Conquering FITARA Challenges via ITAM Program Development

Purpose
This article provides a systematic approach for overcoming Federal Information Technology Acquisition Reform Act (FITARA) challenges by building an effective Information Technology Asset Management (ITAM) program from the ground up. The paper also includes functional detail for development of the foundational step toward effective ITAM, which is an ITAM policy.

Background
Over the years, Federal agencies have acquired and operated a multitude of systems and software, and managed IT processes that lacked the integration necessary to fully support the agency’s objectives. Furthermore, a void of collaborative communication between the IT staff and agency leadership became obvious with wasteful financial investments in duplicate hardware and software, and the presence of outdated automated systems. Generally, the Chief Information Officer (CIO) facilitated the key IT decision making, yet rarely sought input from “the field” of IT managers and staff who directly implemented and used the IT assets. The CIO also lacked the full authority needed to execute sound financial investments as he/she was often overruled by the Chief Financial Officer (CFO) or Chief Executive Officer. This led to leadership spending acquisition dollars on the best deal vs. what was truly needed to accomplish agency and IT goals. This ineffective communication within the Federal agencies coupled with an annual spend of over $80 billion on IT products and services, of which approximately half is spent on the maintenance of old and out-of-date systems1, garnered Congressional attention that IT reform was long overdue. The FITARA was passed and enacted on December 19, 2014 and has been regarded as the most important step taken in Federal IT reform in the last 20 years. The FITARA reinforces the Clinger-Cohen Act of 1996 (Information Technology Management Reform Act) and Office of Management and Budget (OMB) Circular A-130 (Management of Federal Information Resources). It also codifies many of the requirements that have been established by OMB over the last decade.

The two main objectives of FITARA are to facilitate the development and operation of effective IT programs within budget and increase collaboration between the CIO and other key decision makers to include the CFO and the Chief Acquisition Officer (CAO). The FITARA supports the realization that in order to have a successful IT program, there needs to be a foundational governance supported by a policy that defines roles, responsibilities and interactions across the organization. Further, this policy needs to be knitted with the organization’s ITAM program. ITAM is built on the fundamental pillars of policies, processes, people, and technology that align with, and support, an organization’s business needs, strategic decision-making, and effective IT asset lifecycle management. These pillars of ITAM, however, are not equal. ITAM policy is the cornerstone of an effective ITAM program. The intertwining of FITARA requirements with ITAM within Federal agencies will help to significantly reduce the risk of IT acquisition waste and enhance overall IT program management.

Figure 1: IT Asset Management (ITAM) Pillars

These pillars of ITAM (see Figure 1), however, are not equal. ITAM policy is the cornerstone of an effective ITAM program. The intertwining of FITARA requirements with ITAM within Federal agencies will help to significantly reduce the risk of IT acquisition waste and enhance overall IT program management.

The FITARA outlines specific requirements related to:

  • Agency Chief Information Officer (CIO) authority enhancements
  • Enhanced transparency and improved risk management in IT investments
  • Portfolio review
  • Federal data center consolidation initiative
  • Expansion of training and use of IT cadres
  • Maximizing the benefit of the Federal Strategic Sourcing initiative
  • Software purchasing and licensing

A scorecard for the 24 CFO agencies is released on a bi-annual basis as an assessment of the agencies’ adherence to the legislation. An overall “A to F” letter grade is given with various IT management categories scored. The House Oversight and Government Reform Committee manages the scoring. A poor FITARA score signifies that the specific requirements of the legislation are not being met. It is a sign of IT fiscal waste and operational inefficiency. More fundamentally, it is a symptom of a poorly executed ITAM program. Thus, the focus should not merely be to get a higher FITARA score, but to develop a fully integrated and mature ITAM program that yields both operational effectiveness and fiscal benefits.

As an agency’s first step to improving both its ITAM program and FITARA score, we recommend that the agency develop and effectively socialize an ITAM policy that is relevant to their ITAM environment and business needs. After the policy is in place and effectively socialized, the next step would be to review and enhance its ITAM procedures, people and technology.

ITAM covers the management of the following six IT functional areas: Financial, Procurement, Accountability, Configuration, Operations and Security/Assurance (see Figure 2). These functional areas are all inter-related and the ITAM policy needs to, in part, define and guide the development of these inter-relationships. These functional areas should subsequently be addressed from the perspectives of processes, people and technology to guide the agency toward achieving a mature business-focused ITAM posture.

Figure 2: IT Asset Management (ITAM) Functional Areas

As the agency seeks to develop an ITAM program that supports the organization’s business in a more meaningful way, its ITAM program should seek to operate more like a business – one focused on strategy, client service, business objectives and value- based outcomes. A more business-focused approach for ITAM, in the form of a comprehensive IT business management (ITBM) strategy, can help the IT department elevate its role within the organization and help drive corporate success. In shifting to an ITBM posture, IT leaders can:

  • More clearly convey the value of IT for business executives
  • Put in place solutions for efficiently managing IT cost, quality and performance
  • Align IT with enterprise goals and enhance decision making capabilities
  • Increase business value and lower costs by integrating governance, policy and execution

Policy development is just the first step toward full ITAM maturity and Deloitte has the experience and expertise to support federal agencies along the entire journey.

Policy Development Approach
An agency’s ITAM policy should be comprehensive in scope to cover all the functional areas and encompass a strategic plan embracing leading practices for ITAM goals and procedures. In order to support efficient life cycle management of the agency’s information technology assets, the ITAM policy should focus on facilitating the effective and integrated management of the agency’s ITAM processes, people, and technology. The policy should establish the intended audience and define what needs to be accomplished so that employees have a clear understanding of what is expected of them, and the importance of these actions.

Key Facets in the Approach
Successful ITAM policies are designed to address organizational strategic goals while remaining relevant to the operating environment. The following key facets of approach are recommended to achieve that objective:

  • Assess key high-level ITAM processes, technologies, operating model, and difficulties facing the agency in order to effectively scope and structure the policy document:
    • Conduct interviews with key ITAM lifecycle process owners, business stakeholders and users across key systems (e.g., operating model and technologies) and key processes (e.g., Governance, Vendor/Contract Management, Receipt and Accountability Management, Financial Management, Operations Management, Configuration Management, Security/Assurance Management, and Software License Management).
    • Identify gaps and difficulties that can be remedied in full or in part by effective policies
  • Develop a tailored, leading-practice-based policy document that supports agency-wide focus, alignment, and maturity of the agency’s ITAM practices.

By targeting specific needs of the agency, users of this policy will be able to relate to its contents and this ultimately will enhance ease of implementation of the ITAM policy across the agency. Additionally, relevance and intuitiveness of the policy will allow the CIO to more easily and clearly convey the impact and value of the policy on IT cost, quality, performance and business value to the agency’s senior leadership.

Structure of the ITAM Policy Document
In order to achieve the goal of creating a comprehensive ITAM policy it is recommended that the policy document contain the following sections:

  • Objective
  • Scope
  • Primary Responsibilities
  • Governance
  • Financial Management
  • Acquisition & Contract Management
  • Accountability and Records Management
  • Software License Management
  • Configuration Management
  • Operations Management
  • Security & Assurance Management
  • Disposal and Re-use
  • ITAM in a Cloud Infrastructure Guidelines
  • References
  • Definitions

Conclusion
FITARA is focused on reducing and ultimately eliminating IT procurement waste. ITAM encompasses effective procurement management. ITAM is a combination of policies, processes, people, and technology that align with, and support, an organization’s business needs across the six functional areas of Financial, Procurement, Accountability, Configuration, Operations and Security/Assurance management. An ITAM policy is the foundation of any effective ITAM program, as it establishes and conveys organizational strategies, objectives, and requirements. An effective ITAM policy not only address the IT community, but all employees, helping them to understand the importance of ITAM and adherence to ITAM procedures. With an ITAM policy foundation in place, the agency will be in a better position to not just remain compliant with ITAM/FITARA requirements, but also take full advantage of the value ITAM brings to mission execution and effectiveness.

The principles of FITARA and the reality IT procurement waste are not unique to the federal sector. They are equally germane to the private sector. The approach outlined in this white paper will thus support both federal and private agencies with quickly establishing the foundational elements of their ITAM program, which will contribute to the elimination of IT procurement waste. With focus, coordination, and collaboration, an ITAM policy can typically be developed in as little as sixteen weeks, provided the agency provides resources (e.g., designated agency coordination personnel and stakeholder access) and is committed to the policy development schedule.

About Norman Pugh-Newby

Norman Pugh-Newby is the Specialist Master at Deloitte.