Thursday, November 19, 2015
Moving Forward with FITARA: Agency CIOs Can Lead Real and Lasting Change

The scenario: A House government oversight subcommittee chairman and ranking member have a strong interest in how agencies are managing technology, in light of a new law that gives agency CIOs more leverage over operations. The subcommittee leaders ask the Government Accountability Office to assess agency performance in key areas, and the subcommittee then takes the assessment and assigns grades that come back with far more Ds and Fs than As and Bs. A hearing is held as an administration approaches its final year in office, an Office of Management and Budget policy official in charge of IT and several CIOs testify about that performance and pledge improvements, and the subcommittee vows to support the improvement efforts. Such events were widely reported recently when Rep. William Hurd (R-Texas) released grades on agencies’ progress in implementing the Federal IT Acquisition Reform Act during a hearing with OMB and key agencies. But the scenario described above applies equally well to the circumstances in September 2000, when then-Rep. Stephen Horn (R-Calif.) issued grades on the state of federal agencies’ computer security following the enactment of the Government Information Security Reform Act during a hearing that was also widely reported. (FCW's coverage of that hearing, in fact, is still available.) The striking similarities between the grades issued by Reps. Horn and Hurd also demonstrate that congressional oversight can be a force to promote constructive change in agencies: In 2000 and 2001, the House subcommittee chaired by Horn worked with GAO, OMB and the CIO Council to prepare improvement efforts that culminated in the enactment of the Federal Information Security Management Act of 2002 and supported early efforts of the newly formed Department of Homeland Security to address cybersecurity as a significant issue affecting the government and the nation. The lessons learned from that effort indicate that when oversight centers on helping agencies improve and make progress, grades can be a useful tool to focus attention. In 2015, the House subcommittee chaired by Hurd is working with GAO, OMB and the CIO Council to build a strong foundation for future success in achieving the key goals of FITARA. Although it is unlikely that a successor statute is in the works, the actions that OMB and CIO Council leaders are taking demonstrate that strong IT management at agencies has the potential to result in improvements over time. As Federal CIO Tony Scott noted in the Nov. 4 hearing, "FITARA presents a historic opportunity to reform the management of information technology across the federal government." OMB and the CIO Council have devoted considerable effort to implementing FITARA in a manner that will lead to long-term improvements in IT management. In a May blog post, I noted that OMB developed the FITARA guidance in an open and transparent process with agency and industry stakeholders, and focused on mission enablement through IT governance as key drivers for effectiveness. The final FITARA guidance that OMB issued in June set in motion a strong collaborative process in which CIOs are working with their chief financial officers, chief acquisition officers, chief human capital officers and program counterparts with support from the President's Management Council and senior agency leadership. In addition, the private sector has stepped forward to help agencies with shared and successful implementation pathways. ACT-IAC -- the government/industry association for which I served as industry chair last year -- has worked with OMB and the Obama administration on a FITARA implementation initiative over the past several months, led by Nuclear Regulatory Commission CIO Darren Ash and former DHS CIO Richard Spires. The ACT-IAC effort, which received praise from Scott during the hearing, is premised on a maturity model to help CIOs and other agency leaders increase the likelihood of successful IT management by raising performance in key areas, including governance, budget, acquisition, workforce and program management. Moreover, advancements in digital and mobile technologies, cloud computing and analytics -- as well as the advent of cognitive approaches that enable people to leverage global stores of unstructured data to improve decision-making -- can enable agencies to work with the private sector under a strong governance framework in which federal CIOs lead key stakeholders in using IT to support agency missions. FITARA, along with the OMB guidance and efforts like those of ACT-IAC, sets a framework through which CIOs can adapt industry best practices in managing commercial technology effectively. Moving forward, industry and the government can continue working together to generate positive outcomes for agencies as they implement FITARA. Grading schema like that used by the subcommittee can help agencies prioritize areas for improvement. OMB, GAO and Congress can continue to work together on consistent oversight that promotes strong, substantive progress by agencies. And agencies can leverage commercial innovation to help achieve positive outcomes. The report card grades represent a baseline level of performance as agencies begin implementing FITARA and OMB's guidance. Ultimately, future congressional oversight hearings will be more likely to focus on a larger number of agencies achieving ever higher grades.