The promise of Capital Planning Investment Control, or CPIC, reporting is that it will provide federal chief information officers with a better ability to make decisions while offering transparency to the American taxpayer on how IT dollars are being spent. From the Clinger-Cohen Act to FITARA, the rollout of Technology Business Management, or TBM, and ongoing updates to Office of Management and Budget guidance on reporting, the data collected on CPIC has been improving year to year. However, the promise of decision-making support and transparency will not be entirely fulfilled until we have enough data to make true benchmarking possible.
OMB expects to publish these first benchmarks in budget year 2023. Until then, federal departments and agencies should mature their CPIC compliance by focusing on improving the quality of the data they are collecting and reporting. This provides immediate benefits in terms of identifying gaps and inaccuracies in IT spending, while ensuring that future benchmarks are actually accurate, and therefore useful for decision-making.
Finding Shadow IT via Gaps and Inaccuracies
One of the most immediate benefits of CPIC reporting, even when data is incomplete, is the ability to identify gaps and inaccuracies that can be further explored to identify what we call “shadow IT.” This is IT spending that is not reported through the CPIC process mandated by OMB. OMB adopted the TBM framework into the CPIC reporting guidance three years ago, in an effort to provide more granularity in IT spending. As described by the TBM Council, the framework is designed to enable the federal government to run IT like a business, drive innovation and business transformation, improve services to citizens, add cost transparency, and increase accountability to taxpayers.
In a recent Gartner report on national and international government organizations, average IT spending as a percentage of operating expenses in 2019 was conservatively reported around 105. When we compare that to actual IT spending reported by federal agencies, the percentage is frequently far lower. This means there is IT spending that is not being reported or being reported incorrectly. One of the tasks of those of us working in CPIC reporting is to investigate and uncover this shadow IT.
There are a number of reasons why IT spending goes unreported. Frequently, the contract vehicle does not demand it, even though it is required by FITARA. Special programs usually have an IT component, but the spending is tracked differently, if at all, than spending coming through the Office of the CIO. Also, the people responsible for identifying the IT spending may not be fully trained on how to correctly categorize IT spending, frequently grouping it into a catch-all “undefined” field. (The fiscal 2018 President’s Budget reported 84% of the total federal IT budget was categorized as “other.”)
The solution to uncovering shadow IT is twofold: First, the CPIC team should work individually with project leaders, making site visits and having in-depth conversations with teams to discover what is actually happening. Second, the team should play a role of educator and evangelist, training project teams on how to effectively report the data while emphasizing the benefits of spending transparency in decision making that will be available with the upcoming benchmarks.
By focusing on uncovering shadow IT and training teams to report IT spending correctly over the next year, data quality will improve, which will lead to better first-generation agency-to-agency benchmarks in budget year 2023. At that time, CIOs will finally reap the benefits of a decision-making tool that enables them to manage IT dollars more efficiently and effectively.
Robert Lee is a CPIC subject matter expert for Criterion Systems, Inc.