[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
THE FEDERAL INFORMATION TECHNOLOGY ACQUISITION REFORM ACT'S ROLE IN
REDUCING IT ACQUISITION RISK
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON
INFORMATION TECHNOLOGY
AND THE
SUBCOMMITTEE ON
GOVERNMENT OPERATIONS
OF THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
JUNE 10, 2015
__________
Serial No. 114-43
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
______
U.S. GOVERNMENT PUBLISHING OFFICE
96-953 PDF WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of
TIM WALBERG, Michigan Columbia
JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee JIM COOPER, Tennessee
TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida TED LIEU, California
MICK, MULVANEY, South Carolina BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina MARK DeSAULNIER, California
ROD BLUM, Iowa BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama
Sean McLaughlin, Staff Director
David Rapallo, Minority Staff Director
Troy D. Stock, Information Technology Subcommittee Staff Director
Jennifer Hemingway, Government Operations Subcommittee Staff Director
Julie Dunne, Senior Counsel
Sharon Casey, Deputy Chief Clerk
Subcommittee on Information Technology
WILL HURD, Texas, Chairman
BLAKE FARENTHOLD, Texas, Vice Chair ROBIN L. KELLY, Illinois, Ranking
MARK WALKER, North Carolina Member
ROD BLUM, Iowa GERALD E. CONNOLLY, Virginia
PAUL A. GOSAR, Arizona TAMMY DUCKWORTH, Illinois
TED LIEU, California
Subcommittee on Government Operations
MARK MEADOWS, North Carolina, Chairman
JIM JORDAN, Ohio GERALD E. CONNOLLY, Virginia,
TIM WALBERG, Michigan, Vice Chair Ranking Minority Member
TREY GOWDY, South Carolina CAROLYN B. MALONEY, New York
THOMAS MASSIE, Kentucky ELEANOR HOLMES NORTON, District of
MICK MULVANEY, South Carolina Columbia
KEN BUCK, Colorado WM. LACY CLAY, Missouri
EARL L. ``BUDDY'' CARTER, Georgia STACEY E. PLASKETT, Virgin Islands
GLENN GROTHMAN, Wisconsin STEPHEN F. LYNCH, Massachusetts
C O N T E N T S
----------
Page
Hearing held on June 10, 2015.................................... 1
WITNESSES
The Hon. Anne Rung, Administrator, Office of Federal Procurement
Policy, The Office of Management and Budget
Oral Statement............................................... 4
Written Statement............................................ 7
Mr. Tony Scott, U.S. Chief Information Officer, Office of E-
Government and Information Technology, The Office of Management
and Budget
Oral Statement............................................... 12
Written Statement............................................ 14
Mr. David A. Powner, Director, IT Management Issues, U.S.
Government Accountability Office
Oral Statement............................................... 19
Written Statement............................................ 21
Mr. Richard Spires, Chief Executive Officer, Resilient Network
Systems, Inc.
Oral Statement............................................... 47
Written Statement............................................ 49
APPENDIX
Chairman Will Hurd, Opening Statement............................ 76
Ranking Member Robin Kelly, Opening Statement.................... 78
Mr. D. Powner-GAO Response to Rep. Duckworth Questions for the
Record......................................................... 80
POGO Statement for the Record on DOE FITARA Exemption............ 84
THE FEDERAL INFORMATION TECHNOLOGY ACQUISITION REFORM ACT'S ROLE IN
REDUCING IT ACQUISITION RISK
----------
Wednesday, June 10, 2015
House of Representatives,
Subcommittee on Information Technology, joint with
the Subcommittee on Government Operations,
Committee on Oversight and Government Reform,
Washington, D.C.
The subcommittees met, pursuant to call, at 2:41 p.m., in
Room 2154, Rayburn House Office Building, Hon. Will Hurd
[chairman of the subcommittee] presiding.
Present from Subcommittee on Information Technology:
Representatives Hurd, Walker, Blum, Kelly, Connolly, Duckworth,
and Lieu.
Present from Subcommittee on Government Operations:
Representatives Meadows, Walberg, Massie, Carter, Maloney,
Norton, Plaskett and Lynch.
Mr. Hurd. The Subcommittee on Information Technology and
the Subcommittee on Government Operations will come to order.
And without objection, the chair is authorized to declare a
recess at any time.
Today we're going to review GAO's designation of IT
acquisition as high risk and highlight how the Federal
Information Technology Reform Act, FITARA, can reduce IT
acquisition risk.
I represent a district that's 29 counties, very rural parts
of Texas, and the urban part. Not once did I mention IT
procurement on the campaign trail because it wasn't a sexy
topic. And one of my first trips out in the district, we were
in far west Texas, my chief of staff says: What are you going
to talk about? And he says: IT procurement, and his face goes
ashen, but when you tell people that the Federal Government
spends $80 billion on IT procurement, and a good majority of
that is on legacy systems, they're pretty outraged, and they
recognize the need for efficiency. They recognize the need to
reduce the size and scope of the Federal Government, and FITARA
was a good move in that direction.
I think many of the folks on this panel were involved in
that. I know Darrell Issa and Congressman Connolly were
instrumental in making that happen, and I'm looking forward to
working with Congresswoman Kelly on this important issue and
making sure, Mr. Scott, you know, you have all the tools you
need to do your job. You have a tough job. This is--you know, I
recognize the difficulty of the task, and IT management and
acquisition has long been a problem for the Federal Government,
and we all know that. And I'm hopeful that the agency CIOs will
in partnership with their C-suite agency colleagues,
fundamentally transform the way the Federal Government manages
and buys IT.
And we cannot afford to be having the same discussion about
IT management and acquisition in another 20 years. Our fiscal
situation demands that we take advantage of the opportunities
for cost savings in IT whether through eliminating duplication,
transitioning to the cloud and shared services or ensuring
agile development.
I'm particularly interested in how we might define
successful FITARA implementation and how we best empower the
CIOs for success.
I look forward to working with the leadership and members
of the IT and Government Operations Subcommittees on both sides
of the aisle and to continue the oversight of FITARA
implementation. We have to get this right. And I believe this
is something that has support not only on both sides of the
aisle in the House and the Senate, in the White House as well.
And now I would like to recognize Ms. Kelly, our ranking
member of the Subcommittee on Information Technology for her
opening statement.
Ms. Kelly. Thank you, Mr. Chairman, for holding today's
oversight hearing on the implementation of the Federal
Information Technology Acquisition Reform Act, bipartisan
legislation intended to overhaul the Federal Government's
approach to managing its information technology resources and
save billions of taxpayers' dollars.
I would like to commend Representative Gerry Connolly, the
ranking member of the Government Operations Subcommittee and
co-author of this legislation for his continued work on Federal
IT issues and reforms. I look forward to working with him and
other members of the committee in conducting effective
oversight of the implementation of this law across the
government.
FITARA includes a number of government-wide reforms for
managing IT acquisitions and portfolios that will help ensure
the Federal Government is making wise and efficient investment
in IT. This committee plays an important oversight role that
could increase transparency and accountability of agency
efforts and help ensure that the law is effectively
implemented.
In February of this year, the Government Accountability
Office released its biannual high risk report which added the
new high risk area, ``Improving the management of information
technology acquisitions and operations.'' GAO found that
Federal Government spends billions of dollars on failed or
poorly performing IT investments. Effective oversight is a key
tool in identifying and reducing this kind of wasteful
spending. Congress has a duty to conduct oversight as well as
an obligation to give agencies the tools they need to conduct
their own oversight. Agencies need more well-trained
acquisition personnel to effectively oversee complex systems
and to ensure that the government is a smart and diligent
consumer. FITARA recognizes this need.
Congress must also ensure that agencies have the resources
to hire and retain qualified personnel that embrace the added
authority and additional responsibilities provided to chief
information officers by this law. Congress, together with
administration, should pursue ways to retain their expertise,
train them in the most cutting-edge techniques, and support
their critical work.
In April 2015, OMB released for public comment proposed
guidance on how agencies are to implement FITARA. Today, after
soliciting public feedback and conducting numerous outreach
sessions with stakeholders and experts, OMB issued its final
guidance to agencies on the management and oversight of
information technology resources.
I want to thank each of the witnesses for testifying today
and for being here. I look forward to hearing your thoughts on
this agency implementation, how we can improve the management
of Federal IT. And I want to thank you again, Mr. Chairman.
Mr. Hurd. Thank you, Ms. Kelly.
Mr. Hurd. And now I'd like to recognize Mr. Meadows,
chairman of the Subcommittee on Government Operations for his
opening statement.
Mr. Meadows. Thank you, Mr. Chairman. Thank each of you for
being here.
Mr. Chairman, I want to just thank you for taking a topic
that, as you mentioned, back home in Texas may not have been
the number one topic for people to talk about. But I can tell
you in terms of making real impact, this particular issue,
under your leadership and that of Ms. Kelly, will truly
transform how we do business. You know, just in the last few
days we've heard of all kinds of taxpayer information,
employees, 4 million employees. When we start to think about
the cyber attacks, that goes hand in glove with some of our IT
acquisitions. And so I look forward to working with you and the
ranking member, certainly with OMB as you work to try to
streamline what we're doing and make it more efficient.
The GAO, you all have done some great work. I've read a lot
of your work as it identifies this. And, Mr. Spires, I
understand you have you a background with the IRS, and I was
troubled to hear the other day that they still have aspects of
their IT that has either COBOL or FORTRAN programming. Now, I
shared that with some of the people in my office, and I said to
give you an idea, those languages are older than you are. And
so they were languages that I was learning when I was in
college. And so just the maintenance of those kinds of
languages and where we've come today, it's unbelievable that we
would still be holding on to our security blanket.
And indeed when we do that, you know, we don't want to get
rid of the old system because everybody's familiar with it and
it's too much trouble to bring in the new system. You guys have
heard it all, and yet what we find is the attackers. The one
thing that may have saved us on some of those systems is the
language is so old they can't figure it out. But in doing that,
we've got to make a real investment. The chairman mentioned $80
billion. Well, really, we know that it's actually higher than
that. And when you look at those offline IT acquisitions that
are in some of those areas that we do not actually openly
debate, we know that the figure could be well in excess of $100
billion.
And so as we start to look at this, it is critical from--
not only from an accountability standpoint but from a
procurement standpoint that we actually address this in a real
way. And so my compliment to all of those that have been
leading the way. But I look forward to serving in a great way
under the leadership of you, Mr. Chairman, and the ranking
member as we move forward.
And with that I'll yield back.
Mr. Hurd. Thank you, Mr. Chairman, and thank you for taking
me back to my youth when we talked about COBOL as something
that was super old even when I was a youngster studying
computer science at Texas A&M University.
Mr. Hurd. We're going to recognize Mr. Connolly when he
arrives for an opening statement, but, you know, we're going to
also hold the record open for 5 legislative days for any
members who would like to submit a written statement.
And we will now recognize our panel of witnesses. I'm
pleased to welcome Mr. Tony Scott, U.S. Chief Information
Officer of the Office of E-Government and Information
Technology at the Office of Management and Budget. And, sir,
you have your hands full, sir, and I know you've been working
on in these 4 months that you've been on the job.
The Honorable Anne Rung, Administrator for the Office of
Federal Procurement Policy at the Office of Management and
Budget as well. Thank you for being here, Ms. Rung.
Dr. David Powner, Director of IT Management Issues at the
U.S. Government Accountability Office.
And Richard Spires, CEO of Resilient Network Systems and
former Chief Information Officer at the IRS and Department of
Homeland Security.
Welcome to you all, and thank you for being here, and
pursuant to committee rules, all witnesses will be sworn before
they testify. Please rise and raise your right hands.
Do you solemnly swear or affirm that the testimony you are
about to give will be the truth, the whole truth, and nothing
but the truth?
Thank you. Please be seated. And let the record reflect the
witnesses answered in the affirmative.
In order to allow time for discussion, please limit your
testimony to 5 minutes. Your entire written statement will be
part of the record. And, again, I think our first testimony is
going to be Ms. Rung.
WITNESS STATEMENTS
STATEMENT OF THE HONORABLE ANNE RUNG
Ms. Rung. Chairman Hurd, Ranking Member Kelly, Chairman
Meadows and Ranking Member Connolly, and members of the
subcommittees, thank you for the opportunity to appear before
you today to discuss how the acquisition and information
technology communities are working together to implement FITARA
to drive greater IT performance.
As the administrator for Federal procurement policy, I
appreciate how FITARA will help address some of the complexity
of the Federal acquisition system which often leads to
ineffective and inefficient use of taxpayer funds, especially
in IT contracting.
In December 2014, I established a blueprint to simplify the
acquisition system that I believe will help advance some of
FITARA's key provisions such as those calling for maximizing
the benefit of strategic sourcing, developing government-wide
software licenses, and expanding workforce training in the use
of IT cadres.
Today I would like to take this opportunity to briefly
highlight some of the work that the Office of Federal
Procurement Policy is doing to implement FITARA in partnership
with Federal CIO Tony Scott and the Federal IT and acquisition
community.
First, FITARA calls for GSA to establish an enterprise-wide
software program on behalf of civilian agencies to reduce
lifecycle cost and improve asset management practices. To
implement this section, Tony Scott and I chartered the
enterprise-wide software category team to serve as lead for IT
software. The team includes representatives from the Office of
Management and Budget, GSA, and the Department of Defense. The
team is tasked with developing and implementing a strategic
plan to increase the number of enterprise license agreements,
recommend policy changes to OMB to improve the acquisition of
management of software, and monitor agency progress. We will
then use the existing PortfolioStat process to hold agencies
accountable for moving to these shared solutions as
appropriate.
Also a FITARA provision directs the Federal Acquisition
Regulatory Council to implement a preference in the Federal
Acquisition Regulation for strategically sourced vehicles. The
FAR Council has opened this case and will issue a rule for
public comment later this summer. Such a preference will help
OFPP raise the visibility of these solutions, promote their
use, and better leverage the government's buying power. This
rule will complement other strategies that OFPP is developing
around category management to better manage our spend and
improve results for the taxpayer.
Category management is an approach taken from the private
sector which manages entire categories of common purchases
across the government and utilizes teams of experts to manage
those specifics categories. OFPP, DOD, and the General Services
Administration have mapped the more than $275 billion of common
spend into ten super categories, including IT. While we're
moving forward aggressively to collect and share information
across all 10 categories, we're beginning with our deepest dive
in IT. By managing IT as a category driving government-wide
strategies like moving to a single software license for certain
areas, we'll address many of the issues of duplications and
inefficiencies raised by GAO and this committee.
Finally, as FITARA recognizes, building the skills of our
acquisition workforce is the single most important way to
ensure that the government gets what it needs on time and on
budget. Working with OMB's Office of E-Government and
Information Technology, the U.S. Digital Services Team, and the
Office of Science and Technology Policy, we have taken steps in
the last year to drive greater IT expertise in our IT
acquisition workforce. There is no doubt that FITARA will help
me and my colleagues drive greater efficiencies and
effectiveness in IT acquisitions in support of agency mission
performances.
I want to thank you for your thoughtfulness, vision, and
hard work to make this happen. This work is incredibly complex
and requires commitments from the most senior agency officials
to the newest members of our acquisition and technology teams,
and FITARA has really helped to catalyze our efforts. Tony
Scott and I will continue to work together with our respective
councils to strengthen and reinforce our efforts to reduce the
cost and increase the value of our IT acquisitions.
I appreciate the opportunity to be here today and look
forward to any questions you might have.
Mr. Hurd. Thank you, Ms. Rung. And, again, thanks for being
here.
[Prepared statement of Ms. Rung follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Mr. Scott, over to you for 5 minutes.
STATEMENT OF TONY SCOTT
Mr. Scott. Thank you, Chairman Hurd, Ranking Member Kelly,
Chairman Meadows, Ranking Member Connolly, and members of the
subcommittees. Thank you for your bipartisan work in passing
the first major overhaul of Federal information technology in
almost 20 years. Overseeing government-wide implementation of
FITARA is one of my top priorities.
FITARA, as you know, strengthens key IT reform initiatives
to improve efficiency, effectiveness, and security of Federal
agency programs and operations by codifying PortfolioStat,
TechStat, and our data center initiatives. Since 2012 the
Federal Government has achieved over $3 billion in cost savings
and avoidance and countless other improvements as a result of
these reform efforts. But despite these successes, major
changes are needed to achieve the full potential of IT in the
Federal Government. I learned in the private sector that a
strong foundation of visibility into IT spending, partnerships
with program leaders, and a solid understanding of IT's
critical role in achieving mission outcomes is crucial for
effectively managing technology in any enterprise.
A core part of my team's work will be to build this new
foundation by implementing FITARA in a way that's workable and
consistent. And today I'm pleased to tell you that we've
released our FITARA implementation guidance. I would like to
provide you with a brief overview of the development process,
key components, and implementation plans related to our
guidance.
First, our FITARA guidance is the result of extensive
outreach and collaboration conducted over the past several
months, mirroring the collaborative process used to develop the
law itself. My team and I met several times--multiple times
with a diverse set of public and private sector stakeholders,
and also provided for general public feedback to bring
transparency to Federal policymaking and to reach a broad
audience.
Our guidance takes major steps in ensuring CIOs have a seat
at the table for technology-related budget, procurement, and
workforce matters. And the backbone of our guidance is the
common baseline which outlines roles and responsibilities for
CIOs and other senior agency officials. More importantly, it
establishes the groundwork for productive partnerships among
these leaders to make IT decisions that best support missions.
And, finally, it positions CIOs so they can be held
accountable for how effectively they manage the full life cycle
of IT-related products, services, and customer and citizens
outcomes, and achieve efficient, effective, and secure programs
and operations.
Because agencies operate in unique environments, our
guidance provides for a CIO assignment plan to give agency CIOs
the flexibility to meet the baseline in a manner that's
tailored to their organization. This allows CIOs to designate
other officials to act as their representative in aspects of
the common baseline in a rules-based manner if approved by OMB.
The common baseline in the CIO assignment plan allows CIOs to
retain oversight and accountability while minimizing
bottlenecks.
And as discussed in the guidance, we will utilize
PortfolioStat processes to hold agencies accountable for their
implementation of our FITARA guidance. This guidance also
details a number of other important components such as tools to
enhance security, accountability, data center optimization, and
our Federal technology procurement process. I'm certain that
our guidance will have significant positive effects throughout
government, including helping to address issues called out by
GAO over the years, and most recently GAO's high risk list
entry regarding improving the management of information
technology acquisitions and operations.
In addition to the PortfolioStat sessions, OMB, through its
policy and oversight role, is committed to working with
agencies in their implementation of this guidance by number
one, evaluating agency self-assessment and implementation
plans; number two, requiring agencies to post their approved
plans publicly, enabling consistent OMB, legislative, and
public oversight; and, third, by engaging with the President's
management council, the CIO council, and the FITARA executive
working group to facilitate implementation and knowledge
sharing.
I also look forward to working with Congress to ensure
consistent oversight and implementation of our guidance in the
law.
I thank the subcommittees for holding this hearing and for
your commitment to ensuring successful implementation of
FITARA. And I would be pleased to answer any questions you may
have.
Mr. Hurd. Thank you, Mr. Scott.
[Prepared statement of Mr. Scott follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Mr. Powner, 5 minutes.
STATEMENT OF DAVID A. POWNER
Mr. Powner. Chairmen Hurd, Meadows, Ranking Members Kelly
and Connolly, and members of the subcommittees, we appreciate
the opportunity to testify this afternoon on our recent
addition of IT acquisitions and operations to GAO's high risk
list.
The Federal Government has wasted billions of dollars over
the years on failed IT acquisitions. In addition to these
acquisition challenges, operational systems are fraught with
duplication and inefficiencies. I'd like to thank this
committee for its excellent work and persistence on getting
FITARA passed. If implemented effectively by OMB and the
agencies, FITARA will greatly improve IT acquisitions and
operations. However, strong congressional oversight is needed
to make this happen.
This afternoon I'd like to discuss five specific areas that
need to be addressed, starting with two that are associated
with operational systems. As my written statement shows, we
spend nearly 75 percent of the IT dollars on operational or
legacy systems, leaving far too little to modernize the Federal
Government. So we need to find ways to shift these dollars
towards acquiring new technologies to further mission
performance.
The first is data center consolidation, where there is at
least $7.5 billion on the table. Agencies to date have made
solid progress closing over 1,200 of the 9,700 centers and
saving about $2 billion. The plan is to close an additional
2,600 centers and save an additional $5.5 billion. We think
these savings can be higher because when we last looked at
this, we saw good progress from agencies like DOD, DHS and
Treasury, but six agencies reported significant closures
without much in associated savings, and we recommended that
they take a look at this.
These agencies are GSA, HHS, Interior, Justice, Labor, and
NASA. FITARA requires agencies to report on these cost savings
annually, and this should be a major oversight area for the
Congress.
The second area is PortfolioStat, an excellent initiative
to eliminate duplicative systems. The Federal Government has
hundreds of financial management and human resource systems,
for example, where $2, $3 billion are spent annually in each of
these areas. Agencies initially identified over 200 initiatives
to eliminate duplication, and the plan was to save $6 billion.
In April we reported that planned savings were down from this
original estimate and that the estimates were inconsistent with
congressional reporting and did not follow OMB guidance. OMB
needs to ensure that PortfolioStat savings are complete,
especially since FITARA requires congressional reporting on
this.
Now, turning to systems acquisitions. Too often we hear of
failed projects like DOD's ECSS project where $1 billion was
wasted. There are three major areas where improvements would
greatly help the Federal Government's delivery track record.
These are, better planning, transparency, and oversight.
Starting with planning. Agencies need to go small and take
an incremental approach to systems delivery. OMB's policy of
requiring major investments to deliver in 6 months is simply
not enforced consistently, and less than half of the IT
acquisitions are planning to deliver within 6 months. FITARA
requires that CIOs certify that IT investments are using this
incremental approach. Again, congressional oversight in this
area is also needed to ensure that the incremental
certification does occur.
Transparency. Of the 700 major investments reported on the
IT dashboard, about 180 or roughly one-quarter are designated
as moderate or high risk. These 180 projects total about $9
billion. Many agencies have accurate information on the
dashboard and use that information to tackle troubled projects.
For example, HHS, DHS, Commerce, and Interior acknowledge that
many projects and dollars are at risk. And we believe that this
is a good sign so that appropriate attention can be given to
these risky projects. Others do not have accurate information
on the dashboard.
In addition to questioning CIOs on the accuracy of these
ratings, this committee also needs to push OMB to make these
ratings available throughout the year. Again, this year the
dashboard ratings were frozen from August 2015 through March
during budget deliberations. This simply needs to stop so that
there is constant investment transparency. We learned just last
week that OMB has plans to address this.
The final area is oversight. OMB and agencies need to hold
executive governance reviews of troubled projects so that
course correction can occur. And when needed, poorly performing
projects need to be stopped, and those in charge need to be
held accountable. These occurred frequently right after the
dashboard went live with OMB's TechStat sessions with great
results. Several under-performing projects were corrected,
descoped, and several were even halted.
In summary, by tackling duplicative IT systems and
consolidating data centers, upwards of $10 billion can be
saved. And on acquisitions, agencies need to go small, be more
transparent on project status, and aggressively oversee the
projects at risk.
This concludes my statement and I would be pleased to
answer questions.
Mr. Hurd. Thank you, sir.
[Prepared statement of Mr. Powner follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Mr. Spires, the floor is yours for 5 minutes.
STATEMENT OF RICHARD SPIRES
Mr. Spires. Good afternoon, Chairmen Hurd and Meadows,
Ranking Members Kelly and Connolly, and members of the
subcommittees. I'm honored to testify today, and I wish to
acknowledge Representative Connolly's leadership in sponsoring
FITARA. Since I served as a CIO of the IRS and later DHS, I
hope my in-the-trenches experience is of value to help guide
FITARA implementation.
Earlier this year GAO placed improving the management of IT
acquisitions and operations on its High Risk List. For decades,
the government has been underperforming in its delivery of
major IT programs. Deeply embedded cultural and skills issues
must be addressed if we are to improve the government's
delivery of IT. This is where FITARA can make a significant
positive difference if implemented effectively.
GAO has identified nine critical factors underlying
successful major IT acquisitions. Yet how does an agency ensure
these factors are top of mind and implemented for all IT
acquisitions? My experience from participating in and reviewing
hundreds of programs leads to two foundational areas of focus
critical to success.
The first area of focus is the program governance model,
which should ensure a collaborative partnership between various
stakeholder organizations that have key roles in the IT
acquisition. Even the best program manager fails if the program
governance model does not work.
The second area of focus involves the Program Management
Organization, PMO, having the requisite skills and proper
representation of various stakeholders to operate effectively.
All members of the PMO must be aligned and incentivized to work
toward a common set of outcome-based success measures.
FITARA must enable agency CIOs to ensure proper program
governance and PMO models are in place for all significant IT
acquisitions. I note that it is not the agency CIO that has the
last say regarding major program decisions, but rather that the
governance process is working effectively to ensure major
decisions are made with all appropriate stakeholder input. For
FITARA to be successful, it is critical that an initial rollout
within agencies be effective. I'm very pleased to see the
approach OMB and the new Federal CIO Tony Scott are taking to
support this rollout.
OMB recently issued draft FITARA implementation guidance
based on seeking significant outside input. This will improve
content, understanding, and buy-in over the longer term. Yet
there's a wide disparity in the maturity level of IT
organizations across the agencies. A number of agencies will
struggle with both the what and how to implement FITARA. To
support this implementation effort, the American Council for
Technology and Industry Advisory Council, ACT-IAC, a nonprofit
organization, is forming a working group to support the
development of tools that can provide agencies help to
implement FITARA.
The workings group intent, is to draw from the best of both
the public and private sectors' models for managing IT. The
group will focus on providing a range of proven implementation
models for budget formulation and oversight, program
governance, and delegation of authorities that should cover the
array of different agency models from centralized to highly
federated management of IT.
Mr. Darren Ash, CIO of the U.S. Nuclear Regulatory
Commission, will serve as the government lead, and I will serve
as the industry lead for this effort.
Even with a solid FITARA implementation plan, success will
be dependent on two additional factors. First, the agency CIO
needs to have the leadership, management, and political
experience to drive this change, as well as a deep
understanding of IT management. And, second, the agency
leadership must be supportive of the agency CIO, particularly
in agencies that are operating in a federated environment.
Congress, through these subcommittees, can support these
efforts by demanding aggressive implementation of FITARA by
agencies, development of measures for assessing FITARA's
impact, and transparency in reporting of ongoing progress.
The benefits of FITARA implementation will take years to
realize so we will need to have persistence and patience.
Implementation of this level of change takes 2 to 3 years, and
benefits of that change being felt in year 3 and beyond.
Regarding how to measure FITARA's success, I would start with
the metrics GAO has spelled out regarding what is required to
remove IT acquisition from their High Risk List. To these
metrics I would add agency-specific measures of how IT can more
effectively support the mission and business outcomes of the
agencies. This current administration has a golden opportunity
to set the correct foundation for implementing FITARA so that
when the next administration arrives, the critical elements of
FITARA are already taking root.
And while I'm pleased with the work to date, it is critical
to make enough progress during the next 18 months to ensure
that leadership commitment to FITARA is sustained into the next
Congress and administration. Thank you.
Mr. Hurd. Thank you, Mr. Spires.
[Prepared statement of Mr. Spires follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. You can't have a conversation on FITARA without
comments from the distinguished gentleman from Virginia.
I'd like to recognize Mr. Connolly for 5 minutes for
opening remarks.
Mr. Connolly. Thank you, Mr. Chairman, and thank you for
being so gracious. I want to thank you and the committee for
holding today's important hearing to examine the implementation
of the bipartisan FITARA Act, or as we often prefer up here,
Issa-Connolly. FITARA is the first major reform of the laws
governing Federal IT management and procurement since the
enactment of the Federal Clinger-Cohen Act of 1996. And I want
to take a moment to recognize the leadership of our former
colleagues, Bill Clinger and Senator William Cohen.
Today there's widespread agreement that the text of the
Clinger-Cohen Act was quite good and that the 1996 law held the
potential to be truly transformative. However, in retrospect it
is clear that the Clinger-Cohen Act, while establishing a solid
statutory framework unfortunately fell short of achieving its
full potential. There is also consensus that the primary
weakness of that act was not the bill itself but actually its
inadequate implementation, which was exacerbated by the absence
of congressional oversight at that time. The latter being an
unfortunate result in part of both authors departing Congress
shortly after the law's enactment. That's why today's oversight
hearing, Mr. Chairman, is so important to change that pattern
of history.
With the history of Clinger-Cohen in mind, and as the co-
author of FITARA, I'm committed to doing everything on our part
to guarantee that we do not repeat the implementation mistakes
of the past. And I'm so delighted that my colleague in arms,
Mr. Meadows, shares that commitment. And I know Ms. Kelly does,
and I know you do, Mr. Chairman, and that's great. And I know
Mr. Issa has not lost interest in this either, although he's
now in Judiciary Committee making music over there.
We have to make sure that the FITARA implementation is not
Clinger-Cohen 2.0. Congress must and will diligently monitor
its implementation and won't accept unnecessary delays,
improper half measures, and the stubborn preservation of the
status quo. The good news here, though, is that the
administration is on our same page. And I'm so pleased that the
FITARA implementation has gotten off to a tremendous start in
no small part due to the efforts of the four people in front of
us.
I want to commend the leadership, particularly the Office
of Management and Budget, including our excellent witnesses
today. In many respects, the FITARA guidance that they've
issued is one of the best policy publications I've ever seen.
It's enthusiastic, it's clear, and it is with the program.
We're not fighting at all. From its content to the
collaborative nature in which it was developed to the
innovative and transparent manner in which it was published,
OMB's efforts to implement FITARA truly represent a best
practice and new milestone in good government. And I'm so
pleased that since FITARA's enactment the administration's
demonstrated full recognition of the importance of effective
implementation.
As OMB noted in its proposed guidance, ``FITARA is an
historic law that represents the first major overhaul of
Federal information technology, IT, in almost 20 years.'' I'm
also pleased that GAO recognizes the potential to achieve
billions of dollars in cost savings and cost avoidances by
strengthening agency CIO authorities and promoting the
elimination of wasteful and duplicative IT systems.
At a February 2015 hearing held by our committee, the
Honorable Gene Dodaro, the comptroller general explained GAO's
rationale behind designating improving the management of IT
acquisitions and operations as a new government-wide high risk
area, stating, ``One of the reasons we put IT acquisitions and
operations on the list is in order to elevate attention to make
sure that FITARA,'' and, he says, ``Issa-Connolly is
implemented effectively.'' God bless Gene Dodaro.
Moving forward, there's bipartisan, bicameral support for
fully implementing FITARA. A vast majority of members, I think,
share the goal of dramatically curbing wasteful IT spending on
antiquated IT systems and want to promote management practices
that will prevent agencies from wasting billions of taxpayer
dollars on IT boondoggles that fall years behind schedule and
appear a staggeringly poor performance with shockingly high
costs.
There's also a recognition that Federal policymakers and
agency administrators must cease relegating IT management to
the cellar of an agency's organizational hierarchy. The bottom
line is that FITARA's enactment represents the long overdue
recognition that in the 21st Century effective governance is
inextricably linked with how well government leverages
technology. This reality of modern government underscores why
it's incumbent upon both branches of government to work
together in a pragmatic fashion to ensure we take advantage of
the opportunities this legislation, I believe, affords us.
So in closing, Mr. Chairman, I want to take a moment again
to express my sincere gratitude and appreciation to the
leadership of this committee and our subcommittees and to OMB
and GAO especially in elevating the importance of this issue
and the implementation of FITARA.
Thank you. And I look forward to having a chance to
dialogue with the panel.
Mr. Hurd. Thank you, Mr. Connolly.
Mr. Hurd. And now it's a pleasure to recognize my colleague
from North Carolina, Chairman Meadows, for 5 minutes.
Mr. Meadows. Thank you, Mr. Chairman. Thank each of you for
your opening statements. I will apologize up front. I actually
have another meeting I was supposed to be at 15 minutes ago. So
the chairman was kind enough to let me go ahead with some of my
questions.
So Ms. Rung, let me start with you. With regards to these
legacy systems that are out there, a lot has been talked about
in terms of where they are, how much we're spending. How can we
from a procurement standpoint allow a redo or a start over.
We've got FITARA, we've got a number of these others, but it's
all in the implementation as my good friend Mr. Connolly just
outlined. What can we do to make sure that we are not sitting
here 2 years from now with the same problem?
Ms. Rung. Thank you for the question. As my colleague
stated, you know, IT acquisition spend is approximately $80
billion a year. So this is an important space for us to tackle,
and I appreciate GAO's work in this area, and in particular in
putting it on a High Risk List because it lends a energy and
focus to some of our efforts to really address this area.
When I think about IT acquisitions, I really think of it in
two buckets. Really, there is the IT systems, which is a much
different strategy in tackling that area, and I also think of
IT commodities where we are really focused on how can we be
more efficient.
In the IT systems area, what I hear consistently from
industry is that the issues and challenges start at the
requirements phase. Right? Really early in the process. And a
couple things we're doing in this space. I think it all comes
down to the acquisition and IT workforce and do they have the
skills and training to know how to put these acquisitions
together. We're developing for the first time a specialized IT
acquisition team. When I started in this job, I sat down with
our former CTO, Todd Park, who talked about the success of the
digital services team. But these are primarily technologists
from Silicon Valley. He stated that we should be thinking about
the acquisition equivalent of this.
From that point on, we started to collaborate, along with
my colleague Tony Scott, the Federal CIO, on creating a first
certified digital IT acquisition team. We're going to start by
pulling career employees, career contracting officers, from the
agencies. We're going to put them through a training we're
developing in partnership with industry, and we're going to
send them back to the agencies early next year to really
provide a hands-on approach in developing these acquisitions
and thinking about can we write these requirements in a more
agile way. To be more specific, oftentimes I hear from industry
that our requirements or statements of work are several hundred
pages long and overly government oriented and overly
prescriptive, and then they are required to submit proposals
that are several hundred pages long.
What we'd like to move to through this new team is thinking
about a more succinct statement of objectives, thinking about
having industry submit short concept papers, and really trying
to approach these acquisitions in a more modular manner, and I
think that will have a significant impact in the IT system
space.
Mr. Meadows. All right. So let's assume that we do that and
we take that and we break it down. Is there not a danger of
looking at the old way that we've done acquisitions, whether
it's procurement or getting rid of the systems that we've had
that we run home again to that safety blanket and say: Well,
we're willing to come half way. You know, instead of it being a
100-page RFP, it's an 80 page. How do we make it more results
driven?
As a business guy, you know, all I wanted to do is perform
a particular function and do it as effectively as we can, and
yet we somehow seem to continue to run back to FORTRAN and
COBOL kind of systems to keep them running.
Ms. Rung. That's a great question. How do you have an
impact in such a large complex space that represents overall
$450 billion in spending where I have 3,300 different
contracting offices across the globe. So how do you really make
an impact and try to drive change? I think FITARA represents a
major transformation in how we think about IT acquisitions. The
way I'm approaching it is thinking about our efforts like a
start-up company, and I'm focusing on a small team of people.
I know that the first time that I develop this program to
create a new specialized team or a new specialized IT cadre, I
may not get it exactly right. I want to put them through this
training that we're developing and partnership with industry. I
want to send them back to the agencies to provide that hands-on
assistance, but most likely I'm going to tweak that, and I want
to scale it up over time. And I think what the digital service
team has shown is that a small group of people can have a huge
impact in this area.
Mr. Meadows. I see I'm out of time. So I'm going to yield
back to the chairman, but I would like the GAO, if you can let
us know how we can help. You mentioned oversight being the
critical component, how we can know whether we're making
progress or not.
A matrix, you know, best performers, worst performers,
whatever we can do, if you would do that, and I won't ask you
to respond to that, but I'll yield back to the chairman. Thank
you.
Mr. Hurd. Thank you, Mr. Chairman.
Now I'd like to recognize my friend and ranking member, Ms.
Kelly, for 5 minutes.
Ms. Kelly. Thank you, Mr. Chairman.
OMB's guidance will help agencies establish effective
oversight of the management of their IT investments and
resources.
Mr. Scott, what is the desired outcome of the enhancements
to agency oversight of IT resources? What benefits can be
anticipated?
Mr. Scott. I think there's a number of what I'd call
success factors that we should look to over time as FITARA and
the other things that we're doing get implemented.
The first one I think is faster delivery of needed
capability. In this world, speed of delivery is everything. And
as is probably obvious, in most cases when you do things
faster, you're limited in the amount of money you can spend
doing it, and so there's a double benefit.
The second thing I would say is efficiency of spend. And
there are a number of different ways that we can measure that.
I would then look to being on time and on budget as a classic
measure. I don't think that goes away. We also have to make
sure that the systems we deliver and the capabilities and
infrastructure that we deliver are secure. And there's ways
that we will measure that.
And then I think we have to look at the underlying
components our infrastructure and delivery capability, and make
sure that's also modern. I think measures in each of those
areas are the things that I would look for.
Ms. Kelly. Let's speak a little bit about transparency. The
guidance also provides for increased transparency and
accountability of agency management of IT resources. So what
are some examples of increased transparency regarding IT
acquisitions and operations, and how will increased
transparency contribute to effective congressional oversight?
Mr. Scott. Well, the first thing you'll notice is in August
of this year each of the agencies will be required to submit
their self-assessment plan and their plan for FITARA
implementation. And that will be made public and certainly
we'll be all over it, and I'm sure this committee will also be
looking at it along with GAO and others. And that's the first
in a set of reports and deliverables that come out of FITARA.
In addition, we're going to keep doing the PortfolioStat,
TechStat, and CyberStat reviews that we do, and as was already
mentioned, we have improvements under way to the IT dashboard
as well. So I think all of those will help both with the
timeliness but also the visibility and transparency of how this
goes.
Ms. Kelly. You said you're sure this committee will be all
over it, but why do you think the GAO believes congressional
oversight is so essential?
Mr. Scott. Well, I think in this particular case, as
there's a huge amount of transformation taking place in the IT
industry and every business, government, and institution
getting this right is table stakes for all interests, and I
think given the various roles that the parties that you
mentioned play, it's important that we have each of those
perspectives in on this and that it's shared broadly across the
community of interest.
Ms. Kelly. My colleague, Ranking Member Connolly, a co-
author of this legislation, has repeatedly expressed a need for
congressional oversight of the implementation of FITARA to help
ensure the improvement it directs are achieved government-wide.
Mr. Powner, what is at risk if congressional oversight is
not maintained on agency implementation?
Mr. Powner. Well, Ranking Member Kelly, I think if you look
at the history, and it was mentioned here going back to
Clinger-Cohen, the history of implementing effectively, going
back to Clinger-Cohen, OMB's recent initiatives--our high risk
area and a lot of FITARA is OMB's own initiatives that haven't
been implemented to completion. That's the bottom line. And
history tells us that if you leave it up to the administration,
OMB, and the agencies, it doesn't work as well. But if you have
Congress overseeing key areas to ensure that there's cost
savings, a good area is incremental development. We all agree
that we ought to go smaller to help with the delivery.
If we got real serious about incremental development and
implemented OMB's 6-month policy, maybe we shouldn't fund
projects either from an appropriation perspective or from OMB's
perspective that they can't deliver within the budget year.
Let's look real hard at not funding those projects. They should
deliver something within the budget year.
Ms. Kelly. Mr. Scott, do you agree?
Mr. Scott. I think many, many projects lend themselves to
that kind of short incremental development, but I would say we
have to be a little bit careful there, and I'm not trying to,
you know, put a wet blanket on any of this. I think there's
much more opportunity for us to do that than others.
And so I strongly endorse that trend, but I think one of
the challenges that I see already is there's already a funding
sort of quagmire in the way some projects are managed, and one
of the things that I do know greatly impacts the success of a
project is if there's a lot of start/stop, start/stop, start/
stop, that leads to a ton of inefficiency and so on. So I'd
prefer to see a mechanism that, you know, if the programs are
meeting its goals and its deadline, there's not uncertainty
about funding, and if there's problems, then you yank the cord.
Ms. Kelly. I've run out of time. So thank you, but I look
forward to working with the members of this committee to
provide effective oversight of the implementation of FITARA
reform to help ensure that needed improvements are achieved. So
thank you all very much.
Mr. Hurd. Mr. Walberg, 5 minutes is yours.
Mr. Walberg. Thank you, Mr. Chairman.
Mr. Powner, CIO integration into the IT investment
decisionmaking process, as we have discussed here, is key to
successful implementation of FITARA. How do we ensure that the
CIO is actually integrated into the IT investment decision and
the process associated with that within each agency and
department?
Mr. Powner. I think that's the key question. When you look
at FITARA, that's the first provision and probably the most
important is enhancing the CIO authorities. I think OMB
deserves a lot of credit for their common baseline in what
they're attempting to do to elevate the CIO authorities within
each agency, ensuring that they're part of the budget approval
and execution process. But you're absolutely right, and as Mr.
Spires mentioned in his statement, there's some agencies that
are going to really struggle with that because of their current
setup. The way they're currently set up, they don't necessarily
have that budget--that oversight of the budget approval and the
execution to have the appropriate governance processes that
Richard referred to. So that's the challenge. That is the
challenge.
So first of all you need the appropriate processes, but we
also need the appropriate people. And I think one of the things
hopefully with FITARA, it's going to attract even a better
breed of CIOs into the Federal Government, if in fact it's a
real CIO job. Some of the CIO jobs in the Federal Government
aren't CIO jobs that you have in the private----
Mr. Walberg. So it's not encouraging.
Mr. Powner. Well, it can get a lot better, and clearly we
have pockets of success. There are pockets of success that we
can learn from where there are the appropriate authorities, and
I think with the common baseline, it's a step in the right
direction, but it's going to take time, and I think, again,
your congressional oversight, when you look at these plans to
fill the gaps that agencies have on the common baseline, that's
going to be really important that we implement that
effectively.
Mr. Walberg. Mr. Scott, before I go to Mr. Spires to
respond to that and add to it, Mr. Scott, responding to what
Mr. Powner just ended his statement with, carry on with that
thought.
Mr. Scott. Well, I totally agree this is all about, you
know, having capable and competent people. And I've added it as
one of the priorities for my team in terms of things that we
are spending a lot of time on.
So it's looking at talent across the Federal Government,
making sure that there's good development experiences for the
talented people that are working in these roles, that they get
exposed to multiple kinds of organizations and the broad set of
things that are required of a CIO in a big organization. I
think that's an important part of our responsibility as leaders
to make sure that when we're gone, the next generation of
leadership is in place and has the right skill sets to do the
jobs that we're asking of them.
Mr. Walberg. And the expectations on them and the
accountability as well.
Mr. Scott. Right.
Mr. Walberg. Yeah. Mr. Spires.
Mr. Spires. Yeah. I certainly would echo the thoughts about
the importance of having the skill sets. I would pick up on
this idea of having the proper support. You know, it's critical
that the CIOs are empowered to be able to do what they need to
do within these agencies, and particularly in those agencies
that have federated environments where there's not just one
single CIO organization, or IT organization.
And I think that's even incumbent upon OMB and the
administration to make sure that that happens and that the
support is there from the agency leadership to enable that CIO
to be effective. Because they're going to be dealing in a
federated environment with bureaus, CIOs or other heads of IT
and other organizations in that agency, and that all has to
work collectively to be able to carry out FITARA in a
distributed kind of manner.
And the good news is that OMB has done a nice job with
their guidance of laying out ways in which you can set that
model up. But there are proven models to be able to work in
that federated environment. So it's also going to be incumbent
upon OMB to make sure that those agency models fit the agency
well. And they've got a process for that review. I don't know
if every agency is going to get it right the first time, but I
think as there's an iterative process and a real drive to make
this happen, over the next 18 months you should be able to get
these models to work well.
Mr. Walberg. Ms. Rung, tie the bow on this discussion here
from your perspective, especially dealing with policy. Policy
and personnel sometimes run amok. Help us in answering here.
Ms. Rung. Well, to build upon what Mr. Spires talked about
a little bit of the challenges of the federated system, what
I've seen is the impact of that on the acquisition space. And
without the CIOs really having accountability and authority,
what I've seen in the acquisition space is that there are not
owners of certain IT commodities. For example, mobile devices.
No one in the agency feels accountability for the mobile
devices. So you see lots of duplication and a lack of
transparency.
With reference to the workforce and ensuring, you know, we
are, you know, focusing on the skills of our workforce, I echo
everything that was said here. I think I approach it in two
different ways. I mean, one, we want to make sure that we're
holding our acquisition personnel accountable for performance.
At the same time, I want to ensure we're lifting up and helping
to train and strengthen our workforce and really recognize the
good work that is going on across government.
Mr. Walberg. Okay.
Mr. Walberg. Thank you. My time is expired.
Mr. Hurd. Thank you, sir. Now I'd now like to recognize Mr.
Connolly for 5 minutes.
Mr. Connolly. Thank you, Mr. Chairman, but could I just
ask, if there were colleagues ahead of me before I arrived, I
would certainly defer to them.
Mr. Hurd. I would like to recognize Ms. Holmes Norton for 5
minutes then.
Mr. Connolly. Thank you. I want to be fair.
Ms. Norton. Well, my good friend from Virginia is always
fair. I certainly appreciate it.
I went straight to the GAO report because I am particularly
interested in diagnosis. We have the bill, and we are beginning
its implementation. I went to page 2, in particular. We hear a
great deal about IT failures, we hear about them in the public
sector, we hear about them more often in the private sector. It
leads me to believe that IT itself should be seen as still a
developing science, why there is so many failures even from
people who lose tremendously at the bottom line.
So I'm interested, Mr. Powner, in page 2 of the GAO report,
because the only thing worse than taking a long time to acquire
or taking a long time for a system to come online is taking a
long time and then the whole thing fails. You've spent billions
of dollars down the drain. So on page 2 you list some very
costly examples. Just to touch on a few. After 5 years, DOD had
to just cancel its combat support system, or I won't list them
all.
Nine years, the VA scheduling and replacement project, then
finally they just, you know, called it quits, but that's 9
years' worth of money. Sixteen years, they should stick with
them a long time. This is the tri-agency weather satellite
program, a number of agencies in on this one, $5 billion in 16
years.
Now, so my first question is, is this kind of failure
typical of large scale operations, or should we look for it in
the public and private sector? I mean, are these--is this
simply IT finding its way in truly large scale systems, because
we see large scale systems in the private sector going
overboard too, with far worse consequences.
So first I want to know what's wrong, or are we in such a
developmental stage that somehow these agencies, you know, they
ought to stick with these things. I mean, we are in for a dime,
we are in for a dollar, we're in until somebody throws us out,
and why don't they get out sooner? Why do they spend the last
dollar before they decide this just isn't working? And what can
we do about it? Will FITARA do anything about it?
Mr. Powner. Yeah, there's aspects of FITARA that would help
greatly. So first of all, again, I'll emphasize incremental
certifications by the CIOs of major IT systems. I agree with
Mr. Scott's comments. Some of them you can't go real small, but
you can do it with a lot more.
Best practices, we've done a lot of best practices work on
successful acquisitions. These are failures, and I can tell you
about each one of them, but the successful ones, they typically
all go small. The other thing is, I'm going to re-emphasize the
TechStat process that OMB implemented right after the dashboard
went live. There were about 50-some projects, 70-some meetings,
and there were a lot of these projects that were halted,
descoped, corrected, and there was great progress to the tune
that OMB says $3 billion were saved.
We need to go back to looking at these projects, because
within agencies there's a reluctance to stop a project. I have
a report coming out next week on a Department of Agriculture
project. It's listed back in my testimony as something to look.
You could add it to the failed list right now.
Ms. Norton. What's the reluctance? What's the reason for
the reluctance?
Mr. Powner. The reluctance is to not acknowledge that we
have these problems and to think that we can fix them.
Ms. Norton. Will the CIO help that?
Mr. Powner. The CIO should help with that, and I think
sometimes not just terminating or canceling, but sometimes we
can descope and have course correction on them. That's where
these TechStat meetings with the right governance models can
really help. And so we saw it right after the dashboard went
live with OMB's meetings. It was a successful time correcting a
lot of these troubled projects.
Ms. Norton. I can't help but ask you when we just had this
$4-, I don't know, million-dollar employee breach at the OPM.
We've had one of those you list, it's a little less costly, was
the retirement system, and that's been one of the OPM
retirement system, that's been one that's been before this
committee over and over again as a failure.
To what do you ascribe what happened to the OPM?
Mr. Powner. With the retirement systems, I looked at that
years ago.
Ms. Norton. The retirement system and the collapse reported
last----
Mr. Powner. There has been multiple starts and stops on
that retirement system at OPM. I think we try to do too much.
Why don't you start with the really simple retirement, a very
simple employee, you know, stay at one agency and you start
small and you deliver. I know when Mr. Spires was at IRS, he
finally did process tax returns on a modern platform. You know
what he did? He took a 1040EZ and did it. He went small and
simple, and then they grew it, and everyone at IRS said, look,
wow, we're now processing on a modern platform. No one really
cared it was only a 1040EZ.
We tried to do everything with the retirement system
replacement. Again, going small really would help. I don't want
to simplify this too much, but that would be a huge step in the
right direction.
Ms. Norton. Yeah we should do pilots on a lot of things.
Why not on this? Thank you very much, Mr. Chairman.
Mr. Hurd. Actually, I want to pick up on that topic. I
recognize myself for 5 minutes, and maybe, Ms. Rung or Mr.
Scott, this is appropriately directed to you.
How do we hold people accountable for this stuff, right?
You know, when people that are consistently on this high risk
report, right, you know, when we had a conversation, a hearing
on this topic earlier this year, I asked Gene Dodaro had
anybody ever been fired for cost overrun and time overrun? And
he said he couldn't remember that.
And so, you know, the question is, is it the procurement
officers, is it the line management officers? You know, on IT
projects, does FITARA give the CIO enough power and authority
in order to bring to bear some real consequences if these type
of projects continue to go? And Mr. Scott, I'll open that one
to you.
Mr. Scott. Well, I think it does, and I think--but let me
answer the question by leading up to it a little bit.
Many of these projects, the failed ones that are, I think
are notorious, you could sort of look at in the beginning and
say what are the chances of this succeeding, and you could put
a risk factor on that and you'd say, not high because it's too
big, too complex, you know, not organized the right way, you
know, there's a whole list of things that, you know, you could,
you could probably criticize.
And so I think that holding people accountable starts with
what's the design, what's the intent of these things in the
first place and making sure that there's good engagement across
the agency leadership, including the CIO, where everybody
looking at it says, ``I think we've got a chance of this
succeeding because we've got the right approach, we've chunked
it up into the right increments of deliverables and so on.''
Mr. Hurd. But how do we, you know, I think it was you, Ms.
Rung, that mentioned up front that it's the requirements
process, so the problem with procurement now is we're asking,
you know, describing the problem, and then sometimes in the
procurement we are describing how the solution is supposed to
be implemented and even including specific technologies, which
is eliminating a lot of folks, you know, entrepreneurs,
creativity, by also defining, you know, the solution to the
problem.
Ms. Rung. I think that's absolutely correct. I mean, my
goal is to get to a point where we don't have to hold anyone
accountable because the IT acquisition was a success, right. We
want to fix and identify--identify and fix these issues way
before we get to the point where we're calling for heads to
roll.
And you are indeed correct, that many of these problems
start at the requirements phase. And I think it's quite
literally training people in how to do these acquisitions in a
much more agile way and how to write these acquisition
requirements and providing that kind of hands-on assistance and
getting to these acquisitions early.
Mr. Hurd. Mr. Spires, question to you. Would could be the
barriers of implementation with these lists with FITARA? Are
there going to be CIOs across the agencies that actually don't
want this authority because it's going to change the way they
do things and they're going to actually have to do work now?
How do you address, you know, a reticent person from, you know,
actually having to do their job?
Mr. Spires. I'm not going to put it all on the CIOs. I
think what we face is cultural issues within many of these
agencies. Many of these organizations, and I don't want to just
pick only on the federated ones, but clearly the federated ones
face this. They are used to a certain level of autonomy, and
particularly in a lot of these programs. So you'll have major
programs that have a lot of IT, but the mission people don't
view them as, ``IT programs.''
And that's been an issue because then you actually have
situations where you're not using even close to best practice,
you don't have the right kind of skill sets involved in
oversighting these projects, and--I mean, we can bet what
happens in those cases. So to me, what I like so much about
FITARA and what I like about what OMB has done to date with the
implementation guidance is this notion that, yes, we are going
to empower the CIO, we are going to hold that individual
accountable, and that individual within their organization is
down the line going to have to make sure that these programs
are set up for success.
I've overseen a lot of programs, and I would echo what my
colleagues just said from OMB, if you don't start right, you
are almost doomed to failure. And I would much rather us start
and say, oh, got to stop right away because we don't have the
right people on board or we don't have the right acquisition
strategy or the right procurement strategy. Let's get those
things right out of the gate, then the success can happen. I've
seen it time and time again.
And to Mr. Powner's point, you've got to start small, have
small wins, and then build off of that.
Mr. Hurd. Thank you. Now, Mr. Connolly.
Mr. Connolly. Thank you, Mr. Chairman. And again, welcome
to our panel. The Project on Government Oversight, POGO, is a
nonpartisan independent watchdog organization, and it noted
last month the FITARA is, ``meant to strengthen the role of
each agency CIO and executive responsible for all IT systems in
the agency as well as to increase transparency in how IT funds
are spent.'' However, the Department of Energy's 17 national
laboratories would apparently prefer that this oversight and
accountability requirement not apply to them.
The 2016 Senate Energy and Water Development Appropriations
bill actually includes an amendment that would exempt the
energy department's national labs from key requirements of
FITARA and the bill's predecessor, Clinger-Cohen.
I wonder if you might comment on this whole issue of carve-
outs because I'm sure OMB has been getting some request for
carve-outs. We have here, too. And my view is, gee, we haven't
even learned how to walk yet. We are just getting to guidelines
of implementation. It's awfully premature to be deciding we
need to be carved out unless maybe you've got something you're
worried about, but I'd be interested in your professional
opinion, what about this situation with carve-outs?
Ms. Rung. I'll start. So I appreciate the question. You
know, we are certainly anxious to talk to the agencies if they
have concerns and work with them to address their concerns. OMB
has formally stated that they find the proposal to carve out
the Department of Energy labs highly problematic. And it's our
viewpoint that FITARA is a tremendous management tool for the
agencies, and we are not keen on carving out the Department of
Energy labs.
Mr. Connolly. Mr. Powner, any view from GAO?
Mr. Powner. Yeah, this is not the time to carve out. If you
look at OMB's guidance, I think there's some flexibility in how
you set this up when you have federated organizations, and the
labs are quite federated. But when you look at, you know, what
they're intending to do with that, that the CIO at DOE doesn't
have the expertise, or FFRDC shouldn't be included, or R&D
should not be included, if you step back and look at that, it
probably should be included.
R&D tied to IT should be under the CIO's authority, and
when you really look at--we ought to let this bake awhile and
not immediately start carving out.
Mr. Connolly. Just to caution. What's happening is people
wanting carve-outs are coming up here and seeking legislative
redress before we've even implemented the bill that was just
signed into law in December and giving ``chutzpah'' a whole new
dimension of meaning.
At any rate, I think it's worthy of your note and ours as
well. We need to resist that temptation because I agree. It was
designed to be a useful management tool that can save you money
and make you more efficient. It's not an adversarial bill, and
let's give it some time to marinate.
CIOs, and I'll address this to you, Mr. Scott, and you, Mr.
Spires, particularly, there are 250 people roughly, or when we
wrote the bill 250 people with the title ``CIO'' spread out
over 24 agencies. No private corporation would tolerate that. I
don't care how big. When I go in my district and I meet with
little and big companies, I kind of ask, you know, how many
CIOs have you got, and they all look at me like, well, one. Not
the Federal Government.
So we didn't mandate by fiat you can only have one, but we
tried to create incentives to infuse one person with authority
and accountability and the flexibility in making decisions. I
wonder, what is your take on that and how we ought to evolve,
and Mr. Spires, you was one, and so I'd be interested
particularly on your take on it.
Mr. Scott. Well, I've actually worked in an organization
that had multiple CIOs that was, you know, a fairly large
enterprise. It wasn't 200, but you know, there was more than
one, you know, in divisions and then corporate CIO and so on.
And my response would be, I think you're on the right track.
The important thing for us is to clearly define what the roles
and responsibilities at the agency level are and then what the
authorities are that they can delegate to others, and whether
their title is CIO or chief bottle washer or whatever it
happens to be, make sure where those accountabilities lie.
Mr. Spires. Yeah, I certainly agree with Mr. Scott. And I
would just add to that that I don't think it's necessarily bad,
given how large some of these agencies are. I mean, like the
one I was at, Homeland Security, it makes sense to have a
federated model. You want an IT organization at a component
level, as we call them, that really gets to understand the
mission, needs, and understands that leadership team, and works
closely with them. I think where we've gone awry, though, is
that many of those components or bureaus at Treasury and the
like, they view themselves as having to do it all. And what we
need to do is move to a model where particularly when it comes
to the commodity or infrastructure IT elements, where we can
leverage by empower the Federal Government, we need to start do
much more of that and to really start to reduce duplication.
That's the other big point is we talk a lot about spending
on legacy, but a lot of that is on systems, and when you start
counting them up, and Mr. Powner here can comment on this, you
know, we have way too many systems overall. And the way to
start to reduce those is through good governance, through
strong leadership at the agency level that's driving that
simplification, which not only saves us a lot of money, I think
it makes you run much more effectively, and it makes you
actually a lot more secure, which is also a really key issue.
Mr. Connolly. Thank you, Mr. Chairman.
Mr. Hurd. Thank you. And I'd like to recognize my colleague
from Iowa, Mr. Blum, for 5 minutes.
Mr. Blum. Thank you, Mr. Chairman, appreciate it, and thank
you very much to the panel for being here today and sharing
your expertise and your insights with us.
I have a question for Mr. Powner. Since 2010, the GAO has
made 737 IT-related recommendations. As of January, only 23
percent of those have been fully implemented. And I come from
the private sector, and I am a career businessman. If this
happened in my company, heads would roll. Can you tell me, A,
what that number is today, and B, what, in your opinion,
accounts for that delay?
Mr. Powner. Yeah, I don't have an exact updated, slightly
higher but not much, just a few percentages. You're absolutely
right, so here's the challenge. When we make recommendations,
we give agencies about 4 years that we follow up on a 4-year
basis fairly aggressively to see if those recommendations are
indeed implemented. Those 700-and-some recommendations do not
include all of our information security, so that's just tied to
IT management type things, so there's room for great
improvement.
One of the things we're doing--I know the Comptroller
General Gene Dodaro, we've prioritized those recommendations by
agency, and most of the priority recs do include several of
these IT areas where there is 10 to 15 recommendations going to
the heads of departments and agencies to really highlight the
importance of implementing those recommendations going forward.
So again, you're absolutely right. It's a great challenge.
We're trying to do our best. At times, you know, some of the
congressional oversight, you guys can help us with that, too,
lean in on some of these agencies to be more focused on our
recommendations. Hearings like this greatly help.
Mr. Blum. I mean, I'm almost afraid to ask this, but are
these not being implemented because we're understaffed or is it
because the head of the agency doesn't view them as
particularly important?
Mr. Powner. I think it's a combination of things. I think
sometimes there it's competing with priorities, no doubt, to be
fair to some agencies, but also, too, I think there needs to be
intense focus. Here's what happens. We go in and do a review,
make recommendations. Many times you can go into that same
agency 3 or 4 years later and we make the same recommendations
all over again. And so that's where we just need, again, more
aggressive followup, and it needs to be more of a priority at
some of these agencies.
Mr. Blum. Will FITARA help address these delays, in your
opinion?
Mr. Powner. We greatly hope so. So as an example, I'll tell
you this. Data Center Consolidation is a great initiative, and
we saved about $2 billion with Data Center Consolidation to
date, but there's a lot of agencies that think they're done. We
have $5.5 billion that we can continue to save, but we need
focus on our recommendations. I highlighted six agencies in my
oral statement that, frankly, they had a lot of consolidations
with very little associated savings, and we highlighted that
and made those recommendations, so we're going to continue to
drive forward on those recs.
Mr. Blum. Are there deadlines given like there would be in
the private sector, given to resolve some of these
recommendations that have been made, the 737? Do the department
heads or agency heads give deadlines?
Mr. Powner. Department heads and agencies are required
within several months to get back to us on our recommendations
after we write a report, and then, you know, typically, they
are not implemented in that period of time, but again, then
they are on the hook to report back to us on implementation.
Again, we track them over a 4-year period. There are exceptions
made typically by the comptroller general that he will extend
that 4-year period for very important recs.
Mr. Blum. Thank you. And my next question is to Mr. Scott,
who was in the--or is in the private sector currently, I
believe.
Mr. Scott. Was.
Mr. Blum. Was in the private sector. If you can just
comment, Mr. Scott, briefly about the difference--is there a
difference in finding qualified people for the private sector
versus finding qualified people for the public sector?
Mr. Scott. I would say there's probably two issues that I
would talk about in that space. Yes, it is difficult both in
the private sector and the public sector. The public sector has
some additional hurdles associated with it, hiring authorities
and so on that I know this committee and others have addressed
over a period of time.
Mr. Blum. Are any of those hurdles culture?
Mr. Scott. I'm sure there are some. I've only been here 4
months, so I'm not deeply steeped in the culture.
Mr. Blum. I've only been here 4 months as well.
Mr. Scott. Yeah, but I'm sure there are some of those as
well. But I'll give you an example out of my private sector
experience.
We looked at hiring, and our ability to get the best
talent, and one of the things that we discovered was not what
we were paying, not what the job was or anything else, it was
the speed with which we could get an offer in somebody's hands.
And so quite often the person we wanted would have taken a job
with us, but because we were slow, ended up taking a job
somewhere else.
And so one of the things I'm looking at are what are the
things that we can do to be quicker at, you know, getting a job
offer in the hands of the person that we want.
Mr. Blum. Very good. Thank you. I'm out of time. Thank you,
Mr. Chairman.
Mr. Hurd. Thank you. And now it's a pleasure to recognize
for 5 minutes my fellow computer scientist and colleague from
the golden state, Mr. Lieu.
Mr. Lieu. Thank you, Chairman Hurd, thank you for calling
this important hearing. Thank you, Representative Connolly, for
your work on FITARA, and to the panel, for your public service.
Forty-five years ago we sent a man to the moon and brought him
back, so it's not as if our government can't contract with very
complicated systems, but we also didn't launch. It was only 80
percent ready, right? We knew that thing was going to work. And
it seems to me that, for whatever reason, in the public sector,
I've noticed that the public sector will launch products they
know are not ready.
So the Affordable Care Act was a disaster at rollout, and
people--there were people that knew it was not ready and it
launched, and it's working well now and testing makes a huge
difference. They just had to test on more people, figure out
the bugs. I'm sure Chairman Hurd and I would agree that we've
never seen a computer program work the first time.
And it's not limited to the Federal Government. In Los
Angeles County, LA Unified School District had a program that
was just going to track students, figure out their classes, and
where you're going to go, and they knew it wasn't ready because
the papers reported it wasn't ready, and they launched anyway.
It's one reason the superintendent resigned.
And you see this happening, and I'm just curious, from your
view, why is it that that happens? Because in the private
sector, if Microsoft is about to launch a product and it's not
ready, they don't launch. They push it back. They do more
testing. They make sure when they launch it to the consumers,
it doesn't crash the first time you use it. So I'm just
curious, is it that CIOs are not trained adequately to know the
thing doesn't work or is it the agency heads overriding them,
or the CIO is not telling the agency head this thing isn't
working? What is causing these launches of products that don't
work the first time?
Mr. Spires. Mr. Lieu, I will comment, having not been part
of the Affordable Care Act launch but having worked at a couple
of different agencies and seen the dynamics at times within
government agencies that FITARA, really I believe, should
address.
And I call it a breakdown in governance, okay, where you
end up in a situation where the people that actually understand
what it takes to launch these systems no longer have a say in
what actually is launched, when it's launched, how it's
launched. And I hate to say it, but I have seen this happen a
couple of times in government. And we need to make sure--and
that's one of the paramount things about FITARA, is to empower
the agency CIO.
Now, you better have a competent agency CIO, right, but the
agency CIO that understands IT management that says, what,
we're not even--we're rushing this thing through testing to try
to get it launched? We know that's going to fail, right. These
are some basic things if you build IT systems you learn. Most
of us have learned the hard way, I'm afraid.
But these are things that you learn over time, and we need
to make sure that that governance model is in place. It doesn't
mean that the CIO has the ultimate say in everything, and
that's the pushback you get, but that individual has a key seat
at the table so when those discussions are happening, that
individual says 80 percent chance this is going to fail if we
do this. We have to find a different way. Those discussions
have to happen.
Mr. Lieu. Under FITARA, if the CIO believes that this
system is not ready to go, can agencies still launch it?
Mr. Scott. Well, our guidance is that in the agencies, they
do the TechStats, and they're to do monthly reports. So if a
project is read for 3 months in a row, there's a mandatory
TechStat review, OMB is invited to that, and we'd certainly
have a discussion at that point about whether the program was
on track and ready to launch.
So I think that, you know, regular review is one of the
steps that you would look at. But I also--I actually worked at
Microsoft for about 5.5 years and saw success and failure in
big IT projects and so on, and the phenomena that Mr. Spires
talked about is exactly the problem. There's not the level of
transparency. You get an attitude that you're too big to fail,
that you just have to go ahead. The information that needs to
get to leadership to make the right decision doesn't get there,
and people, you know, jump off the cliff and then and only then
discover that there's a big problem.
So I do think that FITARA helps us with visibility and
transparency at a much more granular level that should help us
avoid some of these.
Mr. Lieu. Thank you, and I yield back.
Mr. Hurd. Thank you, and I would like to thank the
panelists. And I have a quick question to each one of you all,
same question. Mr. Scott, I would like you to start off. What
does successful implementation of FITARA look like?
Mr. Scott. I think I mentioned earlier. To me, it's faster
delivery. It's really speed. It's efficiency of our spend. It's
projects that are on time and on budget and meeting the mission
that they were designed for. They're secure, and that we have a
modern infrastructure that those things run on. And if we did
those things, I think we would declare this a success.
Mr. Hurd. Ms. Rung.
Ms. Rung. Congressman, while I appreciate all the kind
words about the guidance, I know that the hard work begins
today. And in addition to everything that Tony just
articulated, for me, success is IT acquisitions comes off the
high risk list.
Mr. Hurd. Mr. Spires.
Mr. Spires. I would certainly echo those sentiments. I
would add to it. The CIOs in IT organizations in the Federal
Government aren't there but to do anything else but to help
ensure that the mission and the business of government is done
in the agency that in which they live, right.
So what I would add to that is, I would like to see a set
of success criteria beyond what was just discussed that also
talks about how it is that the IT organization is going to
partner with the mission in order to figure out effectiveness
measures so that 3 years to 5 years from now, that agency is
operating more effectively than it is today through the use of
information technology or enhanced by information technology,
Mr. Hurd. Mr. Powner.
Mr. Powner. So before I talk about acquisition, I'd talk to
about operations because I think success starts with moving,
and in my testimony, we have that breakdown on how much we have
spend on legacy systems versus new development. There's a lot
of savings on Data Center Consolidation and PortfolioStat,
that's two of the seven provisions in FITARA.
The first thing we need to do is we need to get out of this
inefficient spend on legacy and find a way to move that money
into the modernization bucket, and then success in the
modernization bucket is quicker delivery. We talked a lot about
processes, and those processes will help us get there, but if
we don't move money from these old archaic systems to new
technologies, we're not going to be successful. And if we don't
ultimately deliver the new technologies quicker, that's not
success.
Mr. Hurd. Excellent. Thank you. I'd like to yield to Mr.
Connolly.
Mr. Connolly. Thank you. Mr. Chairman, that was a great
question, and if I were to answer it, I'd say certainly two
things. One is we can identify billions of savings that
currently are inefficiently used. That's a definite metric on
whether it's working or not. And secondly, can we get to a
culture whereby we don't treat technology as a commodity to be
purchased and managed, we see it rather as a transformative
process that can completely reshape how we provide services and
manage those services for the citizens we serve.
Mr. Chairman, I just want to, on a personal note, in
addition to thanking these panelists who have really been
partners in the enterprise here, I want to thank two staff
members who shepherded this legislation through two congresses
with two very different Members of Congress coming together,
nonetheless, and finding common ground, working with our Senate
colleagues with which--a change over there that was not easy,
and that's Rich Beutel, who is in the audience today. Thank
you, Rich. And he worked on the majority staff and worked in a
very bipartisan way, under not always easy circumstances. That
deserves a lot of credit.
And Ben Rodeside behind me in my staff who partnered with
Rich also in a bipartisan manner, and there was no trial or
tribulation too difficult for them, and they approached us with
a wonderful creative spirit, and I am in their debt.
Mr. Hurd. And as we continue to conduct oversight over the
implementation of FITARA and IT acquisition reform, one of the
things that the IT and the government ops subcommittees plan on
doing is issuing regular scorecards and implement a grading
system for compliance based on the rules and regulations of
FITARA.
I look forward to working with Ranking Member Kelly, Vice
Chair Farenthold, Chairman Meadows, Representative Connolly,
and members of the subcommittee on this issue. And I would like
to thank our witnesses for taking the time to appear before us
today. And if there's no further business, without objection,
this subcommittees stands adjourned.
[Whereupon, at 4:10 p.m., the subcommittees were
adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]