Federal information technology reform is taking a well-travelled path toward passage.
Rep. Darrell Issa (R-Calif.) plans to offer the Federal IT Acquisition Reform Act (FITARA) as an amendment later this week to the 2013 Defense Authorization bill, which likely will be debated on the House floor starting Wednesday. By taking this path, Issa is choosing a common approach to getting important, but politically insignificant legislation passed. Lawmakers previously have attached the E-Government Act of 2002, the Federal Information Security Management Act (FISMA) and Services Acquisition Reform Act (SARA) to the Defense authorization bill as a means to passage.
Issa’s bill is the first attempt to not only update federal IT laws, but to give agency chief information officers more authority in a decade.
The Senate Homeland Security and Governmental Affairs Committee is heading down a similar path, but is a bit behind in terms of writing a companion bill to FITARA.
Insight by CyberArk: Learn how the CDC is using the least-privilege model to limit how much damage hackers can do in federal networks in this free webinar.
The committee held the first of likely many hearings in the coming months on how best to improve federal IT oversight and spending.
Setting the tone for CIOs
Issa’s bill is paving the way for the change in many regards.
The latest version of the legislation includes updates from the version that passed the Oversight and Government Reform Committee in March.
Issa’s legislation would instruct agencies that IT spending for any fiscal year “shall be allocated within the agency” that is specified or approved by the CIO in consultation with the agency’s CFO.
That simple bit of language would be a major change to the authority of CIOs.
The Federal IT Acquisition Reform Act also includes a provision to require agencies to have only one person with the title of CIO. Other bureau level CIOs could be called deputy CIOs or associate CIOs or assistant CIOs.
Additionally, the bill would make the CIOs at 16 of the largest agencies, including the departments of Health and Human Services, Interior, State, and NASA and many others, presidential appointees. These appointees would not require Senate confirmation.
The Senate isn’t quite on board with FITARA. The upper chamber still is in the discovery stage, but lawmakers seem to agree the expansion of CIO authorities is needed.
On a course toward more authority
And if the Senate and House come to an agreement, the resulting legislation would solidify the intent and spirit of the Clinger-Cohen Act passed 17 years ago. Clinger-Cohen created agency chief information officers and gave them responsibility to oversee IT efforts.
But lawmakers and other observers say agencies have fallen short in giving CIOs the full extent of the authority the original bill called for.
So now between FITARA and whatever the Senate decides to do, lawmakers would codify the authority of CIOs to take more control over federal IT spending once and for all. At Tuesday’s hearing, Sens. Tom Carper (D-Del.), chairman of the committee, and Tom Coburn (R-Okla.), ranking member, both pressed CIOs from HHS and the Commerce Department; Steve VanRoekel, the federal CIO; and the Government Accountability Office for answers about the need for expanded authorities.
Coburn said the problem for agencies is the inconsistent application of CIO authorities.
Coburn said the April 2012 PortfolioStat memo from OMB, which required agencies to put someone in charge of the process, is a perfect example. He said only about half of the agencies put their CIOs in the lead roles. Coburn said he was disappointed with OMB’s lack of direction during his questioning of VanRoekel.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Coburn said among those that didn’t put the CIO in charge of PortfolioStat were the departments of Agriculture, Justice, Treasury, Transportation and Veterans Affairs, and the National Science Foundation, the Social Security Administration and the Agency for International Development.
“My point is what you have here is a couple of examples here where leadership matters and bought it and we gave responsibility, but we also gave authority to CIOs to make a difference,” he said. “What you all put out didn’t mandate that. Where you could’ve mandated it so that you would’ve empowered the CIOs everywhere, instead you empowered them at 12 or 13 agencies. I know there are other ways to skin a cat, but my preference would have been to empower CIOs.”
David Powner, the Government Accountability Office’s director of IT management issues, said research also shows CIOs are struggling to have authority over commodity IT. In August 2011, OMB told agencies to put the CIOs in charge of commodity IT.
A no brainer for commodity It
Powner said that lack of authority is impacting the success of agency investment in technology.
“I think the CIO authority, if we don’t fix that we you can’t accomplish these other things,” Powner said, referring to data center consolidation and the efforts to reduce duplication across the government. “I think the big learning and a big surprise, it’s a no brainer to have CIOs have authority over commodity IT and we want to eventually move certain agencies where the CIO has input on mission critical IT.”
OMB and GAO found potentially billions in savings because of duplication or consolidation opportunities.
Powner said by giving agencies authority over commodity, agencies could easily find $10 billion in savings.
VanRoekel gave limited support to giving CIOs budget authority. He said empowering CIOs could include budget oversight, but he said there’s more to it than just controlling the money.
“There are a myriad of other things we have to consider and bring into play because it’s not the only way,” he said. “I think the essence of good IT management at an agency is one that there is coordination across the budget motion and you are watching the dollars flow and you are making sure there isn’t duplicative spend. But you also, as you’ve heard earlier, need the oversight of senior leadership.”
Visibility, transparency, senior leadership
In fact, both Simon Szykman, the Commerce CIO, and Frank Baitman, the HHS CIO, attribute their successes to among other things senior leadership support for transforming IT management.
Szykman said for his agency centralizing budget authority isn’t the answer to improved IT management.
“Much of the benefit can be obtained by improving visibility and transparency, and providing enough authority that the CIO could influence the right types of decisions going on across the organization,” he said. “I think from the centralization perspective the key is a focus on commodity IT. Agencies do not need to have well over a dozen email systems, which the department had a few years ago. Our largest bureau had over 10 alone and they’ve consolidated down to one, and the rest of the department is in the process of moving to the cloud. That type of proliferation of replication in commodities is unnecessary.” A good example of that transparency and ability to influence decisions is the Census CIO’s decision to require the program office doing the 2020 population count to use the bureau’s IT infrastructure managed by the CIO. The CIO also has approval authority coming out of the Census program, Szykman said.
HHS is just at the beginning stages of increasing transparency and visibility into IT spending.
Baitman said the recent change involves how the agency oversees technology investments.
“Because the majority of the department’s IT resources are tied directly to programs and our operating division, we’ve established three IT steering committees to bring together technology and program leaders from across these divisions,” he said. “It’s a key point I’d like to emphasize. We believe the best investment decisions are made when both the IT and program leadership collaborate, and there is executive ownership to drive agreement to closure.”
Baitman said the three steering committees focus on health and human service systems, scientific research systems and administrative and management systems.
The new governance structure provides HHS with an enterprisewide view it didn’t have before. Baitman said there was redundancy and waste, but now he can use this data to sit down with business leaders figure out how to do a better job spending money on IT business systems.
Carper said he will continue to look into the best approach to improving CIO authorities.