Four Federal agencies wishing to discuss their overall grades on the Federal Information Technology Acquisition Reform Act scorecard called the Government Accountability Office the morning of June 13, just hours after the scorecard was released.
The calls came from offices of the chief information officer, a position that FITARA places squarely under the microscope. According to David Powner, director of IT Management Issues for the U.S. Government Accountability Office, this immediate interest in scores is a positive sign.
“It’s a good sign because people are paying attention to oversight on Capitol Hill,” Powner said in an exclusive conversation with MeriTalk.
Congress monitors how well 24 agencies enact FITARA mandates through the biannual scorecard, which measures agency performance across four categories, including Incremental Development, Risk Assessment Transparency, IT Portfolio Review Savings, and Data Center Consolidation. Agencies are also given a letter reflecting their overall grade.
The United States Agency for International Development received an A on the scorecard, becoming the first agency to ever do so. USAID’s path to success started from a humble score. On the previous scorecards, the agency received two Ds and a D-plus, in that order. Rep. Gerry Connolly, D-Va., said USAID’s success came after the agency asked for help from GAO, the department that designed the scorecard.
“They began on a fairly low score. They reached out to GAO to find out how to improve. They listened to advice and they implemented it, and they now have the greatest score,” Connolly said at the House Oversight and Government Reform hearing June 13. “If there’s the political will, if there’s the managerial desire, you’ll have congressional support and you’ll have GAO support.”
USAID is one of four agencies whose overall grades went up on this scorecard. For the most part, agencies declined in performance. Rep. Robin Kelly, D-Ill., pointed out that three times as many agencies showed improvement in their grades on the last scorecard, issued Dec. 6.
The department of Defense received the only overall F grade this time around. President Donald Trump’s budget blueprint proposes a whopping $639 billion for DoD. It is one of only three agencies that would receive increased funding.
DoD spends about 45 percent of its budget—roughly $40 billion—on IT. The agency has made little effort to comply with the act that its fellow agencies are held to. For example, DoD received Fs in three of the major grading categories: Incremental Development, Risk Assessment Transparency, and Data Center Consolidation. It received a D in the fourth of those categories, IT Portfolio Review Savings.
Connolly decried DoD, calling the agency “obstinate.” He described DoD’s mind-set as, “We are exempt from everything. We will police our own.”
Connolly described DoD as have a “recalcitrant style.”
“What’s so disturbing about that is that they’re the big budget,” Connolly said. “All of us agree to insist that they improve their performance. The burden is on them even greater because they have the dollars.”
Members of Congress on both sides of the aisle expressed frustration regarding DoD. Mark Meadows, R-N.C., said that he would not support extra funding for DoD until the agency exhibits better transparency.
“We’re being asked to fund DoD above $600 billion the president has given them,” Meadows said. “Unless they get their heart right on the transparency, there will be no supporting this.”
Powner said that some of the failings at DOD may be attributed to the agency’s sprawling system of checks and balances.
“When you look at the DoD’s IT accountability structures, it’s spread over too many organizations. Other than the CIO shop, IT doesn’t get the right importance and visibility,” Powner said. “You really need to look at their IT spending. I think the CIO-type would really benefit. I think DoD is the last agency in the world that needs to be exempted from FITARA.”
The Department of Health of Human Services, like DOD, also has a history of poor FITARA grades. The agency received a D-minus as an overall grade; it has hovered between D and D-minus since the scorecard’s inception. Beth Killoran, deputy assistant secretary for IT and chief information officer for HHS, has experience with big Federal agencies. She previously served at the departments of the Treasury and Homeland Security.
“When you’re at a large Federated agency, it takes a little bit of time,” Killoran said. “Scores should change within 12-18 months.”
December’s FITARA scorecard included a new column in addition to the four original grading categories. Congress added a column denoting, with a plus or minus mark, whether CIOs reported to their agency’s secretary or deputy secretary. This column appears once more on the newest scorecard. Twelve agencies report to their agency’s secretary or deputy secretary, and 12 do not.
“Half report to the boss, half don’t. It is so mixed,” Powner said. “I think the key is if you have a major cyber breach, who are you going to call for the answer why? It’s going to probably be that deputy secretary.”
Killoran has met with Secretary of HHS Tom Price three times since his appointment. Killoran does not directly report to the CFO or the agency head. Instead, HHS’s reporting structure requires that Killoran work through three people before reaching the secretary. She said that she and her team are developing a restructuring plan to facilitate quicker communication, which will be ready in a number of months.
“Your recommendation should be the CIO reports to agency head or the No. 2. It’s standard practice in industry, and it should be standard practice in government,” said Rep Will Hurd, R-Texas. “This isn’t complicated, so let’s stop making it complicated. Since we are in a period of new implementation, you should report to the person where the buck stops. This isn’t hard. This is ridiculous.”
The CIO reporting checkmark column is flanked by two new categories monitoring Software Licensing and indicating the CIO’s Status as either acting or permanent. All but three agencies—the department of Education, the General Services Administration, and USAID—received an F on their software licensing grade.
The software licensing criterion reflected such bad scores because many CIOs lack the visibility to appraise their licenses, Powner said. He also said that some CIOs, such as Renee Wynn of NASA, have compiled partial inventories to the best of their abilities.
“I think we don’t have complete inventories because CIOs don’t have good visibility into what’s going on,” Powner said.
Nine of the 24 agencies scored under FITARA are being led by acting CIOs. Although Hurd acknowledged that deputy CIOs who are already familiar with the agency usually hold these acting positions, he said that these leaders likely have a more tenuous grasp on executing the bill’s mandates because they do not have the clout of their permanent counterparts.
“They’re not making major decisions, and that’s a problem,” Hurd said.
Powner agreed with Hurd, stating that agency CIOs and the Federal CIO are key to carrying out FITARA’s agenda.
“This lack of permanent leadership will negatively impact the progress we’re making on FITARA,” Powner said.