Federal chief information officers are like Howard Beale, the fictional TV newscaster from the movie Network who famously said: “I’m as mad as hell, and I’m not going to take this anymore!” after his newscast is cancelled for poor ratings.
CIOs aren’t being cancelled because of poor ratings—though if the data on the IT Dashboard was more accurate maybe some should.
Rather, CIOs are done with the CPIC process. It is the bane of many CIOs’ budget existence. If you aren’t familiar, let me describe: the capital planning and investment control (CPIC) process is an annual description of technology projects and programs and all the associated data that goes with them — cost, schedule and performance metrics, current and future cybersecurity status and a whole lot more. The fiscal 2017 guidance was 45 pages and included such wonderful things as the CIO’s evaluation of the program, the total estimated life cycle costs — which is nearly impossible to estimate for almost any and all program, whether IT or not — and a description and associated data to create a major IT business case for the program.
And, of course, each year, OMB updates the guidance based on policy and legislative changes. In 2017, the administration made 27 changes — some made the CPIC process easier, while others required more data reporting such as the use of cloud services or the status of an agency’s data center consolidation efforts.
Well for fiscal 2018, agency CIOs are revolting, kind of. There is a big push through the CIO Council to change the CPIC process.
“The CPIC process is well intended, but it needs a refresh, which is part of what is happening in the council. We are trying to align that to the actual budget formulation,” said Luke McCormack, the Homeland Security Department CIO and vice chairman of the CIO Council, at the Association of Government Accountants Federal Financial Systems Summit on Jan. 19 in Washington. “You have this entire IT investment process that goes on that sometimes doesn’t marry itself very well to the rest of the agency budget formulation process. That’s one of the fundamental areas they are trying to bring those things together and make those align so they aren’t forced together through the 300 process, etc. Right now it could use some improvement, particularly from a timing standpoint. I know every agency faces the same thing in this regard.”
McCormack said the CIO Council is working with the federal CFO community to improve the CPIC process.
“IT investments are scrutinized by lots of folks so they have make different stakeholders and so people like to use that information and cross-walk it with different types of information because folks look at investments through a variety of lenses so the more we can marry that up and simplify it, the better off we are,” said Chip Fulghum, DHS CFO at the AGA event. “The budget train waits for no one so you have to be somewhat agile in that approach.”
It’s not just the budget process that the arduous CPIC process impacts, but how agencies determine and report how they are spending IT dollars.
The lack of clarity, or maybe the difficulty, in separating spend between operations and maintenance (O&M) and development, modernization and enhancement (DME) of systems also is harder because of the CPIC process. And with OMB’s continued push to move agencies out of O&M and into DME, CIOs need to understand more than ever just how much money and on what projects they are spending for IT modernization efforts.
“The CPIC process drives people away from reporting DME. So not to say the government is doing enough DME, but we are doing more than we tell people,” Ann Dunkin, the CIO of the Environmental Protection Agency, at a recent panel sponsored by the AFCEA Bethesda, Maryland. chapter. “A lot of our projects that were all listed as completely O&M are now starting to show up with some DME. Project managers don’t want to do that because it’s hard in CPIC. I’m very excited the CIO Council is looking at the CPIC process. A bunch of people spent some time in December talking about that and hopefully we can make it a better process so we can truly reflect how the government is spending its money.”
This change to CPIC is coming, at least in part, because of the strong emphasis on agile or iterative IT project development across government. The CPIC process and agile development do not mesh well.
CPIC, while annually updated, is built for the waterfall approach to IT projects, where CIOs estimate all pieces and parts of the program.
Under the agile or iterative approach, agencies can’t necessarily estimate project lifecycle costs or schedule timing because updates happen anywhere from a two weeks to two months.
OMB and agencies have been trying to get agencies to implement agile over the past five years. The administration issued a policy back in 2012 on modular or agile IT contracting, and the U.S. Digital Service and GSA’s 18F have been spearheading the training and assistance of agile development across government.
Despite these efforts and the recognition that agencies need to move to agile, the budget process hasn’t kept up. Thus, the CIO Council’s effort to update CPIC.
OMB usually issues new budget development guidance in the June timeframe so the real impact of this effort is a few months off.