The U.S. Agency for International Development asked for the authority to establish a working capital fund for IT modernization in its budget request in 2019, again in 2020 and again in 2021. But as Congress finalized each fiscal year’s budget, appropriators ignored USAID’s request.
Jay Mahanand, USAID’s chief information officer, told members of the House Oversight and Reform Subcommittee on Government Operations during an April 16 hearing that despite support from the Trump administration and the Office of Management and Budget, it was unclear why the working capital fund request failed each year.
USAID isn’t alone. The departments of Education and Commerce also failed the appropriators’ gauntlet. So far, only the Small Business Administration persuaded lawmakers to give them the authority to set up a working capital fund and transfer unexpired funds into it. SBA says in its fiscal 2021 budget request it expects to have $4 million in 2020 and another $2 million in 2021 in the fund.
Insight by Galvanize: During this webinar Marianne Roth, the chief risk officer of the Consumer Financial Protection Bureau, will provide a deep dive into enterprise risk management at CFPB. Additionally, Dan Zitting, the CEO of Galvanize, will discuss how making better use of data and technology can help federal agencies more rapidly allow decision makers address and mitigate risks.
Sen. Maggie Hassan (D-N.H.), chairwoman of the Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight, plans to fix this long-standing problem.
At the subcommittee’s April 27 hearing on legacy IT, Hassan said she plans to introduce a technical amendment to fix the Modernizing Government Technology (MGT) Act, which initially authorized every agency to create an IT modernization working capital fund. Through the WCF, agencies can bank saved money, which then can be used for future IT modernization projects.
A Hassan aide told Federal News Network that expanding working capital fund authorities was one of the main pieces of feedback from the agencies that responded to Hassan’s legacy IT oversight letters last summer, and is one of the pieces that Hassan is looking at for potential legislation. The aide didn’t say how the Senator planned to fix the MGT Act.
“This hearing is the first in a series of hearings that Senator Hassan will hold on legacy IT as chairwoman of the subcommittee,” the aide added. “Our office is working to coordinate another hearing focused on specific ways federal agencies and Congress can work to advance IT modernization and save taxpayer dollars.”
In many ways, the WCF is the more powerful authority granted to agencies under the MGT Act, rather than the much-heralded and watched Technology Modernization Fund (TMF).
Max Everett, the former Energy Department CIO, told the Senate subcommittee having a working capital fund would take care of long-term budget planning challenges many agencies face.
“Much of my experience, to be very frank, was robbing Peter to pay Paul. In most cases to do those modernizations, you are going to have to take money from somewhere,” Everett said. “I know that there is long held concerns about WCF turning into slush funds and things of that nature. But I think that simply means they need to have the appropriate oversight, but they would allow that level of longer term planning.”
The lack of that long-term planning is another area where agencies have fallen short on.
Kevin Walsh, the Government Accountability Office’s director of IT and cybersecurity, said it was disheartening that when his office looked at 10 agencies in 2019, three didn’t have a long-term IT modernization plan, five had some aspects of a plan and only two had a firm idea of what needed to be done.
“Having these plans is valuable, just getting agencies to think about it. Agencies that don’t have a documented plan, we aren’t sure what kind of resources they are able to throw at it, what kind of timeframes, and even the scope of the project,” he said. “Having some idea of what needs to be done is the most fundamental step.”
Walsh pointed back to a 2016 OMB memo that would’ve required agencies to create and follow these plans as one reason for the problem.
Tony Scott, the former federal CIO, who authored that draft policy, said in an email to Federal News Network that the goal “was to institutionalize a set of practices that would, at budget formulation time, identify for agency leadership and for appropriators top priority systems for upgrade and replacement. What I was looking for was to force deliberate decision making at budget time to either A.) accept the risk that legacy systems presented, or, B.) put money in the budget to do something about it.”
He said the annual review of top-tier systems would’ve reviewed cybersecurity and privacy risk, whether the system was still serving the mission well, the cost and whether there was a way to reduce what an agency was spending to support the system and whether the system needed people or software that was harder and harder to find.
“The ideas was to force this exercise on a periodic basis (i.e. every budget year or two), so that no-one could hide and say, ‘we didn’t know, ‘or ‘no-one told us’ about these inherent risks,” he said.
Matthew Cornelius, the executive director of the Alliance for Digital Innovation, an industry association, and a former senior technology and cybersecurity advisor at OMB, said in an email to Federal News Network the draft policy received hundreds of comments, but OMB never finished reviewing them when the election of Donald Trump occurred.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
“With a change in administration came a change in focus and priorities, including around IT,” he said. “Rather than take the focus the draft memo outlined, the Trump administration chose a different set of priorities to tackle first, including their own Report to the President on IT Modernization, which including lots of tasks and outcomes that drove modernization in the first half of his term. Then, with the MGT Act passing and the TMF getting stood up, OMB and GSA realized that the highest priorities for agencies in applying for TMF dollars wasn’t necessarily whole-cloth legacy system replacement, so they decided to give more flexibility to agencies in the application process (as provided in M-18-12).”
The Congressional budget process makes planning to move away from legacy IT even more difficult, former agency CIOs told lawmakers.
Hassan said she advocated for biennial budgeting, where Congress makes funding decisions in year one and does oversight in year two.
“The current one-year cycle often leads to hasty decision making and neglects capital investments that take several years to implement,” she said.
Renee Wynn, the former NASA CIO, said every time an agency crosses a fiscal year with an ongoing IT project, the risk increases because of possible loss of time and/or people.
“Now you’ve disrupted your project and most likely extended when you will get that project done. That extension, if it goes on too long, means you are potentially using software that is no longer considered modern, available or could reach end of life by the time you get that system back in operation after it has been modernized,” Wynn said. “I would take my total budget and create a reserve. That reserve would be used to make sure the most critical or highest risk projects would get funding for sure going into the secondary years of their project. That way I knew they could be able to continue. If I didn’t do that, I’d run the risk of work stoppage, and then I could lose the talent of my staff, of staff from other mission areas or mission support or even contractor staff, and that would again start to slow down and add more risk to my project.”
With little expectation that Congress will move to a biennial budgeting cycle, the WCF authority becomes more critical.
Cornelius said one thing Hassan should consider as the tries to fix the MGT Act is the need to convince the appropriators why the transfer authority is so important.
“The main thing agencies need to do is to keep making the case to their appropriations subcommittees on what their IT modernization priorities are, how they would ensure appropriate oversight and execution of projects funded by an IT working capital fund, and to provide appropriations staff opportunities to provide their own recommendations,” he said. “Building this trust is key to getting Congress to provide agencies the flexibility they need to manage their finances in a way that best help achieve their IT and security outcomes.”
It’s clear former Rep. Will Hurd (R-Texas), Rep. Gerry Connolly (D-Va.), Sen. Jerry Moran (R-Kan.) and former Sen. Tom Udall (D-N.M.) — the co-authors of the MGT Act — wanted to give all agencies the authority to create WCFs without appropriators’ approval. With a working capital fund, IT modernization planning becomes more critical, meaning agencies would have a clear path to solving two of the biggest remaining challenges to moving off legacy systems.