Mark Forman and Paul Brubaker take issue with OMB's recent efforts to redefine the role of agency CIOs, saying they undermine the intentions of the Clinger-Cohen Act.
Mark Forman is co-founder of Government Transaction Services, a cloud computing services company, and was the first administrator of e-government and IT at the Office of Management and Budget. Paul Brubaker is CEO of Synteractive and former deputy CIO at the Defense Department. Both of them have also held senior staff positions in the Senate.
In the past 60 years, IT has been the most critical element of virtually every successful government management reform effort. On the other hand, dozens of audit reports and independent analyses show that the government always fails when it buys technology without changing the way it does its work. Indeed, best-practices research indicates that the ideal CIO is a tech-savvy business transformation guru.
However, smart use of IT is not the same as smart management of IT, and the government needs to be skilled at both.
Given our professional backgrounds and long-standing interest in how the federal government uses technology to improve its operational and mission performance, we were excited by the headline of a recent blog post by new Federal CIO Steven VanRoekel: “The Changing Role of Federal Chief Information Officers.” Our excitement quickly dissipated once we began reading the post and the accompanying memo on CIO authorities.
The memo outlined some laudable goals that mirrored the items in the 25-point plan to reform federal IT management, such as reducing duplicative systems, cancelling projects that are over budget and behind schedule, getting rid of systems that hamper agency missions, and eliminating waste. Those are all things we have written legislation to accomplish. And our practical, hands-on experience in achieving those desired but difficult outcomes has taught us that it is sometimes necessary to restate and recommit CIOs to the obvious.
As we continued reading, however, we noticed that the Office of Management and Budget was changing the focus on CIOs as strategic partners at the management table to something more akin to an operational technologist. The contrast could not be starker: The memo makes the CIO into the chief geek rather than the government modernization guru.
The Obama administration is attempting to hold agency CIOs accountable for achieving success in four key areas: governance, commodity IT, program management and information security. Good IT management has always been part of the CIO’s role. But the CIO is the chief information officer, not the chief IT officer. What the OMB memo fails to recognize is the role modern information management and technology play in resolving complex management issues at federal agencies — something we recognized and addressed in the Clinger-Cohen Act that created the agency CIO position more than 15 years ago.
When we were senior staff members in the Senate, we worked with the Clinton administration to ensure that CIOs would have a strategic role in decision-making at the top of federal agencies. We also sought to ensure that agencies did not buy technology for the sake of buying technology but rather examined and re-engineered their operational and mission processes and applied technology to achieve measurable improvements in operations or outcomes. We ensured that agency executives would be held accountable for achieving those outcomes because we recognized that many operational, financial, career and political leaders would need to work together to achieve those outcomes.
Governance: It begins at the top
Of course, governance is crucial to those efforts. It is a management organization concept, not a technology issue. Governance defines control over the use of resources for performing the mission, and the chain of command on resources runs all the way up to the president and often Congress. For governance to succeed, it must be supported and led by the agency head.
Now the Obama administration is asking CIOs to be accountable for successful IT governance. That approach works if IT is independent of agency programs and mission performance. But in order to function effectively, it must involve all the functional, financial and operationally relevant people in the organization. Moreover, it must be supported by the agency’s leaders, and they must encourage participation and hold participants accountable for outcomes and achieving the agency’s goals, which must be clearly reflected in its IT portfolio.
Commodity IT: Nice but not the point
Encouraging CIOs to focus on commodity IT purchases misses the point of what we were trying to accomplish with the Clinger-Cohen Act — although we suppose, as former Navy Department CIO Dan Porter once quipped, “IT beats the hell out of solving real problems.”
The commodity IT market is mature, and agencies can decide when and where they purchase such products as long as they are consistent with the agency’s technical architecture. The CIO’s time would be much better spent examining mission-related processes for which re-engineering and technology can create a measurable return. Spending valuable time squeezing every dime out of commodity IT vendors is counterproductive for CIOs who should instead be looking for innovative solutions that measurably improve performance.
Program management: Not the CIO's job
As David Powner, director of IT management issues at the Government Accountability Office, consistently and accurately observes, the government lacks the skill sets to achieve the outcomes we expect in areas ranging from engineering to program management, from acquisition to oversight.
Powner and OMB are correct in citing the need for an increased emphasis on program management. However, we believe that responsibility belongs in a program management office, preferably one housed in a functional organization that is responsible for executing the program. The responsibility for effective program management — or, for that matter, any other area necessary for the proper execution of a program — belongs in a functional area, not with the agency CIO.
Information security: An operational issue
Lastly, it is everybody’s responsibility to ensure that appropriate levels of information security are achieved. We agree that the CIO is responsible for asking questions during the acquisition process and even for requiring a security architecture for the program that is consistent with the agency’s overall security architecture.
However, making the agency CIO accountable for the overall performance of information security seems to be an attempt to push the CIO into a much more operational role than ever envisioned. The responsibility for ensuring adequate security must continue to rest with the agency head.
We hope that the current and future administrations will not shift the focus to buying technology for the sake of buying technology and will not diminish the role of the CIO as a key strategic adviser focused on achieving measurable improvements in mission and operational processes. Unfortunately, we noticed the absence of any CIO responsibilities for improving performance and efficiency in the two OMB memos released Aug. 17.
We believe in having CIOs assist in holding functional managers and agency heads accountable for achieving the Obama administration’s goals of lowering operational costs, turning around troubled projects and delivering meaningful functionality. We urge the administration to revisit those focus areas so CIOs can perform the strategic role that was originally envisioned for them and so we can achieve a more responsive government at less cost.