A little over four years ago, when the first-ever iteration of the government’s modernization scorecard was released, the Department of Education was one of just three agencies to receive a failing grade. After incremental improvements every year, the Education Department, along with the General Services Administration, received the highest-ever score given to an agency on the ninth edition of the scorecard — both stamped with a perfect “A+” rating.
For years, agency scores on the Federal Information Technology Acquisition Reform Act (FITARA) scorecard, which grades IT practices at the 24 CFO Act agencies, have been low. While agency scores still run from a “D-” to the “A+,” the federal government is seeing significant IT improvements as the average grade sits between a "C" and “C+" and trends up. But with the first-ever perfect scores released Dec. 11, Federal Times wanted to hear directly from agency chief information officers who steered their agencies to the top of the federal IT ranks.
A lesson plan for success
Prior to the FITARA 9.0 scorecard, the highest score had been an “A-." But the most recent card saw three agencies score higher ( along with the perfect Education Department and GSA scores, the U.S. Agency for International Development received an A).
In May 2016, the same month Education Department CIO Jason Gray was selected to take over the agency’s top IT slot, the department received a "D" on the FITARA 2.0 card. For the next two scorecards, the agency received a “C+," then jumped to a “B+," where it’s remained for four scorecards in a row. But this cycle it jumped to an “A+,” which Gray said felt “great.”
At the epicenter of Education’s success is tenacious support from the department’s senior leadership all the way up to Secretary Betsy DeVos, Gray told Federal Times. He said he sits in weekly meetings with DeVos, and also has monthly one-on-ones with her to discuss FITARA and the agency’s IT progress. He also told Federal Times that he briefs assistant secretaries about modernization and cybersecurity issues quarterly.
“That collaboration and understanding and education of what FITARA is and why we’re doing it” is critical, Gray said.
The story is a bit different at GSA, which has been on the cusp of breaking into the “A” range for several scorecards. The agency scored a “B” on the first scorecard in 2015, one of only two at the time. It then dipped down to a “C” on the second card, but received a “B+” on the following six scorecards before getting an “A+” last week.
“It’s good to have an independent third party confirm that you’re headed down the right path,” GSA CIO David Shive told Federal Times.
After the June scorecard results were released, Shive said that GSA looked at the areas that the agency didn’t ace and asked internally how it could improve in those categories. He stressed that agencies shouldn’t make decisions solely to improve their scores, emphasizing that GSA is “intentional” with its IT decisions to improve the agency’s functions, not just to earn marks.
“We looked across all the domains and said, ‘where would increasing transparency, visibility [and] work impact that score?’” Shive said. “Not for the sake of impacting the score, but where could we put some effort in and also get better business outcomes for GSA.”
Since June, GSA improved its score in the “transparency and risk management” category from a “C” to a “B.” Shive said that the agency revised how it assessed its risk — moving to a holistic risk management framework and away from just measuring cost, schedule and performance. Now it considers the complexity and criticality of investments, the type of technology its working with and the risk that higher complexity injects into the network. Ultimately, the agency stepped “out of that classic 1990s” view of risk, Shive said.
“The end result is, I think we're expressing to ourselves internally, to oversight and downstream to the taxpaying citizens that we serve, a better view into the risk posture of GSA,” Shive said.
At the Education Department, the biggest improvements came in the “transparency and risk management” and “portfolio review” category, which measures cost savings and avoidance. In the risk management category, Education improved from a “B” to an “A” by implementing a mechanism to identify an investment as “inherently risky,” said Kaye Fanning, branch chief for investment and acquisition management at the department.
“It's really given us the ability to make sure that we can keep tabs on where the money is going and how performance is doing for our large investments, whether that's by dollar size, whether that's by risk or scope,” Fanning said.
Education also improved its score from a “C” to an “A” in the portfolio review category by saving millions of dollars through several modernization projects, Gray told Federal Times, helped in part by moving off a 12-year legacy IT project that expired over the summer.
Improving services, then scores
Though the agencies have secured perfect scores, the work on improving IT management doesn’t halt. At the Education Department, officials plan to spend significant time maintaining the current scores and improving in areas like the cyber score, where it scored a “C." Gray said he has kicked off biweekly meetings to discuss department cybersecurity.
“As we make funding decisions, we are considering the cyber posture of that IT and whether the risk there is worth investing in,” said Fanning.
Shive said that GSA is looking to improve its financial transparency for IT investments in the next year because his agency has found that it’s a better IT shop when its open about the positive or negative outcomes of its investments.
In the interview with Federal Times, Shive stressed that IT decisions need to be driven by potential business outcomes and “good IT” practices, not sparked by a desire to increase the FITARA score.
“Don’t really focus on your FITARA score; focus on doing good IT and let the chips fall where they may in the FITARA scoring,” Shive said. “And if you can say with confidence that you are doing good IT, then full stop you’re doing a good job. Remember, the FITARA scorecard is not the end-all be-all.”
At Education, Gray and Fanning said that collaborating and partnering with other offices across the agency C-suite is an essential part of improving scores.
“Having the support from those communities and the buy-in to acknowledge that FITARA is worthwhile and important to all of the areas of what we’re doing across the department has really been one thing that, I think, has helped us consistently approves to improve throughout time,” Fanning said.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.