Agency CIO councils perform offstage
Federal insiders expect larger role for internal councils
The CIO Council, a mandated product of the Clinger-Cohen Act of 1996, is well-known for its influence on governmentwide information technology projects, but relatively little is known about its cousins at the departmentwide level.
Yet those CIO councils, many of which predate Clinger-Cohen and the federal CIO Council, could have a greater impact on their department's IT developments, particularly as agencies tackle endeavors such as creating an enterprise architecture. The key to the councils' success is their structure, said David Powner, director of IT management issues at the Government Accountability Office.
The chief information officers "are ultimately accountable and responsible for the delivery of technologies [in their agencies,] but the CIO councils are needed to drive accountability downward and to make sure delivery is there in terms of costs, performance and so on," Powner said. "The councils also provide a vital link to agencies' executives and the higher level planning that goes on there."
If the boards of the CIO councils are effectively structured, then they will have that reach, Powner said.
The level of influence that agency CIO councils have on how a department uses IT can differ widely, however.
The Defense Department has one of the longest established CIO councils. Its charter is to act as the principal advisory forum for the secretary and deputy secretary on all IT matters, such as linking IT to DOD missions, strengthening the IT capital planning and investment process and ensuring that IT programs comply with broader DOD directives and strategic goals.
That mission effectively becomes a two-tier effort, said Herb Strauss, a vice president and principal national security analyst at Gartner Intelligence.
At one level, defense agency and service CIOs discuss the broad implications of topics such as security, privacy and IT budgets. At the second tier, command CIOs take a more hands-on approach and focus on their command technology strategies.
"The CIO Council itself tends to deal with such things as congressional directives on IT procurement," Strauss said. "The first idea of what should happen is discussed by the CIO Council, which looks for a degree of harmonization with those directives and other things such as legal considerations, and then it looks for ways to provide guidance and direction."
At the Commerce Department, two independent groups, the department's CIO Council and the IT Review Board, work in concert on IT projects. In this instance, however, the council is the junior partner.
"The council is comprised of the CIOs of each of Commerce's separate organizations plus the CIOs from each of the National Oceanic and Atmospheric Administration's line offices," said Karen Hogan, Commerce's acting CIO. "We use it as a forum to share information among the members about such things as e-government initiatives, guidance that comes out of the Office of Management and Budget and our security posture."
The council has a role in setting policies for the department, but its main purpose is for CIOs to educate themselves and improve their understanding of various subjects, she said. The IT Review Board handles substantive procurement and budget issues.
Some overlap exists because the membership of the IT Review Board includes the Commerce CIO and CIOs from large bureaus such as NOAA and the National Institute of Standards and Technology. But the department's CIO Council doesn't have time to handle specific projects, Hogan said.
"It meets once a month from 9:30 a.m. to 11:30 a.m., and the schedule is just chock-a-block," she said. "There's no time to consider specific programs."
Agency CIO councils' ability to guide IT development largely depends on the clout that the agency's CIO has in the executive hierarchy, said Jim Flyzik, a partner at Guerra Kiviat Flyzik and Associates, former Treasury Department CIO and former chairman of the federal CIO Council.
"It's a matter of credibility," Flyzik said. "Does the CIO have the support of senior leadership in the agency? If so, the CIO council can be very effective."
Various tools can help make the council effective, he said. When Flyzik was at Treasury, for example, he established a working capital fund controlled by the CIO and chief financial officer, but the department's CIO Council allotted the funds.
That gave the council ownership of and accountability for IT programs.
"What makes for both an effective department CIO and CIO council is that the CIO needs both the support of the agency leadership and credibility with his or her peers," he said. "That's such a big part of all of this."
In that context, the impact of the Homeland Security Department's CIO Council on IT programs could provide lessons as DHS struggles to integrate formerly separate agencies.
The department's council has no decision-making authority, spokesman Larry Orluskie said. But it is responsible for tracking and monitoring projects approved by the CIO.
The council also acts as DHS' enterprise architecture board to ensure that projects conform to the department's enterprise architecture.
DHS has come under fire for denying the CIO senior management authority, and the department's inspector general criticized the CIO's apparent over-reliance on cooperation and coordination within the CIO Council to accomplish departmentwide integration and consolidation objectives.
That circumstances are challenging. DHS is one of the most complex agencies, Flyzik said, and it is still relatively new, so department officials must define business processes at fairly rudimentary levels.
"It's a new agency with new leadership and an organization that still has to fall into place before we can expect" the council to have much effect, he said.
Flyzik said he believes the role of CIO councils will expand as the role of IT moves from being a support function to one that encompasses an agency's entire operation.
To keep pace with that change, he expects CIO councils to eventually merge with other bodies, such as human resources and CFO councils, and to become hybrid organizations with a wide range of skills.