[Senate Hearing 113-702]
[From the U.S. Government Publishing Office]


                                                       S. Hrg. 113-702
 
                 IDENTIFYING CRITICAL FACTORS FOR SUCCESS 
                 IN INFORMATION TECHNOLOGY ACQUISITIONS

=======================================================================

                                HEARING

                               BEFORE THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS


                             SECOND SESSION

                               __________

                              MAY 8, 2014

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/
        
     
                          Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
 
 [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]      
 
 
                      U.S. GOVERNMENT PUBLISHING OFFICE
89-681PDF                 WASHINGTON : 2015                      

________________________________________________________________________________________        
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].  
      
        
        
        
        
        
        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                  THOMAS R. CARPER, Delaware Chairman
CARL LEVIN, Michigan                 TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           ROB PORTMAN, Ohio
JON TESTER, Montana                  RAND PAUL, Kentucky
MARK BEGICH, Alaska                  MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin             KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota

                  Gabrielle A. Batkin. Staff Director
               John P. Kilvington, Deputy Staff Director
                   Jonathan M. Kraden, Senior Counsel
               Keith B. Ashdown, Minority Staff Director
            Kathryn M. Edelman, Minority Senior Investigator
                     Laura W. Kilbride, Chief Clerk
                   Lauren M. Corcoran, Hearing Clerk
                           
                           C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Carper...............................................     1
    Senator Coburn...............................................     3
Prepared statements:
    Senator Carper...............................................    45

                               WITNESSES
                         Thursday, May 8, 2014

Hon. Daniel M. Tangherlini, Administrator, U.S. General Services 
  Administration.................................................     4
Steven L. VanRoekel, U.S. Chief Information Officer, U.S. Office 
  of Management and Budget.......................................     6
David A. Powner, Director of Information Technology Management 
  Issues, U.S. Government Accountability Office..................     8
Daniel J. Chenok, Executive Vice Chair, Industry Advisory 
  Council, American Council for Technology and Industry Advisory 
  Council........................................................    26
Karen S. Evans, Partner, KE&T Partners, LLC......................    28

                     Alphabetical List of Witnesses

Chenok, Daniel J.:
    Testimony....................................................    26
    Prepared statement with attachment...........................    79
Evans, Karen S.:
    Testimony....................................................    28
    Prepared statement...........................................    99
Powner, David A.:
    Testimony....................................................     8
    Prepared statement...........................................    59
Tangherlini, Hon. Daniel M.:
    Testimony....................................................     4
    Prepared statement...........................................    47
VanRoekel, Steven L.:
    Testimony....................................................     6
    Prepared statement...........................................    53

                                APPENDIX

Chart referenced by Senator Carper...............................   107
Chart referenced by Senator Carper...............................   108
The hearing referenced by Senator Coburn.........................   109
Responses for post-hearing questions for the Record from:
    Mr. Tangherlini..............................................   111
    Mr. VanRoekel................................................   116
    Mr. Powner...................................................   130


                    IDENTIFYING CRITICAL FACTORS FOR.
             SUCCESS IN INFORMATION TECHNOLOGY ACQUISITIONS

                              ----------                              


                         THURSDAY, MAY 8, 2014

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:04 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Committee, presiding.
    Present: Senators Carper and Coburn.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. Good morning, everyone. The hearing will 
begin.
    Dr. Coburn, our witnesses, our guests, I want to start off 
by just thanking you for joining us today, for your testimonies 
and your willingness to respond to our questions. My thanks to 
Dr. Coburn and his staff, as well, for helping us to put this 
hearing together as part of our ongoing Committee effort to 
improve how Federal agencies acquire, implement, and manage 
information technology (IT).
    It is a topic near and dear to my heart. I know it is 
something that is near and dear to Senator Coburn's heart, 
something he has worked on, I have worked on for a number of 
years as we took turns leading what was the former Federal 
Financial Management Subcommittee. During our time in the 
Senate, we have heard about and chaired hearings on a number of 
successful IT projects. I have also, unfortunately, worked with 
my colleagues to determine what went wrong with a number of 
failed projects.
    One example of a successful government IT project is the 
Western Hemisphere Travel Initiative, which went into effect in 
2007. The program addressed one of the main 9/11 Commission 
findings, and that is before September 11, 2001, people could 
show a border official one of hundreds of different kinds of 
documents in order to enter the United States at land borders 
and ports of entry (POE), making it difficult for officials to 
identify fraudulent documents. Since 2007, people trying to 
enter our land ports must present a Department of Homeland 
Security (DHS)-approved secure card that communicates with 
Customs and Border Protection (CBP) equipment to prove their 
citizenship. The project required that Customs and Border 
Protection modernize its ports of entry infrastructure and IT 
systems in order to enable the use of technology, which it did 
successfully within 2 years. The program is still going strong 
today and has proven to be a very smart investment. In fact, 
they continue to improve it.
    Some examples of failed projects include USAJobs, which is 
run by the Office of Personnel Management (OPM), along with the 
Federal Bureau of Investigation (FBI) digital case management 
system called Sentinel, and, of course, the failed launch of 
HealthCare.gov. With regard to HealthCare.gov, the 
Administration was, fortunately, able to get things turned 
around quickly. More than eight million people--have signed up 
for insurance, and a number of them through HealthCare.gov. 
But, the stand-up, I think we will all agree, was abysmal, at 
least initially.
    Most struggling IT projects do not get the type of response 
or media attention that we saw with HealthCare.gov, a team of 
experts rushing in to try to set things straight. Rather, what 
typically happens is that we continue to sink more money into 
these programs as they sputter along.
    Now, the simple truth is that every organization, be it a 
Federal agency or a Fortune 500 company, faces a host of 
challenges in implementing large IT projects. We faced plenty 
of challenges in my last job as Governor. We are not always 
successful, either. But, from where I sit, it appears to me 
that the Federal Government seems to have more problems than 
the private sector, or it may seem that way because the 
government's problems are more frequently on the front page of 
the paper, given that they are paid for with taxpayer dollars.
    Today's hearing will explore the challenges that 
organizations both in government and in the private sector face 
in implementing IT systems. It will also examine the steps 
agencies need to take in order to be successful. Several of our 
witnesses today have significant experience working in the 
private sector, so I am especially interested in hearing about 
the similarities and differences between the government and 
industry. Most importantly of all, I am also interested in 
hearing about what lessons Federal agencies can learn from how 
industry implements IT. I also want to hear from our witnesses 
about what successes look like and what our agencies need to do 
to increase the likelihood that an IT project will succeed.
    As I oftentimes quote former Federal Reserve Vice Chairman 
Alan Blinder, now back at Princeton teaching economics, he once 
advised us in terms of how to reduce budget deficits, how to 
especially rein in the growth of health care costs, he said, 
find out what works and do more of that. Pretty good advice, 
not just on health care, but on a lot of other things, as well.
    Agencies need to get to the point where they succeed more 
often than not. But, all of us need to acknowledge that there 
will always be projects that, despite our best intentions, wind 
up failing. When that happens, we need to make sure agencies 
know how to pick up the pieces, avoid squandering the money we 
entrust to them on projects that should be scrapped.
    With that having been said, we are glad you are here. 
Senator Coburn and I look forward to this. There is legislation 
out of the House--I think it is called the Federal Information 
Technology Acquisition Reform Act (FITARA)--that Congressman 
Issa and others are pushing and it has been reported out of the 
House. This is a very helpful hearing for us to craft what we 
believe we should legislate and what we should do in response 
to and hopefully work with the House to pass legislation that 
will help save some money and provide better service for the 
folks we work for. Thanks very much. Senator Coburn.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Well, thank you, Mr. Chairman, and welcome 
to all of you. I appreciate your hard work.
    IT is one of the areas where we waste more money than any 
other area in the government, except the Pentagon when you take 
IT out. Let us put the other one up first.
    Twenty years ago, Bill Cohen, the Ranking Member on this 
Committee, had a hearing.\1\ My question is, what has changed? 
We still waste about 50 percent of all the money we spend on 
IT, and the question we have to be asking ourselves is, why?
---------------------------------------------------------------------------
    \1\ The hearing referenced by Senator Coburn appears in the 
Appendix on page 109.
---------------------------------------------------------------------------
    Twenty years later, we find ourselves sitting here having a 
discussion. Some things have changed. We have better leadership 
now. Mr. Tangherlini, what you are doing, I congratulate you. I 
have all the confidence in the Office of Management and Budget 
(OMB). I have some disappointment on the data center stuff, 
which I will talk about in the questions. The one thing that 
also has changed is we are wasting more money now than we did 
back then on IT.
    We are starting to put some good reforms in place, which I 
congratulate all of you on. OMB set a goal 4 years ago of 
closing 40 percent of the Federal data centers and saving $3 to 
$5 billion by the end of 2015. We are not there yet. Are we 
making progress? Yes. Do we need to make more progress sooner? 
Yes. There is not the tracking that needs to go on, according 
to the Government Accountability Office (GAO).
    I would tell you, I think every Member of this Committee 
supports OMB's initiative and effort and wants it to succeed, 
and as Chairman Carper mentioned, that is why we reported a 
bill, the Federal Data Center Consolidation Act by Senators 
Bennet, Ayotte, and Chairman Carper and myself, to enhance the 
consolidation initiative and improve the quality of data. 
Greater transparency, clear metrics, and strong oversight, and 
not just by us but by OMB, of the agencies, can make this 
consolidation one of OMB's biggest successes in terms of 
dollars, but also in terms of how it impacts the rest of the 
Federal Government. GAO, in their recent report, now says that 
the initiative has the potential to save far more than the 
early estimates, far more, $10 billion over the next decade.
    We are going to hear about some new plans today from OMB 
and the General Services Administration (GSA). I am excited for 
that. What I do not want is for us, all of us, to lose focus on 
a good set of initiatives that are in place, making progress, 
and saving money.
    So, I welcome you here. I have some concerns that I will 
elevate and discuss in the question period. But, we have a 
pretty good start. It can be better, and we will focus on that.
    Mr. Chairman, thank you for holding this hearing.
    Chairman Carper. Thank you, Dr. Coburn.
    I would just say, this is certainly about saving money, and 
there are a lot of cooperative efforts underway--to do that. It 
is a great way to provide better service. A good example is the 
Veterans Administration (VA). We have these huge backlogs. We 
had these huge backlogs--they are still pretty big--for 
veterans applying for disability under the VA, and it had huge 
backlogs. We had, basically, a paper system and we have a lot 
of folks who had been trying to get disability pensions because 
of Agent Orange, a huge backlog there, a huge backlog just 
because people were looking for a way to supplement their 
income in the worst recession since the Great Depression. So, 
that made a bad situation even worse. But, we are using 
technology and using that technology to whittle down the 
backlog list. We are making very good progress, and that is an 
important thing.
    Another area where we are trying to save some money, but 
also to provide better service, is we have people that are on 
active service in the Department of Defense (DOD). They operate 
under one kind of electronic health record. Over here in the 
VA, they have a different kind of electronic health record. 
They do not talk to each other, not interoperable, and there is 
a great effort underway to make sure that they are 
interoperable. So that when someone leaves active duty and 
moves to veteran status, they can do so in a seamless way and 
we can provide better health care at less cost to our veterans.
    So, it works in a lot of ways. There are some good success 
stories out there. There are some that could be a good success 
story. We want to figure out how we can work together to make 
sure there are a lot more success stories.
    I am not going to introduce everyone individually. You all 
have been good enough to come before us before. We are 
delighted that you are here today. We appreciate your work very 
much.
    Dan, I am going to ask you to lead us off, and then Steven 
and David, if you would, please. Thanks so much.

     TESTIMONY OF THE HONORABLE DANIEL M. TANGHERLINI,\1\ 
      ADMINISTRATOR, U.S. GENERAL SERVICES ADMINISTRATION

    Mr. Tangherlini. Thank you very much, and good morning, 
Chairman Carper, Ranking Member Coburn, Members and staff of 
the Committee. My name is Dan Tangherlini and I am the 
Administrator of the U.S. General Services Administration.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Tangherlini appears in the 
Appendix on page 47.
---------------------------------------------------------------------------
    Before focusing on the topic of today's hearing, I would 
like to take a moment to introduce to the Committee our new 
Deputy Administrator, Denise Roth, who, among other duties as 
our Chief Operating Officer (COO), will be working on internal 
GSA IT issues.
    The challenges of technology procurement and delivery 
facing the government have been a focus for better management 
and oversight throughout this Administration. Given GSA's 
mission, to deliver the best value in real estate, acquisition, 
and technology services to the government and the American 
people, we believe we are uniquely positioned to help make a 
difference in these efforts. Through better management of our 
own IT investments as well as offerings GSA provides 
governmentwide, GSA can support the Administration's efforts to 
better manage IT and to continue improving some of the 
longstanding challenges.
    Since my arrival at GSA, we have been focused on 
consolidating and streamlining major functions within the 
agency to eliminate redundancy, improve oversight, and increase 
accountability. As part of GSA's top-to-bottom review, GSA 
brought together all IT functions, budgets, and authorities 
from across the agency under an accountable, empowered GSA 
Chief Information Officer (CIO) in line with the best practices 
followed by many modern organizations today.
    GSA now has one enterprise-wide process for making IT 
investments, which ensures that investments are geared toward 
the highest priorities in support of the agency's strategic 
goals. We have set internal goals to reduce ongoing operating 
costs to allow the organization to make better long-term 
investments using our enterprise-wide, data driven, zero-based 
IT budgeting process.
    Consolidation also provides an opportunity to adopt the 
best forward-leaning practices in supporting investments. In 
recognition of the need to modernize not just applications, but 
how we support IT and consistent with broader Federal efforts, 
GSA instituted a cloud-first policy that prompts all 
application development initiatives to look first to the GSA 
cloud platforms available as technology solutions before 
evaluating legacy platforms with higher operating costs.
    The focus of our transition has not been limited to what we 
build but also how we build it. Our move to an agile 
development shop has resulted in a significant increase in our 
ability to rapidly deploy and scale. Consolidated IT governance 
is also helping GSA realize a high-performing IT environment as 
effectively and efficiently as possible while also providing a 
level of transparency and accountability that will lead to 
continuous ongoing improvement.
    GSA also looks for opportunities to help agencies adopt new 
technologies and take advantage of digital services that 
improve mission delivery and enhance their interactions with 
the public. GSA helps to ensure that we have tools that allow 
the government to access the ingenuity of the American people 
to help solve government's challenges.
    GSA manages Challenge.gov, an award winning platform to 
promote and conduct challenge and prize competitions 
governmentwide. We are also leading efforts to open government 
data to entrepreneurs and other innovators to fuel development 
of products and services that drive economic growth. GSA 
operates Data.gov, the flagship open government portal which 
enables easy access to and use of more than 90,000 data 
collections from over 180 government agencies.
    In addition, GSA recently announced the creation of 18F, a 
digital delivery team within GSA that aims to make the 
government's digital and web services simpler, more effective, 
and easier to use to the American people. By using lessons from 
our Nation's top technology startups, these public service 
innovators are looking to provide support for our Federal 
partners in delivering better digital services at reduced time 
and cost and making the government a better consumer of IT 
services.
    GSA's internal IT reforms, acquisition solutions, and 
digital services are in keeping with our mission to deliver the 
best value in information technology solutions to the 
government and the American people. GSA still has a lot of work 
ahead of us and I am grateful for the Committee's support of 
our reform efforts.
    I appreciate the opportunity to appear before you here 
today and look forward to any questions that you might have. 
Thank you.
    Chairman Carper. Thank you, Dan. There will be some 
questions.
    Steve, you are up. Thank you so much.

  TESTIMONY OF STEVEN L. VANROEKEL,\1\ U.S. CHIEF INFORMATION 
         OFFICER, U.S. OFFICE OF MANAGEMENT AND BUDGET

    Mr. VanRoekel. Thank you, sir. Chairman Carper, Dr. Coburn, 
Committee staff, thank you for the opportunity to testify 
before you today about the best practices and factors for 
successful acquisition and implementation of Federal 
information technology.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. VanRoekel appears in the Appendix 
on page 53.
---------------------------------------------------------------------------
    During my nearly 20 years in the private sector, I woke up 
every day focused on improving and expanding core services and 
customer value while also cutting costs. I brought this focus 
with me to the Federal Government. When I joined the 
Administration in 2009, and the Office of Management and Budget 
in 2011, I found willing partners in this mission and have 
spent the past 3 years at OMB focused on driving innovation to 
meet customer needs, maximizing our return on investments in 
Federal information technology, and establishing a trusted 
foundation for securing and protecting our information systems.
    Constantly improving the state of Federal technology is a 
priority for this Administration and a mission that OMB takes 
very seriously. In these times of fiscal constraint, this means 
we must drive innovation while controlling spending by 
maximizing effectiveness and efficiency in everything we do.
    The Administration's first term efforts largely focused on 
establishing mechanisms to stop the growth of IT spending, 
promoting new technology such as cloud computing, mobile, 
opening up Federal Government data for private sector use, 
enhancing cyber capabilities, and deploying Federal technology 
as a tool to increase efficiency and allow government to do 
more with less.
    In the decade prior to this Administration, the Federal IT 
budget increased at the Compound Annual Growth Rate of 7.1 
percent a year. If spending increased at the same rate during 
this Administration, our current IT budget request would total 
$117 billion. However, through our PortfolioStat data-driven 
accountability sessions, Federal agencies enhance their 
analytical approaches to more effectively manage their IT and 
improve IT cost oversight. The result is over $2.5 billion of 
identified cost savings and $1.9 billion of realized savings 
through the PortfolioStat process.
    During this Administration, we flatlined Federal IT 
spending, driving efficiencies and fueling innovation across 
the Federal technology portfolio through initiatives like data 
center consolidation, cloud computing, and the Administration's 
Digital Government strategy, all the while working to keep 
Federal data safe and secure.
    One of the pillars of the President's Management Agenda is 
a focus on increased effectiveness, finding ways to deliver 
world class customer services to citizens and businesses. Our 
efforts underway on Smarter IT delivery are a key part of this 
work. To deliver citizens the services they expect from their 
government, we must shift the focus of Federal Government IT 
projects from compliance and process to meeting user needs. We 
must be intensely user-centered and agile, involve top talent 
from the private sector in government IT projects, and ensure 
agency leadership is actively engaged and accountable to the 
public for the success of the digital services of their agency.
    To support this effort, the Administration's Smarter IT 
Delivery Agenda focuses on ensuring the Federal Government has, 
one, the best talent working inside government; two, the best 
companies working with the government; and, three, the best 
processes in place to make sure everyone involved can do their 
best work and be held accountable for delivering excellent 
results for the American people. This agenda aims to increase 
customer satisfaction with top government digital services, 
decrease the percentage of Federal Government IT projects that 
are delayed or over-budget, and increase the speed by which we 
hire and deploy qualified talent and vendors to work with 
government on these IT projects.
    As in any organization, public or private, IT excellence 
starts with having the best people executing the IT. While 
there are many talented IT professionals across our government, 
it is clear we need to broaden and deepen this talent pool to 
meet present and future needs.
    To this end, we are building a new capability called the 
Digital Service. The Digital Service will be made up of a 
modest team of some of our country's best digital experts. This 
team will be housed in my office at OMB and it will be charged 
with proactively establishing standards to bring the 
government's digital services in line with the best private 
sector experiences, define common platforms for re-use that 
will provide a consistent user experience, collaborate with 
agencies to identify gaps in their delivery capacity, and 
provide oversight and accountability to ensure we see results.
    The Digital Service is a close partnership with the 18F 
delivery team at GSA and will work side-by-side with agencies 
to ensure they have the resources and talent that they need to 
deliver great services on time, on spec, on budget, with 
optimal user functionality.
    In conclusion, it is apparent that in today's world, we can 
no longer separate the outcomes of our Federal programs from 
the smart use of technology. By increasing an emphasis on 
customer need and making it faster and easier for individuals 
and businesses to complete transactions with the government, 
online or offline, we can deliver the world class services that 
citizens expect.
    Mr. Chairman, Dr. Coburn, thank you for holding this 
hearing and inviting me to speak today, and I appreciate the 
Committee's interest and ongoing support. I am excited to 
continue our dialogue in questions today. Thanks.
    Chairman Carper. All right. Thank you, Steve.
    David, please proceed.

   TESTIMONY OF DAVID A. POWNER,\1\ DIRECTOR OF INFORMATION 
 TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Powner. Chairman Carper, Dr. Coburn, we appreciate the 
opportunity to testify on how the Federal Government can better 
manage its annual $80 billion investment in information 
technology.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Powner appears in the Appendix on 
page 59.
---------------------------------------------------------------------------
    Of this $80 billion, about three-quarters is spent on 
operational or legacy systems and the remaining goes toward new 
development. Therefore, it is vitally important that new 
systems acquisitions are managed effectively and that the 
government finds more efficient ways to deliver existing 
services.
    Over the past 5 years, OMB has initiated excellent efforts 
to do just that. This morning, I would like to highlight four 
significant initiatives: Data center consolidation, 
PortfolioStat, the IT Dashboard, and TechStat sessions. For 
each of these, I will highlight accomplishments to date, but 
also what needs to be done to get even more out of these 
initiatives. I will also discuss the report we are releasing at 
your request, Mr. Chairman, on incremental development.
    Starting with data center consolidation, OMB started a data 
center consolidation effort in 2010 to address the government's 
low server utilization rates, estimated, on average, at 10 to 
15 percent, far from the industry standard of 60 percent. This 
effort was also to result in $3 billion in savings across all 
departments. Our ongoing work shows that the number of centers 
is now more than 10,000. About 750 have been closed or 
consolidated to date. Over $1.3 billion in savings has 
resulted, and agencies estimate another $3 billion in savings 
in fiscal years 2014 and 2015. Therefore, expected savings 
through 2015 should be around $4.5 billion.
    Chairman Carper. Is that cumulative?
    Mr. Powner. Yes, that is cumulative. Now, if you go beyond 
2015, Mr. Chairman, you are in that $10 billion price range 
that you mentioned, Dr. Coburn.
    Better transparency on the savings is needed, in our 
opinion, and the legislation this Committee has introduced 
would do just that.
    OMB recently expanded the data center consolidation effort 
into a larger initiative called PortfolioStat to eliminate 
additional duplicative spending in administrative and business 
systems. OMB reports that agencies have achieved about $2 
billion in savings on this initiative through 2013. The target, 
based on our work going out to each agency, is actually $5.5 
billion, and there are over 200 PortfolioStat initiatives that 
agencies are currently working on to eliminate duplicative 
spending. It is critical that these 200 initiatives are driven 
to closure so that the $5 billion in savings can be achieved.
    Now, turning to initiatives that help better manage large 
IT acquisitions. The IT Dashboard was put in place to highlight 
the status and CIO assessments of approximately 750 major IT 
investments across 27 departments. The accuracy of the 
department has improved over time, with certain agencies 
reporting more accurately than others. Here is what the 
Dashboard tells us. Of the 750 major investments, about 560 are 
in green status, 160 are in yellow, and 40 are in red, so there 
are about 200 projects where the government will spend about 
$12 billion that are at risk and need attention. Only eight 
agencies report red, or high risk, projects. Nineteen agencies 
do not have high-risk investments.
    Mr. Chairman, there are three things that need to happen to 
make the IT Dashboard a better accountability mechanism. First 
of all, all major investments need to be listed on the 
Dashboard. Our work has shown that several investments, like 
the Department of Energy (DOE) supercomputers, are not listed 
on the Dashboard. Ratings need to be even more accurately 
reported. There are clearly more than 200 projects that are 
medium-or high-risk.
    And, OMB and agencies need to aggressively govern the at-
risk investments using TechStat sessions. OMB held about 80 
TechStat sessions and had great results that included scaling 
back and even terminating failing projects. OMB subsequently 
empowered CIOs to hold TechStat sessions with their respective 
agencies, a move we agree with, but we also strongly think that 
OMB should hold TechStat sessions on a selected basis for 
either troubled projects or projects that are top national 
priorities. OMB recently told us that they only held two 
TechStat sessions in 2013. This is clearly not enough. Agencies 
also need to better use IT acquisition best practices that 
include executive involvement in getting your requirements 
right early.
    Finally, a major aspect of the IT reform plan of 2010 
called for agencies to deliver in smaller increments to be 
successful. Our 2011 report on successful acquisitions proved 
this as all seven examples were increments of larger projects. 
The report we are releasing today shows that three-quarters of 
the IT acquisitions are not planning to deliver within 6 
months, and less than half plan to deliver within the year. 
Therefore, we still have too many ``big bang'' projects that do 
not deliver anything for years and, therefore, run a high risk 
of failure.
    Chairman Carper, Dr. Coburn, thank you for your continued 
oversight of these issues. We look forward to working further 
with you.
    Chairman Carper. Thanks so much.
    Would you go back to the beginning of your statement. There 
was a sentence near the beginning where the letters ``OMB'' 
appeared and the word ``excellent'' appeared. Would you go back 
and read that sentence again.
    Mr. Powner. Yes. OMB has initiated excellent efforts to do 
just that, and they are. These are all great initiatives. All 
four of them are tremendous initiatives. The key is to drive 
them to closure so that we get the savings that are currently 
on the table. Data center consolidation: the goal was $3 
billion through 2015. Agencies are telling us they can save 
$4.5 billion through 2015, and if you go out to about 2018, it 
is about $10.5 billion on the table.
    Chairman Carper. And you have already said this before, but 
in terms of what needs to be done to make sure we reach that 
goal--just run through, if you will, some of your 
recommendations. It is one thing to launch excellent 
initiatives. It is another thing to actually realize them. But, 
just highlight for us again some of the steps that need to be 
taken to make sure that we realize the promise.
    Mr. Powner. Well, what is very good on data center 
consolidation, it is publicly available that you could look at 
the closures to date----
    Chairman Carper. Yes.
    Mr. Powner [continuing]. And there are great success 
stories. I can tell you about some of the closures that----
    Chairman Carper. Good. Some of the other initiatives beyond 
the consolidation of the data centers, please.
    Mr. Powner. Oh, beyond the data centers?
    Chairman Carper. Yes.
    Mr. Powner. Well, if you look at the TechStat sessions, the 
IT Dashboard, a number of things with the IT Dashboard. You 
have to get all investments on the IT Dashboard. There are some 
investments that are listed as non-major that are huge dollars 
that are not listed. DOE's supercomputers are not listed on the 
Dashboard. There are satellite programs that should be listed 
on the Dashboard.
    So, first of all, we have to get everything on the 
Dashboard. A good example is DOD, for a long period of time 
they only listed 93 major investments on the Dashboard. The 
Senate Armed Services Committee (SASC) held a hearing a couple 
months ago. It was highlighted that a number of investments 
were not on the Dashboard. They report 118 today. Ninety-three 
to 118, great progress. So, we have to get them all on there.
    We have to get accurate assessments on the Dashboard, and 
then we need to use TechStat sessions to fix failing projects 
or projects that are in trouble. The 80 TechStat sessions that 
OMB initiated in the 2010 and 2011 timeframe, it was excellent. 
There were some projects that were descoped, turned around. A 
few were terminated. It was very successful in terms of 
focusing on large-scale IT acquisitions and fixing it. We need 
to go back to doing more of that.
    Chairman Carper. All right.
    Steven, are you going to sit there and take this? 
[Laughter.]
    Would you like to say anything? You can accept the praise, 
or just address some of the--I think you would be smart to 
accept the praise, but then say, well, David has some points 
here and here is what we are doing about it. Go ahead.
    Mr. VanRoekel. Yes. He had me at excellent, sir. 
[Laughter.]
    I think that if you look at the work being done and think 
about how to get the activity we want to see in Federal IT, I 
am a huge fan and have done a lot of work to think about what 
kind of transparency mechanisms we are doing. Are we enhancing 
the IT Dashboard? What are we doing there to hold people 
accountable?
    I think, much like I saw throughout my career in the 
private sector, transparency is one part of it. You also have 
to set up the right incentives to make sure that it yields the 
behavior you want to see. Just simply going out and telling 
agencies, close X-amount of data centers, is an ends, not a 
means, without telling them, here is how to get there. You have 
to set up the structure, and I will give you an example.
    If an agency has two data centers that are right next door 
to each other, share a common wall, say, and I say, close 50 
percent of your data centers, they will take down the wall in 
between and two suddenly goes to one and they have reduced 
their total inventory by 50 percent.
    Instead, what we have been doing is thinking about what are 
the core elements that make closing down a data center so 
essential. It is, how much power are you using? How much square 
footage is this data center? What is your utilization of the 
data center, and all of those things. Because data centers are 
essential to government, and making sure that we create centers 
of gravity and ones that use low power, that have the lowest 
costs, that are running modern technology is the motivation.
    Just this week, we launched PortfolioStat 2014, so, the new 
PortfolioStat guidance actually went out to agencies yesterday. 
And in that guidance, we actually contain within a whole set of 
incentives and key performance indicators (KPI) that basically 
tell agencies, one, identify these centers of gravity. Identify 
a highly optimized data center. For everything else in your 
inventory, I either want you to shift that to the cloud or I 
want you to close it down. And, the mechanisms and the 
incentives we have set up are doing this.
    I talk to large private sector CIOs--General Electric, Wal-
Mart, some of those companies. When they talk about 
consolidating their data centers, they will literally say some 
of their divisions will bring forklifts in and pick up their 
data centers and move them to a bigger room, and suddenly, five 
became one, which does nothing to drive down costs or drive 
efficiency or a different outcome.
    And so what we have done is not only thought about the 
transparency--and, by the way, the number of data centers in 
the inventory have grown because I expanded the definition to 
get more--I wanted to uncover everything out there to make sure 
we are not growing----
    Chairman Carper. Something like that happened with respect 
to improper payments----
    Mr. VanRoekel. Exactly.
    Chairman Carper [continuing]. The first improper payments, 
the amount of improper payments grew, it was because agencies 
were finally reporting it and identifying it.
    Mr. VanRoekel. That is right. We are closing, not growing. 
The inventory is growing because the diligence is going up and 
the quality of the inventory is going up. So, I wanted to get 
everything on the table and then make sure that we are bringing 
all that in and the right incentive structures.
    Chairman Carper. Let me just ask you, anything that David 
mentioned in terms of additional steps that need to be taken to 
ensure that the full potential of these initiatives is 
realized, is there anything that he said that you disagree 
with? Is there anything that he has mentioned here--and this 
would be for any of you--that Dr. Coburn and I, our Committee, 
the Senate, the House, could be helpful in better ensuring that 
we realize the potential in these initiatives? Our response. 
This is a team sport. We are part of the team.
    Mr. VanRoekel. Yes. And, I agree with his point on the 
power and the results that we saw through the TechStat process. 
What we did is, we have a very finite resource in our staff at 
OMB. It is small, a double-digit number of people on the team, 
and we have a lot of statutory responsibility and a lot of 
other responsibilities we do to formulate the budget and work 
on lots of other things in the interest of Congress.
    What we did to scale that effort was actually go out and 
train employees and agency technical officials on how to run 
TechStat. We have trained over a thousand people in running 
TechStat and it is starting to become a cultural element inside 
turning around projects.
    I think the issue with TechStat is that it is, by its 
nature, a reactive motion. It is when something is going wrong, 
we step in and look at things, versus getting in on the front 
end. Yesterday, I had a Senate Appropriations hearing and I 
talked about supporting our fiscal year (FY) 2015 request, 
which really aims to build capacity on my team to get out in 
front of some of these things and do what we have done in a 
reactive way more proactively with agencies.
    Chairman Carper. OK. The second half of my question, and I 
am over time, but I want to just maybe do it quickly. Our 
responsibilities--what can we do? Dr. Coburn and I, our staffs, 
our colleagues here, try to do oversight, and we are told--
whenever I ask--a lot of times, I ask, well, what can we do to 
better ensure that we are doing the right thing there across 
the board in all kinds of initiatives that are oftentimes 
identified by GAO, on their High-Risk List, and what we hear 
again and again is, oversight, oversight, oversight. It 
actually does help.
    But, in terms of what we can do to supplement and increase 
the likelihood that we will be fully successful in these 
initiatives. We will start with you, David. What further should 
this Committee be doing under our leadership?
    Mr. Powner. Well, first of all, I think your oversight and 
the hearings you hold on troubled projects--it is OK to be red 
and yellow, but are we doing something about it? And I agree 
with Steve that we need to be proactive, but the reality is, 
good IT governance, you have a lot of programs that get 
started, then risks come up, and there are a lot of risks and 
you need to deal with them. So, that is where the TechStat and 
strong governance is important and your oversight is very 
important there.
    I do think, because there is so much money on the table 
with data center consolidation, that your legislation is 
essential. I am not certain we are going to get to the $10.5 
billion without legislation and strong Congressional oversight, 
where those reports go to you on an annual basis and we keep 
the foot on the gas pedal.
    Chairman Carper. Anything else you want to add to that 
before Dr. Coburn takes over?
    Mr. Tangherlini. I would simply add that there is actually 
an awful lot of good that is happening within Federal IT, and 
as we focus on issues of oversight and as we do reviews, as we 
even do the stats, we should be thinking about the places where 
we are actually succeeding and making progress so that we can 
more widely disseminate and share that experience with agencies 
so that they can model the best behavior, not just have 
evidence of the worst.
    Chairman Carper. Good. Well, I think this glass is 
definitely half-full, maybe more, and we want to fill it up 
even more. Dr. Coburn.
    Senator Coburn. This is the first hearing I have been to in 
a long time that, really, there are a whole lot more positives 
than there are negatives, and I congratulate you all on it.
    David, there is a discrepancy in terms of what OMB has 
labeled as high-risk IT projects. I think they have labeled 
self-reporting from a one to a five. They have, like, 40, and I 
think in your testimony, it was 200. What is the difference 
there between you and Steve? Why do you see 200 and they see 
40, and is it a matter of downgrading the risk so that you look 
better, or is there just a difference in the assessment, 
because that is a 500 percent difference.
    Mr. Powner. Yes, Dr. Coburn. So, there are about 40 red 
investments on the Dashboard and about 160 yellow, so that is 
how we get to the 200 we deem at-risk investments. There are a 
lot more than 200. That includes DOD reporting zero reds----
    Senator Coburn. Yes, which is----
    Mr. Powner [continuing]. And really not that----
    Senator Coburn. Which is ridiculous.
    Mr. Powner. Not that many yellow. I will say, though, on 
the importance of Congressional oversight, that I was recently 
at a hearing in front of the SASC. DOD is now committed. Their 
report went from 93 to 118 investments. They have committed now 
to update the Dashboard every 6 months, they say, but their 
process--monthly is unrealistic. That is progress.
    They also said--I thought this was very good, DOD--with 
their Enterprise Resource Planning (ERP) history and failure, 
especially with Expeditionary Combat Support System (ECSS), 
they said, if we have an ERP system, we are going to 
immediately put it as red on the Dashboard and manage it 
appropriately. I think that is actually progress, given their 
history and the failures they have had.
    So, that is where the Dashboard--the 200 is well 
understated in terms of projects that are at risk. There are 
many more. But, again, we do see some agencies moving in the 
right direction with more accurate reporting and doing 
something about it.
    Senator Coburn. Steve, were you gamed a little bit by some 
of the agencies in terms of downgrading their risk? You allowed 
them to grade it, right? You all did not grade it.
    Mr. VanRoekel. This is self-reported, yes.
    Senator Coburn. Yes. So, have you done anything from a 
management standpoint of saying, hey, guys, here are the real 
guidelines?
    Mr. VanRoekel. Well, I think the first order of business, 
much like the mentality I would use in the private sector, is 
that self-reporting is not the best mechanism----
    Senator Coburn. Right.
    Mr. VanRoekel [continuing]. To track this stuff, and so we 
put into place other mechanisms to do that. The first one is 
actually in the IT Dashboard. It is a feature I added where I 
can tell if an agency is rebaselining, they are moving the goal 
line on their cost or their schedule or things like that. I 
get, now, an indication if that is happening and so we can see. 
A lot of times in the past, we would see someone bright green, 
but they were moving the goal line a lot and then you knew that 
something was wrong in that sense.
    The second thing is the PortfolioStat process actually 
establishes a whole host of key performance indicators that we 
hold agencies accountable to, and most of that, leading up to 
where we had today, because we had to get our arms around the 
growth of IT spend, was really focused on efficiency. It is 
literally, like, how many e-mail systems are you running, 
because it is unthinkable to run more than one. How many mobile 
contracts do you have? How many of this? Kind of rooting out 
duplication inside the agency.
    In 2014, the guidance that came out this week, we inflect 
and build upon that by adding effectiveness KPI. So, we ask 
agencies to identify, what are your key mission critical 
investments, like, give us the top two or three that we want to 
make sure that we are applying a new playbook to to make sure 
that you are taking 21st Century principles and holding them 
accountable to these key performance indicators. So, like I 
said, it is about those metrics, about those indicators, but it 
has been the incentive structure we put behind it to get the 
behavior we want.
    Senator Coburn. So, having said that, you would expect the 
Dashboard to reflect more and more the numbers that GAO is 
actually reporting on rather than what the self-reporting is?
    Mr. VanRoekel. I anticipate that we will see changes in the 
IT Dashboard over time that pick some of this capability up for 
sure, yes.
    Senator Coburn. All right. In terms of the TechStat, in 
terms of agencies reporting this each month, there is a real 
lack of performance on agencies in terms of meeting that 
milestone each month, just in terms of reporting that. Where 
are we on that, and what have you seen, David--you mentioned it 
in your testimony--in terms of compliance with that? Because as 
I read the briefing for this and read your testimony, it seems 
that that is one area where we are not having much compliance 
with the agencies. What do you see?
    Mr. Powner. Well, I think it varies across the board, Dr. 
Coburn, and I think some agencies have very strong IT 
governance processes and they hold TechStat-like meetings and 
always have, even prior to TechStat existing. IRS----
    Senator Coburn. Do you correlate that at all with a strong 
CIO position?
    Mr. Powner. Absolutely. DHS, I think the governance 
processes they are trying to roll out, and have been for a few 
years now, the processes are very good. We have written 
reports, the processes are good. Now, we need to implement it 
on more and more of these projects. The Internal Revenue 
Service (IRS) is another example. It is an organization that 
came off our High-Risk List because they have pretty strong 
leadership. They have strong governance processes.
    We see pockets of success, so it can be done, but then we 
see other agencies that we do not get the amount of governance 
that you would expect. That is why we are strong proponents of, 
and I understand Steve is challenged to do a lot of things with 
his responsibilities, but when he kind of hovers in and does a 
couple TechStat, it gets attention and it gets movement in the 
right direction.
    Mr. VanRoekel. One of the goals, one of my agendas related 
to PortfolioStat was not only setting up a data-driven 
mechanism to start going in and understanding Federal IT. When 
I came to the job in 2011, I could not really tell you what an 
e-mail box should cost in government. I could not sit down and 
have a face-to-face with an agency and say, boy, you are 
spending too much, you are not on par, things like that. I now 
have that and I now know that because we were able to gather 
broad sets of data across government and process that in a way.
    Not the secret agenda, but the goal of PortfolioStat, in 
addition to just gathering that data, was I hold a face-to-face 
meeting with the Deputy Secretary and all the C-level 
executives of the agency and we sit down every summer and go 
through a very long set of metrics, KPIs, and talk about the 
state of affairs within their agency. The goal of those 
sessions is actually to teach an agency, who are typically not 
optimized around management, more optimized maybe around the 
policy agenda they are running--is to teach them how to run a 
private sector Investment Review Board.
    Senator Coburn. Yes.
    Mr. VanRoekel. If you were in a company, you would put all 
your C-level executives. You would have your mission goals up 
on the screen. And then you would dovetail that into, what are 
our resources to go execute that mission and what are the tough 
decisions we need to make to get there?
    The Government Performance and Results Modernization Act 
(GPRA) coupled with these sessions and some principles that we 
bring in through our policy work, I think, are the combination 
we need to go drive this stuff forward, to teach them how to 
run this. I end up bolstering the authority of not only the CIO 
in those meetings, but the acquisition officer, the human 
capital officer, and it really takes the combination of all 
those people working in--the lawyer on the team--working in 
concert to meet that shared mission.
    Senator Coburn. Yes. What is your answer to David's worry 
that there are not enough TechStat meetings and that the 
benefits from those--I guess what you are saying is, there is a 
diminishing return. When you started this, there was a lot of 
return for these TechStat meetings, and having two in 2013--
David is worried that we are not getting as much bang because 
we are not having as many of those and he feels those really 
drive change within the agencies. You have had to put a budget 
out every year, and the year that you spent all this time on 
this, you were still putting a budget out, so I am not inclined 
to buy the time limitation as much as saying you have done it 
before, why can we not do it now?
    Mr. VanRoekel. With the limited resources on the team, I 
put prioritization behind getting the foundation in place----
    Senator Coburn. Which is what you did.
    Mr. VanRoekel [continuing]. Is what I am doing around 
PortfolioStat and other things to make sure that we were not 
causing more TechStats to be had in the future. We had to get 
the foundation set up in a way that we could deliver mission 
solutions. We were not in a place when all these TechStats were 
happening before, and what would happen is we just spent all of 
our time doing TechStats.
    Senator Coburn. Yes.
    Mr. VanRoekel. I truly feel, if you have spending under 
control, you consolidate all your commodity computing, you get 
things streamlined in an agency in order to deliver the mission 
outcomes you want to do, you teach them how to run an 
Investment Review Board, you create this sort of virtuous cycle 
and cultural shift, you can then go in and deliver mission 
solutions in more 21st Century ways, and that is what we are--
--
    Senator Coburn. But, does GSA have the capability to help 
you in that area? I would ask you, and then I would ask Dan. I 
mean, do they have the expertise where you can say, hey, guys, 
come over here and help us on this TechStat.
    Mr. VanRoekel. Absolutely.
    Senator Coburn. And you spread your resources by utilizing 
some of them.
    Mr. VanRoekel. Well, where we have utilized our partnership 
mostly with GSA, which I think is core to both of our missions, 
has been looking for those opportunities where, coming out of 
PortfolioStat sessions, coming out of these things, what are 
the core capabilities we should be delivering governmentwide, 
that we should not do it, every agency doing their own thing.
    Senator Coburn. Yes.
    Mr. VanRoekel. We should just do it once. And then, to that 
end, we have done many things, like the Federal Risk and 
Authorization Management Program (FedRAMP) cloud security 
program has come out and now is run by GSA. The mobile device 
program, we now have a family plan for government, so you can 
share minutes now across agencies and drive efficiencies that 
way. And so we are doing a lot to partner on that front.
    And then now, I believe, this 18F capability that Dan 
talked about in his testimony is also essential--and we are so 
friendly, I call him Dan--Administrator Tangherlini----
    Mr. Tangherlini. Yes.
    Mr. VanRoekel [continuing]. That this capability is 
essential, too, now that we are inflecting and building upon 
the efficiency work to get into effectiveness.
    Senator Coburn. OK.
    Mr. Tangherlini. I would just echo Steve's comments and say 
that GSA and OMB actually do have a very collaborative 
relationship. Though, we have recognized that there is white 
space there that we can grow into. So, we created the 18F 
activity to help us begin to get the ability to be a better 
consumer of IT resources by having a better understanding of 
how IT technology is actually developed. Having coders and 
developers on staff is going to make it possible for us to help 
agencies better define their scopes of work so that they can be 
a better consumer of those resources.
    Working very closely with the Office of Federal Procurement 
Policy Office (OFPP), on things like what Steve mentioned, 
strategic sourcing, but also building stronger capabilities, 
such as our OASIS contract, our services contract, that allows 
agencies to buy things once and well, and rather than putting 
an awful lot of effort into the actual acquisition activity, 
they can focus more of their effort on defining scope and 
understanding how to better manage that contract.
    So, I think that those are some of the ways we are working 
together, but we do believe that there are many opportunities 
for us to partner more closely.
    Senator Coburn. But, 18F is really small scale projects.
    Mr. Tangherlini. Eighteen-F is really small scale projects 
because it is really small scale.
    Senator Coburn. Yes.
    Mr. Tangherlini. But, it helps agencies begin to think 
about better ways to approach much larger projects and----
    Senator Coburn. But, a case can be made, for the hard, big 
dollar projects, a TechStat intervention, I would call it, can 
be very beneficial, and I think that was Dave's point. I mean, 
how many TechStat meetings have happened at DOD in the last 
year?
    Mr. VanRoekel. That is a better question for DOD on 
specifics, because we train people to run----
    Senator Coburn. I know, but the point is, half of our 
spending on IT really goes through DOD.
    Mr. VanRoekel. Yes.
    Senator Coburn. And, more than half of our waste goes 
through DOD.
    Mr. VanRoekel. I think the key--if I might----
    Senator Coburn. Sure.
    Mr. VanRoekel. I think the key is the big projects. Part of 
the cultural transformation we are in, if you were to go to a 
leading private sector company and talk to them about how are 
they delivering solutions, they would never say to you, we are 
doing big projects. Nobody does the big monolithic, I am going 
to take 3 years to ship something, approach. Every time you go 
to Facebook or Amazon.com, you are probably getting a new 
version of it and not even realizing that you are getting a new 
version. It is just updates happen----
    Senator Coburn. They are doing continuous process 
improvement within their IT.
    Mr. VanRoekel. Something we call agile development versus 
monolithic. The history of government IT has really been 
defined by a waterfall, monolithic approach, and part of the 
goal here on 18F, on the work we have been doing and the policy 
framework, the guidelines we are doing, the playbook as part of 
our smarter IT, is all about how do we get out of this 
compliance waterfall culture and do more of an agile culture.
    Senator Coburn. Yes, I agree.
    Mr. VanRoekel. I want to know what agencies can ship in 60 
days, not what they can ship in 3 years.
    Senator Coburn. Yes. I am way over time and I----
    Mr. VanRoekel. Sorry.
    Senator Coburn. I guess I take it from you that you are 
pretty tight on--you are going to do the TechStats that you 
think you need to do, and numbers do not matter, outcomes 
matter.
    Mr. VanRoekel. I think proactivity matters a lot.
    Senator Coburn. OK.
    Mr. VanRoekel. And, I think getting in front of a lot of 
this stuff versus reacting to it is essential.
    [Pause.]
    Senator Coburn. Tom and I just discussed--I have a lot of 
other questions. I am going to put them into written form and 
then get you to answer them back, OK.
    [Pause.]
    Chairman Carper. I am going to ask our staff to put up a 
couple of posters, please.
    The focus of this hearing is to examine the best practices 
and the critical factors that lead to successful acquisition of 
information technology investments. Both GAO and the 
organizations that Mr. Chenok represent--I think he is going to 
be on our next panel, but I think he represents the Industry 
Advisory Council--have done some work on that question.
    I had asked that a couple of posterboards be printed up 
that list the critical success factors that GAO found and the 
7-S for Success Framework\1\ that Mr. Chenok will testify about 
in a few minutes. But, I would want to ask this panel to 
comment on these exhibits, whether they agree with these 
findings and any other thoughts that you all might have as we 
try to determine what it takes to successfully implement IT 
projects in the Federal Government.
    The first one that I am looking at here is Common IT 
Investment Acquisition Critical Success Factors.\2\ It is not a 
top 10, but it is a top 9. I would like for you all just to 
look down that list, and then, if you will, the 7-S for Success 
Framework that has been provided for us and white paper by Mr. 
Chenok. They are going to be releasing it in conjunction, I 
think, with this hearing.
---------------------------------------------------------------------------
    \1\ The chart referenced by Senator Carper appears in the Appendix 
on page 107.
    \2\ The chart referenced by Senator Carper appears in the Appendix 
on page 108
---------------------------------------------------------------------------
    But, David, if you want to lead off and just comment on 
these success factors, if you would, please.
    Mr. Powner. Yes. I think there is a lot of commonality 
between the two lists, and what this is really about is 
governance. It starts with governance, getting the senior 
executives engaged on these projects. A lot of failures, we do 
not have executive sponsorship. There is a lot up here about 
having the right staff, having the right stakeholders, and that 
includes the business partners on these IT acquisitions, 
getting your requirements right up front, and then there are 
some things on testing.
    But, I would like to highlight one key point here, Mr. 
Chairman, and it is on No. 6, software development is agile, 
and piggyback off of what Steve said. These common success 
factors, the nine, they were based off of seven projects that 
were all increments of larger projects. So, going small 
matters. We do not go small enough in the Federal Government.
    The IT Reform Plan of 2010 had a requirement that we 
deliver within 12 months. Steve upped the ante at OMB and said, 
we are going to now require 6 months. So, we did a review--we 
are releasing the report today of 90 major IT acquisitions. 
About a quarter of them are planning to deliver within 6 
months. Less than half are planning to deliver in a year. So, 
many of these projects go years without delivering.
    Steve is absolutely right. We need to go small. That is the 
big difference between government and the private sector. They 
go smaller much better, OK. When I was in the private sector 10 
years ago, we were doing 90-day deliverables all the time.
    So, what do we do to fix it? In that report, we have a 
recommendation that in their Exhibit 300 process, that 
agencies--there are about 275 of the 760 investments, about 275 
are in development, OK, the rest are more in legacy. Two-
hundred-and-seventy-five--it is not that many governmentwide. 
They should clearly identify whether they are delivering in 6 
or 12 months, whatever we want to pick. I do not care. You can 
choose either one. And if they are not delivering at least 
within a year, we ought to think real hard about whether those 
projects ought to be funded. That is how you would fix it. That 
would be the solution.
    Chairman Carper. Good. Thanks.
    Same question. I want to ask you to compare these two lists 
for success. As David says, there is a lot of common ground 
here.
    Mr. VanRoekel. Yes. I think they are very common, and 
actually, we used both of these lists, the 7-S in draft form 
and the GAO recommendations, to inform a lot of the playbook 
that we established for this new Digital Service effort that we 
have that is basically saying, what are the key performance 
indicators we want to hold agencies to on the mission side.
    I think the thing that takes me, the perspective I have 
across here, is if you read through both of these, you could 
not just apply the title of CIO to this list. I see acquisition 
elements on here. I see people elements on here. I see probably 
some things that need legal interpretation inside agencies on 
this list.
    One of the challenges we have--but, I think, opportunities 
we have--is really around how do we get this more coordinated 
effort across the C-level executives inside our agencies so 
they are working in concert to the mission outcomes we want to 
see. Oftentimes, I will hear from CIOs that say they walk down 
the hall and talk to their acquisition official and they have 
some innovative way they have thought about delivering some 
solution that is completely within the law in their 
interpretation, and maybe even another agency has done it, but 
their acquisition person will say no. Or, you have some other 
aspect where you cannot think in this module a way to get 
funding and break a contract down or get your funding from your 
Chief Financial Officer (CFO) established in that way. And so 
there are things I think we need to do in more common ways.
    One of the things we are doing this year is we are sort of 
lovingly calling it the TechFAR, which is we are taking case 
law examples of great, successful, kind of 21st Century 
approaches to acquisition and we are compiling them and sharing 
those with the agencies. So, saying, if you want to take this 
agile approach, here is another agency that has done it. Here 
is the section of the Federal Acquisition Requirements they 
used. Here is how they approached it, and maybe even sample 
contract language they used to do that.
    We also launched, and had an open dialogue with the public 
the last 2 weeks that just closed on Monday, asking innovative 
small companies, what are barriers you are facing when wanting 
to come and do work for the government? Is it reporting 
requirements? Is it barriers to entry to get into the 
procurement lifecycle and cycle? Is it things like that? I did 
a trip to the West Coast. We had other people doing a lot of 
outreach to get lots of interest in people who are not 
traditionally working with government to research what it would 
take and then give us their perspective on it. We anticipate 
out of that work we are going to have administrative, 
legislative, and possibly some regulatory suggestions on 
changes we could do to drive and lower some of those barriers 
for those small, innovative companies to work with government.
    Chairman Carper. All right. Dan, just anything brief in 
terms of lists for success, so what finds favor and maybe what 
does not?
    Mr. Tangherlini. No, I would like to build on what Steve 
said, if you look at this list and say, this cannot just be a 
list of ``to do's'' for a CIO. We have a consolidated, 
empowered, talented, and focused CIO at GSA, but he, too, and 
his team would fail in delivering high-quality IT solutions if 
he did not have the support of, say, from the GAO list No. 3, 
senior department and agency executives supporting the program. 
He would fail if he did not have No. 4 and No. 5 from the GAO 
list, and No. 5 and No. 6 from the 7-S for Success list, which 
is to constantly work with your end users and the people who 
are actually going to touch the system to know whether the 
system is going to work and meet their needs.
    I also think that No. 4 from the 7-S list is one that does 
not get enough attention, as well, shared technology and 
business architecture. There is no reason to continually 
reinvent the wheel. There is no reason why we cannot take the 
benefits of the billions of dollars that the taxpayers have 
already spent on building systems and we cannot make them 
extensible and use them more widely.
    Chairman Carper. I have one more question, but, Dr. Coburn, 
let me just say, I know you said you would submit some 
questions for the record----
    Senator Coburn. Yes, I will ask a few more.
    Chairman Carper. Please, go ahead.
    Senator Coburn. David, I want to talk about incremental 
development, because one of the holes I see is a lack of 
compliance on incremental development. Steven said that is 
important, except we do not see that coming from the agencies. 
As a matter of fact, 6 months, hardly any of them are meeting 
it at all, and then we are at a year. So, talk about where you 
see the hole in terms of complying with this incremental 
development idea and what we do about it.
    Mr. Powner. Well, I think we have, and I think Steve put it 
very well, there is a history in the Federal Government to go 
with the waterfall approach. So, this is something new. Change 
is slow. But, if you want to get serious, and I think you 
stepped out for a second, but I will repeat what I said 
earlier. If you want to really fix the incremental--the IT 
Reform Plan of 2010 said, we are going to do everything in 12 
months. So, let us get serious about that.
    In the Exhibit 300's, there are only about 275 major IT 
acquisitions when you look at the 760 investments, because a 
lot of it is legacy spend. Take those 275 investments, identify 
in their Exhibit 300 on an annual basis what they are 
delivering within the year. If they are not delivering 
anything, do not fund it. Do not fund it.
    Senator Coburn. So----
    Mr. Powner. That is one way to get serious about it. Now, 
granted, there will be exceptions and waivers. But, if you want 
to get serious about incremental development, you could tackle 
those 275 investments.
    Senator Coburn. So, Steve, what is your response to that?
    Mr. VanRoekel. I think----
    Senator Coburn. If an agency is not going to be complying 
in incremental development, why would you fund them?
    Mr. VanRoekel. I think the key here is to look at, like I 
have said, and I sound like a broken record, not only the, how 
are we tracking this, how are we funding it, but looking at 
what incentives are we putting in place and how are we kind of 
shaping the system of government, the systems behind the 
scenes, to get this outcome that we want.
    We still have a long history of certifying IT professionals 
in the waterfall methodology. So, we are changing that. Our 
acquisition professionals who do acquisitions are kind of pre-
programmed to do these big monolithic approaches, so we need to 
change that. That is this effort around the TechFAR that I 
mentioned, where we are taking all these examples and getting 
this community to happen. We need companies working with 
government that know how to do this well, because they are all 
pre-programmed to kind of do these big waterfall approaches. 
So, we are working not only with the incumbents and saying, 
what are the incentives we need to do to get you to turn these 
things in this way, but writing requirements in a way that 
foster this, as well as looking at how do we get new companies 
into government that are going to bring these approaches.
    Senator Coburn. Given your history prior to government 
service and the fact that I have a son-in-law with a Master's 
in computer engineering and electrical engineering and works 
for one of the big firms that does this, my observation is big 
business does not do this a whole lot better than government in 
terms of the stories and the tragedies and the failures that I 
see.
    And, so I want to go back to my point. If, in fact, we 
believe incremental management and incremental reporting is an 
important way for us to see milestone development, and also to 
exclude the catastrophes, why are we not putting more pressure 
on the agencies? I know you are building the infrastructure, 
and I get that. But at the same time, if we are not going to 
have some reporting 6 months or a year of whether we are 
reaching these milestones, they are just not even coming back 
with the information, we are going to have another couple of 
disasters.
    Mr. VanRoekel. So----
    Senator Coburn. It is going to happen.
    Mr. VanRoekel. Mm-hmm.
    Senator Coburn. And, so why would we not have as a policy, 
give us the incremental development?
    Mr. VanRoekel. So, I think the private sector is in an 
inflection where we are starting to see this take hold in even 
the larger corporations out there and definitely taking a lot 
of the best practices you saw on these two sheets up here.
    As far as accountability with agencies, PortfolioStat 2014, 
as I mentioned, makes this inflection into effectiveness. It 
basically says for agencies, identify your mission critical 
investments to us, and then we hold them accountable to a set 
of--basically, informed by these two sheets--a set of KPIs, key 
performance indicators, that indicate agility, that indicate 
this modular approach----
    Senator Coburn. But they are not reporting----
    Mr. VanRoekel. They do--and part of PortfolioStat 2014 is 
quarterly reporting against those KPIs, and so we are holding 
people accountable with a yearly face-to-face meeting where we 
sit down, as I mentioned, with the C-level executives. So, 
there is a mechanism and process.
    Senator Coburn. So, you are saying you have it covered 
without them--you have it covered, even though when we see it 
from GAO, we see a hole in that.
    Mr. VanRoekel. PortfolioStat 2014 launched yesterday, so 
this is a----
    Senator Coburn. Yes. So you----
    Mr. VanRoekel [continuing]. This is a looking forward.
    Senator Coburn. So you say you are fixing that?
    Mr. VanRoekel. This is a looking forward motion.
    Senator Coburn. OK. All right.
    Mr. VanRoekel. Yes, sir.
    Senator Coburn. Good enough. Thank you.
    Chairman Carper. Thank you, Tom.
    When I look at these factors as laid out by GAO on these 
posterboards and on this coalition that Mr. Chenok represents, 
they appear to center on getting key stakeholders lined up and 
properly incentivized, getting the right people on a project, 
setting up a good review process, as well.
    Our House colleagues, Chairman Issa, Elijah Cummings, and 
Gerry Connolly, introduced an IT reform bill that has passed 
the House, I think by a pretty broad margin. And while we 
appreciate their hard work on the legislation and share many of 
their same goals--based on these charts, it is not clear how 
many of these critical success factors can actually be 
encapsulated in legislation.
    I just want to ask if you have any additional thought. We 
talked about this a little bit earlier in terms of what we can 
do to be helpful and constructive on the legislative side. Do 
you have any additional thoughts on that and where legislation 
may be necessary to improve Federal agency ability to develop 
and manage IT systems? Steve.
    Mr. VanRoekel. So, I think the challenge, as I mentioned 
earlier, is part of this, and many of the best practices you 
see here are really about comprehensive management, and that is 
probably the hardest thing to legislate, is thinking about how 
do you bring management principles to bear----
    Chairman Carper. Like, how do you legislate common sense.
    Mr. VanRoekel. Well, I will not make comments.
    A starting point if you look at a bill, a proposed bill 
like FITARA, is that I think there is a disconnect between 
appropriators and authorizers. I think there is a money aspect 
here as much as there is an authorization aspect and thinking 
about that kind of duality in the work that is being done.
    I think that we have an opportunity with incentives and 
thinking about what outcomes we want to see. I also fear a lot 
of what we see in legislation that looks at technology is 
technology is moving so quickly. If we were sitting here 15 
years ago, the notion of doing these sort of agile approaches, 
or even Internet kind of approaches in government, were not as 
self-apparent as they are today. And, so, looking at how do we 
really think about what outcomes we are trying to drive versus 
what are the tactical ways we are going to get there is 
essential, because we are just moving so fast. We are moving 
fast enough that our procurement system or other things cannot 
keep up with it, and so we need to think about modern 
approaches to get there.
    Chairman Carper. OK. Thanks.
    Same question, Mr. Powner, David, please.
    Mr. Powner. We have been pretty consistent saying that in 
terms of legislation, there are two things--that I think the 
two biggest areas when you look at these initiatives, on the 
legacy side of the fence, it is data center consolidation, and 
we believe strongly that legislation that calls for annual 
reporting on what is being done will help hold everyone 
accountable. So, I think legislation is very important there.
    The other part of legislation that comes up frequently, 
too, is what do we do with the Dashboard? The Dashboard is very 
important from a transparency point of view and we do not want 
that to go away. The CIO ratings actually have helped with CIO 
accountability and authorities, and we hear a lot about, well, 
the cost and schedule data is not accurate. This is----
    Chairman Carper. I am sorry, what is----
    Mr. Powner. The cost and schedule data is inaccurate, what 
is behind the Dashboard, behind the ratings. Well, let's get it 
accurate. Most of these agencies have about 40 to 50 major IT 
investments and accurate reporting--760 major investments is 
not that many when you look at 27 departments. So, we need to 
get the CIO ratings accurate and we need to get the costs and 
schedule fixed, and that transparency mechanism is vitally 
important for oversight.
    And, so, I think the IT Dashboard, you need to be careful 
on what you report out of it, but I think having that mechanism 
in place going forward is very important.
    Chairman Carper. In terms of how the House-passed 
legislation addresses the points you have just raised, which 
one does it address and, maybe, which ones does it not?
    Mr. Powner. I think the House legislation addresses both 
data center consolidation and the Dashboard. I think both those 
items are in that legislation.
    Chairman Carper. OK. All right. Thanks.
    Dan, same question.
    Mr. Tangherlini. I would just echo what Steve said. I think 
it is very hard to create a legislative framework that requires 
and demands engagement at the executive level in IT projects. 
You can require it, but it will not necessarily result in it.
    So, I think what we need to do is continue to work, as we 
have been, closely with Steve to try to bring these best 
practices into our agencies, and we need to make sure there is 
transparency, and as a result, accountability through strong 
oversight from Congress, seeing how we are performing and 
getting the work done that we say we are going to get done.
    I also think that we should be careful. One of the problems 
we have with doing anything, frankly, in government, IT among 
them, is how many different layers and policies and structures 
we have built up over time. As Steve said, this stuff is 
changing very fast, and do our requirements keep up with the 
speed and the pace of that change?
    Senator Coburn. Can I interject? We passed the DATA Act out 
of here, and the thing that will not change is the requirement 
to know what you spent and where you spent it and be able to 
account for it. Those are basic principles, because you are 
never going to get a metric unless you know those numbers, and 
I think that is one of the things that David is saying. And the 
push-back from OMB on the DATA Act was, this is going to be so 
hard to do, which, all that tells you is they do not know where 
it is. It is not in getting the data to put onto it. It is, we 
do not know the data, which goes back to what Steve says, you 
are teaching management and you cannot manage what you cannot 
measure.
    So, the whole idea behind this was to get data, not just 
for transparency for the American public, but to force the 
agencies to actually be able to measure what they are doing and 
have to report on it, because if you have to report on it, you 
are going to have to collect the data. And the hard job--I 
mean, we are giving the Pentagon 4\1/2\ years to come forward 
with data on where they spend their money. They do not know 
where they spend their money.
    So, I really appreciate, Steve, what you are doing in terms 
of implementing a management capability, because that has been 
the real problem. It is not that we do not have great 
employees. It is we have a skill set that has not been up to 
the task, and what you are doing is very important in that 
regard.
    I have one other question. GAO's recommendation is for OMB 
to issue more specific guidance. What do you think about that 
recommendation?
    Mr. VanRoekel. Are there more specifics about that 
recommendation?
    Senator Coburn. Well----
    Mr. VanRoekel. More specifics, guidance and----
    Senator Coburn. In the incremental development.
    Mr. VanRoekel. I think a lot of what we are doing is in the 
direction of how to do incremental development, including 
getting in front of the agencies to work with them to teach 
the----
    Senator Coburn. So, you feel you are actually issuing 
specific guidance and they just did not see it, or----
    Mr. VanRoekel. No, I think it is not just about guidance. 
We do incremental guidance. Part of the key performance 
indicators as part of our PortfolioStat guidance that went out 
yesterday has incremental guidelines in it. So, I think we are 
definitely not only satisfying the spirit of incremental 
guidance, but doing very specific things.
    Senator Coburn. All right.
    Dan, I just had one question. You are the agency that 
should model this behavior better than anybody. Are your IT 
projects within GSA meeting the 6-month timeframe in terms of 
incremental development?
    Mr. Tangherlini. Some of them are, and we are working on 
making all of them meet those requirements. So, as I said at 
the end of my testimony, we still see a lot of hard work ahead 
for the systems that we are developing. But, we are hoping that 
the work that we are engaged in and the lessons that we learn 
are transferrable to our agency partners so that we can 
structure the way we do business with them in such a way that 
they can actually get those outcomes, as well.
    Senator Coburn. OK. Thank you.
    Chairman Carper. One of the adages with respect to 
leadership is, do not just do as I say, do as I do. And to the 
extent that you are setting a good example for the others, it 
is just very helpful.
    I think we are going to start a vote here, a series of 
votes, and with that, I have one last quick question--no, I 
will ask it for the record. I have several more questions for 
the record.
    I will just conclude by saying this before we welcome our 
second panel. This is not an easy thing to do. It is a hard 
thing to do. In fact, it is a lot of hard things to do and it 
requires good planning, good implementation, appropriate 
funding, good oversight, trying to figure out what is working 
and what is not working and do more of what is working.
    We struggled with this in State Government when I was 
Governor of my State, honestly, and one of our problems was 
having the kind of human resources that we needed to actually 
develop, conceive of these plans, these kind of projects, and 
then have the people in place who could actually work with the 
private sector to implement them and do that in a cost 
effective way.
    And we found that we would just train people to do the IT 
work within State Government, and just when they would get to 
be really skillful, they would get hired away, make more money 
and leave us. We finally figured out, the administration after 
time, to pay them more money and to reduce the kind of turnover 
and be able to attract good people and keep them for a longer 
period of time.
    So, I know these are not easy things that we are asking you 
and the administration to do. We want to play a constructive 
role. We got some great input and insights on what can be 
constructed. We have a data center bill that is out of 
Committee, waiting attention by the full Senate. We might even 
try to have it hotlined and get it passed under unanimous 
consent. We understand that that would be a constructive thing. 
I think the bill that comes out of the House, the FITARA bill 
of Mr. Issa and others, I think it is one of the elements of 
their legislation, so there are some common grounds.
    But, we want to continue to work with you. We want to stay 
in touch with you. We do not want to pass legislation that is 
counterproductive or unproductive. You will continue to--I am 
sure you will--make sure we are a guided missile, not an 
unguided missile.
    All right. With that, thank you for your continued 
dedication and diligence here and keep working. I think we are 
on the right track. Thanks so much.
    And with that, we will welcome our second panel. Initially, 
we had a vote that was supposed to start, or a series of votes 
that was supposed to start at 11. They did not, and then we are 
told there is a series of votes starting at 11:15, and that has 
not happened yet, so we will go as far as we can, but my 
inclination is to go ahead and go as far as we can without 
taking a break.
    I want to welcome our second panel. Dan Chenok is Executive 
Vice Chair of the Industry Advisory Council, the industry 
partner to the American Council for Technology (ACT), 
recognized as a premier public-private partnership in the 
government IT community. The ACT--I am just going to call it by 
its regular name, Industry Advisory Council (IAC). I do not 
like those acronyms, and this is one I am not going to learn. 
But, the Industry Advisory Council provides a wide range of 
programs and services to facilitate communications and 
collaboration and education. Mr. Chenok will become Chair, I am 
told, what, July 1. There is more I could say about you, Mr. 
Chenok, but I am not going to do it today. I want to welcome 
you, thank you for your good work and being here today.
    Next is Karen Evans, no stranger to this Committee. Nice to 
see you again. She serves as the National Director for the U.S. 
Cyber Challenge, the nationwide talent search and skills 
development program focused specifically on the cyber force. 
She has been great to work with as a servant to the people of 
our country and working with us for many years. We are just 
happy to see you again, and welcome, both of you.
    Please proceed with your statements. Dan, if you want to go 
first, and Karen, we will ask you to followup, please. Thank 
you.

    TESTIMONY OF DANIEL J. CHENOK,\1\ EXECUTIVE VICE CHAIR, 
INDUSTRY ADVISORY COUNCIL, AMERICAN COUNCIL FOR TECHNOLOGY AND 
                   INDUSTRY ADVISORY COUNCIL

    Mr. Chenok. Thank you, Chairman Carper, and thanks to Dr. 
Coburn, as well----
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Chenok appears in the Appendix on 
page 79.
---------------------------------------------------------------------------
    Chairman Carper. He will be back shortly.
    Mr. Chenok [continuing]. And to the Committee for holding 
this hearing and for the opportunity to testify.
    I am here in my capacity as the Executive Vice Chair of the 
Industry Advisory Council. IAC is the industry partner for the 
nonprofit American Council for Technology, an organization led 
by government IT officials. This unique government industry 
partnership, referred to as ACT-IAC, provides an objective, 
vendor-neutral, and ethical forum to improve government.
    As this Committee has highlighted, every Federal agency 
relies on IT to provide services and conduct operations. Any 
major program, project, or transformation involving IT brings 
great potential for positive change and benefits, but also 
brings risks to be managed.
    Over the past several months, ACT-IAC has joined a number 
of stakeholder groups in a dialogue with OMB and other 
government leaders regarding how best to improve the 
government's capacity to manage IT programs effectively. We 
have drawn on our unique position as a government industry 
partnership to identify best practices and lessons learned in 
both sectors and formulated an initial set of critical success 
factors for IT and a framework that you indicate here on the 
posters we refer to as 7-S for Success.
    Before addressing the 7-S Framework, I would note that 
government and industry share many common elements with regard 
to the implementation of large-scale IT systems as well as 
important differences. Complex IT programs in both sectors are 
characterized by multiple stakeholders, large and 
organizationally diverse project teams, and the need for 
agility given technological change.
    Government IT programs do involve unique elements, as well. 
These include laws and rules that can require significant time 
to revise, if needed; a budget process where planning occurs up 
to 30 months before the money is actually spent; and limited 
knowledge about how to leverage the acquisition process to 
promote innovation. Adapting commercial best practice to help 
improve how government acquires and manages IT programs must 
account for these elements in order to succeed.
    I will now turn briefly to the 7-S Framework itself. The 
first success factor is stakeholder commitment and 
collaborative governance. Most complex programs involve 
numerous stakeholders and often multiple agencies, contractors, 
and other non-government constituencies. There should be clear 
lines of accountability and responsibility for program goals 
among these players, as well as engagement with key 
stakeholders, including oversight organizations like OMB, GAO, 
and Congress.
    The second factor is a skilled program manager (PM) and 
team. There must be an accountable and qualified senior leader 
of the program. The PM should ensure that a sound, integrated 
program team includes strong leaders who have consistent 
performance measures related to system and program milestones 
to maximize the likelihood of positive outcomes.
    The third factor is systematic program reviews. In addition 
to assessing progress against programmatic goals, governance 
leaders and the PM should celebrate success and identify 
problems promptly for correction. Reviews should include senior 
representatives from key contractors, where appropriate, to 
ensure agreement on status, risks, and necessary actions.
    The fourth factor is shared technology and business 
architecture. Major IT programs involve complex interfaces with 
multiple systems. A business and technology architecture can 
guide activities across the team while remaining flexible 
enough to encourage changes during development and execution. 
The architecture should also address how new technologies and 
business processes will be integrated with legacy systems.
    The fifth factor is a strategic, modular, and outcomes-
focused acquisition strategy. The PM must collaborate with the 
acquisition organization and other government and industry 
stakeholders to develop an acquisition strategy that supports 
program goals. The acquisition process should start well before 
contract award, include market research and requirements 
identification, and lay out goals, timelines, and budget 
linkages. Procurements should also have consistent outcomes-
based incentives across contracts.
    The sixth factor is software development that is agile. An 
innovative IT approach, as you heard earlier, is found in agile 
software development under which applications are developed in 
an iterative fashion with small-scale rollouts, frequent 
feedback from end users, and communication with leaders on 
changes needed throughout. This approach reduces risks and 
increases the chances for program success.
    The seventh and final success factor is security and 
performance testing throughout. Modules should be tested and 
released in phases throughout design development and 
operations, both for individual components and end-to-end 
system performance.
    Chairman Carper, Dr. Coburn, and Members of the Committee 
thank you for the opportunity, again, to testify here today, 
and I look forward to answering any questions you may have.
    Chairman Carper. Dan, thank you very much. Thanks for your 
testimony, and thank you for the seven ``S''s.
    All right, Karen. Please proceed.

  TESTIMONY OF KAREN S. EVANS,\1\ PARTNER, KE&T PARTNERS, LLC

    Ms. Evans. Good morning, Chairman Carper and Ranking Member 
Coburn, when he returns, and Committee staff members. I am 
pleased to be invited back to share my views on identifying 
critical factors for success in information technology 
acquisitions. My remarks today will describe best practices and 
success factors for managing information technology systems 
that the government can learn from industry.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Evans appears in the Appendix on 
page 99.
---------------------------------------------------------------------------
    The Federal Government will spend nearly $80 billion on 
information technology this year, and despite guidance and 
oversight from Congress, GAO, and OMB, the Federal IT projects 
too frequently incur cost overruns and schedule delays and end 
up contributing little to agency mission outcomes. Frequently, 
these failures result from well-known hazards that experienced 
practitioners have learned to avoid by adopting specific 
procedures, best practices, that circumnavigate these pitfalls.
    Other times, the project failure could be traced to someone 
not doing what they were supposed to do. The technology did not 
play a trick on them. This was not an unforseen outside force 
dooming the project. No, in every case, someone missed their 
block and let a defender sack the quarterback. The reflexive 
response is to add another layer of rules to prevent someone 
from making that bad decision again. This is the wrong way to 
go, as it adds layer upon layer of bureaucracy and eventually 
grinds the process to a halt.
    One cannot mandate good outcomes, nor can Congress 
legislate to preclude failure. Rather, the IT acquisition 
system must foster a culture that allows and tolerates a 
continuing learning cycle to improve overall performance. 
Results, whether they are good or bad, provide important 
feedback that needs to be integrated into an overall management 
framework. The goal must be to enable success, not to preclude 
failure.
    My written testimony included critical success factors that 
the Committee could easily influence, should it choose to do 
so. However, I would like to highlight one factor in 
particular, which is the need for leadership at the departments 
and the agencies.
    The Chief Information Officer is the person in the C-suite 
who should have the capacity to translate technology issues 
into business-speak for other business leaders. The CIO 
position is currently under scrutiny, as the original purpose 
of the position is not necessarily working as envisioned, both 
in private sector and in government.
    Whether this person is a CIO, a Chief Risk Officer, a Chief 
Innovation Officer, or a Chief Strategist, or some other chief, 
it is necessary to have a leader who can speak to senior 
executives in terms that are relevant to them and can state the 
potential consequences in terms of political and policy values. 
For example, the public opinion impact on promised level of 
service or unfavorable news stories, declines in earnings per 
share. Right now, the CIO is in a unique position to ensure 
that this happens and needs to provide the leadership in order 
to avoid the mistakes of the past.
    Overall, Federal CIOs and commercial CIOs are similar, with 
the same job description: To be the technology-savvy member of 
the executive team, to provide value through innovation, to 
manage data as a strategic asset, and to lead a team of 
technologists and enable organizational greatness.
    There is widespread perception that the government is 
inherently incompetent at implementing IT systems, not just 
because of the recent high-profile failure, but because that 
follows a string of high-profile failures. However, I have also 
seen a lot of IT projects that were tremendously successful, 
that delivered on time and within budget, that are helping the 
American Government to serve the American people, that did not 
get newspaper stories written about them. So, rather than 
trying to prevent failure, we should try to promote success by 
implementing best practices, assigning qualified program 
managers, and monitoring with accurate metrics. IT is a neutral 
enabler for program delivery, and good management is 
nonpartisan and can support all policies.
    I thank you for the opportunity to testify today and I look 
forward to answering questions.
    Chairman Carper. And I look forward to asking them and 
hearing your answers.
    We have a series of four votes in a row. Dr. Coburn has 
gone to vote on the first vote, and then come back. We are 
going to take turns here. We do not want to have a lot of 
downtime. He will be presiding for part of the time; I will be 
presiding for part of the time. Between the two of us, we hope 
to provide some good questions for you and have a good 
conversation.
    That having been said, we are going to recess just for a 
very short period of time. When Dr. Coburn returns, he will 
take up the gavel and begin asking questions.
    So, thank you very much. With that, we are in recess.
    [Recess.]
    Senator Coburn. [Presiding.] I did not get to hear your 
statements, but I have been briefed by my staff. First of all, 
thank you for being here.
    My first question is, what did you think? Did you hear the 
testimony? What are your thoughts? Go ahead, Dan.
    Mr. Chenok. From the first panel?
    Senator Coburn. Yes.
    Mr. Chenok. So, I think it is important that there was wide 
agreement that this is not simply a technology issue, that it 
is an issue that crosses multiple functions in agencies, 
including acquisition, finance, budget, as well as mission 
leadership, and that is really, I think--it was implied in the 
statement, but the purpose of technology to support agencies, 
just like it is in a private sector organization, is to improve 
the mission and service of that organization. And so----
    Senator Coburn. So, management.
    Mr. Chenok. Improving management to improve the outcome for 
either citizens or the customers of a company is really the 
reason why technology exists. So, it is important to talk 
further, I think, about that integration.
    Senator Coburn. OK. Karen, what were your thoughts?
    Ms. Evans. What I heard was a debate between what is 
happening today, so a tactical approach, so that is a lot of 
what GAO is putting forward--things that have already launched, 
the tactical, we have to bring them to conclusion--and then the 
strategic outlook of how do you fix this in the long term, 
which was described by Steve and the GSA Administrator about 
how do you fix this so that it does not occur in the long term. 
And that you are trying to fix the systemic issues so that you 
can then launch new projects with a certain level of confidence 
that you know that rigor is going to be there.
    But, there is the concern that GAO has, that you cannot 
lose sight of what you have already launched because it is $80 
billion, and in their particular case, they outlined very 
specifically about projects and programs that are in the 
pipeline that you want to make sure that those dollars actually 
achieve results.
    Senator Coburn. My take-away, and actually, it is pretty 
well governmentwide--one of the reasons I am a big Jeh Johnson 
fan is I think he is a good manager. I think he has good 
leadership skills, and we are already starting to see some of 
those changes at Homeland Security. But, the big thing I have 
observed all my time in government is a deficit in leadership, 
a deficit in management skills. And, I think you heard from 
Steve today--he is an impressive guy, and he gets the big 
picture and the short picture, and he is kind of transitioning 
from the ``fix it'' to prepare to make sure it stays that way. 
All right.
    You have been a CIO in the Federal Government. You have 
tried to manage IT at OMB before. Based on your experience, 
what should be our expectations?
    Ms. Evans. For IT performance overall?
    Senator Coburn. Yes.
    Ms. Evans. So, as Dan said and as I indicated in my 
testimony, IT is an enabler, so it is a means to an end. It 
should not be the whole thing itself, which I do believe, and 
this is a management issue that you are bringing up, is that 
the government has a tendency to really get focused around the 
IT solution itself versus what it is actually trying to 
accomplish.
    That is one of the biggest differences that I see now that 
I am on the outside, and areas that I maybe could have helped 
more when I was on the inside is really stressing what is the 
outcome that you are trying to achieve with that investment and 
how soon will you get there, versus, well, we have to have a 
Human Resource (H.R.) system, or we have to have a financial 
management----
    Senator Coburn. A metric measurement. OK. How often, when 
you were at OMB, did you use the budget to enforce management 
changes, in other words, a real hammer?
    Ms. Evans. All the time. [Laughter.]
    I would say, all the time, consistently. And some of the 
things that were discussed earlier and some of the challenges 
with agile development or breaking things into modular 
development, and Dan highlighted that, is that the 
appropriation process within the government, you are always 
working at least on a 24-month if not 30-month cycle. So, in 
private industry, that is not the case. It is 12 months. So, to 
deliver in 6 months or 12 months is realistic within private 
industry because they already think in those terms. The 
government people are thinking in 2-to 3-year increments 
because that is the way the appropriations process works.
    So, what is critical is being able to break it down into 
smaller increments and then use the tools that OMB has 
available to them to either make sure that a spend plan comes 
in that clearly outlines and that you have an agreed upon 
implementation plan so that you can hold them accountable to 
those milestones.
    Those are the types of things that we did on what we 
called--which you are very familiar with--the Management Watch 
List, the High-Risk List----
    Senator Coburn. Yes.
    Ms. Evans [continuing]. That we used those types of tools 
so that we could make sure that the money that Congress 
appropriated for that big outcome was actually being achieved 
with steps in between. It is hard to see a lot of those 
deliverables, especially if it is an internal project, like a 
financial management system or an H.R. system, because those 
deliverables are not publicly available for everyone to see.
    Senator Coburn. Yes. OK. What did you do with the failing 
IT programs?
    Ms. Evans. We would have to evaluate what the program is 
for. So, for example, Senator Carper highlighted the Sentinel 
program, and we have had these discussions before. When a 
program starts, or a project starts in the first place, it is 
usually in response to some type of business need. So, the 
business need really does not go away. Like, in the case of the 
Sentinel project, the business need did not go away to have a 
good case management system and to be able to manage law 
enforcement data. That IT project called Sentinel went the 
wrong way.
    If it is failing, you still need to meet that business 
need, and what you have to do is either stop the work, which we 
stopped the work that was happening on that and redirected it, 
brought it back into smaller pieces, and then said, you have to 
move out and you have to have a go/no-go decision. And if it is 
not meeting the requirements, then you cannot fully implement 
it and you cannot keep throwing money at it.
    Senator Coburn. Yes.
    Ms. Evans. And so that gets to the project management 
portion of this and the requirements associated with it, is 
that those requirements have to be clearly understood, because 
you are still always going to have that business need. It is 
how you go about implementing and achieving that need.
    Senator Coburn. Dan, your testimony highlighted seven 
critical success factors in IT management. Where, in your 
estimate, has the Federal Government fallen short, in order, of 
those seven things? Where do you see us not up to par?
    Mr. Chenok. So, I think there are elements of each of the 
factors where there are successes, but there are also areas 
where there is progress to be made.
    One of the points that we make in the report and that I 
spoke about in my written testimony is that it is not as though 
there are seven independent factors.
    Senator Coburn. Yes, they are all interrelated.
    Mr. Chenok. These are interrelated and they are elements of 
strong management. And I think you heard in the first panel 
about some of the approaches to how to approach strong 
management.
    The other thing I would point out is that the question that 
you asked about what can Congress and what can this Committee 
do is to highlight that importance through oversight, as you 
are doing today, and also look at opportunities where there 
are--I think it was Administrator Tangherlini who talked about 
multiple laws and rules that are basically having agencies 
focus more on compliance than on how to essentially bring good 
management to achieve mission outcomes.
    Senator Coburn. Yes.
    Mr. Chenok. And so, focusing on that, looking at those 
interconnections where there might be areas to clarify is 
something that I think Congress can do, as well.
    Senator Coburn. You saw Steve testified about how he put a 
package together. Here is the acquisition--if you want to do 
this, here are the acquisition rules. Here are the compliance 
rules. In other words, they are building some of the packet to 
give reference to some of the people in the different agencies 
that want to do that, and I think that is a positive step. 
Would you concur?
    Mr. Chenok. Yes, I would agree with that. I think that the 
TechFAR, as Steve referred to it, also resulted from some of 
those consultations that Steve did with our association, ACT-
IAC, as well as some other industry associations, and it is 
really an advancement on the Mythbusters program that the 
administration initiated, and it will lead, I think, to the 
identification of some requirements in the the Federal 
Acquisition Regulation (FAR), that could be reformed to provide 
for more agile and more incremental development.
    Senator Coburn. Yes. Give me your assessment on what you 
see in private industry on how IT is managed and what you see 
in the government. Note my critical note of some big 
businesses, because they wrestle with this when they are out 
purchasing IT, as well, in terms of costs and completion dates 
and functionality. Contrast that for me for a minute.
    Mr. Chenok. So, as an association that has both government 
and industry members, I think we have a lot of experience 
looking across the two sectors. And, I think one thing in 
industry--we talked before, and I think it was mentioned by 
Steve VanRoekel, and Karen repeated this--the funding cycle is 
much shorter, so that in industry, when you have an issue that 
comes up, and there are issues that come up multiple times in 
any large IT, complex IT migration, whether it is government or 
industry----
    Senator Coburn. Right.
    Mr. Chenok [continuing]. You have the ability to more 
quickly pivot through providing resources. And in industry, it 
is often on a quarterly type of consideration, even more 
quickly than a yearly consideration, as management teams look 
to manage their assets looking across their enterprise.
    It is more of a challenge for government leaders, whether 
they are Chief Information Officers, budget officials, or 
program officials looking to correct problems, to say, all 
right, we see a problem. We are going to redirect resources. We 
are going to use a flexible funding arrangement with 
accountability and transparency to our stakeholders and to 
oversight organizations, including the Congress and GAO, to 
make those changes.
    And I think that is one area where, again, if there are 
opportunities to examine where working with authorizers and the 
appropriations process, where there are reforms that could be 
brought, it is bringing government spending for technology more 
in line with that industry best practice through flexible 
funding arrangements. Things like working capital funds or 
franchise funds, which do exist in government, but they are not 
pervasive, and to some extent----
    Senator Coburn. They are not utilized much in IT.
    Mr. Chenok. Right. To some extent, I think that there needs 
to be more transparency about results in those settings. So, 
that is one area that I would draw as a significant contrast.
    Senator Coburn. Of all the billions that we have wasted in 
IT, not once have I ever found where we went after the supplier 
for non-performance, which begs the question, did we know what 
we wanted? If, in fact, we knew what we wanted and somebody did 
not supply it, we have a basis for contract non-performance, 
and yet I have never seen that happen once. Any comments on 
that? Karen.
    Ms. Evans. So, in my experience, as you know, I have been 
an operational CIO, and this is where I allude to this in my 
testimony, about good decisions and bad decisions need to 
inform the process. So, in my experience, if you are clear 
about your requirements, you can use those tools. There are 
tools. The acquisition rules allow for those tools to be there.
    There are things that I have done in my experience where 
there was clear non-performance, and so, therefore, when an 
option year comes up--and contracts are done this way--that you 
do not exercise the option year, and that usually sends huge 
ripple effects. And so those are things that the government 
does do, but you do not necessarily hear about, that they do 
not exercise the option years on those contracts. The biggest 
part is making sure that the way that you write the contracts, 
so in this acquisition, as we talk about acquisition best 
practices, is that the way that you transition out from one 
contractor to another, that you actually think about the 
possibility that the contractor would have non-performance.
    Senator Coburn. Well, but that is my point.
    Ms. Evans. Right.
    Senator Coburn. Your tool is not exercising the option for 
them to continue to non-perform, and my question is about non-
performance and them paying the government for non-performance.
    Ms. Evans. Well, and that has happened, and actually on the 
Sentinel project itself, although we did not highlight a lot of 
this, that is--and these contracts were done through GSA, and 
so this is where GSA is great because of the way that the 
contracts are set up--that that was documented as non-
performance on the contractor's part. They did try to argue 
back and forth that the FBI did not know its requirements and 
loosey-goosey----
    Senator Coburn. Yes.
    Ms. Evans. And there was a certain amount of that, OK, and 
there was also the finger pointing between the two contractors 
saying, you were supposed to do this and you were supposed to 
do that. But GSA stepped in on that particular effort, and 
because of the way the FBI had contracted for that service, 
they could exercise certain things and they did not accept 
deliverables. And then those contractors also gave money back 
to the government and also agreed, in order to be able to go 
forward, that they would only do certain cents on the dollar 
until the project was back on track.
    So, there are tools that are available to the government. 
When you asked, did we use our authorities in partnership with 
GSA in order to move the contract----
    Senator Coburn. Do you think that happens often enough?
    Ms. Evans. I do not think it happens as much as you would 
like for it to happen, sir.
    Senator Coburn. Sort of like incremental development, I 
mean----
    Ms. Evans. Yes.
    Senator Coburn [continuing]. If, in fact, you get there and 
if you have not met the milestone, where do you go next?
    Ms. Evans. And you have to say, no, that you do not go. The 
other issues that happen a lot of times, and this happens in 
the government, not so much in industry, is that a government 
will launch a pilot, and----
    Senator Coburn. Yes. They never die.
    Ms. Evans [continuing]. And they never die. So, during our 
tenure and OMB's oversight, what we attempted to do was call 
them, like, initial operating capabilities and really looked to 
see if it was really meeting the need to do it and then see if 
you could build off of it. But, there were pilots that we had 
to shut down because it cost too much to maintain the pilot 
while you were doing the other projects, so you would have to 
shut down the pilots, and those were really difficult, because 
the group who volunteers up front is the one who says, well, I 
am really using this now for business needs, so where do I go, 
because I shut down this other effort that I was doing 
manually.
    So, when you start looking at what industry does well, 
where government could improve, is industry really looks at the 
same metrics that we ask for, the earned value, management 
data, cost schedule, and performance. They look at that data. 
Their organization is very sensitive to the variances because 
it affects the dollar amounts in the profitability of a 
company.
    Senator Coburn. And the bonus.
    Ms. Evans. Well, and the bonus, absolutely, right, because 
they get performance bonuses. So, they respond to the 
sensitivity a lot faster and so they will fail faster. I mean, 
if that is really what we want to talk about, they will fail 
fast, learn from that, do a course correction, and then hit on 
success. So, even when they have big failures in industry, it 
is not at the same cost level as ours because we tolerate a 
longer time. The government will tolerate a longer time because 
they want to get to that success.
    Senator Coburn. OK. Dan.
    Mr. Chenok. One of the things that makes it difficult in 
government, per your question earlier, Dr. Coburn, is that the 
aligned incentives are not consistent across the stakeholder 
groups, and we talk about this a little bit in our paper. But, 
the acquisition process does not necessarily make it clear, 
what are the performance standards that the contractor should 
provide and achieve that are related to the mission elements of 
the program.
    For example, in the GPRA Modernization Amendments, the 
strategic agency goals and priorities are not necessarily 
linked to the performance of the IT organization and they are 
not necessarily translated to the contract that then provides 
the incentives for the company to produce. And so that is where 
you get some of this disconnect, where it is hard to react in a 
manner that you are describing, to basically understand, what 
are the successes that can be rewarded for good performance 
with a contractor and where are there problems that need to be 
corrected quickly. And that is why we talk about aligning 
incentives as one of the key elements of the framework.
    Senator Coburn. One of the things you cited in your 
testimony was the necessity of having a skilled program manager 
and a skilled team. Turnover of project managers is a big 
problem within the Federal agencies. How do we address that?
    Mr. Chenok. So, it is--and I spent a long career in the 
government. I had the good fortune at the end of my time as the 
OMB Senior Career Official for IT Policy to work with Karen at 
the beginning of her tenure as the Administrator. And I saw 
both great examples in government of long-tenured, very 
successful program managers and, as you say, elements where 
project managers were either not in sufficient quantity or 
skill or switched out quickly.
    I think some of the reforms that OPM is now engaged in, in 
terms of bringing in people more quickly and through 
authorities like direct hire, as well as improving the training 
process for program managers so that very talented Federal 
employees can understand what it is to incorporate things like 
the GAO Critical Success Factors or the 7-S for Success 
elements into their management structure, helps them to 
understand the point that we made earlier.
    Most government employees, and especially government 
managers who have been with agencies for a long time, are 
passionate about the mission of the programs that they 
implement and the key is to help them understand how good 
management can support better outcomes for that mission. That 
can be a powerful enabler to encourage Federal leaders to stay 
and carry through on their responsibilities.
    Senator Coburn. I see some of that in Steve. Do you agree?
    Mr. Chenok. I would. I have had the good fortune of working 
with Steve over a number of years, both when he was with an 
agency, the Federal Communications Commission, and with OMB, 
and I think that he is doing an excellent job through the 
program that he laid out today in creating that foundation for 
improvement.
    Senator Coburn. OK. One of the things, it seems to me, is 
if you have a really skilled manager with really capable 
leadership but you do not empower them to actually manage and 
lead, they are not going to succeed. So, in your mind, both 
Karen and you, Dan, how is the role of CIO in the Federal 
Government different from CIOs in private industry?
    Mr. Chenok. So, let me actually talk about Karen for a 
moment. I worked with Karen when she was a CIO, both at the 
Justice Department at a bureau level and at the Energy 
Department, and then when Karen was the Vice Chair of the 
Federal CIO Council. And in all three roles--the authorities 
differed, and that is true for other CIOs that I worked with in 
government then and it is true today--Karen was able to bring 
forward some of the best practices that she has spoken about 
here in those different roles. And I think a private sector CIO 
would also bring in those types of integrating technology 
quickly, doing significant program reviews with a project team, 
linking those program reviews to outcomes. Those are some of 
the similarities of strong CIOs in government and industry, and 
that is hard to legislate per se. I think you can clarify 
authorities, whether that is in legislation or through 
oversight and through understanding and expectation.
    But, I will come back to the first ``S'' in our framework. 
In industry, you have a strong governance team, a C suite team, 
who pulls together as a mission team the CIO and other leaders 
to say, how are we going to deliver our product or service to 
make revenue this quarter, increase our customer service 
expectation, et cetera, and really drive to those mission goals 
and objectives. And in government, CIOs are often more focused 
around compliance because of the many different rules and laws 
that we spoke about earlier, and it is harder. Good CIOs will 
find a way to leverage those laws and rules. Sometimes, it can 
become overwhelming.
    And it is not to say that there are not laws and rules that 
exist in companies, because there are regulations that 
companies follow, as well, things like Sarbanes-Oxley and 
Gramm-Leach-Bliley, for example, in the financial services 
industry. But, again, they are built into a risk program, and 
that is--the last thought I will have here is that CIOs in 
industry will often understand the balance between risks that 
an agency faces from a technology infrastructure and the 
benefits that they can implement through technology, and so 
they can balance those risks against the benefits and move 
forward. That is a harder conversation to have in government 
because risks tend to get magnified quickly and it is harder to 
react quickly.
    Ms. Evans. So, I think we are at the point where you are 
starting to see a lot of evolution about information 
technology, and you are really seeing this play out--should I 
say this--in the Target situation, all right, because through 
the point that Dan is saying with risk, CIOs, if they are 
operational in focus, will never be able to rise to the board 
room, will never come in--and I see it now, because I sit on 
several boards--the CIOs are not part of the senior leadership 
team that are briefing about what is happening within an 
organization.
    They are moving more toward the risk model because 
information technology is an enabler. So, they are providing 
services, and whether they are providing Internet online 
services, you see risk, cybersecurity, all those types of 
things, threat, all that is rolling up now through what is, 
like, the audit committee, because they look at the risk 
profile for the company.
    Now, either the CIO can jump in there and say, this is how 
we are doing things and this is how we are managing it and then 
they do what I had outlined here, where they talk about this is 
the impact that it will have on the business if we do not do X, 
Y, and Z. That is, in OPM-speak or senior executive-speak, it 
is business acumen, right. It is either the CIO has business 
acumen and can translate what the technology risk implications 
are to the business of that agency, and either we have CIOs 
that have the business acumen to be able to do that or we have 
CIOs that are very technology operational focused and they will 
not be viewed as that strategic partner.
    And so you are seeing that evolution. Industry recognizes 
that they need it. They know they need innovation, so they 
started laying out Chief Innovation Officers. They know they 
have to have risk, so they have a Chief Risk Officer. They know 
they need to manage information from a strategic standpoint, so 
they have a Chief Strategist.
    All of those were envisioned, if you look back at Clinger-
Cohen, Senator Cohen's initial vision, that is what a CIO was 
supposed to do, the strategic management of information to 
enable mission outcomes. And that is also what was supposed to 
happen in private industry. But, because of the way the 
environment is, either they step up to the bat and they can do 
it or business is going to compensate for it because it is a 
need that needs to be addressed.
    Senator Coburn. OK. Thank you.
    Chairman Carper. [Presiding.] Dr. Coburn, thanks.
    I want to go back to the first panel for a little bit. They 
are not here anymore, so they will not know what you are 
saying. But, just go back and think about their testimony, some 
things that you especially agreed with, maybe some things you 
have questions about, and just share both of those. Where you 
have strong agreement, it would be helpful for us to know that. 
Maybe some questioning would be helpful, as well.
    Mr. Chenok. So, again, the relationship, I think, but one 
thing we heard that was common was the relationship across 
multiple functions in an agency; that good IT management 
involves mission leaders, CFOs, Chief Acquisition Officers and 
creating a governance framework. The first of the ``S''s in our 
model that works across these entities I think is important, 
and I think you heard that from the panel.
    I think that some of the solutions and recommendations that 
were discussed that OMB is laying out, that Steve VanRoekel 
laid out in his testimony, will provide some of the 
infrastructure to be able to move more quickly.
    One of the things that we talked about with Dr. Coburn was 
aligning the funding processes in government to match that need 
for speed such that it is not a 30-month delay and you have to 
build in response to something that is happening this year into 
your budget plans that then go and get appropriated 2 years 
later when September of the fiscal year comes around, that we 
create flexible funding mechanisms to allow faster response 
through a technology infrastructure. And I think that is 
something that certainly the industry, ACT-IAC, would welcome 
the opportunity to work with the Committee and Congress to move 
forward on.
    Chairman Carper. OK. Thanks. Ms. Evans.
    Ms. Evans. So, what I agree with is the way that Steve laid 
out PortfolioStat and the way to move forward with 
PortfolioStat. And if you look at what he said and then look up 
at the success factors, what he is really doing is building and 
integrating the management framework that would allow for the 
success of programs through the use of technology. So, he is 
talking about performance indicators, bringing in the key 
stakeholders, then asking for that on a quarterly basis and 
really looking at what are the mission outcomes that you are 
trying to achieve and put the parameters around it. But looking 
at the agency as a whole, or looking at the department as a 
whole, because if you have to make tradeoffs, you cannot do 
that within one project. The agency leadership is going to have 
to look at the portfolio across the board and how is it 
performing across the board, or do you have to, like, stop 
something because this other one is more important and it is 
taking more resources than you had anticipated.
    So, I think the way to move forward, the way that he has 
performance indicators, that is the way that is going to 
institutionalize the success that you need or allow for the 
failures that are happening to be corrected in that framework. 
So, that is a great thing.
    The other part that I think we need to really still stay 
focused on is that there are activities that are happening now 
that need to catch up to what he is building institutionalized, 
and you cannot lose sight of those activities, like the data 
center consolidation, or several of the cross-agency 
performance goals that they have related to cyber or workforce 
issues. Because if those things are launched and what you want 
to try to do is change them in midstream so that they can then 
get on this same path of the PortfolioStat in order to achieve 
the results. And that part, I think, needs to really be looked 
at from an oversight perspective, of how are you going to 
transition these existing things that are happening into a 
PortfolioStat environment.
    Chairman Carper. OK. Good. One of the questions I asked 
of--in fact, a couple of questions of the earlier panel dealt 
with what is the appropriate role for us in the Legislative 
Branch to move this along and to get a better result maybe for 
less money. We try to do oversight. We try to do good 
oversight, not ``gotcha'' oversight, but constructive 
oversight, and, Karen, you have been before us enough to know 
that that is really the way we operate here. Whether Tom is the 
Chairman or I am the Chairman, that is our attitude.
    We have this legislation reported out of the House, FITARA, 
with bipartisan support. We are going to try to get it hotlined 
and passed by unanimous consent, our data center legislation 
that Dr. Coburn and I and others have worked on here in the 
Senate and see if we cannot move that. I understand a piece of 
FITARA, the House bill, actually focuses on data center.
    Just talk to us, if you would, about--again, similar to the 
question I asked the first panel--what is our responsibility? 
What is our opportunity on the legislative side? What are some 
things we ought to be doing in terms of legislation? What are 
some things we ought not to be doing?
    Ms. Evans. So, in my testimony, I did outline some of those 
things, and I do realize that there are a lot of good pieces of 
FITARA that I think really should go forward, like the data 
center consolidation. They have the Center for Innovation. 
There are additional things that I think if you----
    Chairman Carper. What are some other pieces besides the 
data center in FITARA----
    Ms. Evans. Well, they have----
    Chairman Carper [continuing]. That you think should go 
forward, maybe with some modification, but should go forward?
    Ms. Evans. And they have things in there dealing with the 
Innovation Center, which is very similar in line to things that 
GSA has talked about with the 18F, as well as what Steve has 
talked about with the Digital Services. So, you could combine 
those three ideas together, which would get to what I believe 
you and Senator Coburn had put together a long time ago, which 
was also the ability for OMB, from an oversight and proactive 
approach, to be able to go in and help agencies fix things, 
right the ship before it goes too far astream, and also create 
some of the innovation that you need for these seed projects so 
it can then go out. You create it once and it can be used by 
many agencies over and over again. So, those concepts are 
already being deployed by the administration and are also 
included in the legislation.
    There are some other things, though, where the legislation 
is specifically looking at the CIO and things like the budget 
authority that could be tweaked. For example, I outlined that 
maybe one of the things, when they are talking about personnel 
issues and that all component CIOs should be reporting to the 
CIO at the department, that program managers in component 
organizations should also be part of the CIO organization, 
because then you bring that expertise of how to implement the 
system in conjunction with a program executive.
    And so those, if you put a little bit more detail, and I am 
usually not one to say, put more detail in there and give 
agencies flexibility, but if you kind of spelled out those two 
roles in the legislation, that would get to a lot of this 
commitment of the stakeholders, the collaborative governance 
that you need, because you are specifically saying the program 
manager belongs to an IT function, so that is the implement, 
and the program executive belongs to the program function, 
which allows the integration of those two things together. And 
you could input that into the legislation and that would get to 
several of these pieces that are in the governance structure 
that both GAO and IAC and everyone has recognized that needs to 
be done.
    And then the other part that I am suggesting is that 
through the Exhibit 300 process or through reporting process 
when it is asking for reports, is that there is a program 
manager. If a program manager is put in charge of a project, we 
used to, we say that they have to have the skills. If you look 
at the Exhibit 300 right now, it is not there, because I 
actually printed one off to make sure I was right before I 
came. But, you need to see who that is from an oversight 
perspective, and you need to know, in essence, what their 
resume is. Did they manage to completion a project of this 
nature? And if they did not, then do they have the adequate 
training and the certification so that they can?
    And some of those types of things, you could get visibility 
down into it, which would then at least put the project on a 
path that would show that it at least would get success from 
that perspective.
    Chairman Carper. OK. Good. Thanks so much.
    Mr. Chenok, do you agree with anything that Karen has said? 
[Laughter.]
    Mr. Chenok. I do, Senator Carper.
    Chairman Carper. Oh, good.
    Mr. Chenok. I think Karen raises excellent points. I would 
note that, with regard to specific legislation, the Industry 
Advisory Council is a non-lobby----
    Chairman Carper. I understand.
    Mr. Chenok [continuing]. So we do not officially take 
positions on legislation. With regard to----
    Chairman Carper. I understand that. What she said was 
helpful in terms of these are the provisions that we think are 
really worthy, should be pretty much----
    Mr. Chenok. Right. I think----
    Chairman Carper [continuing]. And here are a couple that 
should be tweaked, so that is very helpful. I find these are 
not really--a lot of stuff around here, we just get bogged down 
forever. They are partisan issues. This is one that should not 
be very partisan. Nobody wants to waste money. We all want to 
get better results. So, just with that in mind, go ahead.
    Mr. Chenok. So, I do think that there are a number of 
elements that this Committee and Congress can do to promote the 
goals that you are espousing in this hearing.
    One is, as you talked about, constructive oversight, and 
that is highlighting both successes and issues to be addressed 
and understanding that agencies do take risks, just as 
companies take risks, in implementing programs. The world is 
not a riskless world. So, helping to have a conversation that 
is a more mature conversation about how agencies can proceed in 
implementing programs where things will not always be perfect, 
but the larger goal of serving citizens, just like when a 
company has the larger goal of serving customers, it makes it 
worth taking those risks, and there is an accountability 
structure. So, providing oversight on that balance, I think, is 
an important role that this Committee can take.
    In addition, I think that the funding alignment issue is 
something that authorizers and appropriators, as you heard 
Steve VanRoekel talk about earlier, can review. The budget 
process now--and having had a career at OMB, I was all too 
familiar with this--does work where the planning occurs 2 years 
or more before spending occurs, and so it is much harder to 
pivot in response. Through legislation, through expanding 
authorities for things like franchise funds and working capital 
funds, I think there is an interesting way to look at those as 
pilot elements. As I said, they do exist in places in 
government, but in other places require additional 
authorization to implement.
    The last point I would make is, from my experience working 
on the E-Government Act of 2002, when I was at OMB as a staffer 
working with staff from this Committee, that statute did not 
necessarily legislate in new areas, but it did state 
Congress's--it did, in a number of cases, actually introduce 
new provisions and, of course, created the office that Karen 
headed and that Steve VanRoekel heads now. It also reinforced 
some of the productive and instructive activities that were 
going on in government and ensured that those activities were 
recognized as things that Congress endorsed, which supported 
agencies to expand those productive activities that were going 
on at the time, whether they were things like expanding digital 
signatures, expanding the use of portals as mechanisms to look 
into agencies to get better services, or other elements that 
that Act pointed out.
    Chairman Carper. All right. Thank you.
    A different kind of question, if I could, Ms. Evans, for 
you. As you know, cybersecurity is a very important issue. It 
continues to be. It is going to be with us for a long time, I 
fear. You serve as the National Director for the U.S. Cyber 
Challenge. I was hoping that you could tell us a little bit 
about how cybersecurity and IT management are linked and maybe 
share with us any advice you might have on that matter, that 
linkage.
    Ms. Evans. So, from the inception of the projects, whenever 
you do this, you always need to be assessing, what is the risk 
associated with that service that you are getting ready to 
provide? Again, this is another area that is really being 
looked at. Should the Chief Information Security Officer be 
pulled out from the CIO organization? Should they be equal? 
Should they be separate? I personally believe that they need to 
be integrated, because it is about managing the information, 
and it also needs to be integrated into the budget process so 
that it is specifically resourced in order to be able to do it.
    But, to Dan's point, the discussion that has to happen is 
how much risk is an agency willing to live with. The best 
example that I can give that is relevant to this Committee is 
when we had an IT failure in the Census program. Remember that 
project?
    Chairman Carper. I do remember that.
    Ms. Evans. Yes, I figured you did. And one of the ways----
    Chairman Carper. I live a hundred more years----
    Ms. Evans. Yes, and we have 10 years now. OK. But, part of 
what was also happening in that environment was a cybersecurity 
incident, and a recurring incident within the Department of 
Commerce. And so you had to look at, were you really going to 
fix the IT project? How did you balance this cybersecurity 
problem that they had with exfiltration of data? They had this 
failure that was happening with IT. And, what was really the 
goal? The goal was to have quality data so that we could really 
rely upon that in order to be able to make decisions about 
representation for the Nation.
    So, that is how the plan was then structured, to come back 
and say, the best way for us to rely on the data is to go back 
to a big portion of this being manual, because we do not know 
what is happening on our networks. If we went to a data 
collection that was online, we would not be able to really 
certify that this data has not been touched or messed with in 
any way.
    That has to happen on every program, that type of analysis 
as we go forward, whether you are collecting personally 
identifiable information, what types of services you move 
online, how you do that, and then how are you going to validate 
the individuals to assure that they actually did what you 
needed them to do in that program. That has to be 
comprehensive, and IT is a solution that provides for that and 
enables that, but it is really a risk management of services 
that a Secretary has to decide, what level am I really willing 
to live with. And they may decide that IT may not necessarily 
be the way to go because the cyber risk is too high for online 
services.
    Chairman Carper. OK. We have our third vote underway, and 
Dr. Coburn, I think, was going to vote in the second and third 
vote. Let me see, it started at 12:05 and it is about 12:10, so 
we are 5 minutes into a 15-minute vote, so that helps me keep 
it straight.
    I will ask you one more question--I guess this would be 
more for Mr. Chenok--if I could. The framework that the IAC 
released today stresses the importance of getting good people 
involved in government IT projects to hopefully ensure their 
success. Could you just discuss with us for a couple of minutes 
what you believe are the biggest challenges that our government 
faces in getting the right people into these positions and 
keeping them there and any recommendations you might have to 
address those challenges.
    Mr. Chenok. So, it is an interesting question, especially 
in an era when my children, for example, use IT and think about 
it as second nature to the work that they do, and----
    Chairman Carper. How old are your kids? Do not tell me they 
are three and four.
    Mr. Chenok. They are school-age.
    Chairman Carper. OK.
    Mr. Chenok. So, they use it for school. But, when they 
enter the workforce and the newest generation of Federal 
employees who will become the leaders of tomorrow use 
technology, they do not think about it necessarily as, ``I am 
going to be a technology worker,'' or ``I am going to be a 
Federal worker.'' They think about it as, ``I am going to work 
because I am passionate about government service and technology 
is a key lever and it is almost second nature to how I do my 
work.''
    And if we think about, from a workforce perspective, 
channeling that approach and encouraging workers at all levels 
of seniority in their Federal career to think about technology, 
as we talked about earlier, not as a separate sort of 
compliance activity, but as something that, if done properly, 
is integrally related to achieving the mission outcomes that so 
many Federal employees are passionate about, I think it will 
get people excited about doing the hard work of understanding 
what it takes to manage programs well, because it does take 
work. Implementing frameworks like the 7-S Framework or the GAO 
Success Factors or those that Karen recommended in her 
testimony, it takes time. It does not come naturally, either in 
government or industry.
    So, I think part of the challenge is, as you heard from the 
first panel, bringing in terrific people, bringing in the best 
people from industry, currently working with government, from 
new entrants into the government space. And part of the 
challenge is helping current Federal employees understand that 
technology is an enabler to helping them achieve and contribute 
to their mission to serve citizens. And taken from that 
perspective, technology becomes an exciting part of, I think, a 
Federal employee's career development, and it is not just about 
the CIO or their immediate staff, but it is the program and 
mission staff who are leveraging that to achieve results, just 
like the best companies are using technology to achieve 
results.
    Chairman Carper. Good. I think we will call a halt there. 
If I leave in 1 minute, I can probably make this third vote and 
keep my perfect attendance record. Well, it is not quite 
perfect, but it is not bad.
    I want to really thank you both. It is great to see you, 
and thank you for all you do for us and have done for our 
country. Some day, I would just love it if we held a hearing 
and the private sector shows up on these IT projects and says, 
we could really learn a lot from the government and maybe we 
could mentor them, or school them. We learn a lot from them, 
and hopefully, we are learning a lot from one another now. But, 
I am encouraged that we are on the right track. We still know 
we have a lot to do, a lot of ways we can do better, and with 
your help, we will.
    In the meantime, Dr. Coburn and I and our colleagues, our 
staff, want to make sure that we stay attuned, tuned in, 
interested, and providing the kind of oversight that is 
constructive to get us to where we need to go.
    The hearing record is going to remain open for 15 days--
that is until May 23 at 5 p.m.--for the submission of 
statements and questions for the record. I expect we will have 
some. If you receive those, if you could respond to them 
promptly, we would be most grateful.
    Again, our thanks to you both. Good to see you, and take 
care. Thanks so much.
    Mr. Chenok. Thank you.
    Ms. Evans. Thank you.
    Chairman Carper. This hearing is adjourned.
    [Whereupon, at 12:15 p.m., the Committee was adjourned.]
                            
                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 
                                 
                                 [all]