The Federal Information Technology Acquisition Reform Act, above all else, was designed to give chief information officers the authority they needed over IT projects so Congress could hold them accountable.
But it became evident Tuesday in a House hearing on implementing the law that several agencies still have a way to go toward finding a structure that satisfies congressional intent with the legislation.
There are 250 people with the title “chief information officer” in only 24 federal agencies, said Rep. Gerry Connolly, D-Va., at the hearing by two House Oversight and Government Reform subcommittees. Connolly is one of the authors of FITARA.
“There is no private corporation, no matter how big, that would have anything like that,” Connolly said. “In fact, it’s one of my favorite hobbies to ask a CEO of a major corporation, Fortune 500, how many CIOs have you got? And I do it with a straight face and they always look at me quizzically like: ‘well, one?’”
Connolly said the bill’s authors were trying not to be overly prescriptive on leadership structure, hoping that a “more rational hierarchy” would emerge naturally. In some cases, it hasn’t happened, and Congress might need to get prescriptive, he said.
Part of the issue is the idea that agency IT heads should be reporting directly to officials at the top — a department’s secretary or a deputy secretary, or the equivalent in other agencies. But half of the agency CIOs subject to FITARA do not have that reporting structure, according to the committee’s latest scorecard on implementation of the law. Released this week, that third round of grading included a new metric on reporting structure.
“I find it unacceptable for any of the agencies to be working against the intent of FITARA, secretaries of agencies and division heads and likewise ignoring the critical role of CIOs in FITARA implementation,” Connolly said. “We found that some agencies are struggling to elevate the CIO position to its appropriate management level.”
[Read more: NASA passes, DOT fails in latest FITARA scorecard]
Rep. Will Hurd, R-Texas, said in an interview with FedScoop before the hearing that the committee has learned of “problems between CIOs and CFOs.”
“The CFOs in some agencies feel like some of their authority is being taken away from them. And the reality is in those situations it’s the agency heads that need to be getting involved and making sure that the CIOs have the authority that has been given to them by Congress,” he said. “Because ultimately if we’re going to hold the CIO responsible for protecting digital infrastructure … then we need to be able to hold them accountable, and they need to have the authority to be able to do that.”
The two CIOs who testified at the hearing Tuesday, from Department of State and Department of Homeland Security, do not report directly to their secretary or deputy secretary.
State CIO Frontis Wiggins said Tuesday that while he doesn’t report directly to either position, he meets with them regularly.
“I’m concerned about your testimony, Mr. Wiggins, about who you report to,” Connolly said. “It’s got to come from the top. That person, whoever is the secretary of the agency, has got to understand the transformative nature of IT and oh by the way the other side: what could go wrong if this goes bad?”
Connolly said he felt that the State Department hasn’t been adequately implementing FITARA — the department got a “D-” on its latest scorecard (the minus representing the lack of the proper reporting structure).
Connolly said in the most recent authorization bill for the department he added an amendment that State needed to fully comply with FITARA.
“We’re not going away,” Connolly said. “One way or another State Department is going to have to come to grips with reality here.”
Wiggins said he is converting five full-time employees positions over from programmatic status to working specifically on implementing FITARA.
He also noted that he meets regularly with the deputy secretary, and that she is directly involved in a lot of his activities. Later, Wiggins also urged the committee to consider metrics on reporting duties that measure the frequency and effectiveness of meetings with leadership, not necessarily a binary, direct reporting metric that records a “plus or minus.”
David Powner, director of IT Management Issues at the Government Accountability Office, said he thinks the most critical question you can ask around whether or not CIOs have the necessary authorities is: can they terminate a troubled project? Can they stop it?
And in response to that question, Wiggins said: “As the only CIO at the Department of State I have the ability as the authorizing official to approve IT projects and kill IT projects. We have a governance structure in place that’s pretty comprehensive.”
But when Hurd asked how much of the IT budget Wiggins controls, Douglas Pitkin, director of the bureau of budget and planning at the State Department, said the CIO only controls 50 percent.
When asked if Wiggins has enough control over the IT budget, Pitkin responded: “I would say I have a budgetary collaboration on it.”
Homeland Security CIO Luke McCormack said he has experienced no difficulty in pausing programs, and has paused more than one during his tenure.
But there did still seem to be lingering questions about whether McCormack has enough authority in his position.
He noted that “CIOs in large part are completely dependent on their chief acquisition officer,” and Hurd questioned: “Should they be?”
Contact Samantha via email at firstname.lastname@example.org, or follow her on Twitter at @samehlinger. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.