Skip to main content

M3 Framework Introduction M3 Framework Overview M3 Phase 0 - Assessment M3 Phase 1 - Readiness M3 Phase 2 - Selection M3 Phase 3 - Engagement M3 Phase 4 - Migration M3 Phase 5 - Operations M3 Resources
M3 Framework Resources

Image Map Phase 0: Assessment Phase 1: Readiness Phase 2: Customer Readiness Phase 3: Engagement Phase 4: Migration Phase 5: Operations
Resources > Frequently Asked Questions

General Questions

G-1. What types of functions fall under the M3 Framework?

o The M3 Framework pertains to any significant investments in financial management, human resources, or acquisitions systems and/or service that would either provide new capabilities, or modify existing capabilities, that would be used government-wide or that would duplicate those already available.

G-2. Who needs to comply with the M3 Framework?

o Adherence to the M3 Framework is monitored through the Investment Review Process (IRP), in accordance with OMB Memorandum M-16-11. The Investment Review Board (IRB) holds formal reviews at the end of M3 Framework phases (i.e. tollgates) to evaluate risk, recommend mitigation strategies to the Office of Management and Budget (OMB), and assess the progress and outcome(s) of the modernization or migration efforts.
The IRP is applicable to CFO Act agencies performing a systems or services migration to an FSSP; or performing a modernization, if the Project Sponsor is an FSSP undertaking a significant upgrade that impacts its customers’ business process or alters customer service level agreements (SLAs).

G-3. Is there a threshold for investments that are required to follow M3?

o USSM will not apply a dollar value threshold to the M3 Investment Review Process (IRP). The IRP is applicable to CFO The IRP is applicable to CFO Act agencies performing a systems or services migration to an FSSP; or performing a modernization, if the Project Sponsor is an FSSP undertaking a significant upgrade that impacts its customers’ business process or alters customer service level agreements (SLAs).

G-4. What if my agency is small or unique?

o The M3 Playbook is a helpful tool that reflects industry best practice and lessons learned from provider and customer agencies, and is designed to help agencies assess and manage risks throughout their implementation. However, because the Investment Review Process is not applicable to FSSPs performing a modernization that does not affect their customers, or to non-CFO Act agencies, these agencies are not required to follow the M3 Framework. They may leverage the guidance as they deem necessary, and USSM will provide additional guidance and assistance if requested.

G-5. How is the M3 Framework applicable to in-flight customers and providers?

Do in-flight customers and providers need to “go back to the beginning”?
o Organizations that are currently in-flight should work with USSM to develop a tailored approach. USSM will not require organizations to revisit previous phases, but may ask that migration teams complete certain activities to reduce the risk to the migration.

G-6. How is this different from FAME?

o The M3 Framework differs from FAME in that it applies across Lines of Business (e.g. financial management, human resources, or acquisition) whereas FAME was only applicable to Financial Management. M3 now includes a Playbook with further guidance to support agencies evaluating system and/or service modernizations or migrations.

G-7. Does M3 replace our internal processes and/or investment policies?

o No. The M3 Framework does not replace internal processes or investment policies.

G-8. Do agencies already performing agency-specific oversight activities need to follow the M3 Framework?

o Yes.

G-9. Can agencies use their own templates?

o USSM is looking for function over form. Agencies may use their own templates so long as they include the necessary information to support the Tollgate review and exit criteria. A crosswalk of the agencies documentation to the M3 templates/criteria will assist USSM to identify where necessary information has been documented by the agency.

G-10. What is the difference between the Framework, Investment Review Process (IRP), and the Playbook?

o The IRP and Playbook are part of the M3 Framework. The IRP is the oversight function while the Playbook provides the guidance, tools, and templates to help customer and provider organizations follow the M3 Framework.

G-11. Should health checks be integrated into my schedule?

o Tollgates should be factored into your schedule, but health checks will occur as determined by USSM.

G-12. What are the customer and provider responsibilities in the Tollgate?

o The customer organization and provider organization (in Phases 2 through 4) will participate in the Investment Review Board to present recommendations and discuss risks and outcomes.

G-13. Who approves Tollgate Reviews?

o USSM will provide a recommendation to the Shared Services Policy Officer to approve Tollgates.

G-14. What are the outputs if a Tollgate is not passed?

o If an agency does not pass a Tollgate, a recommendation will be sent by the Shared Services Policy Officer (SSPO) outlining the necessary remediation activities so that the Tollgate can be passed in the future.

G-15. Are Tollgates going to cause delays to the modernization or migration effort?

o Agencies should build Tollgate Reviews into their migration schedule and also work with USSM and the Line of Business Managing Partner during each phase to avoid delays.

G-16. Can I use the M3 Playbook if I am not moving to Shared Services?

o Yes.

G-17. When is a risk determination made?

o An initial risk determination is made during the Phase 1 tollgate process. USSM will continuously assess risk throughout the life-cycle using the Risk Assessment Tool.

G-18. Do commercial providers need to comply with the processes and requirements outlined in the playbook?

o Yes. Where a CFO-Act agency has engaged a commercial provider for a modernization or systems/services migration, then the customer agency procurement actions should reflect the need to comply with the M3 Framework and guidance.

G-19. What preparations are required to secure funding for each phase of the M3 Framework?

o To secure funding, agencies should begin planning for and requesting through the Major IT Business Case process for out-year planning. In Phase 1 (Readiness), agencies should develop an initial life-cycle cost estimate for the total cost of migration based on the set business requirements. This estimate should be updated in future phases based on updated estimates and assumptions.

G-20. What has changed with the recent August 2017 update of the M3 Playbook?

o USSM published an update to M3 in August 2017 based on feedback received from customer and provider agencies and Industry (via “good government” association).
The major updates include:

  • Clarifying the application of the Investment Review Process
  • Defining the Risk Assessment process and incorporating the Risk Assessment Tool
  • Incorporating additional best practices from on-going migrations and Industry
  • Updating the Business Needs Workbook to align to the Federal Integrated Business Framework (FIBF) Services List
  • Adding a Tailoring Guide for agencies migrating only services (transaction processing)
  • Including guidance to leverage the government-wide benchmarking effort when defining baseline performance metrics

Phase 0: Assessment

0-1. Who is responsible for the Major IT Business Case (Form 300)?

o For Phases 0, 1, and 2, the customer agency is responsible for completing and submitting the Major IT Business Case. When a customer agency selects a designated Federal Shared Service Provider for migration, the Major IT Business Case will switch from the customer to the provider. The provider is responsible for coordinating with the customer to provide the total cost of migration. The customer agency will still include this investment in their Agency IT Portfolio Summary (Form 53) and reference the UII of the provider agency in the “Investment Description” field. In the event a commercial provider is chosen, the customer should maintain responsibility over the IT business case.

0-2. Are providers required to maintain multiple business cases per each customer?

o No, each customer should be listed as a separate project in the provider’s Major IT Business Case (Form 300).

0-3. How should customers account for investments once the Major IT Business Case is handed over to the provider?

o The customer agency should include investments in their Agency IT Portfolio Summary (Form 53) to support the provider’s Major IT Business Case (Form 300).

0-4. How should the customer calculate cost savings in the business case?

o Agencies should reference current year budget guidance (e.g. A-11, Major IT Business Case) to estimate qualitative and quantities cost savings.

0-5. My agency is already complying with A-11 and CPIC requirements. Does M3 require my agency to complete anything else?

o M3 requires that all agencies follow CPIC guidance for Phase 0 (Assessment) in addition to defining a vision and operational end-state. USSM is looking for function over form. Agencies may use their own templates.

Phase 1: Readiness

1-1. What types of activities should the customer’s initial procurement plan cover?

o The initial procurement plan should cover the types of procurement needs required to support the full lifecycle of the modernization or migration, including provider services either through an IAA or contract. Additionally, the plan should cover any additional support needs for those activities to be performed by the customer agencies such as program management, change management, business process reengineering, data management, interface development, and integration. The customer is responsible for defining these procurement needs and collaborating with the Line of Business Managing Partner and category manager to identify an acquisition strategy.

1-2. What level of detail should be provided in the Concept of Operations to effectively develop a full cost estimate for the customers need?

o The Target State Concept of Operations should clearly outline an ideal future state systems environment (including what service layers and systems the customers wishes to retain, which the customer hopes to obtain from a provider, and which the customer hopes to share), major processes that will be performed in the system and how users would interact with the system in the future, where processes are desired to be performed in the future between the customer and provider, how the system would be supported in the future, and operational scenarios.

1-3. What is the role of the Line of Business Managing Partner?

o The Line of Business Managing partner will be involved throughout the lifecycle to provide function-specific guidance and best practices to support agencies through modernization or migration. The Managing Partners are an integral partner in the IRP and provide specific subject matter expertise to the investment review process. In addition, Managing Partners are developing the standards for their respective Line of Business as part of the Federal Integrated Business Framework (FIBF); including the business capabilities and use cases.

1-4. Where should agencies reference as a starting point for basic requirements development?

o Customers and providers will not jointly discuss detailed technical and functional requirements until Phase 3.
In Phase 1, customers should focus on documenting must-have capabilities. Examples of capabilities that should be documented include must-have mandatory system interfaces, hours of operation or availability of services, or other criteria that a provider must be able to meet in order to provide services to the customer.
When defining capabilities, customer agencies should consult the Federal Integrated Business Framework Line of Business (FIBF LOB), which standardizes functions for Human Capital Management (HCM), Financial Management (FM), Grants Management (GRM), Acquisitions (ACQ), Travel (TRT) and Information Technology (IT) across the federal government. The FIBF service list is an important first step for agencies documenting their target capabilities, and a helpful tool in aligning the target state with Providers’ capabilities.

1-5. Why are requirements developed in Phase 3 (Engagement) with the provider rather than in Phase 1 (Readiness)?

o Customers should develop an initial set of business capabilities upfront so that stakeholders within the customer organization are in agreement and have a well-defined understanding of their needs. The formal documentation of requirements, the Requirements Traceability Matrix, will be completed in Phase 3 with the provider.

1-6. Why are providers not involved earlier in the process?

o The customer needs to have a clear understanding of their Target Concept of Operations in order to have meaningful conversations with the provider organization and make an informed selection. Failure to do this in Phase 1 may result in realized gaps in Phase 3 (Engagement) or program cancellation mid-way through migration.

1-7. Why can’t USSM match customers and providers?

o Given differences in mission, customer organizations must drive the provider selection process based on who in the marketplace can best meet the requirements and migration timeline.


Phase 2: Selection

2-1. Should I engage the Managing Partner to help complete questions within the provider portion of the Business Needs Workbook?

o Given that many questions are unique to the customer, providers should complete the provider portion of the Business Needs Workbook. Some responses to common questions, however, will be made available on ProviderStat in the future. For more information on ProviderStat, click here.

2-2. Where can I find information on how providers are performing?

o Performance feedback and metrics will soon be captured in Customer Satisfaction surveys and made available as part of the information available from ProviderStat. For more information on ProviderStat, click here.

2-3. What if the customer determines that moving to a shared service provider is not advantageous?

o Customers will be asked to justify to the satisfaction of OMB and USSM following the completion of Phase 2 (Selection) why the agency should retain the system and modernize, move to a shared service, or become a shared service provider. Customers desiring to retain systems should still come to the Phase 2 Tollgate and work with USSM to tailor the Tollgate process, as necessary.

Phase 3: Engagement

3-1. What if there are requirements that cannot be met by the provider’s standard solution?

o The Fit-Gap Analysis will identify where functional and technical requirements can be met by the provider’s solution and where gaps may exist using the baselined Requirements Traceability Matrix. Customers and providers should conduct validation sessions to review the fit-gap analysis and identify gap solutions, such as configuration changes, enhancements, and/or process changes. If the requirement still cannot be met, the customer and provider should evaluate if the requirement supports a mission critical function needed at implementation or if the requirement can be deferred to a future release or is not required.

3-2. What if the Fit-Gap Analysis indicates a bad fit?

o The Business Needs Workbook is designed to help customers identify a strong provider and avoid Fit-Gap risks in Phase 3 (Engagement) through the definition of the Scope of Services and unique business requirements. If there is truly not a good fit, the customer and partner should work with USSM and the LOB-Managing Partner to review the details of the Fit-Gap Analysis and justification as part of the Phase 3 Tollgate Review.

3-3. Is there a standard template for service level agreements?

o There is no standard template for Service Level Agreements (SLAs). Agencies are encouraged to use existing artifacts where they exist. They may refer to samples of SLAs used by other federal agencies that are available on OMBMax. Agencies have the discretion to develop SLAs using agency-specific guidelines as long as the overall M3 objective is fulfilled.

Phase 4: Migration

4-1. What are the budget and cost implications of a No-Go decision?

o Customers and partners should develop a Contingency Plan to prepare in case a No-Go decision is made, or the solution needs to be rolled back to the legacy environment post deployment. Customers should engage the Resource Management Offices (RMO) to understand budget implications of these two options.

Phase 5: Operations

No Phase 5 Frequently Asked Questions