A little over a year ago, the House Oversight and Government Reform Committee released its first set of grades for how agencies were implementing the Federal IT Acquisition Reform Act (FITARA). The grades, as expected, weren’t good. By May, when the committee released its second report card, some agency scores had improved, but many agency chief information officers started to see the shortcomings in how lawmakers were holding them accountable.
A Federal News Radio survey of CIOs in August and a recent effort by the Censeo Consulting Group, Cyrrus Analytics and the Hettinger Strategy Group both found while CIOs are supportive of the goals of FITARA, the metrics the House committee and the Government Accountability Office are using need some work.
“What we found is not anger toward FITARA scorecards, but more of a general feeling that the scorecard was unfair and didn’t take a holistic view of agency efforts in meeting FITARA,” said Kareem El-Alaily, a managing director at Censeo. “All stakeholders involved GAO, the Office of Management and Budget, agencies and Congress are trying hard to make this work. The issue is that no one is tying this all together to say how it should work. All the agencies have different roadmaps in how they are implementing FITARA and all this effort is overcomplicating things. What is needed is a reset to get all the stakeholders back on the same page and marching towards a unified end goal.”
Rich Beutel, one of the leading forces behind FITARA when he was a staff member on the House Oversight and Government Reform Committee, said they surveyed eight CIO IT teams about their opinions of the scorecard and how it could improve.
Insight by MFGS, Inc.: In this exclusive Federal News Network survey, cybersecurity experts from the military services and intelligence community offer insights into how their agencies are transforming their approaches to cybersecurity to address the ever-changing threats.
Beutel, who now runs Cyrrus Analytics, said overwhelmingly CIOs and their staffs say the scorecard should measure all seven principles of FITARA, not just the four currently a part of the scorecard —incremental development, risk transparency, IT portfolio reviews and data center consolidation.
“We acknowledge one size of FITARA implementation doesn’t fit every agency, but the four measures currently applied in the Congressional scorecard are the ones GAO and the Hill team could put together quickly from publicly assessable data — so they were driven by what data was available and what was transparent, not necessarily from what was a comprehensive reflection of FITARA policies. The existing scorecard served a valid and useful purpose and the two hearings on the scorecards are an example of very effective congressional oversight because they got a great effect and attention,” Beutel said. “But now it’s time to amend and refine the scorecard so congressional oversight can properly be calibrated against what agencies are really doing at a common FITARA level.”
Federal News Radio’s survey found similar sentiments by CIOs. Of the CIOs who responded, 65 percent said the scorecard didn’t accurately reflect their agency’s progress in implementing FITARA. Only 17 percent said the scorecard was accurate while 17 percent said they weren’t sure.
Comments from CIOs ranged from, “The information is typically 6 months behind. Need a better method to capture real-time data;” to “It’s horrible. Reflective of old way of thinking and is just a political tool for congressional grandstanding. Doesn’t address level of difficulty or whether or not funding was available to do the things needed;” to “The scorecard has no connection at all to a successful or unsuccessful FITARA implementation.”
At the same time, most CIOs say FITARA will have at least some if not a great impact on their agencies.
It’s that hopefulness that is spurring El-Alaily, Beutel and Mike Hettinger, a former committee staff member, to push for change in the spirit of keeping the FITARA momentum going in the right direction.
“This report has to do more with ensuring congressional oversight is examining the right things in the right way,” Beutel said. “The current scorecard needs to be updated by going from four to at least seven elements. We made recommendations on what those elements should look like, for example by measuring the ratio of operations and maintenance (O&M) spending to that of development, modernization and enhancement (DME) spending. We believe that this metric would serve as a critical measure of the extent to which agencies are engaging in key IT modernization initiatives.”
In the white paper, based on their interviews with CIOs, the experts recommended 12 changes to the FITARA scorecard, focusing on everything from creating a FITARA Working Council within the Federal CIO Council to OMB taking a more prescriptive role in the law’s implementation.
Beutel said they recognize different agency cultures require different approaches to FITARA, but there are some key areas where inconsistencies in oversight could hurt rather than help implementation.
Lawmakers recognize the scorecard needs updating.
Rep. Will Hurd (R-Texas), chairman of the subcommittee on IT, said in May at the last scorecard hearing that adding a metric around CIO authorities would make sense.
Rep. Gerry Connolly (D-Va.), co-author of FITARA, said in an email to Federal News Radio that while agencies are making progress, improvements to the scorecard are needed.
“We are aware of some concerns raised by agency CIOs and deputy CIOs and took those into consideration when determining the metrics for the 3.0 scorecard,” Connolly said. “It is important that agencies feel that the scoring system is fair, accurate, and transparent. In consultation with the GAO, we believe we have made the necessary adjustments to address these concerns in the next scorecard.”
David Powner, GAO’s director of IT management issues, said his office is working closely with the committee to ensure the data they use is current.
“Scorecard 3.0 will be built off the four areas we initially measured and likely will look at how to score CIO authorities,” Powner said. “We are discussing if agencies are reporting CIO authorities properly. It’s clear Chairman Hurd wants to do something in the CIO authorities area.”
GAO also is working on a number of requests from the committee that will influence future scorecards. The committee requested GAO study CIO authorities, IT budgeting, the use of incremental development and how agencies are measuring their progress in closing or consolidating data centers.
Powner said those studies should be done in late spring or early summer 2017, potentially in time for a scorecard hearing in May.