OMB: Agency CIOs have IT authority

The chief information officers of federal agencies have ultimate authority for the governance, management and delivery of information technology programs in a department or agency, the Office of Management and Budget has said in a memo. The memo to agency heads from Clay Johnson, OMB's director for management, published Oct. 23 seeks to ensure that IT is managed effectively during the transition to the new administration, Karen Evans, OMB administrator for e-government and information technology, said at a briefing with reporters. “You want to be able to hand it off to the next administration and say this is the way that information technology is managed in each and every department….so they don’t have to start all over,” she said. The first people who will be placed in agencies will not be CIOs, but agencies still have to continue to deliver services, Evans said. Department and agency heads are to report to OMB by Dec. 1 that their IT governance aligns with the elements spelled out in the memo. Agencies will consult with OMB before they appoint a CIO and advise OMB about the authority, responsibilities and organizational resources that the CIO will have, according to the memo. CIOs do not work under the same IT governance authority in each agency. It was evident to OMB officials after speaking with agency heads and CIOs that every department manages its IT a little differently, Evans said. As a result of those meetings, the memo clarifies the CIOs' responsibilities under the Clinger-Cohen Act of 1996, she said. “This isn’t anything new; it is a restatement of our statutes, policies and circulars. But it brings into one place and provides a framework. It is very clear about what is expected of the department and agency heads as it relates to the management of information technology,” Evans said. CIOs also differ in terms of to whom they report in an organization, sometimes to the chief financial officer or the deputy secretary. The memo said CIOs should report directly to the head of the organizationm but doesn’t elaborate. “It doesn’t matter who you report to,” Evans said, adding, “It’s about giving you a framework to get your job done.” Some CIOs have sought paperwork from OMB that would establish them as a direct report to the head of their organization and assure them a seat at the executive table, she said. “The real value is when there is a problem in the department, are you one of the key members that the secretary calls to the meeting? Just because the [organizational] boxes and lines show that you report to the secretary doesn’t necessarily mean that they view you as a key member of the team that delivers results for them. That is what makes a successful CIO,” she said. The memo was meant to make sure that everyone throughout the department knew what the tenets are to manage IT, Evans said. For example, cybersecurity is a department priority and should be managed in that manner. The CIO is held accountable for that and should be given tools in order to do that. “The component organizations shouldn’t be able to go off and do their own thing. They’re part of the department, and they have to meet the risk profile that the department wants to be managed by,” she said. OMB listed responsibilities and tasks for CIOs that include: • Making sure the agency complies with the Federal Enterprise Architecture. • Ensuring that IT systems and services in the organization do not duplicate those available in other federal agencies. • Participating in budget formulation, prioritization and determination of IT resource requirements. • Participating in the selection, review and oversight of major IT investments and acquisitions.