Despite numerous laws, executive orders and administrative cajoling, federal agencies still haven’t fully defined the authorities of CIOs when it comes to managing their IT enterprise.
As a result, the tech executives are being held accountable for the management and modernization of IT systems, often when they don’t have the workforce or the investment authority to manage them.
A new Government Accountability Office report published Thursday discovered an ocean of inconsistency and major gaps in how the 24 Chief Financial Officer Act agencies have defined the responsibilities of their CIOs in key IT management roles. Despite that, GAO says, “officials from most agencies stated that their CIOs are implementing the responsibilities even when not required in policy.”
“The agencies told us that despite a lack of sufficient policy in the six areas, they said that they were, in fact, implementing those responsibilities,” said Carol Harris, the GAO’s director of information technology and an author of the report. “Even in the absence of policy, they [said] they were still doing it.
The report detailed key CIO responsibilities required by law and compared them to how agencies were implementing them in policy, finding that none of the 24 CFO Act agencies were entirely compatible with federal legislation and guidance.
According to GAO’s research, agencies are best at ensuring their policies empower CIOs on IT leadership and accountability, budgets and information security, but they fall woefully short in strategic planning, investment and workforce planning.
In defining the CIO’s role in directing IT workforce policy — a key component of the President’s Management Agenda — the report found 12 agencies lacked such a policy, while another six agencies only minimally addressed it.
CIOs also said that financial resources, recruiting, and retaining personnel and workforce availability remained significant challenges. Six CIOs told the GAO they didn’t have the budget to staff their offices. At one of those, IT spending has increased by 40 percent while the CIO’s staffing budget has remained the same.
“The workforce is a critical area and that’s just one stunning gap that we are identifying,” said Harris.
In IT strategic planning, 13 agencies had policies that either minimally met or failed to address the responsibilities laid out by federal law, while 10 agencies only partially addressed it. Fourteen agencies partially addressed IT investment policies, while another seven only addressed it minimally.
“Again in the areas of IT workforce, IT strategic planning or investment management, those were areas where the CIOs themselves told us that they felt they were not effectively implementing in those areas,” Harris said.
The majority of CIOs said they felt only somewhat effective in managing their roles in those areas, with six CIOs saying they were “slightly” effective in overseeing IT strategic planning and workforce management.
The report noted that while the Office of Management and Budget’s guidance was a major enabler for success for 16 CIOs, it failed to account for all of the executive’s responsibilities — most notably how agencies were to address requirements laid out in FITARA around IT planning, programming and budgeting decisions.
GAO offered three recommendations to OMB:
- That OMB director Mick Mulvaney provide guidance for 12 CIO responsibilities not currently addressed in currently, with an added emphasis on workforce development.
- That OMB guidance be updated to address statutory requirements around the CIO’s role in “budgeting decisions and the management, governance, and oversight processes related to IT.”
- That OMB define the authorities CIOs have on IT spending and how agencies report that authority.
GAO officials also offered 24 recommendations for the CFO Act agencies they examined.
GAO officials also noted that after seeing a draft report of its findings, the White House issued its May executive order clarifying the role of CIOs. GAO officials said they would continue to monitor the order’s implementation.