The evolving role of the CIO

Technology is king in government. The federal government spends nearly $100 billion every year on IT and has embarked on a mission of modernization that will only put technology and its ringleaders closer to the spotlight.

It wasn’t always this way.

A common observation within the community is that before the Clinger-Cohen Act of 1996 codified many of the CIO authorities that have come to define the role, CIOs were viewed by agency leaders as glorified versions of tech support rather than C-suite executives charged with steering critical aspects of mission delivery.

“If you go back even more than 10 years ago, the CIO was seen as providing commodities — the desktops and the phones,” said Maria Roat, the Small Business Administration’s CIO. “I think over the last decade that has really changed to where the CIO is seen as a partner to the business.”

Roat and others argue that the role of technology in government has steadily shifted since the rise of the internet from being a tool on the periphery to playing an essential role in delivering services and achieving missions. CIOs are now weighing in on aspects of agencies’ budgets, procurement activities and human resources capabilities. As a result, many CIOs cite good working relationships with chief financial officers and visibility into budget and procurement decisions as essential to a their jobs.

Rod Turk, who serves as acting CIO at the Commerce Department, said today’s CIO needs to be “a 360-degree” executive — someone who understands not just technology but also contracting, communications, budgeting, policy and cross-agency collaboration. A failure to competently operate in any of those arenas can be fatal to a CIO’s career.

“That’s not necessarily bits and bytes,” Turk said. “It’s somebody who has a technical understanding but then applies it to those softer disciplines like financial management, communications, change management and contracting to get you what you need.”

David Wennergren, who served as CIO at the Department of the Navy and vice chairman of the CIO Council, said there is a hunger to fill in many of the gaps in knowledge and capabilities that have arisen from this spurt of technology adoption, but that desire has yet to solidify into a coherent modern role for CIOs.

That drive has in some ways boosted CIOs’ profile and powers, but Wennergren said it has also diluted those powers. As evidence, he pointed to the proliferation of other technology leaders at agencies, such as chief information security officers, chief privacy officers and chief data officers.

“Every time a new imperative comes up, we oftentimes try to address it by creating another chief,” said Wennergren, who is now a managing director at Deloitte Consulting. “While it helps sometimes to have a named leader who’s going to put energy behind something new, at some point it’s time to rationalize: What is it that you want your information leader to do?”

The most obvious answer would be to oversee and manage the government’s use of technology. Yet many former and current CIOs complain that they still lack visibility into and control over their agency’s IT spending decisions, even though lawmakers have passed legislation over the years designed to address those limitations.

CIO in name only

Tony Scott, who served as U.S. CIO during the final years of the Obama administration, was one of many former and current government IT leaders who said the siloed nature of many federal agency operations remains a primary impediment for CIOs.

“There are some agencies where you had very strong sort of historical norms and cultural ways of doing business that just weren’t going to change overnight because you…passed a law saying IT is important,” he said.

Indeed, some CIOs still struggle to control or explain IT spending decisions made by their agencies. IRS CIO Gina Garza shocked and angered lawmakers when she testified in October 2017 that her office did not know about or sign off on a $7 million bridge contract to Equifax for identity management services that was awarded less than a month after the firm announced a major data breach affecting hundreds of millions of Americans.

At the same hearing, Dave Powner, director of IT management issues at the Government Accountability Office, was asked to square Garza’s statement with the authorities that the Federal IT Acquisition Reform Act vests in CIOs. He replied that there are “walls between these organizations.”

That disconnect between a CIO’s authorities on paper and in practice is not uncommon. A GAO report released in January states that auditors identified billions of dollars in underreported IT obligations. Over half of the 22 agencies reviewed did not follow Office of Management and Budget requirements for CIO review of IT acquisition plans. In a randomly selected sample of 96 IT contracts, only 11 went through the CIO’s office for approval.

“FITARA was a good step in empowering our CIOs, but one of the things we found was CIOs were getting pushback from CFOs and weren’t getting the support they needed from agency and deputy agency heads,” said Rep. Will Hurd (R-Texas).

That realization was one reason Hurd drafted a provision in the Modernizing Government Technology Act that gives CIOs more budget flexibility in the form of working capital funds for IT modernization priorities. “You can’t hold the CIO accountable if he or she doesn’t have all the tools they need to do their job,” he said.

The Trump administration has also taken a crack at the problem by issuing an executive order on May 15 that is designed to further strengthen CIO authorities.

In a background call accompanying the order’s rollout, a senior administration official said strengthening CIO authorities to better align with their responsibilities was “something that previous administrations had made some progress on but clearly hadn’t solved.” The new order gives CIOs more input in the hiring of personnel, direct reporting relationships with agency leaders and better visibility into IT spending at their agencies.

Matt Lira, a special assistant to the president and the White House’s point person for government IT, said the lack of coordination within agencies have been a major impediment to modernization efforts and that more must be done if the administration is to accomplish one of the largest IT transformations ever attempted.

“We believe very strongly that structure dictates behavior and that behavior ultimately determines results,” Lira said. “And one of the key structural problems we identified last year is that the role of CIOs at agencies was…too often on a spectrum. Some agency CIOs are incredibly empowered and incredibly central to decision-making, [while others] are CIO in name only.”

He added that the agencies with empowered CIOs “were the ones — not coincidentally, I would argue — that achieved the most interagency success.”

A political evolution

Historically, government technology policy has been a fairly bipartisan affair. Two of the most impactful laws in the past five years — FITARA and the Modernizing Government Technology Act — were inserted into annual defense authorization bills through voice votes. In addition, the House and Senate unanimously passed the FITARA Enhancement Act last year.

Even today, some former and current CIOs characterize government IT as one of the last bastions of federal policy untainted by politics. Many prefer to keep it that way.

“I would hope [the position] doesn’t become political in the sense of exciting the molecules where you get a bunch of partisan battles,” Scott said. “Good IT is good IT, and I think we’ve been fortunate to have — at this point at least — good bipartisan support in Congress.”

David Bray, former CIO at the Federal Communications Commission, echoed those thoughts, telling FCW he believes federal CIOs operate best when they stay out of the political arena. However, he acknowledged that the trend toward politicization of the position is accelerating and wondered whether there is still room for nonpartisan CIOs in government.

Bray cited two incidents in the past five years that have set the position on a course for greater politicization: the botched rollout of HealthCare.gov in 2013 and the Office of Personnel Management data breach in 2015.

“Nowadays IT mishaps are more frequently used as political tools for one party to toss mud on another political party, even if the IT was challenged because of poorly written policy…or the project was under-resourced or digitized poor processes,” he said.

Both episodes created embarrassment for the Obama administration, and the fallout demonstrated how politically effective it could be to highlight the technological stumbles of your political opponents, even if the underlying reasons had little to do with ideology.

Adrian Gardner, until recently CIO at the Federal Emergency Management Agency, said that the more integral technology becomes to the delivery of an agency’s mission, the greater the impact it has on constituent and stakeholder perceptions.

“I think [the role] is definitely more political,” he said. “You think about the way that IT impacts the missions of these agencies and departments: It’s central to the way that they are executed. And when it goes wrong or it goes extremely well, we are impacting the brand.”

Not everyone views that shift as negative. In an environment in which many agency authorities and operations are criticized as being hopelessly siloed, having an explicit connection to the White House can sometimes help a CIO wade through the bureaucratic mire.

“I found being a senior political [appointee] very helpful,” said Stan Soloway, who was a deputy undersecretary of Defense during the Clinton administration and is now president and CEO of Celero Strategies. “I tend to lean toward the position that I’d like to see a lot of these C-suites be more political because they tend to have more authority and clout and ability to move things.”

However, that status can be a double-edged sword. Kevin Nally, CIO at the U.S. Secret Service, said making the role more political could benefit a CIO’s agenda when his or her political benefactors are in power but potentially undermine it when they’re not.

“My perception is if you tie yourself to a political party, eventually it is going to go away in four or eight years, and then if you want to stay in the federal workforce, you’re labeled,” he said. “It could hurt or help either way, but you’re tied to that party.”

According to GAO, nine of the 24 CFO Act departments have CIOs who are politically appointed.

A redefined role?

Much has been made of the recent turnover among federal agency CIOs. More than a dozen have stepped down, retired or been reassigned since the end of 2016. Many departments and agencies are still operating with acting IT leaders.

That turnover — which included the reassignment of career executives at FEMA and the departments of Education and Treasury — has been accompanied by the establishment of twonew White House offices: the Office of American Innovation and the American Technology Council. In addition, the U.S. CIO position went unfilled for more than a year. All those developments have led some to conclude that the Trump administration takes a different view of the CIO role.

“It’s clear that this administration has a different set of priorities,” one former CIO said. “They [cared] a lot more about setting up special assistants in the Office of American Innovation than they did about finding somebody to be the federal CIO.”

For its part, administration officials have rejected that narrative. Lira told FCW in January 2018 that White House officials are “strong believers” in the office of the U.S. CIO and supportive of agency CIOs in general. More recently, he pointed to the May 15 executive order as evidence of that support. “The game is over,” he said. “CIOs will be the central authority.”

What the Kent era portends

When the Trump administration picked Ernst and Young executive Suzette Kent to fill the U.S. CIO role, eyebrows were raised. Kent had no experience in government, and although she had worked on financial management IT systems in the private sector, she lacked a substantive background in computer science or technology policy issues.

Contrast that experience with some of her predecessors. Vivek Kundra spent most of his career shuttling from one technology leadership position to another in state, local and federal government. Scott was a technology whiz who, although he lacked government experience, had led IT operations for massive companies that included Microsoft, Disney and General Motors. Steven VanRoekel also had Microsoft experience, and Mark Forman and Karen Evans, who held the U.S. CIO job before it carried that label, were steeped in public-sector IT.

However, as many CIOs admit that technical knowledge and experience are taking a backseat to other skill sets, Kent might be a prime example of the position’s natural evolution. Scott endorsed Kent after speaking with her, convinced that she could help take the federal government where it needs to go in the era of IT modernization.

“Most really good CIOs I know are really agents of change, and I think Suzette has the capability and capacity to do just that,” Scott told FCW.

Kent said much the same in a speech in May during which she emphasized her role as a driver of transformation. “I am not here for my great coding skills, and neither are many of our other CIOs,” she said.

In a subsequent conversation with FCW, Kent elaborated on her role. “What’s important is not only being able to elevate and pull out the best of what’s already happening in government, but to bring some of those private-sector practices and implement that discipline more broadly,” she said. “There are some great places where that is being done, but there are others that we have to make industrial strength and sustainable, not just something that’s done for a single project.”

She also outlined many of the gaps in CIO authorities that would be addressed in the administration’s May 15 executive order.

“We’re still working on empowering CIOs with the full authority to affect the outcome for which we’re holding them accountable,” Kent said. “I mean things like setting the technology direction, authority to hire for the skills that are needed, authority to manage the budget and the opportunity to sit at the table with agency and government leadership.”

Of course, both Clinger-Cohen and FITARA were designed to achieve much the same goals. The result, though, has been a fragmented reality in which many CIOs are regularly locked out of key technology decision-making processes.

Dave McClure, who served at GAO and the General Services Administration, helped write the Clinger-Cohen Act in 1996. While drafting the law, he said, there was “a general confidence that if the CIO had a direct reporting relationship to the agency head, he or she would be empowered, listened to and naturally given greater responsibility in the budget area of IT.”

That didn’t happen, said McClure, who is now director of CIO advisory services at Accenture, and lawmakers eventually revisited the topic with FITARA in 2014. That law explicitly gives CIOs the authority to approve their agency IT budgets and major technology-related contracts. Yet as GAO has pointed out, that is often not the case.

Wennergren said creating statute after statute won’t solve the problem if the culture within an agency remains unchanged. “To me, the issue revolves more around: What does an agency think a CIO is there for and what do they want that CIO to work on?” he said. “Because if you think about it — I don’t say this in a denigrating way…FITARA was just sort of a reiteration of the message of Clinger-Cohen: Does your CIO have a seat at the table?” 

Furthermore, “you see all manner of things in federal agencies right now,” he added. “You see CIOs buried deep in an organization, CIOs who are direct strategic leaders reporting to the head of the agency, you see CIOs who are sort of stuck in the network administration and compliance regime of the agency, and CIOs who are viewed as transformation change leaders. I think more laws [and policies] don’t necessarily help solve this. But a recognition that the way we acquire and deliver IT has changed and what we are doing to actually embrace that change inside our organizations — that is more important.”