysis. These percentages are used as the basis to allocate each employee’s total fully-loaded cost to the major and minor service components. Overtime. The actual overtime costs for FY13 were used in this analysis. 4.3 Operating Source. Operating costs reflect IT’s fiscal year 2013 adopted budget. Each budget line is allocated to one of the 15 minor service components. Operating costs, other than labor, include such items as annual software licenses, maintenance contracts, support services, and third-party contracts. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 81 I P a g e Non-Operating Costs. Several budget line items are not included as “operating” costs because they are represented as other costs types such as salaries and benefits, overtime, and capital purchases. 4.4 Capital Source. Capital costs are based on the Division’s complete fixed asset inventory provided by the City. Capital items include investments in hardware, infrastructure, and all costs required to place the capital items in service. The cost for each asset assumes a straight-line depreciation schedule to calculate an annualized cost based on the acquisition cost and useful life. Fully Depreciated Assets. All fixed assets are reflected in the analysis even if the assets are fully-depreciated based on the acquisition date and useful life as they reflect a cost for IT to provide services to its stakeholders. 4.5 Overhead Overhead includes items that are general in nature and not directly allocable to specific IT functions, such as salaries for administrative support and miscellaneous supplies. ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 82 I P a g e Appendix F – Benchmarking Detail # Chart Ogden City, UT Peer Average Sandy City, UT Salt Lake City, UT West Jordan, UT Provo City, UT Ann Arbor, MI Round Rock, TX Population 1 Population 83,793 122,811 88,500 189,000 108,734 112,451 114,000 96,992 Staff 2 Total Staff 663 1,332 743 2,769 467 966 935 793 3 Total Organizational IT Staff 19 34 9 43 9 27 23 15 4 Total Central IT Staff 19 22 7 43 9 18 22 15 5 Total Organizational IT Staff / Total Staff 2.87% 2.27% 1.21% 1.55% 1.93% 2.80% 2.41% 1.89% 6 Total Central IT Staff / Total Staff 2.87% 1.74% 0.94% 1.55% 1.93% 1.86% 2.35% 1.89% Budget 7 Total Budget (General Fund) $51,428,375 $130,451,644 $49,355,195 $219,423,587 $50,196,942 $51,642,713 $130,178,000 $83,965,072 8 Total Organizational IT Budget $3,741,100 $6,261,611 $1,697,132 $10,040,593 $1,992,750 $3,367,291 $6,380,652 $3,330,668 9 Total Organizational IT Budget / Total Budget (General Fund) 7.27% 4.65% 3.44% 4.58% 3.97% 6.52% 4.90% 3.97% 10 Total Central IT Budget $3,579,300 $4,129,099 $1,336,062 $9,741,773 $1,662,750 $2,411,104 $5,210,597 $1,946,671 11 Total Central IT Budget / Total Budget (General Fund) 6.96% 3.35% 2.71% 4.44% 3.31% 4.67% 4.00% 2.32% Budget / Population 12 Total Budget (General Fund) / Population $614 $977 $558 $1,161 $462 $459 $1,142 $866 13 Total Organizational IT Budget / Population $45 $46 $19 $53 $18 $30 $56 $34 14 Total Central IT Budget / Population $43 $30 $15 $52 $15 $21 $46 $20 Budget / Total Staff 15 Total Budget (General Fund) / Total Staff $77,569 $96,502 $66,427 $79,243 $107,488 $53,460 $139,228 $105,883 16 Total Organizational IT Budget / Total Staff $5,643 $4,443 $2,284 $3,626 $4,267 $3,486 $6,824 $4,200 17 Total Central IT Budget / Total Staff $5,399 $3,127 $1,798 $3,518 $3,560 $2,496 $5,573 $2,455 18 Central IT Budget Summary Salaries 37.39% 60.76% 48.71% 73.35% 46.08% 60.69% 52.27% 77.00% Hardware Purchase & Maintenance 5.50% 4.51% 1.90% 2.41% 5.22% 4.44% 5.79% Software Purchase & Maintenance 23.50% 16.62% 15.36% 22.22% 26.76% 15.45% 24.19% 3.33% Services & Outsourcing 28.79% 1.34% 0.20% 0.30% 2.23% 1.55% 0.11% Training 1.20% 0.97% 0.52% 1.20% 1.77% 0.33% 0.96% Other 3.63% 13.51% 2.53% 23.25% 17.22% 12.82% Total Devices Supported 19 Total Devices / Total Organizational IT Staff 84.6 121.1 138.1 158.8 125.7 113.0 82.8 163.9 20 Total Devices / Total Central IT Staff 84.6 149.3 177.6 158.8 125.7 169.4 84.7 163.9 21 Application Environment Custom Development 5.00% 14.00% 5.00% 10.00% 15.00% 30.00% 10.00% Commercial Off-the-Shelf (COTS) 95.00% 86.00% 95.00% 90.00% 85.00% 70.00% 90.00% ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 83 I P a g e Appendix G – Sample Partnership Agreement A Partnership Agreement Information Technology And XXXX Department PURPOSE AND OBJECTIVE This Partnership Agreement ensures that Ogden City Information Technology (IT) and Department jointly deliver the level of service and support required for the smooth operation of computer and telephone systems. The IT Division and Department have jointly created this Partnership Agreement to help both parties understand each other’s needs, priorities, and concerns. This document, presents the service conditions and expectations of the Agreement, IT performance measurements, IT reporting requirements, roles and responsibilities and other important service information. Modifications to this agreement will be made at the direction and agreement of both parties. Following the implementation of this agreement, periodic joint reviews will drive future enhancements. It is understood that the agreement remains in force until it is explicitly replaced or terminated by either party. Director Director Department Information Technology Date Date ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 84 I P a g e 1. Technology Support Plan: Core Business Technologies List core business technologies here, such as Office Suite, Email, etc. Support Responsibilities Department/Liaison IT Vendor or Other Outside Entity 1. Identify Technology, Telecomm and Web Liaisons 2. Develop work plans for liaisons that include the liaison role 3. Provide release time for training of liaisons to perform duties 4. Provide release time for training of department staff on core technology applications they use 5. Adhere to BOC policies and IT standards around the use of technology 6. Communicate future technology needs through the Internal Consulting Group and bi-annual Planning Process 7. Use the Infrastructure Resource Allocation Process 8. Use Core Technologies whenever possible 9. Participate in process reviews related to technology projects 10. Consult with IT on all new technology plans and projects 11. Work with IT to develop a Total Cost of Ownership for all new projects 12. Develop Business Continuity Plan for departmental business if technology is unavailable 13. Initial diagnosis of problems and reporting to IT or vendor if additional help needed. 14. Communicate with IT about any new staff moves, adds or changes at least two weeks before the change is needed (more 1. Consulting on: a. New technologies b. New Projects c. Peripheral Products 2. Initial diagnosis of problems after liaison review 3. Technology liaison coordination, development and coordination, backups of data on central system 4. Installation, configuration and maintenance of central disk storage system 5. Installation, configuration and maintenance of servers 6. Installation, configuration and maintenance of desktop and laptop computers and standard peripheral equipment 7. Develop, maintain and monitor desktop standards – hardware, software and peripheral equipment 8. Database Maintenance to ensure integrity of data and efficient operation of applications 9. Installation, maintenance and recurring cost of data circuits for wide area network and phone systems 10. Develop downloads of data for outside entities so these can be routinely done by departmental staff or perform downloads if they are routine 11. Entry and maintenance of network users – logons and security access 12. Installation and configuration of printers on the network 13. Install, set up and maintain City web servers for web- enabled applications 14. Collaborate with outside entities to set up required connectivity to outside systems 1. Develop Application Upgrades 2. Complex Problem Resolution 3. Database Upgrade Maintenance ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 85 I P a g e if the change is large). 15. Communicate with IT regarding new staff via the Day One process 15. Develop, maintain and test a Disaster Recovery Plan to protect City computer and telecommunications resources 16. Security of network, telephones and data 17. Support of federal and state regulations (i.e. HIPAA, HUD) as related to technology 18. Technology Plan development, budget and implementation 19. Hardware replacement plan development, budget and implementation 20. Telecommunications system installation and support 21. Meet or exceed Response and Availability Standards of 22. Licensing, maintenance and support costs for core applications 23. Maintain a test environment for ERP ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 86 I P a g e 2. Technology Support Plan: Widely-Used Applications Examples: Adobe Acrobat, Adobe Distiller, Reports, Instant Messenger, Omni Page, Photoshop, Project, Visio, etc. Support Responsibilities Department/Liaison IT Vendor or Other Outside Entity 1. Provide opportunities for training of liaisons to support applications 2. Provide opportunities for training of department staff on applications they use 3. Initial diagnosis of problems and reporting to entity which supports the application if additional help needed. 4. Simple Report Generation 5. Consult with IT if needs for applications change 6. User and application security, if exists 1. Consulting on applications to meet City needs 2. Installation and configuration of application on departmental desktops and laptops 3. Purchase and maintenance costs of licenses for applications 4. Contracts for and cost of maintenance/problem resolution services 5. Contracts for and cost of training necessary outside the Professional Development and mini-grant process 1. Problem Resolution 2. Training – should be done through Professional Development Program or mini- grant process whenever possible 3. Complex Report Generation ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 87 I P a g e 3. Technology Support Plan: Department Significant Departmental Applications Support Responsibilities Department IT Vendor or Other Outside Entity New System- Future 1. Training of Daily Users 2. Day-to-day operations 3. Understanding of System and Business Rules 4. Data Ownership 5. Report Creation/Generation 6. Application Security a. who has access to what in the applications b. add/delete users 7. Initial Problem Diagnosis 8. Problem Resolution 9. Vendor Relationship 10. Printer Configuration 1. Backups 2. Troubleshooting Assistance 3. Server Administration 4. Package and Install application on PC 5. Network/Server Security 6. Database Administration 7. Coordinate connectivity issues with vendor 8. Software maintenance and licensing costs 9. Server maintenance and replacement costs 1. Develop Application Upgrades 2. Apply App Upgrades to Development 3. Problem Resolution 4. Develop database upgrades and changes 5. Coordination connectivity issues with IT Division ---PAGE BREAK--- GENERAL MANAGEMENT AND OPERATIONS IT STUDY FEBRUARY 2014 88 I P a g e 4. Technology Support Plan: Other Applications List Applications Here Support Responsibilities Department/Liaison IT Vendor or Other Outside Entity 1. Provide opportunities for training of liaisons to support application 2. Provide opportunities for training of department staff on application 3. Initial diagnosis of problems and reporting to entity which supports the application if additional help needed. 4. Consult with ITS if needs for applications change 5. User and application security, if exists 1. Consulting on applications to meet City needs 2. Packaging, installation, upgrade and configuration of applications on departmental desktops, laptops and servers as applicable 3. Server maintenance, where applicable 4. Internet connectivity and browser 5. Data backup for data stored on central disk storage 6. Coordination with outside entities to provide needed connectivity 7. Installation and problem resolution of telephone lines and data circuits, where applicable 8. Purchase and maintenance costs for licenses 9. Contracts for and cost of maintenance, support and problem resolution services 10. Contracts for and cost of training services outside the Professional Development or mini-grant process. 1. Problem Resolution 2. Training – should be handled through the Professional Development program or mini- grant process whenever possible. ---PAGE BREAK--- DRAFT I NOVEMBER 2013 89 I P a g e {Thank You!} For more information contact: Adam Rujan, Partner (248) 223-3328 [EMAIL REDACTED] plantemoran.com