[Senate Report 113-262]
[From the U.S. Government Publishing Office]
113th Congress Report
SENATE
2d Session 113-262
_______________________________________________________________________
Calendar No. 577
FEDERAL INFORMATION TECHNOLOGY ACQUISITION REFORM ACT
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
H.R. 1232
TO AMEND TITLES 40, 41, AND 44, UNITED STATES CODE, TO ELIMINATE
DUPLICATION AND WASTE IN INFORMATION TECHNOLOGY ACQUISITION AND
MANAGEMENT
September 18, 2014.--Ordered to be printed
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
THOMAS R. CARPER, Delaware, Chairman
CARL LEVIN, Michigan TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio
JON TESTER, Montana RAND PAUL, Kentucky
MARK BEGICH, Alaska MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota
Gabrielle A. Batkin, Staff Director
John P. Kilvington, Deputy Staff Director
Mary Beth Schultz, Chief Counsel
Johathan M. Kraden, Senior Counsel
Keith B. Ashdown, Minority Staff Director
Christopher J. Barkley, Minority Deputy Staff Director
Andrew C. Dockham, Minority Chief Counsel
Kathern M. Edelman, Minority Senior Investigator
Laura W. Kilbride, Chief Clerk
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for Legislation..............................1
III. Legislative History.............................................11
IV. Section-by-Section Analysis of the Bill, as Reported............13
V. Congressional Budget Office (CBO) Cost Estimate.................17
VI. Evaluation of Regulatory Impact.................................20
VII. Changes in Existing Statute Made by the Bill, as Reported.......20
Calendar No. 577
113th Congress Report
SENATE
2d Session 113-262
======================================================================
FEDERAL INFORMATION TECHNOLOGY ACQUISITION REFORM ACT
_______
September 18, 2014.--Ordered to be printed
_______
Mr. Carper, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany H.R. 1232]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (H.R. 1232), to amend
titles 40, 41, and 44, United States Code, to eliminate
duplication and waste in information technology acquisition and
management, having considered the same, reports favorably
thereon with an amendment in the nature of a substitute and an
amendment to the title, and recommends that the bill, as
amended, do pass.
I. Purpose and Summary
The Federal Information Technology Acquisition Reform Act
(H.R. 1232) seeks to improve how the federal government
acquires, implements, and manages its information technology
(``IT'') investments. First, the bill would give agency Chief
Information Officers more authority over the budget,
governance, and personnel processes for agency IT investments.
Second, the bill would make agency IT investments more
transparent to the public and require agencies to review
troubled investments. Third, to eliminate duplication and
waste, the bill would require agencies to annually review all
of their IT investments. Fourth, the bill builds on the
Administration's efforts to consolidate and streamline data
centers--the facilities in which federal agencies house
computer systems and related components.
II. Background and Need for Legislation
Information technology has transformed how the private
sector operates and has revolutionized the way in which
businesses serve their customers. Likewise, IT has the
potential to enable federal agencies to accomplish their
missions more efficiently, effectively, and economically.
Over the last twenty years, IT has become firmly interwoven
into the mission of every federal agency, offering new ways of
doing business and creating both opportunities and challenges
for government agencies. Fully exploiting this potential,
though, has presented longstanding challenges to federal
agencies. Too many federal IT projects run over budget, fall
behind schedule, or fail to deliver on their promises,
hampering agency missions and wasting taxpayer dollars. Despite
spending billions of dollars annually on IT,\1\ the federal
government has had a decidedly mixed record in acquiring,
developing, and managing federal IT investments.\2\
---------------------------------------------------------------------------
\1\In Fiscal Year 2014, the Federal government will spend over $80
billion in developing, modernizing and maintaining IT projects and
systems. OMB, Analytical Perspectives, Budget of the U.S. Government,
Fiscal Year 2014, at 349 (2013), available at http://
www.whitehouse.gov/sites/default/files/omb/budget/fy2014/assets/
spec.pdf.
\2\See GAO-13-796T, Information Technology: OMB and Agencies Need
to More Effectively Implement Major Initiatives to Save Billions of
Dollars, Appendix 1, for an extensive list of IT projects that have
failed and been cancelled as well as other IT projects that faced
significant challenges.
---------------------------------------------------------------------------
To improve the ability of federal agencies to manage IT
investments, H.R. 1232 would strengthen and reinforce the
authorities and responsibilities of agency Chief Information
Officers (CIOs) to be key leaders for IT at their
organizations.\3\ In addition to empowering agency CIOs, the
bill focuses on four other areas which the Committee believes
will help achieve better outcomes in IT investments across the
federal government. Specifically, H.R. 1232 seeks to (1)
improve the accuracy of investment performance information on
the Office of Management and Budget's IT Dashboard, a
publically accessible online tool that presents cost and
schedule information along with an evaluation from agency CIOs
on major IT investments, (2) require agencies to hold
investment review sessions on at-risk investments, (3) continue
the Administration's Federal Data Center Consolidation
Initiative to consolidate and optimize data centers--the
facilities in which federal agencies house computer systems and
related components, and (4) use portfolio review processes to
identify and eliminate duplicative IT investments in
agencies.\4\
---------------------------------------------------------------------------
\3\This report describes the Committee's substitute amendment to
H.R. 1232. Although the underlying bill and the substitute amendment
address many of the same problems, they take substantially different
approaches. The House report (H.R. Rep. No. 113-359) on H.R. 1232
explains the underlying bill's provisions, while this report confines
itself to describing the substitute amendment considered and passed by
the Committee.
\4\These four areas are aligned with the General Accountability
Office's top recommendations to this Committee on how to best improve
outcomes in federal IT investments. See Management Matters: Creating a
21st Century Government: Hearing before the Senate Homeland Security
and Governmental Affairs Committee, 113th Congress (March 12, 2014)
(Gene Dodaro, Comptroller General, response to questions for the
record).
---------------------------------------------------------------------------
THE ROLE OF THE CHIEF INFORMATION OFFICER
Poor management of IT systems is a problem that has plagued
the federal government for years. Nearly two decades ago,
Senator William Cohen of Maine led a Governmental Affairs
Committee subcommittee investigation into the federal
government's ability to manage its IT investments.\5\ The
resulting 1995 report, entitled ``Computer Chaos,'' could just
as easily have been written today. In his report, Senator Cohen
found many of the same problems that our agencies face today--
poor management of IT systems, wasted and duplicative
investments, and billions of dollars spent on older, outdated,
and expensive ``legacy'' systems.\6\
---------------------------------------------------------------------------
\5\Prior to the creation of the Department of Homeland Security,
this Committee was known simply as the Governmental Affairs Committee.
\6\Computer Chaos: Billions Wasted Buying Federal Computer Systems.
Investigative Report of Senator William S. Cohen, Ranking Minority
Member, Subcommittee on Oversight of Government Management, Senate
Governmental Affairs Committee (October 12, 1994). Available at https:/
/acc.dau.mil/adl/en-US/22163/file/2121/
Cohen%20Computer%20Chaos%201994.pdf.
---------------------------------------------------------------------------
To address these problems, Congress passed the Clinger-
Cohen Act in 1996. That law, among other things, established
the position of agency CIO to serve as a focal point for IT
within an agency.\7\ The Clinger-Cohen Act set forth detailed
requirements for IT capital planning, investment control,
performance, and results-based management.\8\ Several years
later, the E-Government Act of 2002 reiterated the CIO's
responsibility for agency IT management and information
security at their respective agencies.\9\
---------------------------------------------------------------------------
\7\The Clinger-Cohen Act of 1996 was originally enacted as the
Information Technology Management Reform Act of 1996 (Divisions D and E
of P.L. 104-106). The law was renamed the Clinger-Cohen Act by Pub. L.
104-208,110 Stat. 3009-393 (1996).
\8\40 U.S.C. Sec. Sec. 11312 and 11313.
\9\E-Gov Act of 2002, P.L. 107-347 (Dec. 17, 2002). Many of the
Act's provisions were incorporated into Title 44, U.S. Code.
---------------------------------------------------------------------------
Together, these statutes require CIOs to be key leaders in
managing IT and other information functions at an agency.
Specifically, they make the CIO responsible for:
providing advice and other assistance to the head
of an agency to ensure that IT is acquired and information
resources are managed in accordance with the law and the
priorities of the head of the agency;\10\
---------------------------------------------------------------------------
\10\40 U.S.C. Sec. 11315(b)(1).
---------------------------------------------------------------------------
developing, maintaining, and facilitating the
implementation of a sound, secure, and integrated IT
architecture;\11\
---------------------------------------------------------------------------
\11\40 U.S.C. Sec. 11315(b)(2).
---------------------------------------------------------------------------
promoting the effective and efficient design and
operation of all major information resources management
processes for an agency, including improvements to an agency's
work processes;\12\
---------------------------------------------------------------------------
\12\40 U.S.C. Sec. 11315(b)(3).
---------------------------------------------------------------------------
ensuring that information resources,\13\
management operations, and decisions are integrated with an
organization's planning, budget, financial management, human
resources management, and program decisions;\14\
---------------------------------------------------------------------------
\13\44 U.S.C. Sec. 3502(6) defines ``information resources'' as
``information and related resources, such as personnel, equipment,
funds, and information technology.''
\14\44 U.S.C. Sec. 3506(b)(3)(A).
---------------------------------------------------------------------------
monitoring the performance of IT programs and
advising the agency head whether to continue, modify, or
terminate such programs;\15\ and
---------------------------------------------------------------------------
\15\40 U.S.C. Sec. 11315(c)(2).
---------------------------------------------------------------------------
managing agency information security, including
compliance with the Federal Information Security Management Act
(``FISMA'').\16\
---------------------------------------------------------------------------
\16\44 U.S.C. Sec. Sec. 3541, et seq.
---------------------------------------------------------------------------
In creating the position of Chief Information Officer,
Congress intended for an agency CIO to serve as a senior
decision maker, providing leadership and direction for
information resource development, procurement, and management.
A primary goal of the Clinger-Cohen Act was to shift agencies'
approach on IT investments away from one focused only on
technical issues towards one that focused on truly managing IT
investments, and the CIO of an agency was seen as a key figure
in accomplishing that objective.\17\ The CIO was envisioned as
the person responsible and accountable for an agency's IT
investments, a key leader who would implement and enforce
applicable government-wide and agency IT management policies.
---------------------------------------------------------------------------
\17\Opening statement of Senator William Cohen, Subcommittee on
Oversight of Government Management and the District of Columbia of the
Committee on Governmental Affairs, S. 946, the Information Technology
Management Reform Act of 1995 at 3 (July 25, 1996). See also Id. at 12,
(Testimony of Gene Dodaro, Assistant Comptroller General, Accounting
and Information Management Division, U.S. General Accounting Office).
---------------------------------------------------------------------------
The Committee recognizes that there are many factors that
must be in place for an agency to successfully acquire,
implement, and manage its IT investments. In a May 2014 hearing
focused on identifying the key factors that make for successful
IT investments, the Committee heard testimony regarding the
importance of senior executive support of the program, active
end-user involvement in developing requirements and testing,
having skilled program managers and teams, and having
consistent and stable government and contractor staff.\18\
Likewise, witnesses discussed the importance of utilizing an
``incremental'' approach to deliver on IT investments, where
investments are divided into smaller pieces in order to reduce
investment risk and deliver capabilities in shorter time
frames. This approach differs from the more traditional ``big
bang'' approach often used by agencies, which relies on
delivering all of the capabilities of a large-scale IT system
at one time, often resulting in failure.\19\ Ultimately, the
successful acquisition and implementation of IT systems
requires the involvement of a variety of stakeholders across
many disciplines including acquisition, human capital, and
financial management.
---------------------------------------------------------------------------
\18\Senate Committee on Homeland Security and Governmental Affairs
Hearing, Identifying Critical Factors for Success in Information
Technology Acquisitions (May 8, 2014). See also GAO-12-7, Information
Technology: Critical Factors Underlying Successful Major Acquisitions
(October 2011); Key Success Factors for Major Programs that Leverage
IT: 7-S for Success available at https://actiac.org/sites/default/
files/7-S_for_Success_0.pdf.
\19\Id. See also GAO-14-361, Information Technology: Agencies Need
to Establish and Implement Incremental Development Policies (May 2014).
---------------------------------------------------------------------------
However, the CIO of an agency plays a very important role
in providing technical expertise and objective, knowledge-based
assessments on the wisdom of every key decision made over the
lifespan of an IT investment. Thus, it is extremely important
that a CIO, and the staff who reports to the CIO, be fully
integrated into all the elements of the agency's process for
developing and delivering IT investments as an independent
stakeholder. It is not enough for a CIO and his or her team to
``have a seat at the table''--they must also be an integral
part of any decision processes at the agency. Unfortunately,
despite statutory requirements and policy guidance from the
Office of Management and Budget (``OMB''), many CIOs do not
have the necessary authority and are frequently not recognized
as the key leaders in managing IT at an agency. For example, in
a 2011 survey of agency CIOs, the Government Accountability
Office (``GAO'') found that many CIOs faced limitations in
their ability to influence agency decisions on IT investments
because a significant portion of an agency's IT funding is
allocated and spent at the component, or bureau level, of an
agency.\20\
---------------------------------------------------------------------------
\20\See GAO-11-634 at 29-30, Federal Chief Information Officers:
Opportunities Exist to Improve Role in Information Technology
Management. See also GAO-04-823, Federal Chief Information Officers:
Responsibilities, Reporting Relationships, Tenure, and Challenges (July
2004).
---------------------------------------------------------------------------
In recognition of the challenges that many agency CIOs
face, in August 2011, OMB issued a memorandum designed to move
the role of the CIO ``away from just policymaking and
infrastructure maintenance, to encompass true portfolio
management for all IT.''\21\ By updating its policies, OMB
sought to hold agency CIOs ``accountable for lowering
operational costs, terminating and turning around troubled
projects, and delivering meaningful functionality at a faster
rate while enhancing the security of information systems.''\22\
---------------------------------------------------------------------------
\21\Memorandum from Jacob J. Lew, U.S. Office of Management and
Budget, Chief Information Officer Authorities, at 1 (Aug. 8, 2011),
available at http://www.whitehouse.gov/sites/default/files/omb/
memoranda/2011/m11-29.pdf.
\22\Id.
---------------------------------------------------------------------------
The memorandum laid out what OMB envisioned as the CIO's
responsibilities in four primary areas:
Governance--CIOs are to drive the IT investment
review process by assuming ``responsibility over the entire IT
portfolio for an Agency'' and by working to ``ensure IT
portfolio analysis is an integral part of the yearly budget
process of an agency.''\23\
---------------------------------------------------------------------------
\23\Id.
---------------------------------------------------------------------------
Commodity IT--CIOs are to ``focus on eliminating
duplication and rationalize . . . IT investments.'' The
services to be examined are: data centers, networks, desktop
computers, mobile devices, e-mail, collaboration tools, web
infrastructure, human resources systems, and finance systems.
CIOs are also directed to ``pool their agency's purchasing
power across the entire organization to drive down costs and
improve service'' and are required to ``show a preference for
using shared services . . . instead of standing up separate
independent services.''\24\
---------------------------------------------------------------------------
\24\Id. at 2.
---------------------------------------------------------------------------
Program Management--CIOs are charged with
``identifying, recruiting, and hiring top IT program management
talent'' and are required to ``train and provide annual
performance reviews'' for employees in charge of major programs
as well as lower-level CIOs. CIOs will also be held accountable
for the performance of IT program managers based on their
governance process and the IT Dashboard, an online tool that
presents the cost and schedule information of an agency's major
IT investments, as well as an evaluation of that investment by
an agency CIO.\25\
---------------------------------------------------------------------------
\25\Id. at 2. The IT Dashboard is ``a website enabling federal
agencies, industry, the general public, and other stakeholders to view
details of federal information technology investments.'' See ``IT
Dashboard FY2015 Edition,'' http://www.itdashboard.gov/.
---------------------------------------------------------------------------
Information Security--CIOs, or designated agency
officials who report to the CIO, are required ``to implement an
agency-wide information security program and to provide
information security for both the information collected and
maintained by the agency, or on behalf of the agency, and for
the information systems that support the operations, assets,
and mission of the agency.''\26\
---------------------------------------------------------------------------
\26\Id. at 2.
---------------------------------------------------------------------------
Building off existing statutory requirements and OMB
policy, the Committee substitute to H.R. 1232 seeks to further
empower the agency CIO by ensuring that the CIO has a
significant role in the annual and multi-year planning,
programming, budgeting, and execution processes as well as the
management, governance, and oversight processes related to IT.
The bill directs the Director of OMB to require in its annual
IT capital planning guidance that the CIO of the agency: (1)
approve the agency's information technology budget request; (2)
certify that IT investments are implementing incremental
development as defined by OMB; and (3) work with the Chief
Human Capital Officer to review all IT positions requested in
the budget to ensure the needs of the agency are being met.
The Committee substitute to H.R. 1232 would also require
approval by the CIO of contracts for IT or IT services, the
reprogramming of funds for IT programs, and the hiring of key
agency IT personnel. Ultimately, the bill would do more than
just create a seat at the ``CEO-level'' table for the Chief
Information Officer--it would also make the CIO a key part of
the agency's decision-making processes, a position with both
the authority to help make decisions and the responsibility to
ensure that programs are well managed and produce good
outcomes.
INFORMATION TECHNOLOGY DASHBOARD AND TECHSTAT ACCOUNTABILITY SESSIONS
In June 2009, the Obama Administration and OMB launched an
Information Technology Dashboard (``IT Dashboard'' or
``Dashboard'') to quickly and easily illustrate IT investments
that were on-track, having trouble, or calling out for
cancellation. The IT Dashboard is a publically accessible
online tool that presents cost and schedule information, as
well as an evaluation from agency CIOs on the performance of
major IT investments.
Less than a year after the IT Dashboard debuted, the
Administration started holding TechStat Accountability Sessions
(``TechStats'') in January 2010. A TechStat is a ``face-to-
face, evidence-based review of an IT investment'' with OMB and
agency leadership.\27\ TechStat sessions seek to focus
management attention on troubled IT investments and help
terminate or turnaround IT investments that are failing or not
producing results. When used in concert, the IT Dashboard and
TechStat sessions have helped agencies, OMB, and Congress
identify at-risk IT projects and implement corrective
measures.\28\
---------------------------------------------------------------------------
\27\See https://cio.gov/what-is-techstat/.
\28\By March 2011, OMB estimated that use of the IT Dashboard and
corresponding TechStat sessions had led to over $3 billion in cost
reductions. See http://www.whitehouse.gov/blog/2011/03/31/open-
sourcing-it-dashboard-techstat-process.
---------------------------------------------------------------------------
While the IT Dashboard and TechStat sessions have been
widely recognized as valuable oversight tools, concerns remain
with the accuracy and usefulness of some of the information on
the IT Dashboard and a decrease in the number of TechStat
sessions led by OMB.
The GAO has issued a series of reports highlighting
deficiencies with the accuracy and reliability of the cost and
schedule data reported on the Dashboard.\29\ While the accuracy
of the Dashboard ratings appears to have improved over time,
GAO has raised concerns about how some agencies have removed
investments from the Dashboard by reclassifying their
investments.\30\ For example, the Department of Energy
reclassified supercomputer investments as facilities, rather
than as IT, and removed them from public reporting on the
Dashboard.\31\ Furthermore, the public version of the Dashboard
is frequently not updated because OMB chooses not to update the
Dashboard while the President's budget request is being
created. For example, in a December 2013 review of the IT
Dashboard, GAO noted that the Department of Justice downgraded
an investment in July 2012, but the information on the
Dashboard was not updated to reflect this downgrade until April
2013.\32\
---------------------------------------------------------------------------
\29\See IT Dashboard: Agencies are Managing Investment Risk, but
Related Ratings Need to Be More Accurate and Available, GAO-14-64 (Dec.
12, 2013); Information Technology Dashboard: Opportunities Exist to
Improve Transparency and Oversight of Investment Risk at Select
Agencies, GAO-13-98 (Oct. 16, 2012); IT Dashboard: Accuracy Has
Improved, and Additional Efforts Are Under Way to Better Inform
Decision Making, GAO-12-210 (Nov. 7, 2011); Information Technology: OMB
Has Made Improvements to Its Dashboard, but Further Work Is Needed by
Agencies and OMB to Ensure Data Accuracy, GAO-11-262 (Mar. 15, 2011);
and Information Technology: OMB's Dashboard Has Increased Transparency
and Oversight, but Improvements Needed, GAO-10-701 (July 16, 2010).
\30\IT Dashboard: Agencies are Managing Investment Risk, but
Related Ratings Need to Be More Accurate and Available, GAO-14-64 (Dec.
12, 2013).
\31\Id. at 18.
\32\See IT Dashboard: Agencies are Managing Investment Risk, but
Related Ratings Need to Be More Accurate and Available, GAO-14-64 at 22
(Dec. 12, 2013).
---------------------------------------------------------------------------
In 2013, GAO also reviewed agency implementation of
TechStat sessions and reported that although OMB and selected
agencies had held multiple TechStats, additional oversight was
needed to ensure that these sessions were having the
appropriate impact on underperforming projects.\33\
Additionally, GAO found that the number of TechStats held was
relatively small compared to the current number of at-risk IT
investments. Specifically, as of May 2013, of the 162 at-risk
IT investments, only 30 (18.5 percent) had undergone an OMB-led
TechStat. Further, of the 69 at-risk investments at four
selected agencies as of May 2013, only 23 (33.3 percent) had
undergone an OMB or agency TechStat.\34\
---------------------------------------------------------------------------
\33\GAO, Information Technology: Additional Executive Review
Sessions Needed to Address Troubled Projects, GAO-13-524 (Washington,
D.C.: June 13, 2013).
\34\GAO-13-524 at 27. The selected agencies were the Departments of
Agriculture, Commerce, Homeland Security, and Health and Human
Services.
---------------------------------------------------------------------------
Despite the above-mentioned problems, the IT Dashboard and
TechStat sessions have proven to be very valuable tools that
have increased the transparency and performance of major
federal IT investments. Building off the promise of these
initiatives, the Committee substitute to H.R. 1232 requires a
government-wide IT Dashboard and improves upon the quality of
the data displayed on the Dashboard by requiring the agency CIO
to certify on a quarterly basis that the cost, schedule, and
performance information is accurate. In addition, the
substitute improves upon the accuracy of the CIO's evaluation
by requiring that an IT investment's overall risk rating align
more closely to the cost and schedule risks identified for the
investment, and by requiring that IT investments that do not
employ an incremental approach be automatically rated at a
medium-risk level to ensure they receive adequate management
attention. The substitute also requires that agencies use the
Dashboard as a foundation for a TechStat-like process to help
agencies and OMB manage the riskiest IT projects. If an
investment continues to be rated as high-risk for more than a
year following completion of the required review, the Director
of OMB is required to deny requests for future development
funding until the agency CIO can certify that risks have been
sufficiently addressed. Collectively, the requirements in the
Committee substitute to H.R. 1232 will allow Congress, OMB, and
the general public to use the Dashboard to hold agencies
accountable for results and performance.
PORTFOLIO REVIEW
In addition to the challenges that agencies face in
acquiring and developing specific IT investments, the stove-
piped nature of many Federal agencies has led to a
proliferation of duplicative IT investments. Many agencies
manage their IT systems in a decentralized manner with
authorities and responsibilities spread throughout the
agency.\35\ As a result, departments are unable to take an
enterprise-wide view of their IT investments which frequently
results in duplication, waste, and poor outcomes. Too often,
agencies, or components of agencies, seek to develop new
solutions first, before assessing existing options, or
identifying ways to achieve shared agency-wide IT solutions.
For example, in 2012, OMB reviewed over 7,000 Federal agency IT
investments that had been reported to OMB and found many
potential redundancies and billions of dollars in potential
savings that could be achieved through either consolidation or
a shared approach to IT service delivery.\36\
---------------------------------------------------------------------------
\35\See GAO-11-634 at 29-30.
\36\See Federal Information Technology Shared Services Strategy at
4, May 2, 2012.
---------------------------------------------------------------------------
To address this problem, in March 2012, the Administration
implemented the PortfolioStat process, which requires agency
Chief Operating Officers (or their designees), on an annual
basis, to lead an agency-wide review of the IT systems
operating within an organization.\37\ Through the PortfolioStat
process, an agency must take a holistic view of its IT
investments to identify potential duplication within the
agency, investments that do not appear to be well-aligned with
agency missions, and other key considerations regarding an
agency's IT portfolio. In comparison to the TechStat reviews
discussed above (which examine IT performance at the specific
project or investment-level), PortfolioStat examines an
agency's IT portfolio as a whole to help identify and eliminate
areas of duplication and waste.
---------------------------------------------------------------------------
\37\See M-12-10, Implementing PortfolioStat, Office of Management
and Budget, (March 30, 2012).
---------------------------------------------------------------------------
In June 2013, the Committee held a hearing on IT management
issues focused in large part on the Administration's
PortfolioStat process. In the first round of PortfolioStat
reviews, agencies identified more than $2.5 billion in spending
reductions that could be achieved from FY 2013 through FY
2015.\38\ However, in November 2013 GAO reported that OMB's
PortfolioStat initiative has the potential to save between $5.8
and $7.9 billion by fiscal year 2015.\39\ GAO also found that
many agencies were not fully implementing the requirements of
the initiative. For example, only one agency fully addressed
the key requirements of OMB's initiative, and twelve agencies
were not able to ensure that their commodity IT baseline was
complete.\40\
---------------------------------------------------------------------------
\38\See statement of Steven VanRoekel, Senate Committee on Homeland
Security and Governmental Affairs Hearing, Reducing Duplication and
Improving Outcomes in Federal Information Technology (June 11, 2013).
\39\GAO, Information Technology: Additional OMB and Agency Actions
are Needed to Achieve Portfolio Savings, GAO-14-65 (Washington, D.C.:
Nov. 6, 2013). GAO found that the potential savings from the first
round of agency PortfolioStats are likely understated because several
large agencies, including the Departments of Defense and Justice were
not included in the estimates.
\40\Id. at 15.
---------------------------------------------------------------------------
The PortfolioStat process is a promising initiative that
can both save money and improve the management of IT systems
throughout the federal government. Accordingly, the Committee
substitute to H.R. 1232 requires the Director of OMB and agency
CIOs to annually review the IT investments of an agency to
identify, among other things, ways to increase the efficiency
and effectiveness of an agency's IT investments, opportunities
to increase the use of shared services, potential duplication,
waste and cost-savings, and a multi-year strategy to reduce
duplication within an agency's IT portfolio. The Committee
expects that agencies will review the entire portfolio of an
agency's IT investments, including hardware, software, and IT
services. The Director of OMB would also be required to develop
metrics and performance indicators for agencies to use in their
annual portfolio review.
DATA CENTER CONSOLIDATION
A data center is a room or building that houses computer
systems and associated components that are used for the
storage, management, and dissemination of data and
information.\41\ Over the years, the federal government's
demand for IT has led to a dramatic rise in the number of
federal data centers and an increase in operation costs. The
number of data centers operated by the federal government has
grown from several hundred in the 1990s to more than six
thousand as of July 2013.\42\
---------------------------------------------------------------------------
\41\OMB's definition of a ``data center'' has evolved over the
years. It most recently has settled on defining ``data center'' as ``a
closet, room, floor or building for the storage, management, and
dissemination of data and information.'' OMB's guidance further
explains that ``such a repository houses computer systems and
associated components, such as database, application, and storage
systems and data stores. A data center generally includes redundant or
backup power supplies, redundant data communications connections,
environmental controls (air conditioning, fire suppression, etc.) and
special security devices housed in leased (including by cloud
providers), owned, collocated, or stand-alone facilities. This
definition excludes facilities exclusively devoted to communications
and network equipment (e.g., telephone exchanges and telecommunications
rooms).'' Office of Management and Budget Memorandum for Chief
Information Officers, Implementation Guidance for the Federal Data
Center Consolidation Initiative (March 19, 2012).
\42\In July 2013, the Government Accountability Office reported
that the number of agency-reported federal data centers stood at 6,836.
Government Accountability Office, Information Technology: OMB and
Agencies Need to More Effectively Implement Major Initiatives to Save
Billions of Dollars, GAO-13-796T (July 2013). That is more than triple
the number reported in 2010, when OMB first started counting, an
increase resulting not so much from an actual growth in data centers,
as from agencies' growing familiarity with OMB's requirements and OMB's
expansion of the definition of ``data center.''
---------------------------------------------------------------------------
Operating these data centers imposes significant costs on
the federal government. The government has to purchase
hardware, software, and the facilities in which to place them,
and it has to pay people to run the machines in the centers.
Moreover, the Environmental Protection Agency reported that in
2006 (the most recent year for which the information is
available), federal servers and data centers accounted for
approximately six billion kilowatts of electricity use, for a
total annual electricity cost of about $450 million.\43\ These
data centers typically run 24 hours a day, seven days a week,
and require significant electricity to power the ``always-on''
equipment. In addition, data centers produce significant heat,
requiring a substantial expenditure for energy to cool
them.\44\ Furthermore, GAO has cited ``the growth in the number
of federal data centers, many offering similar services and
resources'' as a source of overlap and duplication (and
therefore unnecessary expenditures) in the federal
government.\45\
---------------------------------------------------------------------------
\43\U.S. Environmental Protection Agency, ENERGY STAR Program,
Report to Congress on Server and Data Center Energy Efficiency at 25
(pursuant to Public Law 109-431) (August 2, 2007).
\44\See Time Magazine, The Surprisingly Large Energy Footprint of
the Digital Economy,
April 14, 2013 at http://science.time.com/2013/08/14/power-drain-the-
digital-cloud-is-using-more-
energy-than-you-think/.
\45\Government Accountability Office, Opportunities to Reduce
Potential Duplication in Government Programs, Save Tax Dollars, and
Enhance Revenue, 26-29, GAO-11-318SP (March 2011).
---------------------------------------------------------------------------
In 2010, OMB, through the Federal CIO, launched the Federal
Data Center Consolidation Initiative (``Consolidation
Initiative'' or ``Initiative'') to consolidate redundant
federal data centers and achieve cost-savings. The goals of the
initiative were to: promote the use of green IT by reducing the
overall energy and real estate footprint of government data
centers; reduce the cost of data center hardware, software, and
operations; increase the overall IT security posture of the
government; and shift IT investments to more efficient
computing platforms and technologies.\46\
---------------------------------------------------------------------------
\46\Office of Management and Budget Memorandum for Chief
Information Officers, Federal Data Center Consolidation Initiative
(February 26, 2010).
---------------------------------------------------------------------------
Under the Consolidation Initiative, OMB required the 24
departments and agencies on the CIO Council\47\ to submit an
inventory of each agency's data centers and a plan for
consolidating them. Agencies were then required to annually
update their asset inventory and report on the progress made
toward implementing the agency consolidation plan. OMB set a
target goal of closing 40 percent of the federal data centers
agencies had identified, and it estimated saving between $3 and
$5 billion--both by the end of 2015.\48\
---------------------------------------------------------------------------
\47\The 24 agencies on the CIO Council are: Department of
Agriculture; Department of Commerce; Department of Defense; Department
of Education; Department of Energy; Department of Health and Human
Services; Department of Homeland Security; Department of Housing and
Urban Development; Department of the Interior; Department of Justice;
Department of Labor; Department of State; Department of Transportation;
Department of the Treasury; Department of Veterans Affairs;
Environmental Protection Agency; General Services Administration;
National Aeronautics and Space Administration; National Science
Foundation; Nuclear Regulatory Commission; Office of Personnel
Management; Small Business Administration; Social Security
Administration; and United States Agency for International Development.
\48\See Fiscal Year 2012 Budget of the U.S. Government, page 29
(http://www.whitehouse.gov/sites/default/files/omb/budget/fy2012/
assets/budget.pdf) and Fiscal Year 2013 Budget of the U.S. Government,
page 43 (http://www.whitehouse.gov/sites/default/files/omb/budget/
fy2013/assets/budget.pdf).
---------------------------------------------------------------------------
At the request of this Committee, GAO conducted several
reviews of the progress that OMB and agencies have made under
the Initiative.\49\ GAO's ongoing work on the Consolidation
Initiative has confirmed two things. First, data center
consolidation is an economical way to achieve more efficient IT
operations, as well as cost-savings or cost avoidance.\50\
Second, significant work must still be done before agencies
realize the full benefits of consolidation.
---------------------------------------------------------------------------
\49\See Government Accountability Office, Data Center
Consolidation: Agencies Need to Complete Inventories and Plans to
Achieve Expected Savings, 8-19, GAO-11-565 (July 2011); Government
Accountability Office, Data Center Consolidation: Agencies Making
Progress on Efforts, but Inventories and Plans Need to be Completed,
12, GAO-12-742 (July 2012); and Government Accountability Office, Data
Center Consolidation: Strengthened Oversight Needed to Achieve Cost
Savings Goal 14, GAO-13-378 (April 2013).
\50\See Government Accountability Office, Opportunities to Reduce
Potential Duplication in Government Programs, Save Tax Dollars, and
Enhance Revenue, 26-29, GAO-11-318SP (March 2011).
---------------------------------------------------------------------------
For example, in July 2011, GAO assessed the completeness of
each agency's first submission of data center consolidation
documents and found that, at that time, only one agency out of
24 had submitted a complete data center asset inventory and no
agency had submitted a complete consolidation plan.\51\ A year
later, in July 2012, GAO reported on agencies' second
submission of data center consolidation documents. These
submissions demonstrated that the Consolidation Initiative
could potentially save the government billions of dollars.\52\
However, GAO's review also found that there were still large
gaps in agency inventories and plans.\53\
---------------------------------------------------------------------------
\51\Government Accountability Office, Data Center Consolidation:
Agencies Need to Complete Inventories and Plans to Achieve Expected
Savings, 8-19, GAO-11-565 (July 2011).
\52\Government Accountability Office, Data Center Consolidation:
Agencies Making Progress on Efforts, but Inventories and Plans Need to
be Completed, 12, GAO-12-742 (July 2012). GAO found that nineteen
agencies reported anticipating a combined total of more than $2.4
billion in cost-savings and more than $820 million in cost avoidances
between 2011 and 2015. GAO noted that actual savings could reach even
higher, because fourteen of the agencies provided incomplete
projections, one agency does not expect to accrue net savings until
2017, and three agencies did not provide any estimated cost-savings at
all.
\53\Id.
---------------------------------------------------------------------------
GAO's next report on the Consolidation Initiative, issued
in April 2013, once again evaluated agency progress in
consolidating data centers. GAO expressed frustration over the
failure to track cost-savings associated with the Consolidation
Initiative, stating, ``the lack of initiative-wide cost-savings
data makes it unclear whether agencies will be able to achieve
OMB's projected savings of $3 billion by the end of 2015.''\54\
GAO also found that OMB had not measured agencies' progress
toward OMB's cost-savings goal of $3 billion, because OMB had
not determined a consistent and repeatable method for tracking
cost-savings. GAO further stated that until OMB begins tracking
and reporting on performance measures such as cost-savings, OMB
would be limited in its ability to oversee agencies' progress
towards key initiative goals.\55\
---------------------------------------------------------------------------
\54\Government Accountability Office, Data Center Consolidation:
Strengthened Oversight Needed to Achieve Cost Savings Goal 14, GAO-13-
378 (April 2013).
\55\ Id. at 10.
---------------------------------------------------------------------------
The Committee substitute to H.R. 1232 builds on the
Administration's efforts to consolidate and streamline data
centers. The bill does so by requiring agencies, among other
things, to devise and implement plans to inventory and
consolidate existing data centers and to report to OMB on the
extent to which they are implementing those plans. To assist
agency consolidation efforts, the Committee substitute to H.R.
1232 requires OMB to implement government-wide data center
consolidation and optimization metrics. These metrics include
cost-savings metrics that ensure accurate calculation of cost-
savings and cost avoidances, as well as server efficiency (i.e.
server utilization) metrics.
Finally, the Committee substitute to H.R. 1232 requires OMB
to develop a cost-savings goal for the FDCCI and regularly
report to Congress on cost-savings realized, and the
completeness of each agency's data center inventories and
consolidation strategies. It also directs the GAO to review and
verify agencies' data center consolidation efforts.
III. Legislative History
H.R. 1232 was introduced on March 18, 2013, by
Representatives Darrell Issa and Gerald Connolly. On February
25, 2014, the bill was agreed to in the House by voice vote on
a motion to suspend the rules and pass the bill. The bill was
received in the Senate on February 26, 2014 and referred to the
Homeland Security and Governmental Affairs Committee.
The Committee considered the bill at a business meeting on
June 25, 2014. Senator Carper offered two amendments to the
bill. The first was a substitute amendment that Senator Carper
and Senator Coburn offered that would strengthen the
authorities of agency CIOs, improve upon the public
transparency and review processes required of agency IT
investments, require agencies to conduct annual reviews of the
IT investments of the entire agency, and build on the
Administration's efforts to consolidate and streamline data
centers. The second amendment was a technical amendment to the
title of the bill.
The Committee adopted both amendments, and ordered the
underlying bill reported favorably, all by voice vote (with
Senator Levin asking to be recorded as ``present'' for the
voice vote on the underlying bill). Members present for the
vote on the amendments and on the bill were Senators Carper,
Levin, McCaskill, Tester, Heitkamp, Coburn, McCain, Johnson,
and Portman.
The Carper-Coburn substitute is based on the Committee's
extensive work on the subject. The Committee and its
subcommittees have held six hearings over the last three years
on IT management and related issues:
On April 12, 2011, the Subcommittee on
Federal Financial Management, Government Information,
Federal Services, and International Security held a
hearing entitled ``Examining the President's Plan for
Eliminating Wasteful Spending in Information
Technology.'' The hearing explored efforts by the Obama
administration to rein in the federal government's IT
budget and the President's 25-point plan to reform
federal IT management.
On May 25, 2011, the full Committee held a
hearing entitled ``How to Save Taxpayer Dollars: Case
Studies of Duplication in the Federal Government.'' One
of the case studies examined at the hearing was the
Consolidation Initiative's effort to reduce unnecessary
federal data centers.
On May 24, 2012, the Subcommittee on Federal
Financial Management, Government Information, Federal
Services, and International Security held a hearing
entitled ``Innovating with Less: Examining Efforts to
Reform Information Technology Spending.'' The hearing
examined the Obama administration's progress in
implementing its plan to transform the management of
federal IT systems.
On June 11, 2013, the full Committee held a
hearing entitled ``Reducing Duplication and Improving
Outcomes in Federal Information Technology.'' During
the hearing, several critical IT areas were identified
as offering potential opportunities to reduce
duplication and the cost of government operations,
including reducing the number of underutilized federal
data centers.
On May 8, 2014, the full Committee held a
hearing entitled ``Identifying Critical Factors for
Success in Information Technology Acquisitions.'' The
hearing examined the critical factors that lead to the
successful acquisition of information technology
investments, what challenges organizations (both
government and industry) face in implementing IT
systems, and ongoing efforts to consolidate data
centers, empower agency CIOs, and strengthen management
of IT projects.
On June 10, 2014, the Subcommittee on the
Efficiency and Effectiveness of Federal Programs and
the Federal Workforce, held a hearing entitled ``A More
Efficient and Effective Government: Examining Federal
IT Initiatives and the IT Workforce.'' The hearing
examined the state of major federal IT projects, as
well as the process through which they are solicited
and coordinated government-wide.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1. Short title
Section 1 gives the bill the short title of the Federal
Information Technology Acquisition Reform Act.
Sec. 2. Table of contents
Section 2 provides a table of contents for the bill.
TITLE I--Management of Information Technology within Federal Government
Sec. 101. CIO authority enhancements
Section 101(a) adds a new section 11319 to chapter 113 of
title 40, United States Code, entitled ``Resources, planning
and portfolio management.''
New section 11319(a) defines the following terms:
``Covered agency'' means each agency listed
in sections 901(B)(1) and 901(b)(2) of title 31, which
includes the following agencies: The Department of
Agriculture, the Department of Commerce, the Department
of Defense, the Department of Education, the Department
of Energy, the Department of Health and Human Services,
the Department of Homeland Security, the Department of
Housing and Urban Development, the Department of the
Interior, the Department of Justice, the Department of
Labor, the Department of State, the Department of
Transportation, the Department of the Treasury, the
Department of Veterans Affairs, the Environmental
Protection Agency, the National Aeronautics and Space
Administration, The Agency for International
Development, the General Services Administration, the
National Science Foundation, the Nuclear Regulatory
Commission, the Office of Personnel Management, the
Small Business Administration, the Social Security
Administration; and
The bill delegates to OMB the responsibility
to provide a precise definition of the term
``Information Technology'' through OMB's capital
planning guidance. The current definition of
``Information Technology'' in OMB's Fiscal Year 2015
guidance is ``any equipment or interconnected system or
subsystem of equipment that is used in the automatic
acquisition, storage, manipulation, management,
movement, control, display, switching, interchange,
transmission, or reception of data or information by an
executive agency. IT is related to the terms capital
asset, IT investment, program, project, sub-project,
service, and system.''\56\
---------------------------------------------------------------------------
\56\http://www.whitehouse.gov/sites/default/files/omb/assets/
egov_docs/fy2015_e53_and_ 300_guidance_final_july2013.pdf.
---------------------------------------------------------------------------
New section 11319(b) gives new authorities for CIOs. New
subsection (b)(1)(A) first requires the head of each covered
agency and each military department to ensure that the CIO of
the agency has a significant role in the annual and multi-year
planning, programming, budgeting, and execution processes, as
well as the management, governance, and oversight processes
related to information technology (IT).
Next, new subsection (b)(1)(B) requires the OMB Director to
require in OMB's annual IT capital planning guidance that the
CIO of the agency (1) approve the agency's information
technology budget request; (2) certify that IT investments are
implementing incremental development as defined by OMB; and (3)
work with the Chief Human Capital Officer to review all IT
positions requested in the budget to ensure the needs of the
agency are being met.
Finally, new subsection (b)(1)(C) requires the CIO of
covered agencies and the military departments to review and
approve IT contracts or other agreements for information
technology or information technology services. An agency CIO
would also review and approve any request to reprogram funds
for IT programs, prior to such funds being reprogrammed. The
agency may utilize existing governance processes to obtain
approval provided that the CIO of the agency is a full
participant in those governance processes. This subsection also
allows the CIO to delegate the approval of a contract or
agreement to an individual who reports directly to the Chief
Information Officer for contracts or agreements for non-major
IT investments, as that term is defined by OMB. However, the
CIO may not delegate the approval for major IT investments.
New subsection (b)(2) provides that the agency CIO shall
approve the appointment of any other employee with the title of
Chief Information Officer at the agency, or who functions in
the capacity of Chief Information Offer, for any component
organization within the agency.
Sec. 102. Enhanced transparency and improved risk management in
information technology investments
Section 102(a) amends 40 U.S.C. Sec. 11302(c) to codify
OMB's IT Dashboard program, requiring OMB to make publicly
available the cost, schedule, and performance data for each
major IT investment at an agency. This section also sets forth
a review process that must take place for major IT investments
that receive a high or moderately high risk for four
consecutive quarters.
Section 102(a) first adds two definitions: (1) ``Covered
agency'' once again means each agency listed in sections
901(B)(1) and 901(b)(2) of title 31 and (2) ``Major information
technology investment'' means an agency IT investment that is
designated by the executive agency as ``major'' in accordance
with capital planning guidance issued by OMB.
Section 102(a) then creates a new subsection 40 U.S.C.
Sec. 11302(c)(3)(A), which requires the Director of OMB to make
publicly available the cost, schedule, and performance data for
each major IT investment for both new acquisitions and for
operations and maintenance of existing IT. This information is
required to be continuously available to the public, but the
Director of OMB may waive or limit the information that is made
publicly available if the Director determines that such a
waiver or limitation is in the national security interests of
the United States.
New subsection 11302(c)(3)(B) further requires the agency
CIO to certify each quarter that the information is current,
accurate, and reflects the risks associated with each
investment and also to identify significant data quality
issues. The OMB Director must publicly identify executive
agencies with an incomplete certification.
Under new subsection 11302(c)(3)(C) the agency CIO is
required to categorize each investment according to its risk
level. The CIO cannot categorize the level of risk as not lower
than medium risk for any investment that is not using
incremental development. Incremental, or modular, development
involves ``dividing investments into smaller parts in order to
reduce investment risk, deliver capabilities more rapidly, and
permit easier adoption of newer and emerging
technologies.''\57\
---------------------------------------------------------------------------
\57\See Office of Management and Budget, Contracting Guidance to
Support Modular Development (June 14, 2012), available at http://
www.whitehouse.gov/sites/default/files/omb/procurement/guidance/
modular-approaches-for-information-technology.pdf.
---------------------------------------------------------------------------
New subsection 11302(c)(4) then sets forth a review process
that applies to major IT investments that receive a high or
moderately high risk rating for four consecutive quarters.
First, the Administrator of the Office of E-Government and
Information Technology at OMB (``E-Gov Administrator''), in
conjunction with the CIO of the agency and the program manager
of the investment, must review the investment to identify: (1)
the root causes of the high level of risk of the investment;
(2) the extent to which these causes can be addressed; and (3)
the probability of future success. The E-Gov Administrator then
sends the results of the review to the Senate Committee on
Homeland Security and Governmental Affairs, the House Committee
on Oversight and Government Reform, the Senate and House
Appropriations Committees, and to any other Congressional
committee upon request. If within one year of the date of
completion of the above-mentioned review, the investment is
still evaluated as high risk, the OMB Director shall deny any
request for all future development, modernization, and
enhancement funding until such time as the agency CIO certifies
that the root causes have been addressed and there exists
sufficient capability to deliver on the investment within the
planned cost and schedule.
Finally, new subsection 11302(c)(5) requires that the
Director of OMB send a report to Congress, analyzing the trends
of ``covered agencies'' reflected in the performance risk
information required in paragraph (3).
Sec. 103. Governmentwide software purchasing program
Section 103(a) requires the Administrator of the General
Services Administration (``GSA''), in collaboration with the
Secretary of Defense, to identify and develop a strategic
sourcing initiative to enhance Governmentwide acquisition,
shared use, and dissemination of software.
Section 103(b) requires the GSA Administrator, in
developing the initiative under subsection (a), to allow for
the purchase of a license agreement that is available for use
by all executive agencies as one user to the maximum extent
practicable and as appropriate.
TITLE II--Portfolio Review and Federal Data Center Consolidation
Initiative
Sec. 201. Portfolio review
Section 201(a) adds a new subsection 11319(c) to chapter
113 of title 40, United States Code, that requires the Director
of OMB and agency CIOs to annually review each agency's IT
investments.
New subsection 11319(c)(1) requires OMB to first set forth
the process by which agencies should identify, among other
things, ways to increase the efficiency and effectiveness of an
agency's IT investments, opportunities to increase the use of
shared services, potential duplication, waste and cost-savings,
and a multi-year strategy to reduce duplication within an
agency's IT portfolio.
New subsection 11319(c)(2) requires the Director of OMB to
develop metrics and performance indicators that agencies shall
use in their annual portfolio review.
New subsection 11319(c)(3) requires the CIO of a covered
agency to work with the agency's Chief Operating Officer and
the E-Gov Administrator to conduct an annual review of the IT
portfolio of the agency.
New subsection 11319(c)(4) requires the E-Gov Administrator
to submit quarterly reports on the cost-savings and reductions
in duplicative IT investments that were identified through the
portfolio review process.
Sec. 202. Federal Data Center consolidation initiative
Subsection 202(a): Definitions
The section defines the terms: ``Administrator,'' ``Covered
Agency,'' ``FDCCI,'' and ``Government-Wide Data Center
Consolidation and Optimization Metrics.''
Subsection 202(b): Federal Data Center consolidation
inventories and strategies
Subsection 202(b)(1) establishes annual data center
consolidation reporting requirements for 24 key agencies. Each
year, agencies are required to submit to OMB a data center
inventory and a multi-year strategy to consolidate and optimize
their data centers. The strategy shall include performance
metrics, a consolidation timeline, and cost-saving estimates.
Each agency is then required to implement the consolidation
strategies submitted to OMB and provide quarterly updates to
OMB on the implementation process.
Subsection 202(b)(1) also makes clear that OMB may allow
agencies to submit information through existing reporting
structures and that each agency CIO must annually state that
their agency has complied with the requirements of this Act.
Finally, this subsection contains a Rule of Construction to
make it clear that nothing in this Act limits the reporting of
information by agencies to OMB or Congress.
Subsection 202(b)(2) lays out the responsibilities of the
E-Gov Administrator under this Section. These responsibilities
include: establishing deadlines for annual reporting by
agencies and requirements that agencies must meet to be
considered in compliance with the Act, ensuring that agency
progress is made available to the public, reviewing the
inventories and strategies submitted pursuant to this Act,
monitoring the implementation of agency strategies, updating
the cost-savings realized through data center consolidation,
and creating government-wide data center consolidation and
optimization metrics.
Subsection 202(b)(3) requires the E-Gov Administrator to
develop a cost-savings goal for data center consolidation, with
a year-by-year break-down of anticipated savings. This
subsection requires OMB to submit regular updates to Congress
on cost-savings realized, and the completeness or
incompleteness of each agency's data center inventories and
consolidation strategies.
Subsection 202(b)(4) requires GAO to review the quality and
completeness of each agency's asset inventory and consolidation
strategy.
Subsection 202(c): Ensuring cybersecurity standards for
data center consolidation and cloud computing
This subsection establishes that data center consolidation
must be done in accordance with federal guidelines on cloud
computing security, including guidance published by the
National Institute of Standards and Technology and the Federal
Risk and Authorization Management Program, a government-wide
program that aims to provide a standardized approach to
security assessments and authorizations for cloud computing
products and services.
Subsection 202(d): Waiver of disclosure requirements
This subsection provides the Director of National
Intelligence (``DNI'') the ability to waive the requirements of
the Act if the DNI determines that such disclosure is in the
interest of national security. Within 30 days after making such
a determination, the DNI would need to file a statement
describing the waiver and the reasons for the waiver to the
Senate Homeland Security and Governmental Affairs Committee,
the House Committee on Oversight and Government Reform, and the
Senate and House Intelligence Committees.
Subsection 202(e): Sunset
This subsection repeals the Federal Data Center
Consolidation Initiative on October 1, 2018.
V. Congressional Budget Office (CBO) Cost Estimate
July 25, 2014.
Hon. Tom Carper,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 1232, the Federal
Information Technology Acquisition Reform Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Matthew
Pickford.
Sincerely,
Douglas W. Elmendorf.
Enclosure.
H.R. 1232--Federal Information Technology Acquisition Reform Act
Summary: H.R. 1232 would amend the laws governing the
procurement and management of information technology (IT)
systems throughout the federal government. Specifically, the
legislation would expand the existing Federal Data Center
Consolidation Initiative to require agencies to inventory their
data centers (facilities used to house computer systems and
associated components) and to submit plans for optimizing their
use. In addition, the bill would increase the authority of
federal Chief Information Officers (CIOs), and require reports
and analysis by government agencies concerning their IT
investments.
CBO estimates that implementing H.R. 1232 would cost $30
million over the 2015-2019 period, assuming appropriation of
the necessary amounts. Although improving the procurement and
management of IT systems, including optimizing the use of
federal data centers, ultimately could reduce spending, CBO
does not expect that there would be any significant savings
from implementing this legislation for the next few years.
Enacting the bill could affect direct spending by agencies
not funded through annual appropriations; therefore, pay-as-
you-go procedures apply. CBO estimates, however, that any net
change in spending by those agencies would not be significant.
Enacting the bill would not affect revenues.
H.R. 1232 contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act (UMRA)
and would impose no costs on state, local, or tribal
governments.
Estimated cost to the Federal Government: The estimated
budgetary impact of H.R. 1232 is shown in the following table.
The costs of this legislation fall within all budget functions
that include funding to purchase information technology.
----------------------------------------------------------------------------------------------------------------
By fiscal year, in millions of dollars--
-------------------------------------------------------
2015 2016 2017 2018 2019 2015-2019
----------------------------------------------------------------------------------------------------------------
CHANGES IN SPENDING SUBJECT TO APPROPRIATION
Estimated Authorization Level........................... 2 7 7 7 7 30
Estimated Outlays....................................... 2 7 7 7 7 30
----------------------------------------------------------------------------------------------------------------
Basis of estimate: For this estimate, CBO assumes that H.R.
1232 will be enacted in late 2014 and that the necessary
amounts for implementing the bill will be appropriated for each
year.
Administration of Information Management and Procurement
The federal government spends about $80 billion annually on
IT investments. Many provisions of H.R. 1232 would codify and
expand upon the government's current practices concerning IT
management and procurement. Office of Management and Budget
(OMB) memoranda, Presidential directives, Administration
initiatives, and other plans have directed federal agencies to
improve the oversight of underperforming IT systems, more
effectively manage IT costs, address duplicative investments
through the IT Dashboard (a system with detailed information on
major IT investments by the federal government), hold TechStat
reviews (meetings to terminate or turnaround poorly performing
federal IT investments), and implement plans to consolidate
federal data centers.
H.R. 1232 would require 24 major agencies to submit
comprehensive inventories of their IT facilities to OMB as well
as plans for phasing out some data centers and optimizing
performance at the remaining facilities. Under the bill,
agencies also would be required to submit estimates of cost
savings from consolidating those facilities. The Government
Accountability Office (GAO) would be required to annually
review and verify agency efforts in this area and report to the
Congress on its findings. In addition, the legislation would
expand the role and responsibilities of agency CIOs and expand
the analysis needed to justify and report on government-wide IT
procurements.
Based on information from selected agencies, OMB, and GAO
studies and reports on similar efforts to improve the cost
effectiveness of IT spending, CBO expects that the
administrative workload of most agencies would increase under
H.R. 1232, mostly to prepare additional reports and to conduct
more thorough reviews of IT spending. CBO estimates that
implementing H.R. 1232 would cost $7 million a year, assuming
appropriation of the necessary amounts.
Savings
The President's Budget for Fiscal Year 2015 reported that
agencies have saved about $1.6 billion through IT reform
initiatives in recent years. Some of those savings come from
the current Federal Data Center Consolidation Initiative to
close up to 40 percent of the 1,200 consolidated data centers
by the end of 2015 and from using tools like PortfolioStat
reviews to reduce inefficiency, duplication, and unnecessary
spending. Because most of the requirements of H.R. 1232 would
make incremental changes to the current policies and practices,
CBO expects that any additional savings from implementing this
bill over the next five years would be small.
Previous CBO estimates: On December 6, 2013, CBO
transmitted a cost estimate for S. 1611, the Federal Data
Center Consolidation Act of 2013, as ordered reported by the
Senate Committee on Homeland Security and Governmental Affairs
on November 6, 2013. On November 12, 2013, CBO transmitted a
cost estimate for H.R. 1232, as ordered reported by the House
Committee on Oversight and Government Reform on March 20, 2013.
Both S. 1611 and the Senate version of H.R. 1232 contain
identical provisions on data center consolidation. Although the
House and Senate versions of H.R. 1232 both address the
management and procurement of federal IT systems, CBO estimates
that the House bill would have a greater cost because it has a
larger scope.
Pay-As-You-Go considerations: The Statutory Pay-As-You-Go
Act establishes budget-reporting and enforcement procedures for
legislation affecting direct spending or revenues. Enacting the
bill could affect direct spending by agencies not funded
through annual appropriations; therefore, pay-as-you-go
procedures apply. CBO estimates, however, that any net increase
in spending by those agencies would not be significant.
Enacting the bill would not affect revenues.
Intergovernmental and private-sector impact: H.R. 1232
contains no intergovernmental or private-sector mandates as
defined in UMRA and would impose no costs on state, local, or
tribal governments.
Estimate prepared by: Federal costs: Matthew Pickford;
Impact on state, local, and tribal governments: Michael Hirsch
and Leo Lex; Impact on the private sector: Tristan Hanon.
Estimate approved by: Theresa Gullo, Deputy Assistant
Director for Budget Analysis.
VI. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill. The Committee
agrees with the Congressional Budget Office that the bill
contains no intergovernmental or private-sector mandates as
defined in the Unfunded Mandates Reform Act and would impose no
costs on state, local, or tribal governments, or private
entities.
VII. Changes in Existing Statute Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, the following changes in existing
law made by the bill, as reported, are shown as follows:
(existing law proposed to be omitted is enclosed in black
brackets, new matter is printed in italic, existing law in
which no change is proposed is shown in roman):
UNITED STATES CODE
* * * * * * *
TITLE 40--PUBLIC BUILDINGS, PROPERTY, AND WORKS
* * * * * * *
CHAPTER 113--RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION TECHNOLOGY
Sec.
11301. Responsibility of Director.
* * * * * * *
11319. Resources, planning, and portfolio management.
* * * * * * *
Sec. 11302. Capital planning and investment control
(a) * * *
(b) * * *
(c) Use of Budget Process.--
(1) Definitions.--In this subsection--
(A) the term ``covered agency'' means an
agency listed in section 901(b)(1) or 901(b)(2)
of title 31; and
(B) the term ``major information technology
investment'' means an investment within a
covered agency information technology
investment portfolio that is designated by the
covered agency as major, in accordance with
capital planning guidance issued by the
Director.
([1]2) Analyzing, tracking, and evaluating capital
investments. As part of the budget process, the
Director shall develop a process for analyzing,
tracking, and evaluating the risks, including
information security risks, and results of all major
capital investments made by an executive agency for
information systems. The process shall cover the life
of each system and shall include explicit criteria for
analyzing the projected and actual costs, benefits, and
risks, including information security risks, associated
with the investments.
(3) Public availability.--
(A) In general.--The Director shall make
available to the public the cost, schedule, and
performance data for each major information
technology investment, without regard to
whether the investments are for new information
technology acquisitions or for operations and
maintenance of existing information technology.
(B) Quarterly review and certification.--
(i) In general.--For each major
information technology investment
listed under subparagraph (A), the
Chief Information Officer of the
covered agency and the program manager
of the investment within the covered
agency shall, at least once every
quarter--
(I) certify that the
information is current,
accurate, and reflects the
risks associated with each
listed investment; and
(II) identify significant
data quality issues that affect
the quality of data made
available under subparagraph
(A).
(ii) Incomplete certifications.--The
Director shall publicly identify
covered agencies with an incomplete
certification under clause (i)(I).
(C) Investment evaluation by agency CIO.--For
each major information technology investment
listed under subparagraph (A), the Chief
Information Officer of the covered agency
shall--
(i) categorize the investment
according to level of risk;
(ii) categorize the level of risk of
the investment at a risk rating that is
not lower than the higher of the cost
rating and schedule risk rating of the
investment, as determined in accordance
with guidance issued by the Director;
and
(iii) categorize the level of risk as
not lower than medium risk for any
investment determined by the Chief
Information Officer and program manager
to not employ incremental development,
as determined in accordance with
capital planning guidance issued by the
Director.
(D) Continuous availability.--The information
required under subparagraph (A), in its most
updated form, shall be publicly available at
all times.
(E) Waiver or limitation authority.--The
applicability of subparagraph (A) may be waived
or the extent of the information may be limited
by the Director, if the Director determines
that such a waiver or limitation is in the
national security interests of the United
States.
(4) Risk management.--For each major information
technology investment listed under paragraph (3)(A)
that receives a high risk rating, as described in
paragraph (3)(C), for 4 consecutive quarters--
(A) the Administrator of the Office of
Electronic Government, in conjunction with the
Chief Information Officer of the covered agency
and the program manager of the investment
within the covered agency, shall conduct a
review of the investment that shall identify--
(i) the root causes of the high level
of risk of the investment;
(ii) the extent to which these causes
can be addressed; and
(iii) the probability of future
success;
(B) the Administrator of the Office of
Electronic Government shall communicate the
results of the review under subparagraph (A)
to--
(i) the Committee on Homeland
Security and Governmental Affairs and
the Committee on Appropriations of the
Senate;
(ii) the Committee on Oversight and
Government Reform and the Committee on
Appropriations of the House of
Representatives; and
(iii) upon a request by any committee
of Congress, to that committee; and
(C) if, on the date that is 1 year after the
date of completion of the review required under
subparagraph (A), the investment is rated as
high risk under paragraph (3)(C), the Director
shall deny any request for additional
development, modernization, or enhancement
funding for the investment until the date on
which the Chief Information Officer of the
covered agency certifies that--
(i) the root causes of the high level
of risk of the investment have been
addressed; and
(ii) there is sufficient capability
to deliver the remaining planned
increments within the planned cost and
schedule.''.
([2]5) Report to congress.--At the same time that the
President submits the budget for a fiscal year to Congress
under section 1105(a) of title 31, the Director shall submit to
Congress a report on the net program performance benefits
achieved as a result of major capital investments made by
executive agencies for information systems and how the benefits
relate to the accomplishment of the goals of the executive
agencies. The report shall include an analysis of covered
agency trends reflected in the performance risk information
required in paragraph (3).
* * * * * * *
Sec. 11319. Resources, planning, and portfolio management
(a) Definitions.--In this section--
(1) the term ``covered agency'' means each agency
listed in section 901(b)(1) or 901(b)(2) of title 31;
and
(2) the term ``information technology'' has the
meaning given that term under capital planning guidance
issued by the Office of Management and Budget.
(b) Additional Authorities for CIOs.--
(1) Planning, programming, budgeting, and execution
authorities for cios.--
(A) In general.--The head of each covered
agency and each agency listed in section 102 of
title 5 shall ensure that the Chief Information
Officer of the agency has a significant role
in--
(i) the decision processes for all
annual and multi-year planning,
programming, budgeting, and execution
decisions, related reporting
requirements, and reports related to
information technology; and
(ii) the management, governance, and
oversight processes related to
information technology.
(B) Budget formulation.--
(i) In general.--The Director of the
Office of Management and Budget shall
require in the annual information
technology capital planning guidance of
the Office of Management and Budget
that the Chief Information Officer of
each covered agency--
(I) approve the information
technology budget request of
the covered agency;
(II) as part of an approval
under subclause (I), certify
that information technology
investments are adequately
implementing incremental
development, as defined in
capital planning guidance
issued by the Office of
Management and Budget; and
(III) acting in conjunction
with the Chief Human Capital
Officer of the covered agency,
review all positions with
information technology
responsibilities requested in
the budget request of the
covered agency to ensure the
positions meet the ongoing
requirements of the covered
agency.
(C) Review.--
(i) In general.--A covered agency and
an agency listed in section 102 of
title 5--
(I) may not enter into a
contract or other agreement for
information technology or
information technology
services, unless the contract
or other agreement has been
reviewed and approved by the
Chief Information Officer of
the agency;
(II) may not request the
reprogramming of any funds made
available for information
technology programs, unless the
request has been reviewed and
approved by the Chief
Information Officer of the
agency; and
(III) may use the governance
processes of the agency to
approve such a contract or
other agreement if the Chief
Information Officer of the
agency is included as a full
participant in the governance
processes.
(ii) Delegation.--
(I) In general.--Except as
provided in subclause (II), the
duties of a Chief Information
Officer under clause (i) are
not delegable.
(II) Non-major information
technology investments.--For a
contract or agreement for a
non-major information
technology investment, as
defined in the annual
information technology capital
planning guidance of the Office
of Management and Budget, the
Chief Information Officer of a
covered agency or an agency
listed in section 102 of title
5 may delegate the approval of
the contract or agreement under
clause (i) to an individual who
reports directly to the Chief
Information Officer.
(2) Personnel-related authority.--Notwithstanding any
other provision of law, for each covered agency, the
Chief Information Officer of the covered agency shall
approve the appointment of any other employee with the
title of Chief Information Officer, or who functions in
the capacity of a Chief Information Officer, for any
component organization within the covered agency.
(c) Information Technology Portfolio, Program, and Resource
Reviews.--
(1) Process.--The Director of the Office of
Management and Budget shall implement a process to
assist covered agencies in reviewing their portfolio of
information technology investments to identify or
develop--
(A) ways to increase the efficiency and
effectiveness of the information technology
investments of the covered agency;
(B) opportunities to consolidate the
acquisition and management of information
technology services, and increase the use of
shared-service delivery models;
(C) potential duplication and waste,
including unnecessary or duplicative software
licenses;
(D) potential cost-savings, including cost-
savings and cost avoidance opportunities
related to software licenses of the covered
agency;
(E) plans for actions to optimize the
information technology portfolio, programs, and
resources of the covered agency;
(F) ways to better align the information
technology portfolio, programs, and financial
resources of the covered agency to the multi-
year funding profiles and strategic plans, when
such plans are required by Congress;
(G) a multi-year strategy to identify and
reduce duplication and waste within the
information technology portfolio of the covered
agency, including component-level investments,
and projected cost-savings and avoidances
resulting therefrom; and
(H) any other goals that the Director may
establish.
(2) Metrics and performance indicators.--The Director
of the Office of Management and Budget shall develop
standardized cost-savings and cost avoidance metrics
and performance indicators, which shall be used by
agencies for the purposes of paragraph (1).
(3) Annual review.--In accordance with the process
implemented under paragraph (1), the Chief Information
Officer of each covered agency, in conjunction with the
Chief Operating Officer or Deputy Secretary (or
equivalent) of the covered agency and Administrator of
the Office of Electronic Government, shall conduct an
annual review of the information technology portfolio
of the covered agency.
(4) Quarterly reports.--
(A) In general.--The Administrator of the
Office of Electronic Government shall submit a
quarterly report on the cost-savings and
reductions in duplicative information
technology investments identified through the
review required by paragraph (3) to--
(i) the Committee on Homeland
Security and Governmental Affairs and
the Committee on Appropriations of the
Senate;
(ii) the Committee on Oversight and
Government Reform and the Committee on
Appropriations of the House of
Representatives; and
(iii) upon a request by any committee
of Congress, to that committee.
(B) Inclusion in other reports.--The reports
required under subparagraph (A) may be included
as part of another report submitted to the
committees of Congress described in clauses
(i), (ii), and (iii) of subparagraph (A).
�