FITARA Scorecard Spotlights Rising Scores for HHS

Alongside the release of the seventh edition of its FITARA scorecard, the House Oversight and Government Reform committee included an in-depth examination of the methodology behind the “B+” grade for the Department of Health and Human Services (HHS), showing exactly how the department was able to boost its score.

With one of the most improved set of grades across the scorecard, the document shows one of the key steps that HHS took to improve its grade from a C- to a B+: having acting CIO Ed Simcox report to the agency’s office of the Secretary. A major sticking point for the department in past scorecards, the organizational change helped HHS earn its best FITARA grade yet.

Throughout the rest of the categories, the department maintained its high marks from the May 2018 edition of the FITARA scorecard that helped HHS earn an honorable mention at MeriTalk’s inaugural FITARA Awards.

In the category of incremental development, HHS has 100 out of 103 software projects on an incremental development methodology, giving the department an “A” grade. This builds on the department’s score from May, when 82 out of 83 projects were on an incremental path. However, the committee previewed a new methodology under consideration, combining incremental development with software projects delivering functionality every six months. Under that methodology, HHS would still receive an “A.”

Under risk assessment transparency, HHS categorized 92 percent of its major investments as at risk, a designation that the committee wants agencies to use. This puts HHS as the agency with the fifth most investments at risk, maintaining the department’s “A” grade in the category. The results also keep in line with the 93 percent during the May scorecard.

Under the IT portfolio category, the department reported $4.378 billion in savings and avoidance since 2012. Compared to the IT budget of $17.04 billion for the last three years, HHS had a savings ratio of 25.7 percent, the highest out of all reviewed agencies, and a slight improvement over May’s 25.3 percent. With exceptional results, HHS maintained its A grade.

The department’s grade on the Data Center Optimization Initiative (DCOI) held steady, running into the same issues as the May scorecard. While HHS outperformed the savings goal set by the Office of Management and Budget (OMB), the department did not meet any of the five data center optimization metrics, averaging the score out to a “C.”

HHS also maintained its inventory of software licenses and used it to make management decisions, maintaining the department’s “A” grade in the category.

On compliance with the Modernizing Government Technology (MGT) Act, HHS received a “C” grade. With the MGT metric measuring if departments have established working capital funds for IT modernization, the department-level working capital fund offered an option for IT specific projects, but did not equal establishing an MGT-specific working capital fund, and HHS did not have a plan for establishing one.  In regard to the May scorecard grade, HHS had argued that it did not have the authority to transfer funds into an MGT-specific working capital fund.

One major concern for future FITARA scorecards at HHS is likely to be FISMA. While the metric is not included in the overall score yet, HHS received an “F” on its cybersecurity posture. In the department’s inspector general report on FISMA compliance, HHS received an average score of 2.4 out of 5. Additionally, HHS has only met four out of the 10 cross-agency priority (CAP) cybersecurity goals set by the President’s Management Agenda, leading to a poor score. To earn a “D” grade, HHS would need to raise its average inspector general rating to a 3 out of 5, or meet two additional CAP goals.

Recent