Getting FITARA right

Although it's been nearly 16 months since President Barack Obama signed the Federal IT Acquisition Reform Act, we still have a lot of work to do to strengthen the management of government's IT.

Considered one of the most significant IT reforms since the Clinger-Cohen Act, FITARA expands oversight of the almost $90 billion in federal IT spending. The law's main objectives are:

• Provide better visibility into IT expenditures.
• Improve risk management in IT investments.
• Engage other senior officials in the oversight of IT investments.
• Give more authority to the federal government's more than 250 CIOs to plan, approve and execute IT acquisitions.

Those are lofty goals that share near-universal support. But are agencies making progress on implementing FITARA? What are some of the challenges of implementation so far? Most important, what should your agency be doing now to seize the opportunity FITARA represents?

Progress toward a common baseline

There has been great progress since FITARA was passed. The Office of Management and Budget led a wide-ranging and transparent process to develop implementation guidance by holding hours and hours of listening sessions with agency leaders, IT visionaries, private-sector IT experts and good-government groups, among others.

The resulting guidance established the Common Baseline -- a framework for agencies to implement the specific authorities FITARA gives agency CIOs. It also outlines the roles and responsibilities of other agency executives who are critical to achieving a more unified oversight of IT investments.

Once the guidance was issued, agencies completed self-assessments to identify gaps in IT management. The deadline for having FITARA implementation plans in place was Dec. 31, 2015; OMB and the General Services Administration evaluated the plans. Federal CIO Tony Scott said he's "pleased with the thought and effort behind the implementation plans," though it is clear that agency CIOs and their colleagues are wrestling with the challenges of implementing FITARA.

An initial review of the self-assessments revealed that most agencies have critical gaps in at least one of the four functions of IT management: budget formulation, budget execution, acquisition, and organization and workforce.

The House Oversight and Government Reform Committee's FITARA implementation scorecard confirmed that assessment when it graded agencies' progress in four categories: data center consolidation, IT portfolio review savings, incremental development and risk assessment transparency. Seventy percent of agencies received a grade of D or F, two agencies received a B, and no agency received an A.

Judging by the scorecard's results, agencies have a long way to go to meet the act's requirements.

Implementation pain points

Despite the progress made so far, realizing FITARA's goals will require more than the simple check-the-box compliance exercises that are all too familiar to many agencies. And because FITARA demands the coordination of stakeholder interests across many management areas -- acquisition, budget and finance, and human resources, among others -- it will take a major change in the stovepiped culture at many agencies, including OMB and GSA.

Therefore, many agencies are wrestling with some of the larger FITARA implementation "pain points," including finding the resources to assemble the data required for the self-assessment, implementing new governance and acquisition requirements across components, and accessing and sharing the necessary tools and background information on FITARA.

Agencies now must provide documentation that wasn't required before while achieving buy-in from agency leaders, acquisition shops and mission owners. Drilling down throughout the organization makes that an even greater challenge.

At least one CIO froze IT acquisitions at his agency until reasonable spending plans and data sharing structures had been established. Although that might seem drastic, it could have been the perfect pause to allow the agency to institute a more comprehensive approach. That might not work at all agencies, however, because of varying cultures, reporting structures and even definitions of what constitutes an IT expenditure.

Understanding that differences exist, FITARA wisely aims to standardize good practices in IT management without locking agencies into a one-size-fits-all approach.

What happens next

Agencies' focus now shifts to determining whether their actions are indeed moving them toward meeting FITARA standards and, more important, whether their changes and new structures are improving the coordination and oversight of IT management. After all, the ultimate goal is to improve an agency's ability to deliver its mission. When FITARA is correctly implemented, agencies will have an enduring set of procedures, policies and practices that define their IT management.

So how do agencies prioritize changes and determine which will make the most meaningful impact? In the initial stages, they would be well served to reflect on some of the questions below, grouped into three key focus areas.

1. Coordinating across the agency
The most widely publicized aspect of FITARA is enhanced authority for the CIO. However, if you dig a little deeper, you'll find no single call for a shift of IT power to the CIO. Instead, the guidance directs agencies to involve all appropriate stakeholders -- CIO, chief acquisition officer, chief financial officer, chief human capital officer, privacy officer, general counsel and business unit leaders -- in agency decision-making processes related to IT governance, budgeting, acquisition and the workforce.

That kind of collaboration makes sense because IT envelops almost every facet of government. But how do agencies bring such a diverse group of stakeholders together, especially when coordination across existing silos is one of the most persistent challenges faced by agency executives? And does your organization have a process and analytical platform in place to catalog and track your organization's IT investments?

The 2016 election and the eventual transition to a new administration are adding to the challenge. Regardless of the election's outcome, the new administration will bring a new set of challenges in implementing FITARA. The legislation was a bipartisan effort and will remain a priority, but how do agencies maintain momentum during changes to the CXOs and other key stakeholders? Will the time spent cultivating relationships and improving communication and awareness among those groups be lost to a change of players?

That is a key risk in the coming year for CIOs and others involved in trying to realize the intent of FITARA. Establishing and documenting strong governance and decision-making processes and instituting performance transformation initiatives down into the career civil service will be essential for sustaining the hard work currently being done to improve IT management.

2. Acquisition
Acquisition strategy plays an extremely important role in effective IT management, yet too often it results in a bottleneck to project execution and delivery. Inefficiencies are compounded in iterative and modular development. FITARA guidance curbs that trend and streamlines agencies' acquisition strategies through two key governmentwide initiatives: category management and strategic sourcing. Both concepts are ultimately designed to reduce wasteful spending and increase the speed and quality of acquisition efforts. But which approach is better? In other words, where should executives focus their time and attention?

The answer depends on the specific agency's overall IT strategy and the frequency and breadth of the IT services it acquires. To add to the complexity, category management and strategic sourcing can be used at the same time in a robust acquisition strategy. Understanding that all agencies stand to enhance the efficiency of IT acquisitions, how do agencies determine the appropriate level of changes to their strategies? How can they engage with those governmentwide initiatives but still collect enough data to make informed decisions?

3. Comprehensive budgeting and planning
The budgeting process is considered a request to Congress and the president to move forward with and fund proposed strategies to meet agency missions and priorities. FITARA guidance requires that the same diligence applied to budget formulation be applied to IT budget planning, execution and reporting of actual activity. That type of information is not only beneficial in managing IT execution but must also be reported to OMB and beyond.

Transparency and visibility are essential when it comes to achieving the efficiencies envisioned under FITARA. But what is the cost to the agency? And how should the level of access to IT budgeting data be tempered during execution?

Those three key areas serve as a good base in moving toward FITARA compliance, but they are certainly not the only considerations. As agencies move up the FITARA maturity ladder, additional IT requirements -- governance, acquisition, budgeting, organization and workforce -- must be integrated into agencies' FITARA structures and processes. When agencies reach those levels, the questions become more focused:

• What systems will be used to provide biannual reports to OMB on the status of implementation plans? How can agencies integrate component- or bureau-level data into those systems if they are not already doing so?
• How has the agency addressed the need for IT resources (government and contractor) in its strategic workforce plan? Are CIOs able to hire the more-generalist IT employees they will need to serve as liaisons to the agency's other management areas? Do they have the data analytics capacity to understand exactly what they need in their workforce in six months, 12 months or 24 months?
• Do formal governance boards with agencywide representation exist, and do they effectively drive agency decision-making and development of IT strategic plans?
• Has the agency determined measurable improvements to iterative and modular development practices? Are acquisition and finance teams integrated into those practices?
• Do agencies have sufficient oversight and control over the acquisition strategy to ensure that efficient sourcing processes are followed?

There are no simple answers to these questions and the many others not listed here that the federal government is grappling with as it navigates the FITARA implementation waters. And there is no standard way to approach answering them across the government.

Each agency will need to develop a customized strategy that incorporates analysis capabilities for IT costs and spending, sustainable governance and reporting structures, collaboration techniques, budget planning and data analytics, and many other capabilities.

If they do it right, agencies will enjoy a more successful FITARA implementation -- one that is stable, responsive and resilient through the upcoming transition to a new administration.