The latest Federal Information Technology Acquisition Reform Act scores were recently unveiled, and the Pentagon received an F+ for the third consecutive year, partly because it failed to be transparent about its IT spending. But the Defense Department wasn't the only agency with poor scores. While five agencies' grades went up, eight remained the same and 11 decreased. Nine of those agencies whose score dipped were taken down an entire letter grade because of one particular category.
“One area where we’ve increased pressure is the continued lack of a direct reporting structure from the [chief information officer] to the agency head,” Rep. Will Hurd, R-Texas, said in the May 23 Oversight and Government Reform IT Subcommittee FITARA hearing.
For agencies that haven’t yet adjusted the reporting structure, Hurd directed them to President Donald Trump’s recent executive order enhancing the CIO’s position. And though DOD is exempt from this EO, there’s a strong concern with DOD’s lack of IT leadership in the federal space, and the CIO’s lack of IT budget authority.
According to the president’s budget, the federal government plans to invest more than $96 billion for IT in fiscal year 2018, which is the largest amount ever budgeted. DOD’s IT spending is complicated because of national security and classified systems, but when those areas are added to what DOD reports to the Office of Management and Budget’s public IT dashboard, the Government Accountability Office believes overall IT spending is in the $45 billion range, according to Dave Powner, director of IT management issues at GAO.
That’s nearly half of the federal IT budget, so why does DOD continuously score so low?
Diving into DOD and FITARA
It’s not because of FITARA’s applicability to DOD. According to Powner, of the act’s seven major sections, two fully apply to DOD, one doesn't and four partially do. The key provisions that do apply to DOD are incremental development, dashboard reporting, portfolio reviews and data center optimization.
DOD is making progress with data center consolidation, having closed 225 large data centers and 725 smaller ones. It plans to shutter an additional 1,194 centers, resulting in $400 million in savings, GAO reported.
But the department still failed in this category, because these savings aren’t enough. OMB’s target for DOD savings in this space is $1.8 billion, and DOD “is nowhere near these numbers,” Powner said.
And while DOD historically hasn’t fully participated in the reporting of priority IT initiatives led by OMB because of security (like public reporting on cybersecurity initiatives), Powner said not all of DOD’s lack of reporting falls under this reason.
In fact, the president’s recent EO regarding CIO authority gives DOD a pass, “even though much of that order covers areas that DOD is required to follow under existing law,” Powner said.
In terms of DOD’s D for transparency and risk management via OMB’s IT dashboard, Powner said while there’s less on the dashboard, it’s more accurate risk reporting, and what’s not made public does get reported to GAO.
And what would improve this score is simply more acknowledgement of risk. Aside from national security systems, “a lot of these systems at DOD are heavy on risk, like all IT systems, and the complexity there puts it on another level,” Powner said. Risk awareness can reduce failures and overruns.
So, What’s the New CIO To Do?
On only his 13th day on the job, DOD CIO Dana Deasy testified at the hearing and addressed how he plans to improve FITARA scores. This effort involves upping cloud adoption to improve data center consolidation and savings, providing more risk data for analysis for the IT dashboard, having complete inventory of all software by December and implementing a portfolio process to ensure business IT system investments align with overall DOD strategy. He also noted he does report directly to the defense secretary.
But right now, Deasy is still getting a baseline understanding of why the scores are the way they are.
“I have a fundamental understanding of what needs to be done in these categories, some of them is a case of we actually need to get better transparency inside the department,” Deasy said, meaning a deeper dive into where the problems are within the agency.
And coming from the private sector — having served most recently as global CIO for JPMorgan Chase — Deasy understands the urgency to improve DOD’s IT position. In fact, when preparing for the hearing he asked his team: “Putting aside the scorecard for a second, are these not fundamental things you need to be a great IT organization? You need to understand your software, you should understand what your’re consolidating, how you’re getting transparency.”
To get there, Deasy wants to improve DOD culture to ensure IT initiatives are done for the right reasons, “not just frankly to fill out a scorecard,” he said, hoping this will drive behavior for better outcomes.
And culture is a part of the problem in terms of DOD cooperation, Rep. Gerry Connolly, D-Va., said at the hearing. DOD is the only agency without an unqualified audit and it doesn’t work with the General Services Administration in terms of off-the-shelf procurement policy as it has its own. But considering DOD’s budget, measuring IT performance and proper reporting is so important, Connolly said.
“I worry for the sake of the country what could go wrong if DOD is not managing its IT well,” he said “And that’s really the goal here; it is not to meet some bureaucratic metric. It is to make sure that our national security and our national defense are the best it can be and IT is key to that."
And part of that, the committee discussed, is providing Deasy with more IT budget authority, like the ability to actually stop, rather than just protest, certain IT purchases to make the best IT decisions. Because at times, those who do procurement, request for proposals and implementation don’t work together. And “people making the IT purchasing decisions are not the same people using the IT goods or service,” Hurd said.
Ultimately, there was no question among the committee and those testifying that “we would be in a better position as a nation if DOD led in the federal IT arena,” Powner said.