Watchdog: Department CIOs Are Getting More Authority But Compliance Is Uneven

By law and by policy, federal chief information officers are supposed to have review and approval authority over the IT budgets in their agencies. Many do, but compliance with specific policy guidance has been uneven across government, a recent study by the Government Accountability Office reports.

In an effort to improve outcomes for IT projects and ensure a chain of accountability, Congress passed the Federal Information Technology Acquisition Reform Act, or FITARA, in 2014, giving department-level CIOs greater authority over hiring and budgeting and guaranteeing them a seat at the table as agencies develop strategic plans. These authorities were enshrined though 2015 policy guidance from the Office of Management and Budget and later reinforced through a presidential executive order in May.

Released Tuesday, GAO’s audit analyzed the extent of these authorities at four federal agencies: the departments of Energy, Health and Human Services, Justice and Treasury. GAO picked these four as the bookends of agency compliance—Justice and Treasury had the highest self-assessment scores for compliance with FITARA; Energy and Health and Human Services had the lowest scores.

“For each selected department and component agency, GAO reviewed relevant IT budget policies and procedures, analyzed a sample of major and non-major investment proposals against key OMB requirements, and determined whether selected departments captured government labor costs, among other things,” the report states.

All four agencies and the eight component offices GAO reviewed had policies in place to ensure CIOs were getting enough detail about IT projects to make good budgeting decisions. The agencies also at least partially satisfied GAO researchers when it came to reporting, including the CIO in planning, budgeting and governance boards, and ensuring the CIO approved major IT investments.

But none of the agencies could provide proper documentation showing CIOs were reviewing the entire budget requests to ensure IT costs were properly addressed. Two agencies—Energy and Health and Human Services—also didn’t provide evidence CIOs were reviewing the IT portions of major investments where technology is a component but not the main feature.

Where these agencies failed, in GAO’s assessment, was a lack of defined policies and procedures, which researchers found were not addressed in the agencies’ FITARA implementation plans submitted to OMB.

“Until the departments establish policies and procedures that address all requirements, they risk inconsistently applying requirements that are key to providing their CIOs visibility into resources, input to resource plans and meaningful review and approval of IT budgets,” GAO wrote.

It total, GAO analysts made 43 recommendations: 15 to Energy and its components, 14 to HHS, five for Justice and nine for the Treasury Department.