Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management
Highlights
The federal government invests billions in information technology (IT) each year to help agencies accomplish their missions. Federal law, particularly the Clinger-Cohen Act of 1996, has defined the role of Chief Information Officer (CIO) as the focal point for IT management within agencies. Given the longstanding challenges the government faces in managing IT and the continued importance of the CIO, GAO was asked to (1) determine the current roles and responsibilities of CIOs, (2) determine what potential modifications to the Clinger-Cohen Act and related laws could be made to enhance CIOs' authority and effectiveness, and (3) identify key lessons learned by CIOs in managing IT. To do this, GAO administered a questionnaire to 30 CIOs, compared responses to legislative requirements and the results of a 2004 GAO study, interviewed current CIOs, convened a panel of former agency CIOs, and spoke with the Office of Management and Budget's (OMB) Federal CIO.
CIOs do not consistently have responsibility for 13 major areas of IT and information management as defined by law or deemed as critical to effective IT management, but they have continued to focus more attention on IT management-related areas. Specifically, most CIOs are responsible for seven key IT management areas: capital planning and investment management; enterprise architecture; information security; IT strategic planning, "e-government" initiatives; systems acquisition, development, and integration; and IT workforce planning. By contrast, CIOs are less frequently responsible for information management duties such as records management and privacy requirements, which they commonly share with other offices or organizations within the agency. In this regard, CIOs report spending over two-thirds of their time on IT management responsibilities, and less than one-third of their time on information management responsibilities. CIOs also report devoting time to other responsibilities such as addressing infrastructure issues and identifying emerging technologies. Further, many CIOs serve in positions in addition to their role as CIO, such as human capital officer. In addition, tenure at the CIO position has remained at about 2 years. Finally, just over half of the CIOs reported directly to the head of their respective agencies, which is required by law. The CIOs and others have stressed that a variety of reporting relationships in an agency can be effective, but that CIOs need to have access to the agency head and form productive working relationships with senior executives across the agency in order to carry out their mission. Federal law provides CIOs with adequate authority to manage IT for their agencies; however, some limitations exist that impede their ability to exercise this authority. Current and former CIOs, as well as the Federal CIO, did not identify legislative changes needed to enhance CIOs' authority and generally felt that existing law provides sufficient authority. Nevertheless, CIOs do face limitations in exercising their influence in certain IT management areas. Specifically, CIOs do not always have sufficient control over IT investments, and they often have limited influence over the IT workforce, such as in hiring and firing decisions and the performance of component-level CIOs. More consistent implementation of CIOs' authority could enhance their effectiveness in these areas. OMB has taken steps to increase CIOs' effectiveness, but it has not established measures of accountability to ensure that responsibilities are fully implemented. CIOs identified a number of best practices and lessons learned for more effectively managing IT at agencies, and the Federal CIO Council has established a website to share this information among agencies. Agencies have begun to share information in the areas of vendor communication and contract management; the consolidation of multiple systems into an enterprise solution through the use of cloud services; and program manager development. However, CIOs have not implemented structured agency processes for sharing lessons learned. Doing so could help CIOs share ideas across their agencies and with their successors for improving work processes and increasing cost effectiveness. GAO is recommending that OMB update its guidance to establish measures of accountability for ensuring that CIOs' responsibilities are fully implemented and require agencies to establish internal processes for documenting lessons learned. In commenting on a draft of this report, OMB officials generally agreed with GAO's findings and stated that OMB had taken actions that they believed addressed the recommendations.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of Management and Budget | To ensure that CIOs are better able to carry out their statutory role as key leaders in managing IT, the Director of OMB should issue guidance to agencies requiring that CIOs' authorities and responsibilities, as defined by law and by OMB, are fully implemented, taking into account the issues raised in this report. |
Closed – Implemented
The Office of Management Budget(OMB)subsequently issued guidance, Management and Oversight of Federal Information Technology (M-15-14), to heads of executive departments and agencies that meets the intent of our recommendation. The memorandum is intended to provide implementation guidance for the Federal Information Technology Acquisition Reform Act (FITARA)and related information technology (IT) management practices. The guidance, among other requirements, outlines specific requirements for agency CIOs. For example, a common baseline must be established for roles, responsibilities, and authorities of the agency CIO in managing IT as a strategic resource. It also aims to strengthen the agency CIO 's accountability for the agency's IT cost, schedule, performance, and security. The guidance provided in M-15-14, if effectively implemented, should help assure that agency CIOs are better able to carry out their statutory role as key leaders in the management of IT as defined by law and OMB.
|
| Office of Management and Budget | To ensure that CIOs are better able to carry out their statutory role as key leaders in managing IT, the Director of OMB should establish deadlines and metrics that require agencies to demonstrate the extent to which their CIOs are exercising the authorities and responsibilities provided by law and OMB's guidance. |
Closed – Implemented
The Office of Management Budget(OMB)subsequently issued guidance, Management and Oversight of Federal Information Technology (M-15-14), to heads of executive departments and agencies that meets the intent of our recommendation. The memorandum is intended to provide implementation guidance for the Federal Information Technology Acquisition Reform Act (FITARA)and related information technology (IT) management practices. The guidance established deadlines and metrics for implementing its requirements. For example, included as an attachment, OMB provided specific deadlines and metrics required for the Common Baseline for IT Management; the IT Dashboard, Tech Stat; Portfolio Stat; and acquisition management. In another attachment, guidance related to metrics for cost savings, performance indicators, risks management, project activity and data improvement requirements when reported information contains errors is provided. If M-15-14 is effectively implemented, agency CIOs should be able to demonstrate the extent to which authorities and responsibilities provide in law and OMB guidance are being exercised.
|
| Office of Management and Budget | To ensure that CIOs are better able to carry out their statutory role as key leaders in managing IT, the Director of OMB should require agencies to identify and document internal lessons learned and best practices for managing information technology |
Closed – Implemented
The Office of Management Budget(OMB)subsequently issued guidance, Management and Oversight of Federal Information Technology (M-15-14), to heads of executive departments and agencies that meets the intent of our recommendation. The memorandum is intended to provide implementation guidance for the Federal Information Technology Acquisition Reform Act (FITARA)and related information technology (IT) management practices. The OMB memorandum specifies instances and opportunities wherein agencies are required to identify, document and share lessons learned and best practices for managing information technology. If M-15-14 is effectively implemented, CIOs will be able to share lessons learned and improve work processes and increase cost effectiveness.
|