Here’s a thought to ponder: Has there ever been a federal management law that has been as successful as the MEGABYTE Act of 2016?
Stop for a moment and think back over the last, say 20 or 25 years.
I’ll wait …
Insight by CyberArk: Learn how the CDC is using the least-privilege model to limit how much damage hackers can do in federal networks in this free webinar.
While you are going through the old Rolodex of laws whether it was the Government Performance and Results Act (GPRA) or the Services Acquisition Reform Act (SARA) or the E-Government Act or even go back to the Paperwork Reduction Act (PRA) of 1995, have agencies successfully implemented any of these at scale and saw real change as intended by Congress?
New data from the Senate Homeland Security and Governmental Affairs Committee combined with the 10th Federal IT Acquisition Reform Act (FITARA) scorecard demonstrates that the Making Electronic Government Accountable By Yielding Tangible Efficiencies Act (MEGABYTE Act) may just be the most successful federal management bill in the last two-plus decades.
The committee found 13 agencies saved or avoided spending more than $450 million between fiscal 2017 and 2019. The Department of Health and Human Services accounted for $145 million of that savings or avoidance, while the Social Security Administration achieved $118 million in savings or avoidance during that two-year time span.
“I was proud to work with Senator Cassidy to get the MEGABYTE Act signed into law, and it is a great example of how lawmakers can come together and pass bipartisan, commonsense legislation that lead to meaningful savings — more than $450 million — for taxpayers in just a few years,” said Sen. Gary Peters (D-Mich.), ranking member of the committee, in a statement to Federal News Network. “I look forward to continuing to work across the aisle to achieve these kinds of commonsense, practical savings and ensure the federal government is working to the benefit of Michiganders and all Americans.”
This is the first time lawmakers have calculated real dollars impact of the MEGABYTE Act. Previously under the FITARA scorecard, agencies just received a letter grade for implementing the three pieces of the law, but understanding savings or cost avoidance was never clear.
For instance in the July FITARA scorecard, every agency but the Defense Department received an “A” grade under the MEGABYTE Act category.
A HSGAC committee aide said they worked with the Government Accountability Office to collect and analyze the data. While 11 CFO Act agencies didn’t provide data, the aide said the results of the law are real.
“Part of why we are doing this retrospective is to see where the savings or cost avoidance are realized and build on what works,” the aide said. “We are looking into it where and how agencies saved money. We were pleasantly surprise by the scope of the savings. People think of government too often as a place where money pours out the door so being able to realize savings with this pretty straight forward legislation and also seeing compliance on the FITARA scorecard high is a good surprise.”
With the success of the MEGABYTE Act, the House Oversight and Reform Committee and GAO are even considering removing it from the FITARA scorecard. Who ever thought anything would come off that scorecard?
“Since becoming law, the MEGABYTE Act has saved the federal government hundreds of millions of taxpayer dollars. The FITARA Scorecard has been an important tool in that success by bringing accountability to agency decision-making,” said Rep. Gerry Connolly (D-Va.), chairman of the Government Operations Subcommittee and co-author of FITARA. “On the first FITARA scorecard with the MEGABYTE metric, 21 out of 24 agencies received an ‘F’ on this metric. Now, all but one agency received an “A.” This is a testament to the hard work of our federal CIOs. We will continue to look at ways to use the scorecard to incentivize IT modernization and bring transparency and accountability to those efforts.”
While the continued focus by lawmakers on the MEGABYTE Act played a role in its success, former federal officials say the law worked because of its simplicity and because of timing.
Renee Wynn, the former NASA chief information officer, said the space agency took a risk-based approach to implementing the law, looking at it from three perspectives: financial, reputational and program or project risk.
“NASA declared software management a risk in 2017 and handed it off to the CIO’s office. There were obvious benefits which is what the MEGABYTE Act helped with. We laid out a plan and got agency backing and funding,” she said. “We established software asset manager and then established a full software lifecycle management program.”
Wynn said the software asset manager is in charge of negotiating deals with vendors to provide a specific software title based on the lifecycle management program’s requirements that come from the mission and business areas.
“The full lifecycle management office created a software store so if we had spare licenses or if you have a need, that’s where you go. It was about ease of access,” she said. “Once the software asset manager got the software under contract, the program would configure the software to NASA’s standards and get it deployed. And when a software was no longer needed, the program would make sure it was removed from the network.”
Wynn said NASA saved or avoided spending anywhere from $20 million to $50 million a year in 2018 and 2019.
“There had been efforts underway and it was really a no-brainer and everyone could see why it made sense,” she said. “There are some CIO compliance stuff is not that clear to the mission areas, but this one spoke to everyone across the agency and you’d be hard pressed to say this was a dumb idea.”
NASA experience is not uncommon for agencies.
The MEGABYTE Act built on a foundation that Defense Department and the General Services Administration had started with initiatives like the Enterprise Software Initiatives (ESI) or SmartBuy. And the law, as Wynn said, made sense to non-IT people — don’t spend money on things you aren’t using or don’t need.
Since 2014, the Senate committee said agencies saved or avoided spending more than $770 million through better software management.
David Harrington, the managing director of SIE Consulting, which helps agencies address IT management challenges, said vendors would penalize agencies with significant bills for using software without a license. He said it was common practice for some vendors — you know who they are — to use this tactic when business was down.
“The MEGABYTE Act got agencies to create a role of software license manager. Before that, it was a collateral duty. The law was an outstanding success by getting agencies to start think about that and help them with audit prevention where original equipment manufacturers would do an audit and then ask to be paid when too many are being used. It was a substantial problem before MEGABYTE because the funding wasn’t budgeted so it has to come out of a program meaning cut staff or contractors.”
Harrington said the Department of Homeland Security’s continuous diagnostics and mitigation (CDM) program also deserves credit for helping make the MEGABYTE Act successful.
He said the IT asset discovery and management tools CDM required agencies to implement gave them more and better data than ever before.
“Once you make sure you understand the data, then you can make cost decisions to save,” he said. “License management is the baseline of where you want to be under the MEGABYTE Act, but the bigger goal is to develop an enterprise license position (ELP) where you can identify where you can save money in next contract renewal.”
He said agencies such as NASA, the Commerce Department and the IRS, have moved to the ELP approach.
A recent private sector client that SIE Consulting worked with saved as much as 30% from using an ELP approach, Harrington said.
“If you have 200 vendor partners, you can create a criticality list of which ones by spend or mission and then create ELPs. You have to start a year out before you are ready to renegotiate. You should start with the highest spend or most critical and move down,” Harrington said. “There are a lot of savings out there. It’s just a matter of coordination so it happens at the contract renewal or at the option year, and need you need a contracting officer willing to have that discussion with vendors.”
Maybe ELPs is the idea to keep the momentum going under a MEAGBYTE 2 Act?
The committee aide said the committee wants to build on the momentum heading into calendar year 2021, and if Peters becomes chairman—should the Democrats take control of the Senate—he expects cloud, the Federal Risk Authorization Management Program (FedRAMP) and other IT management issues to be high on the list of priorities.