Congress passed the Federal IT Acquisition Reform Act (FITARA) in the hope of reforming government buying and management of information technology, but some CIOs say it’s the law’s grading system that might need an overhaul.
The House Oversight and Government Reform Committee released its third scorecard earlier this month. Twelve of the 24 CFO Act agencies improved their grades from the last report card, while 11 maintained their scores. Only one department — Transportation — dropped its score.
The Homeland Security Department received a B- this year, compared to the Cs in the two years prior.
“I will tell you I think we should be an A, but unfortunately based on things … we got a B-minus,” said Carlene Ileto, the executive director of the Enterprise Business Management Office at the Homeland Security Department, during a Dec. 15 GovExec event in Washington, D.C. “I don’t think it really reflects all of the work, all of the accomplishments that we’ve made, and the biggest accomplishment is the collaborativeness across DHS. Working with the CPO to make sure that acquisition review is in process, working with the CFO to ensure the budget exemplifies what we’re trying to do based on our strategic goals and objectives.”
Insight by Okta: This exclusive e-book highlights how identity and access management will continue to evolve as agencies face more aggressive cyber threats while keeping data and systems accessible.
What boosted DHS’ score was an A in cost savings, Ileto said.
“We have saved $1.5 billion,” she said. “We have doubled, close to tripled what we were supposed to save. Our score went up because of cost savings. That doesn’t change the fact we have an F in incremental development.”
Not every program needs to be in the agile arena, Ileto said, which is why as agencies push forward with FITARA, it’s important to ask whether the scorecard really represents what each agency is doing under the law.
“At DHS, with such a large agency or department, I have found it’s quite challenging to really implement FITARA,” Ileto said. “The culture is quite different. To see a CIO take on authorities as the FITARA law has requested can be very challenging for this department, and because of that, I think that pushing the law through with the CIOs and the CFOs and the CPOs and making sure we’re all working collaboratively together, is a heavy lift for us. But we’ve managed to do it.”
Ann Dunkin, the CIO for the Environmental Protection Agency, had similar thoughts on the scorecard’s measurements.
“What the scorecard does is grab some things that are relatively easy to measure, but they don’t really reflect what FITARA does for CIOs, and what truly implementing FITARA means,” Dunkin said. “Carlene mentioned acquisition and budget, those sorts of things are really the places where we’re getting leverage in terms of our ability to influence our organizations and to change our behaviors.”
Dunkin suggested that since agencies had to develop baselines for how they planned on implementing FITARA, one of the measurements could be to compare progress with the original implementation plan.
And when it comes to risk, which EPA scored an A on, if an agency improves on project risk, the grade goes down, which means there’s no reason to improve.
“I’ve been really hard on some of our projects and marked them down and said they have a lot of risk,” Dunkin said. ‘I understand GAO wants CIOs to recognize risk; however, if I work with my projects and I get the risk level down, if I improve their posture, my grade will go down. So there is no incentive for me to 1) get rid of the risk other than the fact I don’t want our project to fail, but it’ll make me do worse on the scorecard. But 2) to give them better grades. I could continue to give them horrible grades and continue to have that A. While maybe that was a metric from the beginning to get CIOs to recognize risk, it’s not a sustainable metric if you want to fix the underlying problems that are causing risk.”
Ileto said DHS was doing a lot before FITARA, but it took modifying many of the agency’s processes in order to support what FITARA was asking of agencies. The scorecard might be an indirect measure of what’s going on in an agency, but it’s not a direct measure, she added.
“I will tell you that scorecard did not depict what is really happening with FITARA,” Ileto said. “It is changing the department across the board, and I mean many departments, but I can speak for DHS, it is truly changing DHS across the board.”
Rep. Gerry Connolly (D-Va.), one of FITARA’s co-authors, acknowledged that change does take time, and while there hasn’t been much resistance, there are FITARA implementation hurdles agencies face within their walls.
“By and large, the support we’ve had from the CIO community in the federal agencies, has also been really quite striking and if anything, their concern is impediments to their being able to implement,” Connolly said. “That’s something we have to try to address.”
Connolly said the hope is to make the scorecard into a flexible management tool and reflect agency progress while also supporting CIOs.
“We’re probably gonna expand the scorecard a little bit more to capture all seven pillars of the FITARA legislation if we can,” Connolly said. “We do want to focus on clearly measurable items, for example, data center consolidation. That’s a very measurable item. You either consolidated or you didn’t. You’ve got a larger number or a smaller number.”