[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]





 
                  THE FEDERAL INFORMATION TECHNOLOGY 
 REFORM ACT'S (FITARA) ROLE IN REDUCING IT ACQUISITION RISK, PART II: 
               MEASURING AGENCIES' FITARA IMPLEMENTATION

=======================================================================

                             JOINT HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                         INFORMATION TECHNOLOGY

                                AND THE

                            SUBCOMMITTEE ON
                         GOVERNMENT OPERATIONS

                                 OF THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                            NOVEMBER 4, 2015

                               __________

                           Serial No. 114-89

                               __________

Printed for the use of the Committee on Oversight and Government Reform




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                      
                      
                      
                      
                             _________ 

                U.S. GOVERNMENT PUBLISHING OFFICE
                   
 23-470 PDF              WASHINGTON : 2017       
____________________________________________________________________
 For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
  Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001                        
                      
                      
                      
                      
                      
              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                     JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida                ELIJAH E. CUMMINGS, Maryland, 
MICHAEL R. TURNER, Ohio                  Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee       CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio                     ELEANOR HOLMES NORTON, District of 
TIM WALBERG, Michigan                    Columbia
JUSTIN AMASH, Michigan               WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona               STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee          JIM COOPER, Tennessee
TREY GOWDY, South Carolina           GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas              MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming           TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky              ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina         BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida                TED LIEU, California
MICK, MULVANEY, South Carolina       BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado                   STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina          MARK DeSAULNIER, California
ROD BLUM, Iowa                       BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia                PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma              MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama

                    Sean McLaughlin, Staff Director
                 David Rapallo, Minority Staff Director
               Troy D. Stock, Subcommittee Staff Director
                      Julie Dunne, Senior Counsel
                         Michael Flynn, Counsel
                      Katy Rother, Senior Counsel
                    Sharon Casey, Deputy Chief Clerk
                 Subcommittee on Information Technology

                       WILL HURD, Texas, Chairman
BLAKE FARENTHOLD, Texas, Vice Chair  ROBIN L. KELLY, Illinois, Ranking 
MARK WALKER, North Carolina              Member
ROD BLUM, Iowa                       GERALD E. CONNOLLY, Virginia
PAUL A. GOSAR, Arizona               TAMMY DUCKWORTH, Illinois
                                     TED LIEU, California
                                 ------                                

                 Subcommittee on Government Operations

                 MARK MEADOWS, North Carolina, Chairman
JIM JORDAN, Ohio                     GERALD E. CONNOLLY, Virginia, 
TIM WALBERG, Michigan, Vice Chair        Ranking Minority Member
TREY GOWDY, South Carolina           CAROLYN B. MALONEY, New York
THOMAS MASSIE, Kentucky              ELEANOR HOLMES NORTON, District of 
MICK MULVANEY, South Carolina            Columbia
KEN BUCK, Colorado                   WM. LACY CLAY, Missouri
EARL L. ``BUDDY'' CARTER, Georgia    STACEY E. PLASKETT, Virgin Islands
GLENN GROTHMAN, Wisconsin            STEPHEN F. LYNCH, Massachusetts



                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on November 4, 2015.................................     1

                               WITNESSES

Mr. Tony Scott, U.S. Chief Information Officer, Office of E-
  Government and Infomation Technology, Office of Management and 
  Budget
    Oral Statement...............................................     8
    Written Statement............................................    10
Mr. Sanjeev ``Sonny''Bhagowalia, Chief Information Officer, U.S. 
  Department of Treasury
    Oral Statement...............................................    16
    Written Statement............................................    18
Mr. Richard McKinney, Chief Information Officer, U.S. Department 
  of Transportation
    Oral Statement...............................................    22
    Written Statement............................................    24
Mr. David Shive, Chief Information Officer, U.S. General Services 
  Administration
    Oral Statement...............................................    28
    Written Statement............................................    30
Mr. David A. Powner, Director, IT Management Issues, U.S. 
  Government Accountability Office
    Oral Statement...............................................    35
    Written Statement............................................    37

                                APPENDIX

Rep. Connolly Statement for the Record...........................    70
Rep. Kelly Statement for the Record..............................    73
RESPONSE McKinney-DOT Questions for the Record...................    75


   THE FEDERAL INFORMATION TECHNOLOGY REFORM ACT'S (FITARA) ROLE IN 
   REDUCING IT ACQUISITION RISK, PART II: MEASURING AGENCIES' FITARA 
                             IMPLEMENTATION

                              ----------                              


                      Wednesday, November 4, 2015

                  House of Representatives,
Subcommittee on Information Technology, joint with 
         the Subcommittee on Government Operations,
              Committee on Oversight and Government Reform,
                                                   Washington, D.C.
    The subcommittees met, pursuant to call, at 3:01 p.m., in 
Room 2154, Rayburn House Office Building, Hon. Will Hurd 
[chairman of the Subcommittee on Information Technology] 
presiding.
    Present from the Subcommittee on Information Technology: 
Representatives Hurd, Blum, Kelly, Duckworth, and Lieu.
    Present from the Subcommittee on Government Operations: 
Representatives Meadows, Walberg, Massie, Buck, Carter, 
Connolly, and Plaskett.
    Also Present: Representative Chaffetz.
    Mr. Hurd. The Subcommittee on Information Technology and 
the Subcommittee on Government Operations will come to order.
    Without objection, the chair is authorized to declare a 
recess at any time.
    Each year, the Federal Government spends $80 billion on IT, 
and 80 percent of that spending is on old, outdated legacy 
systems. It is not a secret that the IT acquisition and 
procurement process in the Federal Government is broken.
    In June, we held a hearing examining GAO's designation of 
IT acquisition as ``high risk'' and highlighted how FITARA can 
reduce IT acquisition risk over time and eliminate wasteful 
spending. Federal agencies have now had nearly 1 year since the 
law's enactment and 4 months since the issuance of OMB's 
guidance to implement this law.
    This hearing continues an ongoing effort on the part of 
this committee to improve how the Federal Government goes about 
buying, maintaining, and ultimately retiring information 
technology.
    In June, I had stated that, while FITARA is not a panacea 
for all IT acquisition problems, it can be a useful tool to 
make real progress in reducing the risk of these large 
investments. I still strongly believe this today.
    This morning, we released a scorecard grading Federal 
agencies on four of the seven key metrics of FITARA: data 
center consolidation; IT portfolio review savings, or 
PortfolioStat; incremental development or CIO authority 
enhancements; and risk assessment transparency.
    The committee worked in a bipartisan fashion to develop 
metrics that fairly assess the progress agencies are making in 
these areas and then tasked GAO to gather the data. To be 
clear, this is not data that we, ourselves, came up with. The 
data that was used to compute these grades is largely self-
reported by agencies to Congress and OMB.
    While it is clear from looking at these grades that no 
agency gets a gold star and goes to the head of the class, some 
agencies--and we have one of them here today--are making 
progress. Frankly, though, there is a reason that no agency 
received an A: We have work to do.
    One area in particular that stands out to me is the Federal 
Data Center Consolidation Initiative. The consolidation of 
Federal data centers not only has the potential for tremendous 
cost savings, upwards of $7.4 billion, according to GAO, but 
would have very real impacts on the cybersecurity posture of 
Federal agencies.
    We, as a Federal Government, simply cannot afford to 
continue spending $80 billion or more on legacy systems year 
after year after year and expect to keep pace with industry, 
provide services to the American people, and keep our data 
secure. We cannot afford to be having this same discussion 
about IT management and acquisition in another 20 years.
    Federal agencies should be put on notice that Congress will 
not sit by the wayside and allow the law to be skirted. No 
agency will be exempt from this law. But if agency CIOs will 
simply implement FITARA--meaning they actually make progress in 
consolidating data centers, find savings through the 
PortfolioStat process, move away from big-bang acquisitions to 
incremental development, and accurately assess risk--we won't 
be.
    I said this in June, and I want to reiterate it here: I 
look forward to working with the leadership and members of the 
IT and Government Operations Subcommittees on both sides of the 
aisle and with agency CIOs to continue to advance the cause of 
good IT governance. We have to get it right this time.
    And I would like to yield the balance of my time to the 
chairman of the full committee, Jason Chaffetz.
    Mr. Chaffetz. Thank you, and I appreciate the time.
    I want to thank you, Chairman Hurd, I also want to thank 
Chairman Meadows, for paying such close attention to this. It 
is done in a very bipartisan way with Ranking Members Connolly 
and Kelly. I also appreciate Mr. Cummings and the work he is 
done and the approach that we are doing together, because it 
truly has been a bipartisan effort and needs to continue that 
way.
    It is important for Federal agencies to make sure that we 
are questioning the results on the scorecard. It is not a 
partisan issue. And the committee's grades are based on self-
reported data, which is an important part of understanding 
where we are today.
    The scorecard that was unveiled this morning is an effort 
to make clearer to CIOs, agency leadership, and the American 
people that the committee intends to ensure that this law is 
implemented correctly and fully. As Chairman Hurd mentioned in 
his opening statement, we cannot afford to keep on spending to 
the tune of $80 billion a year and perpetuating outdated legacy 
technologies.
    Since I was elected to Congress, same time that President 
Obama was elected to the White House, the Federal Government 
has spent more than $525 billion on IT, and it doesn't work. It 
doesn't work. Too many vulnerabilities, too many stories of 
agencies with old, outdated legacy systems where we are taking 
young 20-year-olds and trying to teach them how to do things 
that were invented literally in the 1950s.
    Again, the examples of COBOL and other types of technology, 
while great in mid-1950s, well before many of us were even born 
on this dais, we still continue to implement and to use them 
within the Federal Government, and that needs to change.
    There is a reason that the committee held a hearing on the 
GAO's high-risk list, and there is a reason that the IT 
acquisition was on it. Information technology is the 
infrastructure of our future. It is supposed to make life 
better. It is supposed to make life more secure, more simple, 
and more swift.
    I am getting tired, quite frankly, of asking the Federal 
Government for basic documents and hearing that it is going to 
take years to produce them when the Microsoft Corporation and 
others have figured out a way to access an email within 
seconds. Those excuses have come and gone, and technology is 
our friend. It is supposed to be here to help us, but it also 
needs to be safe and secure.
    Ultimately, FITARA is an effort to ensure that agencies are 
buying and developing technologies in an efficient way that is 
transparent and gives agencies the tools they need to do the 
work for the American people.
    I look forward to the hearing and the testimony today. We 
have good witnesses today.
    I appreciate the five of you for being here, what you 
provide and your perspectives and all that you are trying to 
do, with, I think, the same goals and direction that we all 
here are doing.
    And I, again, appreciate the bipartisan work and look 
forward to the hearing.
    I yield back.
    Mr. Hurd. I now recognize my friend and the ranking member, 
Ms. Kelly--she is the ranking member of the Subcommittee on 
Information Technology--for her opening statement.
    Ms. Kelly. Thank you, Mr. Chairman.
    Today's hearing is the second hearing in a series of 
oversight hearings the subcommittee will hold on FITARA 
implementation to help ensure agencies achieve the desired 
goals of the law and generate opportunities for government 
savings and efficiency in the procurement of information 
technology.
    FITARA includes a number of government-wide reforms for 
managing IT acquisitions and portfolios that will help ensure 
that the Federal Government is making wise and efficient 
investments in IT. This hearing will help us understand the 
status of implementation of FITARA and how agencies are doing 
on four important initiatives required by FITARA that could 
quickly improve the management of IT and save taxpayer dollars.
    Agency-wide IT portfolio review and data center 
consolidation are two provisions of FITARA that can quickly 
help agencies reduce spending, optimize IT resources, and 
ensure IT investments align with agencies' mission and business 
functions.
    This committee plays an important oversight role that can 
increase transparency and accountability of agency 
implementation efforts. Earlier this year, the committee tasked 
the Government Accountability Office with assessing and scoring 
agencies' implementation of four initiatives required by 
FITARA, including portfolio review and data center 
consolidation.
    As the chairman said, today we released the FITARA 
scorecard results and will discuss the performance of the three 
agencies here today. While these three agencies were selected 
for this initial scorecard hearing, I hope the subcommittees 
will continue to hold hearings with all agencies to measure 
their performance and hold them accountable for fully 
implementing FITARA provisions.
    These hearings and the FITARA scorecard show the 
committee's interest and commitment to achieving the goals of 
FITARA, as well as present an opportunity for agencies to 
demonstrate their efforts to generate savings and efficiencies 
in the management of IT resources.
    Today's agencies are working with OMB to assess their 
current structure for managing IT resources and develop a plan 
for implementing the specific authorities that FITARA provides 
chief information officers. Agencies are required to notify OMB 
of any obstacles to implementation and work with OMB to 
overcome those obstacles.
    I look forward to hearing from the witnesses on the status 
of FITARA implementation and the challenges agencies are facing 
in overhauling the management of IT resources.
    I want to thank each of the witnesses for testifying today, 
and I look forward to hearing your testimony on how agencies 
are approaching FITARA implementation and the desired goals of 
savings and efficiency in the management of IT.
    Thank you, and I yield back.
    Mr. Hurd. Thank you, Ms. Kelly. And I want to thank you for 
the bipartisan nature in which we are doing this important 
work.
    Now it is great to recognize the gentleman from North 
Carolina, Mr. Meadows, the chairman of the Subcommittee on 
Government Operations, for his opening statement.
    Mr. Meadows. Thank you, Mr. Chairman.
    And thank you for your leadership, both of you, on this 
particular issue.
    And thank each of you for being here today.
    Obviously, in February, the GAO added the Federal IT 
management to the list of high-risk categories. The chairman of 
the full committee talked about the $80 billion that we spend 
on IT. Actually, it is even greater than that. If you look at 
all the amounts of moneys that are, what I would say, offline 
and not accounted for, it is in excess of $100 billion. And 
that may be a conservative figure.
    So, as we look at this, this is a critical issue, as the 
GAO found all too often that this $80 billion to $100 billion 
was invested, and, many times, it was behind schedule. We 
didn't get the ultimate product that was even contracted for.
    I was troubled to learn--I am one of those that was born a 
little bit earlier than what the chairman of the full committee 
had recommended, but I was real concerned to hear that we are 
still supporting COBOL and Fortran. Those were languages that I 
had a difficult time with in college. And yet, here we are, 
with my gray hair, still supporting those kinds of legacy 
programming, that even anybody who is remotely in the 
programming world would say, why in the world are you doing it? 
And so we have got to do a better job.
    Obviously, with regards to FITARA and the implementation 
thereof, we are going to, in a very bipartisan way, work with 
not only the chairman of this committee but the ranking members 
of both of our committees. I can tell you that the gentleman 
from Virginia, Mr. Connolly, and I have had a number of 
conversations as it relates to FITARA.
    And this is the beginning. I think the other part of this 
is the scorecards is actually a good start. Many of us asked 
why there was no A's on there, as the chairman was--and the 
concern that I have was the response that I got was that even 
some of those grades that were given had been given the benefit 
of the doubt.
    And so, as we look at going forward and making progress, 
this tool should not only be one that we not allow a law to be 
implemented and just address, but we need to go further than 
that. And we need to look at appropriations for those that are 
doing well, that we need to make sure that those funds get 
rewarded for those that are doing well. Because too often in 
the Federal Government those who are efficient and effective 
get their budgets cut instead of getting rewarded for the very 
behavior that we are trying to support. And we have to do a 
better job of recognizing good behavior and rewarding it.
    I believe that this is a great start. I look forward to 
continuing our work with not only the GAO but OMB as we look at 
implementing this. And it will be a priority for us, in a 
bipartisan way, to address that.
    And, with that, I will yield back, Mr. Chairman.
    Mr. Hurd. Thank you, sir.
    Now I would like to recognize the architect of the Issa-
Connolly--or is it Connolly-Issa?--I always forget--bill, Mr. 
Connolly, the gentleman from Virginia, ranking member of the 
Subcommittee on Government Operations, for his opening 
statement.
    Mr. Connolly. I thank the chairman. And I thank him for his 
generosity and his perspicacity.
    But welcome. I am so glad we are here, we are finally here, 
and we are talking about the implementation of the FITARA 
legislation.
    The bipartisan legislation represents the first major 
reform of laws governing Federal IT management and procurement 
since the Clinger-Cohen Act of 1996. And although that previous 
effort established a solid foundation, it fell short in 
achieving its full potential because, frankly, nobody was 
watching its implementation.
    And I hope today's panel and the hearing of these two 
subcommittees and the leadership on both sides of the aisle 
suggests we are not going to let that happen. FITARA, we mean 
it, we want to see it implemented.
    And we understand that this is the first interim report 
card. It is not the be-all and end-all. It is a progress 
report, a snap in time.
    I have been encouraged at how quickly the administration 
and Federal agencies have actually embraced the effort. And I 
really appreciate the leadership of Federal CIOs and the Office 
of Management and Budget, especially Mr. Scott, which I think 
issued some of the best implementation guidelines I have ever 
seen coming out of OMB.
    And GAO, similarly, in designating improving the management 
of IT acquisitions operations as a new government-wide high-
risk area really helps pound the case home, ``This is 
important.'' It gets our attention, and, hopefully, it gets our 
colleagues within the executive branch, their attention as 
well.
    I am actually pleased by the results of a recent survey of 
Federal IT professionals conducted by MeriTalk, which was a 
private-public partnership focused on improving government use 
of IT, that shows that nearly 80 percent of those surveyed 
within the Federal Government believe FITARA will actually have 
a positive effect on the value of their agency's IT and 
mission. That is great.
    They specifically cited there is potential to reduce 
duplicative IT systems and to address the legacy systems my 
good friend from North Carolina was addressing just a few 
minutes ago. Although I will point out to him, the value at 
least of COBOL is the Chinese don't know how to hack into it.
    Whoops. Late-breaking news: Apparently, they do. That would 
be too bad.
    Today, we are going to release our initial scorecard 
focusing on four of those reform activities that kind of 
constitute what grade you get and why: data center 
consolidation, where we are not doing so well; IT portfolio 
review savings; incremental project development and delivery; 
and risk assessment transparency.
    These metrics were selected because their implementation 
will have a demonstrable benefit on IT acquisitions and 
operations, and this data is updated and available on a 
quarterly basis. GAO has already been gathering information 
from agencies themselves to verify reporting in some of these 
areas, so the committee tasked GAO with collecting the 
agencies' self-reported information and then scoring it based 
on our direction. So this is sort of a self-certification 
process, too, that we are relying on, and so is GAO.
    I want to caution my colleagues, our partners in the 
administration, and others in the Federal IT community that 
this scorecard is not intended to be a juridical, prescriptive 
exercise. It should not be considered a scarlet letter on the 
back of a Federal agency. It is, as I said earlier, an initial 
assessment, a point-in-time snapshot, much like the quarterly 
report card one might get in a university or in a school.
    The intent isn't to punish or stigmatize. It is, in fact, 
to, you know, exhort and urge agencies to seize this 
opportunity and use the scorecard as a management tool to 
better guide decisionmaking and investments within the agency.
    While the grades themselves are illustrative of overall 
performance, it is the multiple elements that make up the 
grades on which agencies in our committee will focus to ensure 
we deliver on the transformative promise of FITARA.
    For example, while the Department of Transportation may be 
on the lower end of the scores in certain areas right now, one 
is encouraged by reading CIO McKinney's prepared statement, in 
which he says, ``IT is no longer just the business of CIO; 
rather, it's everybody's business.'' Well, to me, hallelujah. I 
mean, you know, the gospel is spreading. And that is a good 
thing, because it gets in our heads. That is exactly the point.
    I also commend DOT on its efforts to implement a more 
holistic approach to planning its IT investments by including 
budget and acquisition staff in its decisionmaking process to 
ensure everyone understands how those decisions need to support 
the overall IT goals. GSA has a similar arrangement, with its 
Investment Review Board. And Treasury employs the best-practice 
model of IT information resource management. All good things.
    So the one area I am concerned about--and I know Mr. Powner 
and I have talked about this. And we have covered this in a 
field hearing under your predecessor, Mr. Meadows, Mr. Mica, 
that was at George Mason University in northern Virginia.
    So we start out roughly with Vivek Kundra's 25-point plan 
that says, let's take 1,600 identified data centers in the 
Federal Government and cut it in half. Goal: 800. We introduced 
a bill that said, well, you know, once we do that, let's cut it 
in half again to 400.
    We have a field hearing a couple of years later, and what 
do we discover? Well, we didn't quite cut it in half. We 
discovered 6,100 more. So we went from 1,600 to 7,700. And I 
believe we have just discovered another 2,000. So now we have 
8,700, roughly.
    There is no way any of us can find that acceptable. I am 
glad we are more accurate, apparently, in knowing how many data 
centers we have, but the game here is to consolidate, to save, 
to become more efficient, to get rid of the stovepipes within 
our agencies and between agencies.
    So I am very interested in hearing--especially that one--
how are we going to make progress, how are we going to avoid 
discovering--I mean, if there are more to be discovered, fine, 
but the real goal here is to consolidate. And so that one, 
particularly, I am going to be focused on.
    At any rate, I want to thank my colleagues for holding this 
hearing. I want to thank all of you for being here. This is the 
first downpayment in a series of oversight hearings I know we 
are going to have.
    Thank you.
    Mr. Hurd. Thank you, Mr. Connolly.
    I will hold the record open for 5 legislative days for any 
members who would like to submit a written statement.
    Mr. Hurd. We will now recognize our panel of witnesses.
    I am pleased to welcome Mr. Tony Scott, the U.S. Chief 
Information Officer at the Office of E-Government and 
Information Technology at the Office of Management and Budget; 
Mr. Sonny Bhagowalia, Chief Information Officer at the U.S. 
Department of Treasury; Mr. Richard McKinney, CIO at the U.S. 
Department of Transportation; Mr. David Shive, Chief 
Information Officer at the U.S. General Services 
Administration; and Mr. David Powner, Director of IT Management 
Issues at the U.S. Government Accountability Office.
    Welcome to you all.
    And, pursuant to committee rules, all witnesses will be 
sworn in before they testify. So please rise and raise your 
right hands.
    Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing 
but the truth?
    Thank you. Please be seated.
    And let the record reflect that the witnesses answered in 
the affirmative.
    In order to allow time for discussion, we would appreciate 
it if you would limit your testimony to 5 minutes. And your 
entire written statements will be made part of the record.
    Mr. Scott, you have had a busy few months. Welcome back to 
this hearing space. And you are now recognized for 5 minutes.

                       WITNESS STATEMENTS

                    STATEMENT OF TONY SCOTT

    Mr. Scott. Thank you, Chairman Hurd, Ranking Member Kelly, 
Chairman Meadows, Ranking Member Connolly, and members of the 
subcommittees. Thank you for the opportunity to appear before 
you today to discuss OMB's work in overseeing the government-
wide implementation of the Federal Information Technology 
Acquisition Reform Act. And thank you for your resolute and 
bipartisan efforts in ensuring that this critical law is 
implemented successfully.
    When I last appeared before you, I offered an overview of 
how FITARA and OMB's implementation guidance enables strategic 
partnerships among agency CIOs and other senior leaders in the 
agency. And today I'll focus my remarks on the progress that's 
been made in institutionalizing FITARA and how OMB is 
facilitating and overseeing its implementation.
    OMB's FITARA guidance uses a common baseline approach, 
which provides direction on the roles and responsibilities of 
agency CIOs and other leaders for the management of information 
technology. Each FITARA-covered agency submitted a self-
assessment to OMB describing their current operation compared 
to the common baseline and are on schedule to submit an 
implementation plan showing how they will implement the common 
baseline requirements by the end of the year.
    Agency plans were evaluated with four overarching questions 
in mind: Has the agency identified real breakthrough 
opportunities for change? Has the agency described a compelling 
and feasible plan to act on those changes? Does the detailed 
plan integrate agency leadership with the leadership of bureaus 
and programs to jointly drive the mission? And, finally, does 
the agency CIO serve as the single point of accountability for 
the roles and responsibilities identified in the common 
baseline?
    And let me assure you that there was no rubber-stamp 
process involved here. With each agency, we've been actively 
engaged.
    Our analysis of the initial agency plan submissions 
revealed several key themes, including but not limited to 
agency-specific issues in budget formulation, budget execution, 
and IT acquisition. And we're working actively with each agency 
to address these issues for their final plan.
    Our oversight of agency progress in implementing FITARA is 
being assisted through a number of additional means. We're 
fostering a government-wide community by holding biweekly 
meetings on FITARA and by relaunching the Web site 
management.cio.gov to serve as a central location for tools and 
resources. We're collaborating with the President's Management 
Council, the CIO Council, GSA, and other organizations, such as 
ACT-IAC, to facilitate knowledge-sharing across the Federal 
enterprise.
    We're enabling consistent and transparent oversight by 
requiring that each agency post their implementation plan and 
related FITARA materials on management.cio.gov. And this will 
enable OMB inspectors general, Congress, GAO, and the public to 
conduct consistent oversight and followup. And we're requiring 
agencies that have a red CIO risk evaluation on the IT 
Dashboard for 3 consecutive months to hold TechStat sessions 
and notify OMB of these sessions.
    Finally, I want to highlight the work that my office is 
doing, in partnership with OMB's Office of Federal Procurement 
Policy, to leverage FITARA in addressing complex Federal 
acquisitions challenges. We recently issued a category 
management policy to improve the acquisition and management of 
laptops and desktops. This memo is the first of a series of 
policies directing agencies to take new steps to improve the 
acquisition of common goods and services to drive better 
performance and efficiencies, as required by FITARA.
    In conclusion, I think FITARA presents a historic 
opportunity to reform the management of information technology 
across the Federal Government. It's important that we do not 
underestimate the work and the commitment required by agencies 
and the broader ecosystem to fully implement this law and the 
changes it represents in culture, governance, IT processes, 
business process, and, quite frankly, the way we do oversight. 
Simply replaying pages from our old playbook is not the 
solution.
    That said, I'm pleased with agencies' promising work to 
date, and I look forward to the positive results to come as 
agencies apply FITARA to their full information system 
lifecycle.
    I thank the subcommittee for holding this hearing and for 
your commitment to ensuring successful implementation of 
FITARA. I would be pleased to answer any questions you may 
have.
    [prepared statement of Mr. Scott follows:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
    
     
    
    Mr. Hurd. Thank you, Mr. Scott.
    Mr. Bhagowalia, you are recognized for 5 minutes for your 
opening statement.

           STATEMENT OF SANJEEV ``SONNY'' BHAGOWALIA

    Mr. Bhagowalia. Thank you, Mr. Chair.
    Chairman Hurd, Ranking Member Kelly, Chairman Meadows, 
Ranking Member Connolly, Chairman Chaffetz, and members of the 
subcommittees, thank you for the opportunity to testify today 
on the Department of Treasury's approach to the Federal 
Information Technology Acquisition Reform Act, or FITARA.
    I will focus on how our evolving Office of the Chief 
Information Officer practices have laid a strong foundation for 
the implementation of FITARA. I also acknowledge there is much 
work to do. I will highlight some of these practices, including 
the roles of the OCIO in managing the Treasury Department's 
information technology, IT, and information resource management 
portfolio, and the governance structure that has Department has 
in place to ensure sound IT/IRM decisionmaking and delivery.
    The three top OCIO management priorities for the Department 
of Treasury are cybersecurity, making improvements to the IT/
IRM operations, and implementation of FITARA.
    Treasury works each day to deliver the diverse mission of 
the Department both securely and reliably and to build upon 
what we think is a strong foundation that positions the 
Department for further successes in the future.
    Treasury supports an important financial mission for our 
country. Treasury is comprised of departmental offices and 
bureaus of wide-ranging size with varying technology needs and 
complexities and a number of different funding sources.
    The Treasury CIO is accountable for meeting the IT/IRM 
needs of the departmental offices, with special attention to 
advancing the enterprise-wide objectives. Responsibility for 
IT/IRM management is shared among the Treasury CIO and bureau-
level CIOs, who focus on the unique mission and needs of the 
individual organizations.
    Treasury is fully dedicated to implementing FITARA in 
accordance with OMB's guidelines and the Department's needs. 
Our self-assessment against the common baseline established by 
OMB demonstrates that we have a number of practices already in 
place but that many of these need to be formalized through 
policy. And we acknowledge that there are many areas that still 
need to improve.
    Treasury's focus is sustainability, which means integrating 
the goals of FITARA into existing processes to ensure 
efficiencies can last over time.
    The existing IT/IRM lifecycle is built upon GAO and OMB's 
best-practice framework of architect, invest, implement, and 
operate, with cybersecurity built in throughout the lifecycle. 
Treasury uses this framework to further policy and process 
development and includes consistent practices in the following 
five areas:
    Number one, governance. The Department has a GAO-recognized 
best-practice approach to efficient and effective review of its 
IT/IRM investments. Each bureau reports execution data to the 
Department monthly. Treasury then reviews all investments with 
month-to-month performance issues in project execution and 
conducts a detailed program review called TechStat on select 
investments. In addition, the Department CIO conducts quarterly 
performance reviews with each bureau and participates in 
quarterly PortfolioStat reviews with OMB.
    Number two, budget formulation and planning. The Department 
CIO actually annually reviews all bureau IT/IRM plans and 
participates in full bureau budget reviews. The Treasury CIO 
counsel also select a group of enterprise-wide initiatives to 
be executed jointly. Efficiencies, such as those gained through 
data center consolidation, have allowed Treasury to begin to 
shift more spending to development and modernization and 
enhancement, DM&E, efforts.
    Number three, acquisition and execution. The Senior 
Procurement Executive, SPE, and the CIO have worked 
collaboratively to conduct a joint review of department 
offices' IT/IRM procurements as well as select acquisitions of 
major enterprise programs. Treasury is also developing a 
department-wide procurement strategy and governance program to 
ensure enterprise-wide oversight and to leverage economies of 
scale in procuring commodity IT/IRM where possible.
    Number four, in workforce and organization. The Treasury 
CIO has input into bureau CIO selections, places performance 
objectives in bureau CIO annual performance plans, and 
contributes to bureau CIO evaluations.
    Number five, project management. Beginning in fiscal year 
2015, Treasury OCIO launched two initiatives to improve project 
management oversight and practice: number one, develop a new 
enterprise-wide lifecycle management program; and, two, a 
revised program management approach to better leverage agile 
development methods.
    Per OMB's recent PortfolioStat review we just received, 
Treasury has made significant progress in shifting towards a 
more agile development approach, but work remains.
    In conclusion, while Treasury has a strong foundation on 
which to successfully implement FITARA, we acknowledge there is 
still work to do. The Department is committed to fully 
implementing FITARA and looks forward to working with OMB, GAO, 
and the Congress in this endeavor.
    Thank you for your support for FITARA, a key initiative 
which will improve public stewardship. I appreciate this 
opportunity to testify today, and I'll be glad to answer any 
questions you may have.
    [Prepared statement of Mr. Bhagowalia follows:]
    
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
   
    Mr. Meadows. Thank you so much.
    Mr. McKinney, you are recognized for 5 minutes.

                 STATEMENT OF RICHARD MCKINNEY

    Mr. McKinney. Thank you, sir.
    Chairman Hurd, Ranking Member Kelly, Chairman Meadows, 
Ranking Member Connolly, members of the subcommittee, I want to 
begin by thanking you for the opportunity to appear today to 
discuss DOT's implementation of FITARA.
    I would also like to thank both this committee and your 
predecessors for having the foresight to recognize the critical 
importance of clarifying and strengthening the role of Chief 
Information Officer. FITARA provides both the accountability 
and the authority that is required for a CIO in an IT 
organization to be successful.
    I believe this landmark legislation must be used as the 
foundation for the complete transformation in the way the 
Federal Government builds, buys, manages, and secures 
information technology. And I think you have very wisely given 
us FITARA at an extremely critical juncture. Let me explain 
why.
    I began my IT career in 1985, just as governments were 
eagerly moving away from the centralized, one-size-fits-all 
model characteristic of the early mainframe days. This rapid 
decentralization continued through the 1990s, but, 
increasingly, this patchwork quilt of disconnected IT silos and 
disparate technologies began to reveal its weakness as we moved 
into the connected age of the Internet.
    And governments at all levels across this country have 
struggled with how to unwind this mess that we have allowed to 
build up over the past 30 years. Tearing down the silos is not 
an easy thing to do. We all understand how the status quo has a 
lot of inertia, and so it is at DOT.
    I was appointed CIO at DOT a little over 2 years ago, and I 
immediately recognized this all-too-familiar scenario. I began 
by having a frank and honest conversation with both the 
departmental leadership and the operating administrations about 
the challenges that we faced.
    I could tell that everyone recognized that what I was 
saying was true. But I also understood that in order to lead 
them through a difficult transformation that we first had to 
strengthen the office of the CIO. I wish I could tell you that 
this process was quick and easy to do, but it wasn't. But after 
more than a year of hiring, reorganizing, and improving service 
delivery, the Department's confidence in our office quickly 
improved.
    And why is that important? It is precisely because we have 
to make such a radical and difficult turn, abandoning the 
decentralized approach and moving toward a strong and secure 
enterprise shared-services approach. This shared-services model 
should manage the 60 to 70 percent of our current IT landscape 
that is commodity IT: the networks, servers, storage, desktop, 
help desk, messaging service, all the enterprise services that 
can be provided as a centralized utility and a well-managed 
mixture of both cloud and locally hosted services.
    This balanced approach would leave the mission-specific 
solutions to be managed at the component level and specifically 
aligned to their unique business needs. And with the cost 
sprawl of decentralized infrastructure contained, we would free 
more resources to improve the applications that help us achieve 
our mission goals.
    There is even one more more compelling reason to make this 
radical change, and that is security. In our current 
decentralized model, visibility across our network is 
inconsistent, lines of defense are often less than clear, and 
coordination effectiveness of our security efforts are severely 
impacted.
    Even if we managed a perfectly architected IT 
infrastructure, securing that infrastructure against our 
enemies would still be a very difficult task, but that should 
be our singular goal. We must create a new construct that is 
secure by design, one where security is built in and not bolted 
on.
    So how do we begin to use the three foundational 
authorities of FITARA--namely, HR, budget, and acquisition 
approval--that you have wisely laid out in this legislation?
    I'm sure we can all agree that, in order to chart a course 
to where you want to go, you must begin by understanding where 
you are. I have been frustrated by the lack of good data, both 
technical and financial, that we have to measure our IT spend 
and performance. Just as our physical IT has been siloed, so 
has our data.
    For too long, my office has been merely an aggregator of 
component data, data that we report to GAO and OMB, only to 
find out later that the taxonomy and structure varies from one 
OA to the next. So one of our first steps is teaming with the 
CFO office and asking the operating administrations to join us 
in building a new taxonomy that consistently and accurately 
identifies and quantifies our IT spent. You can't manage what 
you can't measure.
    Let me close with this. I want you to know that I am 
totally dedicated to ensuring that the rollout of these 
important authorities is done as quickly and as successfully as 
I know how to do. I believe that we have to approach FITARA as 
if it were our last chance to get this right.
    Again, thank you for FITARA. Thank you for this opportunity 
to testify. And I look forward to answering whatever questions 
you might have.
    [Prepared statement of Mr. McKinney follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
   
    
    Mr. Meadows. Thank you, Mr. McKinney, for your insightful 
testimony. Please give my personal regards to the Secretary, if 
you would.
    Mr. McKinney. Yes, sir, I will do that.
    Mr. Meadows. And, Mr. Shive, you are recognized for 5 
minutes.

                    STATEMENT OF DAVID SHIVE

    Mr. Shive. Thank you, Mr. Chairman.
    Good afternoon, Chairman Meadows, Ranking Members Kelly and 
Connolly, and members of the subcommittees.
    Mr. Meadows. If you could bring that mic a little bit 
closer to you there.
    Mr. Shive. How's that?
    Mr. Meadows. All right. That is better.
    Mr. Shive. Great.
    Thank you for inviting me to testify before you regarding 
GSA's implementation of the Federal Information Technology 
Acquisition Reform Act. GSA appreciates this committee's 
oversight of this important issue and the importance of 
addressing the high-risk areas outlined by the Government 
Accountability Office in its assessment.
    Today, I would like to highlight GSA's efforts towards 
implementing the common baseline of FITARA. These efforts 
address a variety of activities, from centralizing IT 
management to the optimization of data centers, all of which 
are helping us to move closer to successfully complying with 
the requirements of FITARA.
    Three years ago, GSA conducted a top-to-bottom review of 
the agency and, as a result of that, consolidated IT management 
under the CIO and put effective management controls in place to 
centralize our IT spending. Since this consolidation, GSA has 
improved IT acquisition and security, and we are implementing 
additional reforms, many of which were directed by FITARA.
    For example, as GSA's CIO, I oversee and regularly 
participate in the governance of operations and delivery of IT 
services for the entire agency. All instructional letters, 
policy directives, and formal guidance are published under my 
signature, and all initiatives with an IT component are 
reviewed by me or my delegates. This is made possible through 
my representation on governance boards around the agency, such 
as our Investment Review Board, and through our agency's IT 
management processes.
    GSA's consolidation efforts also helped my office gain 
visibility into GSA-wide IT spending and investments. From 
fiscal years 2013 to 2015, GSA IT reduced its budget by 17 
percent. This is in part due to the fact that, since our 
consolidation, I am intimately involved with the review, 
management, and oversight of IT expenditures, from the initial 
budget request to the execution and completion of each project.
    To achieve this, my office conducts high-risk investment 
reviews, project health checks, benefits realization, 
application rationalization, and we authorize reprogramming of 
funds and rebaselining of IT investments. All of these help 
with ensuring that, as CIO, I have a role in investment and 
project management oversight, which are primary goals of 
FITARA.
    Additionally, to ensure that IT investments within various 
GSA divisions are aligned with the long-term IT vision of the 
agency, my office collaborates with the various business lines 
within GSA to provide guidance and support. The IT executives 
supporting these offices report directly to me and formulate 
technology solutions and manage IT investments with clear 
understanding of GSA IT enterprise management requirements and 
clear direction from the CIO.
    Another initiative that has been central to reducing our 
costs and is part of the requirements necessary for agencies to 
properly implement FITARA are our activities surrounding the 
Federal Data Center Consolidation Initiative. As a part of 
FDCCI, GSA IT has reduced its overall number of data centers by 
65 percent and consolidated their functionality to the agency's 
core data centers. This consolidation has saved or avoided 
costs totaling approximately $29 million from fiscal year 2012 
through 2014.
    Currently, GSA operates three core data centers as well as 
multiple regional data centers. GSA IT's future goal is to 
consolidate all core data centers and regional data centers 
into three primary data centers.
    Through consolidation and by driving efficiency into the 
GSA-computing enterprise, GSA has increased the usability of 
our systems, eliminated duplicative processes, eliminated 
duplicative systems and applications, and standardized our 
processes using industry best practices and solutions.
    While GSA has made significant progress in implementing the 
key components of FITARA, there is still more work to be done. 
As GSA moves forward with FITARA implementation, I will 
continue to work with GSA senior agencies officials, OMB, my 
peer Federal agency CIOs, and members of this committee to 
ensure that GSA is effectively implementing FITARA to reduce 
costs and increase the value of our IT acquisitions.
    I thank the subcommittees for the opportunity to testify 
today and look forward to answering any of your questions.
    [Prepared statement of Mr. Shive follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
    
    
    Mr. Meadows. Thank you so much.
    Mr. Powner, good to have you back with us. You are 
recognized for 5 minutes.

                  STATEMENT OF DAVID A. POWNER

    Mr. Powner. Chairmen Meadows, Hurd, Ranking Members 
Connolly and Kelly, I would like to first thank you for your 
leadership on the implementation of FITARA with your first set 
of grades. Your initial focus on improving transparency of the 
projects on the Dashboard, delivering in smaller increments, 
and holding agencies accountable for savings on data center 
closings and duplicative spending will greatly help agencies 
with their implementation efforts.
    I'd like to briefly comment on each of the four areas on 
your scorecard, starting with incremental development.
    FITARA requires that CIOs certify that IT investments 
deliver in increments consistent with OMB policy, which 
requires that major investments deliver in 6 months. Agencies 
such as VA, GSA, and EPA do a good job in this area. Agencies 
self-report that, overall, 58 percent of the projects in 
development are planning to deliver in 6 months. Our ongoing 
work for this committee shows that this number greatly 
overstates the extent to which agencies are delivering 
incrementally. Therefore, grades in this area for some agencies 
are too high and may need a downward adjustment in the future.
    Next, Dashboard transparency. FITARA codified the IT 
Dashboard and CIO risk ratings for the approximately 750 major 
investments across the departments. These ratings simply say 
whether each investment is low-, medium-, or high-risk. The 
Dashboard tells us that about 160 investments, totaling about 
$10.5 billion, is moderate- or high-risk and that 76 percent of 
the IT dollars the government invests in is low-risk.
    These totals are nowhere near reality, given the troubled 
IT acquisitions and the old, antiquated legacy systems the 
government has. CIOs need to be more transparent and accurate 
in this area, and our ongoing work will show that many of these 
CIO ratings are not acknowledging risk appropriately. Agency 
CIO ratings that do acknowledge a fair amount of risk include 
Commerce and EPA.
    Next, PortfolioStat. FITARA requires that agencies review 
their IT portfolios and address waste and duplication. When OMB 
first started this effort, there were over 200 initiatives, 
totaling nearly $6 billion in planned savings. However, our 
latest report showed that the baseline is much lower and there 
has been inconsistent reporting to GAO, OMB, and the Congress. 
Some agencies, like SSA and Treasury, have reported significant 
savings.
    We have over 60 recommendations to OMB and agencies in this 
area, and FITARA and your grades will help refocus needed 
attention here.
    Next, data center consolidation. This is the big dollar-
savings area. FITARA requires annual, publicly reported updates 
on savings. Our ongoing review for this committee highlights 
the importance of this section of the law.
    Twenty-one-hundred more data centers are now being reported 
to us, for a total of 11,700 centers.
    Representative Connolly, you missed one update in the 
baseline. We were at about 9,600, and now we're at 11,700.
    Over 3,300 have been closed to date, and the government 
plans to close an additional 2,000 centers. Over $2.5 billion 
have been saved, and there is another $5.5 billion on the 
table. So, in total, the government plans to close 5,000 
centers and save about $8 billion.
    Mr. Chairman, this $8 billion total should actually be much 
higher since some agencies have lowballed their targets and not 
all agencies have new cost estimates in. The top five agencies 
in data center savings are Treasury, DOD, DHS, Transportation, 
and Commerce.
    I'd like to comment on the data sources used to grade 
agencies. It's not perfect, as we've discussed, but it's the 
best data available, agencies own it, and they need to get it 
right. The data primarily comes from the IT Dashboard and the 
quarterly savings report submitted to the appropriation 
committees. We believe your grades and oversight will greatly 
improve the accuracy of the data and attention to these areas 
and ultimately more progress. In addition, our reviews will 
highlight where agencies' self-reporting is inaccurate.
    A critical and additional area where oversight is needed 
with your scorecard in the future, as we have discussed, is CIO 
authorities. We would recommend a close review of the FITARA 
implementation plans when approved and whether CIOs are 
exercising their enhanced authorities. Until these authorities 
are strengthened significantly, agencies will struggle to 
comprehensively implement FITARA.
    I would like to thank Tony Scott for his leadership, 
specifically on enhancing the transparency by making the FITARA 
implementation plans publicly available, his recent strategic 
sourcing enhancements associated with desktop purchases, and 
calling for more focus and attention on GAO's IT 
recommendations.
    Chairman Meadows, Ranking Members Connolly and Kelly, thank 
you again for your leadership. We look forward to working with 
you further on your scorecard and oversight.
    [Prepared statement of Mr. Powner follows:]
    
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
    
    
    Mr. Meadows. Thank you so much.
    The chair will recognize himself for 5 minutes to follow 
up, I guess, on our opening statement. So I want to just thank 
all five of you for your illuminating testimony.
    I guess, for me, part of this would piggyback on what I had 
highlighted during our opening remarks, and that would be, as 
we look at savings, what incentive is there for you to save and 
be efficient, only to give the money back to someone else or 
back to the general Treasury, where it gets reallocated or 
reappropriated to somebody else? Is there a real incentive for 
you to do that?
    Mr. McKinney, do you want to weigh in on that?
    Mr. McKinney. I'd be glad to.
    That was music to my ears when you said that, because I 
absolutely believe that, you know, not only do I need to drive 
down cost, I need to drive up service delivery and improvement 
of delivery of services.
    And, you know, if we can have an ongoing conversation about 
how we can incentivize people, you know, when they drive down 
their costs, that there's that reinvestment opportunity and 
transparency about that reinvestment opportunity, I think 
that's a great conversation to have.
    Mr. Meadows. So do you think you could work with GAO and 
OMB as it relates to that?
    Because one of the concerns I have really has to do with 
the data that not only you but Treasury and others have put 
forth. So let me be specific. I mean, when we are talking about 
savings and reporting those savings to GAO, where we are trying 
to get a good scorecard, I guess, Transportation, you had 
indicated that, you know, there was some $77 million in 
savings. But yet when Congress gets a report through OMB and 
other sources, the savings was only $3 million.
    Mr. McKinney. Yeah.
    Mr. Meadows. Now, I am not saying that the $3 million or 
the $77 million, either one of those, is inaccurate, but there 
is a fly in the ointment somewhere. And so, in doing that, is 
that because, obviously, we want to save as much as we can and 
that you get penalized by Congress when you have saved money?
    I am amazed at the amount of fourth-quarter spending that 
goes on around here. I mean, I know it shouldn't be a shock, 
but it is amazing how many dollars we spend in the fourth 
quarter, saving up for the first three.
    So why would you think that there would be an inconsistency 
there? And I am not trying to put you on the spot.
    Maybe, Mr. Scott, let me come to you and let you answer 
that question. Why would there be an inconsistency with what is 
reported in terms of savings through you and then others, to 
Mr. Powner, in terms of those same dollar savings?
    Mr. Scott. I'm not sure I have the complete answer. As 
we've discussed about this topic with various organizations, 
various agencies, and so on, I think it's a combination of a 
couple of things.
    One is, some measures that we use here are cost avoidance 
as well as actual cost savings. So it depends on how you answer 
the question--or how you ask the question, what the answer is.
    Mr. Meadows. So is that like saying that someone is going 
to go to a sale at a supermarket and, because they decided not 
to buy something that may have been more expensive, that they 
have saved that amount of money?
    Mr. Scott. Or it could be required increases that are 
absorbed by existing technology, those kinds of things.
    Mr. Meadows. All right. So can we get that consistent? 
Because if that is an inconsistency, you know, it is 
inconsistent in the definition of what you are reporting to OMB 
and then the same that you are reporting to GAO. We are talking 
about apples and oranges.
    So that is what you are saying, is it is a definitional----
    Mr. Scott. It's one of the things that I think we 
collectively have to work on, that we're using the same 
measures when we talk about the same thing. And even in the 
scorecard that I see here, I see differences in the way that 
OMB is measuring something.
    Mr. Meadows. And there are going to be. In fact, I think we 
have talked to GAO with that. And here is what a lot of the 
agencies are going to get: the benefit of the doubt today. As 
we start to refine this and define this, then I would say that 
the benefit of the doubt and the score--I fully expect some of 
your scores to go down as we look at this. And that is not 
going to be very troubling unless it is a trend. And I think 
that all of us, in a bipartisan way, are trying to make sure 
that it is the trend that we are looking at, that we are making 
progress.
    And so let me finish up, Mr. McKinney, with one of yours. 
In your testimony, you highlighted that 70-percent sweet spot 
in terms of the enterprise systems and so forth.
    Mr. McKinney. Right.
    Mr. Meadows. Do you believe that that is the area that you 
have the most control over in terms of IT expenditures?
    Because data centers seem like--and the definition of 
``data center''--and we have had hearings in this very room on 
data centers and what they are and what they are not. It seems 
like that is where the big number is in terms of savings?
    Mr. McKinney. Yes, sir. Not only is it the big number, you 
know, in my experience with IT, it's foundational, you know. 
Everything else that you do in IT you do on top of that 
foundation.
    And it's like you got an old house, somebody gives you an 
old house; where do you go? You go into the basement. So I'm 
headed into the basement, trying to figure out what's the 
foundation, what's the plumbing, what's the electrical like, 
and try to fix that first.
    I think the most of the money, the savings, is in that, but 
I also think it's absolutely essential if we're going to build 
great IT on top of it.
    Mr. Meadows. Well, here is what I would offer to each one 
of the agencies as we start to work with that. If any of you or 
all of you want to work with us in terms of being more 
aggressive in terms of data center consolidation and those big 
numbers, I will work in a bipartisan way with my colleagues to 
go to the appropriators and say, listen, we need to give them 
the benefit of the doubt, whether that is on the authorizing 
side or certainly on the appropriating side, and see what we 
can do. And if you want to reach out to do that, that offer 
stands.
    And so the chair would recognize the gentlewoman from 
Illinois, Ms. Kelly.
    Ms. Kelly. Thank you, Mr. Chairman.
    Mr. Powner, has GAO identified problems with self-reported 
data in the four areas graded in the scorecard?
    Mr. Powner. Yes, we have.
    So, for instance, on incremental development, you know, 
there are some agencies that are reporting a very high 
percentage of projects that they plan to deliver in 6 months. 
We have some ongoing work on that. We see those percentages 
much lower when we go in and start looking, you know, 
underneath the covers on that. So that's an area that I think 
the grades will go down, with some of the data that's not 
accurate.
    On the data center front, I think there are some agencies--
like, Treasury and Transportation, they got F's, but we feel 
better about their F's because they have high goals. Okay? So 
that----
    Mr. Meadows. I bet there are a lot of kids around the 
country that would say that their parents should feel better 
about their F's.
    Mr. Powner. Right. But some agencies that have A's and B's 
with low goals and they actually have achieved more than their 
goal, we don't feel so good. So I think those grades are going 
down; their grades are going to be going up.
    So it's kind of a mix when you look at the different areas. 
But, again, I think the self-reported and your grades and focus 
will help with self-reporting, and hopefully our audits that 
will be coming behind the numbers will also help get the 
information right.
    Ms. Kelly. Well, have you identified any causes for this, 
behind the issues in self-reported data? Like, what do you 
think the causes are?
    Mr. Powner. Well, I think, on data centers, for instance, 
the last report we did, there were six agencies--and GSA was 
one of them--that we thought had a high number of closures with 
not high dollars and savings. And we asked those agencies to go 
back and look at their dollar savings.
    I think that there are just certain agencies that need to 
relook at it. And they might need a push, both from Congress, 
with your oversight, from OMB. Hopefully, we can help with some 
of that.
    I do think, with the codifying the data center 
consolidation in FITARA, estimates now need to go out through 
2018. And that's why I think the $8 billion savings on data 
centers, it's going to be a lot more than that if we really get 
serious about it.
    Ms. Kelly. Okay. Thank you.
    Mr. Scott, OMB's FITARA implementation guidance includes a 
data improvement program that provides guidance to agencies on 
how to improve their data reporting related to FITARA 
requirements. How will OMB enforce the requirements of the data 
improvement program?
    Mr. Scott. So, we do, first of all, a bunch of data 
collection, including quarterly standard data collection. And 
we have actually had a program in place for a while to try to 
improve the quality of that data collection that we do. And as 
we have gotten experience with that, and also working with GAO, 
we continue to identify opportunities.
    So this is one of the tools that I think, actually, FITARA 
is going to help us with. Because it requires more transparency 
and visibility top to bottom in the agency, we now have an 
opportunity to get better data. And I think as any of these 
gentlemen will testify, this has been a great forcing function 
within the agency to sort of flush out of, you know, some of 
the hiding places where IT dollars were.
    So we have both experience in improving the data quality, 
but now I think we have the opportunity, as the result of 
FITARA, to get better data in the first place.
    Ms. Kelly. Okay.
    And what are the consequences if the agency does not make a 
data improvement plan or fails to take steps to execute a plan?
    Mr. Scott. Well, we have a bunch of leverage that we can 
use. We can leverage our colleagues on the budget side of OMB 
to help make sure the right things are taking place, and, also, 
on the management side, we have the President's Management 
Council. We have peer pressure, frankly.
    And then there is nothing like public exposure on our Web 
site and oversight by this committee and GAO and inspectors 
general. So I think this is one of those areas where daylight 
will help all us of us make sure we get the data and the 
information we want.
    Ms. Kelly. I know someone mentioned a push from Congress, 
but is there anything else Congress can do to ensure that 
agencies are reporting timely and reliable data?
    And anybody can answer that.
    Mr. Scott. Well, I think, from my viewpoint, you know, 
there's, sort of, no bad scorecard. We just have to agree on 
what the scorecard is and what we are going to measure in a 
uniform and consistent way. So there is no right or wrong here. 
I think the secret is consistency, and then we can drive for 
data quality in the things that we are collecting.
    And so I look forward to working with this group and others 
to make sure we are collecting the same stuff in the right way 
to then drive the right action.
    Ms. Kelly. Any other comments from anyone?
    Nope?
    I yield back the balance of my time.
    Mr. Meadows. All right.
    The chair--did you want to comment on that? Okay.
    The chair recognizes the gentleman from Virginia, Mr. 
Connolly, the chairman of the Subcommittee on Government 
Operations.
    Mr. Connolly. I thank my friend.
    Gosh. By the way, Mr. Scott, in response to Ms. Kelly, so 
is OMB or is GAO going to be putting on their Web site these 
scores?
    Mr. Scott. We hadn't made a specific plan for this 
Dashboard. Frankly, we just saw it in the last day or two, so 
we haven't really even had the opportunity to discuss it.
    Mr. Connolly. All right. I would just suggest to you, 
respectfully, given your answer to Ms. Kelly, it would be 
perfectly consistent to do so. If we want sunshine and we want 
to--and we can always do it with the right caveat.
    All right. Mr. McKinney, thank you for your statement, 
along with your colleagues on your right and left. It was not 
defensive. It was self-reflective. And, boy, if everybody 
approaches this opportunity that way, the Federal Government is 
going to be humming, at least when it comes to investment 
management and deployment of IT assets. And that gives me great 
hope. So thank you for your statement.
    Mr. McKinney. Thank you, sir.
    Mr. Connolly. Very empowering.
    Mr. Powner, Mr. McKinney indicated in response to Ms. Kelly 
that, when it comes to data center consolidation, that is 
foundational. You know, absent that, we are not going to 
effectuate the kinds of reforms and efficiencies and savings we 
need.
    I got to admit, you surprised me. I was off by 3,000. It 
seems like every hearing we have we discover another 2,000 or 
3,000 data centers.
    You have released your report on your work assessing the 
Federal Government's status on the consolation effort. What are 
the challenges toward significant reduction and consolidation?
    Mr. Powner. Well, I think you need to look at the current 
goals that they have. So, of the 11,700 data centers that are 
being reported, agencies are only reporting 275 of those are 
core. Now, we are not going to consolidate----
    Mr. Connolly. Could you say that again? I couldn't hear 
you.
    Mr. Powner. These are the core data centers, so these are 
the primary data centers that you really want to consolidate 
into. So there still will be these non-core that remain.
    But I think, when you really look at agencies and you look 
at the number of core centers they have, that needs a closer 
look. And this is something we discussed with Mr. Scott and 
some folks at OMB. They've got some good guidance that's coming 
out on data center consolidation, what agencies need to do down 
the road, and that includes getting better estimates up to 
school-year 2016 through 2018.
    But I really think a good, hard look needs to occur with 
those core data centers. And is the number, is that the right 
number? And the ones that are non-core, what are we really 
doing with them? How many of those are going to be remaining?
    Mr. Connolly. Assuming we are able to get everybody on 
board with this consolidation, Mr. Scott, what happens to the 
savings the agency might effectuate? I mean, I think Mr. Powner 
said maybe $8 billion, maybe more, actually.
    Because Mr. Meadows and I have focused on this. We don't 
want to punish someone unwittingly by saying, great, you saved 
all that money, now give it to us, and we are going to, you 
know, use it for some other purpose, rather than reinvesting in 
the enterprise in new IT assets or management throughout.
    What happens to the savings? And what, in your opinion, can 
we do or should do legislatively to help make that an incentive 
rather than a disincentive?
    Mr. Scott. I think, generally speaking, what happens is 
it's at the discretion of the agency, what to do with the 
savings. So the money may be reprogrammed for other efforts.
    But I think you're hitting at one of the core issues, which 
is, for an agency CIO to undertake any kind of major 
reinvestment to replace an old, antiquated legacy system, which 
is one of the things we want agencies to do, there has to be 
some source of funds for doing that. And that source of funds 
may have to be more than what's available in 1 year or in the 
savings that come from other savings efforts that go on.
    Our guidance that we just issued for public comment, A-130, 
suggests a new model for decisionmaking around software 
investments, including greater use of shared services, greater 
use of already-existing technology that is modern and that the 
government has rights to, and a series of things like that that 
should begin to also generate additional savings.
    But, fundamentally, we need to have a different kind of 
funding mechanism than is generally available today, in my 
opinion.
    Mr. Connolly. If I could ask one more question, Mr. 
Chairman? And then I will yield, of course, to Ms. Duckworth.
    But one of the other features of FITARA is a management 
feature, which is to try to evolve into a meaningful hierarchy 
of decisionmaking when it comes to the title of CIO. The three 
of you have that title.
    How many other people in your agency have it, Mr. McKinney?
    Mr. McKinney. Well, we have nine operating administrations, 
and each one of them has someone with the title of----
    Mr. Connolly. CIO?
    Mr. McKinney. Yes, sir.
    Mr. Connolly. Mr. Shive?
    Mr. Shive. When we started our consolidation, we had 27 
CIOs; now we have 1.
    Mr. Connolly. Twenty-seven; now we are at one.
    Mr. Bhagowalia?
    Mr. Bhagowalia. I have nine, sir.
    Mr. Connolly. Nine.
    Because, generally, when you ask even very large 
corporations--I do it as a trick question--``By the way, how 
many CIOs do you have?'' And they look at me kind of funny and 
go, ``Well, one,'' no matter how big. You know, we have 250 
people over 24 agencies--or did, when we wrote the bill.
    We didn't prescriptively say, ``There shall be one,'' 
because we didn't want to create resistance for you and your 
colleagues in trying to get your job done. But we were hoping 
that, over time, we kind of evolve to one individual who is 
infused with responsibility, accountability, flexibility to 
make decisions and to stick by them.
    Mr. Scott, final aspect of this one question: How are we 
doing in evolving that way? It sounds like Mr. McKinney's 
organization has done a pretty good job of doing it.
    Mr. Scott. I think it's a little too early to tell across 
the Federal Government how we are doing.
    What we have seen in agencies' plans, generally, is some 
reduction in the number of CIOs. So there are definitely cases 
where somebody has said, you know, if this is what I'm going to 
be responsible for, I don't want the title of CIO anymore, and 
we'll give it to somebody else.
    And what we are looking for specifically is the overall 
governance framework. So we haven't specifically focused on CIO 
title reduction, but what we are looking at is, you know, where 
the accountability and responsibility flows and how it flows up 
to the agency CIO.
    Mr. Connolly. Thank you for your indulgence, Mr. Chairman.
    Mr. Hurd. [Presiding.] Thank you.
    So now I would like to recognize the gentlewoman from 
Illinois, Ms. Duckworth.
    Ms. Duckworth. Thank you, Mr. Chairman.
    I am actually going to follow up on what my colleague was 
saying. Mr. Scott, I sort of want to look at this idea of the 
enhanced CIO authority and how it benefits the IT acquisition 
process, going right back to what you were just talking about, 
the consolidation.
    And one of the things bureaucracies are known for, sir, is 
turf battles. And having worked inside the VA, where there are 
some significant turf battles there, and watching that and then 
being able to see the IT come together under Roger Baker as a 
CIO there, I gain hope.
    Can you talk a little bit about the enhanced CIO authority 
and how that affects the acquisition process when you have this 
diverse number of alternate CIOs within each of the agencies?
    Mr. Scott. I think there's a couple of things that have 
either been done or are in progress that will help this.
    So, first of all, we are issuing broad guidance in some of 
the commodity IT areas, like laptops, desktops, servers, and so 
on, that I mentioned so that there is much stronger, sort of, 
guidance in terms of how that will be done in an agency. And 
that includes transparency of spend and the plans in that 
space.
    Also, as I mentioned, this A-130 guidance that we have out 
for public guidance is also more prescriptive. And with the CIO 
authorities, now there is a tool for the agency CIO to say, 
here's the law, here's the guidance, and then measures 
compliance with those things in particular.
    Again, I think probably the biggest trick to all of this is 
making sure that the data is exposed in some way so that the 
agency CIO can understand what's going on. And, frankly, that's 
going to be one of the challenges that we deal with over the 
next couple of years, is making sure that the reporting systems 
that we have capture the data at the right level and then 
that's available to the agency CIO.
    In a big, complex agency, you might have multiple systems 
that gather that data in a non-uniform way, as Richard was 
talking about. And that's going to have to be dealt with as we 
go down the road here.
    Ms. Duckworth. Mr. McKinney, do you see this as one of your 
major things that you are going to be needing to work on as you 
go into the basement?
    Mr. McKinney. Yeah. You mean the governance issues? Yes, 
absolutely.
    I wanted to, if I could, comment on that, you know, about 
having nine CIOs.
    Ms. Duckworth. Yeah.
    Mr. McKinney. I believe that if we could get the balance 
between what ought to be centralized as a utility for the 
Department and then we then--each of the operating 
administrations have unique business needs. And I need 
somebody, whether it's the title of CIO or IT engagement 
manager, whatever it is, somebody whose job, sole job, it is to 
focus on the alignment of the technology to that particular 
business, while the central office, my office, tries to manage 
that underlying utility.
    Now, that's not to say I wouldn't be involved in that, but 
what I'm saying is I need eyes into that business unit to 
understand their unique business needs. And whether we call 
that a CIO or IT engagement manager, whatever we want to call 
it, I think that's the right balance point between the two.
    Ms. Duckworth. Are you confident that the things that come 
out of central office, say, the guidance that come out of 
central office, with or without a concurrence from the folks 
out in the field, are going to be carried out?
    Because one of the things I have seen in bureaucracies at 
the Federal level is that lots of great things come out of 
central office and then they slow-walked.
    Mr. McKinney. Right. I have tried, in the few years I have 
been at DOT, to create a governance model where I, as the CIO, 
sit down with those modal CIOs and that we have a true business 
council, that we have true governance and dialogue between us, 
that we make decisions together.
    So I do not want to be the central office that dictates out 
to the business units and they have no input. That won't work. 
What works is when the people work together towards a common 
goal.
    Ms. Duckworth. I would agree. But wouldn't you agree that, 
at some point, there are going to be some things that are going 
to be unpopular----
    Mr. McKinney. Yes.
    Ms. Duckworth. --that you are going to have to say, as the 
central office, okay, this is the one thing you are going to 
have to do and suck it up?
    Mr. McKinney. Yep. Yep.
    I mean, that's what happened during the cyber sprint that 
we did. You know, that's an example of where I put FITARA to 
use. OMB came out with these goals about privileged and 
unprivileged access, and DOT's numbers were way down, and I 
called all those CIOs together, and I said, ``We've got 30 
days, and we're going to be at 100 percent of privileged, and 
we're going to get a high number on unprivileged''--and we got 
to 97--``and you've got 30 days to get it done, and they're not 
cutting us any slack and I can't cut you any slack.'' And, you 
know, to our credit, 30 days later, we were kind of at the top 
of the list of departments that tackled that issue.
    Now, we've got a lot more issues ahead of us, but that's 
where the departmental CIO says, ``I've taken your input, I've 
listened, but here's what we've got to do.'' And, you know, a 
good CIO isn't bashful about making those calls.
    Ms. Duckworth. Thank you.
    I yield back, Mr. Chairman.
    Mr. Hurd. Thank you.
    I would like to recognize myself for 5 minutes.
    And continuing along that line of questioning, if there are 
members of you all's staff that would enjoy coming up here and 
testifying and we get to ask them the questions, why they are 
not going forward on things, we will be more than happy to do 
that.
    My first question, Mr. Shive, GSA got one of the two B's 
out of the 24 CFO agencies, which were the two highest scores. 
Now, when we break it down and look at the data center 
consolidation, we graded you at a D. But if we did this on a 
curve, you were one of the better performing agencies on data 
center consolidation.
    Did you need additional moneys in order to do that data 
center consolidation?
    Mr. Shive. No.
    Mr. Hurd. You went from--you know, the reported savings is 
$49 million, the goal, and you have realized $29 million, which 
is 60 percent of that end goal. Did you need additional funding 
in order to achieve that?
    Mr. Shive. No. We self-funded those activities. As a part 
of our IT consolidation, we consolidated much more than just 
data centers. We rationalized our applications, we rationalized 
our infrastructure, reorganized how we do business. And those 
were savings generated from that, and those savings were 
reinvested into data center consolidation.
    Mr. Hurd. And you were able to do that, you had the 
flexibility in order to do that. Is it because you have a 
unique budget authority as your role versus maybe some of your 
peers?
    Mr. Shive. So, no, I don't have a particularly unique 
budget authority. I operate largely out of the working capital 
fund, and that's what funded most of these activities.
    Mr. Hurd. Great.
    Mr. Shive. What enabled that was actually strong leadership 
at the top of GSA that made this a priority and the fact that 
we got an early start on this.
    Mr. Hurd. Thank you.
    And now, Mr. McKinney, same question to you. The difference 
is you all have only realized 1 percent of the savings, of your 
goal. Why is that?
    Mr. McKinney. Well, the initial estimate that was 
provided--I think it was in 2011-2012 timeframe, prior to my 
coming to DOT--I would have to characterize it as an overly 
optimistic stretch goal. The number that we reported 
subsequently to GAO, I think, reflects the true savings.
    I will say this. We have 15 core data centers--3 of them 
non-FAA, 12 of them in FAA. I believe that we can get our three 
down to two, a primary and a backup. FAA puts a data center in 
each one of their regions. The rest of our data centers are 
really telecommunication closets where there is a network 
router and a switch and maybe a file and print server for 
document caching. So our numbers, as far as the actual number 
of physical locations, is down pretty low.
    I think the other side of--you know, and I would ask you to 
consider around data center consolidation is, when we started 
this in 2011, we really didn't have mature cloud service 
providers that we could move our stuff to. So I think the key, 
moving forward, is not only do we shrink the number of data 
centers, is we move assets out of those data centers and up 
into the cloud. And I believe that we are going to be able to 
move----
    Mr. Hurd. You are preaching to the choir on this.
    Mr. McKinney. Yeah. So that's what we are going to do.
    Mr. Hurd. Now, do you have the authorities to do that?
    Mr. McKinney. Yes.
    Mr. Hurd. All right. And when do you plan to do it?
    Mr. McKinney. We're in the process of doing it right now. 
We just issued----a contract----
    Mr. Hurd. And when will it be completed?
    Mr. McKinney. How long will it take us to move it up? It'll 
take a few years.
    Mr. Hurd. A few years. And how much data are we talking 
about?
    Mr. McKinney. Well, let's see. I could give you an example. 
Probably by February-March timeframe, I'm going to move my 
entire messaging service up into the Microsoft 365 cloud.
    Mr. Hurd. So are we talking----
    Mr. McKinney. Four hundred gigabytes of--or, 400 terabytes 
of storage. You know, we're going to make big moves. And we're 
going to also start moving just storage up there.
    Mr. Hurd. So is the length of time, years, to move data, is 
it because of the volume of data? Is it because of when you 
plan on implementing this? That seems like an incredibly long 
time in order to move even that, the petabytes and terabytes of 
data.
    Mr. McKinney. Well, you know, I'd like to think--I just 
don't want to--yeah, I don't want to get in the--you know, be 
guilty of making an overly optimistic stretch goal. I think, 
yes, we can move fast. We are moving as fast as our technical 
teams are able to do it, and----
    Mr. Hurd. So am I safe to assume that that may be one of 
these projects that are associated with your major investments 
that are not being delivered deliverables every 6 months?
    Mr. McKinney. I think you're talking about incremental 
development.
    Mr. Hurd. Right.
    Mr. McKinney. Yeah. That's another subject. I'd be glad to 
get into that.
    Mr. Hurd. No, it is another subject, but aren't those about 
the major investments that you all--would this data center 
consolidation not be considered a major investment?
    Mr. McKinney. Yes, it would.
    Mr. Hurd. Right. And so you have 59 projects associated 
with 19 major investments, and only 9 of those 59 projects are 
delivering deliverables every 6 months.
    Mr. McKinney. Right.
    Mr. Hurd. And the reason for the remaining 50?
    Mr. McKinney. Well, many of our major investments are on 
the FAA side of the house.
    Mr. Hurd. Sure.
    Mr. McKinney. They involve the national airspace. 
Incremental development, which is often referred to with the 
tag line ``Fail fast,'' is not really deemed appropriate for 
development of technologies that are going into the national 
airspace.
    Mr. Hurd. But, also, on the flip side of that, I would 
think if we would try to be getting the best technology 
available, to make sure that our FAA and our men and women that 
are flying planes have the best technology at their fingertips.
    So talking in terms of years versus months is one of the 
things that has been concerning to us, you know, when we have 
people come up here all the time talking about--and I recognize 
the difficulty of the task, but the American people are tired 
of hearing it takes 2 years to do something that it would take, 
you know, any other entity less amount of time.
    And we can get into the details and, yes, that everybody 
has a unique challenge, you know, but guess what? We still have 
to deliver. And, one, I want to make sure you have the 
authorities to do that. But, two, when you have those 
authorities, we are also going to hold you accountable on this 
area.
    Mr. Scott, in your written testimony, you talked about how 
many of the agency plans reflected a view that CIOs would not 
or did not have direct knowledge of IT goods and service 
acquisition. You know, your analysis of these initial agency 
plans, I think, has been one of the best insights we have 
gotten into this problem. How can we help you fix that?
    Mr. Scott. I think there's probably a couple of things in 
the short run.
    One, as I mentioned, we have a number of these OMB 
guidelines coming out, and I think the development of the 
appropriate scorecards and measures in that space will help us 
measure progress in that area. And continuing to insist that IT 
spend be identified as a part of major projects and getting the 
visibility of that at all levels, whether it's at the subagency 
level or at the agency level, is super-important.
    Another one, to me, is that, as we plan and budget for 
things, that conversation that takes place among the senior 
leadership--the CXO, the program heads, and so on--that clearly 
identifies what the expectations are of IT in that particular 
case is absolutely one of the keys. And so that's an area where 
we just can't take our eye off the ball. We've got to make sure 
we keep focused on it.
    Mr. Hurd. I will consult with my colleagues, but that 
sounds like an area for a great hearing, to discuss this topic 
and have some of those C suite folks talking about why or why 
not CIOs are not involved in the procurement process.
    And the last question--and I have exceeded my time. I 
apologize to my colleagues.
    But this is for all of you all. I welcome your feedback and 
thoughts on the scorecard. You know, we sit here and get to ask 
you all tough questions, and I would look forward to--and, Mr. 
Scott, I will start with you. Were you surprised, concerned 
with the scorecard?
    Mr. Scott. Well, I think, again, I didn't have a lot of 
time to look at it, but, to me, it sort of--one of the ways to 
look at it is it's a baseline of, sort of, where we are today. 
And I think the hope for FITARA is to seize this historic 
moment and, frankly, do things differently than we have done in 
the past.
    So, to me, the real measure will be, 6 months or a year 
from now, did we really move the needle on these things? I 
would love to change the past. Can't do that. Haven't figured 
out any way. But, you know, if we can really make progress in 
the next year or two, I think that's the real test.
    And, hopefully, the scorecard, you know, can reflect, you 
know, realtime progress as we go down the road. So, as we work 
together, I'd like to figure out how we make sure we are 
getting more realtime visibility.
    Mr. Hurd. Mr. Bhagowalia?
    Mr. Bhagowalia. Mr. Hurd, first of all, I think this 
legislation is very exciting because this legislation offers 
the most promise since Clinger-Cohen to really allow us to do 
our jobs. In the 30 years I have been in this business, I think 
this is the one that I think can help us, because you are also 
providing the oversight to make sure it gets done. I like what 
my colleague Mr. McKinney said, that what gets measured gets 
done. And that's exactly what needs to happen.
    So I would just make two observations. And one would be 
that there's a little bit of definitional challenges, as well, 
so we need time to process what the scorecards and things mean. 
But, for example, on our PortfolioStat, we did pretty well in 
some of the agile, but we know we need to do much more than 
that across all programs. So that's an area we need to take a 
look at.
    And I think the other thing I will just say is that, as we 
go into acquisition, you know, this can be a partnership with 
other CXOs. We've got to really work together to make it 
happen. But I think this is a tremendous way to really get to 
the validation and verification framework.
    Mr. Hurd. Okay. Thank you.
    Mr. Shive?
    Mr. Shive. Thank you, Chairman Hurd.
    I appreciate the work that our partners at GAO put into 
establishing a benchmark and a baseline for us to start to 
measure success as we move towards FITARA implementation. I 
think that this is a great opportunity to start that discussion 
so that we can begin the work of refining how we measure 
success, and I look forward to being a part of that discussion.
    Mr. Hurd. Mr. Powner, I think I know how you feel on this 
topic. But I want to say that, in my 10 months being in 
Congress, I have been impressed with the professionalism of GAO 
and the thoroughness of you all's report.
    So I am going to give the last word to Mr. McKinney.
    Mr. McKinney. Thank you, sir.
    As I said in my opening remarks, I am so grateful to this 
committee for FITARA, but both for the accountability and the 
authority. You know, I wanted both.
    And I sense your urgency, I feel your urgency. I have that 
same sense of urgency. As I said, I think this is our last 
chance to get it right.
    So I'm going to take what you've said to me today, the 
accountability that I feel very clearly, and I take it back to 
work with me. Because I have been telling my colleagues that 
FITARA is to be taken seriously, that the accountability is 
real. And we can debate about the authority, but, at the end of 
the day, the scorecard is going to reflect our accountability. 
And I appreciate it very, very much.
    Mr. Hurd. Well, Mr. McKinney, you can tell your fellow CIOs 
and your agency heads that many of them will be asked to appear 
before us.
    And, Mr. Scott, I agree with you, this should be movement. 
This is the baseline, and if we are not seeing movement, I 
think these conversations are going to grow a little bit more 
uncomfortable.
    So, with that, I would like to thank our witnesses for 
taking the time to appear before us today.
    If there is no further business, without objection, the 
subcommittees stand adjourned.
    [Whereupon, at 4:26 p.m., the subcommittees were 
adjourned.]


                                APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record
               
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]