b'<html>\n<title> - IDENTIFYING CRITICAL FACTORS FOR SUCCESS IN INFORMATION TECHNOLOGY ACQUISITIONS</title>\n<body><pre>[Senate Hearing 113-702]\n[From the U.S. Government Publishing Office]\n\n\n                                                       S. Hrg. 113-702\n \n                 IDENTIFYING CRITICAL FACTORS FOR SUCCESS \n                 IN INFORMATION TECHNOLOGY ACQUISITIONS\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                              COMMITTEE ON\n               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS\n                          UNITED STATES SENATE\n\n                    ONE HUNDRED THIRTEENTH CONGRESS\n\n\n                             SECOND SESSION\n\n                               __________\n\n                              MAY 8, 2014\n\n                               __________\n\n        Available via the World Wide Web: http://www.fdsys.gov/\n        \n     \n                          Printed for the use of the\n        Committee on Homeland Security and Governmental Affairs\n        \n \n [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]      \n \n \n                      U.S. GOVERNMENT PUBLISHING OFFICE\n89-681PDF                 WASHINGTON : 2015                      \n\n________________________________________________________________________________________        \nFor sale by the Superintendent of Documents, U.S. Government Publishing Office, \nhttp://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, \nU.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).\nE-mail, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d6b1a6b996b5a3a5a2beb3baa6f8b5b9bbf8">[email&#160;protected]</a>  \n      \n        \n        \n        \n        \n        \n        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS\n\n                  THOMAS R. CARPER, Delaware Chairman\nCARL LEVIN, Michigan                 TOM COBURN, Oklahoma\nMARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona\nMARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin\nCLAIRE McCASKILL, Missouri           ROB PORTMAN, Ohio\nJON TESTER, Montana                  RAND PAUL, Kentucky\nMARK BEGICH, Alaska                  MICHAEL B. ENZI, Wyoming\nTAMMY BALDWIN, Wisconsin             KELLY AYOTTE, New Hampshire\nHEIDI HEITKAMP, North Dakota\n\n                  Gabrielle A. Batkin. Staff Director\n               John P. Kilvington, Deputy Staff Director\n                   Jonathan M. Kraden, Senior Counsel\n               Keith B. Ashdown, Minority Staff Director\n            Kathryn M. Edelman, Minority Senior Investigator\n                     Laura W. Kilbride, Chief Clerk\n                   Lauren M. Corcoran, Hearing Clerk\n                           \n                           C O N T E N T S\n\n                                 ------                                \nOpening statements:\n                                                                   Page\n    Senator Carper...............................................     1\n    Senator Coburn...............................................     3\nPrepared statements:\n    Senator Carper...............................................    45\n\n                               WITNESSES\n                         Thursday, May 8, 2014\n\nHon. Daniel M. Tangherlini, Administrator, U.S. General Services \n  Administration.................................................     4\nSteven L. VanRoekel, U.S. Chief Information Officer, U.S. Office \n  of Management and Budget.......................................     6\nDavid A. Powner, Director of Information Technology Management \n  Issues, U.S. Government Accountability Office..................     8\nDaniel J. Chenok, Executive Vice Chair, Industry Advisory \n  Council, American Council for Technology and Industry Advisory \n  Council........................................................    26\nKaren S. Evans, Partner, KE&T Partners, LLC......................    28\n\n                     Alphabetical List of Witnesses\n\nChenok, Daniel J.:\n    Testimony....................................................    26\n    Prepared statement with attachment...........................    79\nEvans, Karen S.:\n    Testimony....................................................    28\n    Prepared statement...........................................    99\nPowner, David A.:\n    Testimony....................................................     8\n    Prepared statement...........................................    59\nTangherlini, Hon. Daniel M.:\n    Testimony....................................................     4\n    Prepared statement...........................................    47\nVanRoekel, Steven L.:\n    Testimony....................................................     6\n    Prepared statement...........................................    53\n\n                                APPENDIX\n\nChart referenced by Senator Carper...............................   107\nChart referenced by Senator Carper...............................   108\nThe hearing referenced by Senator Coburn.........................   109\nResponses for post-hearing questions for the Record from:\n    Mr. Tangherlini..............................................   111\n    Mr. VanRoekel................................................   116\n    Mr. Powner...................................................   130\n\n\n                    IDENTIFYING CRITICAL FACTORS FOR.\n             SUCCESS IN INFORMATION TECHNOLOGY ACQUISITIONS\n\n                              ----------                              \n\n\n                         THURSDAY, MAY 8, 2014\n\n                                     U.S. Senate,  \n                           Committee on Homeland Security  \n                                  and Governmental Affairs,\n                                                    Washington, DC.\n    The Committee met, pursuant to notice, at 10:04 a.m., in \nroom SD-342, Dirksen Senate Office Building, Hon. Thomas R. \nCarper, Chairman of the Committee, presiding.\n    Present: Senators Carper and Coburn.\n\n              OPENING STATEMENT OF CHAIRMAN CARPER\n\n    Chairman Carper. Good morning, everyone. The hearing will \nbegin.\n    Dr. Coburn, our witnesses, our guests, I want to start off \nby just thanking you for joining us today, for your testimonies \nand your willingness to respond to our questions. My thanks to \nDr. Coburn and his staff, as well, for helping us to put this \nhearing together as part of our ongoing Committee effort to \nimprove how Federal agencies acquire, implement, and manage \ninformation technology (IT).\n    It is a topic near and dear to my heart. I know it is \nsomething that is near and dear to Senator Coburn\'s heart, \nsomething he has worked on, I have worked on for a number of \nyears as we took turns leading what was the former Federal \nFinancial Management Subcommittee. During our time in the \nSenate, we have heard about and chaired hearings on a number of \nsuccessful IT projects. I have also, unfortunately, worked with \nmy colleagues to determine what went wrong with a number of \nfailed projects.\n    One example of a successful government IT project is the \nWestern Hemisphere Travel Initiative, which went into effect in \n2007. The program addressed one of the main 9/11 Commission \nfindings, and that is before September 11, 2001, people could \nshow a border official one of hundreds of different kinds of \ndocuments in order to enter the United States at land borders \nand ports of entry (POE), making it difficult for officials to \nidentify fraudulent documents. Since 2007, people trying to \nenter our land ports must present a Department of Homeland \nSecurity (DHS)-approved secure card that communicates with \nCustoms and Border Protection (CBP) equipment to prove their \ncitizenship. The project required that Customs and Border \nProtection modernize its ports of entry infrastructure and IT \nsystems in order to enable the use of technology, which it did \nsuccessfully within 2 years. The program is still going strong \ntoday and has proven to be a very smart investment. In fact, \nthey continue to improve it.\n    Some examples of failed projects include USAJobs, which is \nrun by the Office of Personnel Management (OPM), along with the \nFederal Bureau of Investigation (FBI) digital case management \nsystem called Sentinel, and, of course, the failed launch of \nHealthCare.gov. With regard to HealthCare.gov, the \nAdministration was, fortunately, able to get things turned \naround quickly. More than eight million people--have signed up \nfor insurance, and a number of them through HealthCare.gov. \nBut, the stand-up, I think we will all agree, was abysmal, at \nleast initially.\n    Most struggling IT projects do not get the type of response \nor media attention that we saw with HealthCare.gov, a team of \nexperts rushing in to try to set things straight. Rather, what \ntypically happens is that we continue to sink more money into \nthese programs as they sputter along.\n    Now, the simple truth is that every organization, be it a \nFederal agency or a Fortune 500 company, faces a host of \nchallenges in implementing large IT projects. We faced plenty \nof challenges in my last job as Governor. We are not always \nsuccessful, either. But, from where I sit, it appears to me \nthat the Federal Government seems to have more problems than \nthe private sector, or it may seem that way because the \ngovernment\'s problems are more frequently on the front page of \nthe paper, given that they are paid for with taxpayer dollars.\n    Today\'s hearing will explore the challenges that \norganizations both in government and in the private sector face \nin implementing IT systems. It will also examine the steps \nagencies need to take in order to be successful. Several of our \nwitnesses today have significant experience working in the \nprivate sector, so I am especially interested in hearing about \nthe similarities and differences between the government and \nindustry. Most importantly of all, I am also interested in \nhearing about what lessons Federal agencies can learn from how \nindustry implements IT. I also want to hear from our witnesses \nabout what successes look like and what our agencies need to do \nto increase the likelihood that an IT project will succeed.\n    As I oftentimes quote former Federal Reserve Vice Chairman \nAlan Blinder, now back at Princeton teaching economics, he once \nadvised us in terms of how to reduce budget deficits, how to \nespecially rein in the growth of health care costs, he said, \nfind out what works and do more of that. Pretty good advice, \nnot just on health care, but on a lot of other things, as well.\n    Agencies need to get to the point where they succeed more \noften than not. But, all of us need to acknowledge that there \nwill always be projects that, despite our best intentions, wind \nup failing. When that happens, we need to make sure agencies \nknow how to pick up the pieces, avoid squandering the money we \nentrust to them on projects that should be scrapped.\n    With that having been said, we are glad you are here. \nSenator Coburn and I look forward to this. There is legislation \nout of the House--I think it is called the Federal Information \nTechnology Acquisition Reform Act (FITARA)--that Congressman \nIssa and others are pushing and it has been reported out of the \nHouse. This is a very helpful hearing for us to craft what we \nbelieve we should legislate and what we should do in response \nto and hopefully work with the House to pass legislation that \nwill help save some money and provide better service for the \nfolks we work for. Thanks very much. Senator Coburn.\n\n              OPENING STATEMENT OF SENATOR COBURN\n\n    Senator Coburn. Well, thank you, Mr. Chairman, and welcome \nto all of you. I appreciate your hard work.\n    IT is one of the areas where we waste more money than any \nother area in the government, except the Pentagon when you take \nIT out. Let us put the other one up first.\n    Twenty years ago, Bill Cohen, the Ranking Member on this \nCommittee, had a hearing.\\1\\ My question is, what has changed? \nWe still waste about 50 percent of all the money we spend on \nIT, and the question we have to be asking ourselves is, why?\n---------------------------------------------------------------------------\n    \\1\\ The hearing referenced by Senator Coburn appears in the \nAppendix on page 109.\n---------------------------------------------------------------------------\n    Twenty years later, we find ourselves sitting here having a \ndiscussion. Some things have changed. We have better leadership \nnow. Mr. Tangherlini, what you are doing, I congratulate you. I \nhave all the confidence in the Office of Management and Budget \n(OMB). I have some disappointment on the data center stuff, \nwhich I will talk about in the questions. The one thing that \nalso has changed is we are wasting more money now than we did \nback then on IT.\n    We are starting to put some good reforms in place, which I \ncongratulate all of you on. OMB set a goal 4 years ago of \nclosing 40 percent of the Federal data centers and saving $3 to \n$5 billion by the end of 2015. We are not there yet. Are we \nmaking progress? Yes. Do we need to make more progress sooner? \nYes. There is not the tracking that needs to go on, according \nto the Government Accountability Office (GAO).\n    I would tell you, I think every Member of this Committee \nsupports OMB\'s initiative and effort and wants it to succeed, \nand as Chairman Carper mentioned, that is why we reported a \nbill, the Federal Data Center Consolidation Act by Senators \nBennet, Ayotte, and Chairman Carper and myself, to enhance the \nconsolidation initiative and improve the quality of data. \nGreater transparency, clear metrics, and strong oversight, and \nnot just by us but by OMB, of the agencies, can make this \nconsolidation one of OMB\'s biggest successes in terms of \ndollars, but also in terms of how it impacts the rest of the \nFederal Government. GAO, in their recent report, now says that \nthe initiative has the potential to save far more than the \nearly estimates, far more, $10 billion over the next decade.\n    We are going to hear about some new plans today from OMB \nand the General Services Administration (GSA). I am excited for \nthat. What I do not want is for us, all of us, to lose focus on \na good set of initiatives that are in place, making progress, \nand saving money.\n    So, I welcome you here. I have some concerns that I will \nelevate and discuss in the question period. But, we have a \npretty good start. It can be better, and we will focus on that.\n    Mr. Chairman, thank you for holding this hearing.\n    Chairman Carper. Thank you, Dr. Coburn.\n    I would just say, this is certainly about saving money, and \nthere are a lot of cooperative efforts underway--to do that. It \nis a great way to provide better service. A good example is the \nVeterans Administration (VA). We have these huge backlogs. We \nhad these huge backlogs--they are still pretty big--for \nveterans applying for disability under the VA, and it had huge \nbacklogs. We had, basically, a paper system and we have a lot \nof folks who had been trying to get disability pensions because \nof Agent Orange, a huge backlog there, a huge backlog just \nbecause people were looking for a way to supplement their \nincome in the worst recession since the Great Depression. So, \nthat made a bad situation even worse. But, we are using \ntechnology and using that technology to whittle down the \nbacklog list. We are making very good progress, and that is an \nimportant thing.\n    Another area where we are trying to save some money, but \nalso to provide better service, is we have people that are on \nactive service in the Department of Defense (DOD). They operate \nunder one kind of electronic health record. Over here in the \nVA, they have a different kind of electronic health record. \nThey do not talk to each other, not interoperable, and there is \na great effort underway to make sure that they are \ninteroperable. So that when someone leaves active duty and \nmoves to veteran status, they can do so in a seamless way and \nwe can provide better health care at less cost to our veterans.\n    So, it works in a lot of ways. There are some good success \nstories out there. There are some that could be a good success \nstory. We want to figure out how we can work together to make \nsure there are a lot more success stories.\n    I am not going to introduce everyone individually. You all \nhave been good enough to come before us before. We are \ndelighted that you are here today. We appreciate your work very \nmuch.\n    Dan, I am going to ask you to lead us off, and then Steven \nand David, if you would, please. Thanks so much.\n\n     TESTIMONY OF THE HONORABLE DANIEL M. TANGHERLINI,\\1\\ \n      ADMINISTRATOR, U.S. GENERAL SERVICES ADMINISTRATION\n\n    Mr. Tangherlini. Thank you very much, and good morning, \nChairman Carper, Ranking Member Coburn, Members and staff of \nthe Committee. My name is Dan Tangherlini and I am the \nAdministrator of the U.S. General Services Administration.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Tangherlini appears in the \nAppendix on page 47.\n---------------------------------------------------------------------------\n    Before focusing on the topic of today\'s hearing, I would \nlike to take a moment to introduce to the Committee our new \nDeputy Administrator, Denise Roth, who, among other duties as \nour Chief Operating Officer (COO), will be working on internal \nGSA IT issues.\n    The challenges of technology procurement and delivery \nfacing the government have been a focus for better management \nand oversight throughout this Administration. Given GSA\'s \nmission, to deliver the best value in real estate, acquisition, \nand technology services to the government and the American \npeople, we believe we are uniquely positioned to help make a \ndifference in these efforts. Through better management of our \nown IT investments as well as offerings GSA provides \ngovernmentwide, GSA can support the Administration\'s efforts to \nbetter manage IT and to continue improving some of the \nlongstanding challenges.\n    Since my arrival at GSA, we have been focused on \nconsolidating and streamlining major functions within the \nagency to eliminate redundancy, improve oversight, and increase \naccountability. As part of GSA\'s top-to-bottom review, GSA \nbrought together all IT functions, budgets, and authorities \nfrom across the agency under an accountable, empowered GSA \nChief Information Officer (CIO) in line with the best practices \nfollowed by many modern organizations today.\n    GSA now has one enterprise-wide process for making IT \ninvestments, which ensures that investments are geared toward \nthe highest priorities in support of the agency\'s strategic \ngoals. We have set internal goals to reduce ongoing operating \ncosts to allow the organization to make better long-term \ninvestments using our enterprise-wide, data driven, zero-based \nIT budgeting process.\n    Consolidation also provides an opportunity to adopt the \nbest forward-leaning practices in supporting investments. In \nrecognition of the need to modernize not just applications, but \nhow we support IT and consistent with broader Federal efforts, \nGSA instituted a cloud-first policy that prompts all \napplication development initiatives to look first to the GSA \ncloud platforms available as technology solutions before \nevaluating legacy platforms with higher operating costs.\n    The focus of our transition has not been limited to what we \nbuild but also how we build it. Our move to an agile \ndevelopment shop has resulted in a significant increase in our \nability to rapidly deploy and scale. Consolidated IT governance \nis also helping GSA realize a high-performing IT environment as \neffectively and efficiently as possible while also providing a \nlevel of transparency and accountability that will lead to \ncontinuous ongoing improvement.\n    GSA also looks for opportunities to help agencies adopt new \ntechnologies and take advantage of digital services that \nimprove mission delivery and enhance their interactions with \nthe public. GSA helps to ensure that we have tools that allow \nthe government to access the ingenuity of the American people \nto help solve government\'s challenges.\n    GSA manages Challenge.gov, an award winning platform to \npromote and conduct challenge and prize competitions \ngovernmentwide. We are also leading efforts to open government \ndata to entrepreneurs and other innovators to fuel development \nof products and services that drive economic growth. GSA \noperates Data.gov, the flagship open government portal which \nenables easy access to and use of more than 90,000 data \ncollections from over 180 government agencies.\n    In addition, GSA recently announced the creation of 18F, a \ndigital delivery team within GSA that aims to make the \ngovernment\'s digital and web services simpler, more effective, \nand easier to use to the American people. By using lessons from \nour Nation\'s top technology startups, these public service \ninnovators are looking to provide support for our Federal \npartners in delivering better digital services at reduced time \nand cost and making the government a better consumer of IT \nservices.\n    GSA\'s internal IT reforms, acquisition solutions, and \ndigital services are in keeping with our mission to deliver the \nbest value in information technology solutions to the \ngovernment and the American people. GSA still has a lot of work \nahead of us and I am grateful for the Committee\'s support of \nour reform efforts.\n    I appreciate the opportunity to appear before you here \ntoday and look forward to any questions that you might have. \nThank you.\n    Chairman Carper. Thank you, Dan. There will be some \nquestions.\n    Steve, you are up. Thank you so much.\n\n  TESTIMONY OF STEVEN L. VANROEKEL,\\1\\ U.S. CHIEF INFORMATION \n         OFFICER, U.S. OFFICE OF MANAGEMENT AND BUDGET\n\n    Mr. VanRoekel. Thank you, sir. Chairman Carper, Dr. Coburn, \nCommittee staff, thank you for the opportunity to testify \nbefore you today about the best practices and factors for \nsuccessful acquisition and implementation of Federal \ninformation technology.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. VanRoekel appears in the Appendix \non page 53.\n---------------------------------------------------------------------------\n    During my nearly 20 years in the private sector, I woke up \nevery day focused on improving and expanding core services and \ncustomer value while also cutting costs. I brought this focus \nwith me to the Federal Government. When I joined the \nAdministration in 2009, and the Office of Management and Budget \nin 2011, I found willing partners in this mission and have \nspent the past 3 years at OMB focused on driving innovation to \nmeet customer needs, maximizing our return on investments in \nFederal information technology, and establishing a trusted \nfoundation for securing and protecting our information systems.\n    Constantly improving the state of Federal technology is a \npriority for this Administration and a mission that OMB takes \nvery seriously. In these times of fiscal constraint, this means \nwe must drive innovation while controlling spending by \nmaximizing effectiveness and efficiency in everything we do.\n    The Administration\'s first term efforts largely focused on \nestablishing mechanisms to stop the growth of IT spending, \npromoting new technology such as cloud computing, mobile, \nopening up Federal Government data for private sector use, \nenhancing cyber capabilities, and deploying Federal technology \nas a tool to increase efficiency and allow government to do \nmore with less.\n    In the decade prior to this Administration, the Federal IT \nbudget increased at the Compound Annual Growth Rate of 7.1 \npercent a year. If spending increased at the same rate during \nthis Administration, our current IT budget request would total \n$117 billion. However, through our PortfolioStat data-driven \naccountability sessions, Federal agencies enhance their \nanalytical approaches to more effectively manage their IT and \nimprove IT cost oversight. The result is over $2.5 billion of \nidentified cost savings and $1.9 billion of realized savings \nthrough the PortfolioStat process.\n    During this Administration, we flatlined Federal IT \nspending, driving efficiencies and fueling innovation across \nthe Federal technology portfolio through initiatives like data \ncenter consolidation, cloud computing, and the Administration\'s \nDigital Government strategy, all the while working to keep \nFederal data safe and secure.\n    One of the pillars of the President\'s Management Agenda is \na focus on increased effectiveness, finding ways to deliver \nworld class customer services to citizens and businesses. Our \nefforts underway on Smarter IT delivery are a key part of this \nwork. To deliver citizens the services they expect from their \ngovernment, we must shift the focus of Federal Government IT \nprojects from compliance and process to meeting user needs. We \nmust be intensely user-centered and agile, involve top talent \nfrom the private sector in government IT projects, and ensure \nagency leadership is actively engaged and accountable to the \npublic for the success of the digital services of their agency.\n    To support this effort, the Administration\'s Smarter IT \nDelivery Agenda focuses on ensuring the Federal Government has, \none, the best talent working inside government; two, the best \ncompanies working with the government; and, three, the best \nprocesses in place to make sure everyone involved can do their \nbest work and be held accountable for delivering excellent \nresults for the American people. This agenda aims to increase \ncustomer satisfaction with top government digital services, \ndecrease the percentage of Federal Government IT projects that \nare delayed or over-budget, and increase the speed by which we \nhire and deploy qualified talent and vendors to work with \ngovernment on these IT projects.\n    As in any organization, public or private, IT excellence \nstarts with having the best people executing the IT. While \nthere are many talented IT professionals across our government, \nit is clear we need to broaden and deepen this talent pool to \nmeet present and future needs.\n    To this end, we are building a new capability called the \nDigital Service. The Digital Service will be made up of a \nmodest team of some of our country\'s best digital experts. This \nteam will be housed in my office at OMB and it will be charged \nwith proactively establishing standards to bring the \ngovernment\'s digital services in line with the best private \nsector experiences, define common platforms for re-use that \nwill provide a consistent user experience, collaborate with \nagencies to identify gaps in their delivery capacity, and \nprovide oversight and accountability to ensure we see results.\n    The Digital Service is a close partnership with the 18F \ndelivery team at GSA and will work side-by-side with agencies \nto ensure they have the resources and talent that they need to \ndeliver great services on time, on spec, on budget, with \noptimal user functionality.\n    In conclusion, it is apparent that in today\'s world, we can \nno longer separate the outcomes of our Federal programs from \nthe smart use of technology. By increasing an emphasis on \ncustomer need and making it faster and easier for individuals \nand businesses to complete transactions with the government, \nonline or offline, we can deliver the world class services that \ncitizens expect.\n    Mr. Chairman, Dr. Coburn, thank you for holding this \nhearing and inviting me to speak today, and I appreciate the \nCommittee\'s interest and ongoing support. I am excited to \ncontinue our dialogue in questions today. Thanks.\n    Chairman Carper. All right. Thank you, Steve.\n    David, please proceed.\n\n   TESTIMONY OF DAVID A. POWNER,\\1\\ DIRECTOR OF INFORMATION \n TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY \n                             OFFICE\n\n    Mr. Powner. Chairman Carper, Dr. Coburn, we appreciate the \nopportunity to testify on how the Federal Government can better \nmanage its annual $80 billion investment in information \ntechnology.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Powner appears in the Appendix on \npage 59.\n---------------------------------------------------------------------------\n    Of this $80 billion, about three-quarters is spent on \noperational or legacy systems and the remaining goes toward new \ndevelopment. Therefore, it is vitally important that new \nsystems acquisitions are managed effectively and that the \ngovernment finds more efficient ways to deliver existing \nservices.\n    Over the past 5 years, OMB has initiated excellent efforts \nto do just that. This morning, I would like to highlight four \nsignificant initiatives: Data center consolidation, \nPortfolioStat, the IT Dashboard, and TechStat sessions. For \neach of these, I will highlight accomplishments to date, but \nalso what needs to be done to get even more out of these \ninitiatives. I will also discuss the report we are releasing at \nyour request, Mr. Chairman, on incremental development.\n    Starting with data center consolidation, OMB started a data \ncenter consolidation effort in 2010 to address the government\'s \nlow server utilization rates, estimated, on average, at 10 to \n15 percent, far from the industry standard of 60 percent. This \neffort was also to result in $3 billion in savings across all \ndepartments. Our ongoing work shows that the number of centers \nis now more than 10,000. About 750 have been closed or \nconsolidated to date. Over $1.3 billion in savings has \nresulted, and agencies estimate another $3 billion in savings \nin fiscal years 2014 and 2015. Therefore, expected savings \nthrough 2015 should be around $4.5 billion.\n    Chairman Carper. Is that cumulative?\n    Mr. Powner. Yes, that is cumulative. Now, if you go beyond \n2015, Mr. Chairman, you are in that $10 billion price range \nthat you mentioned, Dr. Coburn.\n    Better transparency on the savings is needed, in our \nopinion, and the legislation this Committee has introduced \nwould do just that.\n    OMB recently expanded the data center consolidation effort \ninto a larger initiative called PortfolioStat to eliminate \nadditional duplicative spending in administrative and business \nsystems. OMB reports that agencies have achieved about $2 \nbillion in savings on this initiative through 2013. The target, \nbased on our work going out to each agency, is actually $5.5 \nbillion, and there are over 200 PortfolioStat initiatives that \nagencies are currently working on to eliminate duplicative \nspending. It is critical that these 200 initiatives are driven \nto closure so that the $5 billion in savings can be achieved.\n    Now, turning to initiatives that help better manage large \nIT acquisitions. The IT Dashboard was put in place to highlight \nthe status and CIO assessments of approximately 750 major IT \ninvestments across 27 departments. The accuracy of the \ndepartment has improved over time, with certain agencies \nreporting more accurately than others. Here is what the \nDashboard tells us. Of the 750 major investments, about 560 are \nin green status, 160 are in yellow, and 40 are in red, so there \nare about 200 projects where the government will spend about \n$12 billion that are at risk and need attention. Only eight \nagencies report red, or high risk, projects. Nineteen agencies \ndo not have high-risk investments.\n    Mr. Chairman, there are three things that need to happen to \nmake the IT Dashboard a better accountability mechanism. First \nof all, all major investments need to be listed on the \nDashboard. Our work has shown that several investments, like \nthe Department of Energy (DOE) supercomputers, are not listed \non the Dashboard. Ratings need to be even more accurately \nreported. There are clearly more than 200 projects that are \nmedium-or high-risk.\n    And, OMB and agencies need to aggressively govern the at-\nrisk investments using TechStat sessions. OMB held about 80 \nTechStat sessions and had great results that included scaling \nback and even terminating failing projects. OMB subsequently \nempowered CIOs to hold TechStat sessions with their respective \nagencies, a move we agree with, but we also strongly think that \nOMB should hold TechStat sessions on a selected basis for \neither troubled projects or projects that are top national \npriorities. OMB recently told us that they only held two \nTechStat sessions in 2013. This is clearly not enough. Agencies \nalso need to better use IT acquisition best practices that \ninclude executive involvement in getting your requirements \nright early.\n    Finally, a major aspect of the IT reform plan of 2010 \ncalled for agencies to deliver in smaller increments to be \nsuccessful. Our 2011 report on successful acquisitions proved \nthis as all seven examples were increments of larger projects. \nThe report we are releasing today shows that three-quarters of \nthe IT acquisitions are not planning to deliver within 6 \nmonths, and less than half plan to deliver within the year. \nTherefore, we still have too many ``big bang\'\' projects that do \nnot deliver anything for years and, therefore, run a high risk \nof failure.\n    Chairman Carper, Dr. Coburn, thank you for your continued \noversight of these issues. We look forward to working further \nwith you.\n    Chairman Carper. Thanks so much.\n    Would you go back to the beginning of your statement. There \nwas a sentence near the beginning where the letters ``OMB\'\' \nappeared and the word ``excellent\'\' appeared. Would you go back \nand read that sentence again.\n    Mr. Powner. Yes. OMB has initiated excellent efforts to do \njust that, and they are. These are all great initiatives. All \nfour of them are tremendous initiatives. The key is to drive \nthem to closure so that we get the savings that are currently \non the table. Data center consolidation: the goal was $3 \nbillion through 2015. Agencies are telling us they can save \n$4.5 billion through 2015, and if you go out to about 2018, it \nis about $10.5 billion on the table.\n    Chairman Carper. And you have already said this before, but \nin terms of what needs to be done to make sure we reach that \ngoal--just run through, if you will, some of your \nrecommendations. It is one thing to launch excellent \ninitiatives. It is another thing to actually realize them. But, \njust highlight for us again some of the steps that need to be \ntaken to make sure that we realize the promise.\n    Mr. Powner. Well, what is very good on data center \nconsolidation, it is publicly available that you could look at \nthe closures to date----\n    Chairman Carper. Yes.\n    Mr. Powner [continuing]. And there are great success \nstories. I can tell you about some of the closures that----\n    Chairman Carper. Good. Some of the other initiatives beyond \nthe consolidation of the data centers, please.\n    Mr. Powner. Oh, beyond the data centers?\n    Chairman Carper. Yes.\n    Mr. Powner. Well, if you look at the TechStat sessions, the \nIT Dashboard, a number of things with the IT Dashboard. You \nhave to get all investments on the IT Dashboard. There are some \ninvestments that are listed as non-major that are huge dollars \nthat are not listed. DOE\'s supercomputers are not listed on the \nDashboard. There are satellite programs that should be listed \non the Dashboard.\n    So, first of all, we have to get everything on the \nDashboard. A good example is DOD, for a long period of time \nthey only listed 93 major investments on the Dashboard. The \nSenate Armed Services Committee (SASC) held a hearing a couple \nmonths ago. It was highlighted that a number of investments \nwere not on the Dashboard. They report 118 today. Ninety-three \nto 118, great progress. So, we have to get them all on there.\n    We have to get accurate assessments on the Dashboard, and \nthen we need to use TechStat sessions to fix failing projects \nor projects that are in trouble. The 80 TechStat sessions that \nOMB initiated in the 2010 and 2011 timeframe, it was excellent. \nThere were some projects that were descoped, turned around. A \nfew were terminated. It was very successful in terms of \nfocusing on large-scale IT acquisitions and fixing it. We need \nto go back to doing more of that.\n    Chairman Carper. All right.\n    Steven, are you going to sit there and take this? \n[Laughter.]\n    Would you like to say anything? You can accept the praise, \nor just address some of the--I think you would be smart to \naccept the praise, but then say, well, David has some points \nhere and here is what we are doing about it. Go ahead.\n    Mr. VanRoekel. Yes. He had me at excellent, sir. \n[Laughter.]\n    I think that if you look at the work being done and think \nabout how to get the activity we want to see in Federal IT, I \nam a huge fan and have done a lot of work to think about what \nkind of transparency mechanisms we are doing. Are we enhancing \nthe IT Dashboard? What are we doing there to hold people \naccountable?\n    I think, much like I saw throughout my career in the \nprivate sector, transparency is one part of it. You also have \nto set up the right incentives to make sure that it yields the \nbehavior you want to see. Just simply going out and telling \nagencies, close X-amount of data centers, is an ends, not a \nmeans, without telling them, here is how to get there. You have \nto set up the structure, and I will give you an example.\n    If an agency has two data centers that are right next door \nto each other, share a common wall, say, and I say, close 50 \npercent of your data centers, they will take down the wall in \nbetween and two suddenly goes to one and they have reduced \ntheir total inventory by 50 percent.\n    Instead, what we have been doing is thinking about what are \nthe core elements that make closing down a data center so \nessential. It is, how much power are you using? How much square \nfootage is this data center? What is your utilization of the \ndata center, and all of those things. Because data centers are \nessential to government, and making sure that we create centers \nof gravity and ones that use low power, that have the lowest \ncosts, that are running modern technology is the motivation.\n    Just this week, we launched PortfolioStat 2014, so, the new \nPortfolioStat guidance actually went out to agencies yesterday. \nAnd in that guidance, we actually contain within a whole set of \nincentives and key performance indicators (KPI) that basically \ntell agencies, one, identify these centers of gravity. Identify \na highly optimized data center. For everything else in your \ninventory, I either want you to shift that to the cloud or I \nwant you to close it down. And, the mechanisms and the \nincentives we have set up are doing this.\n    I talk to large private sector CIOs--General Electric, Wal-\nMart, some of those companies. When they talk about \nconsolidating their data centers, they will literally say some \nof their divisions will bring forklifts in and pick up their \ndata centers and move them to a bigger room, and suddenly, five \nbecame one, which does nothing to drive down costs or drive \nefficiency or a different outcome.\n    And so what we have done is not only thought about the \ntransparency--and, by the way, the number of data centers in \nthe inventory have grown because I expanded the definition to \nget more--I wanted to uncover everything out there to make sure \nwe are not growing----\n    Chairman Carper. Something like that happened with respect \nto improper payments----\n    Mr. VanRoekel. Exactly.\n    Chairman Carper [continuing]. The first improper payments, \nthe amount of improper payments grew, it was because agencies \nwere finally reporting it and identifying it.\n    Mr. VanRoekel. That is right. We are closing, not growing. \nThe inventory is growing because the diligence is going up and \nthe quality of the inventory is going up. So, I wanted to get \neverything on the table and then make sure that we are bringing \nall that in and the right incentive structures.\n    Chairman Carper. Let me just ask you, anything that David \nmentioned in terms of additional steps that need to be taken to \nensure that the full potential of these initiatives is \nrealized, is there anything that he said that you disagree \nwith? Is there anything that he has mentioned here--and this \nwould be for any of you--that Dr. Coburn and I, our Committee, \nthe Senate, the House, could be helpful in better ensuring that \nwe realize the potential in these initiatives? Our response. \nThis is a team sport. We are part of the team.\n    Mr. VanRoekel. Yes. And, I agree with his point on the \npower and the results that we saw through the TechStat process. \nWhat we did is, we have a very finite resource in our staff at \nOMB. It is small, a double-digit number of people on the team, \nand we have a lot of statutory responsibility and a lot of \nother responsibilities we do to formulate the budget and work \non lots of other things in the interest of Congress.\n    What we did to scale that effort was actually go out and \ntrain employees and agency technical officials on how to run \nTechStat. We have trained over a thousand people in running \nTechStat and it is starting to become a cultural element inside \nturning around projects.\n    I think the issue with TechStat is that it is, by its \nnature, a reactive motion. It is when something is going wrong, \nwe step in and look at things, versus getting in on the front \nend. Yesterday, I had a Senate Appropriations hearing and I \ntalked about supporting our fiscal year (FY) 2015 request, \nwhich really aims to build capacity on my team to get out in \nfront of some of these things and do what we have done in a \nreactive way more proactively with agencies.\n    Chairman Carper. OK. The second half of my question, and I \nam over time, but I want to just maybe do it quickly. Our \nresponsibilities--what can we do? Dr. Coburn and I, our staffs, \nour colleagues here, try to do oversight, and we are told--\nwhenever I ask--a lot of times, I ask, well, what can we do to \nbetter ensure that we are doing the right thing there across \nthe board in all kinds of initiatives that are oftentimes \nidentified by GAO, on their High-Risk List, and what we hear \nagain and again is, oversight, oversight, oversight. It \nactually does help.\n    But, in terms of what we can do to supplement and increase \nthe likelihood that we will be fully successful in these \ninitiatives. We will start with you, David. What further should \nthis Committee be doing under our leadership?\n    Mr. Powner. Well, first of all, I think your oversight and \nthe hearings you hold on troubled projects--it is OK to be red \nand yellow, but are we doing something about it? And I agree \nwith Steve that we need to be proactive, but the reality is, \ngood IT governance, you have a lot of programs that get \nstarted, then risks come up, and there are a lot of risks and \nyou need to deal with them. So, that is where the TechStat and \nstrong governance is important and your oversight is very \nimportant there.\n    I do think, because there is so much money on the table \nwith data center consolidation, that your legislation is \nessential. I am not certain we are going to get to the $10.5 \nbillion without legislation and strong Congressional oversight, \nwhere those reports go to you on an annual basis and we keep \nthe foot on the gas pedal.\n    Chairman Carper. Anything else you want to add to that \nbefore Dr. Coburn takes over?\n    Mr. Tangherlini. I would simply add that there is actually \nan awful lot of good that is happening within Federal IT, and \nas we focus on issues of oversight and as we do reviews, as we \neven do the stats, we should be thinking about the places where \nwe are actually succeeding and making progress so that we can \nmore widely disseminate and share that experience with agencies \nso that they can model the best behavior, not just have \nevidence of the worst.\n    Chairman Carper. Good. Well, I think this glass is \ndefinitely half-full, maybe more, and we want to fill it up \neven more. Dr. Coburn.\n    Senator Coburn. This is the first hearing I have been to in \na long time that, really, there are a whole lot more positives \nthan there are negatives, and I congratulate you all on it.\n    David, there is a discrepancy in terms of what OMB has \nlabeled as high-risk IT projects. I think they have labeled \nself-reporting from a one to a five. They have, like, 40, and I \nthink in your testimony, it was 200. What is the difference \nthere between you and Steve? Why do you see 200 and they see \n40, and is it a matter of downgrading the risk so that you look \nbetter, or is there just a difference in the assessment, \nbecause that is a 500 percent difference.\n    Mr. Powner. Yes, Dr. Coburn. So, there are about 40 red \ninvestments on the Dashboard and about 160 yellow, so that is \nhow we get to the 200 we deem at-risk investments. There are a \nlot more than 200. That includes DOD reporting zero reds----\n    Senator Coburn. Yes, which is----\n    Mr. Powner [continuing]. And really not that----\n    Senator Coburn. Which is ridiculous.\n    Mr. Powner. Not that many yellow. I will say, though, on \nthe importance of Congressional oversight, that I was recently \nat a hearing in front of the SASC. DOD is now committed. Their \nreport went from 93 to 118 investments. They have committed now \nto update the Dashboard every 6 months, they say, but their \nprocess--monthly is unrealistic. That is progress.\n    They also said--I thought this was very good, DOD--with \ntheir Enterprise Resource Planning (ERP) history and failure, \nespecially with Expeditionary Combat Support System (ECSS), \nthey said, if we have an ERP system, we are going to \nimmediately put it as red on the Dashboard and manage it \nappropriately. I think that is actually progress, given their \nhistory and the failures they have had.\n    So, that is where the Dashboard--the 200 is well \nunderstated in terms of projects that are at risk. There are \nmany more. But, again, we do see some agencies moving in the \nright direction with more accurate reporting and doing \nsomething about it.\n    Senator Coburn. Steve, were you gamed a little bit by some \nof the agencies in terms of downgrading their risk? You allowed \nthem to grade it, right? You all did not grade it.\n    Mr. VanRoekel. This is self-reported, yes.\n    Senator Coburn. Yes. So, have you done anything from a \nmanagement standpoint of saying, hey, guys, here are the real \nguidelines?\n    Mr. VanRoekel. Well, I think the first order of business, \nmuch like the mentality I would use in the private sector, is \nthat self-reporting is not the best mechanism----\n    Senator Coburn. Right.\n    Mr. VanRoekel [continuing]. To track this stuff, and so we \nput into place other mechanisms to do that. The first one is \nactually in the IT Dashboard. It is a feature I added where I \ncan tell if an agency is rebaselining, they are moving the goal \nline on their cost or their schedule or things like that. I \nget, now, an indication if that is happening and so we can see. \nA lot of times in the past, we would see someone bright green, \nbut they were moving the goal line a lot and then you knew that \nsomething was wrong in that sense.\n    The second thing is the PortfolioStat process actually \nestablishes a whole host of key performance indicators that we \nhold agencies accountable to, and most of that, leading up to \nwhere we had today, because we had to get our arms around the \ngrowth of IT spend, was really focused on efficiency. It is \nliterally, like, how many e-mail systems are you running, \nbecause it is unthinkable to run more than one. How many mobile \ncontracts do you have? How many of this? Kind of rooting out \nduplication inside the agency.\n    In 2014, the guidance that came out this week, we inflect \nand build upon that by adding effectiveness KPI. So, we ask \nagencies to identify, what are your key mission critical \ninvestments, like, give us the top two or three that we want to \nmake sure that we are applying a new playbook to to make sure \nthat you are taking 21st Century principles and holding them \naccountable to these key performance indicators. So, like I \nsaid, it is about those metrics, about those indicators, but it \nhas been the incentive structure we put behind it to get the \nbehavior we want.\n    Senator Coburn. So, having said that, you would expect the \nDashboard to reflect more and more the numbers that GAO is \nactually reporting on rather than what the self-reporting is?\n    Mr. VanRoekel. I anticipate that we will see changes in the \nIT Dashboard over time that pick some of this capability up for \nsure, yes.\n    Senator Coburn. All right. In terms of the TechStat, in \nterms of agencies reporting this each month, there is a real \nlack of performance on agencies in terms of meeting that \nmilestone each month, just in terms of reporting that. Where \nare we on that, and what have you seen, David--you mentioned it \nin your testimony--in terms of compliance with that? Because as \nI read the briefing for this and read your testimony, it seems \nthat that is one area where we are not having much compliance \nwith the agencies. What do you see?\n    Mr. Powner. Well, I think it varies across the board, Dr. \nCoburn, and I think some agencies have very strong IT \ngovernance processes and they hold TechStat-like meetings and \nalways have, even prior to TechStat existing. IRS----\n    Senator Coburn. Do you correlate that at all with a strong \nCIO position?\n    Mr. Powner. Absolutely. DHS, I think the governance \nprocesses they are trying to roll out, and have been for a few \nyears now, the processes are very good. We have written \nreports, the processes are good. Now, we need to implement it \non more and more of these projects. The Internal Revenue \nService (IRS) is another example. It is an organization that \ncame off our High-Risk List because they have pretty strong \nleadership. They have strong governance processes.\n    We see pockets of success, so it can be done, but then we \nsee other agencies that we do not get the amount of governance \nthat you would expect. That is why we are strong proponents of, \nand I understand Steve is challenged to do a lot of things with \nhis responsibilities, but when he kind of hovers in and does a \ncouple TechStat, it gets attention and it gets movement in the \nright direction.\n    Mr. VanRoekel. One of the goals, one of my agendas related \nto PortfolioStat was not only setting up a data-driven \nmechanism to start going in and understanding Federal IT. When \nI came to the job in 2011, I could not really tell you what an \ne-mail box should cost in government. I could not sit down and \nhave a face-to-face with an agency and say, boy, you are \nspending too much, you are not on par, things like that. I now \nhave that and I now know that because we were able to gather \nbroad sets of data across government and process that in a way.\n    Not the secret agenda, but the goal of PortfolioStat, in \naddition to just gathering that data, was I hold a face-to-face \nmeeting with the Deputy Secretary and all the C-level \nexecutives of the agency and we sit down every summer and go \nthrough a very long set of metrics, KPIs, and talk about the \nstate of affairs within their agency. The goal of those \nsessions is actually to teach an agency, who are typically not \noptimized around management, more optimized maybe around the \npolicy agenda they are running--is to teach them how to run a \nprivate sector Investment Review Board.\n    Senator Coburn. Yes.\n    Mr. VanRoekel. If you were in a company, you would put all \nyour C-level executives. You would have your mission goals up \non the screen. And then you would dovetail that into, what are \nour resources to go execute that mission and what are the tough \ndecisions we need to make to get there?\n    The Government Performance and Results Modernization Act \n(GPRA) coupled with these sessions and some principles that we \nbring in through our policy work, I think, are the combination \nwe need to go drive this stuff forward, to teach them how to \nrun this. I end up bolstering the authority of not only the CIO \nin those meetings, but the acquisition officer, the human \ncapital officer, and it really takes the combination of all \nthose people working in--the lawyer on the team--working in \nconcert to meet that shared mission.\n    Senator Coburn. Yes. What is your answer to David\'s worry \nthat there are not enough TechStat meetings and that the \nbenefits from those--I guess what you are saying is, there is a \ndiminishing return. When you started this, there was a lot of \nreturn for these TechStat meetings, and having two in 2013--\nDavid is worried that we are not getting as much bang because \nwe are not having as many of those and he feels those really \ndrive change within the agencies. You have had to put a budget \nout every year, and the year that you spent all this time on \nthis, you were still putting a budget out, so I am not inclined \nto buy the time limitation as much as saying you have done it \nbefore, why can we not do it now?\n    Mr. VanRoekel. With the limited resources on the team, I \nput prioritization behind getting the foundation in place----\n    Senator Coburn. Which is what you did.\n    Mr. VanRoekel [continuing]. Is what I am doing around \nPortfolioStat and other things to make sure that we were not \ncausing more TechStats to be had in the future. We had to get \nthe foundation set up in a way that we could deliver mission \nsolutions. We were not in a place when all these TechStats were \nhappening before, and what would happen is we just spent all of \nour time doing TechStats.\n    Senator Coburn. Yes.\n    Mr. VanRoekel. I truly feel, if you have spending under \ncontrol, you consolidate all your commodity computing, you get \nthings streamlined in an agency in order to deliver the mission \noutcomes you want to do, you teach them how to run an \nInvestment Review Board, you create this sort of virtuous cycle \nand cultural shift, you can then go in and deliver mission \nsolutions in more 21st Century ways, and that is what we are--\n--\n    Senator Coburn. But, does GSA have the capability to help \nyou in that area? I would ask you, and then I would ask Dan. I \nmean, do they have the expertise where you can say, hey, guys, \ncome over here and help us on this TechStat.\n    Mr. VanRoekel. Absolutely.\n    Senator Coburn. And you spread your resources by utilizing \nsome of them.\n    Mr. VanRoekel. Well, where we have utilized our partnership \nmostly with GSA, which I think is core to both of our missions, \nhas been looking for those opportunities where, coming out of \nPortfolioStat sessions, coming out of these things, what are \nthe core capabilities we should be delivering governmentwide, \nthat we should not do it, every agency doing their own thing.\n    Senator Coburn. Yes.\n    Mr. VanRoekel. We should just do it once. And then, to that \nend, we have done many things, like the Federal Risk and \nAuthorization Management Program (FedRAMP) cloud security \nprogram has come out and now is run by GSA. The mobile device \nprogram, we now have a family plan for government, so you can \nshare minutes now across agencies and drive efficiencies that \nway. And so we are doing a lot to partner on that front.\n    And then now, I believe, this 18F capability that Dan \ntalked about in his testimony is also essential--and we are so \nfriendly, I call him Dan--Administrator Tangherlini----\n    Mr. Tangherlini. Yes.\n    Mr. VanRoekel [continuing]. That this capability is \nessential, too, now that we are inflecting and building upon \nthe efficiency work to get into effectiveness.\n    Senator Coburn. OK.\n    Mr. Tangherlini. I would just echo Steve\'s comments and say \nthat GSA and OMB actually do have a very collaborative \nrelationship. Though, we have recognized that there is white \nspace there that we can grow into. So, we created the 18F \nactivity to help us begin to get the ability to be a better \nconsumer of IT resources by having a better understanding of \nhow IT technology is actually developed. Having coders and \ndevelopers on staff is going to make it possible for us to help \nagencies better define their scopes of work so that they can be \na better consumer of those resources.\n    Working very closely with the Office of Federal Procurement \nPolicy Office (OFPP), on things like what Steve mentioned, \nstrategic sourcing, but also building stronger capabilities, \nsuch as our OASIS contract, our services contract, that allows \nagencies to buy things once and well, and rather than putting \nan awful lot of effort into the actual acquisition activity, \nthey can focus more of their effort on defining scope and \nunderstanding how to better manage that contract.\n    So, I think that those are some of the ways we are working \ntogether, but we do believe that there are many opportunities \nfor us to partner more closely.\n    Senator Coburn. But, 18F is really small scale projects.\n    Mr. Tangherlini. Eighteen-F is really small scale projects \nbecause it is really small scale.\n    Senator Coburn. Yes.\n    Mr. Tangherlini. But, it helps agencies begin to think \nabout better ways to approach much larger projects and----\n    Senator Coburn. But, a case can be made, for the hard, big \ndollar projects, a TechStat intervention, I would call it, can \nbe very beneficial, and I think that was Dave\'s point. I mean, \nhow many TechStat meetings have happened at DOD in the last \nyear?\n    Mr. VanRoekel. That is a better question for DOD on \nspecifics, because we train people to run----\n    Senator Coburn. I know, but the point is, half of our \nspending on IT really goes through DOD.\n    Mr. VanRoekel. Yes.\n    Senator Coburn. And, more than half of our waste goes \nthrough DOD.\n    Mr. VanRoekel. I think the key--if I might----\n    Senator Coburn. Sure.\n    Mr. VanRoekel. I think the key is the big projects. Part of \nthe cultural transformation we are in, if you were to go to a \nleading private sector company and talk to them about how are \nthey delivering solutions, they would never say to you, we are \ndoing big projects. Nobody does the big monolithic, I am going \nto take 3 years to ship something, approach. Every time you go \nto Facebook or Amazon.com, you are probably getting a new \nversion of it and not even realizing that you are getting a new \nversion. It is just updates happen----\n    Senator Coburn. They are doing continuous process \nimprovement within their IT.\n    Mr. VanRoekel. Something we call agile development versus \nmonolithic. The history of government IT has really been \ndefined by a waterfall, monolithic approach, and part of the \ngoal here on 18F, on the work we have been doing and the policy \nframework, the guidelines we are doing, the playbook as part of \nour smarter IT, is all about how do we get out of this \ncompliance waterfall culture and do more of an agile culture.\n    Senator Coburn. Yes, I agree.\n    Mr. VanRoekel. I want to know what agencies can ship in 60 \ndays, not what they can ship in 3 years.\n    Senator Coburn. Yes. I am way over time and I----\n    Mr. VanRoekel. Sorry.\n    Senator Coburn. I guess I take it from you that you are \npretty tight on--you are going to do the TechStats that you \nthink you need to do, and numbers do not matter, outcomes \nmatter.\n    Mr. VanRoekel. I think proactivity matters a lot.\n    Senator Coburn. OK.\n    Mr. VanRoekel. And, I think getting in front of a lot of \nthis stuff versus reacting to it is essential.\n    [Pause.]\n    Senator Coburn. Tom and I just discussed--I have a lot of \nother questions. I am going to put them into written form and \nthen get you to answer them back, OK.\n    [Pause.]\n    Chairman Carper. I am going to ask our staff to put up a \ncouple of posters, please.\n    The focus of this hearing is to examine the best practices \nand the critical factors that lead to successful acquisition of \ninformation technology investments. Both GAO and the \norganizations that Mr. Chenok represent--I think he is going to \nbe on our next panel, but I think he represents the Industry \nAdvisory Council--have done some work on that question.\n    I had asked that a couple of posterboards be printed up \nthat list the critical success factors that GAO found and the \n7-S for Success Framework\\1\\ that Mr. Chenok will testify about \nin a few minutes. But, I would want to ask this panel to \ncomment on these exhibits, whether they agree with these \nfindings and any other thoughts that you all might have as we \ntry to determine what it takes to successfully implement IT \nprojects in the Federal Government.\n    The first one that I am looking at here is Common IT \nInvestment Acquisition Critical Success Factors.\\2\\ It is not a \ntop 10, but it is a top 9. I would like for you all just to \nlook down that list, and then, if you will, the 7-S for Success \nFramework that has been provided for us and white paper by Mr. \nChenok. They are going to be releasing it in conjunction, I \nthink, with this hearing.\n---------------------------------------------------------------------------\n    \\1\\ The chart referenced by Senator Carper appears in the Appendix \non page 107.\n    \\2\\ The chart referenced by Senator Carper appears in the Appendix \non page 108\n---------------------------------------------------------------------------\n    But, David, if you want to lead off and just comment on \nthese success factors, if you would, please.\n    Mr. Powner. Yes. I think there is a lot of commonality \nbetween the two lists, and what this is really about is \ngovernance. It starts with governance, getting the senior \nexecutives engaged on these projects. A lot of failures, we do \nnot have executive sponsorship. There is a lot up here about \nhaving the right staff, having the right stakeholders, and that \nincludes the business partners on these IT acquisitions, \ngetting your requirements right up front, and then there are \nsome things on testing.\n    But, I would like to highlight one key point here, Mr. \nChairman, and it is on No. 6, software development is agile, \nand piggyback off of what Steve said. These common success \nfactors, the nine, they were based off of seven projects that \nwere all increments of larger projects. So, going small \nmatters. We do not go small enough in the Federal Government.\n    The IT Reform Plan of 2010 had a requirement that we \ndeliver within 12 months. Steve upped the ante at OMB and said, \nwe are going to now require 6 months. So, we did a review--we \nare releasing the report today of 90 major IT acquisitions. \nAbout a quarter of them are planning to deliver within 6 \nmonths. Less than half are planning to deliver in a year. So, \nmany of these projects go years without delivering.\n    Steve is absolutely right. We need to go small. That is the \nbig difference between government and the private sector. They \ngo smaller much better, OK. When I was in the private sector 10 \nyears ago, we were doing 90-day deliverables all the time.\n    So, what do we do to fix it? In that report, we have a \nrecommendation that in their Exhibit 300 process, that \nagencies--there are about 275 of the 760 investments, about 275 \nare in development, OK, the rest are more in legacy. Two-\nhundred-and-seventy-five--it is not that many governmentwide. \nThey should clearly identify whether they are delivering in 6 \nor 12 months, whatever we want to pick. I do not care. You can \nchoose either one. And if they are not delivering at least \nwithin a year, we ought to think real hard about whether those \nprojects ought to be funded. That is how you would fix it. That \nwould be the solution.\n    Chairman Carper. Good. Thanks.\n    Same question. I want to ask you to compare these two lists \nfor success. As David says, there is a lot of common ground \nhere.\n    Mr. VanRoekel. Yes. I think they are very common, and \nactually, we used both of these lists, the 7-S in draft form \nand the GAO recommendations, to inform a lot of the playbook \nthat we established for this new Digital Service effort that we \nhave that is basically saying, what are the key performance \nindicators we want to hold agencies to on the mission side.\n    I think the thing that takes me, the perspective I have \nacross here, is if you read through both of these, you could \nnot just apply the title of CIO to this list. I see acquisition \nelements on here. I see people elements on here. I see probably \nsome things that need legal interpretation inside agencies on \nthis list.\n    One of the challenges we have--but, I think, opportunities \nwe have--is really around how do we get this more coordinated \neffort across the C-level executives inside our agencies so \nthey are working in concert to the mission outcomes we want to \nsee. Oftentimes, I will hear from CIOs that say they walk down \nthe hall and talk to their acquisition official and they have \nsome innovative way they have thought about delivering some \nsolution that is completely within the law in their \ninterpretation, and maybe even another agency has done it, but \ntheir acquisition person will say no. Or, you have some other \naspect where you cannot think in this module a way to get \nfunding and break a contract down or get your funding from your \nChief Financial Officer (CFO) established in that way. And so \nthere are things I think we need to do in more common ways.\n    One of the things we are doing this year is we are sort of \nlovingly calling it the TechFAR, which is we are taking case \nlaw examples of great, successful, kind of 21st Century \napproaches to acquisition and we are compiling them and sharing \nthose with the agencies. So, saying, if you want to take this \nagile approach, here is another agency that has done it. Here \nis the section of the Federal Acquisition Requirements they \nused. Here is how they approached it, and maybe even sample \ncontract language they used to do that.\n    We also launched, and had an open dialogue with the public \nthe last 2 weeks that just closed on Monday, asking innovative \nsmall companies, what are barriers you are facing when wanting \nto come and do work for the government? Is it reporting \nrequirements? Is it barriers to entry to get into the \nprocurement lifecycle and cycle? Is it things like that? I did \na trip to the West Coast. We had other people doing a lot of \noutreach to get lots of interest in people who are not \ntraditionally working with government to research what it would \ntake and then give us their perspective on it. We anticipate \nout of that work we are going to have administrative, \nlegislative, and possibly some regulatory suggestions on \nchanges we could do to drive and lower some of those barriers \nfor those small, innovative companies to work with government.\n    Chairman Carper. All right. Dan, just anything brief in \nterms of lists for success, so what finds favor and maybe what \ndoes not?\n    Mr. Tangherlini. No, I would like to build on what Steve \nsaid, if you look at this list and say, this cannot just be a \nlist of ``to do\'s\'\' for a CIO. We have a consolidated, \nempowered, talented, and focused CIO at GSA, but he, too, and \nhis team would fail in delivering high-quality IT solutions if \nhe did not have the support of, say, from the GAO list No. 3, \nsenior department and agency executives supporting the program. \nHe would fail if he did not have No. 4 and No. 5 from the GAO \nlist, and No. 5 and No. 6 from the 7-S for Success list, which \nis to constantly work with your end users and the people who \nare actually going to touch the system to know whether the \nsystem is going to work and meet their needs.\n    I also think that No. 4 from the 7-S list is one that does \nnot get enough attention, as well, shared technology and \nbusiness architecture. There is no reason to continually \nreinvent the wheel. There is no reason why we cannot take the \nbenefits of the billions of dollars that the taxpayers have \nalready spent on building systems and we cannot make them \nextensible and use them more widely.\n    Chairman Carper. I have one more question, but, Dr. Coburn, \nlet me just say, I know you said you would submit some \nquestions for the record----\n    Senator Coburn. Yes, I will ask a few more.\n    Chairman Carper. Please, go ahead.\n    Senator Coburn. David, I want to talk about incremental \ndevelopment, because one of the holes I see is a lack of \ncompliance on incremental development. Steven said that is \nimportant, except we do not see that coming from the agencies. \nAs a matter of fact, 6 months, hardly any of them are meeting \nit at all, and then we are at a year. So, talk about where you \nsee the hole in terms of complying with this incremental \ndevelopment idea and what we do about it.\n    Mr. Powner. Well, I think we have, and I think Steve put it \nvery well, there is a history in the Federal Government to go \nwith the waterfall approach. So, this is something new. Change \nis slow. But, if you want to get serious, and I think you \nstepped out for a second, but I will repeat what I said \nearlier. If you want to really fix the incremental--the IT \nReform Plan of 2010 said, we are going to do everything in 12 \nmonths. So, let us get serious about that.\n    In the Exhibit 300\'s, there are only about 275 major IT \nacquisitions when you look at the 760 investments, because a \nlot of it is legacy spend. Take those 275 investments, identify \nin their Exhibit 300 on an annual basis what they are \ndelivering within the year. If they are not delivering \nanything, do not fund it. Do not fund it.\n    Senator Coburn. So----\n    Mr. Powner. That is one way to get serious about it. Now, \ngranted, there will be exceptions and waivers. But, if you want \nto get serious about incremental development, you could tackle \nthose 275 investments.\n    Senator Coburn. So, Steve, what is your response to that?\n    Mr. VanRoekel. I think----\n    Senator Coburn. If an agency is not going to be complying \nin incremental development, why would you fund them?\n    Mr. VanRoekel. I think the key here is to look at, like I \nhave said, and I sound like a broken record, not only the, how \nare we tracking this, how are we funding it, but looking at \nwhat incentives are we putting in place and how are we kind of \nshaping the system of government, the systems behind the \nscenes, to get this outcome that we want.\n    We still have a long history of certifying IT professionals \nin the waterfall methodology. So, we are changing that. Our \nacquisition professionals who do acquisitions are kind of pre-\nprogrammed to do these big monolithic approaches, so we need to \nchange that. That is this effort around the TechFAR that I \nmentioned, where we are taking all these examples and getting \nthis community to happen. We need companies working with \ngovernment that know how to do this well, because they are all \npre-programmed to kind of do these big waterfall approaches. \nSo, we are working not only with the incumbents and saying, \nwhat are the incentives we need to do to get you to turn these \nthings in this way, but writing requirements in a way that \nfoster this, as well as looking at how do we get new companies \ninto government that are going to bring these approaches.\n    Senator Coburn. Given your history prior to government \nservice and the fact that I have a son-in-law with a Master\'s \nin computer engineering and electrical engineering and works \nfor one of the big firms that does this, my observation is big \nbusiness does not do this a whole lot better than government in \nterms of the stories and the tragedies and the failures that I \nsee.\n    And, so I want to go back to my point. If, in fact, we \nbelieve incremental management and incremental reporting is an \nimportant way for us to see milestone development, and also to \nexclude the catastrophes, why are we not putting more pressure \non the agencies? I know you are building the infrastructure, \nand I get that. But at the same time, if we are not going to \nhave some reporting 6 months or a year of whether we are \nreaching these milestones, they are just not even coming back \nwith the information, we are going to have another couple of \ndisasters.\n    Mr. VanRoekel. So----\n    Senator Coburn. It is going to happen.\n    Mr. VanRoekel. Mm-hmm.\n    Senator Coburn. And, so why would we not have as a policy, \ngive us the incremental development?\n    Mr. VanRoekel. So, I think the private sector is in an \ninflection where we are starting to see this take hold in even \nthe larger corporations out there and definitely taking a lot \nof the best practices you saw on these two sheets up here.\n    As far as accountability with agencies, PortfolioStat 2014, \nas I mentioned, makes this inflection into effectiveness. It \nbasically says for agencies, identify your mission critical \ninvestments to us, and then we hold them accountable to a set \nof--basically, informed by these two sheets--a set of KPIs, key \nperformance indicators, that indicate agility, that indicate \nthis modular approach----\n    Senator Coburn. But they are not reporting----\n    Mr. VanRoekel. They do--and part of PortfolioStat 2014 is \nquarterly reporting against those KPIs, and so we are holding \npeople accountable with a yearly face-to-face meeting where we \nsit down, as I mentioned, with the C-level executives. So, \nthere is a mechanism and process.\n    Senator Coburn. So, you are saying you have it covered \nwithout them--you have it covered, even though when we see it \nfrom GAO, we see a hole in that.\n    Mr. VanRoekel. PortfolioStat 2014 launched yesterday, so \nthis is a----\n    Senator Coburn. Yes. So you----\n    Mr. VanRoekel [continuing]. This is a looking forward.\n    Senator Coburn. So you say you are fixing that?\n    Mr. VanRoekel. This is a looking forward motion.\n    Senator Coburn. OK. All right.\n    Mr. VanRoekel. Yes, sir.\n    Senator Coburn. Good enough. Thank you.\n    Chairman Carper. Thank you, Tom.\n    When I look at these factors as laid out by GAO on these \nposterboards and on this coalition that Mr. Chenok represents, \nthey appear to center on getting key stakeholders lined up and \nproperly incentivized, getting the right people on a project, \nsetting up a good review process, as well.\n    Our House colleagues, Chairman Issa, Elijah Cummings, and \nGerry Connolly, introduced an IT reform bill that has passed \nthe House, I think by a pretty broad margin. And while we \nappreciate their hard work on the legislation and share many of \ntheir same goals--based on these charts, it is not clear how \nmany of these critical success factors can actually be \nencapsulated in legislation.\n    I just want to ask if you have any additional thought. We \ntalked about this a little bit earlier in terms of what we can \ndo to be helpful and constructive on the legislative side. Do \nyou have any additional thoughts on that and where legislation \nmay be necessary to improve Federal agency ability to develop \nand manage IT systems? Steve.\n    Mr. VanRoekel. So, I think the challenge, as I mentioned \nearlier, is part of this, and many of the best practices you \nsee here are really about comprehensive management, and that is \nprobably the hardest thing to legislate, is thinking about how \ndo you bring management principles to bear----\n    Chairman Carper. Like, how do you legislate common sense.\n    Mr. VanRoekel. Well, I will not make comments.\n    A starting point if you look at a bill, a proposed bill \nlike FITARA, is that I think there is a disconnect between \nappropriators and authorizers. I think there is a money aspect \nhere as much as there is an authorization aspect and thinking \nabout that kind of duality in the work that is being done.\n    I think that we have an opportunity with incentives and \nthinking about what outcomes we want to see. I also fear a lot \nof what we see in legislation that looks at technology is \ntechnology is moving so quickly. If we were sitting here 15 \nyears ago, the notion of doing these sort of agile approaches, \nor even Internet kind of approaches in government, were not as \nself-apparent as they are today. And, so, looking at how do we \nreally think about what outcomes we are trying to drive versus \nwhat are the tactical ways we are going to get there is \nessential, because we are just moving so fast. We are moving \nfast enough that our procurement system or other things cannot \nkeep up with it, and so we need to think about modern \napproaches to get there.\n    Chairman Carper. OK. Thanks.\n    Same question, Mr. Powner, David, please.\n    Mr. Powner. We have been pretty consistent saying that in \nterms of legislation, there are two things--that I think the \ntwo biggest areas when you look at these initiatives, on the \nlegacy side of the fence, it is data center consolidation, and \nwe believe strongly that legislation that calls for annual \nreporting on what is being done will help hold everyone \naccountable. So, I think legislation is very important there.\n    The other part of legislation that comes up frequently, \ntoo, is what do we do with the Dashboard? The Dashboard is very \nimportant from a transparency point of view and we do not want \nthat to go away. The CIO ratings actually have helped with CIO \naccountability and authorities, and we hear a lot about, well, \nthe cost and schedule data is not accurate. This is----\n    Chairman Carper. I am sorry, what is----\n    Mr. Powner. The cost and schedule data is inaccurate, what \nis behind the Dashboard, behind the ratings. Well, let\'s get it \naccurate. Most of these agencies have about 40 to 50 major IT \ninvestments and accurate reporting--760 major investments is \nnot that many when you look at 27 departments. So, we need to \nget the CIO ratings accurate and we need to get the costs and \nschedule fixed, and that transparency mechanism is vitally \nimportant for oversight.\n    And, so, I think the IT Dashboard, you need to be careful \non what you report out of it, but I think having that mechanism \nin place going forward is very important.\n    Chairman Carper. In terms of how the House-passed \nlegislation addresses the points you have just raised, which \none does it address and, maybe, which ones does it not?\n    Mr. Powner. I think the House legislation addresses both \ndata center consolidation and the Dashboard. I think both those \nitems are in that legislation.\n    Chairman Carper. OK. All right. Thanks.\n    Dan, same question.\n    Mr. Tangherlini. I would just echo what Steve said. I think \nit is very hard to create a legislative framework that requires \nand demands engagement at the executive level in IT projects. \nYou can require it, but it will not necessarily result in it.\n    So, I think what we need to do is continue to work, as we \nhave been, closely with Steve to try to bring these best \npractices into our agencies, and we need to make sure there is \ntransparency, and as a result, accountability through strong \noversight from Congress, seeing how we are performing and \ngetting the work done that we say we are going to get done.\n    I also think that we should be careful. One of the problems \nwe have with doing anything, frankly, in government, IT among \nthem, is how many different layers and policies and structures \nwe have built up over time. As Steve said, this stuff is \nchanging very fast, and do our requirements keep up with the \nspeed and the pace of that change?\n    Senator Coburn. Can I interject? We passed the DATA Act out \nof here, and the thing that will not change is the requirement \nto know what you spent and where you spent it and be able to \naccount for it. Those are basic principles, because you are \nnever going to get a metric unless you know those numbers, and \nI think that is one of the things that David is saying. And the \npush-back from OMB on the DATA Act was, this is going to be so \nhard to do, which, all that tells you is they do not know where \nit is. It is not in getting the data to put onto it. It is, we \ndo not know the data, which goes back to what Steve says, you \nare teaching management and you cannot manage what you cannot \nmeasure.\n    So, the whole idea behind this was to get data, not just \nfor transparency for the American public, but to force the \nagencies to actually be able to measure what they are doing and \nhave to report on it, because if you have to report on it, you \nare going to have to collect the data. And the hard job--I \nmean, we are giving the Pentagon 4\\1/2\\ years to come forward \nwith data on where they spend their money. They do not know \nwhere they spend their money.\n    So, I really appreciate, Steve, what you are doing in terms \nof implementing a management capability, because that has been \nthe real problem. It is not that we do not have great \nemployees. It is we have a skill set that has not been up to \nthe task, and what you are doing is very important in that \nregard.\n    I have one other question. GAO\'s recommendation is for OMB \nto issue more specific guidance. What do you think about that \nrecommendation?\n    Mr. VanRoekel. Are there more specifics about that \nrecommendation?\n    Senator Coburn. Well----\n    Mr. VanRoekel. More specifics, guidance and----\n    Senator Coburn. In the incremental development.\n    Mr. VanRoekel. I think a lot of what we are doing is in the \ndirection of how to do incremental development, including \ngetting in front of the agencies to work with them to teach \nthe----\n    Senator Coburn. So, you feel you are actually issuing \nspecific guidance and they just did not see it, or----\n    Mr. VanRoekel. No, I think it is not just about guidance. \nWe do incremental guidance. Part of the key performance \nindicators as part of our PortfolioStat guidance that went out \nyesterday has incremental guidelines in it. So, I think we are \ndefinitely not only satisfying the spirit of incremental \nguidance, but doing very specific things.\n    Senator Coburn. All right.\n    Dan, I just had one question. You are the agency that \nshould model this behavior better than anybody. Are your IT \nprojects within GSA meeting the 6-month timeframe in terms of \nincremental development?\n    Mr. Tangherlini. Some of them are, and we are working on \nmaking all of them meet those requirements. So, as I said at \nthe end of my testimony, we still see a lot of hard work ahead \nfor the systems that we are developing. But, we are hoping that \nthe work that we are engaged in and the lessons that we learn \nare transferrable to our agency partners so that we can \nstructure the way we do business with them in such a way that \nthey can actually get those outcomes, as well.\n    Senator Coburn. OK. Thank you.\n    Chairman Carper. One of the adages with respect to \nleadership is, do not just do as I say, do as I do. And to the \nextent that you are setting a good example for the others, it \nis just very helpful.\n    I think we are going to start a vote here, a series of \nvotes, and with that, I have one last quick question--no, I \nwill ask it for the record. I have several more questions for \nthe record.\n    I will just conclude by saying this before we welcome our \nsecond panel. This is not an easy thing to do. It is a hard \nthing to do. In fact, it is a lot of hard things to do and it \nrequires good planning, good implementation, appropriate \nfunding, good oversight, trying to figure out what is working \nand what is not working and do more of what is working.\n    We struggled with this in State Government when I was \nGovernor of my State, honestly, and one of our problems was \nhaving the kind of human resources that we needed to actually \ndevelop, conceive of these plans, these kind of projects, and \nthen have the people in place who could actually work with the \nprivate sector to implement them and do that in a cost \neffective way.\n    And we found that we would just train people to do the IT \nwork within State Government, and just when they would get to \nbe really skillful, they would get hired away, make more money \nand leave us. We finally figured out, the administration after \ntime, to pay them more money and to reduce the kind of turnover \nand be able to attract good people and keep them for a longer \nperiod of time.\n    So, I know these are not easy things that we are asking you \nand the administration to do. We want to play a constructive \nrole. We got some great input and insights on what can be \nconstructed. We have a data center bill that is out of \nCommittee, waiting attention by the full Senate. We might even \ntry to have it hotlined and get it passed under unanimous \nconsent. We understand that that would be a constructive thing. \nI think the bill that comes out of the House, the FITARA bill \nof Mr. Issa and others, I think it is one of the elements of \ntheir legislation, so there are some common grounds.\n    But, we want to continue to work with you. We want to stay \nin touch with you. We do not want to pass legislation that is \ncounterproductive or unproductive. You will continue to--I am \nsure you will--make sure we are a guided missile, not an \nunguided missile.\n    All right. With that, thank you for your continued \ndedication and diligence here and keep working. I think we are \non the right track. Thanks so much.\n    And with that, we will welcome our second panel. Initially, \nwe had a vote that was supposed to start, or a series of votes \nthat was supposed to start at 11. They did not, and then we are \ntold there is a series of votes starting at 11:15, and that has \nnot happened yet, so we will go as far as we can, but my \ninclination is to go ahead and go as far as we can without \ntaking a break.\n    I want to welcome our second panel. Dan Chenok is Executive \nVice Chair of the Industry Advisory Council, the industry \npartner to the American Council for Technology (ACT), \nrecognized as a premier public-private partnership in the \ngovernment IT community. The ACT--I am just going to call it by \nits regular name, Industry Advisory Council (IAC). I do not \nlike those acronyms, and this is one I am not going to learn. \nBut, the Industry Advisory Council provides a wide range of \nprograms and services to facilitate communications and \ncollaboration and education. Mr. Chenok will become Chair, I am \ntold, what, July 1. There is more I could say about you, Mr. \nChenok, but I am not going to do it today. I want to welcome \nyou, thank you for your good work and being here today.\n    Next is Karen Evans, no stranger to this Committee. Nice to \nsee you again. She serves as the National Director for the U.S. \nCyber Challenge, the nationwide talent search and skills \ndevelopment program focused specifically on the cyber force. \nShe has been great to work with as a servant to the people of \nour country and working with us for many years. We are just \nhappy to see you again, and welcome, both of you.\n    Please proceed with your statements. Dan, if you want to go \nfirst, and Karen, we will ask you to followup, please. Thank \nyou.\n\n    TESTIMONY OF DANIEL J. CHENOK,\\1\\ EXECUTIVE VICE CHAIR, \nINDUSTRY ADVISORY COUNCIL, AMERICAN COUNCIL FOR TECHNOLOGY AND \n                   INDUSTRY ADVISORY COUNCIL\n\n    Mr. Chenok. Thank you, Chairman Carper, and thanks to Dr. \nCoburn, as well----\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Chenok appears in the Appendix on \npage 79.\n---------------------------------------------------------------------------\n    Chairman Carper. He will be back shortly.\n    Mr. Chenok [continuing]. And to the Committee for holding \nthis hearing and for the opportunity to testify.\n    I am here in my capacity as the Executive Vice Chair of the \nIndustry Advisory Council. IAC is the industry partner for the \nnonprofit American Council for Technology, an organization led \nby government IT officials. This unique government industry \npartnership, referred to as ACT-IAC, provides an objective, \nvendor-neutral, and ethical forum to improve government.\n    As this Committee has highlighted, every Federal agency \nrelies on IT to provide services and conduct operations. Any \nmajor program, project, or transformation involving IT brings \ngreat potential for positive change and benefits, but also \nbrings risks to be managed.\n    Over the past several months, ACT-IAC has joined a number \nof stakeholder groups in a dialogue with OMB and other \ngovernment leaders regarding how best to improve the \ngovernment\'s capacity to manage IT programs effectively. We \nhave drawn on our unique position as a government industry \npartnership to identify best practices and lessons learned in \nboth sectors and formulated an initial set of critical success \nfactors for IT and a framework that you indicate here on the \nposters we refer to as 7-S for Success.\n    Before addressing the 7-S Framework, I would note that \ngovernment and industry share many common elements with regard \nto the implementation of large-scale IT systems as well as \nimportant differences. Complex IT programs in both sectors are \ncharacterized by multiple stakeholders, large and \norganizationally diverse project teams, and the need for \nagility given technological change.\n    Government IT programs do involve unique elements, as well. \nThese include laws and rules that can require significant time \nto revise, if needed; a budget process where planning occurs up \nto 30 months before the money is actually spent; and limited \nknowledge about how to leverage the acquisition process to \npromote innovation. Adapting commercial best practice to help \nimprove how government acquires and manages IT programs must \naccount for these elements in order to succeed.\n    I will now turn briefly to the 7-S Framework itself. The \nfirst success factor is stakeholder commitment and \ncollaborative governance. Most complex programs involve \nnumerous stakeholders and often multiple agencies, contractors, \nand other non-government constituencies. There should be clear \nlines of accountability and responsibility for program goals \namong these players, as well as engagement with key \nstakeholders, including oversight organizations like OMB, GAO, \nand Congress.\n    The second factor is a skilled program manager (PM) and \nteam. There must be an accountable and qualified senior leader \nof the program. The PM should ensure that a sound, integrated \nprogram team includes strong leaders who have consistent \nperformance measures related to system and program milestones \nto maximize the likelihood of positive outcomes.\n    The third factor is systematic program reviews. In addition \nto assessing progress against programmatic goals, governance \nleaders and the PM should celebrate success and identify \nproblems promptly for correction. Reviews should include senior \nrepresentatives from key contractors, where appropriate, to \nensure agreement on status, risks, and necessary actions.\n    The fourth factor is shared technology and business \narchitecture. Major IT programs involve complex interfaces with \nmultiple systems. A business and technology architecture can \nguide activities across the team while remaining flexible \nenough to encourage changes during development and execution. \nThe architecture should also address how new technologies and \nbusiness processes will be integrated with legacy systems.\n    The fifth factor is a strategic, modular, and outcomes-\nfocused acquisition strategy. The PM must collaborate with the \nacquisition organization and other government and industry \nstakeholders to develop an acquisition strategy that supports \nprogram goals. The acquisition process should start well before \ncontract award, include market research and requirements \nidentification, and lay out goals, timelines, and budget \nlinkages. Procurements should also have consistent outcomes-\nbased incentives across contracts.\n    The sixth factor is software development that is agile. An \ninnovative IT approach, as you heard earlier, is found in agile \nsoftware development under which applications are developed in \nan iterative fashion with small-scale rollouts, frequent \nfeedback from end users, and communication with leaders on \nchanges needed throughout. This approach reduces risks and \nincreases the chances for program success.\n    The seventh and final success factor is security and \nperformance testing throughout. Modules should be tested and \nreleased in phases throughout design development and \noperations, both for individual components and end-to-end \nsystem performance.\n    Chairman Carper, Dr. Coburn, and Members of the Committee \nthank you for the opportunity, again, to testify here today, \nand I look forward to answering any questions you may have.\n    Chairman Carper. Dan, thank you very much. Thanks for your \ntestimony, and thank you for the seven ``S\'\'s.\n    All right, Karen. Please proceed.\n\n  TESTIMONY OF KAREN S. EVANS,\\1\\ PARTNER, KE&T PARTNERS, LLC\n\n    Ms. Evans. Good morning, Chairman Carper and Ranking Member \nCoburn, when he returns, and Committee staff members. I am \npleased to be invited back to share my views on identifying \ncritical factors for success in information technology \nacquisitions. My remarks today will describe best practices and \nsuccess factors for managing information technology systems \nthat the government can learn from industry.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Ms. Evans appears in the Appendix on \npage 99.\n---------------------------------------------------------------------------\n    The Federal Government will spend nearly $80 billion on \ninformation technology this year, and despite guidance and \noversight from Congress, GAO, and OMB, the Federal IT projects \ntoo frequently incur cost overruns and schedule delays and end \nup contributing little to agency mission outcomes. Frequently, \nthese failures result from well-known hazards that experienced \npractitioners have learned to avoid by adopting specific \nprocedures, best practices, that circumnavigate these pitfalls.\n    Other times, the project failure could be traced to someone \nnot doing what they were supposed to do. The technology did not \nplay a trick on them. This was not an unforseen outside force \ndooming the project. No, in every case, someone missed their \nblock and let a defender sack the quarterback. The reflexive \nresponse is to add another layer of rules to prevent someone \nfrom making that bad decision again. This is the wrong way to \ngo, as it adds layer upon layer of bureaucracy and eventually \ngrinds the process to a halt.\n    One cannot mandate good outcomes, nor can Congress \nlegislate to preclude failure. Rather, the IT acquisition \nsystem must foster a culture that allows and tolerates a \ncontinuing learning cycle to improve overall performance. \nResults, whether they are good or bad, provide important \nfeedback that needs to be integrated into an overall management \nframework. The goal must be to enable success, not to preclude \nfailure.\n    My written testimony included critical success factors that \nthe Committee could easily influence, should it choose to do \nso. However, I would like to highlight one factor in \nparticular, which is the need for leadership at the departments \nand the agencies.\n    The Chief Information Officer is the person in the C-suite \nwho should have the capacity to translate technology issues \ninto business-speak for other business leaders. The CIO \nposition is currently under scrutiny, as the original purpose \nof the position is not necessarily working as envisioned, both \nin private sector and in government.\n    Whether this person is a CIO, a Chief Risk Officer, a Chief \nInnovation Officer, or a Chief Strategist, or some other chief, \nit is necessary to have a leader who can speak to senior \nexecutives in terms that are relevant to them and can state the \npotential consequences in terms of political and policy values. \nFor example, the public opinion impact on promised level of \nservice or unfavorable news stories, declines in earnings per \nshare. Right now, the CIO is in a unique position to ensure \nthat this happens and needs to provide the leadership in order \nto avoid the mistakes of the past.\n    Overall, Federal CIOs and commercial CIOs are similar, with \nthe same job description: To be the technology-savvy member of \nthe executive team, to provide value through innovation, to \nmanage data as a strategic asset, and to lead a team of \ntechnologists and enable organizational greatness.\n    There is widespread perception that the government is \ninherently incompetent at implementing IT systems, not just \nbecause of the recent high-profile failure, but because that \nfollows a string of high-profile failures. However, I have also \nseen a lot of IT projects that were tremendously successful, \nthat delivered on time and within budget, that are helping the \nAmerican Government to serve the American people, that did not \nget newspaper stories written about them. So, rather than \ntrying to prevent failure, we should try to promote success by \nimplementing best practices, assigning qualified program \nmanagers, and monitoring with accurate metrics. IT is a neutral \nenabler for program delivery, and good management is \nnonpartisan and can support all policies.\n    I thank you for the opportunity to testify today and I look \nforward to answering questions.\n    Chairman Carper. And I look forward to asking them and \nhearing your answers.\n    We have a series of four votes in a row. Dr. Coburn has \ngone to vote on the first vote, and then come back. We are \ngoing to take turns here. We do not want to have a lot of \ndowntime. He will be presiding for part of the time; I will be \npresiding for part of the time. Between the two of us, we hope \nto provide some good questions for you and have a good \nconversation.\n    That having been said, we are going to recess just for a \nvery short period of time. When Dr. Coburn returns, he will \ntake up the gavel and begin asking questions.\n    So, thank you very much. With that, we are in recess.\n    [Recess.]\n    Senator Coburn. [Presiding.] I did not get to hear your \nstatements, but I have been briefed by my staff. First of all, \nthank you for being here.\n    My first question is, what did you think? Did you hear the \ntestimony? What are your thoughts? Go ahead, Dan.\n    Mr. Chenok. From the first panel?\n    Senator Coburn. Yes.\n    Mr. Chenok. So, I think it is important that there was wide \nagreement that this is not simply a technology issue, that it \nis an issue that crosses multiple functions in agencies, \nincluding acquisition, finance, budget, as well as mission \nleadership, and that is really, I think--it was implied in the \nstatement, but the purpose of technology to support agencies, \njust like it is in a private sector organization, is to improve \nthe mission and service of that organization. And so----\n    Senator Coburn. So, management.\n    Mr. Chenok. Improving management to improve the outcome for \neither citizens or the customers of a company is really the \nreason why technology exists. So, it is important to talk \nfurther, I think, about that integration.\n    Senator Coburn. OK. Karen, what were your thoughts?\n    Ms. Evans. What I heard was a debate between what is \nhappening today, so a tactical approach, so that is a lot of \nwhat GAO is putting forward--things that have already launched, \nthe tactical, we have to bring them to conclusion--and then the \nstrategic outlook of how do you fix this in the long term, \nwhich was described by Steve and the GSA Administrator about \nhow do you fix this so that it does not occur in the long term. \nAnd that you are trying to fix the systemic issues so that you \ncan then launch new projects with a certain level of confidence \nthat you know that rigor is going to be there.\n    But, there is the concern that GAO has, that you cannot \nlose sight of what you have already launched because it is $80 \nbillion, and in their particular case, they outlined very \nspecifically about projects and programs that are in the \npipeline that you want to make sure that those dollars actually \nachieve results.\n    Senator Coburn. My take-away, and actually, it is pretty \nwell governmentwide--one of the reasons I am a big Jeh Johnson \nfan is I think he is a good manager. I think he has good \nleadership skills, and we are already starting to see some of \nthose changes at Homeland Security. But, the big thing I have \nobserved all my time in government is a deficit in leadership, \na deficit in management skills. And, I think you heard from \nSteve today--he is an impressive guy, and he gets the big \npicture and the short picture, and he is kind of transitioning \nfrom the ``fix it\'\' to prepare to make sure it stays that way. \nAll right.\n    You have been a CIO in the Federal Government. You have \ntried to manage IT at OMB before. Based on your experience, \nwhat should be our expectations?\n    Ms. Evans. For IT performance overall?\n    Senator Coburn. Yes.\n    Ms. Evans. So, as Dan said and as I indicated in my \ntestimony, IT is an enabler, so it is a means to an end. It \nshould not be the whole thing itself, which I do believe, and \nthis is a management issue that you are bringing up, is that \nthe government has a tendency to really get focused around the \nIT solution itself versus what it is actually trying to \naccomplish.\n    That is one of the biggest differences that I see now that \nI am on the outside, and areas that I maybe could have helped \nmore when I was on the inside is really stressing what is the \noutcome that you are trying to achieve with that investment and \nhow soon will you get there, versus, well, we have to have a \nHuman Resource (H.R.) system, or we have to have a financial \nmanagement----\n    Senator Coburn. A metric measurement. OK. How often, when \nyou were at OMB, did you use the budget to enforce management \nchanges, in other words, a real hammer?\n    Ms. Evans. All the time. [Laughter.]\n    I would say, all the time, consistently. And some of the \nthings that were discussed earlier and some of the challenges \nwith agile development or breaking things into modular \ndevelopment, and Dan highlighted that, is that the \nappropriation process within the government, you are always \nworking at least on a 24-month if not 30-month cycle. So, in \nprivate industry, that is not the case. It is 12 months. So, to \ndeliver in 6 months or 12 months is realistic within private \nindustry because they already think in those terms. The \ngovernment people are thinking in 2-to 3-year increments \nbecause that is the way the appropriations process works.\n    So, what is critical is being able to break it down into \nsmaller increments and then use the tools that OMB has \navailable to them to either make sure that a spend plan comes \nin that clearly outlines and that you have an agreed upon \nimplementation plan so that you can hold them accountable to \nthose milestones.\n    Those are the types of things that we did on what we \ncalled--which you are very familiar with--the Management Watch \nList, the High-Risk List----\n    Senator Coburn. Yes.\n    Ms. Evans [continuing]. That we used those types of tools \nso that we could make sure that the money that Congress \nappropriated for that big outcome was actually being achieved \nwith steps in between. It is hard to see a lot of those \ndeliverables, especially if it is an internal project, like a \nfinancial management system or an H.R. system, because those \ndeliverables are not publicly available for everyone to see.\n    Senator Coburn. Yes. OK. What did you do with the failing \nIT programs?\n    Ms. Evans. We would have to evaluate what the program is \nfor. So, for example, Senator Carper highlighted the Sentinel \nprogram, and we have had these discussions before. When a \nprogram starts, or a project starts in the first place, it is \nusually in response to some type of business need. So, the \nbusiness need really does not go away. Like, in the case of the \nSentinel project, the business need did not go away to have a \ngood case management system and to be able to manage law \nenforcement data. That IT project called Sentinel went the \nwrong way.\n    If it is failing, you still need to meet that business \nneed, and what you have to do is either stop the work, which we \nstopped the work that was happening on that and redirected it, \nbrought it back into smaller pieces, and then said, you have to \nmove out and you have to have a go/no-go decision. And if it is \nnot meeting the requirements, then you cannot fully implement \nit and you cannot keep throwing money at it.\n    Senator Coburn. Yes.\n    Ms. Evans. And so that gets to the project management \nportion of this and the requirements associated with it, is \nthat those requirements have to be clearly understood, because \nyou are still always going to have that business need. It is \nhow you go about implementing and achieving that need.\n    Senator Coburn. Dan, your testimony highlighted seven \ncritical success factors in IT management. Where, in your \nestimate, has the Federal Government fallen short, in order, of \nthose seven things? Where do you see us not up to par?\n    Mr. Chenok. So, I think there are elements of each of the \nfactors where there are successes, but there are also areas \nwhere there is progress to be made.\n    One of the points that we make in the report and that I \nspoke about in my written testimony is that it is not as though \nthere are seven independent factors.\n    Senator Coburn. Yes, they are all interrelated.\n    Mr. Chenok. These are interrelated and they are elements of \nstrong management. And I think you heard in the first panel \nabout some of the approaches to how to approach strong \nmanagement.\n    The other thing I would point out is that the question that \nyou asked about what can Congress and what can this Committee \ndo is to highlight that importance through oversight, as you \nare doing today, and also look at opportunities where there \nare--I think it was Administrator Tangherlini who talked about \nmultiple laws and rules that are basically having agencies \nfocus more on compliance than on how to essentially bring good \nmanagement to achieve mission outcomes.\n    Senator Coburn. Yes.\n    Mr. Chenok. And so, focusing on that, looking at those \ninterconnections where there might be areas to clarify is \nsomething that I think Congress can do, as well.\n    Senator Coburn. You saw Steve testified about how he put a \npackage together. Here is the acquisition--if you want to do \nthis, here are the acquisition rules. Here are the compliance \nrules. In other words, they are building some of the packet to \ngive reference to some of the people in the different agencies \nthat want to do that, and I think that is a positive step. \nWould you concur?\n    Mr. Chenok. Yes, I would agree with that. I think that the \nTechFAR, as Steve referred to it, also resulted from some of \nthose consultations that Steve did with our association, ACT-\nIAC, as well as some other industry associations, and it is \nreally an advancement on the Mythbusters program that the \nadministration initiated, and it will lead, I think, to the \nidentification of some requirements in the the Federal \nAcquisition Regulation (FAR), that could be reformed to provide \nfor more agile and more incremental development.\n    Senator Coburn. Yes. Give me your assessment on what you \nsee in private industry on how IT is managed and what you see \nin the government. Note my critical note of some big \nbusinesses, because they wrestle with this when they are out \npurchasing IT, as well, in terms of costs and completion dates \nand functionality. Contrast that for me for a minute.\n    Mr. Chenok. So, as an association that has both government \nand industry members, I think we have a lot of experience \nlooking across the two sectors. And, I think one thing in \nindustry--we talked before, and I think it was mentioned by \nSteve VanRoekel, and Karen repeated this--the funding cycle is \nmuch shorter, so that in industry, when you have an issue that \ncomes up, and there are issues that come up multiple times in \nany large IT, complex IT migration, whether it is government or \nindustry----\n    Senator Coburn. Right.\n    Mr. Chenok [continuing]. You have the ability to more \nquickly pivot through providing resources. And in industry, it \nis often on a quarterly type of consideration, even more \nquickly than a yearly consideration, as management teams look \nto manage their assets looking across their enterprise.\n    It is more of a challenge for government leaders, whether \nthey are Chief Information Officers, budget officials, or \nprogram officials looking to correct problems, to say, all \nright, we see a problem. We are going to redirect resources. We \nare going to use a flexible funding arrangement with \naccountability and transparency to our stakeholders and to \noversight organizations, including the Congress and GAO, to \nmake those changes.\n    And I think that is one area where, again, if there are \nopportunities to examine where working with authorizers and the \nappropriations process, where there are reforms that could be \nbrought, it is bringing government spending for technology more \nin line with that industry best practice through flexible \nfunding arrangements. Things like working capital funds or \nfranchise funds, which do exist in government, but they are not \npervasive, and to some extent----\n    Senator Coburn. They are not utilized much in IT.\n    Mr. Chenok. Right. To some extent, I think that there needs \nto be more transparency about results in those settings. So, \nthat is one area that I would draw as a significant contrast.\n    Senator Coburn. Of all the billions that we have wasted in \nIT, not once have I ever found where we went after the supplier \nfor non-performance, which begs the question, did we know what \nwe wanted? If, in fact, we knew what we wanted and somebody did \nnot supply it, we have a basis for contract non-performance, \nand yet I have never seen that happen once. Any comments on \nthat? Karen.\n    Ms. Evans. So, in my experience, as you know, I have been \nan operational CIO, and this is where I allude to this in my \ntestimony, about good decisions and bad decisions need to \ninform the process. So, in my experience, if you are clear \nabout your requirements, you can use those tools. There are \ntools. The acquisition rules allow for those tools to be there.\n    There are things that I have done in my experience where \nthere was clear non-performance, and so, therefore, when an \noption year comes up--and contracts are done this way--that you \ndo not exercise the option year, and that usually sends huge \nripple effects. And so those are things that the government \ndoes do, but you do not necessarily hear about, that they do \nnot exercise the option years on those contracts. The biggest \npart is making sure that the way that you write the contracts, \nso in this acquisition, as we talk about acquisition best \npractices, is that the way that you transition out from one \ncontractor to another, that you actually think about the \npossibility that the contractor would have non-performance.\n    Senator Coburn. Well, but that is my point.\n    Ms. Evans. Right.\n    Senator Coburn. Your tool is not exercising the option for \nthem to continue to non-perform, and my question is about non-\nperformance and them paying the government for non-performance.\n    Ms. Evans. Well, and that has happened, and actually on the \nSentinel project itself, although we did not highlight a lot of \nthis, that is--and these contracts were done through GSA, and \nso this is where GSA is great because of the way that the \ncontracts are set up--that that was documented as non-\nperformance on the contractor\'s part. They did try to argue \nback and forth that the FBI did not know its requirements and \nloosey-goosey----\n    Senator Coburn. Yes.\n    Ms. Evans. And there was a certain amount of that, OK, and \nthere was also the finger pointing between the two contractors \nsaying, you were supposed to do this and you were supposed to \ndo that. But GSA stepped in on that particular effort, and \nbecause of the way the FBI had contracted for that service, \nthey could exercise certain things and they did not accept \ndeliverables. And then those contractors also gave money back \nto the government and also agreed, in order to be able to go \nforward, that they would only do certain cents on the dollar \nuntil the project was back on track.\n    So, there are tools that are available to the government. \nWhen you asked, did we use our authorities in partnership with \nGSA in order to move the contract----\n    Senator Coburn. Do you think that happens often enough?\n    Ms. Evans. I do not think it happens as much as you would \nlike for it to happen, sir.\n    Senator Coburn. Sort of like incremental development, I \nmean----\n    Ms. Evans. Yes.\n    Senator Coburn [continuing]. If, in fact, you get there and \nif you have not met the milestone, where do you go next?\n    Ms. Evans. And you have to say, no, that you do not go. The \nother issues that happen a lot of times, and this happens in \nthe government, not so much in industry, is that a government \nwill launch a pilot, and----\n    Senator Coburn. Yes. They never die.\n    Ms. Evans [continuing]. And they never die. So, during our \ntenure and OMB\'s oversight, what we attempted to do was call \nthem, like, initial operating capabilities and really looked to \nsee if it was really meeting the need to do it and then see if \nyou could build off of it. But, there were pilots that we had \nto shut down because it cost too much to maintain the pilot \nwhile you were doing the other projects, so you would have to \nshut down the pilots, and those were really difficult, because \nthe group who volunteers up front is the one who says, well, I \nam really using this now for business needs, so where do I go, \nbecause I shut down this other effort that I was doing \nmanually.\n    So, when you start looking at what industry does well, \nwhere government could improve, is industry really looks at the \nsame metrics that we ask for, the earned value, management \ndata, cost schedule, and performance. They look at that data. \nTheir organization is very sensitive to the variances because \nit affects the dollar amounts in the profitability of a \ncompany.\n    Senator Coburn. And the bonus.\n    Ms. Evans. Well, and the bonus, absolutely, right, because \nthey get performance bonuses. So, they respond to the \nsensitivity a lot faster and so they will fail faster. I mean, \nif that is really what we want to talk about, they will fail \nfast, learn from that, do a course correction, and then hit on \nsuccess. So, even when they have big failures in industry, it \nis not at the same cost level as ours because we tolerate a \nlonger time. The government will tolerate a longer time because \nthey want to get to that success.\n    Senator Coburn. OK. Dan.\n    Mr. Chenok. One of the things that makes it difficult in \ngovernment, per your question earlier, Dr. Coburn, is that the \naligned incentives are not consistent across the stakeholder \ngroups, and we talk about this a little bit in our paper. But, \nthe acquisition process does not necessarily make it clear, \nwhat are the performance standards that the contractor should \nprovide and achieve that are related to the mission elements of \nthe program.\n    For example, in the GPRA Modernization Amendments, the \nstrategic agency goals and priorities are not necessarily \nlinked to the performance of the IT organization and they are \nnot necessarily translated to the contract that then provides \nthe incentives for the company to produce. And so that is where \nyou get some of this disconnect, where it is hard to react in a \nmanner that you are describing, to basically understand, what \nare the successes that can be rewarded for good performance \nwith a contractor and where are there problems that need to be \ncorrected quickly. And that is why we talk about aligning \nincentives as one of the key elements of the framework.\n    Senator Coburn. One of the things you cited in your \ntestimony was the necessity of having a skilled program manager \nand a skilled team. Turnover of project managers is a big \nproblem within the Federal agencies. How do we address that?\n    Mr. Chenok. So, it is--and I spent a long career in the \ngovernment. I had the good fortune at the end of my time as the \nOMB Senior Career Official for IT Policy to work with Karen at \nthe beginning of her tenure as the Administrator. And I saw \nboth great examples in government of long-tenured, very \nsuccessful program managers and, as you say, elements where \nproject managers were either not in sufficient quantity or \nskill or switched out quickly.\n    I think some of the reforms that OPM is now engaged in, in \nterms of bringing in people more quickly and through \nauthorities like direct hire, as well as improving the training \nprocess for program managers so that very talented Federal \nemployees can understand what it is to incorporate things like \nthe GAO Critical Success Factors or the 7-S for Success \nelements into their management structure, helps them to \nunderstand the point that we made earlier.\n    Most government employees, and especially government \nmanagers who have been with agencies for a long time, are \npassionate about the mission of the programs that they \nimplement and the key is to help them understand how good \nmanagement can support better outcomes for that mission. That \ncan be a powerful enabler to encourage Federal leaders to stay \nand carry through on their responsibilities.\n    Senator Coburn. I see some of that in Steve. Do you agree?\n    Mr. Chenok. I would. I have had the good fortune of working \nwith Steve over a number of years, both when he was with an \nagency, the Federal Communications Commission, and with OMB, \nand I think that he is doing an excellent job through the \nprogram that he laid out today in creating that foundation for \nimprovement.\n    Senator Coburn. OK. One of the things, it seems to me, is \nif you have a really skilled manager with really capable \nleadership but you do not empower them to actually manage and \nlead, they are not going to succeed. So, in your mind, both \nKaren and you, Dan, how is the role of CIO in the Federal \nGovernment different from CIOs in private industry?\n    Mr. Chenok. So, let me actually talk about Karen for a \nmoment. I worked with Karen when she was a CIO, both at the \nJustice Department at a bureau level and at the Energy \nDepartment, and then when Karen was the Vice Chair of the \nFederal CIO Council. And in all three roles--the authorities \ndiffered, and that is true for other CIOs that I worked with in \ngovernment then and it is true today--Karen was able to bring \nforward some of the best practices that she has spoken about \nhere in those different roles. And I think a private sector CIO \nwould also bring in those types of integrating technology \nquickly, doing significant program reviews with a project team, \nlinking those program reviews to outcomes. Those are some of \nthe similarities of strong CIOs in government and industry, and \nthat is hard to legislate per se. I think you can clarify \nauthorities, whether that is in legislation or through \noversight and through understanding and expectation.\n    But, I will come back to the first ``S\'\' in our framework. \nIn industry, you have a strong governance team, a C suite team, \nwho pulls together as a mission team the CIO and other leaders \nto say, how are we going to deliver our product or service to \nmake revenue this quarter, increase our customer service \nexpectation, et cetera, and really drive to those mission goals \nand objectives. And in government, CIOs are often more focused \naround compliance because of the many different rules and laws \nthat we spoke about earlier, and it is harder. Good CIOs will \nfind a way to leverage those laws and rules. Sometimes, it can \nbecome overwhelming.\n    And it is not to say that there are not laws and rules that \nexist in companies, because there are regulations that \ncompanies follow, as well, things like Sarbanes-Oxley and \nGramm-Leach-Bliley, for example, in the financial services \nindustry. But, again, they are built into a risk program, and \nthat is--the last thought I will have here is that CIOs in \nindustry will often understand the balance between risks that \nan agency faces from a technology infrastructure and the \nbenefits that they can implement through technology, and so \nthey can balance those risks against the benefits and move \nforward. That is a harder conversation to have in government \nbecause risks tend to get magnified quickly and it is harder to \nreact quickly.\n    Ms. Evans. So, I think we are at the point where you are \nstarting to see a lot of evolution about information \ntechnology, and you are really seeing this play out--should I \nsay this--in the Target situation, all right, because through \nthe point that Dan is saying with risk, CIOs, if they are \noperational in focus, will never be able to rise to the board \nroom, will never come in--and I see it now, because I sit on \nseveral boards--the CIOs are not part of the senior leadership \nteam that are briefing about what is happening within an \norganization.\n    They are moving more toward the risk model because \ninformation technology is an enabler. So, they are providing \nservices, and whether they are providing Internet online \nservices, you see risk, cybersecurity, all those types of \nthings, threat, all that is rolling up now through what is, \nlike, the audit committee, because they look at the risk \nprofile for the company.\n    Now, either the CIO can jump in there and say, this is how \nwe are doing things and this is how we are managing it and then \nthey do what I had outlined here, where they talk about this is \nthe impact that it will have on the business if we do not do X, \nY, and Z. That is, in OPM-speak or senior executive-speak, it \nis business acumen, right. It is either the CIO has business \nacumen and can translate what the technology risk implications \nare to the business of that agency, and either we have CIOs \nthat have the business acumen to be able to do that or we have \nCIOs that are very technology operational focused and they will \nnot be viewed as that strategic partner.\n    And so you are seeing that evolution. Industry recognizes \nthat they need it. They know they need innovation, so they \nstarted laying out Chief Innovation Officers. They know they \nhave to have risk, so they have a Chief Risk Officer. They know \nthey need to manage information from a strategic standpoint, so \nthey have a Chief Strategist.\n    All of those were envisioned, if you look back at Clinger-\nCohen, Senator Cohen\'s initial vision, that is what a CIO was \nsupposed to do, the strategic management of information to \nenable mission outcomes. And that is also what was supposed to \nhappen in private industry. But, because of the way the \nenvironment is, either they step up to the bat and they can do \nit or business is going to compensate for it because it is a \nneed that needs to be addressed.\n    Senator Coburn. OK. Thank you.\n    Chairman Carper. [Presiding.] Dr. Coburn, thanks.\n    I want to go back to the first panel for a little bit. They \nare not here anymore, so they will not know what you are \nsaying. But, just go back and think about their testimony, some \nthings that you especially agreed with, maybe some things you \nhave questions about, and just share both of those. Where you \nhave strong agreement, it would be helpful for us to know that. \nMaybe some questioning would be helpful, as well.\n    Mr. Chenok. So, again, the relationship, I think, but one \nthing we heard that was common was the relationship across \nmultiple functions in an agency; that good IT management \ninvolves mission leaders, CFOs, Chief Acquisition Officers and \ncreating a governance framework. The first of the ``S\'\'s in our \nmodel that works across these entities I think is important, \nand I think you heard that from the panel.\n    I think that some of the solutions and recommendations that \nwere discussed that OMB is laying out, that Steve VanRoekel \nlaid out in his testimony, will provide some of the \ninfrastructure to be able to move more quickly.\n    One of the things that we talked about with Dr. Coburn was \naligning the funding processes in government to match that need \nfor speed such that it is not a 30-month delay and you have to \nbuild in response to something that is happening this year into \nyour budget plans that then go and get appropriated 2 years \nlater when September of the fiscal year comes around, that we \ncreate flexible funding mechanisms to allow faster response \nthrough a technology infrastructure. And I think that is \nsomething that certainly the industry, ACT-IAC, would welcome \nthe opportunity to work with the Committee and Congress to move \nforward on.\n    Chairman Carper. OK. Thanks. Ms. Evans.\n    Ms. Evans. So, what I agree with is the way that Steve laid \nout PortfolioStat and the way to move forward with \nPortfolioStat. And if you look at what he said and then look up \nat the success factors, what he is really doing is building and \nintegrating the management framework that would allow for the \nsuccess of programs through the use of technology. So, he is \ntalking about performance indicators, bringing in the key \nstakeholders, then asking for that on a quarterly basis and \nreally looking at what are the mission outcomes that you are \ntrying to achieve and put the parameters around it. But looking \nat the agency as a whole, or looking at the department as a \nwhole, because if you have to make tradeoffs, you cannot do \nthat within one project. The agency leadership is going to have \nto look at the portfolio across the board and how is it \nperforming across the board, or do you have to, like, stop \nsomething because this other one is more important and it is \ntaking more resources than you had anticipated.\n    So, I think the way to move forward, the way that he has \nperformance indicators, that is the way that is going to \ninstitutionalize the success that you need or allow for the \nfailures that are happening to be corrected in that framework. \nSo, that is a great thing.\n    The other part that I think we need to really still stay \nfocused on is that there are activities that are happening now \nthat need to catch up to what he is building institutionalized, \nand you cannot lose sight of those activities, like the data \ncenter consolidation, or several of the cross-agency \nperformance goals that they have related to cyber or workforce \nissues. Because if those things are launched and what you want \nto try to do is change them in midstream so that they can then \nget on this same path of the PortfolioStat in order to achieve \nthe results. And that part, I think, needs to really be looked \nat from an oversight perspective, of how are you going to \ntransition these existing things that are happening into a \nPortfolioStat environment.\n    Chairman Carper. OK. Good. One of the questions I asked \nof--in fact, a couple of questions of the earlier panel dealt \nwith what is the appropriate role for us in the Legislative \nBranch to move this along and to get a better result maybe for \nless money. We try to do oversight. We try to do good \noversight, not ``gotcha\'\' oversight, but constructive \noversight, and, Karen, you have been before us enough to know \nthat that is really the way we operate here. Whether Tom is the \nChairman or I am the Chairman, that is our attitude.\n    We have this legislation reported out of the House, FITARA, \nwith bipartisan support. We are going to try to get it hotlined \nand passed by unanimous consent, our data center legislation \nthat Dr. Coburn and I and others have worked on here in the \nSenate and see if we cannot move that. I understand a piece of \nFITARA, the House bill, actually focuses on data center.\n    Just talk to us, if you would, about--again, similar to the \nquestion I asked the first panel--what is our responsibility? \nWhat is our opportunity on the legislative side? What are some \nthings we ought to be doing in terms of legislation? What are \nsome things we ought not to be doing?\n    Ms. Evans. So, in my testimony, I did outline some of those \nthings, and I do realize that there are a lot of good pieces of \nFITARA that I think really should go forward, like the data \ncenter consolidation. They have the Center for Innovation. \nThere are additional things that I think if you----\n    Chairman Carper. What are some other pieces besides the \ndata center in FITARA----\n    Ms. Evans. Well, they have----\n    Chairman Carper [continuing]. That you think should go \nforward, maybe with some modification, but should go forward?\n    Ms. Evans. And they have things in there dealing with the \nInnovation Center, which is very similar in line to things that \nGSA has talked about with the 18F, as well as what Steve has \ntalked about with the Digital Services. So, you could combine \nthose three ideas together, which would get to what I believe \nyou and Senator Coburn had put together a long time ago, which \nwas also the ability for OMB, from an oversight and proactive \napproach, to be able to go in and help agencies fix things, \nright the ship before it goes too far astream, and also create \nsome of the innovation that you need for these seed projects so \nit can then go out. You create it once and it can be used by \nmany agencies over and over again. So, those concepts are \nalready being deployed by the administration and are also \nincluded in the legislation.\n    There are some other things, though, where the legislation \nis specifically looking at the CIO and things like the budget \nauthority that could be tweaked. For example, I outlined that \nmaybe one of the things, when they are talking about personnel \nissues and that all component CIOs should be reporting to the \nCIO at the department, that program managers in component \norganizations should also be part of the CIO organization, \nbecause then you bring that expertise of how to implement the \nsystem in conjunction with a program executive.\n    And so those, if you put a little bit more detail, and I am \nusually not one to say, put more detail in there and give \nagencies flexibility, but if you kind of spelled out those two \nroles in the legislation, that would get to a lot of this \ncommitment of the stakeholders, the collaborative governance \nthat you need, because you are specifically saying the program \nmanager belongs to an IT function, so that is the implement, \nand the program executive belongs to the program function, \nwhich allows the integration of those two things together. And \nyou could input that into the legislation and that would get to \nseveral of these pieces that are in the governance structure \nthat both GAO and IAC and everyone has recognized that needs to \nbe done.\n    And then the other part that I am suggesting is that \nthrough the Exhibit 300 process or through reporting process \nwhen it is asking for reports, is that there is a program \nmanager. If a program manager is put in charge of a project, we \nused to, we say that they have to have the skills. If you look \nat the Exhibit 300 right now, it is not there, because I \nactually printed one off to make sure I was right before I \ncame. But, you need to see who that is from an oversight \nperspective, and you need to know, in essence, what their \nresume is. Did they manage to completion a project of this \nnature? And if they did not, then do they have the adequate \ntraining and the certification so that they can?\n    And some of those types of things, you could get visibility \ndown into it, which would then at least put the project on a \npath that would show that it at least would get success from \nthat perspective.\n    Chairman Carper. OK. Good. Thanks so much.\n    Mr. Chenok, do you agree with anything that Karen has said? \n[Laughter.]\n    Mr. Chenok. I do, Senator Carper.\n    Chairman Carper. Oh, good.\n    Mr. Chenok. I think Karen raises excellent points. I would \nnote that, with regard to specific legislation, the Industry \nAdvisory Council is a non-lobby----\n    Chairman Carper. I understand.\n    Mr. Chenok [continuing]. So we do not officially take \npositions on legislation. With regard to----\n    Chairman Carper. I understand that. What she said was \nhelpful in terms of these are the provisions that we think are \nreally worthy, should be pretty much----\n    Mr. Chenok. Right. I think----\n    Chairman Carper [continuing]. And here are a couple that \nshould be tweaked, so that is very helpful. I find these are \nnot really--a lot of stuff around here, we just get bogged down \nforever. They are partisan issues. This is one that should not \nbe very partisan. Nobody wants to waste money. We all want to \nget better results. So, just with that in mind, go ahead.\n    Mr. Chenok. So, I do think that there are a number of \nelements that this Committee and Congress can do to promote the \ngoals that you are espousing in this hearing.\n    One is, as you talked about, constructive oversight, and \nthat is highlighting both successes and issues to be addressed \nand understanding that agencies do take risks, just as \ncompanies take risks, in implementing programs. The world is \nnot a riskless world. So, helping to have a conversation that \nis a more mature conversation about how agencies can proceed in \nimplementing programs where things will not always be perfect, \nbut the larger goal of serving citizens, just like when a \ncompany has the larger goal of serving customers, it makes it \nworth taking those risks, and there is an accountability \nstructure. So, providing oversight on that balance, I think, is \nan important role that this Committee can take.\n    In addition, I think that the funding alignment issue is \nsomething that authorizers and appropriators, as you heard \nSteve VanRoekel talk about earlier, can review. The budget \nprocess now--and having had a career at OMB, I was all too \nfamiliar with this--does work where the planning occurs 2 years \nor more before spending occurs, and so it is much harder to \npivot in response. Through legislation, through expanding \nauthorities for things like franchise funds and working capital \nfunds, I think there is an interesting way to look at those as \npilot elements. As I said, they do exist in places in \ngovernment, but in other places require additional \nauthorization to implement.\n    The last point I would make is, from my experience working \non the E-Government Act of 2002, when I was at OMB as a staffer \nworking with staff from this Committee, that statute did not \nnecessarily legislate in new areas, but it did state \nCongress\'s--it did, in a number of cases, actually introduce \nnew provisions and, of course, created the office that Karen \nheaded and that Steve VanRoekel heads now. It also reinforced \nsome of the productive and instructive activities that were \ngoing on in government and ensured that those activities were \nrecognized as things that Congress endorsed, which supported \nagencies to expand those productive activities that were going \non at the time, whether they were things like expanding digital \nsignatures, expanding the use of portals as mechanisms to look \ninto agencies to get better services, or other elements that \nthat Act pointed out.\n    Chairman Carper. All right. Thank you.\n    A different kind of question, if I could, Ms. Evans, for \nyou. As you know, cybersecurity is a very important issue. It \ncontinues to be. It is going to be with us for a long time, I \nfear. You serve as the National Director for the U.S. Cyber \nChallenge. I was hoping that you could tell us a little bit \nabout how cybersecurity and IT management are linked and maybe \nshare with us any advice you might have on that matter, that \nlinkage.\n    Ms. Evans. So, from the inception of the projects, whenever \nyou do this, you always need to be assessing, what is the risk \nassociated with that service that you are getting ready to \nprovide? Again, this is another area that is really being \nlooked at. Should the Chief Information Security Officer be \npulled out from the CIO organization? Should they be equal? \nShould they be separate? I personally believe that they need to \nbe integrated, because it is about managing the information, \nand it also needs to be integrated into the budget process so \nthat it is specifically resourced in order to be able to do it.\n    But, to Dan\'s point, the discussion that has to happen is \nhow much risk is an agency willing to live with. The best \nexample that I can give that is relevant to this Committee is \nwhen we had an IT failure in the Census program. Remember that \nproject?\n    Chairman Carper. I do remember that.\n    Ms. Evans. Yes, I figured you did. And one of the ways----\n    Chairman Carper. I live a hundred more years----\n    Ms. Evans. Yes, and we have 10 years now. OK. But, part of \nwhat was also happening in that environment was a cybersecurity \nincident, and a recurring incident within the Department of \nCommerce. And so you had to look at, were you really going to \nfix the IT project? How did you balance this cybersecurity \nproblem that they had with exfiltration of data? They had this \nfailure that was happening with IT. And, what was really the \ngoal? The goal was to have quality data so that we could really \nrely upon that in order to be able to make decisions about \nrepresentation for the Nation.\n    So, that is how the plan was then structured, to come back \nand say, the best way for us to rely on the data is to go back \nto a big portion of this being manual, because we do not know \nwhat is happening on our networks. If we went to a data \ncollection that was online, we would not be able to really \ncertify that this data has not been touched or messed with in \nany way.\n    That has to happen on every program, that type of analysis \nas we go forward, whether you are collecting personally \nidentifiable information, what types of services you move \nonline, how you do that, and then how are you going to validate \nthe individuals to assure that they actually did what you \nneeded them to do in that program. That has to be \ncomprehensive, and IT is a solution that provides for that and \nenables that, but it is really a risk management of services \nthat a Secretary has to decide, what level am I really willing \nto live with. And they may decide that IT may not necessarily \nbe the way to go because the cyber risk is too high for online \nservices.\n    Chairman Carper. OK. We have our third vote underway, and \nDr. Coburn, I think, was going to vote in the second and third \nvote. Let me see, it started at 12:05 and it is about 12:10, so \nwe are 5 minutes into a 15-minute vote, so that helps me keep \nit straight.\n    I will ask you one more question--I guess this would be \nmore for Mr. Chenok--if I could. The framework that the IAC \nreleased today stresses the importance of getting good people \ninvolved in government IT projects to hopefully ensure their \nsuccess. Could you just discuss with us for a couple of minutes \nwhat you believe are the biggest challenges that our government \nfaces in getting the right people into these positions and \nkeeping them there and any recommendations you might have to \naddress those challenges.\n    Mr. Chenok. So, it is an interesting question, especially \nin an era when my children, for example, use IT and think about \nit as second nature to the work that they do, and----\n    Chairman Carper. How old are your kids? Do not tell me they \nare three and four.\n    Mr. Chenok. They are school-age.\n    Chairman Carper. OK.\n    Mr. Chenok. So, they use it for school. But, when they \nenter the workforce and the newest generation of Federal \nemployees who will become the leaders of tomorrow use \ntechnology, they do not think about it necessarily as, ``I am \ngoing to be a technology worker,\'\' or ``I am going to be a \nFederal worker.\'\' They think about it as, ``I am going to work \nbecause I am passionate about government service and technology \nis a key lever and it is almost second nature to how I do my \nwork.\'\'\n    And if we think about, from a workforce perspective, \nchanneling that approach and encouraging workers at all levels \nof seniority in their Federal career to think about technology, \nas we talked about earlier, not as a separate sort of \ncompliance activity, but as something that, if done properly, \nis integrally related to achieving the mission outcomes that so \nmany Federal employees are passionate about, I think it will \nget people excited about doing the hard work of understanding \nwhat it takes to manage programs well, because it does take \nwork. Implementing frameworks like the 7-S Framework or the GAO \nSuccess Factors or those that Karen recommended in her \ntestimony, it takes time. It does not come naturally, either in \ngovernment or industry.\n    So, I think part of the challenge is, as you heard from the \nfirst panel, bringing in terrific people, bringing in the best \npeople from industry, currently working with government, from \nnew entrants into the government space. And part of the \nchallenge is helping current Federal employees understand that \ntechnology is an enabler to helping them achieve and contribute \nto their mission to serve citizens. And taken from that \nperspective, technology becomes an exciting part of, I think, a \nFederal employee\'s career development, and it is not just about \nthe CIO or their immediate staff, but it is the program and \nmission staff who are leveraging that to achieve results, just \nlike the best companies are using technology to achieve \nresults.\n    Chairman Carper. Good. I think we will call a halt there. \nIf I leave in 1 minute, I can probably make this third vote and \nkeep my perfect attendance record. Well, it is not quite \nperfect, but it is not bad.\n    I want to really thank you both. It is great to see you, \nand thank you for all you do for us and have done for our \ncountry. Some day, I would just love it if we held a hearing \nand the private sector shows up on these IT projects and says, \nwe could really learn a lot from the government and maybe we \ncould mentor them, or school them. We learn a lot from them, \nand hopefully, we are learning a lot from one another now. But, \nI am encouraged that we are on the right track. We still know \nwe have a lot to do, a lot of ways we can do better, and with \nyour help, we will.\n    In the meantime, Dr. Coburn and I and our colleagues, our \nstaff, want to make sure that we stay attuned, tuned in, \ninterested, and providing the kind of oversight that is \nconstructive to get us to where we need to go.\n    The hearing record is going to remain open for 15 days--\nthat is until May 23 at 5 p.m.--for the submission of \nstatements and questions for the record. I expect we will have \nsome. If you receive those, if you could respond to them \npromptly, we would be most grateful.\n    Again, our thanks to you both. Good to see you, and take \ncare. Thanks so much.\n    Mr. Chenok. Thank you.\n    Ms. Evans. Thank you.\n    Chairman Carper. This hearing is adjourned.\n    [Whereupon, at 12:15 p.m., the Committee was adjourned.]\n                            \n                            A P P E N D I X\n\n                              ----------                              \n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT] \n                                 \n                                 [all]\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'