The much-anticipated guidance to reform how agencies buy and manage information technology is littered with words such as “shall,” “must” and “all” to underscore the importance and expectations of not just federal chief information officers, but everyone across the CXO landscape.
But the one underlying message from the Office of Management and Budget in the 31-page draft guidance to implement the Federal IT Acquisition Reform Act (FITARA) is the mistakes made 20 years ago will not be repeated.
OMB released the draft guidance Thursday for public comments. The comment period will remain open until May 30, but OMB says it really wants substantive remarks in the first two weeks of May so it can refine the document as it goes along.
“There is some element to learn from what went on before, no doubt about that,” federal CIO Tony Scott said in an exclusive interview with Federal News Radio. “But from my perspective, it’s all about how do we land this the right way, and on the one hand implement the law and the law is very clear in its intent, but it’s also how that lands and how a small agency, a big agency or a complex agency can make it work most effectively. That’s really where the dialogue has been over the last several months, and what we hope to bolster with this public comment period.”
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
There is widespread recognition throughout the draft and during the development of this new policy that Congress and the Bill Clinton, George W. Bush and Barack Obama administrations didn’t do enough to ensure the spirit and intent of the Clinger-Cohen Act was integrated in the fabric of every agency.
FITARA, in many ways, isn’t just updating the 1996 Clinger-Cohen Act, but reinforcing many of the requirements that agencies ignored, misinterpreted or just got lost in the business of government over the last two decades.
The fact OMB is going out for public input on the draft guidance is a major change of direction from how traditional guidance is developed. This is the second time the E-Government and IT office has done this — the first one being asking for comments on the move to more secure websites.
Scott said he didn’t want the policy to be created in a vacuum and instead reach out to experts outside of the Washington area and immediate federal community.
In the guidance, OMB tells agencies by Dec. 31 to implement a new common baseline for CIO authorities. Interestingly, OMB is limiting the baseline to 25 pages.
This is the key provision in the law — the section that created the most heartburn among lawmakers and OMB and now between OMB and agency CFOs.
The common baseline isn’t just about CIOs, however. It’s about creating lasting partnerships among CIOs, CFOs, chief acquisition officers, chief human capital officers and program managers to make budget and policy decisions. There is little that happens in any of these back-office or mission areas that doesn’t involve technology anymore.
“This Common Baseline provides a framework for agencies to implement the specific authorities that FITARA provides for CFO Act agency CIOs, which build upon their responsibilities as outlined in the Clinger-Cohen Act of 1996. The Common Baseline also speaks to the roles and responsibilities of other senior agency officials, as it is critical that these officials in each covered agency are engaged in the oversight of IT investments,” OMB wrote in the memo. “[A]gencies may adopt a plan that provides for the CIO’s direct involvement or a framework approved by the CIO that contains clear rules on the procedures by which decisions are made and articulates that the CIO remains responsible and accountable for those decisions.”
OMB sets self-assessment deadline for agencies
OMB wants agencies to submit a self-assessment by Aug. 15 that determines the gaps between FITARA and their current IT governance processes. Then, agencies must post the common baseline online within 30 days of receiving OMB approval.
Scott said the common baseline encourage a broader dialogue between CIOs and other senior executives in the agency terms of making sure alignment in conversations and consistency of direction on IT programs and projects.
“I think history has been a good teacher that that always has not been the case and there are and there’s been some pretty classic issues when that’s not been the case,” Scott said.
In the guidance, OMB details CIO roles and responsibilities and CXO and other roles and responsibilities for each of the law’s sections addressing CIO authorities around IT budget planning and oversight.
Here, too, is where OMB resurrects the ghosts of Clinger-Cohen.
“As required by the Clinger Cohen Act and left in place by FITARA, the CIO ‘shall report directly to such agency head to carry out the responsibilities of the agency under this subchapter,'” the memo stated. “This provision remains unchanged, though certain agencies have since implemented legislation under which the CIO and other management officials report to a COO, Undersecretary for Management, Assistant Secretary for Administration, or similar management executive; in these cases, to remain consistent with the Clinger Cohen requirement as left unchanged by FITARA, the CIO shall have direct access to the agency head (i.e., the Secretary, or Deputy Secretary serving on the Secretary’s behalf) regarding programs that include information technology.”
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Congress, knowing it’s been 20 years since Clinger-Cohen became law, also used FITARA to try to clean up some of the problems that arose over the years.
For instance, OMB requires the CIO to be included in all internal planning processes for how the agency uses IT resources, approve the IT components of any plans and be included in an agencywide budget development process with the CFO and CAO for any and all programs that include IT resources whether or not they are categorized as an IT project.
In fact, OMB expands the definition of what IT is beyond the traditional ones found in Clinger-Cohen and in Circular A-11.
The expanded definition has been something experts have called for over the years as technology has become more integrated in every part of the agency.
CIO should play major role on governance boards
OMB also includes the concept of “shadow IT” or “hidden IT” where the CIO must play a major role on the governance boards. The CIO must notify OMB of all governance boards he/she is a member of and update this notification at least annually.
The common baseline also clarifies and reemphasizes the role of the headquarters CIO as it relates to bureau level CIOs.
“The CIO shall be involved in the recruitment and shall approve the selection of any new bureau CIO,” the draft policy stated. “It is critical that the agency CIO retain accountability for the roles and responsibilities identified in the Common Baseline. As agency environments vary considerably, CIOs may find that decisions about some IT resources included in the Common Baseline may be more appropriately executed by other agency officials, such as a Bureau CIO or even parts of program or procurement communities. This must be done in a way to allow the agency CIO to retain accountability. … Even if a representative is substituted for the CIO, the CIO retains accountability for the assigned role or responsibility and thus must ensure the overall suitability of selected officials.”
Additionally, the headquarters CIO and CHCO shall jointly establish agencywide critical elements in all bureau level CIOs performance plans.
The draft guidance also addresses a host of other issues, including updating the PortfolioStat process for 2015, detailing 11 areas where these review sessions will focus upon.
It adds more rigor to agency-led TechStat review sessions. OMB says any IT program that has been rated as “red” for three straight months must go through the TechStat review process within 30 days of the last “red” rating.
Finally, the draft guidance tries to reinvigorate the data center consolidation initiative and relates it to cloud and commodity IT consolidation efforts.
“OMB will publish updated FDCCI guidance by the end of FY 2015 which will describe the second phase of the initiative and will refresh and refocus the data center optimization strategy on the efficient and effective use of resources and implementation of the statutory requirements of FITARA,” the draft OMB document stated.
Scott said OMB wants to move on the comments and refinements with a sense of urgency.
“This is a good thing at large for all of the federal government. It’s good for an agency, it’s good for IT, it’s good for the citizens of this country who should end up with better service from each agency as a result of us embracing this and making it real,” he said. “That doesn’t mean in some cases it will be easy or completely smooth sailing. IT is a contact, active sport, if you will. This will require a lot more contact and interaction and collaboration than anything that has gone before. We should embrace it. Make it work. And if there are pieces that don’t work, fix it quickly. I’m looking forward to a feedback-rich environment, and the active engagement of all parties, not just the CIOs and IT organizations. I’m encouraged by what I’m seeing so far.”