Jun 20 2019

How 9 Agencies Implemented Key Portions of FITARA

A GAO report outlines the ways in which agencies that have satisfactorily met one or more FITARA provisions made the grades.

Strong support from management and collaboration among a department’s component agencies are important factors in achieving success on the Federal Information Technology Acquisition Reform Act scorecard, according to a report by the Government Accountability Office.

FITARA requires agencies to, among other things, keep track of their hardware and software inventories, develop a comprehensive software licensing policy and detail the cost savings or avoidance this creates. 

The GAO took a look at nine agencies — the Department of Agriculture, the Department of Commerce, the Department of Health and Human Services, the Department of Homeland Security, the Justice Department, and the Department of Veterans Affairs, plus the U.S. Agency for International Development, NASA and the General Services Administration. 

These nine agencies account for about $27 billion (or about 59 percent) of the $45.8 billion in estimated nondefense IT spending for fiscal year 2019, according to the report, which was based on an audit of performance between January 2018 and April 2019. 

The first FITARA scorecard was released in November 2015, and has been released twice a year ever since. The next one is expected by the end of June.

MORE FROM FEDTECH: Learn more ways an agency can boost its FITARA score.

Five Practices That Lead to FITARA Improvement

The GAO focused on the five FITARA provisions (out of seven total) it felt were crucial to creating improvement in IT management and/or cost savings: enhancement of the CIO’s authority; greater transparency and improved risk management; regular portfolio review; data center consolidation; and software purchasing. 

According to the report, FITARA leaders at the agencies identified 12 practices that are “vital” to implementing its provisions, including four overarching practices

  • Treating FITARA implementation as an IT program that requires regular updates for stakeholders
  • Establishing FITARA performance measures for the agencies that make up the larger department, and sharing that information
  • Making a specific executive accountable for FITARA implementation in each component agency
  • Getting support from senior leadership

Past failed IT investments cost the federal government billions of dollars, notes the GAO report, because they lacked “disciplined and effective management.”

“By applying the overarching practices … agencies were better positioned to implement FITARA,” the report says. “In addition, by implementing the practices relative to the five FITARA provisions GAO selected … agencies realized information technology management improvements such as decommissioning old systems and cost savings.” 

Agencies Developed Processes That Led to Better FITARA Scores

The Department of Commerce and the USDA treated FITARA like an IT implementation project, assigning staff to manage the work and making implementation progress a regular part of the agenda when meeting with senior officials.

At the Commerce Department, “the importance of FITARA has been regularly discussed throughout the agency in biweekly meetings within the Office of the Secretary,” the report says. “These meetings led to an increased sense of cooperation between different disciplines … and reduced the impression that FITARA was solely focused on the department-level CIO office.”

The USDA created the position of executive director for FITARA operations, giving that post the responsibility of establishing ways to bring the agency into compliance with FITARA requirements. 

This has helped the USDA develop key processes and documentation to guide implementation, including a document that specifies the methods for closing data centers. The agency has closed 2,196 of its 2,202 nontiered data centers and eight of its 16 tiered centers, well past its closure goal of 1,318 and six, respectively, according to the federal IT Dashboard. 

While FITARA emphasizes the need for commitment from senior-level management, buy-in from the lower levels is important as well, especially since most Cabinet-level departments are made up of numerous smaller operating divisions, offices and agencies. HHS, for example, has 11 operating divisions, including the Food and Drug Administration and the Centers for Disease Control and Prevention.

HHS created internal FITARA performance measures for its component agencies that mirrored the scorecard for all of HHS. This “resulted in greater transparency between the department-level CIO and component agency CIOs,” according to the report. HHS’ FITARA grade rose from a D in November 2015 to a B+ in December 2018.

Agencies Find Their Best Practices Pay Off in Higher Grades

The report outlines other best practices that supplement the four overarching ones, including:

  • CIO authority enhancements: GAO cites the Department of Commerce and DHS in this category; DHS created a checklist so that its CIO could make sure each step in a process was being achieved correctly.
  • Enhanced transparency and improved risk management: The Commerce Department, DHS and USDA got a mention for this FITARA provision. For example, USDA changed its risk rating process to include an evaluation of risk management.
  • Portfolio review: Four agencies — the GSA, DOJ, DHS, and USAID — said that performing application rationalization activities was critical in implementing FITARA’s portfolio review provision. At USAID, a structured plan to retire old systems led to the decommissioning of 78 old systems, saving almost $10 million since 2016. 

These and other efforts detailed in the report may be starting to pay off. In the most recent FITARA scorecard, released in December, 11 agencies improved their overall grades and the other 13 maintained their scores from the previous report in May 2018.

This comes even as more elements, including software license management, CIO reporting structure and cybersecurity solutions, have been added to the FITARA scorecard.

D3Damon/Getty Images