PBGC - Risk Management Early Warning / Legal Matter

Transcription

1 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter PBGC - Risk Early Warning / Legal Matter [redacted] Agency: 12 Exhibit 3: Capital Asset Plan Case Summary Part I: Summary Information And Justification Section A: Overview 1. Date submission: Dec 28, Agency: Bureau: Name this Capital Asset: PBGC - Risk Early Warning / Legal Matter 5. Unique Project (Investment) Identifier: What kind investment will this be in FY29? Mixed Life Cycle 7. What was the first budget year this investment was submitted to OMB? FY26 8. Provide a brief summary justification for this investment, including a brief description how this closes in part or in whole an identified agency performance gap: Two departments within PBGC support the strategic corporate goal safeguarding the system through 1) early identification risks 2) proper mitigation those risks through legal action, settlement, or termination. The Department Insurance Supervision Compliance (DISC) the Office Chief Counsel (OCC). The departments suffered from a performance gap due to years uncoordinated management the use separate management information systems containing redundant inconsistent information. DISC uses a Lotus Notes application named CHAMPS OCC uses a matter management system named LEGAL EDGE (LEW). Neither system complies with enterprise architecture guidelines or is properly maintained. In 24 a steering committee was established to address the performance gap. The committee identified the need for an integrated system to manage case information, documents, work flow that complies with PBGC s enterprise architecture uses a commercial f-the-shelf (COTS) product. The system will comply with all information security privacy act requirements will facilitate information flow between PBGC, the Department Labor (DOL), the Internal Revenue (IRS), the Employee Benefits Administration (EBSA), as DISC needs to coordinate frequently with those agencies on open, active cases. The system, once implemented, used as a pilot program for use in other departments within PBGC such as the Multi-employer Program Division the Stard Termination Compliance Division. Funds for this effort ($4.9 million) were allocated in 26. Planning efforts were completed in 26 to support the executive steering committee decision to pursue a single solution. In 27, efforts to finalize the process reengineering effort as well as the functional technical system requirements completed. Because the time required to engage in a fully competitive acquisition process, the request for proposal for the COTS stware integrator issued in 27 but may t be successfully awarded until FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 1 26 Pages

2 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter 28. At that time, DISC OCC will spend the remainder the budgeted funds to employ the COTS integrator to configure, test, document, deploy the system in 28. By budget year 29, the project in operations maintenance. The system is fully on track within budget as the end Did the Agency's Executive/Investment Committee approve this request? a. If "," what was the date this approval? Jun 29, Did the Project Manager review this Exhibit? 11. Contact information Project Manager? Name Jennifer Messina Phone Number [redacted] messina.jennifer@pbgc.gov a. What is the current FAC-P/PM certification level the project/program manager? TBD 12. Has the agency developed /or promoted cost effective, energyefficient environmentally sustainable techniques or practices for this project. a. Will this investment include electronic assets (including computers)? b. Is this investment for new construction or major retrit a Federal building or facility? (answer applicable to n-it assets only) 1. If "," is an ESPC or UESC being used to help fund this investment? 2. If "," will this investment meet sustainable design principles? 3. If "," is it designed to be 3% more energy efficient than relevant code? 13. Does this investment directly support one the PMA initiatives? Budget Performance Integration a. Briefly specifically describe for each selected how this asset directly supports the identified initiative(s)? This asset supports Budget Performance Integration by solving a performance gap in strategic goal #1. By more quickly identifying sponsor corporate transactions that increase PBGC s exposure to financial loss, PBGC improves its ability to negotiate for protection reduces the risk loss. Streamlining communication modernizing case files eliminates the need for manual processes frees up more resources to monitor companies that sponsor large s. 14. Does this investment support a program assessed using the Program Assessment Rating Tool (PART)? (For more information about the PART, visit a. If "," does this investment address a weakness found during a PART review? b. If "," what is the name the PARTed program? Pension Benefit Guaranty Corporation c. If "," what rating did the PART receive? Moderately Effective 15. Is this investment for information techlogy? For information techlogy investments only: 16. What is the level the IT Project? (per CIO Council PM Guidance) Level 2 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 2 26 Pages

3 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter 17. What project management qualifications does the Project Manager have? (per CIO Council PM Guidance) (1) Project manager has been validated as qualified for this investment 18. Is this investment or any project(s) within this investment identified as "high risk" on the Q4-FY 27 agency high risk report (per OMB Memorum M-5-23)? 19. Is this a financial management system? a. If "," does this investment address a FFMIA compliance area? 1. If "," which compliance area: 2. If "," what does it address? b. If "," please identify the system name(s) system acronym(s) as reported in the most recent financial systems inventory update required by Circular A-11 section What is the percentage breakout for the total FY29 funding request for the following? Hardware 5 Stware 25 s 7 Other 21. If this project produces information dissemination products for the public, are these products published to the Internet in conformance with OMB Memorum 5-4 included in your agency inventory, schedules priorities? n/a 22. Contact information individual responsible for privacy related questions: Name Philip Hertz Phone Number [redacted] Title Deputy General Counsel/Chief Privacy Officer hertz.philip@pbgc.gov 23. Are the records produced by this investment appropriately scheduled with the National Archives Records Administration's approval? 24. Does this investment directly support one the GAO High Risk Areas? Section B: Summary Spending 1. Table 1: SUMMARY OF SPENDING FOR PROJECT PHASES (REPORTED IN MILLIONS) (Estimates for BY+1 beyond are for ning purposes only do t represent budget decisions) PY-1 earlier PY 27 CY 28 BY 29 BY+1 21 BY BY BY+4 beyond Total Planning: Acquisition: Subtotal Planning FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 3 26 Pages

4 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Table 1: SUMMARY OF SPENDING FOR PROJECT PHASES (REPORTED IN MILLIONS) (Estimates for BY+1 beyond are for ning purposes only do t represent budget decisions) & Acquisition: Operations & Maintenance: PY-1 earlier PY 27 CY 28 BY 29 BY+1 21 BY BY BY+4 beyond Total TOTAL: Government FTE Costs should t be included in the amounts provided above. Government FTE Costs Number FTE represented by Costs: Will this project require the agency to hire additional FTE's? a. If "", How many in what year? 3. If the summary spending has changed from the FY28 President's budget request, briefly explain those changes: In the FY 28 request, two projects/systems were proposed to address the same performance gap, a Risk Early Warning System as well as a separate Legal Matter System. As a result the executive steering committee decision regarding the best way to address the performance gap, the projects/systems were combined into one project/system, as indicated in the project background justification. The only way the project was affected was through schedule, t cost. The efficiencies gained by consolidated projects enabled the teams to conduct an assessment rework the baseline schedule without adding cost. The project is still on target for completion by 29 within budget. Section C: Acquisition/Contract Strategy 1. Contract or Task Order Number Type Contract/Task Order Has the contract been awarded If so what is the date the award? If t, what is the ned award date? Contracts/Task Orders Table: PBGC-1-CT Time & Materials Oct 15, 25 Start date Contract/Task Order Oct 15, 25 End date Contract/Task Order Jun 29 Total Value Contract/ Task Order ($M) Is this an Interagency Acquisition? Is it performance based? Competitively awarded? 1.4 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 4 26 Pages

5 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter What, if any, alternative financing option is being used? Is EVM in the contract? Does the contract include the required security & privacy clauses? Name CO CO Contact information Contracts/Task Orders Table: NA Michele Gray gray.michele@pbgc.gov Contracting Officer Certification Level 3 If N/A, has the agency determined the CO assigned has the competencies skills necessary to support this acquisition? Contract or Task Order Number Type Contract/Task Order Has the contract been awarded If so what is the date the award? If t, what is the ned award date? PBGC-1-DO-6 Time & Materials Jul 23, 26 Start date Contract/Task Order Jul 23, 26 End date Contract/Task Order 28 Total Value Contract/ Task Order ($M) Is this an Interagency Acquisition? Is it performance based? Competitively awarded? What, if any, alternative financing option is being used? Is EVM in the contract? Does the contract include the required security & privacy clauses? Name CO CO Contact information 1.2 NA Michele Gray gray.michele@pbgc.gov Contracting Officer Certification Level 3 If N/A, has the agency determined the CO assigned has the competencies skills necessary to support this acquisition? Contract or Task Order Number Type Contract/Task Order Has the contract been awarded If so what is the date the award? If t, what is the ned award date? PBGC Fixed Price Oct 28 Start date Contract/Task Order Oct 28 End date Contract/Task Order 29 Total Value Contract/ Task Order ($M) Is this an Interagency Acquisition? Is it performance based? Competitively awarded? What, if any, alternative financing [redacted] NA FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 5 26 Pages

6 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter option is being used? Is EVM in the contract? Does the contract include the required security & privacy clauses? Name CO CO Contact information Contracts/Task Orders Table: Kay Rison Rison.kay@pbgc.gov Contracting Officer Certification Level 3 If N/A, has the agency determined the CO assigned has the competencies skills necessary to support this acquisition? Contract or Task Order Number Type Contract/Task Order Has the contract been awarded If so what is the date the award? If t, what is the ned award date? PBGC Fixed Price Oct 1, 29 Start date Contract/Task Order Oct 1, 29 End date Contract/Task Order 213 Total Value Contract/ Task Order ($M) Is this an Interagency Acquisition? Is it performance based? Competitively awarded? What, if any, alternative financing option is being used? Is EVM in the contract? Does the contract include the required security & privacy clauses? Name CO CO Contact information [redacted] NA Kay Rison Rison.kay@pbgc.gov Contracting Officer Certification Level 3 If N/A, has the agency determined the CO assigned has the competencies skills necessary to support this acquisition? 2. If earned value is t required or will t be a contract requirement for any the contracts or task orders above, explain why: EVM was t required for Contract #1 or 2 but the contractors were required to create project s weekly status reports to communicate cost, schedule, performance outcomes to the project manager. The project manager then reviewed the actual cost, schedule performance against the project issued guidance to the contractors as needed to keep the efforts deliverables on schedule. 3. Do the contracts ensure Section 58 compliance? a. Explain why: Section 58 compliance is a matory requirement for the procurement this COTS-based system. The technical requirements require the stware vendor to provide evidence that the stware complies with Section 58 the Rehabilitation Act, as detailed in 36 CFR 1194, Subpart B as well as a requirement that the FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 6 26 Pages

7 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter contractor test s include testing assurance for Section 58 compliance. Failure to meet this requirement grounds for invalidating the proposal. 4. Is there an acquisition which has been approved in accordance with agency requirements? a. If "," what is the date? Oct 15, 26 b. If "," will an acquisition be developed? 1. If "," briefly explain why: Section D: Performance Information Fiscal Year Strategic Goal(s) Supported Area Mission Mission Customer Performance Information Table Grouping Timeliness Indicator Number settlements reached to mitigate risk increased under funding Days between lien arising perfection shortening indicates is secured ultimate recovery is maximized Days to respond to minimum funding waiver applications for IRS Baseline 3 settlement agreements 6 days 12 days Target Actual +2 settlement agreements (as a result the 32 (as business 8/1/7) process reengineering effort completed in 27) -5 days (as a result the business process 55 (as reengineering 8/1/7) effort completed in 27) -1 days (as a result the business 11 (as process reengineering 8/1/7) effort completed in 27) 27 Processes Cycle Time Days to 9 days -3 days (as 6 (as FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 7 26 Pages

8 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Activities Techlogy Mission Mission Customer Performance Information Table Grouping Reliability Timeliness Indicator engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit Number settlements reached to mitigate risk increased under funding Days between lien arising perfection shortening indicates is secured ultimate recovery is maximized Days to respond to minimum funding waiver applications for IRS Baseline 1 error end FY27 end FY27 end FY27 Target Actual a result 8/1/7) the business process reengineering effort completed in 27) -1 errors (as a result the business process (as reengineering 8/1/7) effort completed in 27) +5 settlement agreements (as a result the business process 9/3/8 reengineering effort the system deployment) -5 days (as a result the business process reengineering effort the 9/3/8 system deployment) -2 days (as a result the business process reengineering 9/3/8 effort the FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 8 26 Pages

9 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Processes Activities Techlogy Mission Mission Performance Information Table Grouping Cycle Time Reliability Indicator Days to engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit maintaining a zero is the optimal goal Number settlements reached to mitigate risk increased under funding Days between lien arising perfection shortening indicates is secured ultimate recovery is maximized Baseline end FY27 end FY27 TBD a the end FY28 TBD a the end FY28 Target system deployment) Actual -5 days (as a result the business process reengineering effort the 9/3/8 system deployment) errors (as a result the business process reengineering effort the 9/3/8 system deployment) +15 settlement agreements (as a result the business process 9/3/9 reengineering effort the system deployment) -15 days (as a result the business process reengineering effort the 9/3/9 system deployment) FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 9 26 Pages

10 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Customer Processes Activities Techlogy Mission Mission Performance Information Table Grouping Timeliness Cycle Time Reliability Indicator Days to respond to minimum funding waiver applications for IRS Days to engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit maintaining a zero is the optimal goal Number settlements reached to mitigate risk increased under funding Days between lien arising perfection Baseline TBD a the end FY28 TBD a the end FY28 TBD a the end FY28 end FY29 end FY29 Target Actual -15 days (as a result the business process reengineering effort the 9/3/9 system deployment) -15 days (as a result the business process reengineering effort the 9/3/9 system deployment) errors (as a result the business process reengineering effort the 9/3/9 system deployment) +5 settlement agreements -5 days 9/3/1 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 1 26 Pages

11 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Customer Processes Activities Techlogy Mission Performance Information Table Grouping Timeliness Cycle Time Reliability Indicator shortening indicates is secured ultimate recovery is maximized Days to respond to minimum funding waiver applications for IRS Days to engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit maintaining a zero is the optimal goal Number settlements reached to mitigate risk increased under funding Baseline end FY29 end FY29 end FY29 end FY21 Target -15 days -5 days errors +5 settlement agreements Actual 9/3/1 9/3/1 9/3/1 9/3/1 9/3/11 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

12 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Mission Customer Processes Activities Techlogy Performance Information Table Grouping Timeliness Cycle Time Reliability Indicator Days between lien arising perfection Days to respond to minimum funding waiver applications for IRS Days to engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit maintaining a zero is the optimal goal Baseline end FY21 end FY21 end FY21 end FY21 Target -5 days days -5 days errors Actual 9/3/11 9/3/11 9/3/11 9/3/11 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

13 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Mission Mission Customer Processes Activities Techlogy Performance Information Table Grouping Timeliness Cycle Time Reliability Indicator Number settlements reached to mitigate risk increased under funding Days between lien arising perfection shortening indicates is secured ultimate recovery is maximized Days to respond to minimum funding waiver applications for IRS Days to engage sponsor after a transaction reduction improves negotiating power to secure additional funding for the Number errors found in financial statement audit Baseline TBD a the end FY211 TBD a the end FY211 TBD a the end FY211 TBD a the end FY211 TBD a the end FY211 Target +5 settlement agreements -5 days days days errors Actual 9/3/12 9/3/12 9/3/12 9/3/12 9/3/12 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

14 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year Strategic Goal(s) Supported Area Mission Mission Customer Processes Activities Performance Information Table Grouping Timeliness Cycle Time Indicator maintaining a zero is the optimal goal Number settlements reached to mitigate risk increased under funding Days between lien arising perfection shortening indicates is secured ultimate recovery is maximized Days to respond to minimum funding waiver applications for IRS Days to engage sponsor after a transaction reduction improves negotiating power to secure additional Baseline end FY212 end FY212 end FY212 end FY212 Target settlement agreements -5 days days days Actual 9/3/13 9/3/13 9/3/13 9/3/13 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

15 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Fiscal Year 213 Strategic Goal(s) Supported Area Techlogy Performance Information Table Grouping Reliability Indicator funding for the Number errors found in financial statement audit maintaining a zero is the optimal goal Baseline end FY212 Target errors Actual 9/3/13 Section E: Security Privacy 1. Have the IT security costs for the system(s) been identified integrated into the overall costs the investment: a. If "," provide the "Percentage IT Security" for the budget year: 7 2. Is identifying assessing security privacy risks a part the overall risk management effort for each system supporting or part this investment. 3. Systems in Planning Undergoing Enhancement(s), Development, /or Modernization - Security Table(s): Name System Risk Early Warning / Legal Matter System Agency/ or Contractor Operated System? Planned Operational Date Date Planned C&A update (for existing mixed life cycle systems) or Planned Completion Date (for new systems) Government Only Name System Legal Edge for Windows Agency/ or Contractor Operated System? Government Only Champs Government Only NIST FIPS 199 Risk Impact level Moderate Moderate 4. Operational Systems - Security Table: Has C&A been Completed, using NIST 8-37? Date Completed: C&A Dec 15, 23 Nov 27 What stards were used for the Security Controls tests? FIPS 2 / NIST 8-53 FIPS 2 / NIST 8-53 Date Completed: Security Control Testing Date the contingency tested Jul 5, 27 Aug 11, 27 Jul 5, 27 Aug 11, 27 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

16 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter 5. Have any weaknesses, t yet remediated, related to any the systems part or supporting this investment been identified by the agency or IG? a. If "," have those weaknesses been incorporated into the agency's action milestone process? 6. Indicate whether an increase in IT security funding is requested to remediate IT security weaknesses? a. If "," specify the amount, provide a general description the weakness, explain how the funding request will remediate the weakness. Note: PBGC is t requesting additional funding. PBGC implemented new NIST compliant security policies procedures June 1, 27 that are based upon the Department Labor s, modified slightly to meet PBGC s operating environment. The new policies procedures include those for conducting a FIPS 199 inventory assessment performing NIST 8-37 certification accreditation (C&A). Following publication, PBGC developed a FIPS 199 inventory systems, completed June 27. As a result, CHAMPS was elevated to moderate from low, w requires an independent C&A. The previous C&A for Legal Edge for Windows was rejected by PBGC s independent auditors as n NIST 8-37 compliant. Legal Edge for Windows is scheduled to undergo a compliant C&A starting October 1, 27 to be completed January 31, 28. CHAMPS is scheduled to undergo C&A starting tember 1, 27 to be completed November 27. PBGC completed testing security controls July 7, 27. Deficiencies identified have been incorporated into the comprehensive POA&M for addressing the security deficiencies. PBGC is funding improvement actions to correct the weaknesses through existing budgets. This business case requests seven percent for security. With the implementation new functionality, additional security controls required. The funding request for security used to conduct annual risk assessments, update system security s, perform C&As, establish continuous monitoring perform the function continuous monitoring associated with the new functionality. 7. How are contractor security procedures monitored, verified, validated by the agency for the contractor systems above? All PBGC systems are jointly run managed by federal employees contractor teams reporting to PBGC federal employees. PBGC contracts include language to ensure the suitability contractors employees, inspection all new or revated contractor hosting sites. PBGC federal employees contractors are subject to suitability background investigations. New federal employees contractors are issued roles conduct, required to take computer security awareness orientation, provided instruction on incident reporting procedures. Annually, federal employees contractors are required to take refresher security awareness training. Role-based training is conducted during employee position training. For positions related to the Designated Approving Authority, Information System Owner, System Administrators Project Managers, role-based training is conducted by PBGC s Enterprise Security Team following orientation, annually thereafter. Electronic security compliance is monitored by the OIT security team through routine checking user ID account activity for suspicious or highrisk behavior. If such behavior is identified, the contracting ficer is FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

17 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter tified immediately to begin remediation procedures. PBGC also conducts user account recertification annually. Name System Risk Early Warning / Legal Matter System 8. Planning & Operational Systems - Privacy Table: Is this a new system? Is there a Privacy Impact Assessment (PIA) that covers this system? Champs Legal Edge for Windows (LEW) Internet Link or Exation The system does t contain, process, or transmit personal identifying information The system does t contain, process, or transmit personal identifying information The system does t contain, process, or transmit personal identifying information Is a System Records Notice (SORN) required for this system? Internet Link or Exation The system is t a Privacy Act System Records The system is t a Privacy Act System Records The system is t a Privacy Act System Records Section F: Enterprise Architecture (EA) 1. Is this investment included in your agency's target enterprise architecture? a. If "," please explain why? 2. Is this investment included in the agency's EA Transition Strategy? a. If "," provide the investment name as identified in the Transition Strategy provided in the agency's most recent annual EA Assessment. Risk Early Warning / Legal Matter System b. If "," please explain why? 3. Is this investment identified in a completed (contains a target architecture) approved segmennt architecture? a. If "," provide the name the segment architecture as provided in the agency's most recent annual EA Assessment. Plan Agency Component Name RISK AND LEGAL MATTER MANAGEMENT (CHAMPS/RMEWS- 4. Component Reference Model (SRM) Table : Agency Component Description Financial actuarial management FEA SRM Type Component Reused FEA SRM Component Component Name Investment Performance UPI Internal or External Reuse? No Reuse BY Funding Percentage 1 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

18 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Agency Component Name LMMS) RISK AND LEGAL MATTER MANAGEMENT (CHAMPS/RMEWS- LMMS) RISK AND LEGAL MATTER MANAGEMENT (CHAMPS/RMEWS- LMMS) PARTICIPANT SERVICES (FILENET/CMS) CONSOLIDATED FINANCIAL SERVICES 4. Component Reference Model (SRM) Table : Agency Component Description risk identification valuation Financial actuarial management risk identification valuation Imaging Processing System for document storage retrieval Case Administration for terminations Premium payer tracking insured inventory management FEA SRM Type Tracking Workflow Component Reused FEA SRM Component Component Name Case Document Document Imaging OCR Tracking Workflow Tracking Workflow Case Portfolio Data Exchange Data Exchange UPI Internal or External Reuse? No Reuse No Reuse BY Funding Percentage 4 4 Internal 5 Internal 5 FEA SRM Component Performance Performance Performance Performance Performance FEA TRM Area Access Delivery Access Delivery Access Delivery Access Delivery Platform Infrastructure 5. Technical Reference Model (TRM) Table: FEA TRM Category Access Channels Delivery Channels Requirements Requirements Support Platforms FEA TRM Stard Web Browser Intranet Legislative / Compliance Authentication / Single Sign-on Platform Independent Specification COTS to be procured (RMEW- LMMS) will support PBGC browser stards (IE) COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint All PBGC privacy security web stards, in the case this web based stware this includes 58, Records P3P PBGC CSS/GSS stards COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint ex. J2EE, Linux Oracle Performance Platform Delivery Application COTS to be procured (RMEW- FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

19 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter FEA SRM Component Performance Performance Case Case Case Case Case Case Case Case Document Imaging OCR Document Imaging OCR Document Imaging OCR Document Imaging OCR FEA TRM Area Infrastructure Platform Infrastructure Interface Integration Access Delivery Access Delivery Access Delivery Access Delivery Platform Infrastructure Platform Infrastructure Platform Infrastructure Interface Integration Access Delivery Access Delivery Access Delivery Access Delivery 5. Technical Reference Model (TRM) Table: FEA TRM Category FEA TRM Stard Specification Servers Servers LMMS) will support PBGC EA stards from the Blueprint ex Oracle Application Server (OC4J) Database / Storage Interface Access Channels Delivery Channels Requirements Requirements Support Platforms Delivery Servers Database / Storage Interface Access Channels Delivery Channels Requirements Requirements Database Description / Interface Web Browser Intranet Legislative / Compliance Authentication / Single Sign-on Platform Independent Application Servers Database Description / Interface Web Browser Intranet Legislative / Compliance Authentication / Single Sign-on Oracle RDMS (current PBGC supported versions) EA Blueprint stards concerning Oriented Architecture COTS to be procured (RMEW- LMMS) will support PBGC browser stards (IE) COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint. All PBGC privacy security web stards, in the case this web based stware this includes 58, Records P3P PBGC CSS/GSS stards COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint ex. J2EE, Linux Oracle COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint ex Oracle Application Server (OC4J) Oracle RDMS (current PBGC supported versions) EA Blueprint stards concerning Oriented Architecture COTS to be procured (RMEW- LMMS) will support PBGC browser stards (IE) COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint. All PBGC privacy security web stards, in the case this web based stware this includes 58, Records P3P PBGC CSS/GSS stards FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

20 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter FEA SRM Component Document Imaging OCR Document Imaging OCR Document Imaging OCR Document Imaging OCR Case Case Portfolio Portfolio FEA TRM Area Platform Infrastructure Platform Infrastructure Platform Infrastructure Interface Integration Component Framework Component Framework Component Framework Component Framework 5. Technical Reference Model (TRM) Table: FEA TRM Category Support Platforms Delivery Servers Database / Storage Interface Data Interchange Data Data Interchange Data FEA TRM Stard Platform Independent Application Servers Database Description / Interface Data Exchange Database Connectivity Data Exchange Database Connectivity Specification COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint ex. J2EE, Linux Oracle COTS to be procured (RMEW- LMMS) will support PBGC EA stards from the Blueprint ex Oracle Application Server (OC4J) Oracle RDMS (current PBGC supported versions) EA Blueprint stards concerning Oriented Architecture XML/SOAP JDBC/ADO.NET XML/SOAP JDBC/ADO.NET 6. Will the application leverage existing components /or applications across the Government (i.e., FirstGov, Pay.Gov, etc)? a. If "," please describe. Part II: Planning, Acquisition And Performance Information Section A: Alternatives Analysis 1. Did you conduct an alternatives analysis for this project? a. If "," provide the date the analysis was completed? Apr 22, 25 b. If "," what is the anticipated date this analysis completed? c. If analysis is ned, please briefly explain why: Alternative Analyzed Status Quo 2. Alternatives Analysis : Description Alternative Use Champs for DISC LEW for OCC. The use current systems is fragmented does t enable the participants in the case team to share the same Risk Adjusted Lifecycle Costs estimate Risk Adjusted Lifecycle Benefits estimate 7 1 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page 2 26 Pages

21 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Alternative Analyzed Alternative #1 (COTS) Alternative #2 (Custom Build) Alternative #3 (Modified Legacy) 2. Alternatives Analysis : Description Alternative information in an electronic matter or establish track due dates work flow tasks. Use COTS to create an integrated case management, document management workflow management tool to integrate DISC OCC operations information. The primary benefit this investment is a net improvement in the total dollars negotiated in settlements risk mitigation which represents a real increase in the funds to PBGC to pay benefits. The net present value this alternative is $38.5 million. Custom build an integrated case management, document management workflow management tool to integrate DISC OCC operations information. Effort includes developing, testing, deploying the new system. The primary benefit this investment is a net improvement in the total dollars negotiated in settlements, which represents a real increase in the funds to PBGC to pay benefits. The net present value this alternative is $24. million. Conversion all OCC users to CHAMPS (from LEW). The primary benefit this investment is a net improvement in the total dollars negotiated in settlements, which represents a real increase in the funds to PBGC to pay benefits. The net present value this alternative is $5.2 million. Risk Adjusted Lifecycle Costs estimate Risk Adjusted Lifecycle Benefits estimate Which alternative was selected by the Agency's Executive/Investment Committee why was it chosen? Alternative #1 was chosen, both for its lower estimated cost its highest net present value. DISC OCC also place great value on the use COTS because it enables the agency to implement the necessary functions much sooner, thereby speeding up benefit realization. COTS can also be more easily reused by other departments within PBGC or similar functions at other agencies like DOL or EBSA. The COTS-based solution involves a business process reengineering effort to integrate streamline the processes both DISC OCC. Rather than having to create detailed requirements as would be required for a custombuilt system, functional requirements can be used because much the functionality required is already in the COTS product, it just needs to be configured to meet the specific needs DISC OCC. This investment is envisioned to be reused as the workflow management, tracking, document management component in at least 3 other departments within PBGC, the Stard Termination Compliance Division, the Multi-employer Program Division the Office General Counsel. 4. What specific qualitative benefits realized? As w envisioned for the near-term, this investment will significantly improve communication workflow between the business units that are engaged in safeguarding the system. Because the system can be deployed faster by FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

22 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter using COTS than a custom-built solution, it will enable the two departments to realize benefits sooner. This is critical because the ecomic environment has required over the last two years continues to require rapid responses to corporate transactions in order to protect the assets from exposure to risk. This system will enable DISC OCC to share information, use a common data model to describe track the work that they do, give the managers in each business unit a much better organizational view priorities, allow more effective team assignments to be made by each. By increasing organizational capacity through workflow streamlining the reduction manual processes, DISC OCC able to more closely monitor a larger portion the entire insured inventory. By improving communication across DISC OCC analysts, attorneys managers by increasing the availability case histories analytical information, DISC OCC able to respond more quickly to high-risk transactions thereby increasing the amount protection that can be obtained for the, either through settlement agreement, 412(n) lien perfection, or letter credit. 5. Will the selected alternative replace a legacy system in-part or in-whole? a. If "," are the migration costs associated with the migration to the selected alternative included in this investment, the legacy investment, or in a separate migration investment? This Investment b. If "," please provide the following information: List Legacy Investment or Systems Name the Legacy Investment or Systems UPI if Date the System Retirement Champs 28 Legal Edge for Windows (LEW) 28 Section B: Risk 1. Does the investment have a Risk Plan? a. If "," what is the date the? Apr 27 b. Has the Risk Plan been significantly changed since last year's submission to OMB? c. If "," describe any significant changes: It s a new. The focuses on risks to cost, schedule, resources. The main risks identified in 27 are related to the unpredictability the procurement schedule, the quality the COTS integrator, the ability to negotiate price with the integrator. While this is a low probability risk because it was mitigated in advance by conducting thorough market research allocating budget appropriately, it is still a fundamental risk. [redacted] 2. If there currently is, will a be developed? a. If "," what is the ned completion date? b. If "," what is the strategy for managing the risks? 3. Briefly describe how investment risks are reflected in the life cycle cost estimate investment schedule: The largest risks to the investment typically impact either the schedule or executive approval (at many levels) thereby impact the cost the investment. The most apparent schedule risks are related to obtaining all the appropriate required sign fs (usually from outside department resources) on critical path deliverables, as FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

23 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter required by the IT solution life cycle methodology. Because these departments do t have an incentive to sign f according to our investment schedule, these signfs require significant advanced ning, communication management in order to ensure that sign fs happen on time with the proper review consideration. To mitigate this risk, we have included in the project, a key milestone for each deliverable the preparatory steps required to effectively communicate manage the signf each critical path deliverable. This additional project management component adds FTE costs to the schedule about 2% the overall contractor services costs. The value it provides by effectively mitigating much larger risks to the investment cost makes the additional steps cost a necessary element the budget schedule. Additionally, the investment's scope, schedule, cost are reviewed through the initiative's oversight governance procedures. In addition, the milestones reported to OMB through the OMB Dashboard Milestone reporting process. The tasks' scope completion are validated, the cost schedule are tracked using earned value management. Section B this Exhibit 3 included in the enterprise s actions milestones (POA&M). Section C: Cost Schedule Performance 1. Does the earned value management system meet the criteria in ANSI/EIA Stard - 748? 2. Is the CV% or SV% greater than ± 1%? (CV%= CV/EV x 1; SV%= SV/PV x 1) a. If "," was it the? b. If "," explain the causes the variance: c. If "," describe the corrective actions 3. Has the investment re-baselined during the past fiscal year? a. If "," when was it approved by the agency head? Description Milestone 1.1 RMEW-LMMS Market Research 1.2 As Is Process Model Defined 1.3 To Be Process Model Defined 4. Comparison Initial Baseline Current Approved Baseline: Initial Baseline Planned Completion Date Dec 25 Apr 27 May 27 Total Cost ($M) Estimated Current Baseline Completion Date Planned:Actual Nov 26 Apr 27 May 27 Nov 26 Apr 27 May 27 Total Cost ($M) Planned:Actual Current Baseline Variance Schedule:Cost (# days/$m) Percent Complete FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

24 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Description Milestone 1.4 Functional Technical Design Requirements Complete 1.5 Integrated Project Team Planning 2.1 Purchase Stware 2.2 Purchase Hardware 2.3 Design complete 2.4 Configure COTS 2.5 Testing Complete 2.6 Implement in Production 3.1 FY6 Steady State 3.2 FY7 Steady State 3.3 FY8 Steady State 3.4 FY9 Steady State 3.5 FY1 Steady State 3.6 FY11 Steady State 3.7 FY12 Steady State 4. Comparison Initial Baseline Current Approved Baseline: Initial Baseline Planned Completion Date Jun 27 Dec 31, 27 Oct 27 Oct 27 Feb 29, 28 Jun 28 Aug Total Cost ($M) Estimated Current Baseline Completion Date Planned:Actual Jun 27 Dec 31, 27 Oct 27 Oct 27 Feb 29, 28 Jun 28 Aug Jun Total Cost ($M) Planned:Actual Current Baseline Variance Schedule:Cost (# days/$m) Percent Complete FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

25 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Description Milestone 3.8 FY13 Steady State 4.1 FY6 Project 4.2 FY7 Project 4.3 FY8 Project 4.4 FY9 Project 4.5 FY1 Project 4.6 FY11 Project 4.7 FY12 Project 4.8 FY13 Project 5.1 FY8 C&A for RMEWS/LMMS LEW address security findings (CHAMPS is decommissioned) 5.2 FY9 Address security findings 5.3 FY1 Address security findings 5.4 FY11 Address security findings 5.5 FY12 Address security findings 4. Comparison Initial Baseline Current Approved Baseline: Initial Baseline Planned Completion Date Total Cost ($M) Estimated Current Baseline Completion Date Planned:Actual Total Cost ($M) Planned:Actual Current Baseline Variance Schedule:Cost (# days/$m) Percent Complete FY13 Address.1.1 FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages

26 OMB Exhibit 3 Budget Year 29 PBGC - Risk Early Warning / Legal Matter Description Milestone 4. Comparison Initial Baseline Current Approved Baseline: Initial Baseline Planned Completion Date Total Cost ($M) Estimated security findings Current Baseline Completion Date Planned:Actual Total Cost ($M) Planned:Actual Current Baseline Variance Schedule:Cost (# days/$m) Percent Complete FY 29 Exhibit 3 PBGC - RMEWLMMS - redacted.doc Page Pages