They are telling me to give them a second. Chair connolly can you unmute and acknowledge that you are with us . I am here, mr. Chairman. Chair connolly if you would stay unmuted so i can swear you in. Ms. Counsel, are you with us . Yes, chairman. Chair connolly and mr. Spires . Yes, chairman. Chair connolly thank you. If all three of you would raise your right hand. Do you swear to tell the truth, the whole truth, and nothing but the truth or affirm the same, so help you god . Let the record show all three of our witnesses in the second panel have affirmed in the positive. Thank you. If you are ready, i will call on you for your fiveminute Opening Statement. And welcome back to our subcommittee. It is good to be back, mr. Chairman. Chair connolly im sorry, i didnt see you. Go ahead. I do not have an Opening Statement. I was told to do something in the Previous Panel, with unanimous consent to enter a document into the record on supply chains vulnerability. Chair connolly yes. If you didnt hear me, i said i would be glad to work with you on that question of supply chain. I think it was a good point that you made. I hit the little raise my hand button thing. Im getting used to all of this webinar stuff. I had a followup question that i will ask one of the panelists here. With no Opening Statement, i would yield back so we can move forward with questions for the panel. Chair connolly thank you, mr. Palmer. I did not call on you for an Opening Statement because there was an Opening Statement for the whole hearing and this is the second panel. Obviously, if you had something you wanted to add, you are more than welcome. I thought you were asking if i had an Opening Statement. I do not, but i will have questions. Chair connolly of course, and we welcome them. You are recognized for your five minutes. Chairman connolly and numbers of the subcommittee, thank you for the opportunity to testify. I have worked for a not for Profit Corporation that operates in the public interest. We work across government in partnership with industry to tackle challenges for the safety, stability and wellbeing of our nation. Prior to joining, i was at gao where i worked closely with this committee, helping with the creation of the score card and assisting with its oversight. I would like to start by thanking you, chairman, for your leadership, not only for creating it but your followthrough with five years of oversight which has included 10 scorecards. The federal i. T. Community has benefited greatly from working with you and your bipartisan partners along the way. Today, i would like to address three areas. One, the results in the path, too, the reasons, and potential reasons to consider future scorecards. The progress resulted from the scorecard from your oversight are significant. Billions of taxpayer dollars saved in consolidating data centers and reducing Business Systems and licenses. It is also help to elevate the cio role. More have completed agency cios and strengthen. These enhance the relationship that will be critical that cio leads to more modernization and digital transfer. So why was the implementation successful . It was a collective, team effort from the legislative and executive ranch lets look at the specifics of this oversight. Your approach focused on critical sections of the law, established where metrics was the target, was measurable and datadriven. Every six months over five years, this is extremely important as it took at least two years to see significant progress in integrated areas. Also, omb played a critical role. Guidance and it required self assessment. Federal agency cios provided leadership and delivered results. This progress is evident with the scorecards. Where should it go from here . Some of the areas reached a level of maturity where perhaps waiting was no longer a necessity. This is not to say they are not important, just another area to benefit from the transparency and oversight the scorecard provided. For example, the hearing you held a few weeks ago on Mission Modernization and your march hearing would cover the gis contract were prime candidates. The written statement provides five recommendations to consider the scorecard is enhanced. These recommendations are consistent with the goals of the president s management agenda. Number one, enhance the cyber area him by enhancing the measures of cybersecurity. This should include patch and vulnerability management, Cybersecurity Framework and supply chain management. Number two, add modernization category that provides transparency to our nations most important i. T. Acquisitions and incorporate the Customer Experience measurement as well as legacy retirements. Number three, add an infrastructure category that highlights progress on eis so we have more modern and secure networks. Number four, add an i. T. Workforce category that provides a comprehensive view of agency gaps and tracks the appropriately skilled workforce. Five, i. T. Budgeting category the focus is on working Capital Funds and i. T. Is better captured. Shed light on the agencies use that i. T. Budgeting so it reflects needs for modernization. This could spark better conversations internally with cfos and externally with congress. Securedrman, these are by agencies tackling true enhancement, having a modern infrastructure, the workforce to do it, and the right resources. Card an enhanced report help, certainly. Policies could also. Forward to working with you on these important topics for our nation. I thank you and i thank you for being one of the key architects of establishing the scorecard and i think it has evolved in a way we hoped it would, to incentivize agencies to evolve and to modernize and to understand the Critical Mission and i thank you for your leadership in allowing us to be where we are five years later. The chief executive officer of emerald one, welcome. Committee,of the thank you for the opportunity to appear before you today to share my experience as the assistant andetary of technology cio at the department of Veterans Affairs or i served from 2015 to 2017. Im pleased to provide my support for the further meant. During that time, i led organizations as large and complex as the v. A. , had complete fiduciary responsibility for implementing processes and technology. For my role,ation i frequently heard about how difficult it was to execute i. T. Projects in the federal government. One or two year appropriations, complicated program budgeting,iring delays, data Center Cultural nuances, Even Technology procurement decisions outside the i. T. Organization. While i did witness the obstacles mentioned, within a short time, we were able to make progress at the v. A. How were we able to do it . We had one strategic tool i could rely on. It is the law and regardless of what other obstacles i encountered, i had a law i could leverage. I want to thank the committee for giving us that law and the authority to act accordingly. Of all mainframe i. T. Modernization projects fall fail industrywide. The primary reason is complexity. Many organizations develop new technology to enable a process or solve a problem well before they understand how the solution will be supported or how the process will work. Trying toses, you are make something new work on something old. Integrating new technologies on top of old infrastructure is always a risky proposition. The old infrastructure is generally not well maintained therefore unforeseen risks often occur and lead to subsequent failures. Just like the stuff in your basement no one wants to get rid same thing happens in i. T. In addition to infrastructure age, but organizations culture and how it drives the use of impact on has a major project success. Discussald one, we complexity by not just focusing on people, process, and technology, but engaging leadership, being culturally aware, building trust, obtaining the full value of the solution, and doing it in the shortest possible time so we can take advantage of the new technology. This in mind, i respectfully submit to the subcommittee several recommendations i believe scorecard. Jus the it provides agency cios with the and is a Critical Agency asset. The second is a metric that measures the agencies average technology lifecycle. This could be utilized under standard risk of modernizing in that environment. The committee should assess cultural readiness. The culture must be prepared to adopt new technology, not just endure it. Thenizational leaders and focus on user adoption by managing the cultures preparedness before tackling any technology. Finally, it must ensure the agencys fiscal reality supports the technology mandates we impose. Agencies continue to receive Technology Budgets that allow them to do little more than maintain and sustain outdated systems. Both were positive steps forward, by creating more meaningful connections between the mandates, the committee can create the leverage many cios need to modernize. We can no longer allow outdated and Legacy Technology to stymie delivery of public services. Ranking connolly, member, and members of the committee, thank you again for the time and opportunity to share my perspective. I look forward to continued success and am happy to take your questions. You, reallyy thank helpful observations from your own experience. Very practical and we look forward to working with you as we proceed. Ires, welcome back. Good afternoon to you. Im honored to testify today in regards to the scorecard congress has issued over the past five years. Having served as cio of the u. S. Department of Homeland Security and irs, and having served as the vice chair of the federal council, i had opportunity to understand the management dynamics. I was pleased when it was enacted but the legislation itself, it has been the oversight of congress that has been the factor in getting agencies to improve. Significant policy difference starting with the drafting and it continues today with leadership from the subcommittee. Even with the progress, much work remains to reach the state of i. T. Management thus practice. The meeting held by the subcommittee two weeks ago showcased the need to continue to focus on i. T. Modernization. Funds, we had unlimited many agencies would still struggle as they do not have the skill to deliver largescale i. T. Modernization. 2015, the whole federal government was placed on a list for improving the management of acquisitions and operations. They recommended the 12 agencies plan to replace legacy systems yet only three of the 12 agencies had implemented the recommendations and made progress in even planning to modernize legacy systems. Given the success of the scorecard, it should continue as a tool to Measure Agency progress. I recommend changes that sharpen the focus on i. T. Management and modernization, all of which are provided in my written testimony. Ade recommendations include and i. T. Planning category. Meaningful i. T. Modernization starts with planning and support leadership and this category should reflect the maturity and focus on i. T. Modernization within the agencys planning function. Incrementald delivery and Risk Management categories into a broader delivery of i. T. Programs category. Agency i. T. Modernization occurs through successful delivery of i. T. Programs and as such, a category should measure the ability of agencies being able to manage such programs. Three, evolve managing government categories to a budget i. T. Category. It should keep the element of a working capital log. In addition, agencies should better understand the cost element of the agencys i. T. Budget. The federal government has adopted a Technology Business management support this effort. Agencies should be measured on their adoption, along with benchmarking of i. T. Services so they can compare themselves to similar sized agencies and private sector corporations. Evolve the cybersecurity category. Agencies should be conducting enterprise cybersecurity Risk Management to be focusing on protecting on their most critical systems. Develop such a framework called the Cybersecurity Framework and cybersecurity category should start by measuring whether in agency is executing the seven process steps. Add a Customer Satisfaction category. I. T. Organizations have customers. A core measure for all agencies should be Customer Satisfaction. It would be best practice to administer a standard Satisfaction Survey to all agencies so the category can be added to the fitara scorecard. To determine the measures for a category, i want Additional Data to be required so the category could be graded. I recommend congress convene an Advisory Group that would develop recommendations to evolve the fitara scorecard. This group should be headed by gao but include representatives from the federal counsel and private sector. Such a group would make recommendations to congress within three to six months. Lets commit ourselves at the federal i. T. Community to evolve the scorecard to support adapt best rapidly practices and move aggressively to modern processes and systems. Thank you for the opportunity to testify today. Rep. Connolly thank you so much, mr. Spires. Thank you three for your very thoughtful testimony and i assure you we will be glad to work with you and take cognizance of the changes you propose in the metrics and scorecard itself. The chair now calls on mr. Palmer for his five minutes of questioning. Mr. Palmer . Im informed mr. Palmer is having a band with issue bandwidth issue. Let me ask all three of you a series of questions. One is, how important is it that the cio have the year of the agency head . Thats one of the categories weve added to the scorecard in terms of the reporting sequence, because from our point of view, it is about empowerment. If you are going to make decisions and make them stick, the rank and file need to see that cio is empowered by the agency head. In your experience, how important is that from your point of view . Maybe we start with you, mr. Spires . I had the situation of reporting to the agency head at the irs when i was cio and not the case when i was undersecretary of management. I think it makes a significant difference. From the othery secretary of management that that individual i served under had no i. T. Background and there was a lot of lost translation and frankly, not that i wasnt able to develop relationship with the secretary at dhs, but it was not nearly as strong a relationship as i would later develop with the irs commissioner and i would say in my view, i was able to be more effective, significantly more effective because i had a Good Relationship with the agency head. Rep. Connolly miss counsel . Il illett ms. Counc agree with mr. Spires. In my time at the v. A. Had a Good Relationship and we had a short time to get a lot of things done, we understood Large Enterprises at johnson johnson, he had been a Procter Gamble and it allowed us to think very quickly. Way for the cio to have the kind of support enterprisewide that they need when an agency head is aligned with them. It doesnt mean you dont include others in the conversation. It just means everyone knows the mandate is a mandate so i totally agree with that alignment. Rep. Connolly thank you. Mr. Palmer . Mr. Palmer i will third the importance of reporting to the agency. To missiontant modernization and legacy where cios have relationships with the business leads and also a strong relationship with the cfo so there is the budgetary support for complex legacy modernization so having a Business Partner with the Business Unit and having that strong relationship with the cfo is critical to tackling these big challenges the government faces. Ive gotolly while you, maybe you heard the Previous Panel about data centers and the attempt to maybe dilute the definition of data centers which could have the unintended effect of losing savings and even compromising security. Would you comment on that, because you remember how important the premium we put on data consolidation when we began this process with the scorecard. Mr. Powner yes, no doubt, mr. Chairman. When that memo came out there was going to be a rub between policy there and where you were going with Data Center Consolidation. I think we have had Great Success with Data Center Consolidation. You have 4. 7 in savings. Do i think there is opportunity to do more . Sure. I think what really needs to occur is there needs to be a , there needs to be some type of agreement between omb and what they are doing at what Congress Wants to do so we get more on the same page. We are at different ends of the spectrum here. I think there is coming together where you could tackle some data center. There is a lot that is done but there is still opportunity. That is why in infrastructure category on a scorecard, you also look at modern Networks Like the eis vehicle as a good way to think more broadly about infrastructure grade and how we tackle that. Rep. Connolly you will remember perhaps that the very first hearing we had on this subject was when john mica was chairman of the subcommittee. A different configuration. We have a field hearing in my district, and that forced people to look at how they were complying with this brand new bill fitara on Data Center Consolidation and