1.This Act may be cited as
the Information Technology Investment
Oversight Enhancement and Waste Prevention Act of
2008
.
2.
(a)Significant and
gross deviationsSection 11317 of title 40, United States Code,
is amended to read as follows:
11317.Significant
and gross deviations
(a)In
this subchapter:
(1)The term Agency Head means the head of the
Federal agency that is primarily responsible for the IT investment project
under review.
(2)The term ANSI EIA–748 Standard means the
measurement tool jointly developed by the American National Standards Institute
and the Electronic Industries Alliance to analyze earned value management
systems.
(3)Appropriate
congressional committeesThe term appropriate
congressional committees
means—
(A)the
Committee on Homeland Security and
Governmental Affairs of the Senate;
(B)the
Committee on Oversight and Government Reform of
the House of Representatives;
(C)the
Committee on Appropriations of the
Senate;
(D)the
Committee on Appropriations of the House of
Representatives; and
(E)any other
relevant congressional committee with jurisdiction over an agency required to
take action under this section.
(4)Chief
information officerThe term Chief Information
Officer means the Chief Information Officer designated under section
3506(a)(2) of title 44 of the Federal agency that is primarily responsible for
the IT investment project under review.
(5)Core IT
investment projectThe terms core IT investment
project and core project mean a mission critical IT
investment project jointly designated as such by the Agency Head and the
Director under subsection (b).
(6)The
term Director means the Director of the Office of Management and
Budget.
(7)The term grossly deviated means cost,
schedule, or performance variance that is at least 40 percent from the Original
Baseline.
(8)Independent
cost estimateThe term independent cost estimate
means a pragmatic and neutral analysis, assessment, and quantification of all
costs and risks associated with the acquisition of an IT investment project,
which—
(A)is based on
programmatic and technical specifications provided by the office within the
agency with primary responsibility for the development, procurement, and
delivery of the project;
(B)is formulated and
provided by an entity other than the office within the agency with primary
responsibility for the development, procurement, and delivery of the
project;
(C)contains
sufficient detail to inform the selection of a baseline benchmark measure under
the ANSI EIA–748 standard; and
(D)accounts for the
full life cycle cost plus associated operations and maintenance expenses over
the usable life of the project’s deliverables.
(9)The terms IT investment project and
project mean an information technology system or acquisition
that—
(A)requires special
management attention because of its importance to the mission or function of
the agency, a component of the agency, or another organization;
(B)is for financial
management and obligates more than $500,000 annually;
(C)has significant
program or policy implications;
(D)has high
executive visibility;
(E)has high
development, modernization, or enhancement costs;
(F)is funded through
other than direct appropriations; or
(G)is defined as
major by the agency’s capital planning and investment control process.
(10)The term life cycle cost means the total cost
of an IT investment project for planning, research and development,
modernization, and enhancement.
(11)
(A)Except as provided under subparagraph (B), the term
Original Baseline means the ANSI EIA–748 Standard-compliant cost,
schedule, and performance benchmark established at the commencement of an IT
investment project contract.
(B)If an IT investment project grossly deviates
from its Original Baseline (as defined in subparagraph (A)), the term
Original Baseline means the ANSI EIA–748 Standard-compliant cost,
schedule, and performance benchmark established under subsection
(e)(3)(C).
(12)The term significantly deviated means cost,
schedule, or performance variance that is at least 20 percent from the Original
Baseline.
(b)Core IT
investment projects
(1)Except
as provided under paragraph (2), each Agency Head and the Director shall
jointly designate not fewer than 5 of the agency’s most mission critical IT
investment projects as core IT investment projects
or
core projects
, after considering, among other factors—
(A)whether the
project represents a high-dollar value relative to the average IT investment
project in the agency’s portfolio;
(B)whether the
project delivers a capability critical to the successful completion of the
agency mission, or a portion of such mission; and
(C)whether the
project incorporates unproven or previously undeveloped technology to meet
primary project technical requirements.
(2)If
the Agency Head and the Director jointly determine that fewer than 5 IT
investment projects meet the criteria described in paragraph (1), the
Director—
(A)may provide the
agency with written authorization to designate fewer than 5 projects;
and
(B)shall submit a
report to the appropriate congressional committees that contains notice of, and
justification for, any such authorization.
(c)Cost, schedule,
and performance reports
(1)Not later than 7 days after the end of each fiscal
quarter, the project manager for an IT investment project shall submit a
written report to the Chief Information Officer that includes, as of the last
day of the applicable quarter—
(A)a description of
the cost, schedule, and performance of all projects under the project manager’s
supervision;
(B)the original and
current project cost, schedule, and performance benchmarks for each project
under the project manager’s supervision;
(C)the cost,
schedule, or performance variance related to each IT investment project under
the project manager’s supervision since the commencement of the
contract;
(D)for each project
under the project manager’s supervision, any known, expected, or anticipated
changes to project schedule milestones or project performance benchmarks
included as part of the original or current baseline description; and
(E)the current cost,
schedule, and performance status of all projects under supervision that were
previously identified as significantly deviated or grossly deviated.
(2)If the project manager for an IT investment project
determines that there is reasonable cause to believe that an IT investment
project has significantly deviated or grossly deviated since the issuance of
the latest quarterly report, the project manager shall submit to the Chief
Information Officer, not later than 7 days after such determination, a report
on the project that includes, as of the date of the report—
(A)a description of
the original and current program cost, schedule, and performance
benchmarks;
(B)the cost,
schedule, or performance variance related to the IT investment project since
the commencement of the contract;
(C)any known,
expected, or anticipated changes to the project schedule milestones or project
performance benchmarks included as part of the original or current baseline
description; and
(D)the major reasons
underlying the significant or gross deviation of the project.
(d)Determination
of significant deviation
(1)Chief
information officerUpon receiving a report under subsection (c),
the Chief Information Officer shall—
(A)determine if any
IT investment project has significantly deviated; and
(B)report such
determination to the Agency Head.
(2)Congressional
notificationIf the Chief Information Officer determines under
paragraph (1) that an IT investment project has significantly deviated and the
Agency Head has not issued a report to the appropriate congressional committees
of a significant deviation for that project under this section since the
project was last required to be re-baselined under this section, the Agency
Head shall submit a report to the appropriate congressional committees and to
the Government Accountability Office that includes—
(A)written
notification of such determination;
(B)the date on which
such determination was made;
(C)the amount of the
cost increases and the extent of the schedule delays with respect to such
project;
(D)any requirements
that—
(i)were added
subsequent to the original contract; or
(ii)were originally
contracted for, but were changed by deferment or deletion from the original
schedule, or were otherwise no longer included in the requirements contracted
for;
(E)an explanation of
the differences between—
(i)the estimate at
completion between the project manager, any contractor, and any independent
analysis; and
(ii)the original
budget at completion;
(F)the rough order
of magnitude of the costs of any reasonable alternative system, or reasonable
alternative approach to establishing an equivalent outcome or
capability;
(G)a statement of
the reasons underlying the project’s significant deviation;
(H)the identities of
the project managers responsible for program management and cost control of the
program; and
(I)a summary of the
plan of action to remedy the significant deviation.
(3)
(A)Notification
based on quarterly reportIf the determination of significant
deviation is based on a report submitted under subsection (b)(1), the Agency
Head shall notify Congress in accordance with paragraph (2) not later than 14
days after the end of the quarter upon which such report is based.
(B)Notification
based on interim reportIf the determination of significant
deviation is based on a report submitted under subsection (b)(2), the Secretary
shall notify Congress in accordance with paragraph (2) not later than 14 days
after the submission of such report.
(e)Determination
of gross deviation
(1)Chief
information officerUpon receiving a report under subsection (c),
the Chief Information Officer shall—
(A)determine if any
IT investment project has grossly deviated; and
(B)report any such
determination to the Agency Head.
(2)Congressional
notificationIf the Chief Information Officer determines under
paragraph (1) that an IT investment project has grossly deviated and the Agency
Head has not issued a report to the appropriate congressional committees of a
gross deviation for that project under this section since the project was last
required to be re-baselined under this section, the Agency Head shall submit a
report to the appropriate congressional committees and to the Government
Accountability Office that includes—
(A)written
notification of such determination, which states—
(i)the date on which
such determination was made; and
(ii)an indication of
whether or not the project has been previously reported as a significant or
gross deviation by the Chief Information Officer, and the date of any such
report;
(B)incorporations by
reference of all prior reports to Congress on the project required under this
section;
(C)updated accounts
of the items described in subparagraphs (C) through (H) of subsection
(d)(2);
(D)the original
estimate at completion for the project manager, any contractor, and any
independent analysis;
(E)a graphical
depiction of actual cost variance since the commencement of the
contract;
(F)the amount, if
any, of incentive award fees any contractor has received since the commencement
of the contract and the reasons for receiving such award fees;
(G)the project
manager’s estimated cost at completion and estimated completion date for the
project if current requirements are not modified;
(H)the project
manager’s estimated cost at completion and estimated completion date for the
project based on reasonable modification of such requirements;
(I)an explanation of
the most significant occurrence contributing to the variance identified,
including cost, schedule, and performance variances, and the effect such
occurrence will have on future project costs and program schedule;
(J)a statement
regarding previous or anticipated re-baselining or re-planning of the project
and the names of the individuals responsible for approval;
(K)the original life
cycle cost of the investment and the expected life cycle cost of the investment
expressed in constant base year dollars and in current dollars; and
(L)a comprehensive
plan of action to remedy the gross deviation, and milestones established to
control future cost, schedule, and performance deviations in the future.
(3)If the Chief Information Officer determines under
paragraph (1) that an IT investment project has grossly deviated, the Agency
Head, in consultation with the Chief Information Officer, shall ensure
that—
(A)a report is
submitted to the appropriate congressional committees that—
(i)describes the
primary business case and key functional requirements for the project;
(ii)describes any
portions of the project that have technical requirements of sufficient clarity
that such portions may be feasibly procured under firm, fixed-price
contract;
(iii)includes a
certification by the Agency Head, after consultation with the Chief Information
Officer, that all technical requirements have been reviewed and validated to
ensure alignment with the reported business case;
(iv)describes any
changes to the primary business case or key functional requirements which have
occurred since project inception; and
(v)includes an
independent cost estimate for the project conducted by an entity approved by
the Director;
(B)an analysis is
submitted to the appropriate congressional committees that—
(i)describes agency
business goals that the project was originally designed to address;
(ii)includes a gap
analysis of what project deliverables remain in order for the agency to
accomplish the business goals referred to in clause (i);
(iii)identifies the
3 most cost-effective alternative approaches to the project which would achieve
the business goals referred to in clause (i); and
(iv)includes a
cost-benefit analysis, which compares—
(I)the completion of
the project with the completion of each alternative approach, after factoring
in future costs associated with the termination of the project; and
(II)the termination
of the project without pursuit of alternatives, after factoring in foregone
benefits; and
(C)a new baseline of
the project is established that is consistent with the independent cost
estimate required under subparagraph (A)(v); and
(D)the project is
designated as a core IT investment project and subjected to the requirements
under subsection (f).
(4)Deadline and
funding contingency
(A)Notification
and remedial action based on quarterly report
(i)If the determination of gross deviation is based on a
report submitted under subsection (c)(1), the Agency Head shall—
(I)not later than 45
days after the end of the quarter upon which such report is based, notify the
appropriate congressional committees in accordance with paragraph (2);
and
(II)not later than
180 days after the end of the quarter upon which such report is based, ensure
the completion of remedial action under paragraph (3).
(ii)Failure to
meet deadlinesIf the Agency Head fails to meet the deadlines
described in clause (i)(II), additional funds may not be obligated to support
expenditures associated with the project until the requirements of this
subsection have been fulfilled.
(B)Notification
and remedial action based on interim report
(i)If the determination of gross deviation is based on a
report submitted under subsection (c)(2), the Secretary shall—
(I)not later than 45
days after the submission of such report, notify the appropriate congressional
committees in accordance with paragraph (2); and
(II)not later than
180 days after the submission of such report, ensure the completion of remedial
action in accordance with paragraph (3).
(ii)Failure to
meet deadlinesIf the Agency Head fails to meet the deadlines
described in clause (i)(II), additional funds may not be obligated to support
expenditures associated with the project until the requirements of this
subsection have been fulfilled.
(f)Additional
requirements for core IT investment project reports
(1)If a report described in subsection (e)(3)(A) has not been
submitted for a core IT investment project, the Agency Head, in coordination
with the Chief Information Officer and responsible program managers, shall
prepare an initial report for inclusion in the first budget submitted to
Congress under section 1105(a) of title 31, United States Code, after the
designation of a project as a core IT investment project, which
includes—
(A)a description of
the primary business case and key functional requirements for the
project;
(B)an identification
and description of any portions of the project that have technical requirements
of sufficient clarity that such portions may be feasibly procured under firm,
fixed-price contracts;
(C)an independent
cost estimate for the project;
(D)certification by
the Chief Information Officer that all technical requirements have been
reviewed and validated to ensure alignment with the reported business case;
and
(E)any changes to
the primary business case or key functional requirements which have occurred
since project inception.
(2)Quarterly
review of business caseThe Agency Head, in coordination with the
Chief Information Officer and responsible program managers, shall—
(A)monitor the
primary business case and core functionality requirements reported to Congress
for designated core IT investment projects; and
(B)if changes to the
primary business case or key functional requirements for a core IT investment
project occur in any fiscal quarter, submit a report to Congress not later than
7 days after the end of such quarter that details the changes and describes the
impact the changes will have on the cost and ultimate effectiveness of the
project.
(3)Alternative
significant deviation determinationIf the Chief Information
Officer determines, subsequent to a change in the primary business case or key
functional requirements, that without such change the project would have
significantly deviated—
(A)the Chief
Information Officer shall notify the Agency Head of the significant deviation;
and
(B)the Agency Head
shall fulfill the requirements under subsection (d)(2) in accordance with the
deadlines under subsection (d)(3).
(4)Alternative
gross deviation determinationIf the Chief Information Officer
determines, subsequent to a change in the primary business case or key
functional requirements, that without such change the project would have
grossly deviated—
(A)the Chief
Information Officer shall notify the Agency Head of the gross deviation;
and
(B)the Agency Head
shall fulfill the requirements under subsections (e)(2) and (e)(3) in
accordance with subsection
(e)(4).
.
(b)Inclusion in
the budget submitted to congressSection 1105(a) of title 31,
United States Code, is amended—
(1)in the matter
preceding paragraph (1), by striking include in each budget the
following:
and inserting include in each budget—
;
(2)by redesignating
the second paragraph (33) (as added by section 889(a) of Public Law 107–296) as
paragraph (35);
(3)in each of
paragraphs (1) through (34), by striking the period at the end and inserting a
semicolon;
(4)in paragraph (35)
(as redesignated by paragraph (2)), by striking the period at the end and
inserting ; and
; and
(5)by adding at the
end the following:
(36)the reports
prepared under section 11317(f) of title 40, United States Code, relating to
the core IT investment projects of the
agency.
.
(c)Improvement of
information technology acquisition and developmentSubchapter II
of chapter 113 of title 40, United States Code, is amended by adding at the end
the following:
11319.Acquisition
and development
(a)Establishment
of programsNot later than 120 days after the date of the
enactment of this section, each Agency Head (as defined in section 11317(a) of
title 49, United States Code) shall establish a program to improve the
information technology (referred to in this section as IT
)
processes of the agency overseen by the Agency Head.
(b)Each program established pursuant to this section
shall include—
(1)a documented
process for information technology acquisition planning, requirements
development and management, project management and oversight, earned-value
management, and risk management;
(2)the development
of appropriate metrics for performance measurement of—
(A)processes and
development status; and
(B)continuous
process improvement;
(3)a process to
ensure that key program personnel have an appropriate level of experience or
training in the planning, acquisition, execution, management, and oversight of
information technology; and
(4)a process to
ensure that the applicable department and subcomponents implement and adhere to
established processes and requirements relating to the planning, acquisition,
execution, management, and oversight of information technology programs and
developments.
(c)The Director of the Office of Management and Budget
shall—
(1)prescribe
uniformly applicable guidance to the administration of all the programs
established under subsection (a); and
(2)take any actions
that are necessary to ensure that Federal agencies comply with the
guidance.
(d)Annual report
to CongressNot later than the last day of February of each year,
the Agency Head shall submit a report to Congress that includes—
(1)a detailed
summary of the accomplishments of the program established by the Agency Head
pursuant to this section;
(2)the status of
completeness of implementation of each of the program requirements, and the
date each such requirement was deemed to be completed;
(3)the percentage of
Federal IT projects covered under the program compared to all of the IT
projects of the agency, listed by number of programs and by annual dollars
expended;
(4)the
identification, listed by name and position, of—
(A)the person
assigned responsibility for implementation and management of the program and
the percent of such person’s time used to carry out such responsibility;
and
(B)the person to
whom the person described in subparagraph (A) reports;
(5)a detailed
breakdown of the sources and uses of the amounts spent by the agency during the
previous fiscal year to support the activities of the program;
(6)a copy of any
guidance issued under the program and a statement regarding whether each such
guidance is mandatory;
(7)the
identification of the metrics developed in accordance with subsection
(b)(2);
(8)a description of
how paragraphs (3) and (4) of subsection (b) have been implemented and any
related agency guidance; and
(9)a description of
how continuous process improvement has been implemented and the objectives of
such
guidance.
.
(d)The table of sections for chapter 113 of title 40,
United States Code, is amended—
(1)by striking the
item relating to section 11317 and inserting the following:
11317. Significant and gross
deviations.
;
and
(2)by inserting
after the item relating to section 11318 the following:
11319. Acquisition and
development.
.
3.
(a)The
Director of the Office of Management of Budget (referred to in this section as
the Director
), in consultation with the Administrator of the
Office of Electronic Government and Information and Technology at the Office of
Management and Budget (referred to in this section as the E-Gov
Administrator
), shall assist agencies in avoiding significant and gross
deviations in the cost, schedule, and performance of IT investment projects (as
such terms are defined in section 11317(a) of title 40, United States
Code).
(b)
(1)Not
later than 180 days after the date of the enactment of this Act, the E-Gov
Administrator shall establish a small group of individuals (referred to in this
section as the IT Strike Force
) to carry out the purpose
described in subsection (a).
(2)Individuals
selected for the IT Strike Force—
(A)shall be
certified at the Senior/Expert level according to the Federal Acquisition
Certification for Program and Project Managers (FAC–P/PM); or
(B)shall have
comparable education, certification, training, and experience to successfully
manage high-risk IT investment projects.
(3)The
Director, in consultation with the E-Gov Administrator, shall determine the
number of individuals who will be selected for the IT Strike Force.
(c)
(1)The
E-Gov Administrator shall identify consultants in the private sector who have
expert knowledge in IT program management and program management review teams.
Not more than 20 percent of such consultants may be formally associated with
any 1 of the following types of entities:
(A)Commercial
firms.
(B)Nonprofit
entities.
(C)Research and
development corporations receiving Federal financial assistance.
(2)
(A)Consultants identified under paragraph (1) may be used to
assist the IT Strike Force in assessing and improving IT investment
projects.
(B)Consultants
with a formally established relationship with an organization may not
participate in any assessment involving an IT investment project for which such
organization is under contract to provide technical support.
(C)The
limitation described in subparagraph (B) may not be construed as precluding
access to anyone having relevant information helpful to the conduct of the
assessment.
(3)The
E-Gov Administrator, in conjunction with the Administrator of the General
Services Administration (GSA), may establish competitively bid contracts with 1
or more qualified consultants, independent of any GSA schedule.
(d)Initial
response to anticipated significant or gross deviationIf the
E-Gov Administrator determines there is reasonable cause to believe that a
major IT investment project is likely to significantly or grossly deviate (as
defined in section 11317(a) of title 40, United States Code), including the
receipt of inconsistent or missing data, the E-Gov Administrator shall carry
out the following activities:
(1)Recommend the
assignment of 1 or more members of the IT Strike Force to assess the project in
accordance with the scope and time period described in section 11317(c)(1) of
title 40, United States Code, beginning not later than 7 days after such
recommendation. No member of the Strike Force who is associated with the
department or agency whose IT investment project is the subject of the
assessment may be assigned to participate in this assessment. Such limitation
may not be construed as precluding access to anyone having relevant information
helpful to the conduct of the assessment.
(2)If the E-Gov
Administrator determines that 1 or more qualified consultants are needed to
support the efforts of the IT Strike Force under paragraph (1), negotiate a
contract with the consultant to provide such support during the period in which
the IT Strike Force is conducting the assessment described in paragraph
(1).
(3)Ensure that the
costs of an assessment under paragraph (1) and the support services of 1 or
more consultants under paragraph (2) are paid by the major IT investment
project being assessed.
(4)Monitor the
progress made by the IT Strike Force in assessing the project.
(e)Reduction of
significant or gross deviationIf the E-Gov Administrator
determines that the assessment conducted under subsection (d) confirms that a
major IT investment project is likely to significantly or grossly deviate, the
E-Gov Administrator shall recommend that the Agency Head (as defined in section
11317(a)(1) of title 40, United States Code) take steps to reduce the
deviation, which may include—
(1)providing
training or mentoring to improve the qualifications of the program
manager;
(2)replacing the
program manager or other staff;
(3)supplementing the
program management team with Federal Government employees or independent
contractors;
(4)terminating the
project; or
(5)hiring an
independent contractor to report directly to senior management and the E-Gov
Administrator.
(f)
(1)The
Director may direct an Agency Head to reprogram amounts which have been
appropriated for such agency to pay for an assessment under subsection
(d).
(2)An
Agency Head who reprograms appropriations under paragraph (1) shall notify the
Committee on Appropriations of the
Senate and the Committee on
Appropriations of the House of Representatives of any such
reprogramming.
(g)The Director shall include in the annual Report to
Congress on the Benefits of E-Government Initiatives a detailed summary of the
composition and activities of the IT Strike Force, including—
(1)the number and
qualifications of individuals on the IT Strike Force;
(2)a description of
the IT investment projects that the IT Strike Force has worked during the
previous fiscal year;
(3)the major issues
that necessitated the involvement of the IT Strike Force to assist agencies
with assessing and managing IT investment projects and whether such issues were
satisfactorily resolved;
(4)if the issues
referred to in paragraph (3) were not satisfactorily resolved, the issues still
needed to be resolved and the Agency Head’s plan for resolving such
issues;
(5)a detailed
breakdown of the sources and uses of the amounts spent by the Office of
Management and Budget and other Federal agencies during the previous fiscal
year to support the activities of the IT Strike Force; and
(6)a determination
of whether the IT Strike Force has been effective in reducing the amount of IT
investment projects that deviate or significantly deviate.