IT reform's rocky road

When Congress passed the Information Technology Management Reform Act three years ago, it was hailed as the fix for the worst federal IT blunders, from drawn-out procurements to multibillion-dollar system failures. But today, agencies' compliance with the law is spotty, according to an FCW survey, and the law's provisions are not being enforced systematically.

Though 19 out of the 23 major agencies that responded to the survey said they have begun to make the management changes that the law - known as the Clinger-Cohen Act of 1996 - requires, 17 agencies reported they have not conquered each of its basic mandates, which range from setting performance goals for systems to determining employees' IT skills. Even some agencies that said they are complying with the law reported they have not completely met its goals.

As a result, some reform backers fear the effort to improve the way the government buys and uses IT could fizzle because of other IT priorities within agencies and on Capitol Hill. "I think [the reform philosophy is] at risk until you have an administration and leadership from the top and the bottom that are really committed to it,'' said Bert Concklin, president of the Professional Services Council, an IT industry trade group.

The lack of compliance has some agencies wondering what consequences, such as IT budget cuts, await them if they do not make more progress. "There is real essence in this law, and it only makes sense that someone is going to come back and say, 'Have you done these things?' " said Michael Tiemann, who is in charge of architecture standards for the Energy Department. Agencies that just "try to throw some mishmash" when Congress starts asking questions are going to be in trouble and could face budget cuts, he added.

The departments of Education, Health and Human Services, Transportation and Veterans Affairs and the Small Business Administration were the agencies responding to the survey that have met the fewest Clinger-Cohen requirements. The Nuclear Regulatory Commission and the National Science Foundation were the only two agencies that said they had met all requirements.

Congress passed Clinger-Cohen in reaction to years of high-profile IT failures, including decade-long modernization projects at the Federal Aviation Administration and the Internal Revenue Service that were aborted after multibillion-dollar expenditures.

Although the law has led to the cancellation of some large projects, including in 1997 the Health Care Financing Administration's $151 million modernization of the payment systems for Medicare, and sent others, like the first version of a Bureau of Export Administration system for tracking export licenses, back to the drawing board, not every agency is using the law to terminate, revise or reject IT project proposals.

To date, neither the Office of Management and Budget nor Congress has made compliance with Clinger-Cohen the ultimate test for funding agencies' systems, as the authors of the law had envisioned. OMB, however, requires agencies to justify their IT budget requests based on the law.

Deidre Lee, acting deputy director at OMB, indicated that OMB would rather work with agencies to meet Clinger-Cohen requirements than threaten to cut IT budgets to force agencies to comply. "We're working with agencies to ensure they understand priority-management objectives," she said. "But the question is, 'How can we help them?' "

The federal government spends $27 billion annually on IT. Clinger-Cohen aims to impose private-sector discipline on these expenditures, requiring agencies to manage systems as mission-critical investments, set performance goals for systems, use an integrated IT architecture to simplify how they manage them and ensure their work force, including top managers, has the skills to use IT effectively. The law created the chief information officer position in federal agencies and put these executives in charge of carrying out the mandates of the law.

According to the FCW survey, agencies have made the most progress devising capital planning procedures, which they are using to assess whether a system is a good investment. Almost all agencies said they have set performance goals and measures for their programs. But development of departmentwide IT architectures and work-force improvements have lagged.

Still, some agencies say they have made good on the Clinger-Cohen promise. "It's important to say that we're making a lot of progress,'' said Gloria Parker, CIO with the Department of Housing and Urban Development. "It takes a while to see results." Parker said HUD "shocked some major program owners" by freezing their funding because they had not properly accounted for their system proposals. "Now they understand," she said.

However, taking such action has not necessarily had a significant impact on how every agency manages its systems. "Many of these capital planning programs are just being designed and have not been implemented in a real decision-making setting,'' said Dave McClure, associate director of governmentwide and defense information systems issues at the General Accounting Office.

For example, the Defense Department has new capital planning procedures for selecting IT projects. But Paul Brubaker, who developed the law as a Senate staff member and now carries it out at DOD, said the department will not receive the funds to institutionalize it departmentwide until next year. "When it's finally done, it will have taken four years," he said.

"I've seen fairly mature selection processes," said GAO's CIO, Shereen Remez, who heads a subcommittee on capital planning for the CIO Council. "I think agencies are struggling with how to keep the focus on the project after the investment is made. No one likes to talk about problems, but if you don't...there's no way to redirect the project onto the right track.''

Agencies blame the nearly $7 billion Year 2000 problem for siphoning off IT staff and funding they would otherwise have devoted to management reform. "Everyone has been so consumed with Y2K that we haven't had a chance to focus on other things," said SBA's CIO, Lawrence Barrett. Once the date change crisis passes, there will be "a lot of backed-up demand for things to be done, so it will be important that you have a capital planning process in place.''

SBA said it had completed none of the Clinger-Cohen requirements. Nevertheless, Barrett said, the law has given him "a seat at the table'' with senior management to discuss not just the cost of IT but the contributions it makes to the agency. He has applied SBA's capital planning procedures to one major agency modernization program and hired Electronic Data Systems Corp. to help define the agency's future systems architecture.

Linda Ricci, an OMB spokeswoman, said the Year 2000 problem is OMB's "top management priority," but that "establishing sound capital planning and investment review practices as required by Clinger-Cohen [is] among the things we continue to move forward on."

Budget constraints kept some Clinger-Cohen's prescriptions from being a top priority for agencies, particularly when it comes to work-force improvements. NASA is "three to six months'' away from completing an agencywide employee assessment, retention and hiring plan, CIO Lee Holcomb said. "We've not been hiring for about five years,'' he said. "We are focusing on other human resource issues, trying to facilitate a smooth and effective downsizing. It's only now we're doing a 180" and starting to hire again.

NASA had a head start on other agencies making other Clinger-Cohen reforms. For example, the agency started to develop a systems architecture in 1994, two years before the law was enacted. The project took three years to complete. Elsewhere, such as at DOT, top IT managers have struggled to forge a common agenda among disparate agencies, each with their own budgets and technology priorities. Only this year have DOT officials started to craft an IT architecture for the whole department.

"Frankly, these processes have been stovepiped for years,'' said Diane Litman, manager of the information resources management division within the Office of the Secretary of Transportation. The department reported it had met only one of the six Clinger-Cohen requirements, setting performance goals and measures for its systems. Shrinking budgets for DOT's 14 agencies are "helping to force the issue" of integration, Litman said, but the effort depends on consensus by agency executives and the multiple congressional committees in charge of their budgets.

Agencies have few formal incentives to reform. Clinger-Cohen set no deadlines for when agencies should have met the act's requirements and prescribes no penalties. That leaves most agencies motivated mainly by fear that OMB or Congress will cut their budgets or place other restrictions on their operations if they do not show they are making progress.

"It's pretty clear the Congress and oversight bodies can create enough pressure to turn agencies and programs around,'' said Jim Flyzik, CIO at the Treasury Department, which reported compliance with all but one of the law's requirements.

At Treasury, an investment review board, whose members are the CIOs of Treasury's 14 bureaus, meets monthly to review and revise major IT projects. Last month, after completing a department-wide skills assessment, officials proposed strategies for hiring and training its work force. A report describing their findings and recommendations is expected soon.

Flyzik said the CIO Council provides peer pressure for agencies to make improvements. "We did work with Congress getting this in place," he said. "If it doesn't work, we're the ones that stand to lose.''

So far, however, Congress has not given Clinger-Cohen regular attention. An aide to the House Government Reform Committee who requested anonymity said agencies probably would have their progress scrutinized only if someone raises questions about a specific program that seems to be off track. Lawmakers will not hold any comprehensive hearings on Clinger-Cohen until next year, before the statute comes up for reauthorization in 2001.

Alan Balutis, deputy CIO at the Commerce Department, said that without a champion for the law in Congress to "continually keep light on it,'' agencies might not be giving Clinger-Cohen priority over other legislative mandates. The law's two sponsors, Sen. William Cohen (R-Maine) and Rep. William Clinger (R-Pa.), left Congress in 1997. Cohen became Defense secretary, and Clinger retired.

"We have suffered a terrible loss of key members and staff on the Hill who would naturally have followed up on the implementation of this legislation," Balutis said. "There is not a lot of interest now." As with any issue, Balutis said, if agencies knew legislators were watching them, they would give the law more attention. "They don't want to be the ones bringing up the rear.''

No Worse Than the Private Sector

In some respects, agencies may not be doing worse than many of the private companies that Clinger-Cohen asks them to emulate. For example, private firms also have trouble establishing and enforcing an IT architecture, said Paul Wohlleben, a former CIO with the Public Buildings Administration and now a consultant with Grant Thornton LLP.

Like the private sector, the government is battling CIO turnover, with agency CIOs leaving their jobs at a faster rate than their corporate counterparts. Corporate CIOs stay in their jobs an average of three years, said Gene Raphaelian, vice president for executive programs at Gartner Group. "A lot of times [they leave] because they served their purpose,'' he said.

In the government, 14 out of 23 agencies lost their first CIO within two years. "Part of what you're seeing with federal government agencies is that the expectation might have been unrealistic for what a CIO can and can't do,'' Raphaelian said, and the trend may lessen as the role of the CIO in each agency becomes better defined.

Renny DiPentima, a former federal IT executive who is now president of SRA Federal Systems, said the trend is "worrisome,'' because CIOs "need to take the long view.'' In the private sector, he noted, the results of budget decisions can be realized more quickly than in government.

Nevertheless, DiPentima, who has advised the government about how to make Clinger-Cohen work, said agencies have made more progress than he expected. "The coming together of the CIO Council [and the] numbers of people doing Clinger-Cohen-type work in the agencies tells me that a lot more is going on than anyone anticipated,'' he said. "I'm bullish that the act is making a difference.''

"It wouldn't have been appropriate to start whacking agencies in the head right out of the gate,'' DOD's Brubaker said. "We're asking for an awful lot here. It's just going to be incremental and somewhat gradual.''

-- Margret Johnston and Molly Ferrara contributed to this article.

***

How we did the story

FCW sent surveys to the 14 Cabinet departments and nine agencies for which the Clinger-Cohen Act created an executive-level chief information officer position and which are generally included in lists of "major" federal agencies.

Nineteen of the 23 surveys were returned. Answers from the surveys are summarized in the chart that accompanies this story as well as in details about individual agencies' activities reported in the text.

FCW also interviewed 22 officials from federal agencies, the General Accounting Office, the Office of Management and Budget, Congress and private industry and also reviewed GAO reports and agency IT planning documents.

***

Clinger-Cohen Survey

This survey about federal compliance with the Clinger-Cohen Act was sent to 14 Cabinet departments and nine agencies.

1. When was the current CIO appointed to the job?

2. Is he/she the only CIO in the department? If not, how many CIOs does the department have?

3. Does the department have a capital planning process for information technology?

4. Does the department have a performance plan that describes goals and performance measurements for IT systems?

5. Does the department have a documented IT architecture or a documented plan to achieve one? If not, have the department's bureaus or agencies established such plans?

6. Has the department selected standards for hardware, operating environments and application software? If not, have the department's bureaus or agencies done so?

7. Has the department assessed the knowledge and skills of its IT staff? If not, has this work been done at the agency level?

8. Has the department assessed whether its executive and management staff has the skills to meet the department's IT management requirements? If not, has this work been done at the agency level?

9. Has the department developed any plans for hiring and training staff and managers to meet its staffing requirements? If not, has this work been done at the agency level?

10. Does the chief information officer control the department's budget for information systems? If not, does the CIO advise the secretary on the budget submissions of bureaus or agencies?

11. Does the department have an investment review board that reviews the performance of department or agency systems and recommends whether they should continue?

12. Has the department canceled or revised any IT programs in the past two years because they did not meet performance or schedule goals? If so, how many?