Just last December, the Department of Veterans Affairs gave its chief information officer oversight and authority over all technology spending.
December also happened to be the five-year anniversary of the Federal IT Acquisition Reform Act (FITARA).
It’s highly doubtful that VA issued the memo giving the CIO full power under the 2015 law as a way to celebrate FITARA’s birthday. But it did signal a major step toward the agencies living up to the spirit and intent of the IT management law.
Insight by Carahsoft: Learn how the FedRAMP PMO and its partners believe the end result of many of ongoing initiatives is a better, faster and cheaper cloud security program by downloading this exclusive ebook.
At the same time, what’s disconcerting about the memo is it took five years to happen for the largest civilian agency with an IT budget of more than $6.1 billion in fiscal 2020.
“[Office of Management and Budget] memos are like strategy documents in the corporate world. Somebody once said culture eats strategy for breakfast so if you have a lot of culture in these agencies that no matter what OMB says, they will do what they will do,” said Tony Scott, the former federal CIO, who led the development of the June 2015 implementation guidance, and now is CEO of the Tony Scott Group. “Change doesn’t happen without constant, consistent pressure, and that constant, consistent, firm pressure hasn’t always been there.”
And it’s clear from a recent inspector general report that VA’s senior management fell short in giving the CIO a big enough seat at the table.
The IG found the VA CIO had limited oversight over IT spending and didn’t review and approval 70% of all acquisitions worth approximately $1 billion during the first three quarters of fiscal 2018.
“VA’s policies and processes did not require CIO review and approval for all IT acquisitions. The review and approval process was not approved by OMB because it was not submitted for approval by VA OIT,” the report states. “The audit team found several issues that contributed to VA’s failure to meet FITARA requirements for CIO review and approval of IT acquisitions. Specifically, VA policy and processes limit the CIO’s review of certain IT investments. [T]he OIT’s process for CIO review and approval of IT acquisitions excludes procurements acquisitions below $100,000 and medical devices funded outside the IT appropriations. Furthermore, an overall lack of awareness of FITARA requirements by VA personnel resulted in ineffective identification of IT acquisitions for CIO review and approval. Finally, conflicting VA policy and guidance created confusion in meeting FITARA requirements.”
The two-page memo, which Federal News Network obtained through a Freedom of Information Act request — it should be noted that VA’s turnaround time on the FOIA request was among the quickest in recent memory — began to fix the shortcomings the IG highlighted by giving the CIO oversight over all IT acquisitions funded with Congressional appropriations and those funded outside the appropriations process, including interagency acquisitions.
“The VA’s mission is too important to be hindered by IT missteps stemming from inadequate policies and a failure to implement FITARA,” said Rep. Gerry Connolly (D-Va.), chairman of the Oversight and Reform Subcommittee on Government Operations and co-author of the FITARA. “Secretary [Robert] Wilkie must immediately take steps to ensure that the VA CIO has a seat at the table for all of the VA’s IT acquisition. As GAO and others have pointed out, empowering the CIO results in IT projects that are well planned out and protect taxpayer dollars.”
In the most recent FITARA scorecard, from December, VA received a “B+” overall, and an “A” on the CIO authorities subcategory of the scorecard given it finalized the memo Dec. 2, 17 days before the hearing.
The House Oversight and Reform Committee expects to release the 10th FITARA scorecard in late July. It will be one of two IT focused hearings from the Government Operations subcommittee.
Even after five years, VA is not the only agency to struggle with FITARA implementation.
NASA, for instance, only gave its CIO full authorities last October. Three departments — Energy, Transportation and Homeland Security — received “Fs” and the Environmental Protection Agency received a “D” on CIO authority enhancements, meaning one of the key tenets of the 2015 law remains unaddressed.
“The fact agencies are still addressing CIO authorities is befuddling. The law couldn’t be more clear,” said Rich Beutel, founder Cyrrus Analytics and a former House Oversight and Reform Committee lead staff member and principal behind FITARA. “Do CIOs at headquarters have budget to provide meaningful oversight over these large budgets or not? Why are CIOs’ hands still tied? It’s a matter of resourcing, focus and staffing to do the kind of job we envisioned to elevate CIOs to be full members of the c-suite and true partners with the business and mission side.”
Jonathan Alboum, the former CIO at the Agriculture Department and now a principal digital strategist for federal government at ServiceNow, said CIOs face a host of challenges to get a hold of their agency’s IT budget, including the overall IT spend is generally made up of many sources of funds from across all of the agency’s programs.
“As government programs grow in size and scope, like many have as a result of COVID-19, it’s not unusual for program managers to spend more funds on digital transformation activities to improve citizen and employee services and experiences,” Alboum said. “However, these spending increases do not generally include a corresponding increase in the department CIO’s IT oversight budget. So, while FITARA grants the CIO authorities to strengthen oversight, it does not come with funds for increased staff to conduct oversight activities, especially as programs spend more on IT.”
This oversight challenge Alboum highlighted is why CIOs are constantly trying to get their arms around shadow IT.
Scott said having the right CIO with the right support from a secretary or deputy secretary is one of the few ways to address this long-standing challenge.
“I’ve seen this in [the] corporate world too. If you don’t have the right combination, it will not work even with the right policy or mandate,” Scott said. “In the corporate world, I’ve seen situations where a weak CIO who had all authority still struggled, and the opposite where a strong CIO had not authority on paper, but came in and assumed control, and managed to work the politics in such a way it didn’t matter what was on paper.”
Alboum said one way to overcome resources and support challenges is for CIOs to have automated tools that will provide better and more insights into agency investments.
“This includes the ability to track progress in real time to see exactly how funds are spent and the value of the work that’s being delivered. This is very much in line with the incremental funding and quarterly review approach taken by the Technology Modernization Board,” he said. “Department CIOs must proactively connect acquisitions and investments to project outcomes and be empowered to quickly make adjustments on an ongoing basis. This is the promise of FITARA. Ideally, FITARA helps CIOs increase agility by giving them the power to optimize and reallocate resources as priorities shift. However, this only works if they have the proper tools, teams and support.”
Beutel said it’s clear that the agencies who benefitted the most from FITARA are those with “forward leaning and visionary CIOs.”
“We wanted FITARA to drive institutional change and not be dependent upon individual personalities. It sought to do this by creating institutional incentives based upon situating the CIO community squarely in the C suite,” he said.
Beutel may have been hoping FITARA would usher in a utopia of sorts, but the fact is the combination of people, process and leadership still is too strong for any law to overcome. VA is the perfect example demonstrating just how hard it is to move toward what on paper is a simple change.