The Department of Health and Human Services will be in the hot seat before the House Oversight and Government Reform Committee on Dec. 12 when its progress against the Federal IT Acquisition Reform Act (FITARA) will be scrutinized.
This seventh oversight session of FITARA will continue the committee’s focus on agency implementation of the law that is celebrating its four-year anniversary this month.
Insight by Cloudera: Learn about what a few federal agencies are doing to tackle data security challenges and improve their cyber data posture in this exclusive e-book.
While few would argue these hearings are critical to keep agencies motivated and accountable, the real measure of meeting the spirit and intent of FITARA may not be found in the scorecard or at the hearings.
It is found in the bowels of agencies where the headquarters chief information officer is influencing, overseeing and managing technology spending on a regular basis.
Rod Turk, the outgoing acting CIO at the Commerce Department, offered a clear example of the type of success and impact of FITARA that many expected when lawmakers first started talking about the bill. He said that for the first time he issued budget formulation guidance to the bureau CIOs for the fiscal 2020 development.
“The idea is this is what the department is considering significant in preparing for budget year 2020, and this is where we want you to focus on and we will come visit you to see what budget looks like and ask customer relationship type questions,” Turk said at an event sponsored by the American Council for Technology and Industry Advisory Council in Washington, D.C., on Dec. 5. “We provided the guidance late summer or early fall, and I went to all components and looked at their budgets. It was a tremendous exercise for me to review how much money was being spent and where the focus is. I didn’t have that visibility before.”
And it’s more than just visibility into the bureau’s IT spending. Commerce’s implementation of FITARA is driving the behavior of the bureau’s CIOs.
“Now that I’m looking at the budget formulation and from our IT investment review for anything above $10 million, the bureau CIOs are reviewing contracts before they get to me so they are having a great impact on our functional investments,” Turk said. “It’s also enhanced the relationships between the bureau CIOs and the functional areas. That is leading to less rogue IT because they have better relationships.”
Turk said all of this is giving him a greater awareness of investments across the department, which is helping to take systems and tools and share them across all the bureaus, especially the smaller ones.
“Our goal is to improve the services and capabilities for less money so by sharing that information across the different bureaus, we can make smarter investments,” he said. “That is the significant impact from FITARA.”
It’s also the kind of impact the authors of the bill hoped for and expected.
Rich Beutel, a former staff member on the House Oversight and Government Reform Committee who helped write FITARA, said the goal of the legislation was to follow the money.
“One of key areas that we were trying to solve with FITARA were around the issue of CIO empowerment,” said Beutel, who is now managing principal of Cyrrus Analytics LLC. “We wanted to give them broader budget oversight, which is precisely what Rod Turk is describing and we hoped would start to occur,.”
Beutel said Turk’s use of FITARA to drive visibility into the bureau level reminded him why the law was necessary in the first place.
“I remember talking to a component CIO of an agency who came in to the committee to tell me about one system that they were proud of. It was only going to cost them $40 million,” he said. “Just 48 hours later, another component CIO from same agency came in and started [to] tell me about basically the same system that they were spending only $60 million on. I asked if they knew about the other component’s system and they said their needs were different. But it was basically the same system. FITARA is trying to deal with empire building because it had gotten so rampant especially in federated agencies where components are so huge and dominate everything.”
The only way to stop this type of duplication is by giving the headquarters CIO authority to not only know what’s happening, but require components to work together.
Rep. Will Hurd (R-Texas), chairman of the Oversight and Government Reform IT subcommittee, said FITARA and its scorecard are supposed to drive a certain behavior.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
“The CIO of the department or agency should have full insight and authority over all of the software and hardware they are responsible to protect. You can’t hold someone accountable if they don’t have the responsibility to manage their network properly,” Hurd said in an interview with Federal News Network.
Hurd said with the latest FITARA scorecard, the committee wants to focus agencies on ensuring their CIO reports to the deputy secretary or secretary of the agency, which 16 of 24 do today.
“When the MegaBYTE Act was first introduced the number of departments and agencies that understand or knew how many software licenses they were using was less than 4 of the 24 CFO Act agencies. Now all but four have a handle on this. It’s one of the things that moved the needle for CIOs,” Hurd said. “The other trends we are seeing is making sure the CIO is reporting to agency head or deputy head. That means that agency head, the chief executive of that department values IT and values cybersecurity because the CIO is directly in their chain of command. That has changed behavior.”
Tony Scott, the former federal CIO, said when he was writing the implementation guidance in 2015, he knew the CIO authorities were the crown jewels of FITARA but it was going to take time for change to occur.
“We saw agencies where the CIO was being undermined or sidelined by superiors. At the time, many said FITARA, it was like these were protected programs and they were not going to let you have any involvement at all because it was a political or a pet project. While this wasn’t universal across all agencies, there were enough cases of it you were dismayed to say the least,” Scott said. “We also knew that as with any change, you have win over the people and you need to just keep hammering away at these things and they will shine through. What has been very helpful is the consistency in terms of congressional oversight, and the fact that OMB has been consistent with its focus on it. With any change in personnel especially when you get new political appointees, you’ve got a chance to break some of the culture issues that inevitably get in the way.”
Scott said he believes FITARA has been successful even though it has taken four years to really start seeing major changes.
“I think the law has significantly moved the needle and created real momentum and progress. We would’ve been in far worse shape had it not come to pass,” he said. “But that being said, are we aspirationally where we hoped to be, probably not. But that means the focus, the dedication, continued oversight by Congress and the consistency from OMB will help us get there.”