The latest report card from the House Oversight and Government Reform Committee on IT reforms illustrates dramatic differences over the last six months. More than half of all agencies improved their grades and all but one at least held par in the third version of the Federal IT Acquisition Reform Act.
But House lawmakers at the Dec. 6 hearing didn’t hone in on the 12 agencies that improved their grades or even the one agency that saw its grade drop. Rather, the committee members focused on the key piece of the legislation that is driving the rest of the progress: the authorities and reporting structure of the chief information officer.
“I want to make sure the CIOs have all the authorities that they were given in FITARA. Part of that is making sure they’re reporting to the right individual. We’ve seen across all 24 CFO Act agencies, when they report directly to the agency head or the deputy agency head that they have shown they have more authority to operate throughout their enterprise. Where you sit matters,” Rep. Will Hurd (R-Texas), chairman of the IT subcommittee, told Federal News Radio after the hearing. “If we use the private sector as an example, the CIO generally reports directly to the C-suite.”
The committee added a new measure to the latest version of the scorecard: agencies whose CIO reports directly to the secretary or deputy secretary received a “+” and agencies whose CIO reports to someone else received a “-.”
The committee says 12 agencies received pluses and 12 received minuses.
“Agency CIO self-assessments to the Office of Management and Budget are higher on average if they report to the agency head,” said David Powner, director of IT management issues for the Government Accountability Office. “Clearly CIO authorities is still a major issue at departments and agencies.”
Powner said GAO is working on a report for the House Oversight and Government Reform Committee on CIO authorities. Committee lawmakers wrote to GAO in June asking for auditors to review five FITARA related questions, including implementation of enhanced CIO authorities and any challenges agencies face in meeting this goal under the law.
In the meantime, lawmakers from both sides of the aisle expressed concern over pushback or even obstacles some agencies are putting in front of CIOs.
Rep. Gerry Connolly (D-Va.) said he even added a provision in the State Department Reauthorization bill to require the agency to follow FITARA to the fullest.
“I would like to express some concern about the lack of support on FITARA implementation that many CIOs have experienced within their agencies because of leadership’s squishiness, if one can call it that. I find it unacceptable for any of the agencies to be working against the intent of FITARA,” Connolly said. “Secretaries of agencies, division heads and likewise ignoring the critical role of CIOs in FITARA implementation and directing IT investments defeats the very purpose of the law. We find some agencies are struggling to elevate the CIO position to its appropriate management level.”
Connolly said secretaries and deputy secretaries need to understand and accept that because of the transformative nature of IT, the CIO needs to play an appropriate role to manage and oversee technology.
“This is not something tangential to the mission, but integral to the mission,” he said.
Committee members expressed concern about both the departments of State and Homeland Security and how they are meeting the CIO authorities’ requirements under FITARA.
Neither Frontis Wiggins, State’s CIO, nor Luke McCormack, DHS’ CIO, report directly to their secretary or deputy secretary.
State received an overall FITARA grade of “D-,” including three “Fs” for data center consolidation, use of incremental development or agile and for its PortfolioStat efforts.
DHS received an overall grade of “B-,” up from a “C” over the last two report cards. It received “As” in data center consolidation and the use of PortfolioStat reviews to reduce duplicative contracts and systems.
Wiggins said even though he doesn’t answer directly to the deputy secretary or secretary, he meets often with the deputy secretary. He also approves all new IT projects spending and worked closely with the budget office on the fiscal 2017 and 2018 IT requests.
At DHS, McCormack said he reviews all IT spending of $2.5 million or more, and said every CXO has to approve a project before it can go to the next milestone.
He said he has halted or terminated several troubled IT projects during his three-year tenure as CIO.
And when Hurd asked if he had any trouble or difficulty in halting or terminating a project, McCormack answer emphatically, “No.”
Hurd said he was satisfied with State and Wiggins answers about whether he has enough authority, but less so for DHS.
“I feel comfortable [Wiggins] is getting the authority to operate the way they should. You have a new CIO who has only been there for [five] months but I think in the [five] months, he’s shown a real understanding of where the enterprise needs to go so I’m happy with that,” Hurd said. “With DHS, I think there are some ways to go. Their enterprise is so big, they have so many big agencies, but the fact that the CIO has the budget authority across the entire enterprise is important.”
GAO’s Powner said the ability to stop or pause a project is the real indication of where the CIO sits in the organization.
“Too many times agencies are throwing money at bad projects, so if CIOs can manage the risk and halt bad projects, then you have the right authorities,” Powner said. “Having support from the top helps you do that.”
Connolly said if the 12 agencies don’t fix their CIO reporting structure, the committee may have to consider a prescriptive solution in the form of legislation.