1.2.4 Agency IT Authorities - OMB Guidance

This section consists of language from OMB guidance that further demarcates, expands upon, or clarifies IT authorities assigned to agencies. This language directly or indirectly tasks the CIO with duties or responsibilities pertaining to IT strategic planning. See sections on OMB Memoranda and OMB Circulars for more information about these forms of OMB guidance. See sections on Office of Inspector General (OIG) and Government Accountability Office (GAO) to review how compliance with policies is measured.

Strategic Planning
In support of agency missions and business needs, and as part of the agency’s overall strategic and performance planning processes, agencies shall develop and maintain an Information Resources Management (IRM) Strategic Plan that describes the agency’s technology and information resources goals, including but not limited to, the processes described in this Circular. The IRM Strategic Plan must support the goals of the Agency Strategic Plan required by the Government Performance and Results Modernization Act of 2010. (Circular A-130. Managing Information as a Strategic Resource. July 2016.)

Enterprise Architecture (EA)
Agency shall develop an enterprise architecture (EA) that describes the baseline architecture, target architecture, and a transition plan to get to the target architecture. The agency’s EA shall align to their IRM Strategic Plan. The EA should incorporate agency plans for significant upgrades, replacements, and disposition of information systems when the systems can no longer effectively support missions or business functions. (Ibid, Inventories.)

Identification of Objectives
Risk must be analyzed in relation to achievement of the strategic objectives established in the Agency strategic plan (See OMB Circular No. A-11, Section 230), as well as risk in relation to appropriate operational objectives. Specific objectives must be identified and documented to facilitate identification of risks to strategic, operations, reporting, and compliance. (Circular A-123. Management’s Responsibility for Enterprise Risk Management and Internal Control. July 2016.)

Strategic Planning Purpose
An agency’s strategic goals and objectives should be used to align resources and guide decision- making to accomplish priorities to improve outcomes. It should inform agency decision-making about the need for major new acquisitions, information technology, strategic human capital planning, evaluations, and other evidence-building and evidence-capacity building investments. Strategic Plans can also help agencies invite ideas and stimulate innovation to advance agency goals. The Strategic Plan should support planning across organizational operating units and describe how agency components are working toward common results. Agencies should plan to address the content as established in section 210 when establishing a new or updated Agency Strategic Plan, and should use findings from strategic reviews as well as the development of enterprise risk management profiles and their analysis of risks to help the agency identify the most effective long-term strategies. Additionally, the [Foundations for Evidence-Based Policy Making Act] requires the agency's Strategic Plan include a separate section on evidence- building, referred to as the Learning Agenda as well as a Capacity Assessment. See section 290 for additional guidance describing the relationship of agency Learning Agendas to the Agency Strategic Plan. ( OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Agency Strategic Planning.)

Information Resources Management (IRM) Strategic Plans
Agencies are required to submit Information Resources Management (IRM) Strategic Plans which should fully align with the current Agency Strategic Plan and shall be reviewed annually alongside the Annual Performance Plan Reviews, required by the GPRA Modernization Act, to determine if there are any performance gaps or changes to mission needs, priorities, or goals. IRM Strategic Plans should be updated to align with Agency Strategic Plans as specified in A-11 section 230.4. Agencies should identify where they are making investments and performing activities in support of 44 U.S.C. 3506. At a minimum, agencies should include Open Data Plans to demonstrate how they are supporting priority data improvements that support agency goals and missions. Open Data Plans support agency compliance with the statutory requirements described in 44 U.S.C. 3506 per the Foundations for Evidence-Based Policymaking Act of 2018 (Public Law 115-435). Pursuant to 44 U.S.C. 3506, agencies are required to describe how information resources management activities help accomplish agency missions; this includes but is not limited to developing an open data plan that is updated annually and made publicly available on the website of the agency. (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Information Technology investments.)

Policy Requirements
Agencies management of information resources must begin at the earliest stages of the planning process, well before information is collected or created. Early strategic planning will allow the Federal Government to design systems and develop processes that unlock the full value of the information and provide a foundation from which agencies can continue to manage information throughout its life cycle.

Collect or create information in a way that supports downstream information processing and dissemination activities. Consistent with OMB Circular A-130, agencies must consider, at each stage of the information life cycle, the effects of decisions and actions on other stages of the life cycle. Accordingly, to the extent permitted by law, agencies must design new information collection and creation efforts so that the information collected or created supports downstream interoperability between information systems and dissemination of information to the public, as appropriate, without the need for costly retrofitting.

Build Information Systems to Support Interoperability and Information Accessibility
Through their acquisition and technology management processes, agencies must build or modernize information systems in a way that maximizes interoperability and information accessibility, to the extent practicable and permitted by law. (OMB M-13-13. Open Data Policy-Managing Information as an Asset. May 2013.)

[Data Center Optimization Initiative] Strategic Plans
In accordance with FITARA, each agency head shall annually publish a [Data Center Optimization Initiative (DCOI) Strategic Plan] to describe the agency’s consolidation and optimization strategy until [the date the policy sunsets]. (OMB M-19-19. Update to Data Center Optimization Initiative. June 2019.) The National Defense Authorization Act of 2020 extended these requirements through October 1, 2022 (Public Law 116-192. National Defense Authorization Act for Fiscal Year 2020.). The DCOI Strategic Plan and milestones described below replace existing requirements for data center consolidation plans.

Agencies’ DCOI Strategic Plans must include, at a minimum, the following:

Planned and achieved performance levels for each optimization metric, by year;
Planned and achieved closures, by year;
An explanation for any optimization metrics and closures for which the agency did not meet the planned level in a previous Strategic Plan;
Year-by-year calculations of target and actual agency-wide spending and cost savings on data centers through the sunset of this policy, including: A description of any initial costs for data center consolidation and optimization; and Life cycle cost savings and other improvements (including those beyond the sunset of this policy, if applicable).
Historical costs, cost savings, and cost avoidances due to data center consolidation and optimization; and
A statement from the agency CIO stating whether the agency has complied with all reporting requirements in this memorandum and the data center requirements of FITARA. If the agency has not complied with all reporting requirements, the agency must provide a statement describing the reasons for not complying.