[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
THE FEDERAL INFORMATION TECHNOLOGY
REFORM ACT'S (FITARA) ROLE IN REDUCING IT ACQUISITION RISK, PART II:
MEASURING AGENCIES' FITARA IMPLEMENTATION
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON
INFORMATION TECHNOLOGY
AND THE
SUBCOMMITTEE ON
GOVERNMENT OPERATIONS
OF THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
NOVEMBER 4, 2015
__________
Serial No. 114-89
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
_________
U.S. GOVERNMENT PUBLISHING OFFICE
23-470 PDF WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of
TIM WALBERG, Michigan Columbia
JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee JIM COOPER, Tennessee
TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida TED LIEU, California
MICK, MULVANEY, South Carolina BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina MARK DeSAULNIER, California
ROD BLUM, Iowa BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama
Sean McLaughlin, Staff Director
David Rapallo, Minority Staff Director
Troy D. Stock, Subcommittee Staff Director
Julie Dunne, Senior Counsel
Michael Flynn, Counsel
Katy Rother, Senior Counsel
Sharon Casey, Deputy Chief Clerk
Subcommittee on Information Technology
WILL HURD, Texas, Chairman
BLAKE FARENTHOLD, Texas, Vice Chair ROBIN L. KELLY, Illinois, Ranking
MARK WALKER, North Carolina Member
ROD BLUM, Iowa GERALD E. CONNOLLY, Virginia
PAUL A. GOSAR, Arizona TAMMY DUCKWORTH, Illinois
TED LIEU, California
------
Subcommittee on Government Operations
MARK MEADOWS, North Carolina, Chairman
JIM JORDAN, Ohio GERALD E. CONNOLLY, Virginia,
TIM WALBERG, Michigan, Vice Chair Ranking Minority Member
TREY GOWDY, South Carolina CAROLYN B. MALONEY, New York
THOMAS MASSIE, Kentucky ELEANOR HOLMES NORTON, District of
MICK MULVANEY, South Carolina Columbia
KEN BUCK, Colorado WM. LACY CLAY, Missouri
EARL L. ``BUDDY'' CARTER, Georgia STACEY E. PLASKETT, Virgin Islands
GLENN GROTHMAN, Wisconsin STEPHEN F. LYNCH, Massachusetts
C O N T E N T S
----------
Page
Hearing held on November 4, 2015................................. 1
WITNESSES
Mr. Tony Scott, U.S. Chief Information Officer, Office of E-
Government and Infomation Technology, Office of Management and
Budget
Oral Statement............................................... 8
Written Statement............................................ 10
Mr. Sanjeev ``Sonny''Bhagowalia, Chief Information Officer, U.S.
Department of Treasury
Oral Statement............................................... 16
Written Statement............................................ 18
Mr. Richard McKinney, Chief Information Officer, U.S. Department
of Transportation
Oral Statement............................................... 22
Written Statement............................................ 24
Mr. David Shive, Chief Information Officer, U.S. General Services
Administration
Oral Statement............................................... 28
Written Statement............................................ 30
Mr. David A. Powner, Director, IT Management Issues, U.S.
Government Accountability Office
Oral Statement............................................... 35
Written Statement............................................ 37
APPENDIX
Rep. Connolly Statement for the Record........................... 70
Rep. Kelly Statement for the Record.............................. 73
RESPONSE McKinney-DOT Questions for the Record................... 75
THE FEDERAL INFORMATION TECHNOLOGY REFORM ACT'S (FITARA) ROLE IN
REDUCING IT ACQUISITION RISK, PART II: MEASURING AGENCIES' FITARA
IMPLEMENTATION
----------
Wednesday, November 4, 2015
House of Representatives,
Subcommittee on Information Technology, joint with
the Subcommittee on Government Operations,
Committee on Oversight and Government Reform,
Washington, D.C.
The subcommittees met, pursuant to call, at 3:01 p.m., in
Room 2154, Rayburn House Office Building, Hon. Will Hurd
[chairman of the Subcommittee on Information Technology]
presiding.
Present from the Subcommittee on Information Technology:
Representatives Hurd, Blum, Kelly, Duckworth, and Lieu.
Present from the Subcommittee on Government Operations:
Representatives Meadows, Walberg, Massie, Buck, Carter,
Connolly, and Plaskett.
Also Present: Representative Chaffetz.
Mr. Hurd. The Subcommittee on Information Technology and
the Subcommittee on Government Operations will come to order.
Without objection, the chair is authorized to declare a
recess at any time.
Each year, the Federal Government spends $80 billion on IT,
and 80 percent of that spending is on old, outdated legacy
systems. It is not a secret that the IT acquisition and
procurement process in the Federal Government is broken.
In June, we held a hearing examining GAO's designation of
IT acquisition as ``high risk'' and highlighted how FITARA can
reduce IT acquisition risk over time and eliminate wasteful
spending. Federal agencies have now had nearly 1 year since the
law's enactment and 4 months since the issuance of OMB's
guidance to implement this law.
This hearing continues an ongoing effort on the part of
this committee to improve how the Federal Government goes about
buying, maintaining, and ultimately retiring information
technology.
In June, I had stated that, while FITARA is not a panacea
for all IT acquisition problems, it can be a useful tool to
make real progress in reducing the risk of these large
investments. I still strongly believe this today.
This morning, we released a scorecard grading Federal
agencies on four of the seven key metrics of FITARA: data
center consolidation; IT portfolio review savings, or
PortfolioStat; incremental development or CIO authority
enhancements; and risk assessment transparency.
The committee worked in a bipartisan fashion to develop
metrics that fairly assess the progress agencies are making in
these areas and then tasked GAO to gather the data. To be
clear, this is not data that we, ourselves, came up with. The
data that was used to compute these grades is largely self-
reported by agencies to Congress and OMB.
While it is clear from looking at these grades that no
agency gets a gold star and goes to the head of the class, some
agencies--and we have one of them here today--are making
progress. Frankly, though, there is a reason that no agency
received an A: We have work to do.
One area in particular that stands out to me is the Federal
Data Center Consolidation Initiative. The consolidation of
Federal data centers not only has the potential for tremendous
cost savings, upwards of $7.4 billion, according to GAO, but
would have very real impacts on the cybersecurity posture of
Federal agencies.
We, as a Federal Government, simply cannot afford to
continue spending $80 billion or more on legacy systems year
after year after year and expect to keep pace with industry,
provide services to the American people, and keep our data
secure. We cannot afford to be having this same discussion
about IT management and acquisition in another 20 years.
Federal agencies should be put on notice that Congress will
not sit by the wayside and allow the law to be skirted. No
agency will be exempt from this law. But if agency CIOs will
simply implement FITARA--meaning they actually make progress in
consolidating data centers, find savings through the
PortfolioStat process, move away from big-bang acquisitions to
incremental development, and accurately assess risk--we won't
be.
I said this in June, and I want to reiterate it here: I
look forward to working with the leadership and members of the
IT and Government Operations Subcommittees on both sides of the
aisle and with agency CIOs to continue to advance the cause of
good IT governance. We have to get it right this time.
And I would like to yield the balance of my time to the
chairman of the full committee, Jason Chaffetz.
Mr. Chaffetz. Thank you, and I appreciate the time.
I want to thank you, Chairman Hurd, I also want to thank
Chairman Meadows, for paying such close attention to this. It
is done in a very bipartisan way with Ranking Members Connolly
and Kelly. I also appreciate Mr. Cummings and the work he is
done and the approach that we are doing together, because it
truly has been a bipartisan effort and needs to continue that
way.
It is important for Federal agencies to make sure that we
are questioning the results on the scorecard. It is not a
partisan issue. And the committee's grades are based on self-
reported data, which is an important part of understanding
where we are today.
The scorecard that was unveiled this morning is an effort
to make clearer to CIOs, agency leadership, and the American
people that the committee intends to ensure that this law is
implemented correctly and fully. As Chairman Hurd mentioned in
his opening statement, we cannot afford to keep on spending to
the tune of $80 billion a year and perpetuating outdated legacy
technologies.
Since I was elected to Congress, same time that President
Obama was elected to the White House, the Federal Government
has spent more than $525 billion on IT, and it doesn't work. It
doesn't work. Too many vulnerabilities, too many stories of
agencies with old, outdated legacy systems where we are taking
young 20-year-olds and trying to teach them how to do things
that were invented literally in the 1950s.
Again, the examples of COBOL and other types of technology,
while great in mid-1950s, well before many of us were even born
on this dais, we still continue to implement and to use them
within the Federal Government, and that needs to change.
There is a reason that the committee held a hearing on the
GAO's high-risk list, and there is a reason that the IT
acquisition was on it. Information technology is the
infrastructure of our future. It is supposed to make life
better. It is supposed to make life more secure, more simple,
and more swift.
I am getting tired, quite frankly, of asking the Federal
Government for basic documents and hearing that it is going to
take years to produce them when the Microsoft Corporation and
others have figured out a way to access an email within
seconds. Those excuses have come and gone, and technology is
our friend. It is supposed to be here to help us, but it also
needs to be safe and secure.
Ultimately, FITARA is an effort to ensure that agencies are
buying and developing technologies in an efficient way that is
transparent and gives agencies the tools they need to do the
work for the American people.
I look forward to the hearing and the testimony today. We
have good witnesses today.
I appreciate the five of you for being here, what you
provide and your perspectives and all that you are trying to
do, with, I think, the same goals and direction that we all
here are doing.
And I, again, appreciate the bipartisan work and look
forward to the hearing.
I yield back.
Mr. Hurd. I now recognize my friend and the ranking member,
Ms. Kelly--she is the ranking member of the Subcommittee on
Information Technology--for her opening statement.
Ms. Kelly. Thank you, Mr. Chairman.
Today's hearing is the second hearing in a series of
oversight hearings the subcommittee will hold on FITARA
implementation to help ensure agencies achieve the desired
goals of the law and generate opportunities for government
savings and efficiency in the procurement of information
technology.
FITARA includes a number of government-wide reforms for
managing IT acquisitions and portfolios that will help ensure
that the Federal Government is making wise and efficient
investments in IT. This hearing will help us understand the
status of implementation of FITARA and how agencies are doing
on four important initiatives required by FITARA that could
quickly improve the management of IT and save taxpayer dollars.
Agency-wide IT portfolio review and data center
consolidation are two provisions of FITARA that can quickly
help agencies reduce spending, optimize IT resources, and
ensure IT investments align with agencies' mission and business
functions.
This committee plays an important oversight role that can
increase transparency and accountability of agency
implementation efforts. Earlier this year, the committee tasked
the Government Accountability Office with assessing and scoring
agencies' implementation of four initiatives required by
FITARA, including portfolio review and data center
consolidation.
As the chairman said, today we released the FITARA
scorecard results and will discuss the performance of the three
agencies here today. While these three agencies were selected
for this initial scorecard hearing, I hope the subcommittees
will continue to hold hearings with all agencies to measure
their performance and hold them accountable for fully
implementing FITARA provisions.
These hearings and the FITARA scorecard show the
committee's interest and commitment to achieving the goals of
FITARA, as well as present an opportunity for agencies to
demonstrate their efforts to generate savings and efficiencies
in the management of IT resources.
Today's agencies are working with OMB to assess their
current structure for managing IT resources and develop a plan
for implementing the specific authorities that FITARA provides
chief information officers. Agencies are required to notify OMB
of any obstacles to implementation and work with OMB to
overcome those obstacles.
I look forward to hearing from the witnesses on the status
of FITARA implementation and the challenges agencies are facing
in overhauling the management of IT resources.
I want to thank each of the witnesses for testifying today,
and I look forward to hearing your testimony on how agencies
are approaching FITARA implementation and the desired goals of
savings and efficiency in the management of IT.
Thank you, and I yield back.
Mr. Hurd. Thank you, Ms. Kelly. And I want to thank you for
the bipartisan nature in which we are doing this important
work.
Now it is great to recognize the gentleman from North
Carolina, Mr. Meadows, the chairman of the Subcommittee on
Government Operations, for his opening statement.
Mr. Meadows. Thank you, Mr. Chairman.
And thank you for your leadership, both of you, on this
particular issue.
And thank each of you for being here today.
Obviously, in February, the GAO added the Federal IT
management to the list of high-risk categories. The chairman of
the full committee talked about the $80 billion that we spend
on IT. Actually, it is even greater than that. If you look at
all the amounts of moneys that are, what I would say, offline
and not accounted for, it is in excess of $100 billion. And
that may be a conservative figure.
So, as we look at this, this is a critical issue, as the
GAO found all too often that this $80 billion to $100 billion
was invested, and, many times, it was behind schedule. We
didn't get the ultimate product that was even contracted for.
I was troubled to learn--I am one of those that was born a
little bit earlier than what the chairman of the full committee
had recommended, but I was real concerned to hear that we are
still supporting COBOL and Fortran. Those were languages that I
had a difficult time with in college. And yet, here we are,
with my gray hair, still supporting those kinds of legacy
programming, that even anybody who is remotely in the
programming world would say, why in the world are you doing it?
And so we have got to do a better job.
Obviously, with regards to FITARA and the implementation
thereof, we are going to, in a very bipartisan way, work with
not only the chairman of this committee but the ranking members
of both of our committees. I can tell you that the gentleman
from Virginia, Mr. Connolly, and I have had a number of
conversations as it relates to FITARA.
And this is the beginning. I think the other part of this
is the scorecards is actually a good start. Many of us asked
why there was no A's on there, as the chairman was--and the
concern that I have was the response that I got was that even
some of those grades that were given had been given the benefit
of the doubt.
And so, as we look at going forward and making progress,
this tool should not only be one that we not allow a law to be
implemented and just address, but we need to go further than
that. And we need to look at appropriations for those that are
doing well, that we need to make sure that those funds get
rewarded for those that are doing well. Because too often in
the Federal Government those who are efficient and effective
get their budgets cut instead of getting rewarded for the very
behavior that we are trying to support. And we have to do a
better job of recognizing good behavior and rewarding it.
I believe that this is a great start. I look forward to
continuing our work with not only the GAO but OMB as we look at
implementing this. And it will be a priority for us, in a
bipartisan way, to address that.
And, with that, I will yield back, Mr. Chairman.
Mr. Hurd. Thank you, sir.
Now I would like to recognize the architect of the Issa-
Connolly--or is it Connolly-Issa?--I always forget--bill, Mr.
Connolly, the gentleman from Virginia, ranking member of the
Subcommittee on Government Operations, for his opening
statement.
Mr. Connolly. I thank the chairman. And I thank him for his
generosity and his perspicacity.
But welcome. I am so glad we are here, we are finally here,
and we are talking about the implementation of the FITARA
legislation.
The bipartisan legislation represents the first major
reform of laws governing Federal IT management and procurement
since the Clinger-Cohen Act of 1996. And although that previous
effort established a solid foundation, it fell short in
achieving its full potential because, frankly, nobody was
watching its implementation.
And I hope today's panel and the hearing of these two
subcommittees and the leadership on both sides of the aisle
suggests we are not going to let that happen. FITARA, we mean
it, we want to see it implemented.
And we understand that this is the first interim report
card. It is not the be-all and end-all. It is a progress
report, a snap in time.
I have been encouraged at how quickly the administration
and Federal agencies have actually embraced the effort. And I
really appreciate the leadership of Federal CIOs and the Office
of Management and Budget, especially Mr. Scott, which I think
issued some of the best implementation guidelines I have ever
seen coming out of OMB.
And GAO, similarly, in designating improving the management
of IT acquisitions operations as a new government-wide high-
risk area really helps pound the case home, ``This is
important.'' It gets our attention, and, hopefully, it gets our
colleagues within the executive branch, their attention as
well.
I am actually pleased by the results of a recent survey of
Federal IT professionals conducted by MeriTalk, which was a
private-public partnership focused on improving government use
of IT, that shows that nearly 80 percent of those surveyed
within the Federal Government believe FITARA will actually have
a positive effect on the value of their agency's IT and
mission. That is great.
They specifically cited there is potential to reduce
duplicative IT systems and to address the legacy systems my
good friend from North Carolina was addressing just a few
minutes ago. Although I will point out to him, the value at
least of COBOL is the Chinese don't know how to hack into it.
Whoops. Late-breaking news: Apparently, they do. That would
be too bad.
Today, we are going to release our initial scorecard
focusing on four of those reform activities that kind of
constitute what grade you get and why: data center
consolidation, where we are not doing so well; IT portfolio
review savings; incremental project development and delivery;
and risk assessment transparency.
These metrics were selected because their implementation
will have a demonstrable benefit on IT acquisitions and
operations, and this data is updated and available on a
quarterly basis. GAO has already been gathering information
from agencies themselves to verify reporting in some of these
areas, so the committee tasked GAO with collecting the
agencies' self-reported information and then scoring it based
on our direction. So this is sort of a self-certification
process, too, that we are relying on, and so is GAO.
I want to caution my colleagues, our partners in the
administration, and others in the Federal IT community that
this scorecard is not intended to be a juridical, prescriptive
exercise. It should not be considered a scarlet letter on the
back of a Federal agency. It is, as I said earlier, an initial
assessment, a point-in-time snapshot, much like the quarterly
report card one might get in a university or in a school.
The intent isn't to punish or stigmatize. It is, in fact,
to, you know, exhort and urge agencies to seize this
opportunity and use the scorecard as a management tool to
better guide decisionmaking and investments within the agency.
While the grades themselves are illustrative of overall
performance, it is the multiple elements that make up the
grades on which agencies in our committee will focus to ensure
we deliver on the transformative promise of FITARA.
For example, while the Department of Transportation may be
on the lower end of the scores in certain areas right now, one
is encouraged by reading CIO McKinney's prepared statement, in
which he says, ``IT is no longer just the business of CIO;
rather, it's everybody's business.'' Well, to me, hallelujah. I
mean, you know, the gospel is spreading. And that is a good
thing, because it gets in our heads. That is exactly the point.
I also commend DOT on its efforts to implement a more
holistic approach to planning its IT investments by including
budget and acquisition staff in its decisionmaking process to
ensure everyone understands how those decisions need to support
the overall IT goals. GSA has a similar arrangement, with its
Investment Review Board. And Treasury employs the best-practice
model of IT information resource management. All good things.
So the one area I am concerned about--and I know Mr. Powner
and I have talked about this. And we have covered this in a
field hearing under your predecessor, Mr. Meadows, Mr. Mica,
that was at George Mason University in northern Virginia.
So we start out roughly with Vivek Kundra's 25-point plan
that says, let's take 1,600 identified data centers in the
Federal Government and cut it in half. Goal: 800. We introduced
a bill that said, well, you know, once we do that, let's cut it
in half again to 400.
We have a field hearing a couple of years later, and what
do we discover? Well, we didn't quite cut it in half. We
discovered 6,100 more. So we went from 1,600 to 7,700. And I
believe we have just discovered another 2,000. So now we have
8,700, roughly.
There is no way any of us can find that acceptable. I am
glad we are more accurate, apparently, in knowing how many data
centers we have, but the game here is to consolidate, to save,
to become more efficient, to get rid of the stovepipes within
our agencies and between agencies.
So I am very interested in hearing--especially that one--
how are we going to make progress, how are we going to avoid
discovering--I mean, if there are more to be discovered, fine,
but the real goal here is to consolidate. And so that one,
particularly, I am going to be focused on.
At any rate, I want to thank my colleagues for holding this
hearing. I want to thank all of you for being here. This is the
first downpayment in a series of oversight hearings I know we
are going to have.
Thank you.
Mr. Hurd. Thank you, Mr. Connolly.
I will hold the record open for 5 legislative days for any
members who would like to submit a written statement.
Mr. Hurd. We will now recognize our panel of witnesses.
I am pleased to welcome Mr. Tony Scott, the U.S. Chief
Information Officer at the Office of E-Government and
Information Technology at the Office of Management and Budget;
Mr. Sonny Bhagowalia, Chief Information Officer at the U.S.
Department of Treasury; Mr. Richard McKinney, CIO at the U.S.
Department of Transportation; Mr. David Shive, Chief
Information Officer at the U.S. General Services
Administration; and Mr. David Powner, Director of IT Management
Issues at the U.S. Government Accountability Office.
Welcome to you all.
And, pursuant to committee rules, all witnesses will be
sworn in before they testify. So please rise and raise your
right hands.
Do you solemnly swear or affirm that the testimony you are
about to give will be the truth, the whole truth, and nothing
but the truth?
Thank you. Please be seated.
And let the record reflect that the witnesses answered in
the affirmative.
In order to allow time for discussion, we would appreciate
it if you would limit your testimony to 5 minutes. And your
entire written statements will be made part of the record.
Mr. Scott, you have had a busy few months. Welcome back to
this hearing space. And you are now recognized for 5 minutes.
WITNESS STATEMENTS
STATEMENT OF TONY SCOTT
Mr. Scott. Thank you, Chairman Hurd, Ranking Member Kelly,
Chairman Meadows, Ranking Member Connolly, and members of the
subcommittees. Thank you for the opportunity to appear before
you today to discuss OMB's work in overseeing the government-
wide implementation of the Federal Information Technology
Acquisition Reform Act. And thank you for your resolute and
bipartisan efforts in ensuring that this critical law is
implemented successfully.
When I last appeared before you, I offered an overview of
how FITARA and OMB's implementation guidance enables strategic
partnerships among agency CIOs and other senior leaders in the
agency. And today I'll focus my remarks on the progress that's
been made in institutionalizing FITARA and how OMB is
facilitating and overseeing its implementation.
OMB's FITARA guidance uses a common baseline approach,
which provides direction on the roles and responsibilities of
agency CIOs and other leaders for the management of information
technology. Each FITARA-covered agency submitted a self-
assessment to OMB describing their current operation compared
to the common baseline and are on schedule to submit an
implementation plan showing how they will implement the common
baseline requirements by the end of the year.
Agency plans were evaluated with four overarching questions
in mind: Has the agency identified real breakthrough
opportunities for change? Has the agency described a compelling
and feasible plan to act on those changes? Does the detailed
plan integrate agency leadership with the leadership of bureaus
and programs to jointly drive the mission? And, finally, does
the agency CIO serve as the single point of accountability for
the roles and responsibilities identified in the common
baseline?
And let me assure you that there was no rubber-stamp
process involved here. With each agency, we've been actively
engaged.
Our analysis of the initial agency plan submissions
revealed several key themes, including but not limited to
agency-specific issues in budget formulation, budget execution,
and IT acquisition. And we're working actively with each agency
to address these issues for their final plan.
Our oversight of agency progress in implementing FITARA is
being assisted through a number of additional means. We're
fostering a government-wide community by holding biweekly
meetings on FITARA and by relaunching the Web site
management.cio.gov to serve as a central location for tools and
resources. We're collaborating with the President's Management
Council, the CIO Council, GSA, and other organizations, such as
ACT-IAC, to facilitate knowledge-sharing across the Federal
enterprise.
We're enabling consistent and transparent oversight by
requiring that each agency post their implementation plan and
related FITARA materials on management.cio.gov. And this will
enable OMB inspectors general, Congress, GAO, and the public to
conduct consistent oversight and followup. And we're requiring
agencies that have a red CIO risk evaluation on the IT
Dashboard for 3 consecutive months to hold TechStat sessions
and notify OMB of these sessions.
Finally, I want to highlight the work that my office is
doing, in partnership with OMB's Office of Federal Procurement
Policy, to leverage FITARA in addressing complex Federal
acquisitions challenges. We recently issued a category
management policy to improve the acquisition and management of
laptops and desktops. This memo is the first of a series of
policies directing agencies to take new steps to improve the
acquisition of common goods and services to drive better
performance and efficiencies, as required by FITARA.
In conclusion, I think FITARA presents a historic
opportunity to reform the management of information technology
across the Federal Government. It's important that we do not
underestimate the work and the commitment required by agencies
and the broader ecosystem to fully implement this law and the
changes it represents in culture, governance, IT processes,
business process, and, quite frankly, the way we do oversight.
Simply replaying pages from our old playbook is not the
solution.
That said, I'm pleased with agencies' promising work to
date, and I look forward to the positive results to come as
agencies apply FITARA to their full information system
lifecycle.
I thank the subcommittee for holding this hearing and for
your commitment to ensuring successful implementation of
FITARA. I would be pleased to answer any questions you may
have.
[prepared statement of Mr. Scott follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Mr. Scott.
Mr. Bhagowalia, you are recognized for 5 minutes for your
opening statement.
STATEMENT OF SANJEEV ``SONNY'' BHAGOWALIA
Mr. Bhagowalia. Thank you, Mr. Chair.
Chairman Hurd, Ranking Member Kelly, Chairman Meadows,
Ranking Member Connolly, Chairman Chaffetz, and members of the
subcommittees, thank you for the opportunity to testify today
on the Department of Treasury's approach to the Federal
Information Technology Acquisition Reform Act, or FITARA.
I will focus on how our evolving Office of the Chief
Information Officer practices have laid a strong foundation for
the implementation of FITARA. I also acknowledge there is much
work to do. I will highlight some of these practices, including
the roles of the OCIO in managing the Treasury Department's
information technology, IT, and information resource management
portfolio, and the governance structure that has Department has
in place to ensure sound IT/IRM decisionmaking and delivery.
The three top OCIO management priorities for the Department
of Treasury are cybersecurity, making improvements to the IT/
IRM operations, and implementation of FITARA.
Treasury works each day to deliver the diverse mission of
the Department both securely and reliably and to build upon
what we think is a strong foundation that positions the
Department for further successes in the future.
Treasury supports an important financial mission for our
country. Treasury is comprised of departmental offices and
bureaus of wide-ranging size with varying technology needs and
complexities and a number of different funding sources.
The Treasury CIO is accountable for meeting the IT/IRM
needs of the departmental offices, with special attention to
advancing the enterprise-wide objectives. Responsibility for
IT/IRM management is shared among the Treasury CIO and bureau-
level CIOs, who focus on the unique mission and needs of the
individual organizations.
Treasury is fully dedicated to implementing FITARA in
accordance with OMB's guidelines and the Department's needs.
Our self-assessment against the common baseline established by
OMB demonstrates that we have a number of practices already in
place but that many of these need to be formalized through
policy. And we acknowledge that there are many areas that still
need to improve.
Treasury's focus is sustainability, which means integrating
the goals of FITARA into existing processes to ensure
efficiencies can last over time.
The existing IT/IRM lifecycle is built upon GAO and OMB's
best-practice framework of architect, invest, implement, and
operate, with cybersecurity built in throughout the lifecycle.
Treasury uses this framework to further policy and process
development and includes consistent practices in the following
five areas:
Number one, governance. The Department has a GAO-recognized
best-practice approach to efficient and effective review of its
IT/IRM investments. Each bureau reports execution data to the
Department monthly. Treasury then reviews all investments with
month-to-month performance issues in project execution and
conducts a detailed program review called TechStat on select
investments. In addition, the Department CIO conducts quarterly
performance reviews with each bureau and participates in
quarterly PortfolioStat reviews with OMB.
Number two, budget formulation and planning. The Department
CIO actually annually reviews all bureau IT/IRM plans and
participates in full bureau budget reviews. The Treasury CIO
counsel also select a group of enterprise-wide initiatives to
be executed jointly. Efficiencies, such as those gained through
data center consolidation, have allowed Treasury to begin to
shift more spending to development and modernization and
enhancement, DM&E, efforts.
Number three, acquisition and execution. The Senior
Procurement Executive, SPE, and the CIO have worked
collaboratively to conduct a joint review of department
offices' IT/IRM procurements as well as select acquisitions of
major enterprise programs. Treasury is also developing a
department-wide procurement strategy and governance program to
ensure enterprise-wide oversight and to leverage economies of
scale in procuring commodity IT/IRM where possible.
Number four, in workforce and organization. The Treasury
CIO has input into bureau CIO selections, places performance
objectives in bureau CIO annual performance plans, and
contributes to bureau CIO evaluations.
Number five, project management. Beginning in fiscal year
2015, Treasury OCIO launched two initiatives to improve project
management oversight and practice: number one, develop a new
enterprise-wide lifecycle management program; and, two, a
revised program management approach to better leverage agile
development methods.
Per OMB's recent PortfolioStat review we just received,
Treasury has made significant progress in shifting towards a
more agile development approach, but work remains.
In conclusion, while Treasury has a strong foundation on
which to successfully implement FITARA, we acknowledge there is
still work to do. The Department is committed to fully
implementing FITARA and looks forward to working with OMB, GAO,
and the Congress in this endeavor.
Thank you for your support for FITARA, a key initiative
which will improve public stewardship. I appreciate this
opportunity to testify today, and I'll be glad to answer any
questions you may have.
[Prepared statement of Mr. Bhagowalia follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Meadows. Thank you so much.
Mr. McKinney, you are recognized for 5 minutes.
STATEMENT OF RICHARD MCKINNEY
Mr. McKinney. Thank you, sir.
Chairman Hurd, Ranking Member Kelly, Chairman Meadows,
Ranking Member Connolly, members of the subcommittee, I want to
begin by thanking you for the opportunity to appear today to
discuss DOT's implementation of FITARA.
I would also like to thank both this committee and your
predecessors for having the foresight to recognize the critical
importance of clarifying and strengthening the role of Chief
Information Officer. FITARA provides both the accountability
and the authority that is required for a CIO in an IT
organization to be successful.
I believe this landmark legislation must be used as the
foundation for the complete transformation in the way the
Federal Government builds, buys, manages, and secures
information technology. And I think you have very wisely given
us FITARA at an extremely critical juncture. Let me explain
why.
I began my IT career in 1985, just as governments were
eagerly moving away from the centralized, one-size-fits-all
model characteristic of the early mainframe days. This rapid
decentralization continued through the 1990s, but,
increasingly, this patchwork quilt of disconnected IT silos and
disparate technologies began to reveal its weakness as we moved
into the connected age of the Internet.
And governments at all levels across this country have
struggled with how to unwind this mess that we have allowed to
build up over the past 30 years. Tearing down the silos is not
an easy thing to do. We all understand how the status quo has a
lot of inertia, and so it is at DOT.
I was appointed CIO at DOT a little over 2 years ago, and I
immediately recognized this all-too-familiar scenario. I began
by having a frank and honest conversation with both the
departmental leadership and the operating administrations about
the challenges that we faced.
I could tell that everyone recognized that what I was
saying was true. But I also understood that in order to lead
them through a difficult transformation that we first had to
strengthen the office of the CIO. I wish I could tell you that
this process was quick and easy to do, but it wasn't. But after
more than a year of hiring, reorganizing, and improving service
delivery, the Department's confidence in our office quickly
improved.
And why is that important? It is precisely because we have
to make such a radical and difficult turn, abandoning the
decentralized approach and moving toward a strong and secure
enterprise shared-services approach. This shared-services model
should manage the 60 to 70 percent of our current IT landscape
that is commodity IT: the networks, servers, storage, desktop,
help desk, messaging service, all the enterprise services that
can be provided as a centralized utility and a well-managed
mixture of both cloud and locally hosted services.
This balanced approach would leave the mission-specific
solutions to be managed at the component level and specifically
aligned to their unique business needs. And with the cost
sprawl of decentralized infrastructure contained, we would free
more resources to improve the applications that help us achieve
our mission goals.
There is even one more more compelling reason to make this
radical change, and that is security. In our current
decentralized model, visibility across our network is
inconsistent, lines of defense are often less than clear, and
coordination effectiveness of our security efforts are severely
impacted.
Even if we managed a perfectly architected IT
infrastructure, securing that infrastructure against our
enemies would still be a very difficult task, but that should
be our singular goal. We must create a new construct that is
secure by design, one where security is built in and not bolted
on.
So how do we begin to use the three foundational
authorities of FITARA--namely, HR, budget, and acquisition
approval--that you have wisely laid out in this legislation?
I'm sure we can all agree that, in order to chart a course
to where you want to go, you must begin by understanding where
you are. I have been frustrated by the lack of good data, both
technical and financial, that we have to measure our IT spend
and performance. Just as our physical IT has been siloed, so
has our data.
For too long, my office has been merely an aggregator of
component data, data that we report to GAO and OMB, only to
find out later that the taxonomy and structure varies from one
OA to the next. So one of our first steps is teaming with the
CFO office and asking the operating administrations to join us
in building a new taxonomy that consistently and accurately
identifies and quantifies our IT spent. You can't manage what
you can't measure.
Let me close with this. I want you to know that I am
totally dedicated to ensuring that the rollout of these
important authorities is done as quickly and as successfully as
I know how to do. I believe that we have to approach FITARA as
if it were our last chance to get this right.
Again, thank you for FITARA. Thank you for this opportunity
to testify. And I look forward to answering whatever questions
you might have.
[Prepared statement of Mr. McKinney follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Meadows. Thank you, Mr. McKinney, for your insightful
testimony. Please give my personal regards to the Secretary, if
you would.
Mr. McKinney. Yes, sir, I will do that.
Mr. Meadows. And, Mr. Shive, you are recognized for 5
minutes.
STATEMENT OF DAVID SHIVE
Mr. Shive. Thank you, Mr. Chairman.
Good afternoon, Chairman Meadows, Ranking Members Kelly and
Connolly, and members of the subcommittees.
Mr. Meadows. If you could bring that mic a little bit
closer to you there.
Mr. Shive. How's that?
Mr. Meadows. All right. That is better.
Mr. Shive. Great.
Thank you for inviting me to testify before you regarding
GSA's implementation of the Federal Information Technology
Acquisition Reform Act. GSA appreciates this committee's
oversight of this important issue and the importance of
addressing the high-risk areas outlined by the Government
Accountability Office in its assessment.
Today, I would like to highlight GSA's efforts towards
implementing the common baseline of FITARA. These efforts
address a variety of activities, from centralizing IT
management to the optimization of data centers, all of which
are helping us to move closer to successfully complying with
the requirements of FITARA.
Three years ago, GSA conducted a top-to-bottom review of
the agency and, as a result of that, consolidated IT management
under the CIO and put effective management controls in place to
centralize our IT spending. Since this consolidation, GSA has
improved IT acquisition and security, and we are implementing
additional reforms, many of which were directed by FITARA.
For example, as GSA's CIO, I oversee and regularly
participate in the governance of operations and delivery of IT
services for the entire agency. All instructional letters,
policy directives, and formal guidance are published under my
signature, and all initiatives with an IT component are
reviewed by me or my delegates. This is made possible through
my representation on governance boards around the agency, such
as our Investment Review Board, and through our agency's IT
management processes.
GSA's consolidation efforts also helped my office gain
visibility into GSA-wide IT spending and investments. From
fiscal years 2013 to 2015, GSA IT reduced its budget by 17
percent. This is in part due to the fact that, since our
consolidation, I am intimately involved with the review,
management, and oversight of IT expenditures, from the initial
budget request to the execution and completion of each project.
To achieve this, my office conducts high-risk investment
reviews, project health checks, benefits realization,
application rationalization, and we authorize reprogramming of
funds and rebaselining of IT investments. All of these help
with ensuring that, as CIO, I have a role in investment and
project management oversight, which are primary goals of
FITARA.
Additionally, to ensure that IT investments within various
GSA divisions are aligned with the long-term IT vision of the
agency, my office collaborates with the various business lines
within GSA to provide guidance and support. The IT executives
supporting these offices report directly to me and formulate
technology solutions and manage IT investments with clear
understanding of GSA IT enterprise management requirements and
clear direction from the CIO.
Another initiative that has been central to reducing our
costs and is part of the requirements necessary for agencies to
properly implement FITARA are our activities surrounding the
Federal Data Center Consolidation Initiative. As a part of
FDCCI, GSA IT has reduced its overall number of data centers by
65 percent and consolidated their functionality to the agency's
core data centers. This consolidation has saved or avoided
costs totaling approximately $29 million from fiscal year 2012
through 2014.
Currently, GSA operates three core data centers as well as
multiple regional data centers. GSA IT's future goal is to
consolidate all core data centers and regional data centers
into three primary data centers.
Through consolidation and by driving efficiency into the
GSA-computing enterprise, GSA has increased the usability of
our systems, eliminated duplicative processes, eliminated
duplicative systems and applications, and standardized our
processes using industry best practices and solutions.
While GSA has made significant progress in implementing the
key components of FITARA, there is still more work to be done.
As GSA moves forward with FITARA implementation, I will
continue to work with GSA senior agencies officials, OMB, my
peer Federal agency CIOs, and members of this committee to
ensure that GSA is effectively implementing FITARA to reduce
costs and increase the value of our IT acquisitions.
I thank the subcommittees for the opportunity to testify
today and look forward to answering any of your questions.
[Prepared statement of Mr. Shive follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Meadows. Thank you so much.
Mr. Powner, good to have you back with us. You are
recognized for 5 minutes.
STATEMENT OF DAVID A. POWNER
Mr. Powner. Chairmen Meadows, Hurd, Ranking Members
Connolly and Kelly, I would like to first thank you for your
leadership on the implementation of FITARA with your first set
of grades. Your initial focus on improving transparency of the
projects on the Dashboard, delivering in smaller increments,
and holding agencies accountable for savings on data center
closings and duplicative spending will greatly help agencies
with their implementation efforts.
I'd like to briefly comment on each of the four areas on
your scorecard, starting with incremental development.
FITARA requires that CIOs certify that IT investments
deliver in increments consistent with OMB policy, which
requires that major investments deliver in 6 months. Agencies
such as VA, GSA, and EPA do a good job in this area. Agencies
self-report that, overall, 58 percent of the projects in
development are planning to deliver in 6 months. Our ongoing
work for this committee shows that this number greatly
overstates the extent to which agencies are delivering
incrementally. Therefore, grades in this area for some agencies
are too high and may need a downward adjustment in the future.
Next, Dashboard transparency. FITARA codified the IT
Dashboard and CIO risk ratings for the approximately 750 major
investments across the departments. These ratings simply say
whether each investment is low-, medium-, or high-risk. The
Dashboard tells us that about 160 investments, totaling about
$10.5 billion, is moderate- or high-risk and that 76 percent of
the IT dollars the government invests in is low-risk.
These totals are nowhere near reality, given the troubled
IT acquisitions and the old, antiquated legacy systems the
government has. CIOs need to be more transparent and accurate
in this area, and our ongoing work will show that many of these
CIO ratings are not acknowledging risk appropriately. Agency
CIO ratings that do acknowledge a fair amount of risk include
Commerce and EPA.
Next, PortfolioStat. FITARA requires that agencies review
their IT portfolios and address waste and duplication. When OMB
first started this effort, there were over 200 initiatives,
totaling nearly $6 billion in planned savings. However, our
latest report showed that the baseline is much lower and there
has been inconsistent reporting to GAO, OMB, and the Congress.
Some agencies, like SSA and Treasury, have reported significant
savings.
We have over 60 recommendations to OMB and agencies in this
area, and FITARA and your grades will help refocus needed
attention here.
Next, data center consolidation. This is the big dollar-
savings area. FITARA requires annual, publicly reported updates
on savings. Our ongoing review for this committee highlights
the importance of this section of the law.
Twenty-one-hundred more data centers are now being reported
to us, for a total of 11,700 centers.
Representative Connolly, you missed one update in the
baseline. We were at about 9,600, and now we're at 11,700.
Over 3,300 have been closed to date, and the government
plans to close an additional 2,000 centers. Over $2.5 billion
have been saved, and there is another $5.5 billion on the
table. So, in total, the government plans to close 5,000
centers and save about $8 billion.
Mr. Chairman, this $8 billion total should actually be much
higher since some agencies have lowballed their targets and not
all agencies have new cost estimates in. The top five agencies
in data center savings are Treasury, DOD, DHS, Transportation,
and Commerce.
I'd like to comment on the data sources used to grade
agencies. It's not perfect, as we've discussed, but it's the
best data available, agencies own it, and they need to get it
right. The data primarily comes from the IT Dashboard and the
quarterly savings report submitted to the appropriation
committees. We believe your grades and oversight will greatly
improve the accuracy of the data and attention to these areas
and ultimately more progress. In addition, our reviews will
highlight where agencies' self-reporting is inaccurate.
A critical and additional area where oversight is needed
with your scorecard in the future, as we have discussed, is CIO
authorities. We would recommend a close review of the FITARA
implementation plans when approved and whether CIOs are
exercising their enhanced authorities. Until these authorities
are strengthened significantly, agencies will struggle to
comprehensively implement FITARA.
I would like to thank Tony Scott for his leadership,
specifically on enhancing the transparency by making the FITARA
implementation plans publicly available, his recent strategic
sourcing enhancements associated with desktop purchases, and
calling for more focus and attention on GAO's IT
recommendations.
Chairman Meadows, Ranking Members Connolly and Kelly, thank
you again for your leadership. We look forward to working with
you further on your scorecard and oversight.
[Prepared statement of Mr. Powner follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Meadows. Thank you so much.
The chair will recognize himself for 5 minutes to follow
up, I guess, on our opening statement. So I want to just thank
all five of you for your illuminating testimony.
I guess, for me, part of this would piggyback on what I had
highlighted during our opening remarks, and that would be, as
we look at savings, what incentive is there for you to save and
be efficient, only to give the money back to someone else or
back to the general Treasury, where it gets reallocated or
reappropriated to somebody else? Is there a real incentive for
you to do that?
Mr. McKinney, do you want to weigh in on that?
Mr. McKinney. I'd be glad to.
That was music to my ears when you said that, because I
absolutely believe that, you know, not only do I need to drive
down cost, I need to drive up service delivery and improvement
of delivery of services.
And, you know, if we can have an ongoing conversation about
how we can incentivize people, you know, when they drive down
their costs, that there's that reinvestment opportunity and
transparency about that reinvestment opportunity, I think
that's a great conversation to have.
Mr. Meadows. So do you think you could work with GAO and
OMB as it relates to that?
Because one of the concerns I have really has to do with
the data that not only you but Treasury and others have put
forth. So let me be specific. I mean, when we are talking about
savings and reporting those savings to GAO, where we are trying
to get a good scorecard, I guess, Transportation, you had
indicated that, you know, there was some $77 million in
savings. But yet when Congress gets a report through OMB and
other sources, the savings was only $3 million.
Mr. McKinney. Yeah.
Mr. Meadows. Now, I am not saying that the $3 million or
the $77 million, either one of those, is inaccurate, but there
is a fly in the ointment somewhere. And so, in doing that, is
that because, obviously, we want to save as much as we can and
that you get penalized by Congress when you have saved money?
I am amazed at the amount of fourth-quarter spending that
goes on around here. I mean, I know it shouldn't be a shock,
but it is amazing how many dollars we spend in the fourth
quarter, saving up for the first three.
So why would you think that there would be an inconsistency
there? And I am not trying to put you on the spot.
Maybe, Mr. Scott, let me come to you and let you answer
that question. Why would there be an inconsistency with what is
reported in terms of savings through you and then others, to
Mr. Powner, in terms of those same dollar savings?
Mr. Scott. I'm not sure I have the complete answer. As
we've discussed about this topic with various organizations,
various agencies, and so on, I think it's a combination of a
couple of things.
One is, some measures that we use here are cost avoidance
as well as actual cost savings. So it depends on how you answer
the question--or how you ask the question, what the answer is.
Mr. Meadows. So is that like saying that someone is going
to go to a sale at a supermarket and, because they decided not
to buy something that may have been more expensive, that they
have saved that amount of money?
Mr. Scott. Or it could be required increases that are
absorbed by existing technology, those kinds of things.
Mr. Meadows. All right. So can we get that consistent?
Because if that is an inconsistency, you know, it is
inconsistent in the definition of what you are reporting to OMB
and then the same that you are reporting to GAO. We are talking
about apples and oranges.
So that is what you are saying, is it is a definitional----
Mr. Scott. It's one of the things that I think we
collectively have to work on, that we're using the same
measures when we talk about the same thing. And even in the
scorecard that I see here, I see differences in the way that
OMB is measuring something.
Mr. Meadows. And there are going to be. In fact, I think we
have talked to GAO with that. And here is what a lot of the
agencies are going to get: the benefit of the doubt today. As
we start to refine this and define this, then I would say that
the benefit of the doubt and the score--I fully expect some of
your scores to go down as we look at this. And that is not
going to be very troubling unless it is a trend. And I think
that all of us, in a bipartisan way, are trying to make sure
that it is the trend that we are looking at, that we are making
progress.
And so let me finish up, Mr. McKinney, with one of yours.
In your testimony, you highlighted that 70-percent sweet spot
in terms of the enterprise systems and so forth.
Mr. McKinney. Right.
Mr. Meadows. Do you believe that that is the area that you
have the most control over in terms of IT expenditures?
Because data centers seem like--and the definition of
``data center''--and we have had hearings in this very room on
data centers and what they are and what they are not. It seems
like that is where the big number is in terms of savings?
Mr. McKinney. Yes, sir. Not only is it the big number, you
know, in my experience with IT, it's foundational, you know.
Everything else that you do in IT you do on top of that
foundation.
And it's like you got an old house, somebody gives you an
old house; where do you go? You go into the basement. So I'm
headed into the basement, trying to figure out what's the
foundation, what's the plumbing, what's the electrical like,
and try to fix that first.
I think the most of the money, the savings, is in that, but
I also think it's absolutely essential if we're going to build
great IT on top of it.
Mr. Meadows. Well, here is what I would offer to each one
of the agencies as we start to work with that. If any of you or
all of you want to work with us in terms of being more
aggressive in terms of data center consolidation and those big
numbers, I will work in a bipartisan way with my colleagues to
go to the appropriators and say, listen, we need to give them
the benefit of the doubt, whether that is on the authorizing
side or certainly on the appropriating side, and see what we
can do. And if you want to reach out to do that, that offer
stands.
And so the chair would recognize the gentlewoman from
Illinois, Ms. Kelly.
Ms. Kelly. Thank you, Mr. Chairman.
Mr. Powner, has GAO identified problems with self-reported
data in the four areas graded in the scorecard?
Mr. Powner. Yes, we have.
So, for instance, on incremental development, you know,
there are some agencies that are reporting a very high
percentage of projects that they plan to deliver in 6 months.
We have some ongoing work on that. We see those percentages
much lower when we go in and start looking, you know,
underneath the covers on that. So that's an area that I think
the grades will go down, with some of the data that's not
accurate.
On the data center front, I think there are some agencies--
like, Treasury and Transportation, they got F's, but we feel
better about their F's because they have high goals. Okay? So
that----
Mr. Meadows. I bet there are a lot of kids around the
country that would say that their parents should feel better
about their F's.
Mr. Powner. Right. But some agencies that have A's and B's
with low goals and they actually have achieved more than their
goal, we don't feel so good. So I think those grades are going
down; their grades are going to be going up.
So it's kind of a mix when you look at the different areas.
But, again, I think the self-reported and your grades and focus
will help with self-reporting, and hopefully our audits that
will be coming behind the numbers will also help get the
information right.
Ms. Kelly. Well, have you identified any causes for this,
behind the issues in self-reported data? Like, what do you
think the causes are?
Mr. Powner. Well, I think, on data centers, for instance,
the last report we did, there were six agencies--and GSA was
one of them--that we thought had a high number of closures with
not high dollars and savings. And we asked those agencies to go
back and look at their dollar savings.
I think that there are just certain agencies that need to
relook at it. And they might need a push, both from Congress,
with your oversight, from OMB. Hopefully, we can help with some
of that.
I do think, with the codifying the data center
consolidation in FITARA, estimates now need to go out through
2018. And that's why I think the $8 billion savings on data
centers, it's going to be a lot more than that if we really get
serious about it.
Ms. Kelly. Okay. Thank you.
Mr. Scott, OMB's FITARA implementation guidance includes a
data improvement program that provides guidance to agencies on
how to improve their data reporting related to FITARA
requirements. How will OMB enforce the requirements of the data
improvement program?
Mr. Scott. So, we do, first of all, a bunch of data
collection, including quarterly standard data collection. And
we have actually had a program in place for a while to try to
improve the quality of that data collection that we do. And as
we have gotten experience with that, and also working with GAO,
we continue to identify opportunities.
So this is one of the tools that I think, actually, FITARA
is going to help us with. Because it requires more transparency
and visibility top to bottom in the agency, we now have an
opportunity to get better data. And I think as any of these
gentlemen will testify, this has been a great forcing function
within the agency to sort of flush out of, you know, some of
the hiding places where IT dollars were.
So we have both experience in improving the data quality,
but now I think we have the opportunity, as the result of
FITARA, to get better data in the first place.
Ms. Kelly. Okay.
And what are the consequences if the agency does not make a
data improvement plan or fails to take steps to execute a plan?
Mr. Scott. Well, we have a bunch of leverage that we can
use. We can leverage our colleagues on the budget side of OMB
to help make sure the right things are taking place, and, also,
on the management side, we have the President's Management
Council. We have peer pressure, frankly.
And then there is nothing like public exposure on our Web
site and oversight by this committee and GAO and inspectors
general. So I think this is one of those areas where daylight
will help all us of us make sure we get the data and the
information we want.
Ms. Kelly. I know someone mentioned a push from Congress,
but is there anything else Congress can do to ensure that
agencies are reporting timely and reliable data?
And anybody can answer that.
Mr. Scott. Well, I think, from my viewpoint, you know,
there's, sort of, no bad scorecard. We just have to agree on
what the scorecard is and what we are going to measure in a
uniform and consistent way. So there is no right or wrong here.
I think the secret is consistency, and then we can drive for
data quality in the things that we are collecting.
And so I look forward to working with this group and others
to make sure we are collecting the same stuff in the right way
to then drive the right action.
Ms. Kelly. Any other comments from anyone?
Nope?
I yield back the balance of my time.
Mr. Meadows. All right.
The chair--did you want to comment on that? Okay.
The chair recognizes the gentleman from Virginia, Mr.
Connolly, the chairman of the Subcommittee on Government
Operations.
Mr. Connolly. I thank my friend.
Gosh. By the way, Mr. Scott, in response to Ms. Kelly, so
is OMB or is GAO going to be putting on their Web site these
scores?
Mr. Scott. We hadn't made a specific plan for this
Dashboard. Frankly, we just saw it in the last day or two, so
we haven't really even had the opportunity to discuss it.
Mr. Connolly. All right. I would just suggest to you,
respectfully, given your answer to Ms. Kelly, it would be
perfectly consistent to do so. If we want sunshine and we want
to--and we can always do it with the right caveat.
All right. Mr. McKinney, thank you for your statement,
along with your colleagues on your right and left. It was not
defensive. It was self-reflective. And, boy, if everybody
approaches this opportunity that way, the Federal Government is
going to be humming, at least when it comes to investment
management and deployment of IT assets. And that gives me great
hope. So thank you for your statement.
Mr. McKinney. Thank you, sir.
Mr. Connolly. Very empowering.
Mr. Powner, Mr. McKinney indicated in response to Ms. Kelly
that, when it comes to data center consolidation, that is
foundational. You know, absent that, we are not going to
effectuate the kinds of reforms and efficiencies and savings we
need.
I got to admit, you surprised me. I was off by 3,000. It
seems like every hearing we have we discover another 2,000 or
3,000 data centers.
You have released your report on your work assessing the
Federal Government's status on the consolation effort. What are
the challenges toward significant reduction and consolidation?
Mr. Powner. Well, I think you need to look at the current
goals that they have. So, of the 11,700 data centers that are
being reported, agencies are only reporting 275 of those are
core. Now, we are not going to consolidate----
Mr. Connolly. Could you say that again? I couldn't hear
you.
Mr. Powner. These are the core data centers, so these are
the primary data centers that you really want to consolidate
into. So there still will be these non-core that remain.
But I think, when you really look at agencies and you look
at the number of core centers they have, that needs a closer
look. And this is something we discussed with Mr. Scott and
some folks at OMB. They've got some good guidance that's coming
out on data center consolidation, what agencies need to do down
the road, and that includes getting better estimates up to
school-year 2016 through 2018.
But I really think a good, hard look needs to occur with
those core data centers. And is the number, is that the right
number? And the ones that are non-core, what are we really
doing with them? How many of those are going to be remaining?
Mr. Connolly. Assuming we are able to get everybody on
board with this consolidation, Mr. Scott, what happens to the
savings the agency might effectuate? I mean, I think Mr. Powner
said maybe $8 billion, maybe more, actually.
Because Mr. Meadows and I have focused on this. We don't
want to punish someone unwittingly by saying, great, you saved
all that money, now give it to us, and we are going to, you
know, use it for some other purpose, rather than reinvesting in
the enterprise in new IT assets or management throughout.
What happens to the savings? And what, in your opinion, can
we do or should do legislatively to help make that an incentive
rather than a disincentive?
Mr. Scott. I think, generally speaking, what happens is
it's at the discretion of the agency, what to do with the
savings. So the money may be reprogrammed for other efforts.
But I think you're hitting at one of the core issues, which
is, for an agency CIO to undertake any kind of major
reinvestment to replace an old, antiquated legacy system, which
is one of the things we want agencies to do, there has to be
some source of funds for doing that. And that source of funds
may have to be more than what's available in 1 year or in the
savings that come from other savings efforts that go on.
Our guidance that we just issued for public comment, A-130,
suggests a new model for decisionmaking around software
investments, including greater use of shared services, greater
use of already-existing technology that is modern and that the
government has rights to, and a series of things like that that
should begin to also generate additional savings.
But, fundamentally, we need to have a different kind of
funding mechanism than is generally available today, in my
opinion.
Mr. Connolly. If I could ask one more question, Mr.
Chairman? And then I will yield, of course, to Ms. Duckworth.
But one of the other features of FITARA is a management
feature, which is to try to evolve into a meaningful hierarchy
of decisionmaking when it comes to the title of CIO. The three
of you have that title.
How many other people in your agency have it, Mr. McKinney?
Mr. McKinney. Well, we have nine operating administrations,
and each one of them has someone with the title of----
Mr. Connolly. CIO?
Mr. McKinney. Yes, sir.
Mr. Connolly. Mr. Shive?
Mr. Shive. When we started our consolidation, we had 27
CIOs; now we have 1.
Mr. Connolly. Twenty-seven; now we are at one.
Mr. Bhagowalia?
Mr. Bhagowalia. I have nine, sir.
Mr. Connolly. Nine.
Because, generally, when you ask even very large
corporations--I do it as a trick question--``By the way, how
many CIOs do you have?'' And they look at me kind of funny and
go, ``Well, one,'' no matter how big. You know, we have 250
people over 24 agencies--or did, when we wrote the bill.
We didn't prescriptively say, ``There shall be one,''
because we didn't want to create resistance for you and your
colleagues in trying to get your job done. But we were hoping
that, over time, we kind of evolve to one individual who is
infused with responsibility, accountability, flexibility to
make decisions and to stick by them.
Mr. Scott, final aspect of this one question: How are we
doing in evolving that way? It sounds like Mr. McKinney's
organization has done a pretty good job of doing it.
Mr. Scott. I think it's a little too early to tell across
the Federal Government how we are doing.
What we have seen in agencies' plans, generally, is some
reduction in the number of CIOs. So there are definitely cases
where somebody has said, you know, if this is what I'm going to
be responsible for, I don't want the title of CIO anymore, and
we'll give it to somebody else.
And what we are looking for specifically is the overall
governance framework. So we haven't specifically focused on CIO
title reduction, but what we are looking at is, you know, where
the accountability and responsibility flows and how it flows up
to the agency CIO.
Mr. Connolly. Thank you for your indulgence, Mr. Chairman.
Mr. Hurd. [Presiding.] Thank you.
So now I would like to recognize the gentlewoman from
Illinois, Ms. Duckworth.
Ms. Duckworth. Thank you, Mr. Chairman.
I am actually going to follow up on what my colleague was
saying. Mr. Scott, I sort of want to look at this idea of the
enhanced CIO authority and how it benefits the IT acquisition
process, going right back to what you were just talking about,
the consolidation.
And one of the things bureaucracies are known for, sir, is
turf battles. And having worked inside the VA, where there are
some significant turf battles there, and watching that and then
being able to see the IT come together under Roger Baker as a
CIO there, I gain hope.
Can you talk a little bit about the enhanced CIO authority
and how that affects the acquisition process when you have this
diverse number of alternate CIOs within each of the agencies?
Mr. Scott. I think there's a couple of things that have
either been done or are in progress that will help this.
So, first of all, we are issuing broad guidance in some of
the commodity IT areas, like laptops, desktops, servers, and so
on, that I mentioned so that there is much stronger, sort of,
guidance in terms of how that will be done in an agency. And
that includes transparency of spend and the plans in that
space.
Also, as I mentioned, this A-130 guidance that we have out
for public guidance is also more prescriptive. And with the CIO
authorities, now there is a tool for the agency CIO to say,
here's the law, here's the guidance, and then measures
compliance with those things in particular.
Again, I think probably the biggest trick to all of this is
making sure that the data is exposed in some way so that the
agency CIO can understand what's going on. And, frankly, that's
going to be one of the challenges that we deal with over the
next couple of years, is making sure that the reporting systems
that we have capture the data at the right level and then
that's available to the agency CIO.
In a big, complex agency, you might have multiple systems
that gather that data in a non-uniform way, as Richard was
talking about. And that's going to have to be dealt with as we
go down the road here.
Ms. Duckworth. Mr. McKinney, do you see this as one of your
major things that you are going to be needing to work on as you
go into the basement?
Mr. McKinney. Yeah. You mean the governance issues? Yes,
absolutely.
I wanted to, if I could, comment on that, you know, about
having nine CIOs.
Ms. Duckworth. Yeah.
Mr. McKinney. I believe that if we could get the balance
between what ought to be centralized as a utility for the
Department and then we then--each of the operating
administrations have unique business needs. And I need
somebody, whether it's the title of CIO or IT engagement
manager, whatever it is, somebody whose job, sole job, it is to
focus on the alignment of the technology to that particular
business, while the central office, my office, tries to manage
that underlying utility.
Now, that's not to say I wouldn't be involved in that, but
what I'm saying is I need eyes into that business unit to
understand their unique business needs. And whether we call
that a CIO or IT engagement manager, whatever we want to call
it, I think that's the right balance point between the two.
Ms. Duckworth. Are you confident that the things that come
out of central office, say, the guidance that come out of
central office, with or without a concurrence from the folks
out in the field, are going to be carried out?
Because one of the things I have seen in bureaucracies at
the Federal level is that lots of great things come out of
central office and then they slow-walked.
Mr. McKinney. Right. I have tried, in the few years I have
been at DOT, to create a governance model where I, as the CIO,
sit down with those modal CIOs and that we have a true business
council, that we have true governance and dialogue between us,
that we make decisions together.
So I do not want to be the central office that dictates out
to the business units and they have no input. That won't work.
What works is when the people work together towards a common
goal.
Ms. Duckworth. I would agree. But wouldn't you agree that,
at some point, there are going to be some things that are going
to be unpopular----
Mr. McKinney. Yes.
Ms. Duckworth. --that you are going to have to say, as the
central office, okay, this is the one thing you are going to
have to do and suck it up?
Mr. McKinney. Yep. Yep.
I mean, that's what happened during the cyber sprint that
we did. You know, that's an example of where I put FITARA to
use. OMB came out with these goals about privileged and
unprivileged access, and DOT's numbers were way down, and I
called all those CIOs together, and I said, ``We've got 30
days, and we're going to be at 100 percent of privileged, and
we're going to get a high number on unprivileged''--and we got
to 97--``and you've got 30 days to get it done, and they're not
cutting us any slack and I can't cut you any slack.'' And, you
know, to our credit, 30 days later, we were kind of at the top
of the list of departments that tackled that issue.
Now, we've got a lot more issues ahead of us, but that's
where the departmental CIO says, ``I've taken your input, I've
listened, but here's what we've got to do.'' And, you know, a
good CIO isn't bashful about making those calls.
Ms. Duckworth. Thank you.
I yield back, Mr. Chairman.
Mr. Hurd. Thank you.
I would like to recognize myself for 5 minutes.
And continuing along that line of questioning, if there are
members of you all's staff that would enjoy coming up here and
testifying and we get to ask them the questions, why they are
not going forward on things, we will be more than happy to do
that.
My first question, Mr. Shive, GSA got one of the two B's
out of the 24 CFO agencies, which were the two highest scores.
Now, when we break it down and look at the data center
consolidation, we graded you at a D. But if we did this on a
curve, you were one of the better performing agencies on data
center consolidation.
Did you need additional moneys in order to do that data
center consolidation?
Mr. Shive. No.
Mr. Hurd. You went from--you know, the reported savings is
$49 million, the goal, and you have realized $29 million, which
is 60 percent of that end goal. Did you need additional funding
in order to achieve that?
Mr. Shive. No. We self-funded those activities. As a part
of our IT consolidation, we consolidated much more than just
data centers. We rationalized our applications, we rationalized
our infrastructure, reorganized how we do business. And those
were savings generated from that, and those savings were
reinvested into data center consolidation.
Mr. Hurd. And you were able to do that, you had the
flexibility in order to do that. Is it because you have a
unique budget authority as your role versus maybe some of your
peers?
Mr. Shive. So, no, I don't have a particularly unique
budget authority. I operate largely out of the working capital
fund, and that's what funded most of these activities.
Mr. Hurd. Great.
Mr. Shive. What enabled that was actually strong leadership
at the top of GSA that made this a priority and the fact that
we got an early start on this.
Mr. Hurd. Thank you.
And now, Mr. McKinney, same question to you. The difference
is you all have only realized 1 percent of the savings, of your
goal. Why is that?
Mr. McKinney. Well, the initial estimate that was
provided--I think it was in 2011-2012 timeframe, prior to my
coming to DOT--I would have to characterize it as an overly
optimistic stretch goal. The number that we reported
subsequently to GAO, I think, reflects the true savings.
I will say this. We have 15 core data centers--3 of them
non-FAA, 12 of them in FAA. I believe that we can get our three
down to two, a primary and a backup. FAA puts a data center in
each one of their regions. The rest of our data centers are
really telecommunication closets where there is a network
router and a switch and maybe a file and print server for
document caching. So our numbers, as far as the actual number
of physical locations, is down pretty low.
I think the other side of--you know, and I would ask you to
consider around data center consolidation is, when we started
this in 2011, we really didn't have mature cloud service
providers that we could move our stuff to. So I think the key,
moving forward, is not only do we shrink the number of data
centers, is we move assets out of those data centers and up
into the cloud. And I believe that we are going to be able to
move----
Mr. Hurd. You are preaching to the choir on this.
Mr. McKinney. Yeah. So that's what we are going to do.
Mr. Hurd. Now, do you have the authorities to do that?
Mr. McKinney. Yes.
Mr. Hurd. All right. And when do you plan to do it?
Mr. McKinney. We're in the process of doing it right now.
We just issued----a contract----
Mr. Hurd. And when will it be completed?
Mr. McKinney. How long will it take us to move it up? It'll
take a few years.
Mr. Hurd. A few years. And how much data are we talking
about?
Mr. McKinney. Well, let's see. I could give you an example.
Probably by February-March timeframe, I'm going to move my
entire messaging service up into the Microsoft 365 cloud.
Mr. Hurd. So are we talking----
Mr. McKinney. Four hundred gigabytes of--or, 400 terabytes
of storage. You know, we're going to make big moves. And we're
going to also start moving just storage up there.
Mr. Hurd. So is the length of time, years, to move data, is
it because of the volume of data? Is it because of when you
plan on implementing this? That seems like an incredibly long
time in order to move even that, the petabytes and terabytes of
data.
Mr. McKinney. Well, you know, I'd like to think--I just
don't want to--yeah, I don't want to get in the--you know, be
guilty of making an overly optimistic stretch goal. I think,
yes, we can move fast. We are moving as fast as our technical
teams are able to do it, and----
Mr. Hurd. So am I safe to assume that that may be one of
these projects that are associated with your major investments
that are not being delivered deliverables every 6 months?
Mr. McKinney. I think you're talking about incremental
development.
Mr. Hurd. Right.
Mr. McKinney. Yeah. That's another subject. I'd be glad to
get into that.
Mr. Hurd. No, it is another subject, but aren't those about
the major investments that you all--would this data center
consolidation not be considered a major investment?
Mr. McKinney. Yes, it would.
Mr. Hurd. Right. And so you have 59 projects associated
with 19 major investments, and only 9 of those 59 projects are
delivering deliverables every 6 months.
Mr. McKinney. Right.
Mr. Hurd. And the reason for the remaining 50?
Mr. McKinney. Well, many of our major investments are on
the FAA side of the house.
Mr. Hurd. Sure.
Mr. McKinney. They involve the national airspace.
Incremental development, which is often referred to with the
tag line ``Fail fast,'' is not really deemed appropriate for
development of technologies that are going into the national
airspace.
Mr. Hurd. But, also, on the flip side of that, I would
think if we would try to be getting the best technology
available, to make sure that our FAA and our men and women that
are flying planes have the best technology at their fingertips.
So talking in terms of years versus months is one of the
things that has been concerning to us, you know, when we have
people come up here all the time talking about--and I recognize
the difficulty of the task, but the American people are tired
of hearing it takes 2 years to do something that it would take,
you know, any other entity less amount of time.
And we can get into the details and, yes, that everybody
has a unique challenge, you know, but guess what? We still have
to deliver. And, one, I want to make sure you have the
authorities to do that. But, two, when you have those
authorities, we are also going to hold you accountable on this
area.
Mr. Scott, in your written testimony, you talked about how
many of the agency plans reflected a view that CIOs would not
or did not have direct knowledge of IT goods and service
acquisition. You know, your analysis of these initial agency
plans, I think, has been one of the best insights we have
gotten into this problem. How can we help you fix that?
Mr. Scott. I think there's probably a couple of things in
the short run.
One, as I mentioned, we have a number of these OMB
guidelines coming out, and I think the development of the
appropriate scorecards and measures in that space will help us
measure progress in that area. And continuing to insist that IT
spend be identified as a part of major projects and getting the
visibility of that at all levels, whether it's at the subagency
level or at the agency level, is super-important.
Another one, to me, is that, as we plan and budget for
things, that conversation that takes place among the senior
leadership--the CXO, the program heads, and so on--that clearly
identifies what the expectations are of IT in that particular
case is absolutely one of the keys. And so that's an area where
we just can't take our eye off the ball. We've got to make sure
we keep focused on it.
Mr. Hurd. I will consult with my colleagues, but that
sounds like an area for a great hearing, to discuss this topic
and have some of those C suite folks talking about why or why
not CIOs are not involved in the procurement process.
And the last question--and I have exceeded my time. I
apologize to my colleagues.
But this is for all of you all. I welcome your feedback and
thoughts on the scorecard. You know, we sit here and get to ask
you all tough questions, and I would look forward to--and, Mr.
Scott, I will start with you. Were you surprised, concerned
with the scorecard?
Mr. Scott. Well, I think, again, I didn't have a lot of
time to look at it, but, to me, it sort of--one of the ways to
look at it is it's a baseline of, sort of, where we are today.
And I think the hope for FITARA is to seize this historic
moment and, frankly, do things differently than we have done in
the past.
So, to me, the real measure will be, 6 months or a year
from now, did we really move the needle on these things? I
would love to change the past. Can't do that. Haven't figured
out any way. But, you know, if we can really make progress in
the next year or two, I think that's the real test.
And, hopefully, the scorecard, you know, can reflect, you
know, realtime progress as we go down the road. So, as we work
together, I'd like to figure out how we make sure we are
getting more realtime visibility.
Mr. Hurd. Mr. Bhagowalia?
Mr. Bhagowalia. Mr. Hurd, first of all, I think this
legislation is very exciting because this legislation offers
the most promise since Clinger-Cohen to really allow us to do
our jobs. In the 30 years I have been in this business, I think
this is the one that I think can help us, because you are also
providing the oversight to make sure it gets done. I like what
my colleague Mr. McKinney said, that what gets measured gets
done. And that's exactly what needs to happen.
So I would just make two observations. And one would be
that there's a little bit of definitional challenges, as well,
so we need time to process what the scorecards and things mean.
But, for example, on our PortfolioStat, we did pretty well in
some of the agile, but we know we need to do much more than
that across all programs. So that's an area we need to take a
look at.
And I think the other thing I will just say is that, as we
go into acquisition, you know, this can be a partnership with
other CXOs. We've got to really work together to make it
happen. But I think this is a tremendous way to really get to
the validation and verification framework.
Mr. Hurd. Okay. Thank you.
Mr. Shive?
Mr. Shive. Thank you, Chairman Hurd.
I appreciate the work that our partners at GAO put into
establishing a benchmark and a baseline for us to start to
measure success as we move towards FITARA implementation. I
think that this is a great opportunity to start that discussion
so that we can begin the work of refining how we measure
success, and I look forward to being a part of that discussion.
Mr. Hurd. Mr. Powner, I think I know how you feel on this
topic. But I want to say that, in my 10 months being in
Congress, I have been impressed with the professionalism of GAO
and the thoroughness of you all's report.
So I am going to give the last word to Mr. McKinney.
Mr. McKinney. Thank you, sir.
As I said in my opening remarks, I am so grateful to this
committee for FITARA, but both for the accountability and the
authority. You know, I wanted both.
And I sense your urgency, I feel your urgency. I have that
same sense of urgency. As I said, I think this is our last
chance to get it right.
So I'm going to take what you've said to me today, the
accountability that I feel very clearly, and I take it back to
work with me. Because I have been telling my colleagues that
FITARA is to be taken seriously, that the accountability is
real. And we can debate about the authority, but, at the end of
the day, the scorecard is going to reflect our accountability.
And I appreciate it very, very much.
Mr. Hurd. Well, Mr. McKinney, you can tell your fellow CIOs
and your agency heads that many of them will be asked to appear
before us.
And, Mr. Scott, I agree with you, this should be movement.
This is the baseline, and if we are not seeing movement, I
think these conversations are going to grow a little bit more
uncomfortable.
So, with that, I would like to thank our witnesses for
taking the time to appear before us today.
If there is no further business, without objection, the
subcommittees stand adjourned.
[Whereupon, at 4:26 p.m., the subcommittees were
adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]