On FITARA, ITIM, FedRAMP, and PMIA.
We all agree that exercise is a good idea and something we should be doing every day. It can reduce our risk of disease and improve our overall feeling. When we’re healthy, it’s often easy to find reasons to avoid exercising; other commitments seem more important. Sometimes it is not until we perceive imminent, negative consequences that we’re forced to change our habits. Maybe we come down with an illness that requires us to exercise regularly. This is where “right-to-do” becomes “must do”.
Like exercising individuals, some organizations demand more of themselves than others. There are varying levels of competency, and in the private sector, every company makes its own determination about what level is right for them, based on where leadership feels it needs to be. In the Federal Government, these choices are not always left up to the individual departments and agencies. Legislation sometimes requires certain action and compliance.
For example, in 1996, the Clinger-Cohen Act was introduced to improve the way departments and agencies mature project, program and portfolio management practices. The Federal Government’s approach is key to a more fit and vigorous government that can make better decisions, be held more accountable and course-correct more swiftly than before. Unfortunately, the value has yet to be fully recognized and not all the goals set forth have been met. Further action to reach a healthy state has resulted in the introduction in the last decade of FITARA, the ITIM Framework, FedRAMP, and the PMIA Act. Here’s a brief summary of what they’re about.
1. Federal Information Technology Acquisition Reform Act (FITARA)
Passed by Congress in December 2004, FITARA is the most significant Federal IT reform in the last two decades. Earlier this year, the Office of Management and Budget released guidelines outlining how agencies should apply FITARA. Key to this act is clarification of an agency’s CIO role and strengthening of the CIO’s accountability with respect to IT projects costs, schedules and performance. FITARA is meant to assist agencies in establishing an inclusive governance process for effective planning, programming, budgeting and management of IT resources. All agencies will have to meet a basic set of requirements by the end of 2015 covering processes, milestones, review gates and policies for all capital planning, project management and reporting on IT resources.
2. Information Technology Investment Management (ITIM) Framework
In March of 2004, the US General Accounting Office (GAO) issued the ITIM framework for assessing and improving process maturity. It defines five (5) progressive maturity stages for IT investment management that agencies move through: ad hoc practices, project-centric approach, portfolio-centric approach, optimizing IT investments, and finally a culture of continuous improvement. While there’s no official compliance mandate at this time, there is a renewed focus on the ITIM framework by the GAO.
3. Federal Risk and Authorization Management Program (FedRAMP)
This government-wide program provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. As more and more Agencies choose to migrate their project, program and portfolio management systems to the cloud, FedRAMP compliance becomes a crucial consideration for the product and service providers they choose to work with.
4. Program Management Improvement and Accountability (PMIA) Act of 2015
Introduced on April 30, 2015 by Rep. Gerry Connolly (D-Va.) and Todd Young (R-Ind.), this new legislation is aimed at improving how the Federal Government manages projects and cuts wasteful spending on poorly managed programs. If passed, each agency would conduct annual reviews and designate a senior executive as a Program Management Improvement Officer.
The aforementioned guidelines and frameworks signal an increased focus on improving the way government manages its investments – the “right-to-do.” When it’s evident they’re not enough, we start to see the introduction of mandates – “must do” – that require improvement and visibility. Here’s hoping this will now drive the behavior change that is being sought.