How to Speed Up FITARA Adoption

The government is making slow but steady progress on implementing the Federal Information Technology Acquisition Act, but there are a handful of key policies that could fast track agencies’ IT modernization efforts, according to a congressional watchdog.

The Government Accountability Office on Tuesday detailed eight specific policies that have been proven to help agencies rapidly improve their tech acquisition processes and optimize their sprawling IT infrastructure. The practices, uncovered through interviews and document reviews with nine different agencies, touch on the five FITARA provisions auditors found to have the biggest impact on the federal IT ecosystem.

The agencies included in the review—the Agriculture, Commerce, Health and Human Services, Homeland Security, Justice and Veterans Affairs departments, as well as the Agency for International Development, General Services Administration and NASA—account for nearly 60 percent of the government’s non-defense IT budget in 2019. Each organization had successfully gotten on board with at least one of the five FITARA categories, auditors said in the report.

FITARA designates each agency’s chief information officer as its top tech official, requiring them to approve IT funding, sign off on tech contracts, weigh in on high-level IT hires and ensure their organizations follow federal guidance on tech issues. While most agencies have already granted their CIOs these broad authorities on paper, auditors said the government has largely struggled to put them into practice.

GAO advised agencies put in place policies outlining how the specific authorities granted to their CIO should be carried out. Both the Commerce and Homeland Security departments have created their own internal measures that guarantee CIOs are conducting adequate oversight, which has proven “essential to their ability to implement the … provision in FITARA.”

Both agencies, as well as the Agriculture Department, have also created a risk rating process for each IT investment, enabling them to more adequately adhere to the procurement transparency and risk management requirements set by FITARA.

The legislation mandates agencies frequently review their IT portfolio to improve management and reduce duplication, and four of the departments reviewed by GAO found creating inventories of applications and their uses have helped them meet requirements. By delegating software management to a single group, five agencies have helped ensure they only pay for tech they use.

Data center consolidation remains one of the government’s biggest obstacles to fully implementing FITARA, but auditors highlighted a handful of practices that have helped some agencies shutter their excess facilities. By frequently visiting data centers, embracing cloud technology, incentivizing agency components to shutter data centers and utilizing extra space at existing facilities, departments could speed up their progress, GAO said.

“By implementing the practices relative to the five FITARA provisions GAO selected, covered agencies realized information technology management improvements, such as decommissioning old systems and cost savings,” auditors wrote.

In its review, GAO also found four overarching policies that helped set agencies up for success in every FITARA category: getting buy-in from senior leadership, treating FITARA as if it was an internal IT program, creating metrics for FITARA implementation at each agency component, and putting a single person at each component in charge of leading modernization efforts.