The Federal Information Technology Acquisition Reform Act calls for a semiannual rating of agencies’ IT modernization status. The report card covers several areas, including data center optimization, portfolio review, CIO authority and the use of working capital funds.
In his role as director of IT management issues at the Government Accountability Office, Dave Powner outlined the results for Congress and the public, detailing where agencies still need to improve. As he enters the private sector after 16 years with the GAO, Powner reflects on the scorecard’s value with FedTech.
MORE FROM FEDTECH: Find out how agencies can best comply with FITARA in 2018!
FEDTECH: Why was FITARA necessary in the first place?
POWNER: The main reason was to elevate the role of the CIO. Often, CIOs have the responsibility without the appropriate authority to carry it out. What happens when there is a big failure or a security breach? Who gets called in front of Congress? The head of the agency and the CIO, and that’s potentially who ends up getting let go. But do they have the authority to secure and oversee everything? Not always.
FEDTECH: Who was in charge if the CIO wasn’t?
POWNER: The business side would be responsible for the IT. There are many examples like that, too many. What you want to do is put the security and the technology under the CIO, and let the CIO effectively manage those things. We would be better off as a government if we had that — you’d get the right governance over the technology. Probably the worst-case example was the Coast Guard’s electronic health record failure, where the CIO was not part of the governance team. You really want IT people associated with the technology and security.
FEDTECH: As agencies began improvement, what avenues did they take?
POWNER: One of the key changes was incremental development. The problem in the federal government has been these big waterfall approaches. We work on a project, and it’s two or three years before we deliver functioning software. If we have a software development project, we should strive to deliver something in six months. When we did the first scorecard in November 2015, about 58 percent of the projects across the government were planning to deliver in six months. Now, that’s up to about 87 percent. That’s real progress.
FEDTECH: How much infrastructure needed to change in order to comply?
POWNER: The big thing is really the movement to cloud computing — we bought infrastructure, or we bought Software as a Service, that type of thing. The other good thing that has occurred is the focus on buying and not building. Historically, the government built, built, built. Veterans Affairs built their own electronic health records 35 years ago; now it’s a monster to maintain, so they’ve gone with a commercial product. The government’s in a transition phase right now, and that is movement in the right direction.
FEDTECH: Is it more important for agencies to catch up to existing requirements or to look ahead to meet possible future requirements?
POWNER: That’s an interesting question. Each agency has a different story. Take the IRS, for instance. They have no choice; they’ve got to implement the tax code. In general, it is a mixed bag, and it depends on the mission. However, some of the current requirements could be met more efficiently.
MORE FROM FEDTECH: Find out how agencies can undertake successful data migrations!
FEDTECH: Is there one FITARA requirement that is most important, or is everything equally important?
POWNER: This sounds simple, but the No. 1 thing is that the CIO should report to the top. There might be greater benefits down the road; Dana Deasy at the Defense Department is a great example. He’s someone who had a very successful private sector career and wanted to do something for the country. He saw a challenge and took the job at DOD. Do folks want to take a job at a federal department or agency where they’re buried, or do they want to take a job where they’re reporting to the top person? I think it will really make a big difference going forward.
FEDTECH: What creative ways are agencies coming up with to get things done faster that don’t need additional appropriations or budget approval?
POWNER: There is a lot of money, OK? We spend $100 billion on federal IT. What are we getting in return for the $20 to $25 billion that’s not running operations, old legacy and data centers? Probably not enough, so we need to focus on that. Agencies can plow those savings back into the working capital fund. Some folks can say that’s nibbling around the edges, but nibbling around the edges is better than nothing.
FEDTECH: Should people expect to see scores go in fits and starts, or should there be steady improvement?
POWNER: We should see steady improvement. When there are new areas that are introduced, typically the grades are low. Not to overly simplify the scorecard, but the bottom line is, if you measure something and Congress pays attention and the agencies pay attention, will you see progress? Yes. And if you give someone a D or an F, there seems to be more action than you’d get from a recommendation.
FEDTECH: What’s the biggest accomplishment of having the scorecard in existence?
POWNER:I think, primarily, elevating the role of the CIO is huge. We have plenty of acquisitions that have failed, we have plenty of operations that need to improve, and I think elevating that position and making it a real CIO position at more and more agencies is extremely important.