Information technology plays an important role in a public retirement agency’s ability to deliver service to its members, secure and protect confidential information, respond to informational requests, and ensure transparency in its operations. Public retirement agencies are challenged in key areas of:
- IT Governance
- IT Strategic Planning
- Application Management/Modernization
- Data Analysis and Migration
- Security and Data Protection
A variety of information technology vendors are available to assist retirement systems with any of these services, from consulting on governance policies and structures to evaluation and analysis of the agency’s infrastructure, to RFP creation through vendor selection for a benefits administration system, to the implementation of administration software.
The growing trend toward formal IT portfolio management emphasizes an understanding of an agency’s current application portfolio investments and to calibrating those investments for the greatest impact. Formal policies, to provide a structured approach for reviewing and approving IT investments to ensure their alignment with agency goals and objectives, include a focus on ensuring that critical projects stay in scope, on time, and within budget. An increasing number of such policies includes a measurement of IT’s contributions toward the retirement system's strategies and missions.
Increased application of federal regulations, such the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, as well as new state and local ordinances, have required public retirement agencies to adopt stronger, more specific IT governance policies. Additionally, many retirement agencies are developing more specific governance policies to address bring-your-own-device-to-work, remote access, work from home, social media, and other emerging practices.
IT Strategic Planning
It is a new era where business and technology are one and the same, and applications are at the center of it. Retirement agencies have long recognized that investment in applications is critical, and they want applications capable of delivering positive business outcomes. Public retirement agencies operate in an environment of continual change. There are many sources of change including:
- Demographics – increasing numbers of retirees, transfers, and new members.
- Technology – everything from application modernization to cloud offerings to infrastructure as a service.
- Legislation – new hybrid plans, changing eligibility rules, additional benefit tiers.
IT strategic planning focuses specifically on the agency’s technology needs and responding to increasing calls for self-service, mobility, cost-efficient and flexible solutions.
IT must be able to quickly respond to emerging business needs. New systems are required to be highly scalable and provide integrated and robust business solutions. Agencies are looking to achieve greater levels of operational efficiency and productivity, as well as improved levels of service through streamlining duplicate and manual processes and providing automated workflow capabilities. Planning for continued flexibility while containing costs through the analysis of newer delivery models is growing as retirement agencies plan their future IT acquisitions.
Enterprise architecture is more than just a diagram of the computer systems used by a retirement agency. Enterprise architecture provides a context and a scope for IT within the organization and includes not only the technology but the people, affiliated organizations, and processes as well.
Today’s organizations are seeking delivery solutions that reduce IT complexity and balance total cost of ownership with business value. Retirement agencies require an increased understanding of the latest, cutting-edge technologies to develop modernization solutions that help clients move their applications to powerful, modern platform and architectures. The path forward for any specific application may include re-learn, re-host, re-factor, re-interface, re-architect, replace, and retire.
Additionally, as agencies evaluate the most effective management strategies for supporting their current systems, their focus shifts to total cost of ownership and return on investment. IT departments are looking to justify technology costs and to more closely integrate their role with agency operations and strategic goals. Measurably demonstrating how IT helps meet agency priorities though quality reviews, service-level agreements, efficiency measures, and cost comparisons has increased the recognition of IT’s contributions. Management of current applications and investment in future applications is seen as critical to the future success of public retirement agencies and optimally managing these applications is the key to greater efficiency, innovation and growth.
Categories of application management and modernization tools and services include:
- Strategic consulting and assessments of the applicability of new technology (mobility, cloud, “green”, self-service, etc.)
- Procurement – requirements/RFP development, evaluation and selection
- Requirements analysis/management
- Project and change management
- Implementation – development, configuration, testing, version control, release management, conversion, deployment
- Monitoring and reporting
Data Analysis and Migration
Many retirement agencies have historical data compiled from a variety of sources – old paper reports, microfiche, previous system databases, standalone computer databases, etc. This data may be inaccurate, inconsistent, incomplete, or inaccessible. Core to an agency’s operations is the use of that data in benefit and contributions calculations, eligibility determinations, and other payments. Profiling, analyzing, cleansing, and migrating that data to a consolidated database is a large initiative that may be a separate project or incorporated into a larger system modernization project. Many agencies begin data projects with a goal of increasing the level of data accuracy and data integrity, from simply addressing missing or incomplete data to those issues requiring more complex analysis. The end result is typically a new data warehouse or consolidated database that allows a single, highly accurate source of information for calculations, audits, and reporting.
Included in data analysis is the evolving field of business intelligence and analytics which includes data from a wide variety of sources such as social media, video, audio, emails, texts, mobile transactions, documents, images, and so forth. Organizations are looking at context aware analytics, pattern-based strategies, monetizing information, and shared information ecosystems.
Security and Data Protection
Retirement agencies are under ever increasing security requirements pressure from regulatory compliance and heightened threats exploiting latent security defects. Most applications miss or insufficiently address the underlying security requirements resulting from standards and governance sources such as Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST), and Payment Card Industry-Data Security Standards (PCI-DSS). Increasingly, retirement agencies are subject to security audits or reviews by state agencies to insure the security and protection of the private, confidential information that resides with retirement agencies. Correspondingly, there is a significant increase in a retirement agency’s potential for security breaches and news-making headlines. Protecting that data is a continued top priority for many agencies. The IT industry struggles to keep pace and raise the level of security assurance to protect data from being compromised as vulnerabilities in hardware, infrastructure and applications continue to be discovered and exploited. Security vulnerability costs include rework (up to 100X development costs or more), non-compliance penalties (up to $3.5M/incident for PCI-DSS), planned and unplanned downtime due to security patching and incidents ($1M/hr average), and breach disclosure costs ($6.7M/breach).
Services used to find and mitigate an agency’s vulnerabilities include:
- Policy review
- Practice/process review
- Threat analysis
- Privacy/security assessments
- IT investigations/computer forensics
- Network or application vulnerability assessment
- Social engineering
- Network/wireless penetration testing
- Code review
- Data handling and storage assessment
- Security awareness and training