1.4.3 Agency IT Authorities – OMB Guidance

This section consists of language from OMB guidance that further demarcates, expands upon, or clarifies IT authorities assigned to agencies. This language directly or indirectly tasks the CIO with duties or responsibilities pertaining to IT budgeting. See sections on OMB Memoranda and OMB Circulars for more information about these forms of OMB guidance. See sections on Office of Inspector General (OIG) and Government Accountability Office (GAO) to review how compliance with policies is measured.

Planning, Programming, and Budgeting
[Agencies] shall in accordance with FITARA and related OMB policy:

Ensure that IT resources are distinctly identified and separated from non-IT resources during the planning, programming, and budgeting processes in a manner that affords agency CIOs appropriate visibility and specificity to provide effective management and oversight of IT resources;
Ensure that the agency-wide budget development process includes the CFO, CAO, and CIO in the planning, programming, and budgeting stages for programs that include IT resources (not just programs that are primarily information-and technology-oriented);
The agency head, in consultation with the CFO, CAO, CIO, and program leadership, shall define the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources that achieve program and business objectives efficiently and effectively by:
1. Weighing potential and ongoing IT investments and their underlying capabilities against other proposed and ongoing IT investments in the portfolio; and
2. Identifying gaps between planned and actual cost, schedule, and performance goals for IT investments and developing a corrective action plan to close such gaps;
Ensure that the CIO approves the IT components of any plans, through a process defined by the agency head that balances IT investments with other uses of agency funding. Agencies shall also ensure that the CIO is included in the internal planning processes for how the agency uses information resources to achieve its objectives at all points in their life cycle, including operations and disposition or migration;
Ensure that the CFO, CAO, and CIO define agency-wide policy for the level of detail of planned expenditure reporting for all transactions that include IT resources. (OMB Circular A-130. Managing Information as a Strategic Resource. Page 8.)

Major IT Business Cases
OMB provides specific policy, procedural, and analytic guidelines for planning, budgeting, acquisition, and management of major IT capital investments, which is defined within the IT Budget - Capital Planning Guidance, Appendix C of the current fiscal year, in addition to general guidance issued in OMB Circular A-11 and OMB Circular A-130.

An agency’s Major IT Business Case describe the justification, planning, implementation, and operations of individual capital assets included in the Agency IT Portfolio Summary and serve as key artifacts of the agency’s enterprise architecture (EA) and IT capital planning processes. The Major IT Business Case is comprised of two components:

The Major IT Business Case itself, which provides key high-level investment information to inform budget decisions, including general information and planning for resources such as staffing and personnel.
The regular information updates to the Major IT Business Case, which provides more temporal information, related to tracking management of an investment, such as projects and activities, risks, and operational performance of the investment. This includes the CIO’s responsibility to assess each Major IT Investment pursuant to 40 U.S.C. 11315(c)(2). (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Information Technology Investments.)

Transition to Government-wide Acquisition Strategies and Create Accountability - Consolidate Agency Requirements
To fully leverage the Government’s buying power, improve the Government’s management of its information resources and drive down costs, agencies must be able to select the right size of service by pooling resources and minimizing the risk of overage charges. Therefore, effective immediately, except as provided in this policy, all covered civilian agencies shall leverage the existing Government-wide GSA mobile solution, in accordance with commercial practices and FAR Part 8. (OMB M-16-20. Category Management Policy 16-3: Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services. August 2016.)

Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response
This memorandum updates a longstanding OMB policy, first implemented in 2006, to maximize federal agency use of a government-wide solution for acquiring identity protection services when needed. This memorandum requires, with limited exceptions, that when agencies need identity protection services, agencies address their requirements by using the government-wide blanket purchase agreements (BPAs) for Identity Monitoring Data Breach Response and Protection Services awarded by the General Services Administration (GSA), referred to below as the “IPS BPAs.” (OMB M-16-14. Category Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response. July 2016.)

Guidance to CFO Act Agencies on IT Working Capital Funds
Section B of this guidance is applicable to all CFO Act agencies (as defined in 31 U.S.C. §901 (b)). Under the Modernizing Government Technology (MGT) Act, all CFO Act agencies are authorized to establish an IT Working Capital Fund (WCF). IT WCFs may only be used:

To improve, retire, or replace existing information technology systems to enhance cybersecurity of existing systems and to improve efficiency and effectiveness of the life of a given workload;
To transition legacy information technology systems to commercial cloud computing and other innovative commercial platforms and technologies, including those serving more than one covered agency with common requirements;
To assist and support covered agency efforts to provide adequate, risk-based, and cost-effective information technology capabilities that address evolving threats to information security;
To reimburse funds transferred to the agency from the Technology Modernization Fund; and
For a program, project, or activity or to increase funds for any program, project, or activity that has not been denied or restricted by Congress. ( OMB M-18-12. Implementation of the Modernizing Government Technology Act. February 2018.)

Evidence Use
Budget submissions also should include a separate section on agencies’ most innovative uses of evidence and evaluation, addressing some or all of the issues below.

Proposing new evaluations:
1. Low-cost evaluations using administrative data or new technology;
2. Evaluations linked to waivers and performance partnerships;
3. Expansion of evaluation efforts within existing programs;
4. Systemic measurement of costs and cost per outcome.
Using comparative cost-effectiveness data to allocate resources
Infusing evidence into grant-making
Using evidence to inform enforcement
Strengthening agency evaluation capacity – agencies should have a high-level official who is responsible for program evaluation and can:
1. Develop and manage the agency’s research agenda;
2. Conduct or oversee rigorous and objective studies;
3. Provide independent input to agency policymakers on resource allocation and to program leaders on program management;
4. Attract and retain talented staff and researchers, including through flexible hiring authorities such as the Intergovernmental Personnel Act; and
5. Refine program performance measures, in collaboration with program managers and the Performance Improvement Officer (PIO). (OMB M-12-14. Use of Evidence and Evaluation in the 2014 Budget. May 2012.)