Skip to main content

CIO Management Responsibilities Remain a Challenge for Most Agencies

Posted on November 27, 2018

Federal agencies planned to spend more than $96 billion on information technology (IT) in fiscal year 2018. IT systems are critical to the health, economy, and security of the nation. But the government faces longstanding problems in IT management. For example, agencies have struggled to protect themselves against threats from hackers, terrorists, insiders, and other nations.

Congress established the federal Chief Information Officer (CIO) position to serve as an agency focal point to address IT challenges. Today’s WatchBlog describes shortcomings and challenges in carrying out federal CIO responsibilities.

Are CIOs fulfilling their responsibilities?

Federal laws and guidance assign agency CIOs with key responsibilities for effectively managing IT in six areas:

  • leadership and accountability
  • strategic planning
  • workforce
  • budgeting
  • investment management
  • information security

These responsibilities should be documented in agencies’ IT management policies. But we found most of the 24 major agencies did not fully define the role of their CIOs for any of the six key areas.

Figure 1: Extent to Which 24 Agencies’ Policies Addressed the Role of Their Chief Information Officers, Presented from Most Addressed to Least Addressed Area

In addition, the 24 CIOs that we surveyed acknowledged that they were not always very effective in implementing the six IT management areas. If agencies don’t fully define the role of CIOs in their policies, they cannot effectively address long-standing IT management challenges.

Figure 2: Extent to Which Chief Information Officers Reported Effective Implementation of Six Responsibility Areas, Presented from Most Effective to Least Effective Area

Factors helping CIOs better manage IT

The 24 agency CIOs we surveyed frequently cited a number of factors as important in enhancing their ability to effectively manage IT. CIOs reported that clear guidance, legal authority, and their position in the agency’s hierarchy are factors that helped them carry out their responsibilities. For example, one CIO attributed much of the agency’s success in managing IT to good relationships that the CIO had with the agency head and that official’s deputy. Another CIO indicated that support from the head of the agency had enabled that official to cancel a troubled project and reallocate that funding to critical information security improvements on another effort.

Figure 5: Factors Commonly Identified by at Least Half of the Selected Chief Information Officers (CIO) as Enabling Their Effective Management of Information Technology (IT), Presented from Most Enabling to Least Enabling Factor

IT management challenges

Half of the 24 agency CIOs we surveyed reported management challenges like the process for hiring and recruiting IT personnel, financial resources, and the availability of staff resources. We recommended that the Office of Management and Budget update its guidance to fully address these challenges.

Figure 6: Factors Commonly Identified by at Least Half of the Selected Chief Information Officers (CIO) as Challenges to Their Effective Management of Information Technology (IT), Presented from Most Challenging to Least Challenging Factor

Further compounding the management challenges is the lack of consistent leadership in the CIO position. We noted previously that CIOs and former agency IT executives believed it was necessary for a CIO to stay in office for 3 to 5 years to be effective and 5 to 7 years to fully implement major change initiatives in large public sector organizations. However, the median tenure for permanent and acting agency CIOs who had completed their time in office was about 20 months between 2012 and 2017.

How can effectiveness of CIOs’ management responsibilities be improved?

We made 27 recommendations to federal agencies to improve the effectiveness of CIOs’ implementation of their responsibilities for each of the six IT management areas.

We intend to follow up on our recommendations and monitor agencies’ progress.

To learn more, check out our full report.

About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to