IG sparks dispute over CIO's power
Does the DHS CIO have enough budget authority? The agency and an auditor disagree.
Just how much authority over the IT budget does the Homeland Security department's CIO need?
A new audit argues that planning for the budgets has not been sufficiently centralized, but DHS managers disagreed with that assessment and are defending the current structure.
The dispute is outlined in the May 4 report from the DHS Office of Inspector General.
The auditor recommended that the Deputy Undersecretary for Management assign the Chief Information Officer centralized control over the department’s IT budget planning process.
The CIO needs to have an expanded role in the department’s budget planning process in order to identify problems in the component IT budgets before they become final, wrote Frank Deffer, assistant inspector general for IT audits.
DHS Management Undersecretary Chris Cummiskey defended the current organizational structure, saying the CIO has the needed authority already.
Cummiskey wrote in a response that the CIO is already “firmly integrated with the processes for making budget, financial and program management decisions within the agency.” The response was attached to the report.
Nonetheless, Deffer persisted in advising changes.
“We do not agree that the Office of the CIO is, as yet, ‘firmly integrated’ into DHS IT budget processes,” Deffer wrote. “We determined that the CIO needs to participate earlier in the budget planning process so that the CIO can ensure that component IT budget plans are in alignment with departmental goals and objectives. As such, we look forward to hearing more about the Department’s plans to ensure the CIO’s integration into the Department’s budget planning process to review, guide, and approve IT investments.”
Overall, Deffer concluded that DHS has tighter management over its $6 billion information technology portfolio than it did three years ago, but improvement is needed for its IT budget planning and staffing.
The audit gives DHS CIO Richard Spires credit for making progress in effectively managing IT at the department. Spires became CIO in 2009, a year after the most recent audit in 2008.
“Since 2008, the CIO has increased oversight and authority of IT by reviewing DHS component programs and acquisitions,” Deffer wrote. “This has enabled the CIO to make strategic recommendations to reduce costs and duplication.”
For example, the department has moved forward on consolidating data centers and networks, with cost savings anticipated. Also, there has been more effective management of IT portfolios, enterprise architecture, networks and acquisition, the audit said.
However, DHS continues to find it difficult to recruit people to manage its IT, the audit indicated, even though staffing levels have increased. Similar problems had been identified in the 2008 audit.
Since that time, the CIO’s office has increased staffing significantly, from 71 full-time employees in 2008 to approximately 344 full-time employees in 2011.
Another boost is planned this year, to bring the total to nearly 450 full-time employees by Sept. 30, the auditors wrote.
However, sheer numbers of employees do not address the need for more staff attention to budget planning. Currently, there is only one full-time employee in charge of IT budget functions, who performs about 75 percent of the portfolio reviews for approximately 90 IT programs, the report said.