The tech-savvy edge of Congress is helping the largest Federal agencies improve their IT operations, and the latest FITARA Scorecard proves it.
That was the message from two senior House members that wield considerable influence on Federal IT issues, along with major agency CIOs who testified Dec. 11 that the House Oversight and Reform Committee’s twice-yearly scorecard on agency IT progress keeps them focused on constant improvement.
Of the 24 agencies that were graded by the committee, nine showed improvement since June – including three “A” grades – 11 stayed the same and four declined. See the full list here with analytics that track relative and historic progress.
The View from Congress
“The bottom line is that the FITARA scorecard works and continues to hold agencies accountable for implementing the best IT practices,” said Rep. Gerry Connolly, D-Va., chairman of the Government Operations Subcommittee, at the panel’s hearing to discuss the ninth edition of the scorecard.
“In November 2015, the average FITARA grade was a ‘D’ across all Federal agencies . . . the average agency grade today is trending up – it’s now above a ‘C’, a full grade improvement,” Rep. Connolly said.
“Across the government, agencies have improved Federal technology acquisition practices and management practices,” he said. “In fact, the FITARA Scorecard’s success has led the subcommittee to incorporate other aspects of Federal IT into the grades.”
The scorecard is also making its way into the all-important appropriations process, said Rep. Mark Meadows, R-N.C., ranking member of the subcommittee. “We pay very close attention to this. It’s now actually starting to indirectly become part of the appropriations process – we’re looking at it and we want to make it a more formal part of that where we reward you for doing a good job,” he said.
Federal agency CIOs echoed Rep. Connolly’s sentiments on the scorecard’s effectiveness. Elizabeth Cappello, acting CIO at DHS, testified that the FITARA scorecard acts as a “yardstick” for the department, while Renee Wynn, CIO at NASA, highlighted the role of the scorecard and congressional intervention in keeping her directly reporting to the agency head.
Why the Grades Matter
Most broadly, the FITARA Scorecard serves as a unique and frequent pulse-check for specific areas of improvement – or lack thereof – in major Federal agency IT. It’s possible to gain limited insight from other publicly available sources of progress – such as GAO and inspector general reports – but the House Oversight Committee’s scorecard offers a progress report on discrete areas of Federal IT implementation that would be scarcely available otherwise.
Most simply put, the scorecard matters because Congress matters, both on IT policy issues but also on the all-important issue of budget funding for Federal agencies. While the House and Senate typically don’t take the lead role on the nitty-gritty of Federal IT policy-making – that’s usually the province of the executive branch and the Federal CIO – they routinely put legislative weight behind emerging tech policy issues that determine the future direction of agency efforts. For example, data privacy, security, artificial intelligence (AI), and quantum technologies all have a persistent presence on the congressional agenda.
And below the 40,000-foot view, the increasing number of tech-savvy members of Congress means that more of them are prepared to get down in the weeds to shape Federal agency IT. The MGT Act that allows agencies to create working capital funds through IT-generated savings is one example, and the now-annual wrangling over funding levels for the Technology Modernization Fund is another.
Inside the Latest Grades
The grading categories for the ninth version of the scorecard include: CIO authority enhancements; transparency and risk management; portfolio review; Data Center Optimization Initiative (DCOI); software licensing; Modernizing Government Technology (MGT) Act; cybersecurity; CIO status (acting or permanent); and whether the CIO reports to the agency head or deputy.
Here’s how the agencies did…
Topping the list of gainers were three agencies with “A” grades – the General Services Administration (GSA), Education Department, and the U.S. Agency for International Development (USAID). Six others popped their grades up, led by a big leap by the Homeland Security Department (DHS), and more modest improvements by the Environmental Protection Agency (EPA), National Aeronautics and Space Administration (NASA), Office of Personnel Management (OPM), Agriculture Department (USDA), and Treasury Department.
A total of 11 agencies earned the same scores as earlier this year, although those vary widely. Highest among them with grades in the “B” range are: Veterans Affairs (VA), Small Business Administration (SBA), National Science Foundation (NSF). The other eight are in the “C” range including some of the larger and more IT-complicated agencies such as Defense Department (DoD), Energy Department (DoE), and Housing and Urban Development (HUD).
Four agencies slid backwards during the grading period. Dropping into the “D” grade category were the State Department and the Nuclear Regulatory Commission (NRC). Declining into the “C” range were the Department of Labor (DoL), and the Social Security Administration (SSA).
How Grades Got Better…
For the agencies that did the best on the scorecard, the main difference between FITARA 8.0 and FITARA 9.0 is the inclusion of Data Center Optimization Initiative (DCOI) scores. All agencies that scored an “A” or a “B” scored well on DCOI, which was not included in June’s version of the scorecard due to concerns over policy updates. With the policy finalized and in place, agencies like the Department of Education and GSA are getting credit for their efforts to close down data centers.
Another common factor lies in the FISMA (Federal Information Security Modernization Act) scores of agencies that did well. FISMA is a tough area for Federal agencies, as only half of CFO Act agencies have a score of “C” or better. However, three out of four agencies with a “B” grade on FITARA have at least a “C” grade on FISMA, and all three agencies with an “A” on FITARA scored at least a “C” on FISMA.
…And How They Fell
When looking at the five agencies that scored a “C-“ grade or lower on the scorecard, one thing ties them together – all of them have CIOs who don’t report to their agency’s leader or deputy leader. The reporting structure of Federal CIOs has been a point of emphasis in previous hearings, and will likely be suggested once again as a relatively simple fix for agencies looking to improve.
The two agencies that received overall “D” grades did not fail in any area of the scorecard, but had gaps across the board. The Nuclear Regulatory Commission (NRC) had backsliding on CIO authority enhancements that took a toll on the agency’s FITARA grade, while the State Department saw drops in its portfolio review and FISMA categories.
Who’s Poised to Improve Next Time
Overall, the three agencies with an “A” on the Scorecard succeeded by not having any weak areas – none of the agencies scored anything lower than a “C” in any category.
Agencies that got a “B” grade on FITARA have a pretty clear path to an “A” – each of them had an area with a “D” grade or lower that could be improved. The homework assignments for the next scorecard are relatively clear-cut:
VA can make the jump to an “A” grade with an IT working capital fund, which would improve its low score on the Modernizing Government Technology (MGT) section;
SBA will need to go through the tough work of improving its cybersecurity posture for the next FISMA assessment, an area where the agency is already making progress;
NSF will need to make improvements on both MGT and its risk management assessment. NSF has been a model with a score of “B+” for four scorecards now, but saw some slippage on risk management this go-around; and
DHS can continue its meteoric rise from a “D-” in June 2019 and reach an “A” grade by improving its risk assessments and giving its next permanent CIO more authority enhancements.
Data Center Closures Remain Concerning
Even with good feelings running high based on Scorecard 9.0 progress, subcommittee leaders remained critical of Office of Management and Budget (OMB) guidance on DCOI due the policy’s revised guidelines on what constitutes a data center, and doubled down on the need for further closures.
“Just one year ago, agencies reported more than 4,700 [data] centers that they plan to continue to operate. In 2019, the number dropped by nearly 50 percent to 2,400 data centers because of a definitional change, not because of closure, and I think that’s of concern to us because it bypasses the whole point,” said Rep. Connolly. “Data center consolidation is what frees up capital. That’s what gives you the cost savings. If you play games with the definition, you miss the benefits.”
Carol Harris, director of IT management issues at GAO, offered similar concerns on DCOI. “Many of these excluded facilities represent what OMB itself has identified as possible security risks. Some are also large facilities that agencies will keep operating, but will no longer report on,” she said. “The changes will likely slow down or even halt important progress agencies should be making to consolidate, optimize and secure their data centers,” she noted.
Rep. Connolly said the subcommittee will work to keep tracking data centers using the prior baseline and not OMB’s guidance, while Harris noted that GAO plans to release a report on the DCOI guidance in the near future.
GAO Pushes for More Progress
Federal agencies and OMB need to continue notching progress on IT acquisitions, operations, and cybersecurity necessary to meeting FITARA requirements, GAO said in a report prepared in conjunction with Scorecard 9.0.
The government watchdog agency said Federal agencies have implemented 61 percent of its IT management-related recommendations since Fiscal Year 2010, and 76 percent of its security-related recommendations.
Looking forward, GAO urged agencies to focus on further improving CIO responsibilities. “Laws such as [FITARA] and related guidance assign 35 key responsibilities to agency CIOs to help address longstanding IT management challenges. In August 2018, GAO reported that none of the 24 selected agencies had established policies that fully addressed the role of their CIO,” the report said. “GAO recommended that OMB and the 24 agencies take actions to improve the effectiveness of CIOs’ implementation of their responsibilities.”
Credit Where It’s Due
Lingering congressional concerns notwithstanding, Federal CIO Suzette Kent rightly hailed the results of Scorecard 9.0 for its rising trend in agency grades, calling it the “the best scorecard ever” with three “A” grades for individual agencies.
“When we started in November of 2015, there were F’s and D’s, and only two B’s,” Kent said. “Agencies are delivering results, and improving in the modernization arena every single day,” she said. “We are very pleased that the FITARA scorecard reflects the great work and progress across agencies … It is thrilling to see more Agencies improve their scores and receive A’s overall,” she said.
The Federal CIO said the scorecard provides Federal agencies with an opportunity to start thinking about the next steps they should be taking to achieve further progress in moving toward digital government and further improving citizen services.
And she spoke to the enduring importance of the scorecard, saying, “I also think that the concept of a scorecard helps us track progress publicly, and that’s one of the things that in the conversations with Congress, I’ve been on the same page,” Kent said.
Beyond pleasing Congress and Federal policy leaders, the FITARA Scorecard also makes a clearly positive impact on the people in charge of getting the work done – the Federal CIOs and their management teams who have notched progress in the most recent grading period.
If you’ve ever wanted to see a room full of very happy IT professionals, mark your calendar for February 6 for MeriTalk’s FITARA Awards event that will recognize Federal IT excellence based on the Scorecard 9.0 results.