What the FITARA Scorecard Measures — and What It Misses

FITARA — the Federal Information Technology Acquisition Reform Act — was signed into law in 2014. Its intent was clear and legitimate: strengthen CIO authority over federal IT spending, reduce the proliferation of redundant systems, and create accountability for technology investments that had long operated outside meaningful oversight. The FITARA Scorecard, administered by the House Committee on Oversight and Accountability, was designed to measure progress against those goals.

It measures some of them reasonably well. It measures others poorly. And there is one question that is central to responsible federal IT stewardship — do we know what our technology actually costs, and is that cost justified by the value it delivers — that the scorecard does not measure at all.

This matters because FITARA grades have become a management objective in their own right at many agencies. CIOs track their scores. Briefings are prepared for congressional hearings. Remediation plans are built around scorecard categories. The grade becomes the goal, and the goal the scorecard was designed to serve — accountable, defensible technology investment — gets addressed only to the extent that it happens to overlap with what the scorecard measures.

What the scorecard actually measures

The FITARA Scorecard evaluates agencies across several categories that have evolved since the original legislation. The current framework includes CIO authority and budget review, data center optimization, software licensing, cyber hygiene, and IT workforce development. Each category is graded on a letter scale, and agencies receive an overall grade that gets reported publicly.

These categories are not arbitrary. CIO authority matters because technology investment decisions made without CIO involvement produce fragmented portfolios and redundant spending. Data center consolidation matters because federal agencies were running thousands of underutilized facilities at significant cost. Software license management matters because unmanaged license sprawl is a documented source of waste in every large IT environment. Cyber hygiene matters for reasons that require no elaboration.

The scorecard measures things that are worth measuring. The problem is not what it includes. The problem is what a high FITARA grade does not tell you.

What a high FITARA grade does not tell you

An agency can earn a strong FITARA grade while its CIO cannot answer the question a deputy secretary will ask in a budget review: what does it actually cost to deliver this mission capability, and how has that cost changed over the last three years?

That question requires a working cost model — a deliberate taxonomy of how technology spend is categorized, allocated, and mapped to the services and business outcomes the agency is responsible for delivering. It requires the kind of IT Financial Management discipline that the TBM standard defines and that OMB Circular A-11 implicitly demands when it requires agencies to report IT spending by program element and investment category.

FITARA does not assess whether that cost model exists. It does not measure whether IT and Finance are working from the same numbers. It does not evaluate whether an agency can produce a unit cost figure for a specific service, defend a technology investment decision against a skeptical OMB examiner, or identify which parts of its portfolio are delivering measurable value and which are consuming budget without a traceable return.

These are not exotic capabilities. They are the baseline expectations of any organization that claims to manage its technology investments responsibly. And they are absent at a surprising number of agencies that have worked hard on their FITARA grades.

The cost visibility gap and why it persists

The cost visibility gap — the distance between what an agency spends on technology and what it knows about that spending in terms of service-level cost, allocation logic, and business value — persists for a structural reason. FITARA created accountability for the categories it measures. It did not create accountability for cost model maturity, because cost model maturity is harder to grade on a letter scale and harder to demonstrate in a congressional hearing.

OMB has addressed this through A-11 requirements and FITARA implementation guidance that calls for IT capital planning and investment control. But the connection between those requirements and actual cost model discipline at the agency level is loose. Agencies that comply with the reporting requirements without building the underlying cost model infrastructure are producing numbers that satisfy the form without delivering the substance — allocations that reconcile to the financial statements without being defensible at the service or program level.

The consequence shows up when it matters most: budget defense season, IG audits, and the moments when a technology investment decision requires a cost justification that the agency's ITFM program cannot produce. A strong FITARA grade does not protect against any of these. A working cost model does.

What accountability for cost actually looks like

Genuine cost accountability in a federal IT environment requires four things that the FITARA scorecard does not directly assess.

First, a cost taxonomy that is consistent with both the TBM standard and OMB A-11 investment categories, so that IT and Finance are working from the same structure and numbers can be traced from the general ledger through the cost model to the service or program they support.

Second, an allocation methodology that is documented, consistently applied, and understood by the Finance and business unit stakeholders who will be asked to accept the resulting cost figures. Allocation logic that exists only in platform configuration and cannot be explained in plain language to a non-technical reviewer is not a defensible methodology.

Third, a measurement cadence that produces reliable cost-per-service data on a schedule that is useful for decisions — not an annual exercise that produces numbers that are already stale by the time they are used. The 95% reduction in time-to-answer for ad-hoc cost questions that a well-configured ITFM program delivers is not a marketing claim. It is the practical difference between a program that supports decisions and one that produces reports.

Fourth, integration between IT and Finance that goes beyond shared reporting. The cost model has to be jointly owned — built on definitions that Finance accepts as reconcilable to the financial statements and that IT accepts as an accurate representation of how the technology environment is structured. Models built by IT alone and presented to Finance as outputs, rather than developed with Finance as a joint construct, do not survive the budget defense process.

A strong FITARA grade is a legitimate achievement. It does not, by itself, mean the agency can answer the cost questions that responsible technology stewardship requires. Those questions need a different kind of work — and a different kind of accountability.

Matter + Energy's Technology Spend Intelligence practice builds the cost model infrastructure that FITARA compliance does not require but responsible IT stewardship does. If your agency's cost visibility does not match its scorecard grade, start a conversation →