recommended reading

Lawmakers Blast DOD's Failing FITARA Score

Frontpage/Shutterstock.com

Released Tuesday, the fourth batch of agency report cards documenting Federal Information Technology Acquisition Reform Act implementation left much to be desired, with agencies for the first time scoring worse than previous iterations.

The Defense Department scored the worst with an F+, the only outright failing grade among CFO Act agencies. The score was in large part because DOD apparently removed some $15 billion in IT investments from the IT Dashboard.

The move irked Rep. Mark Meadows, R-N.C., who used his platform on the House Oversight and Government Reform’s IT subcommittee to blast the Pentagon’s lack of transparency. DOD spends roughly $40 billion on IT annually and seeks an additional $54 billion in overall funding in the fiscal 2017 budget request.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“We’re being asked to fund DOD more,” Meadows said, addressing Government Accountability Office's Director of IT Management Issues Dave Powner, who testified Tuesday. “Take the message back to them that unless they get their heart right on this, there will not be support for increasing that budget. With DOD, it will require Republican votes to increase it, and I, for one, unless they get their hearts right on transparency, will not be very supportive.”

Powner explained that in the previous six months, DOD reclassified approximately $15 billion of its IT investments, moving them under the national security umbrella. National security spending isn’t tabulated on the IT Dashboard, so the public would lose sight of how risky those investments actually are.

Democrats, too, weren’t happy with DOD’s lack of transparency.

Calling DOD “recalcitrant” and its management style “arrogant,” Rep. Gerry Connolly, D-Va., sarcastically outlined DOD’s apparent line of thinking.

“Don’t bother us with these troublesome requirements, we are exempt from everything, police ourselves and set our own goals and objectives,” Connolly said, before becoming serious once again.

“The fact that they fall short of everyone else’s is immaterial,” Connolly said. “It’s sad that they’re the big budget. We are disappointed with DOD’s performance and all of us agree, the burden on them is greater. They have the biggest budget of anyone, and it’s about to get bigger. It’s incumbent on DOD get right with the law, and we’re going to help them along on a bipartisan basis.”

Connolly added the FITARA scorecard is a “terribly important tool,” and pointed to the success the U.S. Agency for International Development as proof that it works. USAID moved from a D+ to an A+ over the past six months, and now is the top-scoring agency in government.

“Some agencies say [FITARA] is too complicated, but USAID has proved that’s not true,” Connolly said. “If there is a political will and managerial desire to self-improve, you’ll have congressional support, GAO support and you’ll have a nice brand.”

Scores Could Continue Plunge

While this batch of FITARA scores was indeed lower than those tabulated in December 2016, Powner warned the next report card could be worse six months from now. That’s because one new metric—software licensing adhering to the MEGABYTE Act—didn’t factor into the final agency grades this time around. All but three agencies scored an F, with many unable to report how many software licenses they actually have.

Beth Killoran, deputy assistant secretary for IT and chief information officer at the Health and Human Services Department, told the subcommittee her agency was still at least six months away from determining the number of software licenses they possess.

Had software licensing been included in this iteration of grades, three agencies would have moved up and 12 would have moved down.

However, subcommittee Chairman Will Hurd, R-Texas, confirmed to Nextgov after the hearing that software licensing will be officially included in future grades.

“There is absolutely no excuse for agencies not to have an accurate inventory of software licenses they have; this is basic IT management,” Hurd said.

Hurd added Congress will continue to press agencies on increasing CIO authorities. He cited HHS' IT reporting structure—a chief information officer four positions removed in the chain of command from the secretary—as how not to do IT governance.

CIOs, he said, “should report to the agency head or the true No. 2,” Hurd said, noting they’re the people Congress hauls in to testify when issues like the Office of Personnel Management data breach occur. In addition, CIOs ought to be helping agency heads understand the “importance of cyber and how IT networks drive mission and business outcomes.”

“This is standard industry practice,” Hurd said. “This isn’t complicated, so let’s stop making it complicated.”

Hurd’s position was affirmed by Rick Holgate, research director at Gartner and former CIO at the Bureau of Alcohol, Tobacco and Firearms.

“FITARA is certainly important, but CIOs can only do so much on their own,” Holgate said. “CIOs ought to be included in strategic planning, and must be given the opportunity to shape and influence how IT enables strategy early on.”

Rep. Robin Kelly, D-Ill., suggested the new administration’s mandates to reduce the size of the federal workforce could be related to the fall in FITARA scores. She added one of the keys to modernizing IT—aside from the pending Modernizing Government Technology Act legislation—will be hiring more qualified IT professionals.

HHS again served as an important example. Of 3,000 IT-related positions within the agency, it currently has 1,400 openings, many of which do not even have job descriptions yet. Of those unfilled positions, Killoran said, 25 are “critical.”

The lack of qualified talent perhaps mirrors the IT leadership landscape across the largest civilian agencies. Right now, eight of the 24 CFO Act agencies lack permanent CIOs but have officials serving in acting capacity.

The FITARA scorecard now includes those vacancies as one of its key metrics.

“The scorecard highlighting these vacancies will hopefully draw attention to this issue,” Powner said.

Threatwatch Alert

Stolen credentials

'Sustained' Attack Disrupts U.K. Parliament Email System

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov