2018 - Association of Government Accountants · 4 2018 CFO-CIO Summit Summary Dawn Platt,...

2018 CFO-CIO Summit Summary 1

Session Summary by:

2018 CFO-CIO SUMMIT SESSION SUMMARY

On May 1, 2018, the Association of Government Accountants (AGA) and the Association for Federal Information Resource Management (AFFIRM) hosted a half-day summit to discuss the intersection of pol-icies and management issues that impact Chief Financial and Chief Information Officers in government. The goal of the event was to show-case how CFOs and CIOs are working together to improve efficien-cy and transparency, reduce risk, and strengthen their workforce. The 2018 CFO/CIO Summit broke out the discussion into four main topics:

Maturing Management in Modern Times

Running IT like a Business – TBM

Perspectives from the C-Suite

Cybersecurity

2018 CFO-CIO Summit Summary4

Dawn Platt, Principal, Grant Thornton LLP (Moderator)

Teresa Grancorvitz, Chief Financial Officer National Science Foundation

Dorothy Aronson, Chief Information Officer National Science Foundation

Adam Goldberg, Executive Architect, FIT U.S. Department of the Treasury

es and agencies. The DATA Act has fostered active cross-governmental coordination and tackling initiatives involving a mix of financial and technology problems. This has result-ed in greater transparency and relationship building across the agency.

Exploring New Technology• The Treasury’s Office of Financial Innova-

tion and Transformation (FIT) is currently looking at block chain and robotics among other studies conducted on new technology. Some agencies have approached FIT to ask for specific plans while associations like AGA evaluate and propose new technology in the pipeline.

• Ms. Aronson discussed how NSF’s customer base is intrinsically innovative and interested in new technology. For instance, the finance department has explored utilizing bots to au-tomate certain tasks. With the world changing at such a fast rate, many leaders wonder how to integrate technological advances quickly with the federal workforce. Agencies must start by paying more attention to local solu-tions and innovators by identifying IT-talented people within their organizations.

MATURING MANAGEMENT IN MODERN TIMES:

SESSION OVERVIEW:The Summit began with an overview of gov-ernance as the driving factor for prioritizing IT modernization and management. The panelists talked about how initiatives involving new IT investments have facilitated collaboration be-tween the offices of the CFO and CIO. This ses-sion included discussion about ways to manage personnel when introducing new technology and how to stay current with industry trends.

Speaker Perspectives:The Effect of IT Governance• Ms. Aronson discussed how legislative action

such as the Federal Information Technology Acquisition Reform Act (FITARA) has empow-ered governance infrastructure in the IT world by ensuring that IT investments are prioritized correctly. Additionally, with the one year im-plementation of the DATA Act, Ms. Aronson and Ms. Grancorvitz’s weekly meetings led to improved operations and better managed re-sources within NSF.

• Ms. Grancorvitz reiterated the ways NSF’s budget and IT personnel were able to effec-tively work together to manage project risks as well as utilize expertise from outside sourc-


• Ms. Aronson offered an important question to ask when managing personnel: How do we bring in IT to the federal workforce without destabilizing the incumbent staff? To answer that question, Ms. Grancorvitz spoke about the “pillars of renewing NSF” and the impor-tance of an “adaptive workforce” to increase staff utilization and skill development.

• Mr. Goldberg acknowledged the initial trepi-dation from the perspective of the workforce who believe their role may be affected when a new technology is brought up. The chal-lenge that organizations face is finding a way to incrementally introduce technology, re-ceiving feedback, and including them in the implementation process. For example, an organization can allow people the chance to nominate and elect processes to turn over to robotics/AI, therefore giving them a sense of ownership of transitioning to new IT and ob-serving the benefits of change.

• A customer-oriented mindset, negotiation, and making people feel comfortable us-ing tools are all key influences when adopt-ing Shared Services. Shared Services has evolved where there are multiple accommo-dations and seeing from an individual organi-zation’s perspective allows for more custom-ized Shared Services integrations for specific organization functions.

Prioritizing IT Modernization• Ms. Aronson discussed the challenges of for-

mulating an IT budget when it comes to future uncertainty. Often times, leaders have to be flexible when the execution of a budget is re-alized to account for IT financial visibility. She also stated prioritizing IT modernization is not about “keeping the lights on” with O&M func-tions; it is about staying current with industry trends.

• Ms. Grancorvitz agreed, viewing IT modern-ization as an enabling function for an organi-zation to constantly ask for input since much of prioritization comes from the customer. Dif-ferent avenues, such as forums and commu-nity resources, should be leveraged to pro-vide greater insight on proper prioritization.

• Mr. Goldberg explained how IT modernization is competing with other investments and why there needs to be various paths for different types of investments based on their impact to an organization. He further suggested read-ing publications, listening to what other agen-cies are doing, and exploring additional func-tionalities of existing applications in order for agencies to continue moving forward in the IT industry.


Michael Huffman, Vice President, cBEYONData Moderator

Rick Chandler, Deputy Assistant Secretary and Chief Financial Officer, Office of IT U.S. Department of Veterans Affairs

Jon Kraden, Acting Deputy Associate Adminis-trator GSA, Office of Government-wide Policy

Kelly Morrison, Performance Analyst U.S. Office of Management and Budget

Tony Scardino, Deputy Under Secretary and Deputy Director (Acting) U.S. Patent & Trademark Office

SESSION OVERVIEW:This session covered the relatively new ap-proach to categorizing IT spending, called Tech-nology Business Management (TBM), and the ways it provides high stakeholder value. The discussion detailed the strategies, challenges, and experiences of TBM implementation as well as utilizing best practices to fully realize the benefits for business decision making.

Speaker Perspectives:What is TBM and what does it do?• Mr. Chandler described Technology Business

Management (TBM) as a framework for allo-cating IT costs up through multiple layers that end up at the customer level. The framework provides a standard taxonomy for IT service spending as it aligns general ledger activities to cost pools and IT towers (i.e. communica-tion, storage, etc.).

• Every facet of business involves IT systems. Once TBM is adopted, organizations can de-velop metrics and propose solutions to elim-inate costs and better serve customers, sub-sequently turning IT from a cost-center to a value-center.

• Mr. Webster explained that TBM is a simpler framework because it does not look at track-ing specific activities and time, while Activity Based Costing (ABC) is assigning resources to activities and measuring what those activi-ties deliver and how much they cost.

Stakeholder Value

• Mr. Webster introduced three areas to bal-ance when maximizing value to stakeholders: 1) Delivering quality work to stakeholders. 2) Providing outputs/results with limited resourc-es. 3) Managing risks and uncertainty.

• Having sufficient information is key to under-standing internal/external risks and how much to take on. With limited information, practices like ABC are difficult to implement because they only consider functions under the IT um-brella. On the other hand, TBM’s concept is much more results-oriented and customer-fo-cused to help make risk decisions for IT tools.

• Ms. Morrison’s organization, OMB, plans on using TBM data as a backbone for Capital Planning and Investment Control (CPIC) de-velopment. She talked about how CPIC has

RUNNING IT LIKE A BUSINESS - TBM

Doug Webster, Chief Financial Officer U.S. Department of Education


turned into manual entry as opposed to data from authoritative sources. By applying TBM, data will be more reliable and reduce the bur-den of CPIC costs.

CFO and CIO Collaboration

• Mr. Scardino stated, “Government offices know a lot about budgets and not much about costs.” He also pointed out that CFOs and CIOs speak different languages but ultimately want transparency between their offices.

• Mr. Kraden discussed how CIOs need data and extra help from CFOs to understand what similar challenges they may have. He then challenged the audience to talk to someone from the opposite office to discuss how TBM can help solve those identified challenges.

• TBM requires buy-in throughout an organiza-tion, especially from executive leadership in order for them to leverage the successes of other practices, such as ABC infrastructure and agile development, into TBM implemen-tation. Recognizing the value in collaboration and taking previous lessons learned enables agencies to keep up with constantly chang-ing technology and measure effectiveness through TBM.

Best Practices for Implementing TBM

• Ms. Morrison believes TBM is an initiative that will eventually become a mandate. She high-lighted the strategy of taking lessons learned from early federal TBM adopters with an un-derstanding that although agencies will have different ways of implementing TBM, there are similar strategies for success.

• Mr. Kraden shared the perspective of the GSA, one of the first adopters of TBM. The GSA and OMB have set up groups for agen-cies to implement TBM, resulting in a very vibrant community with many perspectives. They meet once a month for stakeholder engagement and analysis, establishing best practices that have made it easier for every new TBM implementation. The group aims to be the “second smartest people in the room” on what everyone else is doing.

• Ms. Morrison stressed the importance of not starting with the tool but with the framework and stakeholder engagement as best prac-tices for implementing TBM. Furthermore, she explained why the TBM process requires a team effort of all business functions even beyond the CFO and CIO level to allow for effective reporting and management decision making.

• Mr. Webster reinforced Ms. Morrison’s point, telling the audience to view TBM in a broad-er context than just the CFO/CIO community. Every single stakeholder in an organization is a beneficiary of TBM because they all use IT services. The CFO and CIO are simply en-ablers of TBM.

• Mr. Chandler recommended gaining a deep understanding of costs before automating TBM because collecting specific details may not reveal the whole story and enable deci-sion making.


Todd Barber, Managing Principal, TeraThink Corporation Moderator

Mary Davie, Deputy Commissioner, Federal Acquisition Service U.S. General Services Administration

Lesley Field, Deputy Administrator, OFPP U.S. Office of Management and Budget

Lynn Moaney, Acting Deputy Chief Financial Officer U.S. Department of Agriculture

Gary Washington, Chief Information Officer U.S. Department of Agriculture

SESSION OVERVIEW:• Executive branch and legislative actions re-

quire agencies to rethink how they organize to accomplish their missions and support back-office functions such as finance, human resources, IT and procurement. During this session, C-Suite level executives discussed how they are collaborating to address these government management challenges.

Speaker Perspectives:How to manage emerging financial and IT modernization initiatives• Ms. Moaney and Mr. Washington kicked

things off discussing their working relationship at USDA, highlighting how various emerging initiatives have forced executive offices to work more closely together than they have before. They specifically noted how FITARA is helping mature USDA from an acquisitions perspective.

• Ms. Moaney stressed the importance of con-sistent messaging to all eight mission areas of the organization, which often involves get-

PERSPECTIVES FROM THE C-SUITE:

ting all C-Suite level executives in one room to ensure they are on the same page in es-tablishing and prioritizing goals.

• Ms. Field discussed how collaboration and sharing success stories between agencies has advanced the way federal offices ap-proach IT procurement. For instance, the In-novation Council stood up by OMB developed go-to-market strategies which provide guid-ance on how to acquire IT. Additionally, the Acquisition Gateway built by GSA provides support such as acquisition best practices and resources outlining IT modernization ap-proaches.

Strategies to improve efficiency, transpar-ency, and reduce risk• Mr. Washington talked about how when it

comes to making IT decisions, the strategic vision for the agency is the main driver. Im-plementing TBM has assisted in this area, as USDA is still in the early phases of rolling out the initiative, but has already seen improved efficiency and transparency. Furthermore, Mr.


Washington discussed how understanding risks across all areas of the agency is critical in the decision-making process due to the im-pact it will have on all stakeholders through-out the organization.

• Ms. Field echoed similar sentiments about TBM, stating how the effort, along with other initiatives such as the DATA Act, will improve transparency in the federal IT acquisition space. These emerging strategies ensure the right IT investments are prioritized while also identifying risks throughout the decision-mak-ing process.

How GSA is approaching IT modernization legislation• Ms. Davie described GSA’s role in shaping

IT modernization through their collaboration with OMB and other policy makers. Because GSA is responsible for drafting and imple-menting many of these actions, they under-stand the importance of listening to feedback from those directly affected by the initiatives. For instance, Ms. Davie pointed to USDA as an agency, which has embraced various IT modernization efforts, serving as a pilot agen-cy for roll-outs and providing lessons learned which can be leveraged at other agencies.

How government is adjusting to keep up in an accelerating innovation and acquisition environment• Ms. Davie spoke to technological advances

supporting the IT acquisition process. Specifi-cally, she pointed out how robotics have auto-mated many cumbersome and time-consum-ing responsibilities for the contracting office. Practices which once took hours to complete are now automated to the point where they can be completed in a matter of seconds.

• Ms. Davie also touched on emerging technol-ogies such as blockchain as an enabler for acquisition, as well as implementing IT ser-vices from the commercial arena into the fed-eral space.

• Ms. Field stressed the importance of commu-nicating with key decision makers when trying to keep up with innovation. Specifically, she noted all of the resources available to them so they can be more comfortable when they feel like they might be taking risks.

Approach to Shared Services

• Mr. Washington detailed how category man-agement has supported the shared services strategy at USDA. He works closely with Ms. Moaney, as well as other office chiefs, to identify which types of services are the best candidates for shared services.

• Ms. Davie discussed the growth of shared services over recent years, and how many commercial-off-the-shelf (COTS) systems are developing to serve the shared needs of mul-tiple agencies.


Marlon Perry, Principal, CliftonLarsonAllen LLP (Moderator)

Chip Fulghum, Deputy Undersecretary for Man-agement, U.S. Department of Homeland Security

Mark Kneidinger, Director, Cybersecurity & Communication U.S. Department of Homeland Security

Rod Turk, Acting Chief Information Officer U.S. Department of Commerce

• Mr. Fulghum discussed cybersecurity impacts on end-users, explaining that although secu-rity protocols and tools can be cumbersome and inconvenient, they are paramount to pro-tecting DHS systems, data, and overall mis-sion.

Importance of CFO/CIO in cybersecurity• Mr. Fulghum talked about the need to “speak

the same language” when conveying cyber-security needs to the CFO, as both CFO and CIO language can be difficult to understand from the perspective of the other side. He il-lustrated effective communication through us-ing an analogy that compared the IT systems environment to the DC Metrorail system.

• Mr. Kneidinger stressed how CFOs and CIOs must value cyber investments with higher pri-ority than just general IT investments. They need to ask questions like: “Are there shared services that can do this? Are there consol-idated systems? Are there cloud options?” These considerations are vital when making investment decisions and evaluating various tools and options.

CYBERSECURITY

SESSION OVERVIEW:• In the final session, this group of executives

discussed how they are facing increasing risks in the cyber arena. They talked about the importance of collaboration between CFOs and CIOs to ensure their organizations are secure from internal and external threats.

Speaker Perspectives:What does cybersecurity mean to you?• Mr. Turk views cybersecurity as the respon-

sibility to take care of the “crown jewels,” or high value items, of the agency. Those items are constantly expanding as we collect more and more sensitive data and it becomes in-creasingly difficult to assess risk throughout that process. He stressed how critical it is to protect those assets and support the overall mission of the organization.

• Mr. Kneidinger explained how DHS views cy-bersecurity from a slightly different lens, as they support 103 different executive branch agencies and help address the various secu-rity challenges each of them face. In support-ing issues of each agency, they have gained a unique perspective into the current cyber environment.


Best performance metrics to measure cy-ber success• Mr. Fulghum pointed to the Federal Infor-

mation Security Management Act (FISMA) Scorecard as the best way to benchmark cybersecurity progress. Leadership must establish security standards and continue to raise them. Evaluators within the organization should be going through scores with manage-ment and office heads to determine any is-sues, then proposing solutions to executive leadership.

• Mr. Turk identified the President’s Manage-ment Agenda (PMA) Scorecard as another performance management tool similar to the FISMA Scorecard. One specific metric he dis-cussed was dwell time, the duration a threat actor has undetected access in a network until it’s completely removed. If dwell time is over 200 days, often the issue has not been found by someone within the organization but an external source. This is of course a signif-icant concern for any agency, and requires in depth analysis of system security.

Who is responsible for cybersecurity from a risk management and implementation perspective?• Mr. Turk described the DOC’s realignment

of changing the Cybersecurity office to the Cybersecurity and Risk Management office. By bringing both of them under the same um-brella, they hope to implement an approach in which cybersecurity is viewed as a risk management function. The program is still in its early phases but this created the under-standing that both functions must work hand in hand.

• Mr. Fulghum noted how ensuring a secure environment really starts at the ground lev-el with educating every individual in the or-ganization. Attacks like phishing can target personnel, and ultimately compromise the security of many systems having far-reach-ing effects. He highlighted how many people still fall victim to scams through an anecdote about how anyone that clicked a link for free Redskins tickets in an email distribution were redirected to a cybersecurity training – not surprisingly many fell for the trick.

ACKNOWLEDGEMENTSPlanning CommitteeMichael Huffman, cBEYONData

Chris Dorobek, GovLoop’s DorobekINSIDER

Renee Macklin, Dept of Commerce

Deirdre Murray, Deirdre Murray and Associates

Adam Hughes, Grant Thornton

Colin Rodgers, Grant Thornton

Ann Ebberts, AGA

Susan Fritzlen, AGA

Grant Thornton Publication TeamColin Rodgers

Ben Verdi

Rachel Yuan

Adam Hughes

Gloria Funes


Session Summary by:

2018 - Association of Government Accountants · 4 2018 CFO-CIO Summit Summary Dawn Platt,...

Documents

Transcript of 2018 - Association of Government Accountants · 4 2018 CFO-CIO Summit Summary Dawn Platt,...