The Federal Information Technology Acquisition Reform Act (FITARA): Frequently Asked Questions

Contents

• What is the Federal Information Technology Acquisition Reform Act?
• How is FITARA being implemented?
• Are other laws affected by FITARA?
• Why was FITARA enacted?
• What agencies are covered by FITARA?
• How is FITARA implementation monitored?
• What is the status of FITARA implementation?
• What are the next steps in the FITARA implementation process?

Summary

Federal agencies rely on information technology (IT) to conduct their work, requiring extensive investments in both updating existing IT and developing new IT. The Government Accountability Office (GAO) has reported that the federal government budgets more than $80 billion each year for IT investment. In FY2017, that investment will be more than $89 billion. Unfortunately, these investments often incur "multi-million dollar cost overruns and years-long schedule delays," may contribute little to mission-related outcomes, and in some cases fail altogether. The Federal Information Technology Acquisition Reform Act (FITARA) (P.L. 113-291) was enacted on December 19, 2014, to address this problem. FITARA outlines seven areas of reform to how federal agencies purchase and manage their information technology (IT) assets, including—

• enhancing the authority of agency chief information officers (CIOs);
• improving transparency and risk management of IT investments;
• setting forth a process for agency IT portfolio review;
• refocusing the Federal Data Center Consolidation Initiative (FDCCI) from only consolidation to optimization;
• expanding the training and use of "IT Cadres," as initially outlined in the "25 Point Implementation Plan to Reform Federal Information Management Technology" issued by the CIO of the United States;
• maximizing the benefits of the Federal Strategic Sourcing Initiative (FSSI); and
• creating a govemment-wide software purchasing program, in conjunction with the General Services Administration.

Not all federal agencies are covered by FITARA. Generally, agencies identified in the Chief Financial Officers Act of 1990, as well as their subordinate divisions and offices, are subject to the requirements of FITARA. The Department of Defense, the Intelligence Community, and portions of other agencies that operate systems related to national security are subject to only certain portions of FITARA.

The Office of Management and Budget (OMB) published guidance to implement the requirements of FITARA in June 2015 (OMB Memorandum M-15-14). In addition to implementing FITARA, this guidance also harmonizes the requirements of FITARA with existing laws, primarily the Clinger-Cohen Act of 1996 (P.L. 104-106) and the E-Government Act of 2002 (P.L. 107-347). The OMB also monitors agency implementation of FITARA. Congress also monitors the progress of FITARA implementation through audits conducted by GAO and hearings by relevant House and Senate committees. Since FITARA was signed into law, the Senate and House have each held two hearings on overall agency FITARA implementation.

OMB imposed an April 30, 2016, deadline for agencies to submit updated FITARA common baseline self-assessments and GAO has reported that as of May 2016, 22 of the 24 CFO Act agencies had made their plans publicly available.

What is the Federal Information Technology Acquisition Reform Act?

The Federal Information Technology Acquisition Reform Act (FITARA) was enacted on December 19, 2014.¹ The law outlines seven areas of reform that affect how federal agencies purchase and manage their information technology (IT) assets, including—

• enhancing the authority of agency chief information officers (CIOs);
• improving transparency and risk management of IT investments;
• setting forth a process for agency IT portfolio review;
• refocusing the Federal Data Center Consolidation Initiative (FDCCI) from only consolidation to optimization;
• expanding the training and use of "IT Cadres," as initially outlined in the "25 Point Implementation Plan to Reform Federal Information Management Technology";²
• maximizing the benefits of the Federal Strategic Sourcing Initiative (FSSI);³ and
• creating a govemment-wide software purchasing program, in conjunction with the General Services Administration.

How is FITARA being implemented?

On June 10, 2015, OMB published guidance⁴ to implement the requirements of FITARA and harmonize existing policy and guidance with the new law. Among other goals, the requirements are intended to—

• assist agencies in establishing management practices that align IT resources with agency missions, goals, programmatic priorities, and statutory requirements;
• establish government-wide IT management controls that will meet FITARA requirements while providing agencies with the flexibility to adapt to agency processes and unique mission requirements;
• establish universal roles, responsibilities, and authorities of the agency CIO and other senior agency officials;⁵
• strengthen the agency CIO's accountability for the agency's IT costs, schedules, performance, and security;
• strengthen the relationship between agency and bureau CIOs;
• establish consistent government-wide interpretation of FITARA terms and requirements; and
• provide appropriate visibility and involvement of the agency CIO in the management and oversight of IT resources to support the implementation of effective cybersecurity policies.⁶

Are other laws affected by FITARA?

In addition to implementing FITARA, OMB Memorandum M-15-14, "Management and Oversight of Federal Information Technology,"⁷ also harmonizes the requirements of FITARA with existing law, primarily the Clinger-Cohen Act of 1996 and the E-Government Act of 2002.⁸ Those laws require OMB to issue management guidance for information technology and electronic government activities across the government, respectively. FITARA also contains provisions that required OMB interpretation before implementation.

Why was FITARA enacted?

The Government Accountability Office (GAO) has reported that the federal government budgets more than $80 billion each year for IT investment. In FY2017, that investment will be more than $89 billion.⁹ Unfortunately, these investments often incur "multi-million dollar cost overruns and years-long schedule delays," may contribute little to mission-related outcomes, and in some cases fail altogether.¹⁰ For example—

• the Department of Defense (DOD) canceled its Expeditionary Combat Support System in December 2012 after it had spent more than a billion dollars, but had not deployed the system within five years of initially obligating funds;
• the Department of Homeland Security's Secure Border Initiative Network program was canceled in January 2011 after it had spent more than $1 billion because the program did not meet cost-effectiveness and viability standards;
• the Department of Veterans Affairs' (VA's) Financial and Logistics Integrated Technology Enterprise program, which was intended to be delivered by 2014 at a total estimated cost of $609 million, was terminated in October 2011 due to challenges in managing the program;
• the Farm Service Agency's Modernize and Innovate the Delivery of Agricultural Systems program, which was to replace aging hardware and software applications that process benefits to farmers, was canceled after 10 years at a cost of at least $423 million, while delivering only about 20% of the functionality that was originally planned; and
• the Office of Personnel Management's Retirement System Modernization program was canceled in February 2011 after the agency had spent approximately $231 million on its third attempt to automate the processing of federal employee retirement claims.

These undesirable results, according to GAO, "can be traced to a lack of disciplined and effective management and inadequate executive-level oversight."¹¹ FITARA was enacted to reduce the likelihood of such results.¹²

What agencies are covered by FITARA?

Generally, agencies identified in the Chief Financial Officers (CFO) Act of 1990,¹³ as well as their subordinate divisions and offices, are subject to the requirements of FITARA (Table 1). The DOD, the Intelligence Community, and portions of other agencies that operate systems related to national security are subject to only certain portions of FITARA. Additionally, executive branch agencies not named in the CFO Act are encouraged, but not required, to follow FITARA guidelines.

How is FITARA implementation monitored?

The OMB develops and promulgates guidance based on the codified requirements of FITARA and monitors agency implementation of that guidance. Additionally, Congress monitors the progress of FITARA implementation through audits conducted by GAO and hearings by relevant House and Senate committees.

Between FY2010 and FY2015, GAO has made approximately 800 recommendations to OMB and agencies to improve acquisition and operations of IT. As of October 2015, GAO reported that about a third of its recommendations had been implemented.¹⁴ That percentage remained the same in May 2016.¹⁵ Since FITARA was signed into law in December 2014, the Senate has held two hearings and the House has held four hearings on FITARA implementation:

• Risky Business: Examining GAO's 2015 List of High Risk Government Programs¹⁶
  Senate Committee on Homeland Security and Governmental Affairs (Full Committee)
  February 11, 2015
• Reducing Unnecessary Duplication in Federal Programs: Billions More Could Be Saved¹⁷
  Senate Committee on Homeland Security and Governmental Affairs (Full Committee)
  April 14, 2015
• The Role of FITARA in Reducing IT Acquisition Risk¹⁸
  Joint Hearing: House Committee on Oversight and Government Reform (Subcommittees on Information Technology and Government Operations)
  June 10, 2015
  
• The Role of FITARA in Reducing IT Acquisition Risk, Part II—Measuring Agencies' FITARA Implementation¹⁹
  Joint Hearing: House Committee on Oversight and Government Reform (Subcommittees on Information Technology and Government Operations)
  November 4, 2015
• The Federal Information Technology Reform Act Scorecard 2.0²⁰
  Joint Hearing: House Committee on Oversight and Government Reform (Subcommittees on Information Technology and Government Operations)
  May 18, 2016
• Federal Agencies' Reliance on Outdated and Unsupported Information Technology²¹
  House Committee on Oversight and Government Reform
  May 25, 2016

What is the status of FITARA implementation?

The House Committee on Oversight and Government Reform released a "FITARA scorecard" in conjunction with its November 4, 2015, hearing on the status of FITARA implementation (see Table 1). In explaining the scorecard, Representative Gerry Connolly, ranking Member of the Subcommittee on Government Operations and co-author of FITARA, stated:

This scorecard is not intended to be a juridical, prescriptive exercise. It is an initial assessment, a point in time snapshot, much like a quarterly report card one might get in a university or school. The intent isn't to punish or stigmatize. It is, in fact, to exhort and urge agencies to seize this opportunity, and use the scorecard as a management tool to better guide decision making and investments within the agency. While the grades themselves are illustrative of overall performance, it is the multiple elements that make up the grades on which agencies and our committee will focus to ensure we deliver on the transformative promise of FITARA.²²

The committee scored agencies across four of the seven requirement areas of FITARA to develop a final score: data center consolidation plans, planned IT portfolio review savings, transparency of IT project risk assessment, and incremental development for IT projects. Across the four metrics and the final score, agencies earned a total of 14 "A" ratings out of 120 total grades. The only agencies to get a passing grade in each of the four categories were the Department of Commerce and the General Services Administration, which both received overall B ratings.²³

What are the next steps in the FITARA implementation process?

GAO has stated that legislative oversight of agencies and their progress in implementing FITARA will continue and perhaps increase during 2016, as plans and expectations become more concrete. Another issue to be resolved is that OMB approved 22 out of 24 agencies' original self-assessments and FITARA implementation plans, but GAO found that not all of the self-assessments were accurate.

OMB imposed an April 30, 2016, deadline for agencies to submit updated FITARA common baseline self-assessments and GAO has reported that as of May 2016, 22 of the 24 CFO Act agencies had made their plans publicly available.²⁴

Figure 1. House Oversight and Government Reform FITARA Implementation Scorecard November 2015

Source: House Committee on Oversight and Government Reform, https://oversight.house.gov/wp-content/uploads/2015/11/FINAL-4-area-report-card.pdf. Notes: (1) The methodology used to score the agencies is available at https://oversight.house.gov/wp-content/uploads/2015/11/FINAL-Combined-1-pagers-2.pdf. (2) Three agencies—HUD, SBA, and USAID—did not report any planned data center consolidation cost savings goals; therefore, no grade has been determined for these agencies. (3) This area measures agencies 'major' investments—defined as those that are spending at least 50% of their planned spending in development (per the Office of Management and Budget, Fiscal Year 2016 Budget of the U.S. Government). NASA, NSF, and USAID did not have any projects that met this definition.

Author Contact Information

Footnotes