CIO Management Responsibilities Remain a Challenge for Most Agencies

Federal agencies planned to spend more than $96 billion on information technology (IT) in fiscal year 2018. IT systems are critical to the health, economy, and security of the nation. But the government faces longstanding problems in IT management. For example, agencies have struggled to protect themselves against threats from hackers, terrorists, insiders, and other nations.

Congress established the federal Chief Information Officer (CIO) position to serve as an agency focal point to address IT challenges. Today’s WatchBlog describes shortcomings and challenges in carrying out federal CIO responsibilities.

Are CIOs fulfilling their responsibilities?

Federal laws and guidance assign agency CIOs with key responsibilities for effectively managing IT in six areas:

• leadership and accountability
• strategic planning
• workforce
• budgeting
• investment management
• information security

These responsibilities should be documented in agencies’ IT management policies. But we found most of the 24 major agencies did not fully define the role of their CIOs for any of the six key areas.

In addition, the 24 CIOs that we surveyed acknowledged that they were not always very effective in implementing the six IT management areas. If agencies don’t fully define the role of CIOs in their policies, they cannot effectively address long-standing IT management challenges.

Factors helping CIOs better manage IT

The 24 agency CIOs we surveyed frequently cited a number of factors as important in enhancing their ability to effectively manage IT. CIOs reported that clear guidance, legal authority, and their position in the agency’s hierarchy are factors that helped them carry out their responsibilities. For example, one CIO attributed much of the agency’s success in managing IT to good relationships that the CIO had with the agency head and that official’s deputy. Another CIO indicated that support from the head of the agency had enabled that official to cancel a troubled project and reallocate that funding to critical information security improvements on another effort.

IT management challenges

Half of the 24 agency CIOs we surveyed reported management challenges like the process for hiring and recruiting IT personnel, financial resources, and the availability of staff resources. We recommended that the Office of Management and Budget update its guidance to fully address these challenges.

Further compounding the management challenges is the lack of consistent leadership in the CIO position. We noted previously that CIOs and former agency IT executives believed it was necessary for a CIO to stay in office for 3 to 5 years to be effective and 5 to 7 years to fully implement major change initiatives in large public sector organizations. However, the median tenure for permanent and acting agency CIOs who had completed their time in office was about 20 months between 2012 and 2017.

How can effectiveness of CIOs’ management responsibilities be improved?

We made 27 recommendations to federal agencies to improve the effectiveness of CIOs’ implementation of their responsibilities for each of the six IT management areas.

We intend to follow up on our recommendations and monitor agencies’ progress.

To learn more, check out our full report.

• Comments on GAO’s WatchBlog? Contact blog@gao.gov.