Watchdog: OPM CIO Isn’t Exercising Enough Authority Over IT Budgets

The Office of Personnel Management has issued guidance giving agency chief information officers more powers, but the department’s own CIO isn’t getting enough authority over critical decisions, according to an inspector general report.

In 2014, Congress passed the Federal Information Technology Acquisition Reform Act, or FITARA, codifying some IT procurement best practices and giving department CIOs significant authority over budgeting, hiring and long-term planning for IT programs.

As with many agencies, however, OPM’s CIO isn’t always included in funding and contracting decisions, the IG found during its first assessment of the agency’s compliance with FITARA, according to a report issued in late April.

Granting CIOs more authority over budgets and strategic plans that include an IT component—a seat at the table—was a central tenet of FITARA. However, among the reforms included in the law, getting CIOs more involved has been one of the biggest challenges.

Analysts at the Government Accountability Office released a study in November showing agency CIOs were getting detailed information about IT program budgets but none of the agencies assessed were able to show documentation proving the CIOs were actually reviewing and signing off on those investments.

The issue is so singular it prompted an executive order in May 2018 strengthening those CIO authorities with the weight of the president’s signature.

OPM’s CIO, Clare Martorana, joined the agency in February, having previously served a tour with the U.S. Digital Service. According to the IG report, her position has not been included in key discussions around “core operating funds involving IT systems for other program offices,” as well as how funds are reprogrammed to pay for some of those programs.

“During our audit, we found OPM’s IT acquisitions are commonly managed by individual program offices and not the OCIO,” the IG wrote. “The decentralized nature of IT throughout OPM is evident in the distribution of IT project and modernization funding to program offices outside of the OCIO. Based on our observations, the OCIO is not routinely included in significant meetings and discussions around the core operating funds involving IT systems for other program offices.”

OPM officials pushed back on the assertion that there are no policies in place but agreed that those policies could be “improved to better meet the spirit and intent of FITARA,” according to the agency’s response.

Further, the IG found the CIO has not been properly approving IT contracts for major investments. Instead, that task has been left to the deputy CIO, with some oversight from the CIO.

OPM management said the change has been made but did not agree with the IG that an official change in policy is needed, as well.

Finally, the IG found information contained within some of the documentation for approval was inaccurate. OPM agreed fully that this is an issue and offered a plan to catch errors and update documentation on an ongoing basis.