Do CIOs matter?

The Job requires a complex set of skills and AN ability to finesse the fine print

Ten years ago, when the Clinger-Cohen Act created the chief information officer position at the major executive agencies, most people assumed it would be a job largely about technology with a little business management thrown into the mix.

Now anybody who wants the job needs a much bigger résumé.

To survive and prosper, the modern agency CIO must be a proficient technologist, business master, top-notch strategist, excellent communicator and subtle diplomat. Anything less virtually guarantees second-class citizenship in the agency hierarchy and could lead to failure.

As information technology projects have become more integrated into the functions of a department or agency, CIOs' roles have also advanced, said Jeffrey Seifert, an information science and technology policy analyst at the Congressional Research Service.

Federal CIOs now serve as change agents for business modernization and transformation, Seifert told the House Veterans' Affairs Committee last year, and their relationships with agencies' top-level decision-makers can be critical to successfully implementing IT and e-government initiatives.

That means CIOs must be people "who have a deep contextual understanding of the mission and functions of an organization but who also bring a wide range of experience and perspectives to the position," he said.

Depending on how an agency applies Clinger-Cohen, CIOs are evolving from operations managers to become strategic advisers to agencies' executives or component organizations, said Karen Evans, administrator for e-government and IT at the Office of Management and Budget and director of the CIO Council.

CIOs' skills "need to really be evolved to the point where you can talk about how technology can be used to deploy transformational types of things going on within a department or an agency, but through a business approach," Evans said.

Therefore, the CIO's importance to a department depends on how extensively it uses technology to meet its mission. In some agencies, that means the CIO is a vital cog.

The Defense Department's CIO, for example, was seen as a lowly generalist in 1996, said Herb Strauss, a research vice president at Gartner Intelligence who focuses on global government and national security issues. But now, as DOD works on network-centric operations, the CIO is much more closely involved with the department's main mission. Now even three-star generals are talking about using military networks and the information infrastructure as weapons systems, Strauss said.

"The perception of what information means to the department has changed radically, and [CIOs] are now viewed as being much closer to the pointy end of the spear," he said. "They are considered as being much more involved with what the military does rather than as strictly a support function."

Other changes in the CIO function have been less smooth. At the Department of Veterans Affairs, some well-publicized problems with important IT projects -- caused largely by the department's infrastructure -- raised the ire of lawmakers and prompted a revision of the CIO's role in IT development at the VA.

The department's IT resources had traditionally been operated and managed along highly decentralized lines. Although charged with successfully managing the VA's $1.6 billion IT budget and 5,400 IT employees, CIO Robert McFarland had no direct management control or organizational authority over any of those resources. In many cases, IT management was possible only through indirect methods of supervision.

Following a recent review of the department's IT processes, the VA decided to centralize IT spending authority in McFarland's office while allowing individual VA administrations to retain authority over software development.

An even starker example of the forced evolution of the CIO's role came in early 2005, following the embarrassing failure of the FBI's Virtual Case File initiative. The FBI spent $170 million and four years developing the automated case-management system before deciding the software didn't work.

In February 2005, FBI Director Robert Mueller announced that the bureau's CIO would henceforth have control over IT spending.

"No funds are going to be disbursed in the IT arena without the CIO's approval," he said.

That level of control is still unusual for federal CIOs because the chief financial officer controls IT spending at most agencies and the CIO only makes recommendations. But CIOs are increasingly invited to join the CFO and other officers on teams responsible for budget decisions.

However, CIOs at most agencies generally don't have the clout that the Clinger-Cohen Act envisioned they would.

As the main individuals responsible for IT capital planning and investment at their agencies, CIOs were supposed to report directly to their agencies' top executive. So far, however, few do. At best, they tend to report to the deputy secretary, assistant secretary for management or someone in a similar role.

In some cases, that lack of status in the hierarchy has been cited as a reason for disorganization.

The Homeland Security Department, for example, has faced criticism for its seeming inability to create an infrastructure that would provide effective communications among its various agencies, which came into sharp focus during and following Hurricane Katrina.

The department's inspector general, Richard Skinner, has complained that the apparent junior status of the CIO within the DHS management structure is one of the main reasons for a lack of IT integration among DHS' various agencies, a view Skinner reiterated in a report published in December.

Despite legal requirements, the CIO is still not a senior manager with the authority to manage departmentwide IT assets and programs, Skinner wrote.

DHS has started to formalize the reporting relationships among the various CIOs within the department, but the DHS CIO still does not have sufficient staff resources to execute the planning and management necessary for IT integration, he said.

However, DHS officials argued that the CIO is indeed well-positioned to carry out the integration mission despite this apparent lack of direct management status.

In the past few years, IT has expanded from a support function to an inseparable part of the way agencies do business. Other government officials are also now saying that the reporting requirement of Clinger-Cohen might be passé.

It's no longer an absolute that the CIO should report to the department head, said David Powner, director of IT management issues at the Government Accountability Office.

"Some CIOs themselves are saying they don't have to report to agency heads," Powner said. "I think it's true that, in many cases, CIOs are becoming more of a strategic partner with others in agencies."

A proper enterprise architecture, for example, needs not only technical elements but also input from the business side, he said. In a move to bolster IT capital planning, many agencies are now deploying executive boards that include CIOs alongside other officials, such as CFOs and human resources executives.

CIOs don't need to report directly to an agency executive or have direct power over the budget to do an effective job, Evans said.

"It really is [the CIO] having a partnership with the CFO and having people understand what you're trying to achieve and that IT people are there to help everybody else in the department and the program offices," she said.

You can cite all the policy and legislation you want to say that the CIO has to have a seat at the table, she said. But in the end, the CIO has to earn that seat to keep it. And that respect comes from the value the CIO brings to an organization through results.

"When you go back and really read Clinger-Cohen, it's very performance-based [and] very results-oriented," she said.

And that, she added, is really what CIOs are all about.

CIOs at the helm

The Clinger-Cohen Act of 1996 established the rules of the road for the government's use of technology and mandated the creation of chief information officer positions at major agencies.

However, the law did not specify that CIOs should have budget authority, and many have had to take that power or convince their agencies' executives that they should have it.

Saving money on information technology was one of the driving forces behind the legislation. Under Clinger-Cohen, agencies were told they must achieve a 5 percent annual decrease in costs incurred for operating and maintaining IT and a 5 percent increase in operational efficiency by improving information resources management in the first five years after the law's passage.

The legislation also gave CIOs a road map for directing IT investments by requiring them to ensure that:

  • They have clear authority, responsibility and accountability for an agency's information resources management activities.
  • Investments support core mission functions.
  • Investments are consistent with the agency's architecture, which integrates work processes and information flows with technology.
  • Spending decisions reflect a portfolio management approach in which investments are based on potential returns.
  • They reduce risk and enhance manageability by discouraging "grand" information system projects and encouraging incremental, phased approaches.

Source: Clinger-Cohen Act


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected