Considered by many to be the most sweeping IT reform legislation in two decades FITARA is now the law of the land, at least for the next few years when its authorization will end.

The reduction of waste and duplication in government IT spending and generation of better performance outcomes are two significant objectives of FITARA passed in 2014 as part of the National Defense Authorization Act and signed into law. Fually, the agency CIOs (excluding the military departments) now have a significant role in information technology (IT) decisions, including annual and multi-year planning, programming, budgeting, execution, reporting, management, governance, and oversight functions.

FITARA requires the Office of Management and Budget’s (OMB’s) CIOs (excluding the military departments) to: (1) approve their agency’s IT budget requests, (2) certify that IT investments adequately implement incremental development, and (3) ensure that all requested IT positions meet ongoing requirements.

In addition, it requires OMB to make changes in its reporting requirements with an emphasis on net program performance benefits. In addition GSA is required, by this legislation, to to develop a strategic sourcing initiative “to enhance government-wide acquisition, shared use, and dissemination of software, as well as compliance with end user license agreements. It also requires the GSA to allow the purchase of a license agreement that is available for use by all executive agencies as one user.”

The expectation is that the agencies will do the right thing. Historically a very few agencies will do what is right and others will ignore the legislation, especially if there are no penalties for doing so, or will do the minimum required as often has been the case with the IT Dashboard — the subject of another blog.

More is required — allowing the agencies to interpret FITARA for its own operations appears to allow the agencies to continue to do what they have always done. Without an oversight requirement the agencies have the freedom to continue being less than truthful with the numbers they report or with their accomplishments. Agencies will have the option to create their own criteria for which (dollar size) projects must be signed by the CIO and which can be signed by a designated person and for the frequency, depth and scope of IT portfolio evaluation.

Maybe some basic criteria need to be legislated. These might include the lowest dollar value of an IT project that must be authorized by the CIO, the frequency of the IT portfolio evalution, the dollar value or the criticality (based on organizational mission) of a project that required the use of independent verification and validation and the use of voluntary consensus standard. The latter being mandated by OMB in its Circular A-119. Or maybe that independent verification and validation – not merely independent testing be required for all IT development projects above a specified threshold and those that are mission critical.

Just a thought.