The Office of Management and Budget released the final implementation guidance for the Federal IT Acquisition Reform Act (FITARA) on Wednesday.
On the same day, lawmakers issued stern warnings against making the same mistakes of the past with the implementation of other wide-ranging federal IT laws.
Congressman Gerry Connolly (D-Va.), co-author of FITARA and ranking member of the Oversight and Government Reform Subcommittee on Government Operations, said with FITARA being the first major IT reform law since the 1996 Clinger-Cohen Act, Congress must not repeat its shortcomings of the past.
“It is clear that the Clinger-Cohen Act, while establishing a solid statutory framework, unfortunately fell short of achieving its potential. There’s also consensus that the primary weakness of that act was not the bill itself, but actually its inadequate implementation, which was exacerbated by the absence of congressional oversight at that time. The latter being an unfortunate result, in part, of both authors departing Congress shortly after the law was enacted,” Connolly said. “We have to make the FITARA implementation is not Clinger-Cohen 2.0. Congress must and will diligently monitor its implementation and won’t accept unnecessary delays, improper half measures and the stubborn preservation of the status quo.”
Insight by Galvanize: During this webinar Marianne Roth, the chief risk officer of the Consumer Financial Protection Bureau, will provide a deep dive into enterprise risk management at CFPB. Additionally, Dan Zitting, the CEO of Galvanize, will discuss how making better use of data and technology can help federal agencies more rapidly allow decision makers address and mitigate risks.
Connolly’s promise of long-term attention is one part of the three-legged oversight stool.
Quarterly PMC presentations
Federal chief information officer Tony Scott detailed OMB’s implementation oversight process to the committee and as part of the guidance itself.
He said OMB will use the PortfolioStat process to hold agencies accountable in meeting the requirements under FITARA.
OMB also will work through the President’s Management Council, the CIO Council and the FITARA executive working group to further push implementation through the government.
And as part of the PMC oversight, OMB will select three agencies each quarter to present before the PMC how their individual FITARA implementation plans are going.
“I’m certain that our guidance will have significant positive effects throughout government, including helping to address issues called out by GAO over the years and most recently GAO’s high risk list entry regarding improving the management of IT acquisitions and operations,” he said.
The final guidance changed little as compared to the draft version OMB released on April 30.
Over the following month, OMB asked for public comments. In the end, OMB received very limited feedback.
In all, the final memo is 16 pages with 10 attachments providing more details for implementation. It includes the same matrix outlining the section of the law and the CIO and other CXO — whether CFO or chief acquisition officer or chief human capital officer — and their responsibilities.
“Our guidance takes major steps ensuring CIOs have a seat at the table for technology-related budget, procurement and workforce matters. The backbone of our guidance is the common baseline, which outlines roles and responsibilities for CIOs and other senior agency officials,” Scott said. “More importantly, it establishes the ground work for productive partnerships among these leaders to make IT decisions that best support missions. Finally, it positions CIOs so they can be held accountable for how effectively they manage the full lifecycle of IT- related products, services and customer and citizen outcomes, achieve efficient, effective and secure programs and operations.”
Scott said the common baseline is flexible enough for federated agencies so the CIO could designate a bureau level CIO to be part of that collaboration and decision making effort at the appropriate time, while the headquarters CIO retains final oversight and accountability.
The policy details two critical dates around this common baseline. First, by Aug. 15 agencies must complete a self-assessment against the FITARA memo requirements.
Then by Dec. 31, agencies must submit a plan to OMB explaining how they will fill in the gaps between the agency self-assessment and the FITARA baseline.
The plans to meet the common baseline must be put online as well to improve accountability and transparency.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Major push for enterprisewide deals
The second major piece of the FITARA is the acquisition side.
“First, FITARA calls for the General Services Administration to establish an enterprisewide software program on behalf of civilian agencies to reduce lifecycle costs and improve asset management practices,.” said Anne Rung, the administrator of the Office of Federal Procurement Policy. “To implement this section, Tony Scott and I charted the enterprisewide software category team to serve as the lead for IT software. The team includes representatives from OMB, GSA and the Department of Defense. The team is tasked with developing and implementing a strategic plan to increase the number of enterprise license agreements, recommend policy changes to OMB to improve the acquisition and management of software and to monitor agency progress. We will then use the existing PortfolioStat process to hold agencies accountable for moving to these shared solutions as appropriate.”
Rung said another big change is a new rule in the Federal Acquisition Regulations to implement a preference for strategically sourced vehicles. The FAR Council opened a case and is expected to issue a proposed rule later this summer.
Rung said this new rule will help with the category management initiative to better manage agency spending.
OMB’s FITARA implementation guidance also increases the oversight of IT projects. It requires agencies to conduct TechStat sessions on major IT programs and if any program receives a rating of red by the CIO for three months in a row, the agency must hold review session and give OMB 30 days notice so they can participate.
OMB also says in the guidance that it plans to update the Federal Data Center Consolidation Initiative guidance by the end of 2015. This new guidance “will describe the second phase of the initiative and will refresh and refocus the data center optimization strategy on the efficient and effective use of resources and implementation of the statutory requirements of FITARA.”
Lawmakers and others praised OMB for its development of the guidance.
“OMB deserves a lot of credit for their common baseline and what they are attempting to do to elevate CIO authorities in each agency, ensuring they are part of the budget approval and execution process,” said David Powner, GAO’s director of IT management issues.
Give it time to bake before opting out
Despite the praise of OMB for its collaborative development of the guidance, there are some who already want to opt out of the FITARA.
The Project on Government Oversight first reportedthat there is a move to exclude the Department of Energy and its laboratories from following FITARA.
In the Senate Appropriations Committee’s Energy and Water Development and related agencies bill, lawmakers added a provision that would exclude DoE labs from the oversight called for in FITARA as well as the Clinger-Cohen Act.
Connolly said agencies are seeking legislative redress of a bill that isn’t even implemented and says lawmakers must resist the temptation to give in and instead let the law have some time to marinate.
OMB Director Shaun Donovan wrote a letter to the Senate Appropriations Committee calling the provision “highly problematic.”
He said the provisions would eliminate the administration’s ability to ensure IT resources were effectively managed and supported Energy’s mission needs.
Both Rung and Powner also said a carve-out for the DoE labs would be a bad idea.
“We are certainly anxious to talk to the agencies if they have concerns and work with them to address their concerns,” Rung said. “It’s our viewpoint that FITARA is a tremendous management tool for the agencies. We are not keen on carving out the DoE labs.”
Powner agreed with Rung, saying the time isn’t right and the FITARA policy provides enough flexibilities for agencies to set up the common baseline in a way that meets needs.
“If you look at what they are intending to do with that, that the CIO at DoE doesn’t have the expertise or Federally-Funded Research and Development Centers should be included or research and development shouldn’t be included. If you step back and look at that, it probably should be included R&D tied to IT should be under the CIO’s authority,” Powner said. “We ought to let this bake awhile and not immediately start carving it out.”
This is the only bill so far with this provision, but Connolly said he wants to ensure other appropriations subcommittees do not follow suit.
With this limited pushback, lawmakers were most interested in how OMB was going to measure its success in implementing FITARA.
Scott said, “To me, it’s faster delivery. It really is speed, efficiency of our spend and it’s projects that are on-time and on-budget, and meeting the mission that they were designed for. They are secure and that we have a modern infrastructure that those things run on. If we do those things, we’d declare this a success.”
Rung added, “I know the hard work begins today. In addition to everything that Tony just articulated, for me success is IT acquisitions comes off the high risk list.”