Modernize with Confidence: How You Start Shapes How You Finish

Accenture Federal Services

Although federal agencies know they need to modernize their core IT systems, questions persist around where to begin, how to fund modernization, and what can be done to minimize the risks that led to high-profile failures in the past.

While there are many reasons why some Application Modernization (AppMod) initiatives have floundered, there’s one way to increase the odds of success: Start smart. With careful upfront planning and analysis followed by incremental execution, you can mitigate business and technical risks, avoid costly surprises, and accelerate your journey to successful AppMod.

What’s AheadKeep reading to discover:

• How agile software development reduces risk while accelerating payback

• The value of FITARA reviews when identifying and prioritizing your AppMod candidates

• Multiple AppMod approaches for meeting your desired scope and supporting your long-term strategy

• The power of automated application discovery to shine a light on “black box” architectures

• Why you shouldn’t pass on a proof of concept

• Hybrid approaches to modernization that combine automation with architectural modeling to optimize code conversion and extraction of business logic

• How DevOps can accelerate migration to cloud

Modernize with Confidence: How You Start Shapes How You Finish | 2

AppMod ImperativesModernizing IT systems is a priority across federal organizations – and with good reason. According to the U.S. General Accountability Office (GAO), the federal government spent more than 75 percent of its total IT budget on operations and maintenance (O&M) in fiscal year 2015. Furthermore, increases in O&M spending over the past seven fiscal years have led to a $7.3 billion decline in annual spending for new development, modernization, and enhancements (DME).1 And this situation is likely to get worse, as Gartner has noted, “[Mainframe vendors] are managing their revenue streams in the face of a declining installed base, which means prices are increasing.”2

1 GAO, Testimony Before the Committee on Oversight and Government Reform, House of Representatives, Information Technology: Federal Agencies Need to Address Aging Legacy Systems, May 25, 2016 – http://www.gao.gov/assets/680/677454.pdf2 Gartner, How to Reduce the Cost of IBM Mainframe Computing, Dale Vecchio and Mike Chuba, September 30, 2015

As rising costs continue to limit new investments, other risks and vulnerabilities are increasing:

Changing workforce. Running legacy systems requires distinct skills and knowledge often developed over many years of service. With nearly 30 percent of all federal workers eligible to retire at the end of 2016, those skills are headed for the exit.3

Lack of agility. Making changes to monolithic legacy applications is complex and time consuming. As just one example, developer productivity in COBOL can lag modern languages like Java by 50 percent or more. As a result, business owners are often left frustrated – and lacking the capabilities they need. Using modern architectures and new development techniques, developers can quickly deliver the functionality that the mission requires.

Cyber security gaps. As Federal CIO Tony Scott testified to Congress, “These [legacy] systems often pose significant security risks, such as the inability to utilize current security best practices, including data encryption and multi-factor authentication, which make them particularly vulnerable to malicious cyber activity.”4

In a survey conducted by Accenture and MeriTalk, 92 percent of federal IT managers acknowledge that it is urgent for their agency to modernize legacy applications.5 However, the survey also found that the perceived and real risks associated with AppMod were the biggest factor (42 percent) delaying action. And as U.S. Federal CIO Tony Scott noted in a recent OMBlog post,

“[o]ver the years, agency efforts to modernize existing IT systems have faced substantial challenges. The high costs, lack of funding, and risks associated with modernization efforts, combined with the increasing cost to maintain existing systems, harm agencies’ ability to manage their IT systems strategically and deliver the functionality needed to achieve their missions.”6

Modernization minefieldWhat makes modernization so challenging? Chalk it up to the “black box” nature of many legacy applications. Systems are often updated organically over time, with inconsistent approaches to architecture and documentation. In many cases, the original architects have left government, taking their base of knowledge with them. That has left many IT managers flying blind at great risk. They are accountable for systems that are functioning technically – but with high costs and limited visibility into how they’re working.

Another recurring obstacle to modernization: building a business case, including identifying and quantifying potential financial returns. While savings can be achieved by retiring legacy systems with high maintenance costs, this often requires decommissioning or repurposing the underlying technology and rationalizing associated support costs. Likewise, agencies need to calculate and consider performance and productivity improvements enabled by functional upgrades. All the while, the federal government’s zero-based budgeting approach complicates matters, as realized cost savings

are typically subtracted from future appropriations. The result? A financial disincentive to modernization.

Compounding the risks for modernization programs: the common desire not only to replicate existing functionality but also to add significant new features that address long-simmering demand. This lengthy list of additional requirements can quickly render projects unmanageable. Indeed, the overwhelming size and scale of many modernization programs is often an insurmountable hurdle to success. GAO’s High Risk List [Improving the Management of Information Technology (IT) Acquisitions and Operations, February 2015] reinforces that reality:

Nonetheless, agencies continue to have poorly performing projects. Such projects have often used a “big bang” approach – that is, projects are broadly scoped and aim to deliver functionality several years after initiation. According to the Defense Science Board, this approach is often too long, ineffective, and unaccommodating of the rapid evolution of IT. Further, it is inconsistent with OMB guidance directing that IT investments deliver functionality in 6-month increments.

Increasingly, agile software development is viewed as an antidote – answering the riddle of how to repair an airplane mid-flight. By shifting to incremental development and delivery, agencies can update functionality and migrate to new platforms iteratively. This approach cuts projects down to size – with more frequent releases combating scope creep.

3 GAO, Strategic Human Capital – http://www.gao.gov/key_issues/strategic_human_capital_management/issue_summary 4 Executive Office of the President, Office of Management and Budget, Testimony of Tony Scott, United States Chief Information Officer, Before the Committee of Oversight and Government Reform, Unites State House of Representatives, May 25, 2016 – https://oversight.house.gov/wp-content/uploads/2016/05/2016-05-25-Scott-Testimony-OMB.pdf 5 MeriTalk, Future Ready Applications: The Modern Legacy, November 18, 20156 Executive Office of the President, Office of Management and Budget, Laying the Foundation for a More Secure, Modern Government (OMBlog), October 27, 2016 – https://www.whitehouse.gov/blog/2016/10/26/laying-foundation-more-secure-modern-government

Modernize with Confidence: How You Start Shapes How You Finish | 4

One agency’s attempt to replace its legacy COBOL system with a modern Java-based version floundered for over a decade. At a cost of several billion dollars, it completed just 35 percent of the projected code. Facing increasing scrutiny and ire – from the White House, Congress, GAO, and several inspectors general – the program relaunched in late 2012 as a fully agile effort. The program has subsequently delivered six of seven planned deployments into production at a fraction of the previous cost – with the final release scheduled for January 2017.

Fastest route to modernization

Four ways to start smartAccenture research and experience point to four ways to increase the odds of AppMod success:

Target return on investmentPending programs and legislation, including the Modernizing Government Technology (MGT) Act, aim to change some of the financial disincentives to AppMod. In addition to potential funding, they provide specific mechanisms to help agencies reinvest AppMod cost savings into subsequent projects to maximize ROI.

An effective business case analysis should consider both the benefits of the proposed future state as well as the costs and other requirements needed to get there. As one example, GSA (through its Unified Shared Service Management office) has developed the Modernization and Migration Management (M3) framework and playbook for guiding these assessments.7 While specific to a shared services migration, it details a robust investment review process and outlines specific steps agencies can take to mitigate program risk.

If enacted, the MGT Act is expected to stipulate similar requirements and to mandate use of incremental software development methods like agile. Ongoing, frequent deployment of new working functionality can deliver cost savings, performance improvements, and other tangible benefits within the project to offset required investments. The promise of more regular upgrades minimizes upfront calls for extraneous features. What’s more, accelerated project startup can shorten the time required to maintain legacy platforms, reducing future sunk costs.

Many agencies already recognize that additional delays in modernization will only allow sustainment costs to further increase – requiring even larger investments to remediate in the future (see Figure 1). As a result, they are taking action, using approaches similar to those proposed by the MGT Act. With effective planning, these projects can be scoped to accelerate payback, with cost savings invested in current and future programs to maximize return on investment. These efforts can also be supported through alternative financing models; internal fee-for-service, application outsourcing, and migration from a CapEx to OpEx model like Software-as-a-Service (SaaS) are just a few examples.

7 Unified Shared Services Management, Introduction to Modernization and Migration Management (M3), https://www.ussm.gov/m3/#.V_O0QjKZOi5

Create the roadmap – make a plan for which and how applications will be modernized

Identify and mitigate risk at the start – use application discovery to reduce surprises

Try before you commit – use proofs-of-concept to validate proposed strategies

Target return on investment (ROI) – build a business case1

2

3

4

Figure 1. Financial model for application modernization program

Modernize with Confidence: How You Start Shapes How You Finish | 6

Create the roadmap

As agencies commit to AppMod as a critical strategy for improving mission agility, security, and sustainability, they face the inevitable next question: Where should we start? Within any portfolio, applications vary in terms of criticality, vulnerabilities, and strategic potential. An application portfolio’s capabilities and gaps must be assessed against the agency’s overarching mission, business, and technology strategies.

An effective first step: identifying and prioritizing potential candidates within the application portfolio for modernization. Use a methodical, data-driven, and defensible approach to select the right path forward for applications (see Figure 2). As GAO recently explained, application rationalization is a critical governance step for compliance with FITARA and other requirements:

Application rationalization is the process of streamlining the portfolio to improve efficiency, reduce complexity and redundancy, and lower the cost of ownership…. OMB stated in its memorandum that application rationalization would be a focus of PortfolioStat sessions and required agencies to describe their approach to maturing the IT portfolio, including rationalizing applications, in the information resource management plans and enterprise roadmaps that are required to be updated annually.8

Agencies can employ a number of approaches to capture this more holistic understanding of application health and performance. Accenture’s Application Performance Optimization (APO) solutions and readiness assessments use established criteria and performance benchmarking to assess existing applications for fit with current and future requirements. The process typically requires one week to one month to deliver recommendations. In some cases, this thorough assessment may validate that preserving the status quo is the right choice, especially in the near term.

Figure 2. AppMod Strategy: Planning at the intersection of business and technology

When modernization is the right path forward, agencies can consider a number of options, including:

Replatform. Sometimes system functionality is meeting current needs, but the underlying platform is expensive to maintain or is being eliminated. A “lift-and-shift” strategy can migrate systems from high-cost hardware to more cloud-ready platforms using commoditized technology.

Remediate. Remediation is used to optimize an application, addressing poorly functioning areas or poor performance. It may include recoding inefficient programs or modifying data structures or data access to support the new target environment like cloud enablement. Remediation is helpful in improving code quality, developer productivity, compliance to standards, and overall reliability of an application. This is a lower-cost modernization technique; more extensive modernization services can be deferred for later efforts.

8 GAO, Information Technology: Agencies Need to Improve Their Application Inventories to Achieve Additional Savings, September 29, 2016 – http://www.gao.gov/products/GAO-16-511

Modernize with Confidence: How You Start Shapes How You Finish | 7

Rearchitect. The monolithic structure of most legacy systems prevents them from being fully interoperable in a modern computing environment. It is possible to rearchitect an application and database to a modern framework while retaining the existing business logic. Doing so makes it easier to expose – or replace – specific components and modules, such as the underlying database or integrated business rules.

Replace. In some cases, replacing an existing system with an entirely new application – either commercial-off-the-shelf (COTS), Software-as-a-Service (SaaS), or custom – is the most forward-looking solution. To accomplish this, agencies may need to export current data, business rules, and process models to the new system. Retire. Sometimes a legacy application has no future within the organization. Perhaps it is redundant, has lost its user base, or has become so outdated that it is no longer of value. In such cases, a system can be retired.

Increasingly, the cloud is viewed as the preferred destination for most applications. Specialized tools, such as Accenture’s RAPID analysis, can be used to quickly determine cloud readiness, including compatibility with specific platforms like Amazon Web Services, Microsoft Azure, and Cloud Foundry.

Identify and mitigate risk at the startAs noted earlier, the “black box” nature of legacy applications has been a source of significant risk and complexity for AppMod efforts to date. A system expected to have 15 interfaces may, in fact, have 35; an application assumed to be written only in COBOL may be found to have additional code written in Assembler or other legacy languages.

To manage these risks, companies like Accenture establish application discovery as a strongly recommended prerequisite for any modernization effort. Accenture’s discovery toolkit features automation-assisted processes for mapping application functionality, including business processes, business rules, points of integration, code complexity, and sources of data. Typically created in a month or less, these blueprints work to guide decision-making, support estimation and other project management requirements, and, most importantly, eliminate surprises.

In addition to minimizing risk, application discovery can help identify and extract current business logic, process flow, and business rules. Such information is very valuable when designing new replacement systems, including COTS or SaaS implementations. It also helps validate like-for-like performance of new functionality, demonstrating that the new system performs as intended for audit purposes.

Try before you commitA proof of concept (POC) is an important risk mitigation strategy for building confidence across modernization plans and decisions: project estimates and costs, vendor selection, and scope definition. Agile software development is particularly well-suited for POCs due to its focus on delivering working functionality as fully integrated components. Consequently, you can use POCs to rapidly validate a design hypothesis with actual prototypes of the modernized application.

For example, Accenture worked with one federal agency on a 10-week POC that successfully converted 35,000 lines of COBOL code into Java and migrated data from legacy Datacom files to an Oracle database. For another federal agency, more than 30,000 lines of COBOL were converted into a Java-based application during an eight-week POC – demonstrating like-for-like functionality as well as the ability to host in the cloud. As a result, these agencies could make go/no go decisions regarding each project with far greater confidence while demonstrating potential value to other stakeholders.

Modernize with Confidence: How You Start Shapes How You Finish | 8

continuous integration and test-driven development to maintain a high level of quality assurance throughout the development process.

Not surprisingly, organizations are building on this foundation, using DevOps to modernize and migrate legacy systems to the cloud. As Forrester Research noted, “Mainframe application delivery does not need to be inherently slow and complex. [Application development and delivery] leaders have found that automating the mainframe application delivery pipeline reduces risk, cost, and complexity while improving responsiveness to changing customer needs.”9 One federal agency used DevOps to support the modernization of a mainframe environment with 3 million lines of COBOL code and 17 distinct applications – maintaining seamless service to millions of users as it migrated to a modern Java/Oracle platform.

Figure 3. Architecture Driven Modernization

Start smart—today How you start AppMod shapes how you finish. Increase the odds of success by engaging proven tools, resources, and expertise to help:

• Build a strong and defensible business case

• Craft a roadmap that balances business requirements and technology capabilities

• Mitigate risk through disciplined application discovery

• Deliver proofs of concept before you commit

With a disciplined and incremental approach, you can achieve your goals – and exceed your expectations – for AppMod.

Intelligent automated-assisted tooling supports a lower-risk, accelerated legacy application modernization.

9 Forrester Research, Inc., Digital Transformation Needs Mainframe DevOps, Kurt Bittner and Rob Stroud, June 20, 2016

Modernization reimaginedHistorically, organizations relied on manual development to rearchitect and rebuild legacy applications – often a slow and costly multiyear process. The other option was using automated conversion, which too frequently produced low-quality code that performed poorly and was difficult to maintain.

Fortunately, better options are now available – including specialized tooling that supports the extraction and conversion of both code and business logic into modern frameworks, languages, and environments, including cloud. This hybrid approach mixes automation for standardization and efficiency with an architect’s ability to model business logic and rules (see Figure 3). Employed as part of an overall agile approach, agencies can apply

Modernize with Confidence: How You Start Shapes How You Finish | 9

AuthorsEric Stogoski – Senior Managereric.b.stogoski@accenturefederal.com

Saurabh Srivastava – Technical Architecture Managersaurabh.d.srivastava@accenturefederal.com

Aaron Jeanguenat Senior Manager aaron.t.jeanguenat@accenturefederal.com

Contributors Kathy Conrad – Director, Digital Governmentkathy.conrad@accenturefederal.com

Jason Layman – Senior Managerjason.layman@accenturefederal.com

Craig Wright – Senior Managercraig.wright@accenturefederal.com

About Accenture Federal ServicesAccenture Federal Services is a wholly owned subsidiary of Accenture LLP, a U.S. company, with offices in Arlington, Va. Accenture’s federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at civilian, public safety, defense, intelligence, and military health organizations.

About AccentureAccenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 373,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Visit us at www.accenture.com/federal Follow us @AccentureFed on TwitterYou can also follow us on LinkedIn

Copyright © 2016 Accenture All rights reserved.

Accenture, its logo, and High Performance Delivered are trademarks of Accenture.