The key here, from my perspective, is that the CIO or his specific representative must get involved at that lowest level when decisions are being made. It isn’t acceptable for the CIO to have a review gate after the bureau or OpDiv has sent up a budget. The reason I don’t want that is because that budget is at least partially baked. We don’t want to have the CIO spending precious political capital fixing the stupid decisions made by the bureau. If we say cloud is a priority, then someone at the lower level, for example, in NIH, needs to ask, “is this moving to the cloud?” If the answer is, “No” then the investment moves to the “No” stack. The responsibility needs to be on them to justify funding an investment that doesn’t adhere to the priorities. Make them spend the capital.
But perhaps an interdiction into budget formulation isn’t completely effective. The second bite at that apple is in acquisition review. This is before the solicitation is issued in FedBizOpps. That is really important. This is why making friends with the SPE is so important. If your agency tries to put you in a corner and get you to sign off after the solicitation has been issued, you need to fix that process. CIOs will only look like A-holes who are holding up a procurement if their review is post solicitation. Presolicitation is really important on this.
The agency that does this the best is USDA. Section 6.2 in their FITARA Implementation Plan5 is the model that other agencies should aim for. If you want to award a contract for more than $25,000 and it has IT, then you need to send an Acquisition Approval Request (AAR). This is a “get out of jail free” card for all contracting officers. If a contracting officer awards a contract that contains IT and they don’t have a signed AAR, then that is bad for them. But this is where it is important to EASE into implementing the policies. You can’t just not approve every AAR that doesn’t get to the cloud. That isn’t reasonable, we still gotta meet the mission. But you can conditionally approve things. For example, “This AAR is approved provided that:
- “No more than one year from now you have performed and submitted a cost-benefit analysis considering the merits of migrating this system to a cloud capability.
- “The bureau has developed a priority order for migrating applications to cloud capabilities.
- “You are operating applications in a data center that is at least 75 percent virtualized…”
My point here is that the CIO can’t be seen as just being obstinate. Placing conditions on the approval send a clear message and puts a marker down for next year. A good CIO will check back on these issues in six months to ensure that the bureau is making progress and that they aren’t calling the CIO’s bluff. If that check-in doesn’t go well, then you need to circle back with the SPE, CFO and maybe the Dep. Sec./Secretary to reaffirm the resolve in achieving the goal and holding a hard line with the bureau.
But perhaps trying to work in budget formulation and also in acquisition review doesn’t yield the benefits that you hoped for. Don’t fret yet. There is still one more card to play. You need to make sure that the bureau CIOs get a new critical element added to their Performance Plans. This new element needs to say something like, “Works hard to integrate bureau IT capabilities with departmental IT capabilities and deliver performance consistent with strategic IT goals 1, 2, 3, 4, and 5.” You are going to need to work with the CHCO to get that language inserted and you both will likely need to work with whoever claims to be the COO (Deputy Administrator for Management) for each of the bureaus. You also need to work out an agreement that you will be providing input about the performance of the bureau CIO to that bureau COO.
With that language in the performance plans and you on the hook to provide feedback for both the midyear review and annual performance review, if you haven’t been successful with getting the right behavior through budget formulation and/or acquisition review, this is where you will get their attention. I look at it like this, that bureau CIO isn’t playing ball with you already. Don’t sugar coat it now, screw him or her. I would provide very specific feedback concerning instances in which the bureau CIO has failed to perform in a manner consistent with the element despite having clear opportunities. This hook is a very strong one that will change behavior (or you’ll get fired because you misjudged the level to which you have the backing of the leadership). Either way, there will be a change.
