This coming Saturday marks the first major deadline for agencies to begin to implement the Federal Information Technology Acquisition Reform Act (FITARA). They’ll need to send the Office of Management and Budget detailed plans for how they’ll boost the authority of their chief information officers. And OMB wants to subject those plans to public scrutiny, partially because it sees transparency as its best chance of ensuring agencies actually follow through on this round of federal IT reform.
Among the documents the 24 CFO Act agencies must submit by Aug. 15 are a FITARA implementation plan plus a “self-assessment” of how their organizations match up against a 30-point common baseline for IT management OMB issued this summer. And if an agency wants to delegate any of its CIO’s new statutory authorities to bureaus or other lower-level officials within their departments, they must explain how they intend to do so and why.
And OMB says it intends to be extremely public about agencies’ headway toward implementing FITARA. Agencies will need to post their planning documents on their public websites and OMB will create a new dashboard to judge their progress toward IT reform.
Speaking to a FITARA forum organized by MeriTalk and OMB in Washington on Tuesday, Tony Scott, the federal chief information officer, previewed several of the criteria the White House will use to rate whether agencies are — in OMB’s view — adequately embracing the new law.
Insight by Galvanize: During this webinar Marianne Roth, the chief risk officer of the Consumer Financial Protection Bureau, will provide a deep dive into enterprise risk management at CFPB. Additionally, Dan Zitting, the CEO of Galvanize, will discuss how making better use of data and technology can help federal agencies more rapidly allow decision makers address and mitigate risks.
“My expectation is that the agency can identify the real breakthrough opportunities to change, to embrace the digitization of government and understand what that really means for business processes. And agency leadership needs to be engaged in that discussion,” he said. “Is there a believable plan of action? Is the CIO engaged with other leadership like the chief human capital officer, the chief financial officer, the chief acquisition officer, the inspector general, GAO and all the other people involved in our ecosystem and do they understand what we’re trying to do? Have we engaged the organization to develop the right relationships up and down the agency? We need to know who the good CIOs are and what they’re doing and then share that knowledge across the organization. That’s also my plan for the CIO Council. A really good CIO council meeting is where we learn something from each other and immediately go implement it.”
Scott emphasized that OMB does not see the new law as only affecting or applying to CIOs, but rather as a tool to transform the way entire agencies use IT to perform their day-to-day functions.
Indeed, the plans due on Saturday are the responsibility of each department or agency’s deputy secretary or chief operating officer, not the CIO.
“I think it’s wrongheaded to think that you can make IT decisions independent of agency leadership or changes in the business process,” he said. “What’s actually happening across the government is that at one pace or another, the business of government is digitizing. It has an inevitable outcome: it’s going to be more citizen-focused and it’s going to be more outcome-oriented. The role of the CIO is to engage the rest of the management team to make sure we’re getting the right outcomes.”
After Aug. 15, OMB will continuously post data on agencies’ plans for FITARA implementation on management.cio.gov, which will also include a dashboard depicting OMB’s assessment of how agencies are faring. The dashboard’s first metric will simply be whether they’ve complied with the initial deadline to submit their plans.
Beginning in mid-September, OMB says much more granular information will begin to appear on the site, including agency CIOs’ progress toward fixing IT management weaknesses that have been known for years, like those that have been previously identified in inspector general and Government Accountability Office reports.
Ben Sweezy, the strategy lead within the federal CIO’s office, said the dashboard will help answer a question it’s been getting since the FITARA planning process first began: How do you measure progress?
“If we’re making these big changes and asking agencies to take a hard look at what they’re doing, what’s that in service of? One thing we’ve landed on is that if a CIO becomes more empowered and more able to patch up the parts of their infrastructure that they’ve wanted to act on for years but couldn’t, because the relationships weren’t quite there before, those CIOs should be able to act on recommendations from external stakeholders,” he said. “So one thing we’re including in this dashboard is a quick summary for every agency of how many open GAO recommendations they have and what their progress has been to close their recommendations since the start of all of this FITARA work. This is an unusual step for OMB, but I think it gets to the heart of the single-mindedness we and Capitol Hill have about IT modernization and IT governance.”
Sweezy, who led the operational FITARA implementation effort, is leaving OMB to take a job with the Washington, D.C. city government.
Reflecting that single-mindedness, Congress will be keeping its own tabs on whether or not agencies are meeting the intent of the legislation they passed last December.
The House Committee on Oversight and Government Reform, in collaboration with the Government Accountability Office, is in the early stages of creating a scorecard to continuously grade each agency, which will help form the basis for future oversight hearings on FITARA implementation.
David Powner, GAO’s director of IT management issues said his office still is in talks with congressional officials about how to measure FITARA implementation. One metric, he said, could be the extent to which agencies are using incremental development to field large IT systems.
“We could start with the self-reporting on the OMB dashboard and use GAO’s work to validate that reporting,” Powner said. “We’d also want to look at data center consolidation: are we closing data centers, and how much are we saving?”
He said the scorecard also could include agencies’ attention to PortfolioStat, the OMB process for reviewing and eliminating duplicative IT spending which was made permanent as part of FITARA.
“But to be honest with you, the PortfolioStat baseline has gotten a little bit messed up,” Powner said. “We had 204 initiatives that could have saved $6 billion, but we lost focus. We need to refocus. We also need to look at the accuracy of the OMB dashboard, and that’s an interesting debate. Should you reward people for saying they’re all green, or should you reward the people who admit they have the most reds and yellows right out of the gate? That’s still up for debate.”
GAO’s position on the question is fairly clear. Powner said current IT dashboards show too many undeserved green lights. As part of the FITARA follow-up work Congress already has assigned to the oversight agency, GAO is looking at 96 major federal IT projects to determine whether their managers and agencies have adequately assessed the risks that their projects will fail.
“We’re looking at risk registries and other documentation to see how much risk is associated, and I strongly believe that there should be many more yellows on the dashboard so that we can manage those projects more efficiently,” he said. “That’s going to cause some tension between GAO and the CIO shop, but that’s a healthy discussion to have. We have to manage these acquisitions much more effectively, and you only do that if you acknowledge that you have risk. These are the types of questions we’re having with Congress, but the intent is this: whatever they measure, it should drive different behaviors. This isn’t about compliance. It’s about improving authorities and rooting out inefficiencies.”
OMB and GAO said they see public availability of data about agencies’ compliance with FITARA as one of their best chances of ensuring that this federal IT reform law doesn’t succumb to the same fate as the last major federal IT overhaul, the 1996 Clinger-Cohen Act.
Both were based on the same principles: that agencies’ IT investments should be smaller and simpler, lean on commercial technologies, have a clear connection to improving the agency’s overall operations and be overseen by a strong CIO. But most observers now believe Clinger-Cohen original intent was stifled by bureaucratic inertia.
There are several reasons to believe things will be different this time, said Jamie Berryhill, OMB’s chief of policy, planning, budget and communications.
“Just about all of our FITARA guidance is built on top of Clinger-Cohen, but Clinger-Cohen was principles-based. It told agencies they should do these things because they’re really good,” he said. “We’ve realized over the last 20 years that those things weren’t taking root, so we built very specific and granular checks and gates to make it very easy to see whether or not any agency is acting to implement FITARA. We are planning on steady oversight throughout the way and the Hill is interested in that too, as are GAO and the IGs. There’s also the transparency piece where we’re requiring all of these plans and policies and documents to be posted. I think we’re working every possible angle to make sure this is implemented.”
Scott, the federal CIO, characterized FITARA as a major opportunity to make a correction in federal IT project success rates that, for now, are headed in the wrong direction.
After what appeared to have been several years of progress toward shutting down expensive legacy IT systems, he updated the governmentwide figures on Tuesday and said 80 percent of federal IT spending now goes to operating and maintaining legacy systems, further crowding-out agencies’ funding to build new services or transition old IT systems to more efficient models.
“That trend will continue and it’s going to get worse and worse the more we try to artificially constrain IT budgets,” he said. “My experience has been that if you ask a CIO to go save money, they’ll do that. But they’ll do it by stopping new application development and refreshing infrastructure. They’ll stop spending on the things that are easy to cut. That’s a circle-the-drain situation though, and eventually you get into situations where you have crumbing systems, and that’s where we are in some cases. This is not a situation where you can save your way to success.”