While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Federal IT Acquisition Reform Act, draft legislation proposed by Rep. Darrell Issa, would, among other objectives, strengthen several CIO authorities.
The legislation primarily focuses on acquisition, but one of the thorniest issues it touches on is how lawmakers can strengthen the position of CIO within federal agencies. The bill makes some progress toward this goal, but I believe that many of the factors that make CIOs successful cannot be mandated by legislation.
One component of the act seeks to eliminate duplication and waste. The legislation attempts to address data center consolidation, classification of commodity IT assets, website consolidation, cloud computing and unnecessary governmentwide acquisition contracts. Frankly, I don’t believe good management can be legislated, and the common congressional technique of establishing a requirement in law (often at the micro-management level) and mandating periodic reports on progress has, in my view of nearly 40 years around the federal government, been largely ineffective.
Most of the objects of this component are low-hanging fruit that are already being addressed by initiatives led by the Office of Management and Budget. The real opportunity to eliminate duplication and waste lies in duplicate programs and systems, a much more difficult undertaking. This act does not address those areas.
Another key component of the act seeks to strengthen IT acquisition, certainly a worthy objective. Many advocates of strengthening IT acquisition believe we need a less complex system with more transparency, less process “gotchas” and capable people to handle the acquisition workload. My read of what Rep. Issa proposes is a discrete set of requirements that adds new centers, contracts, approvals and reports to Congress to an already too-complex system. As one old enough to remember life under the Brooks Act and its centralized IT procurement authority, I caution against any turn back in that direction.
CIOs do not exist in an organizational or leadership vacuum. To be successful, they must cooperate with other executives, such as those with financial, acquisition and human resources responsibilities, as well as with officials who lead mission programs. Attempts to strengthen these executive positions discretely may improve circumstances for a specific position, but run the risk of hampering the overall organizational management environment.
Many observers have called for the creation of a chief management officer for each department, to whom the functional executives would report. I believe this proposal is worth seriously examining, because achieving a collaborative management environment where organizational decisions are optimized for their contribution to the overall mission remains elusive in many federal organizations.
The Clinger-Cohen Act sharply reshaped the federal IT management environment. First, it repealed the Brooks Act, under which General Services Administration centrally held procurement authority for IT, and delegated authority to federal agencies. Second, it charged the Office of Management and Budget with responsibility for capital planning and investment review. Third, it established the CIO position in departments and selected agencies, with the CIO reporting to the agency’s senior official. The Clinger-Cohen Act also made revisions to the acquisition environment for IT.
While the Clinger-Cohen Act resulted in a number of improvements in how the federal government planned for and acquired IT, its implementation has fallen short in some areas. Many CIOs have never achieved the “seat at the table” the act envisioned. And while IT management practices such as capital planning, enterprise architecture and risk management have improved, the goal of these practices — improving the effectiveness of IT project management — continues to be a significant concern.
If we agree that certain characteristics are important to providing a platform for success for federal CIOs, the issue becomes how to create that platform. In my experience, successful federal CIOs should share these characteristics:
Authority: CIOs should have sufficient authority to acquire, develop, deploy, operate and secure IT in their organizations. Issa’s legislation would strengthen CIOs’ authority in the important areas of budgets and human resources.
Accountability: This characteristic creates the environment for proper authority to be assigned and exercised. Users of IT must believe that the CIO will be held accountable for delivering promised results.
Influence: To achieve success, CIOs must be able to influence other executives. It is important that peer executives to the CIO embrace the organization’s IT strategy and program. It is also important that the CIO be positioned to persuade these executives regarding the adoption of IT to improve mission and management performance.
Management Competence: Effective CIOs will be able to lead and manage their organizations, and in doing so, deliver IT services and solutions. Effective CIOs will also understand project management and be capable of overseeing execution of multiple projects.
Technical Understanding: CIOs do not need to be technologists — they can hire or contract for that expertise. Rather, they need to have a basic understanding of technology, especially with regard to the practical limitations of current products and services. They need to be able to evaluate and mitigate the various risks related to the deployment and use of IT.
The first question is: Which of these characteristics can be set in place by statute? For starters, the authority of the CIO can be effectively dealt with in statute.
While accountability can be established in statute, I believe the mechanics of how CIOs are held accountable and how their performance is measured requires more dynamic positioning. The statute should define the areas the CIO is accountable for and who will perform the evaluation, but not establish the mechanics.
Influence reflects the position of a CIO in an organization. If a CIO works for an organization where peer executives are political appointees and the mission of the agency is approached differently depending on the party in the White House, the CIO should be a political appointee. Otherwise, the CIO will not have the opportunity to be a trusted member of the political team, and will be rendered less effective. Influence is also determined by the personality and nature of the CIO, such as personal relationships and effectiveness.
Both management competence and technical understanding are based on the education, experience and success achieved by the CIO. I believe establishing statutory requirements for these characteristics would not be very effective.
In summary, while legislation can strengthen the federal CIO position, many of the factors that will determine success are based on the capabilities of individual CIOs and are not improved by statute. The officials who select federal CIOs must ensure that a nominee’s capabilities and experiences match the key characteristics for CIO success.