FITARA Implementation & How Government Communicates IT Costs RESEARCH BRIEF
Executive Summary
T
he federal government plans to invest more than $89 billion on information technology in fiscal year 2017. Typically, these investments have failed, gotten mired in cost overruns and missed deadlines or contributed little to mission-related outcomes. As a result, in December 2014, Congress passed the Federal Information Technology Acquisition Reform Act (FITARA), a law that represents the first major overhaul of federal IT acquisition and investment in almost 20 years. Since FITARA’s enactment, the Office of Management and Budget (OMB) published guidance to agencies to ensure the law is applied consistently governmentwide in a way that is both workable and effective. Nearly two years after passage of FITARA, however, federal CIOs struggle with reporting out and communicating IT challenges and the value of IT investments, especially in the face of FITARA requirements. The House Oversight and Government Reform Committee released its second FITARA scorecard on May 18, 2016. While many agencies fared better compared with November 2015 – when many of the 24 Chief Financial Officer Act agencies governed by FITARA received a grade of D – none received stellar marks. Seven scored higher, one lower and 16 had no grade change between the first and second scorecards, according to the Government Accountability Office (GAO), which released a report on FITARA implementation at a congressional hearing in May. GAO’s overall assessment is that OMB and agencies need to continue focusing on implementing the reform law. In September 2016, GovLoop and Apptio conducted a survey of 295 public-sector employees to gain insight into how federal agency IT managers are reporting out and communicating issues around FITARA improvements and IT investments. Additionally,
1
Research Brief
the survey sought to gain better insight into government employees’ understanding of and challenges in implementing FITARA, as well as their awareness of Technology Business Management (TBM), a methodology that connects IT spending with the outcomes they are deployed to serve. The survey also gauged government employee awareness of the recent Federal Commission on IT Cost, Opportunity, Strategy and Transparency (IT COST) Report. The report was released by the TBM Council, a nonprofit professional organization dedicated to advancing the discipline of managing the business of IT. Most survey respondents (55.1 percent) do not think federal IT managers have a clear understanding of their agencies’ IT investments and their value (Figure 1). Nearly 72 percent also do not think agency non-technical leaders have a clear understanding of the value of IT purchases or investments (Figure 2). Additionally, technology managers truly struggle with clear communication around IT investments and costs, even though almost 86 percent think that clear and valuable communication to non-technical leaders about IT investments and needs is important to develop (Figure 3). Additionally, sixty-seven percent of respondents said they do not currently use TBM to report, communicate and model IT costs for other departments (Figure 4). The biggest reason (40 percent) being they are not familiar with the methodology, followed by FITARA improvement not being a priority at their agency (36.6 percent) (Figure 5).
Fig. 1 Do leaders and stakeholders see technology expenses as basic IT costs instead of as important investments that empower the overall agency mission?
Fig. 2 Do you feel your agency’s non-technical leaders have a clear understanding of the value of IT purchases and investments?
55%
72%
YES
NO
Fig. 3 Do you believe that clear and valuable communication to nontechnical leaders about IT investments and needs is important to develop?
Fig. 4 Does your agency use TBM to report, communicate and model IT costs for other departments?
67%
86% YES
NO
Fig. 5 Why has your agency not started using TBM yet? (Select all that apply)
40%
36%
29% 15%
Not sure what it does
It’s not a priority
Don’t believe it meets our needs
Other
FITARA Implementation & How Government Communicates IT Costs
2
Why FITARA?
W
ith the Clinger-Cohen Act of 1996, the federal government moved to rein in and better manage its technology spending while reducing the risk and failures of major IT investments. Clinger-Cohen established a comprehensive approach for executive agencies to improve the acquisition and management of their information resources by: • Focusing on information resource planning to help IT executives support their agencies’ strategic missions; • Implementing a capital planning and investment control process that links to budget formulation and execution; and • Rethinking and restructuring the way IT managers do their work before investing in information systems. The act called for the development and maintenance of information technology architectures (ITAs) by federal agencies to maximize the benefits of IT within the government. Adhering to this mandate, in 1999, the U.S. Federal CIO Council initiated the Federal Enterprise Architecture, which is essentially a federal ITA. Clinger-Cohen paved the way for FITARA, which breathed new life into the efforts to control spending, according to the Federal IT Cost Commission Report. “FITARA creates requirements for improving the acquisition and operation of IT assets. These include authority enhancements for department-level CIOs, enhanced transparency and risk management of IT investments, regular reviews of IT portfolios, and a renewed emphasis on federal data center consolidation and strategic sourcing,” the report states. “FITARA not only seeks to succeed where Clinger-Cohen failed, it exploits the fact that when CIOs are more engaged in IT investments throughout their agencies, those investments tend to be more successful.” Congress enacted FITARA to reduce waste and duplication in the acquisition and management of federal information technologies. As a result, FITARA aims to enhance taxpayer value. So, the act represents a potential turning point for federal IT departments and the agencies that depend on them. Taken alone, however, FITARA is not enough, government and industry experts say.
3
Research Brief
Higher spending on running the business of government stands in the way of federal programs that depend on new or modernized IT systems. According to the GAO, the federal government spent more than 75 percent of its total IT budget on operations and maintenance (O&M) in fiscal year 2015. This O&M spending has increased over the past seven years, resulting in a $7.3 billion decline in development, modernization and enhancement (DME) spending over that same period. It is clear that O&M, or the government’s run-the-business spending, is overshadowing its change-the-business spending, according to the GAO. “If you can’t get the O&M down, how do you spend more on development, modernization, enhancements and overall innovation?” said Suzanne Chartol, Customer Success Advisor at Apptio, a provider of cloud-based software for managing the business of IT. “Also, one of the things that’s been lacking is an understanding of after something new is built, what is the ongoing requirements from a maintenance perspective?” Being able to understand that full landscape is important, Chartol said. “One of the challenges that government has is the funding model, which provides an annual budget. In comparison, in a commercial enterprise you can make decisions that span multiple years, but that’s really hard to do in the federal government,” Chartol said. The concept of working capital funds proposed in the Modernizing Government Technology Act, sponsored by Rep. Will Hurd, R-Texas, which passed by a voice vote in the House of Representatives in September 2016, is seen by many observers as a step in the right direction. The bill calls for the creation of working IT capital funds that allow agencies to bank savings from modernization efforts. Agencies that can show savings from modernization efforts would be rewarded under the bill by being able to use savings to fund other modernization projects, such as moving to the cloud or extending mobile access to employees.
FITARA: A Good Start
F
ITARA is important legislation that will give federal agencies a way to get a handle on their IT spending, Chartol said. “What is important is the authority it gives the CIOs around the IT spend in their agencies, which they lacked before,” Chartol said. “There are still opportunities for agencies to get better, in particular, around some of the standards around reporting, making sure that everybody’s doing it on an apples-to-apples basis.” The implementation of recommendations suggested by the Federal Commission on IT Cost, especially those focused on the deployment of TBM, are also imperative. Agencies are graded on four areas for the FITARA scorecard: data center consolidation savings, IT portfolio review savings, incremental development and risk assessment transparency. Yet more than half of the agencies surveyed (54.9 percent) said implementation of FITARA is challenging (Figure 6). The public-sector survey respondents were asked what the most difficult requirement challenges of FITARA were for their agency to make progress on. Reporting and understanding their data (25.1 percent) was a
top barrier to success, followed by data center consolidation (17.3 percent), risk assessment transparency (10.2 percent), IT portfolio review savings (8.2 percent) and incremental project development (7.8 percent), along with 31.4 percent of the respondents citing other challenges hampering FITARA progress (Figure 7). Interestingly enough, 50.6 percent of the respondents said improving the FITARA scorecard is not a priority for their agency, while 49.4 percent said improving the scorecard is a priority (Figure 8). This could be due to the fact that FITARA demands the coordination of stakeholder interests across a range of management areas that are often separated within their own cultures in many agencies, including acquisition, budget and finance and human resources, among others. Moreover, agencies have to interact with the General Services Administration and OMB, as well. Agencies will have to conduct more than check-the-box compliance exercises in order to ultimately realize FITARA’s goals, experts have noted.
Fig. 7 What has been the most difficult requirement challenge of FITARA for your agency to make progress on? (Select one)
31%
Other
25%
Reporting and understanding your data
17%
Data center consolidation
10% Risk assessment transparency
Fig. 6 Has your agency faced challenges in implementing the FITARA requirements?
8% IT portfolio review savings
7%
Fig. 8 Is improving your agency’s FITARA scorecard a priority for your agency?
54% YES
51% NO
49% YES
Incremental project development
FITARA Implementation & How Government Communicates IT Costs
4
Better Transparency
What is Technology Business Management?
F
T
ITARA grants department-level CIOs greater authority over IT resources employed by their agencies, not just those managed directly by their IT departments, according to the Federal Commission on IT Cost Report. The private sector, however, where CIOs have had broad authority for acquisition, development and operation, shows that authority is not enough. Agency CIOs have to manage and demonstrate value for the money spent on what they deliver. Some agency CIOs agree with the need for better transparency. During a hearing before the joint subcommittees on Information Technology and Government Operations of the House Committee on Oversight and Government Reform, on Nov. 4, 2015, Department of Transportation CIO Richard McKinney noted: “How do we begin to use the three foundational authorities of FITARA, namely HR, budget and acquisition approval that you have wisely laid out in this legislation? I’m sure that we can all agree that in order to chart a course to where you want to go, you must begin by understanding where you are. I have been frustrated by the lack of good data, both technical and financial, that we have to measure our IT spend and performance.” FITARA requires OMB and agencies to make detailed information on federal IT investments publicly available. Also, agency CIOs have to categorize their IT investments by risk. If a major IT investment is rated high-risk for four consecutive quarters, the law requires that the agency CIO and the investment’s program manager conduct a review aimed at identifying and addressing the causes of the risk.
he Federal Commission on IT Cost recommends Technology Business Management as the methodology and solution to help agencies gain better visibility into their IT spend and investments, and demonstrate value for the money spent on what they deliver. Yet, only 29.1 percent of the survey respondents are familiar with the discipline (Figure 9). Those survey results are not necessarily surprising, as TBM is a relatively new discipline, but has been implemented in large private sector corporations, Chartol said. “TBM is the practice of linking the work that IT does to the value on the business side that it creates,” Chartol said. The TBM Council states that “Technology Business Management provides IT with the standards and validated best practices to communicate the cost, quality, and value of IT investments to their business partners. In turn, IT is able to focus on driving innovation for their organization.” To more effectively align IT, finance and agency leaders, TBM provides a standard taxonomy to describe cost sources, technologies, IT resources, applications and services. “The TBM taxonomy is not theoretical; IT cost and resource models based on the TBM taxonomy have been deployed at hundreds of enterprises, including companies as diverse as ExxonMobil, eBay, Nationwide Building Society (UK), and the State of Washington,” according to the Federal Commission on IT Cost Report. Think of the TBM taxonomy as four layers, and in each layer, costs are being grouped in different ways to provide transparency or visibility for certain sets of stakeholders, Chartol said. At the very bottom of the taxonomy are cost pools, which are groups of account or object classes that includes functions such as labor, hardware, software, facilities and power and telecommunications. The next layer is IT towers, which includes IT functions such as the data center, compute, storage, network, security and compliance and IT management, as well as end user functions such as mobile devices and laptops.
5
Research Brief
“TBM is the practice of linking the work that IT does to the value on the business side that it creates” Suzanne Chartol, Customer Success Advisor, Apptio
For instance, FITARA, via the federal Data Center Optimization Initiative (DCOI), requires agencies to provide OMB with a data center inventory, a strategy for consolidating and optimizing the data centers, which should include planned costs and savings as well as quarterly updates on progress. The DCOI also requires agencies to transition to more efficient infrastructure, such as cloud services and inter-agency shared services.
Fig. 9 Have you heard of the decision-making discipline known as Technology Business Management (TBM)?
An agency’s data center costs may grow over time. But are they growing because IT is providing more services due to demand, or are the costs growing because they are out of control, Chartol asked. TBM enables managers to understand their unit costs and consumption, Chartol said. “You can start understanding what’s really driving costs, and then work with your mission areas. If they’re consuming more, then you’re working with them to try to understand the consequences of that demand. Whereas, if your unit cost is going up, that’s something IT has to take care of by finding other ways of driving cost down,” Chartol said.
29% NO
YES
71%
The next layer up in the taxonomy is applications and services, which includes end user, agency application, shared application, infrastructure and platform services. For instance, a service layer cost could be the total cost to provide an employee with a laptop over a year, which involves much more than just the cost of the hardware. Maybe there are the costs of having support on the back end for the laptop or providing help desk availability, Chartol explained. At the top is the business or mission view, which focuses on who is consuming the IT technology and services. “So now you can start grouping your dollars around things that the mission or the business cares about in the construct that they’re used to,” Chartol said. They, in turn, can start figuring out if it is a good use of their money. “Are you spending your dollars in a way that’s supporting your overall strategy? Are you consuming more than you thought? Or is it actually more expensive than you planned?” Chartol said. These are questions that can be answered via this approach.
FITARA Implementation & How Government Communicates IT Costs
6
TBM Taxonomy and Apptio
A
pptio leverages the TBM Taxonomy to help IT leaders more simply and effectively manage their technology spending. “Apptio combines that taxonomy in a way to effectively move from one level of the taxonomy to another. We know the types of best allocation methodology in order to be able to understand, and not so much allocate, but attribute the costs to the right things,” Chartol said. The approach is based on a data-driven philosophy, “so that you’re not making assumptions; you’re actually using real data to figure out how much is the unit cost of a server, for example,” said Chartol. Many government organizations are trying to do this type of cost analysis manually with spreadsheets. But this type of analysis typically requires hundreds of spreadsheets, which is clearly not efficient or easy to organize. The General Services Administration attempted to do this level of analysis manually before embracing TBM. “The problem is when you do it manually, you’re talking about a large amount of data that you need to merge with your financial data,” Chartol said. That is why companies now are looking for automated tools so they can conduct cost analyses on a monthly basis. Apptio allows IT and non-technical managers to automate the process so that they can continue to mature and get their costs better over time. They can add different views of different types of data to support different use cases, evolve it, and not spend six months just to find out the total cost of ownership of one application. Instead, they are getting analysis all the time on a repeatable basis, Chartol said. Apptio users are able to analyze costs over time to better understand how their spending is trending relative to the budget. “It just becomes part of your monthly kind of operational cadence at that point,” Chartol said.
7
Research Brief
Getting Started
Y
ou may often hear people say they can’t embark on a data-driven cost analysis approach because they don’t have data. Not having all the data you think you need, however, is not something that will stop good implementation of TBM, Chartol said. “You can start with the data you have, and over time, increase the amount of data, and the amount of use cases you are able to support,” Chartol said. “You don’t have to do it all at once.” “Often organizations have more data than they know. The worst decision would be to wait and say, ‘Well we’re going to get our data perfect,’ because that will never happen,’” Chartol said. Another concern Chartol hears relates to an enterprise financial system. People say that their financial system doesn’t track this type of information, therefore, they can’t do TBM. “We don’t classify our costs in these buckets. And my response to that is, ‘That’s right, that’s the whole point.’ It’s taking the data that’s in your financial system as it is, and using other types of operational data, a device list or list of employees and marrying that up with your financial data. It’s not in the financial system, and we wouldn’t expect it to be. TBM’s really about taking the different types of data and merging them together,” Chartol said.
Recommendations
T
he Federal Commission on IT Cost recommends that OMB provide guidelines for federal agencies to use the standard TBM taxonomy of cost pools (and sub-pools) and IT towers (and sub-towers) for submitting their annual IT budget requests. These guidelines may be part of the annual OMB Circular A-11 on preparing, submitting and executing the fiscal year budget. “This will allow federal CIOs, CFOs, and other stakeholders to better understand and evaluate planned IT costs at a more granular level. This will also allow the OMB to more easily compare expenditures across the federal government,” according to the commission report. In using the standard TBM taxonomy, federal agencies will empower their CIOs to perform more meaningful reviews of all major IT investments as required by OMB Circular A-11. “In particular, putting investment resources into IT tower and sub-tower terms allows CIOs and their staff to better review the cost-effectiveness of the inputs used for delivering program outcomes,” the report states.
Fig. 10 Are you aware of or have you read the Federal IT COST Commission and its recent report sharing key recommendations for improving the measurement and communication of Federal IT costs using Technology Business Management (TBM)?
17% YES
NO
83%
The commission also recommends that agency CIOs establish a TBM office composed of a program director and any TBM analysts and administrator resources needed for modeling, reporting and metrics. TBM is not a project; TBM is a change in the way enterprises value IT, Chartol said. As such, it has to be embedded in the fabric of how an IT department is managed. TBM analysts are a necessary part of that governance infrastructure. “It doesn’t take an army; it is typically a couple of people. I’ve seen companies that have one person dedicated to TBM and others that might have five or six people, depending on the organization’s vision and how managers want TBM to mature,” Chartol said. Another recommendation is for agency CIOs to implement a TBM system that is capable of serving the requirements for data integration, scalability, cost and resource modeling, reporting and analytics and security. In fact, the Federal Commission on IT Cost offers 21 recommendations in the report, but it appears not many IT managers are aware of the report. Only 17.2 percent of the survey respondents
were aware of or have read the report, while 82.8 percent aren’t aware or haven’t read the report (Figure 10). The bottom line: Agencies can no longer afford to have operations and maintenance spending overshadow development, modernization and enhancement investments. FITARA represents a unique opportunity to address this challenge, but can be successful only if agency managers have better insight into the value of their IT investments. The recommendations in the Federal Commission on IT Cost, Opportunity, Strategy, and Transparency Report provide a path to creating the insights that are needed for greater efficiency and value. The recommendations were shaped by technology business management, which has been adopted by hundreds of private- and public-sector enterprises.
FITARA Implementation & How Government Communicates IT Costs
8
About Apptio Apptio is the CIO’s business management system. We build advanced data and analytics applications that help all IT leaders understand and make informed decisions about their technology investments, capitalize on the cloud transformation and drive innovation within their organization. We call it Technology Business Management. For more information, please visit www.Apptio.com.
About GovLoop GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com.
9
Research Brief
FITARA Implementation & How Government Communicates IT Costs
10
1152 15th Street NW, Suite 800 Washington, DC 20005 Phone: (202) 407-7421 | Fax: (202) 407-7501 www.govloop.com @GovLoop