Enterprise Security Management Practices ◾ 63
© 2011 by Taylor & Francis Group, LLC
Basically, the funding process has four phases: Planning, Programming, Budgeting,
and Execution. e following provides an overview of each of these phases:
Planning Phase: During this phase, senior management identies the organi-
zation’s strategies, goals, and objectives for the future. Depending on the
organi zation, this projection can be anywhere from 2 to 10 years out. ese
projections are the results of changes in laws and regulations, business trends,
market analysis, growth and nancial projections, and so forth. Using these,
senior man agement issues guidance (including future goals, objectives, priori-
ties, strategies, etc.) to the organization’s managers, so they can identify what
they need to do in the future to support the successful accomplishment of the
future goals and objectives.
Programming Phase: In the programming phase, functional managers review
alternatives to expand or reduce existing projects and programs or develop
new initiatives to support senior management’s guidance. Senior manage-
ment will review these alternatives and determine which have the best poten-
tial of success and which are the most cost eective. e outcome of this
phase is some type of a program decision from senior management.
Budgeting Phase: e budgeting phase is where the functional managers
develop detailed budget estimates for the changes approved in the decision
memorandum. e budget personnel will review these budget estimates for
accuracy, completeness, and compliance with the decision memorandum.
Senior management resolves any issues and promulgates a budget decision.
Execution Phase: With the budget decision, senior management allocates fund-
ing to the functional managers to fund the approved programs. Typically the
funding allocations support one year’s eorts, but sometimes the funding
supports a specic phase of a project. e budget includes funding for person-
nel, utilities, facilities, services, materials, advertising, infrastructure, and so
forth, for both direct and indirect costs.
Figure1.16 illustrates the timing, organization’s interactions, and outcomes of
each phase. e specic time required to accomplish each phase is totally dependent
on the organization. In some organizations a phase may take a year, and in others,
weeks or days. e size of the organization, geographic diversity of management,
complexity of the business environment, level of competitive demands, uidity of
the marketplace, and so forth, can have major impacts on how long and how fast
the process moves. is is why ISSMPs must gain awareness of their specic orga-
nization’s funding process from the individuals who control the budget process.
Once the process is understood, the ISSMP can anticipate budget requests in
support of the process and become very responsive to related management actions.
It is recommended that the ISSMP request the budget individual review and com-
ment on inputs prior to the inputs being requested to ensure that the inputs are
correct and demonstrate awareness of the process. Additionally, determine when
funding reviews occur during the Execution Phase, because this is an opportunity to