IG: DHS CIO needs more pull

"Improvements Needed to DHS' Information Technology Management Structure"

The Homeland Security Department's chief information officer needs more authority over the department's information technology functions and more pull with the secretary, according to an inspector general report.

Under the act that created the department and the position, the CIO is responsible for departmentwide IT planning, budgeting and operations. However, the decentralized way that technology policy and operations have been set up within DHS makes it difficult for the CIO to maintain control over all the IT functions that are necessary to create a common technology infrastructure, according to the July report.

"Despite federal laws and guidance on establishing effective IT organizations, the DHS CIO is not well positioned to meet the department's IT challenges," the report states. "With limited resources to carry out his responsibilities, the CIO lacks the authority and the relationships with DHS' executive, line and IT managers across department components to guide them in applying technology to accomplish the department's missions."

The position of the CIO's Office — currently within the Office of the Undersecretary for Management instead of the Office of the Secretary — was the primary source of dissent among the inspector general and DHS officials. In a written response to the report, deputy secretary James Loy said that department executives feel the current structure does not hinder the CIO.

However, that structure puts the CIO below undersecretaries and component directors, which means the position "lacks the power and influence to advise senior executives on how best to implement and manage IT across the department," the report states.

The lack of authority and resources includes a shortfall in staff, despite the employment of detailees and contractors. The inspector general found that as of May, only 49 of 65 authorized positions had been filled, and officials also expressed concern that the total authorized number was also far too low to support a department with more than 180,000 employees.

The department as a whole has a large IT staff, but most of those workers are within the individual DHS components and not managed by the CIO. Therefore, the CIO's Office is focused on daily crises rather than "critical IT management responsibilities," such as developing and implementing departmentwide policies and systems for human resources management and information security, according to the report.

Loy agreed that DHS' CIO should manage all the components' IT functions, and said in his response to the report that officials would look at staffing levels.