The Office of Management and Budget (OMB) issued final guidance June 10 detailing what agencies need to do to implement the Federal IT Acquisition Reform Act (FITARA).
The document is barely changed from the draft circulated in April. That’s one thing you need to know – here are six more:
1. Implementing the common baseline
Agencies… start your engines. Testifying at a House Oversight and Government Reform committee hearing on June 11, Federal CIO Tony Scott said the “backbone” of FITARA is to set a common baseline of responsibilities across the board for CIOs.
“We believe that this combination of a Common Baseline coupled with a flexible CIO Assignment Plan allows for agency CIOs to retain oversight and accountability while minimizing the chance for bottlenecks,” Scott said.
To implement the common baseline agencies must now:
- Complete a self-assessment and implementation plan identifying any gaps between existing policies and the required baseline
- Submit the self-assessment and implementation plan to OMB for review
- Support ongoing oversight of the implementation plan and common baseline
- Conduct an annual review, updating the self-assessment
2. Who’s affected?
The guidance encourages all Executive Branch agencies to apply FITARA principles to their operations. But not all are required to comply. FITARA demands compliance from “CFO Act agencies and their divisions and offices.”
These include: The Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Interior, Justice, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Environment Protection Agency; General Services Administration; National Aeronautics and Space Administration; National Science Foundation; Office of Personnel Management; Small Business Administration; Social Security Administration; U.S. Agency for International Development; and the U.S. Nuclear Regulatory Commission.
Some portions of the law will not apply to DoD, the Intelligence Community, and “portions of other agencies that operate systems related to national security.” These agencies must “clarify the applicability of this guidance throughout their organizations and activities, including alternative requirements or exceptions” with OMB by Aug. 10.
3. Deadlines loom
Aug. 15, 2015: Agency self-assessments and implementation plans are due to OMB. Within 30 days of OMB’s approval, plans must be published on a public facing website. Agencies are “encouraged,” but not required to publish their self-assessments.
Dec. 31, 2015: Agencies must implement the common baseline.
April 30, 2016: First self-assessment and review must be completed. Reviews are annual thereafter.
4. Empowering CIOs
FITARA is the first major IT reform law since the Clinger-Cohen Act, which Congress approved in 1996.
“It is clear that the Clinger-Cohen Act, while establishing a solid statutory framework, unfortunately fell short of achieving its potential,” said Rep. Gerry Connolly. “We have to make sure the FITARA implementation is not Clinger-Cohen 2.0. Congress must and will diligently monitor its implementation and won’t accept unnecessary delays, improper half measures and the stubborn preservation of the status quo.”
Maria Roat, Chief Technology Officer at the Department of Transportation, told us FITARA should help standardize language so everyone is on the same page.
“It should make CIOs a part of the governance structure,” Roat said. “IT and business are inseparable now. FITARA will help bring them together in partnership.”
5. Authority and Accountability
Richard Spires, former CIO of the Department of Homeland Security and Internal Revenue Service, believes FITARA can only work if CIOs are given authority and accountability.
“It is not that the CIO has the last say regarding a major program decision, but rather that that governance process is working effectively to ensure major decisions are made with all appropriate stakeholder input,” Spires said in prepared testimony submitted to the House Oversight and Government Reform information technology and government operations subcommittees. “They’re used to a certain level of autonomy. So you’ll have major programs that have a lot of IT, but the mission people don’t view them as quote, IT programs.”
In addition to CIO authority changes, implementation covers risk management in IT investments, portfolio review, training of IT acquisitions specialists, software licensing, strategic sourcing, and the Federal Data Consolidation Initiative, according to FCW’s Adam Mazmanian.
6. Enforcing the Law
David Powner, director of IT management issues at the Government Accountability Office (GAO), said it will take congressional oversight to ensure FITARA remains on course. Of the $80 billion the Federal government allocates to IT, too much is going toward maintaining legacy systems, Powner said.
“We spend nearly 75 percent of the IT dollars on operational or legacy systems, leaving far too little to modernize the Federal government. So, we need to find ways to shift these dollars towards acquiring new technologies to further mission performance,” Powner said in his opening statement.
Scott said OMB will use the PortfolioStat process to hold agencies accountable in meeting the requirements under FITARA.
If you haven’t seen the guidelines, you can find them here.
Did Congress miss anything in the legislation? Did OMB get the guidance right? Tell us your thoughts and concerns.