Footnote 1: The name of the General Accounting Office changed to the Government Accountability Office, effective July 7, 2004.

Footnote 2: Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, Version 1.1 (Report No. GAO-04-394G, dated March 2004).

Footnote 3: An EA is an institutional systems blueprint that defines, in business and technological terms, an organization's current and target operating environments (business and systems) and the way the organization will transition between the two environments.

Footnote 4: A portfolio perspective enables an organization to consider investments in a comprehensive manner, so that investments address not only the strategic goals, objectives, and mission of the organization, but also the impact that projects have on one another.

Footnote 5: Phases of the system development life cycle (SDLC) include a planning phase, requirements definition phase, design phase, development phase, test phase, implementation phase, and maintenance and operation phase (i.e., steady state phase).

Footnote 6: Independent Evaluation of FDIC's Information Security Program – 2003 (OIG Evaluation Report No. 03-040, dated September 17, 2003).

Footnote 7: In 2003, DIRM contracted with Deloitte Consulting to conduct a comprehensive review of DIRM's operations. The recommendations from this review are being implemented and include a new organizational structure, along with a variety of fundamental changes in the processes for managing IT. DIRM's transformation Phase I organization structure was implemented on June 13, 2004.

Footnote 8: The following are some of the key laws that put in place various requirements related to IT Investment Management – the Clinger-Cohen Act of 1996 (Pub. L. No. 104-106); the Paperwork Reduction Act of 1995 (Pub. L. No. 96-511); the Federal Acquisition Streamlining Act of 1994 (FASA) (Pub. L. No. 103-355); the Government Performance and Results Act of 1993 (Pub. L. No. 103-62); the Chief Financial Officers Act (CFOA) of 1990 (Pub. L. No. 101-576); and the E-Government Act of 2002 (Pub. L. No. 107-347). Of these statutes, the CCA and FASA are not applicable to the FDIC. Portions of the CFOA apply to the FDIC, but other portions of the CFOA do not, including those related to agency chief financial officers and their roles regarding management systems and inventories. However, these provisions may represent prudent practices for the FDIC.

Footnote 9: Assessing Risks and Returns: A Guide for Evaluating Federal Agencies' IT Investment Decision-Making, Version 1 (GAO Report No. GAO/AIMD 10.1.13, dated February 1997).

Footnote 10: Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity Version 1.1 (GAO Report No. GAO-04-394, dated March 2004). GAO issued an exposure draft of this report in 2000 (GAO Report No. GAO/AIMD-10.1.23 Version I, dated May 2000).

Footnote 11: When the CIRC was created in September 2002, the FDIC disbanded its existing IT Council.

Footnote 12: FDIC SDLC Manual Version 3.0, dated July 1997. The FDIC is implementing a new SDLC methodology. The FDIC will be implementing the Rational Unified Process ® (RUP) methodology. RUP is a risk-based program development methodology that establishes four phases of development. RUP is a registered trademark of Rational Software Corporation, which is a wholly owned subsidiary of International Business Machines Corporation.

Footnote 13: Exhibit 300 is used as part of the federal government's appropriation process, which the FDIC is generally not required to follow. Exhibit 300 establishes policy for planning, budgeting, acquiring, and managing federal capital assets.

Footnote 14: If the new projected total investment cost of the project exceeds the existing Board-approved investment budget, the final authority for approving the re-baselining rests with the Board.

Footnote 15: Detailed IT project budget and actual cost information is obtained from the Project Number Information Application (PNIA). PNIA was established to summarize FDIC project-related cost information from the FDIC Financial Data Warehouse.

Footnote 16: As reported in OIG report Enhancements to the FDIC System Development Life Cycle Methodology, (OIG Report No 04-019, dated April 30, 2004), EVM measures the actual work being performed (milestones completed) against a detailed plan in order to accurately predict the final costs and schedule results for a given project. The tool requires that a plan for project performance measurement be created. The earned value, or work performed, is then measured against the actual costs of accomplishing the work, providing a measure of the project's true cost performance. The method provides project managers with a type of "early warning" system, allowing them to take corrective action should project spending outpace the physical work being accomplished.

Footnote 17: See Section 305(c) of FISMA (title III of the E-Government Act, Pub. L. No. 107-347), which amends 44 U.S.C. § 3506. The FDIC is legally bound by this provision.

Footnote 18: Integrating IT Security into the Capital Planning and Investment Control Process (NIST draft special publication 800-65, dated June 2004). This publication provides guidance to agencies but is not legally binding on the FDIC.

Footnote 19: Development-type projects include projects coded as development (D), enhancements (E), technical initiatives (I), and planning (P).

Footnote 20: The FDIC's Investment Budget also includes budgeted expenses of $110.8 million associated with the Virginia Square Phase II construction project. A second office building is being built to expand the FDIC's offices in Arlington, Virginia. The costs associated with this project are not monitored by the CIRC because the governance structure for Virginia Square construction was already in place before the formation of the CIRC.

Footnote 21: IRIS is the official FDIC tracking system for all GAO and OIG audits, reviews, and surveys. IRIS is used to track audit findings/conditions, recommendations, corrective actions, and milestones.

Footnote 22: The Corporate University is the training and employee development arm of the FDIC.

Footnote 23: Pub. L. No. 103-62, codified principally at titles 5 and 31, United States Code.

	Search | Accessibility | Privacy | Information Quality | Contact Us | Site Map | Home