Making the Grade
How does it all work? Let's breakdown the seven main categories of OGR's biannual scorecard.
Agency CIO Authority Enhancements (Incremental Development)
Looks at how many IT investments are implementing incremental development – aka, delivering functionality every six months.
Here, agency grades map directly to school grades. So if 90-100% of your software projects are implementing adequate incremental development, you get an A.
Enhanced Transparency and Improved Risk Management (OMB's IT Dashboard)
Tracks the degree of risk in major IT investments, so agencies can accurately measure and address it.
Calculations map on a curve and are a bit counterintuitive. The five agencies with the greatest percentage of reported risk – investments rated “red” or “yellow,” by dollar, on OMB's IT dashboard – receive an A. The next five agencies, a B, and so on.
Portfolio Review (PortfolioStat)
Examines agencies' review process of their IT portfolios to increase efficiency, and reduce waste and duplication.
A little math required in the methodology: Take the total PortfolioStat savings for the agency, and divide by the total agency IT budget for the most recent three fiscal years (23.1% – very good; 0.5% – not so much). Top five get A's, next five get B's, and so on.
Federal Data Center Optimization Initiative (DCOI)
Considers data center savings, metrics, and closures for each agency. Of note, these scores were not used in the June 2019 scorecard grading.
Calculation is a bit complicated – half of the grade relates to whether an agency met its planned savings goal (determined with OMB); other half relates to performance metrics in: energy metering, power usage effectiveness, virtualization, server utilization/automation, and facility utilization. Agencies get a bonus grade bump if they've closed more than 50% of their total data centers.
Software Licensing (included in both FITARA and MEGABYTE)
Ensures CIOs establish a comprehensive, regularly-updated inventory of their software licenses and use it to improve decision making.
If you have a comprehensive software inventory, you get a C. If you actively use that inventory to make cost-effective decisions, you get an A. If you don't have one at all, it's an F.
Modernizing Government Technology Act (MGT)
Looks at how agencies are using working capital funds (WCFs) to support IT modernization and security.
Agencies get an A if they have an MGT-specific WCF with a CIO in charge of decision-making, a B for planning to set up an MGT WCF in 2019 or 2020, a C for a department WCF, a D for any other IT-related funding method, and an F otherwise.
Cyber (Federal Information Security Modernization Act of 2014 (FISMA))
Tracks agencies' ability to continuously monitor their networks using tools to mitigate and remediate cyber threats.
Grades are an average of two assessments: Scores from their Inspectors General (IG) assessments – which looks at their ability to identify, protect, detect, respond, and recover – and progress on cross-agency priority (CAP) cybersecurity goals.