[Congressional Record Volume 155, Number 63 (Tuesday, April 28, 2009)]
[Senate]
[Pages S4818-S4824]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. CARPER (for himself, Ms. Collins, Mr. Lieberman, and Mr. 
        Voinovich):
  S. 920. A bill to amend section 11317 of title 40, United States 
Code, to improve the transparency of the status of information 
technology investments, to require greater accountability for cost 
overruns on Federal information technology investment projects, to 
improve the processes agencies implement to manage information 
technology investments, to reward excellence in information technology 
acquisition, and for other purposes; to the Committee on Homeland 
Security and Governmental Affairs.
  Mr. CARPER. Mr. President, I rise today to introduce two bills, S. 
920 and S. 921, that I believe could represent the most sweeping 
reforms of government information technology management reform we've 
considered in some time.
  I would like to start by addressing the IT Investment Oversight and 
Waste Prevention Act.
  Every year, agencies spend billions of dollars on IT investments that 
they believe will increase productivity, reduce costs, or improve 
customer service. But agencies often fail to properly plan and manage 
their investments. Rather, nearly one third of all Federal IT 
investments are considered by OMB to be ``poorly planned.'' Many of 
these investments will be delivered over budget, behind schedule, and 
not performing up to agencies' original expectations.
  Some might say that we just shouldn't make these kinds of 
investments. But many of them are critical to agency missions.
  My colleagues and I on the Homeland Security and Governmental Affairs 
Committee's Subcommittee on Federal Financial Management, which I 
chair, have held four hearings on the issue of troubled IT investments 
now, including one today. And what we've learned is that some agencies 
can't keep the expected cost of their investments down or deliver them 
on time as promised. Nor do these agencies, in many cases, have 
qualified IT experts they can turn to before a project spirals out of 
control. The bill I have put forward today along with a number of my 
colleagues addresses these issues.
  Our bill starts by requiring the Office of Management and Budget to 
increase the transparency of funded IT investments on a public website. 
OMB created such a website, known as VUE-IT, this past July following 
one of our subcommittee hearings. Our bill would ensure that VUE-IT or 
whatever similar site the new Obama team creates has the cost, 
schedule, and performance necessary for Congress and the general public 
to know if a project is a success or should be scrapped.
  Our bill also requires that agency plans for new IT systems must 
contain a clear business case and provide complete and accurate 
information before the OMB approves the investments. Although this 
sounds like a simple concept, it doesn't always happen. And OMB has 
historically been unwilling to turn down an agency IT request.
  To correct this, our bill also empowers OMB and agency Chief 
Information Officers to take action if they realize a project isn't 
going as planned, before it spirals out of control. This action could 
be the assignment of highly-trained IT experts who could help bring 
projects back on track.
  Lastly, our bill recognizes that there are a lot of innovative and 
hardworking federal employees that deserve recognition for the work 
they do in information technology. Our bill requires the Office of 
Personnel Management to provide agencies guidance on programs that can 
be set up to reward employees for their excellence.
  Now, I would like to discuss my next bill titled the United States 
Information and Communications Enhancement Act of 2009.
  Everyday, massive amounts of information are transmitted across the 
global information infrastructure. Some of this information is routine 
email between friends and family. Much of it, however, consists of 
highly sensitive military information, however, or commercial secrets.
  As all of us can attest to, increasing global interconnectivity has 
greatly increased our productivity and ability to communicate. However, 
it has also increased our responsibility to make sure this information 
is protected.
  The Federal Government stores within its databases some of our 
nation's most critical military, economic, and commercial secrets. 
Great harm could be caused if it were to fall into the

[[Page S4819]]

wrong hands. Knowing this, hackers, criminal organizations, and even 
other countries are spending a good deal of money and time trying to 
access it.
  In fact, just last week we learned that someone had gone online and 
stolen our military's most advanced jet fighter plans with the stroke 
of a button. The cost to the American taxpayer for this single incident 
is approximately $300 billion worth of research and development, and an 
incalculable amount if the information were to ever be used against us.
  Unfortunately, many agencies have not done as much as they should be 
doing to prevent these cyber intrusions. Instead they have been led to 
believe that producing plans about cyber security is equivalent to 
actually monitoring and protecting their networks. My bill will correct 
this.
  First, my bill recognizes that there needs to be a coordinating 
office to oversee the multiple agencies that have a hand in cyber 
space. Today, the NSA and the Departments of Homeland Security and 
Defense all have different roles when it comes to securing cyber 
networks in the federal government and the private sector. Their 
efforts are largely uncoordinated and ineffective. This bill creates a 
White House office with a director confirmed by the Senate whose major 
responsibility would be to rectify this situation
  My bill also ensures that agencies are spending scarce resources 
effectively. Instead of agencies wasting precious resources producing 
security plans that are outdated as soon they are printed, my bill 
requires agencies to continuously monitor their networks for cyber 
intrusions and malicious activities, take steps to address their 
vulnerabilities, and then regularly test whether the steps they are 
taking to secure their networks are effective.
  My bill also requires the General Service Administration to harness 
the significant purchasing power of the federal government to purchase 
more secure hardware and software. This is the model the Air Force used 
a few years ago with Microsoft and it led to a savings of approximately 
$98 million in one year and an enhanced security posture. This is a 
successful model that we should continue throughout the federal 
government.
  Lastly, my bill recognizes that the Department of Homeland Security 
has taken the lead among civilian agencies in protecting the perimeter 
of the federal government but lacks some of the necessary authority and 
technical people necessary to realize a more secure civilian cyber 
space. Therefore, our bill will require agencies to develop policy and 
guidance for coordinating with US-CERT and give the Director of US-CERT 
the ability to hire the personnel needed to defend our national 
security.
  I look forward to working with my colleagues to get these important 
and necessary reforms enacted before it's too late. I think everyone 
can agree that computers, the Internet, and cutting-edge technology 
have greatly benefited our government and our society. But we also need 
to recognize that it has greatly increased the threats we face on a 
daily basis.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
placed in the Record, as follows:

                                 S. 920

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Information Technology (IT) 
     Investment Oversight Enhancement and Waste Prevention Act of 
     2009''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) The effective deployment of information technology can 
     make the Federal Government more efficient, effective, and 
     transparent.
       (2) Historically, the Federal Government has struggled to 
     properly plan, manage, and deliver information technology 
     investments on time, on budget, and performing as planned.
       (3) The Office of Management and Budget has made 
     significant progress overseeing information technology 
     investments made by Federal agencies but continues to 
     struggle to ensure that such investments meet cost, schedule, 
     and performance expectations.
       (4) Congress has limited knowledge of the actual cost, 
     schedule, and performance of agency information technology 
     investments and has difficulty providing the necessary 
     oversight.
       (5) In July 2008, an official of the Government 
     Accountability Office testified before the Subcommittee on 
     Federal Financial Management, Government Information, Federal 
     Services, and International Security of the Committee on 
     Homeland Security and Governmental Affairs of the Senate, 
     stating that--
       (A) agencies self-report inaccurate and unreliable project 
     management data to the Office of Management and Budget and 
     Congress; and
       (B) the Office of Management and Budget should establish a 
     mechanism that would provide real-time project management 
     information and force agencies to improve the accuracy and 
     reliability of the information provided.

     SEC. 3. REAL-TIME TRANSPARENCY OF IT INVESTMENT PROJECTS.

       Section 11302(c)(1) of title 40, United States Code, is 
     amended by striking the period at the end and inserting the 
     following: ``, including establishing a Website, updating the 
     Website on a quarterly basis, and including on the Website, 
     not later than 90 days after the date of the enactment of the 
     Information Technology (IT) Investment Oversight Enhancement 
     and Waste Prevention Act of 2009--
       ``(1) the cost, schedule, and performance of all major 
     information technology investments using earned-value 
     management data based on the ANSI-EIA-748-B standard;
       ``(2) accurate quarterly information since the commencement 
     of the project;
       ``(3) a graphical depiction of trend information since the 
     commencement of the project;
       ``(4) a clear delineation of investments that have 
     experienced cost, schedule, or performance variance greater 
     than 10 percent over the life cycle of the investment;
       ``(5) an explanation of the reasons the investment deviated 
     from the benchmark established at the commencement of the 
     project; and
       ``(6) the number of times investments were rebaselined and 
     the dates on which such rebaselines occurred.''.

     SEC. 4. IT INVESTMENT PROJECTS.

       (a) Significant and Gross Deviations.--Section 11317 of 
     title 40, United States Code, is amended to read as follows:

     ``SEC. 11317. SIGNIFICANT AND GROSS DEVIATIONS.

       ``(a) Definitions.--In this subchapter:
       ``(1) Agency head.--The term `Agency Head' means the head 
     of the Federal agency that is primarily responsible for the 
     IT investment project under review.
       ``(2) ANSI eia-748-b standard.--The term `ANSI EIA-748-B 
     Standard' means the measurement tool jointly developed by the 
     American National Standards Institute and the Electronic 
     Industries Alliance to analyze Earned Value Management 
     systems.
       ``(3) Appropriate congressional committees.--The term 
     `appropriate congressional committees' means--
       ``(A) the Committee on Homeland Security and Governmental 
     Affairs of the Senate;
       ``(B) the Committee on Oversight and Government Reform of 
     the House of Representatives;
       ``(C) the Committee on Appropriations of the Senate;
       ``(D) the Committee on Appropriations of the House of 
     Representatives; and
       ``(E) any other relevant congressional committee with 
     jurisdiction over an agency required to take action under 
     this section.
       ``(4) Chief information officer.--The term `Chief 
     Information Officer' means the Chief Information Officer 
     designated under section 3506(a)(2) of title 44 of the 
     Federal agency that is primarily responsible for the IT 
     investment project under review.
       ``(5) Core it investment project.--The terms `core IT 
     investment project' and `core project' mean a mission 
     critical IT investment project designated as such by the 
     Chief Information Officer, with approval by the Agency Head 
     under subsection (b).
       ``(6) Director.--The term `Director' means the Director of 
     the Office of Management and Budget.
       ``(7) Earned value management.--The term `Earned Value 
     Management' means the cost, performance, and schedule data 
     used to determine project status and developed in accordance 
     with the ANSI EIA-748-B Standard.
       ``(8) Grossly deviated.--The term `grossly deviated' means 
     cost, schedule, or performance variance that is at least 40 
     percent from the Original Baseline.
       ``(9) Independent government cost estimate.--The term 
     `independent government cost estimate' means a pragmatic and 
     neutral analysis, assessment, and quantification of all costs 
     and risks associated with the acquisition of an IT investment 
     project, which--
       ``(A) is based on programmatic and technical specifications 
     provided by the office within the agency with primary 
     responsibility for the development, procurement, and delivery 
     of the project;
       ``(B) is formulated and provided by an entity other than 
     the office within the agency with primary responsibility for 
     the development, procurement, and delivery of the project;
       ``(C) contains sufficient detail to inform the selection of 
     an Earned Value Management baseline benchmark measure under 
     the ANSI EIA-748-B standard; and
       ``(D) accounts for the full life cycle cost plus associated 
     operations and maintenance expenses over the usable life of 
     the project's deliverables.

[[Page S4820]]

       ``(10) IT investment project.--The terms `IT investment 
     project' and `project' mean an information technology system 
     or information technology acquisition that--
       ``(A) requires special management attention because of its 
     importance to the mission or function of the agency, a 
     component of the agency, or another organization;
       ``(B) is for financial management and obligates more than 
     $500,000 annually;
       ``(C) has significant program or policy implications;
       ``(D) has high executive visibility;
       ``(E) has high development, operating, or maintenance 
     costs;
       ``(F) is funded through other than direct appropriations; 
     or
       ``(G) is defined as major by the agency's capital planning 
     and investment control process.
       ``(11) Life cycle cost.--The term `life cycle cost' means 
     the total cost of an IT investment project for planning, 
     research and development, modernization, enhancement, 
     operation, and maintenance.
       ``(12) Original baseline.--
       ``(A) In general.--Except as provided under subparagraph 
     (B), the term `Original Baseline' means the ANSI EIA-748-B 
     Standard-compliant Earned Value Management benchmark 
     established at the commencement of an IT investment project.
       ``(B) Grossly deviated project.--If an IT investment 
     project grossly deviates from its Original Baseline (as 
     defined in subparagraph (A)), the term `Original Baseline' 
     means the ANSI EIA-748-B Standard-compliant Earned Value 
     Management benchmark established under subsection (e)(3)(C).
       ``(13) Significantly deviated.--The term `significantly 
     deviated' means Earned Value Management variance that is at 
     least 20 percent from the Original Baseline.
       ``(b) Core IT Investment Projects Designation.--Each Chief 
     Information Officer, with approval by the Agency Head, 
     shall--
       ``(1) identify the major IT investments that are the most 
     critical to the agency; and
       ``(2) designate any project as a `core IT investment 
     project' or a `core project', upon determining that the 
     project is a mission critical IT investment project that--
       ``(A) represents a significant high dollar value relative 
     to the average IT investment project in the agency's 
     portfolio;
       ``(B) delivers a capability critical to the successful 
     completion of the agency mission, or a portion of such 
     mission;
       ``(C) incorporates unproven or previously undeveloped 
     technology to meet primary project technical requirements; or
       ``(D) would have a significant negative impact on the 
     successful completion of the agency mission if the project 
     experienced significant cost, schedule, or performance 
     deviations.
       ``(c) Cost, Schedule, and Performance Reports.--
       ``(1) Quarterly reports.--Not later than 14 days after the 
     end of each fiscal quarter, the project manager designated by 
     the Agency Head for an IT investment project shall submit a 
     written report to the Chief Information Officer that 
     includes, as of the last day of the applicable quarter--
       ``(A) a description of the cost, schedule, and performance 
     of all projects under the project manager's supervision;
       ``(B) the original and current project cost, schedule, and 
     performance benchmarks for each project under the project 
     manager's supervision;
       ``(C) the quarterly and cumulative cost, schedule, and 
     performance variance related to each IT investment project 
     under the project manager's supervision since the 
     commencement of the project;
       ``(D) for each project under the project manager's 
     supervision, any known, expected, or anticipated changes to 
     project schedule milestones or project performance benchmarks 
     included as part of the original or current baseline 
     description;
       ``(E) the current cost, schedule, and performance status of 
     all projects under supervision that were previously 
     identified as significantly deviated or grossly deviated; and
       ``(F) any corrective actions taken to address problems 
     discovered under subparagraphs (C) through (E).
       ``(2) Interim reports.--If the project manager for an IT 
     investment project determines that there is reasonable cause 
     to believe that an IT investment project has significantly 
     deviated or grossly deviated since the issuance of the latest 
     quarterly report, the project manager shall submit to the 
     Chief Information Officer, not later than 14 days after such 
     determination, a report on the project that includes, as of 
     the date of the report--
       ``(A) a description of the original and current program 
     cost, schedule, and performance benchmarks;
       ``(B) the cost, schedule, or performance variance related 
     to the IT investment project since the commencement of the 
     project;
       ``(C) any known, expected, or anticipated changes to the 
     project schedule milestones or project performance benchmarks 
     included as part of the original or current baseline 
     description;
       ``(D) the major reasons underlying the significant or gross 
     deviation of the project; and
       ``(E) a corrective action plan to correct such deviations.
       ``(d) Determination of Significant Deviation.--
       ``(1) Chief information officer.--Upon receiving a report 
     under subsection (c), the Chief Information Officer shall--
       ``(A) determine if any IT investment project has 
     significantly deviated; and
       ``(B) report such determination to the Agency Head.
       ``(2) Congressional notification.--If the Chief Information 
     Officer determines under paragraph (1) that an IT investment 
     project has significantly deviated and the Agency Head has 
     not issued a report to the appropriate congressional 
     committees of a significant deviation for that project under 
     this section since the project was last required to be 
     rebaselined under this section, the Agency Head shall submit 
     a report to the appropriate congressional committees, the 
     Director, and the Government Accountability Office that 
     includes--
       ``(A) written notification of such determination;
       ``(B) the date on which such determination was made;
       ``(C) the amount of the cost increases and the extent of 
     the schedule delays with respect to such project;
       ``(D) any requirements that--
       ``(i) were added subsequent to the original contract; or
       ``(ii) were originally contracted for, but were changed by 
     deferment or deletion from the original schedule, or were 
     otherwise no longer included in the requirements contracted 
     for;
       ``(E) an explanation of the differences between--
       ``(i) the estimate at completion between the project 
     manager, any contractor, and any independent analysis; and
       ``(ii) the original budget at completion;
       ``(F) a statement of the reasons underlying the project's 
     significant deviation; and
       ``(G) a summary of the plan of action to remedy the 
     significant deviation.
       ``(3) Deadline.--
       ``(A) Notification based on quarterly report.--If the 
     determination of significant deviation is based on a report 
     submitted under subsection (c)(1), the Agency Head shall 
     notify Congress and the Director in accordance with paragraph 
     (2) not later than 21 days after the end of the quarter upon 
     which such report is based.
       ``(B) Notification based on interim report.--If the 
     determination of significant deviation is based on a report 
     submitted under subsection (c)(2), the Agency Head shall 
     notify Congress and the Director in accordance with paragraph 
     (2) not later than 21 days after the submission of such 
     report.
       ``(e) Determination of Gross Deviation.--
       ``(1) Chief information officer.--Upon receiving a report 
     under subsection (c), the Chief Information Officer shall--
       ``(A) determine if any IT investment project has grossly 
     deviated; and
       ``(B) report any such determination to the Agency Head.
       ``(2) Congressional notification.--If the Chief Information 
     Officer determines under paragraph (1) that an IT investment 
     project has grossly deviated and the Agency Head has not 
     issued a report to the appropriate congressional committees 
     of a gross deviation for that project under this section 
     since the project was last required to be rebaselined under 
     this section, the Agency Head shall submit a report to the 
     appropriate congressional committees, the Director, and the 
     Government Accountability Office that includes--
       ``(A) written notification of such determination, which--
       ``(i) identifies the date on which such determination was 
     made; and
       ``(ii) indicates whether or not the project has been 
     previously reported as a significant or gross deviation by 
     the Chief Information Officer, and the date of any such 
     report;
       ``(B) incorporations by reference of all prior reports to 
     Congress on the project required under this section;
       ``(C) updated accounts of the items described in 
     subparagraphs (C) through (G) of subsection (d)(2);
       ``(D) the original estimate at completion for the project 
     manager, any contractor, and any independent analysis;
       ``(E) a graphical depiction that shows monthly planned 
     expenditures against actual expenditures since the 
     commencement of the project;
       ``(F) the amount, if any, of incentive or award fees any 
     contractor has received since the commencement of the 
     contract and the reasons for receiving such incentive or 
     award fees;
       ``(G) the project manager's estimated cost at completion 
     and estimated completion date for the project if current 
     requirements are not modified;
       ``(H) the project manager's estimated cost at completion 
     and estimated completion date for the project based on 
     reasonable modification of such requirements;
       ``(I) an explanation of the most significant occurrence 
     contributing to the variance identified, including cost, 
     schedule, and performance variances, and the effect such 
     occurrence will have on future project costs and program 
     schedule;
       ``(J) a statement regarding previous or anticipated 
     rebaselining or replanning of the project and the names of 
     the individuals responsible for approval;
       ``(K) the original life cycle cost of the investment and 
     the expected life cycle cost of the investment expressed in 
     constant base year dollars and in current dollars; and
       ``(L) a comprehensive plan of action to remedy the gross 
     deviation, and milestones

[[Page S4821]]

     established to control future cost, schedule, and performance 
     deviations in the future.
       ``(3) Remedial action.--
       ``(A) In general.--If the Chief Information Officer 
     determines under paragraph (1)(A) that an IT investment 
     project has grossly deviated, the Agency Head, in 
     consultation with the Chief Information Officer and the 
     appropriate project manager, shall develop and implement a 
     remedial action plan that includes--
       ``(i) a report that--

       ``(I) describes the primary business case and key 
     functional requirements for the project;
       ``(II) describes any portions of the project that have 
     technical requirements of sufficient clarity that such 
     portions may be feasibly procured under firm, fixed-price 
     type contract;
       ``(III) includes a certification by the Agency Head, after 
     consultation with the Chief Information Officer, that all 
     technical and business requirements have been reviewed and 
     validated to ensure alignment with the reported business 
     case;
       ``(IV) describes any changes to the primary business case 
     or key functional requirements which have occurred since 
     project inception; and
       ``(V) includes an independent government cost estimate for 
     the project conducted by an entity approved by the Director;

       ``(ii) an analysis that--

       ``(I) describes agency business goals that the project was 
     originally designed to address;
       ``(II) includes a gap analysis of what project deliverables 
     remain in order for the agency to accomplish the business 
     goals referred to in subclause (I);
       ``(III) identifies the 3 most cost-effective alternative 
     approaches to the project which would achieve the business 
     goals referred to in subclause (I); and
       ``(IV) includes a cost-benefit analysis, which compares--

       ``(aa) the completion of the project with the completion of 
     each alternative approach, after factoring in future costs 
     associated with the termination of the project; and
       ``(bb) the termination of the project without pursuit of 
     alternatives, after factoring in foregone benefits; and
       ``(iii) a new baseline of the project is established that 
     is consistent with the independent government cost estimate 
     required under clause (i)(V); and
       ``(iv) the project is designated as a core IT investment 
     project and subjected to the requirements under subsection 
     (f).
       ``(B) Submission to congress.--The remedial action plan and 
     all corresponding reports, analyses, and actions under this 
     paragraph shall be submitted to the appropriate congressional 
     committees and the Director.
       ``(C) Reporting and analysis exemptions.--
       ``(i) In general.--The Chief Information Officer, in 
     coordination with the Agency Head and the Director, may 
     forego the completion of any element of a report or analysis 
     under clause (i) or (ii) of subparagraph (A) if the Chief 
     Information Officer determines that such element is not 
     relevant to the understanding of the difficulties facing the 
     project or that such element does not further the remedial 
     steps necessary to ensure that the project is completed in a 
     timely and cost-efficient manner.
       ``(ii) Identification of reasons.--The Chief Information 
     Officer shall include the reasons for not including any 
     element referred to in clause (i) in the report submitted to 
     Congress under subparagraph (B).
       ``(4) Deadline and funding contingency.--
       ``(A) Notification and remedial action based on quarterly 
     report.--
       ``(i) In general.--If the determination of gross deviation 
     is based on a report submitted under subsection (c)(1), the 
     Agency Head shall--

       ``(I) not later than 45 days after the end of the quarter 
     upon which such report is based, notify the appropriate 
     congressional committees and the Director in accordance with 
     paragraph (2); and
       ``(II) not later than 180 days after the end of the quarter 
     upon which such report is based, ensure the completion of 
     remedial action under paragraph (3).

       ``(ii) Failure to meet deadlines.--If the Agency Head fails 
     to meet the deadline described in clause (i)(II), additional 
     funds may not be obligated to support expenditures associated 
     with the project until the requirements of this subsection 
     have been fulfilled.
       ``(B) Notification and remedial action based on interim 
     report.--
       ``(i) In general.--If the determination of gross deviation 
     is based on a report submitted under subsection (c)(2), the 
     Agency Head shall--

       ``(I) not later than 45 days after the submission of such 
     report, notify the appropriate congressional committees in 
     accordance with paragraph (2); and
       ``(II) not later than 180 days after the submission of such 
     report, ensure the completion of remedial action in 
     accordance with paragraph (3).

       ``(ii) Failure to meet deadlines.--If the Agency Head fails 
     to meet the deadline described in clause (i)(II), additional 
     funds may not be obligated to support expenditures associated 
     with the project until the requirements of this subsection 
     have been fulfilled.
       ``(f) Additional Requirements for Core IT Investment 
     Project Reports.--
       ``(1) Initial report.--If a remedial action plan described 
     in subsection (e)(3)(A) has not been submitted for a core IT 
     investment project, the Agency Head, in coordination with the 
     Chief Information Officer and responsible program managers, 
     shall prepare an initial report for inclusion in the first 
     budget submitted to Congress under section 1105(a) of title 
     31, United States Code, after the designation of a project as 
     a core IT investment project, which includes--
       ``(A) a description of the primary business case and key 
     functional requirements for the project;
       ``(B) an identification and description of any portions of 
     the project that have technical requirements of sufficient 
     clarity that such portions may be feasibly procured under 
     firm, fixed-price contracts;
       ``(C) an independent government cost estimate for the 
     project;
       ``(D) certification by the Chief Information Officer that 
     all technical and business requirements have been reviewed 
     and validated to ensure alignment with the reported business 
     case; and
       ``(E) any changes to the primary business case or key 
     functional requirements which have occurred since project 
     inception.
       ``(2) Quarterly review of business case.--The Agency Head, 
     in coordination with the Chief Information Officer and 
     responsible program managers, shall--
       ``(A) monitor the primary business case and core 
     functionality requirements reported to Congress and the 
     Director for designated core IT investment projects; and
       ``(B) if changes to the primary business case or key 
     functional requirements for a core IT investment project 
     occur in any fiscal quarter, submit a report to Congress and 
     the Director not later than 14 days after the end of such 
     quarter that details the changes and describes the impact the 
     changes will have on the cost and ultimate effectiveness of 
     the project.
       ``(3) Alternative significant deviation determination.--If 
     the Chief Information Officer determines, subsequent to a 
     change in the primary business case or key functional 
     requirements, that without such change the project would have 
     significantly deviated--
       ``(A) the Chief Information Officer shall notify the Agency 
     Head of the significant deviation; and
       ``(B) the Agency Head shall fulfill the requirements under 
     subsection (d)(2) in accordance with the deadlines under 
     subsection (d)(3).
       ``(4) Alternative gross deviation determination.--If the 
     Chief Information Officer determines, subsequent to a change 
     in the primary business case or key functional requirements, 
     that without such change the project would have grossly 
     deviated--
       ``(A) the Chief Information Officer shall notify the Agency 
     Head of the gross deviation; and
       ``(B) the Agency Head shall fulfill the requirements under 
     subsections (e)(2) and (e)(3) in accordance with subsection 
     (e)(4).''.
       (b) Inclusion in the Budget Submitted to Congress.--Section 
     1105(a) of title 31, United States Code, is amended--
       (1) in the matter preceding paragraph (1), by striking 
     ``include in each budget the following:'' and inserting 
     ``include in each budget--'';
       (2) by redesignating the second paragraph (33) (as added by 
     section 889(a) of Public Law 107-296) as paragraph (35);
       (3) in each of paragraphs (1) through (34), by striking the 
     period at the end and inserting a semicolon;
       (4) in paragraph (35), as redesignated by paragraph (2), by 
     striking the period at the end and inserting ``; and''; and
       (5) by adding at the end the following:
       ``(36) the reports prepared under section 11317(f) of title 
     40, United States Code, relating to the core IT investment 
     projects of the agency.''.
       (c) Improvement of Information Technology Acquisition and 
     Development.--Subchapter II of chapter 113 of title 40, 
     United States Code, is amended by adding at the end the 
     following:

     ``SEC. 11319. ACQUISITION AND DEVELOPMENT.

       ``(a) Purpose.--The objective of this section is to 
     significantly reduce--
       ``(1) cost overruns and schedule slippage from the 
     estimates established at the time the program is initially 
     approved;
       ``(2) the number of requirements and business objectives at 
     the time the program is approved that are not met by the 
     delivered products; and
       ``(3) the number of critical defects and serious defects in 
     delivered information technology.
       ``(b) OMB Guidance.--The Director of the Office of 
     Management and Budget shall--
       ``(1) not later than 180 days after the date of the 
     enactment of this section, prescribe uniformly applicable 
     guidance for agencies to implement the requirements of this 
     section, which shall not include any exemptions to such 
     requirements not specifically authorized under this section; 
     and
       ``(2) take any actions that are necessary to ensure that 
     Federal agencies are in compliance with the guidance 
     prescribed pursuant to paragraph (1) not later than 1 year 
     after the date of the enactment of this section.
       ``(c) Establishment of Program.--Not later than 120 days 
     after the date of the enactment of this section, each Chief 
     Information Officer, upon the approval of the Agency Head (as 
     defined in section 11317(a) of title 40, United States Code) 
     shall establish a program to improve the information 
     technology (referred to in this section as `IT') processes 
     overseen by the Chief Information Officer.

[[Page S4822]]

       ``(d) Program Requirements.--Each program established 
     pursuant to this section shall include--
       ``(1) a documented process for IT acquisition planning, 
     requirements development and management, project management 
     and oversight, earned-value management, and risk management;
       ``(2) the development of appropriate metrics that can be 
     implemented and monitored on a real-time dashboard for 
     performance measurement of--
       ``(A) processes and development status of investments;
       ``(B) continuous process improvement of the program; and
       ``(C) achievement of program and investment outcomes;
       ``(3) a process to ensure that key program personnel have 
     an appropriate level of experience, training, and education, 
     at an institution or institutions approved by the Director, 
     in the planning, acquisition, execution, management, and 
     oversight of IT;
       ``(4) a process to ensure that the agency implements and 
     adheres to established processes and requirements relating to 
     the planning, acquisition, execution, management, and 
     oversight of IT programs and developments; and
       ``(5) a process for the Chief Information Officer to 
     intervene or stop the funding of an IT investment if it is at 
     risk of not achieving major project milestones.
       ``(e) Annual Report to OMB.--Not later than the last day of 
     February of each year, the Agency Head shall submit a report 
     to the Office of Management and Budget that includes--
       ``(1) a detailed summary of the accomplishments of the 
     program established by the Agency Head pursuant to this 
     section;
       ``(2) the status of completeness of implementation of each 
     of the program requirements, and the date each such 
     requirement was deemed to be completed;
       ``(3) the percentage of Federal IT projects covered under 
     the program compared to all of the IT projects of the agency, 
     listed by number of programs and by annual dollars expended;
       ``(4) a detailed breakdown of the sources and uses of the 
     amounts spent by the agency during the previous fiscal year 
     to support the activities of the program;
       ``(5) a copy of any guidance issued under the program and a 
     statement regarding whether each such guidance is mandatory;
       ``(6) the identification of the metrics developed in 
     accordance with subsection (b)(2);
       ``(7) a description of how paragraphs (3) and (4) of 
     subsection (b) have been implemented and any related agency 
     guidance; and
       ``(8) a description of how agencies will continue to review 
     and update the implementation and objectives of such 
     guidance.
       ``(f) Annual Report to Congress.--The Director of the 
     Office of Management and Budget shall provide an annual 
     report to Congress on the status and implementation of the 
     program established pursuant to this section.''.
       (d) Clerical Amendments.--The table of sections for chapter 
     113 of title 40, United States Code, is amended--
       (1) by striking the item relating to section 11317 and 
     inserting the following:

``11317. Significant and gross deviations.'';

and
       (2) by inserting after the item relating to section 11318 
     the following:

``11319. Acquisition and development.''.

     SEC. 5. IT TIGER TEAM.

       (a) Purpose.--The Director of the Office of Management of 
     Budget (referred to in this section as the ``Director''), in 
     consultation with the Administrator of the Office of 
     Electronic Government and Information and Technology at the 
     Office of Management and Budget (referred to in this section 
     as the ``E-Gov Administrator''), shall assist agencies in 
     avoiding significant and gross deviations in the cost, 
     schedule, and performance of IT investment projects (as such 
     terms are defined in section 11317(a) of title 40, United 
     States Code).
       (b) IT Tiger Team.--
       (1) Establishment.--Not later than 180 days after the date 
     of the enactment of this Act, the E-Gov Administrator shall 
     establish a small group of individuals (referred to in this 
     section as the ``IT Tiger Team'') to carry out the purpose 
     described in subsection (a).
       (2) Qualifications.--Individuals selected for the IT Tiger 
     Team--
       (A) shall be certified at the Senior/Expert level according 
     to the Federal Acquisition Certification for Program and 
     Project Managers (FAC-P/PM);
       (B) shall have comparable education, certification, 
     training, and experience to successfully manage high-risk IT 
     investment projects; or
       (C) shall have expertise in the successful management or 
     oversight of planning, architecture, process, integration, or 
     other technical and management aspects using proven process 
     best practices on high-risk IT investment projects.
       (3) Number.--The Director, in consultation with the E-Gov 
     Administrator, shall determine the number of individuals who 
     will be selected for the IT Tiger Team.
       (c) Outside Consultants.--
       (1) Identification.--The E-Gov Administrator shall identify 
     consultants in the private sector who have expert knowledge 
     in IT program management and program management review teams. 
     Not more than 20 percent of such consultants may be formally 
     associated with any 1 of the following types of entities:
       (A) Commercial firms.
       (B) Nonprofit entities.
       (C) Federally funded research and development centers.
       (2) Use of consultants.--
       (A) In general.--Consultants identified under paragraph (1) 
     may be used to assist the IT Tiger Team in assessing and 
     improving IT investment projects.
       (B) Limitation.--Consultants with a formally established 
     relationship with an organization may not participate in any 
     assessment involving an IT investment project for which such 
     organization is under contract to provide technical support.
       (C) Exception.--The limitation described in subparagraph 
     (B) may not be construed as precluding access to anyone 
     having relevant information helpful to the conduct of the 
     assessment.
       (3) Contracts.--The E-Gov Administrator, in conjunction 
     with the Administrator of the General Services Administration 
     (GSA), may establish competitively bid contracts with 1 or 
     more qualified consultants, independent of any GSA schedule.
       (d) Initial Response to Anticipated Significant or Gross 
     Deviation.--If the E-Gov Administrator determines there is 
     reasonable cause to believe that a major IT investment 
     project is likely to significantly or grossly deviate (as 
     defined in section 11317(a) of title 40, United States Code), 
     including the receipt of inconsistent or missing data, or if 
     the E-Gov Administrator determines that the assignment of 1 
     or more members of the IT Tiger Team could meaningfully 
     reduce the possibility of significant or gross deviation, the 
     E-Gov Administrator shall carry out the following activities:
       (1) Recommend the assignment of 1 or more members of the IT 
     Tiger Team to assess the project in accordance with the scope 
     and time period described in section 11317(c)(1) of title 40, 
     United States Code, beginning not later than 14 days after 
     such recommendation. No member of the Tiger Team who is 
     associated with the department or agency whose IT investment 
     project is the subject of the assessment may be assigned to 
     participate in this assessment. Such limitation may not be 
     construed as precluding access to anyone having relevant 
     information helpful to the conduct of the assessment.
       (2) If the E-Gov Administrator determines that 1 or more 
     qualified consultants are needed to support the efforts of 
     the IT Tiger Team under paragraph (1), negotiate a contract 
     with the consultant to provide such support during the period 
     in which the IT Tiger Team is conducting the assessment 
     described in paragraph (1).
       (3) Ensure that the costs of an assessment under paragraph 
     (1) and the support services of 1 or more consultants under 
     paragraph (2) are paid by the major IT investment project 
     being assessed.
       (4) Monitor the progress made by the IT Tiger Team in 
     assessing the project.
       (e) Reduction of Significant or Gross Deviation.--If the E-
     Gov Administrator determines that the assessment conducted 
     under subsection (d) confirms that a major IT investment 
     project is likely to significantly or grossly deviate, the E-
     Gov Administrator shall recommend that the Agency Head (as 
     defined in section 11317(a)(1) of title 40, United States 
     Code) take steps to reduce the deviation, which may include--
       (1) providing training, education, or mentoring to improve 
     the qualifications of the program manager;
       (2) replacing the program manager or other staff;
       (3) supplementing the program management team with Federal 
     Government employees or independent contractors;
       (4) terminating the project; or
       (5) hiring an independent contractor to report directly to 
     senior management and the E-Gov Administrator.
       (f) Reprogramming of Funds.--
       (1) Authorization.--The Director may direct an Agency Head 
     to reprogram amounts which have been appropriated for such 
     agency to pay for an assessment under subsection (d).
       (2) Notification.--An Agency Head who reprograms 
     appropriations under paragraph (1) shall notify the Committee 
     on Appropriations of the Senate and the Committee on 
     Appropriations of the House of Representatives of any such 
     reprogramming.
       (g) Report to Congress.--The Director shall include in the 
     annual Report to Congress on the Benefits of E-Government 
     Initiatives a detailed summary of the composition and 
     activities of the IT Tiger Team, including--
       (1) the number and qualifications of individuals on the IT 
     Tiger Team;
       (2) a description of the IT investment projects that the IT 
     Tiger Team has worked during the previous fiscal year;
       (3) the major issues that necessitated the involvement of 
     the IT Tiger Team to assist agencies with assessing and 
     managing IT investment projects and whether such issues were 
     satisfactorily resolved;
       (4) if the issues referred to in paragraph (3) were not 
     satisfactorily resolved, the issues still needed to be 
     resolved and the Agency Head's plan for resolving such 
     issues;
       (5) a detailed breakdown of the sources and uses of the 
     amounts spent by the Office of Management and Budget and 
     other Federal agencies during the previous fiscal year to 
     support the activities of the IT Tiger Team; and

[[Page S4823]]

       (6) a determination of whether the IT Tiger Team has been 
     effective in--
       (A) preventing projects from deviating from the original 
     baseline; and
       (B) assisting agencies in conducting appropriate analysis 
     and planning before a project is funded.

     SEC. 6. AWARDS FOR PERSONNEL FOR EXCELLENCE IN THE 
                   ACQUISITION OF INFORMATION SYSTEMS AND 
                   INFORMATION TECHNOLOGY.

       (a) In General.--Not later than 180 days after the 
     enactment of this Act, the Director of the Office of 
     Personnel Management shall develop policy and guidance for 
     agencies to develop a program to recognize excellent 
     performance by Federal Government employees and teams of such 
     employees in the acquisition of information systems and 
     information technology for the agency.
       (b) Elements.--The program referred to in subsection (a) 
     shall, to the extent practicable--
       (1) obtain objective outcome measures; and
       (2) include procedures for--
       (A) the nomination of Federal Government employees and 
     teams of such employees for eligibility for recognition under 
     the program; and
       (B) the evaluation of nominations for recognition under the 
     program by 1 or more agency panels of individuals from 
     government, academia, and the private sector who have such 
     expertise, and are appointed in such a manner, as the 
     Director of the Office of Personal Management shall establish 
     for purposes of the program.
       (c) Award of Cash Bonuses.--As part of the program referred 
     to in subsection (a), the Director of the Office of Personnel 
     Management, in consultation with the Director of the Office 
     of Management and Budget, shall establish policies and 
     guidance for agencies to award to any Federal Government 
     employee or teams of such employees recognized pursuant to 
     the program a cash bonus authorized by any other provision of 
     law to the extent that the performance of such individual so 
     recognized warrants the award of such bonus under such 
     provision of law.
  Ms. COLLINS. Mr. President. I am pleased to join Senator Carper in 
reintroducing a bill that will improve agency performance and 
Congressional oversight of major federal information-technology, IT, 
projects. We introduced this bill last Congress and offer it for 
consideration again because it will strengthen oversight of technology 
investments to help prevent the waste and misuse of taxpayer dollars.
  The well-publicized cost and performance problems with the Census 
Bureau's handheld computers for the 2010 Census--with its troubling 
implications for the next House reapportionment and for the allocation 
of Federal funds--represent only the most recent and conspicuous 
failure in a long trail of troubles that also includes critical IT 
projects like the FBI's Virtual Case File initiative.
  The 2010 Census is notable among projects that have drawn our 
attention, not only because of its great scope and expense, but because 
of its history of unheeded cautions. For years, warnings of potential 
dangers came from experts sought out by the Census Bureau itself and 
from the Commerce Department's own Inspector General.
  The implications of this lack of proper planning and oversight are 
evident in the burgeoning estimate for the life-cycle cost of the 2010 
Census. The Bureau initially estimated that the 2010 Census would cost 
the taxpayers about $11.3 billion dollars; today, the estimated cost is 
more than $14 billion.
  Another example is the Department of Homeland Security's, DHS, 
efforts since 2004 to integrate its financial management systems. DHS 
spent approximately $52 million on one failed attempt before abandoning 
the project nearly two years later. According to GAO, this attempt 
likely failed because DHS had not developed an overall financial 
management transformation strategy that included financial management 
policies and procedures, standard business processes, a human capital 
strategy, and effective internal controls. DHS spent approximately $52 
million and now has little, if anything, to show for it.
  The Department of Homeland Security is now attempting another 
consolidation of its financial information technology systems. It is 
essential that, this time, the Department sufficiently plan and monitor 
its cost, schedule, and performance targets.

  During the 108th Congress, the Committee on Governmental Affairs 
investigated the botched automated record-keeping project for the 
federal employees' Thrift Savings Plan, TSP. This project was 
terminated in 2001 after a four-year contract produced $36 million in 
waste that was charged to the accounts of TSP participants and 
beneficiaries. A second vendor needed an additional $33 million to 
bring the system online, years overdue and costing more than double its 
original estimate.
  In a 2004 letter from the Federal Retirement Thrift Investment Board 
to the Governmental Affairs Committee, the Board characterized the 
project as ``ill-fated,'' and acknowledged the importance of careful 
planning, task definition, communication, proper personnel, and risk 
management--all of which were lacking on that project.
  Large IT project failures have cost US taxpayers literally billions 
of dollars in wasted expenditures. Perhaps even more troubling is the 
fact that when Federal IT projects fail, they can undermine the 
government's ability to defend the nation, enforce its laws, or deliver 
critical services to citizens. Again and again, we have seen IT project 
failures grounded in poor planning, ill-defined and shifting 
requirements, undisclosed difficulties, poor risk management, and lax 
monitoring of performance.
  Unfortunately, as the Government Accountability Office, GAO, 
continues to report, Federal IT projects still fall short in their use 
of effective oversight techniques to monitor development and to spot 
signs of possible trouble.
  The GAO reported that the Federal Government spent over $71 billion 
in fiscal year 2009 on IT projects. Most of that spending was 
concentrated in two dozen agencies that have approximately 800 major 
projects underway.
  When the GAO reviewed a random sampling of these major Federal IT 
projects, they found that 85--nearly half the sample--had been 
``rebaselined.'' Eighteen of those projects have been rebaselined three 
or more times. For example, the Department of Defense Advanced Field 
Artillery Tactical Data System has been rebaselined four times; a 
Veterans Affairs Health Administration Center project has been 
rebaselined 6 times.
  Rebaselining can reflect funding changes, revisions in project scope 
or goals, and other perfectly reasonable project modifications. But as 
the GAO notes, ``[rebaselining] can also be used to mask cost overruns 
and schedule delays.'' All major federal agencies have rebaselining 
policies, but the GAO concludes that they are not comprehensive and 
that ``none of the policies are fully consistent with best practices.''
  The bill that Senator Carper and I are introducing will go far toward 
addressing the weaknesses identified by the GAO and will reduce the 
risks that important Federal IT projects will drag on far beyond 
deadlines, fail to deliver intended capabilities, or waste taxpayers' 
money.
  Our bill will improve both agency and Congressional oversight of 
large Federal IT projects. For all major investments, the bill requires 
agencies to track the Earned Value Management index, a key cost and 
performance measure, and to alert Congress should that measure fall 
below a defined threshold.
  The bill requires additional reports to Congress as well as specific 
corrective actions should those same indicators continue to worsen. 
Further, because the bill's performance thresholds are based on 
original cost baselines, rebaselining can no longer serve as a tactic 
to hide troubled projects. Where severe shortfalls remain uncorrected, 
agencies are prohibited from committing additional funds to the project 
until the required corrective actions are taken.
  Our bill would not make Congress a micro-manager of Federal 
projects--especially in so complex a field as information technology. 
But it will ensure that, for these important investments, agencies will 
be required to track key performance metrics, inform Congress of 
shortfalls in those metrics, and provide Congress with follow-up 
reports, independent cost estimates, and analyses of project 
alternatives when the original projects have run off course.
  The bill also provides that each covered agency identify to Congress 
their top mission-critical projects. Those ``core investments'' would 
be subject to additional upfront planning, reporting, and performance 
monitoring requirements. This will help ensure that agencies apply 
extra vigilance to these projects at the planning stage, and not just 
when execution begins.

  In addition to tracking cost and schedule slippage, agencies making

[[Page S4824]]

core IT investments must provide a complete ``business case'' that 
outlines the need for the project and its associated costs and 
schedules; produce a rigorous, independent, third-party estimate of the 
project's full, life-cycle costs; have the agency CIO certify the 
project's functional requirements; track these functional requirements; 
and report to Congress any changes in functional requirements, 
including whether those changes concealed a major cost increase.
  To help agencies deliver IT projects on time and on budget, the bill 
also provides two new support mechanisms.
  First, agency heads would be required to establish an internal IT-
management program, subject to OMB guidelines, to improve project 
planning, requirements development, and management of earned value and 
risk.
  Second, the Director of OMB and its E-Gov Administrator would be 
required to establish an IT Tiger Team of experts and independent 
consultants that can be assigned to help agencies reform troubled 
projects. In addition, the E-Gov Administrator can recommend that 
agency heads mentor or replace an IT project manager, reinforce the 
management team, terminate the project, or hire an independent 
contractor to report on the project.
  These and other provisions will help improve project planning, avoid 
problems in project execution, provide early alerts when problems 
arise, and promote prompt corrective action.
  In projects where difficulties persist, our bill provides strong 
remedies. For projects that exhibit a performance shortfall of 20 
percent or more, the agency head involved must not only alert Congress 
but also provide a summary of a concrete plan of action to correct the 
problem. If the shortfall exceeds 40 percent, agencies have six months 
to take required remedial steps or else suspend further project 
spending until those steps are completed.
  If the provisions of this bill had been in force during the past 
decade, early indicators of trouble and prompt warnings to Congress 
might have helped prevent much of the added cost, decreased 
functionality, and increased anxiety we now see surrounding the 
handheld computers that were intended to streamline the 2010 Census. 
The additional scrutiny of plans and costs required by this bill might 
have saved some of the billions wasted on other IT projects that 
ultimately landed on high-risk lists.
  I urge every Senator to support this much-needed and bipartisan bill.
                                 ______