The secret weapon to this IT modernization conundrum that the federal community has been talking about for much of the last decade may come in the fiscal 2019 budget development process.
The usually eye-glazing-over, policy-wonk concepts of capital planning and investment control (CPIC) and enterprise architecture (EA) actually hold the keys for agencies to move off legacy systems in a strategic fashion.
“We are very well aware that agencies have to deal with their legacy burden. And it’s a shame when you are handcuffed to spend three-fourths or more of every IT dollar in your budget on legacy systems,” said Scott Bernard, the federal chief architect at the Office of Management and Budget. “We are looking for the future state plans to reflect what the priority of the agency is, and what the best state of IT enablement is for the agency. We are looking for the timeline for doing those things. This isn’t a change, but there is more interest given the OMB memo that talks of implementing the executive order on the workforce and reorganization.”
OMB estimated agencies have a bill of more than $7.5 billion in outdated or soon-to-be expired technology coming due in the next three years.
Bernard, speaking April 27 at the Digital Government Institute’s Enterprise Architecture Conference in Washington, D.C., said as OMB asks agencies to reaffirm what their mission priorities are and where the opportunities are to digitally transform and consolidate citizen services, chief information officers and their staffs have a golden opportunity through these concepts that few want to talk about.
“Enterprise architects and domain architects will be at the table to help answer those questions about what is the best structure for agencies going forward,” he said. “It will be more important to use their investment portfolios to determine and confirm those IT spending decisions.”
Bernard said agencies need to have an authoritative baseline architecture as a starting point to make good future decisions.
“All agencies should have a baseline architecture, but over the past decade or so, many have not kept up with the changes,” he said. “Other agencies have not aligned their architectures with their strategic priorities.”
He said without these documents, IT modernization efforts could be hampered because agencies don’t have a true starting place.
OMB issued draft guidance in October detailing how agencies should begin planning for IT modernization. A major part of that effort is to update enterprise architectures and develop modernization profiles of major systems.
For these and other reasons, OMB is revamping the CPIC process and asking agencies to break down commodity IT spending in more specific terms than ever before.
Bernard said agencies will send separate business cases for seven different commodity spending areas:
“We are putting out through the CPIC community a template for these seven areas of how to construct the business case. We’ve had templates for the 300 business cases before, but never said this is what we want you to write on and here are things we want you to mention, and this is how directed,” Bernard said. “This will not only help agencies help get a better handle of their IT spend, but it will also break up those monolithic business cases, such as one business case for all IT support areas. We are breaking IT spending into these seven areas and are giving guidance and training on how to pull these together. I encourage enterprise architects and domain architects to be at the table as these business cases are put together.”
Bernard said the commodity IT business cases also opens the door for deeper discussions about shared services and agency-wide consolidations.
OMB and the CIO Council have been working on an update to CPIC for more than a year.
Another change around CPIC that is expected this year is the inclusion of agile or iterative projects as part of the business case process.
Dan Chenok, a former OMB official and now executive director of the IBM Center for the Business of Government, said OMB has matured the CPIC process for much of the past decade.
“Part of the CPIC reform is to have agencies report on what is meaningful, and have agencies link their spending plans to budget planning in a way that simplifies the reporting requirements and eventually lead to a more automated type of feed,” he said. “The IT budget is still based on self-reporting, and while some parts have been automated, it could take the next step so agencies spend less time on compliance and more time on how to link IT to performance.”
Bernard said if any agency wants to link IT spending to performance and mission areas, then they have to know what their current capabilities are and where they want to go in the future.
The changes to the CPIC process come as the push for IT modernization is ramping up.
Rep. Will Hurd (R-Texas) introduced his much-anticipated revamped version of the Modernizing Government Technology (MGT) bill on April 28. Hurd said the bill creates incentives for agencies to save money and reinvest it into modernization efforts.
The CPIC and EA processes are important ways for agencies to understand their path to modernization.
On top of the bill, the White House’s long-awaited executive order on cybersecurity will have a major focus on IT modernization.
Rep. Mike McCaul (R-Texas), the chairman of the Homeland Security Committee, said on April 27 that his sense was the EO would focus on modernizing federal networks.
“With have legacy systems, which are very antiquated and make us more vulnerable to attacks like the OPM breach,” McCaul said at the CTIA Cybersecurity Summit. “It’s time for the federal government to come up to speed with the private sector.”
McCaul said he was supportive of Hurd’s MGT bill as well.
It’s unclear when the White House will finally issue the cyber order, agencies, again, can get a head start in planning through the use of their EAs and CPIC.
“CPIC and EA, if used effectively, can help agencies understand the integration of how IT supports all of the other investments of the agency. You can get closer to the budget process and make ties to more granular data,” Chenok said. “It’s also about understanding how common categories can be planned for and purchased effectively both within agencies and around the opportunities for consolidated buying under shared services or category management. There is a natural link to enable those sorts of best practices and using CPIC to promote it.”