Agency progress in reforming the management and oversight of information technology has stalled.
The fourth version of the Federal IT Acquisition Reform Act (FITARA) scorecard released June 13 by the House Oversight and Government Reform Committee showed the overall scores of 20 of 24 agencies stayed the same or dropped since December.
Of the four agencies that received better grades, the U.S. Agency for International Development earned the first-ever “A” grade on version 4.0 of the FITARA scorecard, which Federal News Radio obtained.
“The FITARA Scorecard 4.0 demonstrates both continued progress as well as frustrating disregard for FITARA reform principles,” Rep. Gerry Connolly (D-Va.), ranking member of the subcommittee on Government Operations and a co-author of FITARA, said in his opening statement. “On the latest scorecard, four agencies had letter grades that improved, five dropped a letter grade, and 15 stayed the same. This represents a fraction of the progress included in the last scorecard where 12 agencies improved, but marginal gains will become more difficult as agency letter grades increase.”
Congress passed and President Barack Obama signed FITARA into law in in late 2014, and agencies developed and the Office of Management and Budget approved implementation plans by summer 2015. Lawmakers released the first scorecard in November 2015 and said while the scores weren’t good, they expected improvements.
After two more scorecards showing real progress, agencies seem to have hit a wall over the last six months.
Along with USAID, only three other agencies–the departments of Housing and Urban Development, State and Transportation–improved their overall grades. At the same time, 15 agencies received the same grades as last time.
The departments of Commerce and Veterans Affairs, the Environmental Protection Agency and the General Services Administration received the next highest grades of “B+,” while the departments of Homeland Security and Justice joined HUD in receiving a “B-.”
“Most agencies have taken steps to improve the management of IT acquisitions and operations by implementing key FITARA initiatives, including data center consolidation, efforts to increase transparency via OMB’s IT Dashboard, incremental development, and management of software licenses; and they have continued to address recommendations we have made over the past several years,” according to David Powner’s, the Government Accountability Office’s director of IT management issues, opening statement. “However, additional improvements are needed, and further efforts by OMB and federal agencies to implement our previous recommendations would better position them to fully implement FITARA. To help ensure that these efforts succeed, OMB’s and agencies’ continued implementation of FITARA is essential. In addition, we will continue to monitor agencies’ implementation of our previous recommendations.”
The Defense Department is the only agency to receive a “F” grade, while five others, including the Department of Health and Human Services, whose chief information officer Beth Killoran is expected to testify at the hearing on June 13, received a “D” grade.
Killoran told the committee that HHS is making progress in implementing FITARA through cross-agency collaboration and dedication. She said she expects HHS to fully implement the law by the end of 2017.
“Under this fundamental premise, we have employed a proactive strategy to address programmatic risk; promote transparency; establish clear lines of authority, foster innovative and incremental development; leverage cloud technology; and, invest in our IT workforce,” Killoran wrote in her testimony. “As a result, HHS has accomplished the majority of the goals we outlined within our FITARA Implementation Plan—ahead of schedule in many instances. Of the 39 individual actions and milestones outlined in the plan, HHS met 34 in the areas of budget formulation, budget execution, acquisition, and organization and workforce.”
Killoran said she delegated to the operating division CIOs authority to make IT investment decisions based on a financial threshold. She will tell the committee that during quarterly meetings, she reviews those decisions.
But she also meets regularly with the chief financial officer during the budget and investment review process to further analyze IT investments and address FITARA objectives.
“This process clarifies IT management authorities and accountability at all levels of the department. The clearer delineation and alignment of IT-related efforts in program management, finance, acquisition and human resources has resulted in improved IT decision-making which better account for cost, benefit and risk,” Killoran said in her written testimony. “The purpose of our budget review is to discuss with each of the OpDiv CIOs their IT budget priorities, current risks, alignment to agency priorities and status of their IT investments for the budget year under discussion. Each meeting results with the CFO and CIO jointly deciding whether to approve, modify or reject the IT budget; the final outcome is an IT budget statement issued by the CFO and CIO submitted with the HHS budget submission to OMB.”
One result of this effort is HHS increasing its overall spending on cybersecurity to 4 percent of the IT budget from 1 percent.
Despite the progress Killoran highlighted, GAO and the committee still gave HHS three “Fs”, two “Ds” and one “B” on the scorecard.
And maybe most telling is GAO and the committee say Killoran still doesn’t report directly to the HHS secretary or deputy secretary.
In fact, 11 other agencies—12 overall—still do not have the correct reporting structure as required by FITARA, the same amount from the December grading period.
Agencies received the most “A” grades in the use of incremental development or agile methodology for software. Meanwhile, 10 agencies received “F” grades for their data center optimization efforts.
“FITARA required agencies to submit multi-year strategies to achieve the consolidation and optimization of their data centers no later than the end of fiscal year 2016. Among other things, this strategy was to include such information as data center consolidation and optimization metrics, and year-by-year calculations of investments and cost savings through October 1, 2018,” Powner’s testimony stated. “As of April 2017, only 7 of the 23 agencies that submitted their strategic plans—the Departments of Agriculture, Education, Homeland Security, and Housing and Urban Development; the General Services Administration; the National Science Foundation; and the Office of Personnel Management—had addressed all five elements required by the OMB memorandum implementing FITARA. The remaining 16 agencies either partially met or did not meet the requirements. For example, most agencies partially met or did not meet the requirements to provide information related to data center closures and cost savings metrics. The Department of Defense did not submit a plan and was rated as not meeting any of the requirements.”