Over the past five years, there have been notable improvements in federal government agencies’ management of their information technology and use of IT as a strategic resource to improve agencies’ operational performance. The Federal IT Acquisition Reform Act (FITARA), and in particular the FITARA Scorecard, have forced agencies to address critical issues related to how they manage their IT. Further, the President’s Management Agenda (PMA) under the Trump administration focused a number of its key goals on IT, particularly IT modernization and the use of data as a strategic agency asset.
Yet even with this progress in federal IT, much work remains to reach a state of “best practice.” With unlimited funds to invest in IT, the federal government would still struggle. Most agency IT organizations do not have the management maturity and skills to effectively deliver large-scale IT modernization. In 2015, the Government Accountability Office placed the whole federal government on its High-Risk List for “Improving the Management of IT Acquisitions and Operations.” GAO’s latest report on its High-Risk List states that while GAO gives OMB credit for demonstrating leadership commitment, the government has only partially met requirements to address weaknesses. For instance, GAO had recommended that 12 agencies identify and plan to modernize or replace legacy systems. As of December 2018, only 3 of those 12 agencies had made progress in planning to modernize their legacy systems.
Now is an opportune time for the Biden administration to make bold changes that can hasten agencies’ maturity in managing and leveraging IT. And the Biden administration has signaled the importance of IT and IT modernization with its desire to increase the Technology Modernization Fund (TMF) by billions of dollars. Yet, agencies often do not maximize the benefit investment funds offer. It comes down to an agency having the right plans in place, together with the internal capability to effectively manage and deliver IT projects and programs.
Here are the first three of six recommendations that can help the Biden administration improve the implementation and management of IT throughout the federal government.
Insight by DUO Security: State Department, NASA, OMB and Defense Manpower Data Center explore the future of identity, credential and access management in this free webinar.
- Developing comprehensive, yet realistic, agency IT modernization plans – As is stated by GAO in its latest High Risk report, many agencies are not focused on the proper enterprise planning for IT modernization. As such, agencies conduct piecemeal modernization, which while of some value, continues to proliferate stovepipes, does not address the retirement of legacy systems, adds complexity, and makes the management of an agency’s IT environment even more difficult. The Office of the Federal CIO should work with agencies to ensure they develop comprehensive IT modernization plans that are realistic given budget and talent constraints in agencies. Being realistic may mean that an agency has a modernization plan that could take between 5-and-10 years to execute, but that is still much preferred over piecemeal plans that will never result in true enterprise modernization. And while IT modernization can result in lower operating costs and a better cybersecurity posture, IT programs and projects must show how they will support the meeting of agency mission goals and objectives. That is the only way to garner agency leadership support for sustained IT modernization.
As an example, when I served as the CIO of IRS, we worked to develop a usable enterprise architecture, with emphasis on both having a comprehensive target business architecture (how the business processes should evolve) supported by a target technical architecture (the detailed plans on modernizing the IRS’s IT systems). Perhaps most important, we established a governance structure with oversight boards consisting of business and technology executives as members. And we did this across all the tax administration functions. Using this structure, we had the plans for evolving the business and the technology, along with the right business and technology executives involved to make informed decisions and adjust plans during execution. Together with maturing the agency’s IT program management capabilities, this approach ultimately led to the IRS’s removal from the GAO High-Risk list for its modernization efforts.
- Improving agencies’ ability to manage IT programs and projects – New capabilities delivered through IT modernization only happen with the successful delivery of IT programs and projects. And while there is a lot of focus on program and project management, the GAO continues to keep the whole federal government on its High Risk list for “Improving the Management of IT Acquisitions and Operations.” Agencies need to work to mature their program and project management capabilities, with particular focus on the following:
- Demonstrated agency use of appropriate program and project management disciplines. This includes traditional disciplines, including schedule, configuration, and risk management. But also included are more recently developed techniques, such as DevSecOps and Scaled Agile.
- Professional development approaches to develop staff to fill critical roles in a program management office (PMO).
- A comprehensive approach to stakeholder engagement and program governance, creating a partnership between the agency mission and business executives and the IT organization.
- Development and use of a systems development life-cycle (SDLC) readily tailorable for all types of IT programs.
- Commitment to incremental delivery and demonstrated use of agile and DevSecOps techniques in programs, as appropriate.
- Accurate and timely program status reporting.
The Office of the Federal CIO should work with agencies to ensure they are taking steps to mature these capabilities. How? As a start, agencies should report regularly and in detail to OMB on their top three IT programs, not only on program status but also on what they are doing and what evidence shows they are maturing the process disciplines listed above. When I was at the IRS, we took this approach, focusing first on the projects formally part of the IRS’s modernization program. But once we had confidence in the maturity of our program and project processes supporting our largest program, we worked to leverage those processes to all IT programs and projects in the agency. The same approach can work for other agencies.
- Addressing procurement timeliness and the use of strategic sourcing and category management – One of the biggest frustrations I had as an agency CIO was the lead time necessary to get a procurement completed to deliver new capabilities for our customers. It is an essential element of improving agencies’ ability to manage IT programs and projects. The Office of Federal Procurement Policy, partnering in particular with the General Services Administration, has made significant advancements in addressing procurement effectiveness, mainly through strategic sourcing and category management approaches. OMB has stated that the federal government has saved $27.3 billion over the past three years due to its category management initiative. The Biden administration should extend that good work, partnering with OFPP, GSA, and other agencies to continue to advance the use of these vehicles and concepts for all IT purchasing. In particular, there should be an even greater focus on agencies using specified best-in-class (BIC) contract vehicles. With the acceleration of advances in IT technologies and services, we need to reduce the time to complete procurements while simultaneously working to ensure agencies get the best value in their IT purchasing.
Part II of this column will describe the three additional recommendations, covering improving agencies’ cybersecurity posture, addressing the IT talent gap, and improving alignment across the administration and with Congress.
Unified, committed leadership is the key to improving agencies’ ability to manage and leverage IT to improve operational performance. Certainly, we need capable agency CIOs, but just as important is the commitment from the Biden administration, at the most senior levels of OMB and across agency leadership, to champion these recommendations. If you want IT to be a true strategic asset to help agencies improve their performance, there are no shortcuts. The new administration has to take on the hard work of maturing IT management at the agency level, with the support of agency leadership.
Richard A. Spires is currently an independent consultant. Previously, he served as the CIO of the IRS and as the CIO of the Department of Homeland Security (DHS). While at DHS, he served as the vice-chairman of the Federal CIO Council.