FITARA: Maintaining momentum

By Richard Spires

By Richard Spires

|

The keys to the law's success are identifying and mitigating the risks to its implementation, especially in light of the upcoming presidential transition.

Shutterstock image.

The Federal IT Acquisition Reform Act is the first major legislation that can fundamentally alter how IT is managed since the passage of the Clinger-Cohen Act in 1996. Those of us who care deeply about how effectively and efficiently the federal government operates believe improving IT management is foundational, and we see FITARA as the potential catalyst for driving that improvement.

There is certainly progress to celebrate — from the passage of FITARA itself and the Office of Management and Budget's implementation guidance to the plans agencies have crafted and the poor (but largely accurate) agency grades issued by Congress. All of that is well documented, and many leaders have worked diligently to get us to this point, including a number of agency CIOs; U.S. CIO Tony Scott and his staff; Reps. Gerry Connolly (D-Va.), Darrell Issa (R-Calif.), Will Hurd (R-Texas) and Mark Meadows (R-N.C.); Sens. Jerry Moran (R-Kan.) and Tom Udall (D-N.M.); and the lawmakers' staffs.

Change is difficult for any bureaucracy, and it is fair to say that sustained change is especially difficult in the U.S. federal government, one of the largest bureaucracies in the world. That is certainly the case for an initiative that takes four to five years to yield demonstrable and significant benefits for agency operations. So while I applaud the progress, I am concerned about our government's ability to sustain the leadership required to drive this change, particularly as we enter the last year of the Obama administration.

Therefore, like any good program manager, we should identify our risks and develop plans to address them. Here is my take on the major risks and associated mitigation steps to help ensure FITARA's success.

Risk 1: The government loses momentum on FITARA implementation during the presidential transition. To avoid having good processes wiped out when new leaders arrive, two mitigation steps should be taken. First, lawmakers who have shown leadership on FITARA must keep up the pressure as the new administration takes shape. I have been pleased to hear that Connolly and Hurd plan to do just that, and I hope other congressional leaders will join them.

The second step is to establish as much of the FITARA infrastructure as possible this year. New policies should be drafted and approved that codify the tenets of FITARA at each agency. The governance frameworks, budget review processes, delegation authority and other elements should be established and operational so that new leaders will have little incentive to make changes in IT management but will instead use what is already in place to support their agendas.

Risk 2: FITARA becomes a compliance, check-the-box exercise. Like many laws before it, FITARA's intent is good, but its execution by a bureaucracy over time can build a rigid artifice that shifts to rote compliance. The Federal Information Security Management Act's intent to improve the government's IT security was admirable, but 10 years later, it was a constraining compliance exercise that had little correlation with agencies' overall IT security.

For FITARA, it is imperative that OMB, individual agencies and Congress maintain the view that the law is about improving IT management so that an agency's mission and business can be executed more effectively and efficiently. Implementing, monitoring and measuring the impact of FITARA should be revisited regularly — perhaps every two years — to keep it fresh and appropriate, particularly given the rapid changes in technology and the IT market.

Risk 3: We lose patience with FITARA. It takes four to five years of sustained management effort to make significant positive change in IT at a large federal agency. Although I get excited about such change, I recognize that most people view improvements in IT management disciplines as downright pedestrian. However, the focus on better governance, staff development, enterprise architecture, project and program management, and budget planning are foundational to success in delivering services to government customers.

To maintain that focus and not lose patience, I recommend a scorecard for agencies that is more expansive than what Congress has implemented. It should measure three things at each agency: the maturity of the IT management process, IT performance outcomes that can be benchmarked, and agency mission effectiveness and efficiency outcomes that are affected by IT systems performance.

If implemented well and used to hold agencies accountable, that type of scorecard would keep agencies' focus where it needs to be and show sustained progress over time. For instance, within a year or two, agencies could make significant improvements in process maturity, which would lead to better IT performance outcomes in years three and four and ultimately have a positive impact on agencies' effectiveness and efficiency.

None of the mitigation steps outlined above are particularly difficult, but the key will be sustained commitment on the part of administration and congressional leaders to see FITARA through the next five years.

NEXT STORY: State changes counterterrorism unit to include online focus

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.