Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
DoD applies tighter scrutiny to business IT spending
Monday - 9/24/2012, 5:13am EDT
The changes are part of an overhaul Congress ordered the Pentagon to implement with regard to how it handles investment review boards, the internal overseers federal agencies use to greenlight spending for business IT systems. The biggest change is that the oversight mechanism will now look over both new and legacy IT systems. Virtually every system will get a once-over every year, even if money is only being spent to keep it up and running.
Dave Wennergren, assistant deputy chief management officer, Defense Department (DoD)
"The status quo can't afford to get a bye, particularly when times are tough," said Dave Wennergren, DoD's assistant deputy chief management officer. "In the IT budget for the Department of Defense, there's over $7 billion worth of business systems spent every year. Seventy-five percent of that is on sustaining the legacy. Only 25 percent is about building the new. I think that's out of whack, and we aren't forcing ourselves to look at how we're going to spend money in the future. One of the powers of tough financial times is forcing that change in conversation. We have to be able to defend everything."
"Everything" indeed includes just about every one of DoD's backoffice IT systems. Under the old process, investment review boards only examined spending for new systems under development or modernization, accounting for only about $1.8 billion out of a $7.4 billion annual total. The new process will scrutinize any funding request that amounts to at least $1 million over a five year period, including capital, operations or maintenance accounts, which are only used to sustain existing systems.
"That's a shocking thought, because there's a lot, but we've now just completed the first process of looking at every system spend and how it fits into portfolios," Wennergren told a luncheon hosted by the Northern Virginia chapter of AFCEA. "If you want to get money in fiscal 2013, you have to demonstrate compliance with the business enterprise architecture, you have to demonstrate you've done business process reengineering and you have to have a strategy that's in sync with the strategy of the department."
The new investment review process mandated in the 2012 Defense authorization bill is the latest step in a congressional push to rid DoD of business IT stovepipes that cost too much money, choke off information sharing and make the department's finances much harder to audit. The five separate investment review boards that existed until this year stopped taking new applications for funding approval a month ago. Those panels, previously responsible for separate functional areas in DoD, now are being merged into a single board led by the deputy chief management officer, Beth McGrath.
Beth McGrath, deputy chief management officer, Defense Department (DoD)
In a DoD webcast outlining the changes this summer, McGrath said the old review process didn't let the Pentagon determine whether all of its business IT investments fit into its business enterprise architecture because it couldn't oversee all of them.
"As we're looking at how the execution plans align to the functional strategies, we're going to look at compliance, whether they've identified all of the strategic alignment, what functionality those systems perform and whether they have duplication, and also the cost," she said. "I think over time we'll be looking at not only the cost of the investment but also the cost of that particular operation within the business mission area. The goal, over time, is to make sure we understand not only what investments we're making from an IT perspective, but also how they're driving our holistic business cost."
Under the legislation, business systems that meet the new criteria and aren't certified by the new IRB process will be treated seriously. Beginning with fiscal year 2013 funds, business system spending that doesn't get the board's sign-off will be treated as violations of the Anti-Deficiency Act — unauthorized obligations of taxpayer money.
"That's a terrific incentive for all of us to ensure that we have the data right, put our plans together and demonstrate strategic alignment to where the department wants to go," McGrath said. "Some people are going to ask, 'Does this really apply to me?' And the answer is probably yes. People need to ensure they're ready."
And Wennergren said there's another important incentive embedded in the new review process, designed to push DoD components to start phasing out legacy IT systems that don't fit in the department's enterprise-wide target environment.
"If you intend to sunset [your system] in the next three years, we'll waive compliance with the architecture and business process reengineering requirements and focus on the orderly shutdown of the system," he said. "If you intend to be part of the target environment for more than three years, then you're part of the core for the future, and you need to make sure you are compliant with the architecture and all the other requirements. Part of the enticement here is that we're spending most of our money on the legacy, on the past, and we're only investing a quarter of our funds in the future that we need to achieve as quickly as possible. So we're encouraging folks to find the systems that no longer fit because they're duplicative or they don't fit into the vision for the organization. In exchange for being able to sunset those systems there's a lighter load in terms of compliance, documentation and things like that."