Executive SummaryThe federal government should appoint a Chief Information Officer to fill the existing vacuum in directing and coordinating information resources management policies of the government. However, the job should be structured more like the powers vested in the Chief Financial Officer of the United States, rather than focused on improving existing information technology acquisition practices. The Committee should consider augmenting the Information Technology Management Reform Act with the following missions:
Oral PresentationMr. Chairman and distinguished member of the Committee. It is an honor and privilege to be asked by your Committee to testify about the proposed legislation.
I support the Information Technology Management Reform Act. It offers significant improvements over existing information management practices in the Federal government. The appointment of a Chief Information Officer (CIO) of the United States adopts commercial practices which recognize that efficient management, protection and preservation of information assets warrants the oversight by a top-level executive. In many corporations the position of the CIO is similar to that of the Chief Financial Officer. The CFO is charged with the efficient management, protection and preservation of the organization's financial resources and assets. As I see it, the role of the CIO is to assure the efficient management, protection and preservation of all information resources and assets. To this end, I recommend that the Act be amended to deliver what is truly needed by our government:
A. The Act should specify in greater detail how the CIO will influence the management of the government's overall information resources by other means than exercising oversight over the acquisition of information technology. In its present form the Act primarily addresses measures which reform the management of the $5-$8 billion of annual information technology acquisition expenses. Very little attention is paid to controlling and guiding information resources management practices that are estimated to cost over $200 billion per annum, once the acquisitions are completed. Fixing deficiencies in the current acquisition process is fine, but that misses the point of where the principal benefits from any reform in information resources would come from. Right now the estimated total annual costs of maintaining the government's information resources are over twenty five times greater than the annual cost of acquiring information technologies.
B. The Act should provide more explicit guidance on the roles and responsibilities of the CIO for outsourcing and privatization of information technologies. In the next few years outsourcing initiatives will surely exceed the funds spent on acquiring new systems. At present the Act focuses on reforming acquisition procedures and omits much needed direction on how to integrate what is left after most of the information technologies and information systems are managed by contractors.
C. The Act must address more thoroughly policies and roles of the CIO in minimizing the demonstrated vulnerability of information systems to disruption, corruption and destruction. Before corporate CIOs are allowed to introduce improvements through innovative and modern systems, they must first be able to answer if what is already on hand will survive and function as expected. I estimate the current accumulated installed value of computer operations in the Federal government to be well in excess of a half trillion dollars. If federal computers cease to function, the damage to the safety and well-being of our Nation could be a large multiple of that amount. The proposed Act as now written does not adequately acknowledge the severity of threats to government operations from information crime and information terrorism. Until that is remedied by insertion of Sections that will specifically empower the CIO to deal with matters related to information security, this new office will be open to public and Congressional censure as soon as there is a major breach in the security of government information systems.
D. The Act must explicitly address the preservation and improved sharing of intellectual assets held by the government that are embodied in the accumulations of software, databases, archival files and personal knowledge which is represented in the understanding of business processes by experienced and highly trained government workers.
It is fine to accumulate comprehensive records on contractor performance and to assure completion of projects on time and on schedule as currently detailed in the Act. It is far more important to ensure that each unit of our government benefits from our information resources investments by sharing the accumulated knowledge about information management practices in an open, accessible, timely and equitable manner. The Act does not offer the necessary principles, policies, institutional changes and financial means for achieving an information technology infrastructure that would compare favorably with those enjoyed by some of the largest corporations. I find that large multinational organizations achieve their largest savings and gains in effectiveness through sharing their knowledge how to simplify and standardize basic business processes rather than by placing most of their emphasis on how information technologies are procured.
Mr. Chairman, I respectfully request that the balance of my testimony which supports the oral presentation be entered into the Record. Thank you.
A. Unbalanced Expectations of what the CIO is Supposed to AccomplishThe Act accurately defines the concepts of "Information Resources", "Information Resources Management," "Information Systems," and "Information Technology."
The 1995 "Information Resources" for the Federal Government are at least $200 billion. Most of this amount is for salaries and benefits of federal employees who collect, process, maintain, use, disseminate and dispose of information. Information technology represents only about 13% of that amount, accounting for approximately $7,200 of expense per Federal employee. This is comparable in magnitude to per capita expenditures for commercial organizations that perform similar business functions. If the Federal Government is not severely overspending or under-spending for information technologies, why then call for an Information Technology Management Reform Act? Will fixing the information technology acquisition process - which indeed has much merit - deliver to taxpayers more effective information management for a government which is largely an information enterprise?
Government computers, as quoted from a paper issued by this Committee, do not "...detect fraud in federal student loans," "...prevent excess inventories at the Defense Department,", "...collect millions in civil penalties or billions in overdue tax bills," and "...detect rampant fraud in Medicare programs." Only organizations that have organized their human administrative and technology systems processes into a well integrated whole can accomplish that. Computers are dumb and do only what they are programmed to do. The programs are supposed to reflect what managers require. That does not seem to work well in the federal government because of fundamental flaws in its present information resources management practices.
Mischief and malfunctions in government operations are largely attributable to faulty information resource management practices, such as business processes that have never been subject to reengineering. There are hardly any computer mistakes because technical reliability of 99.9% is not only achievable, but can demonstrate mean-time-to failure well in excess of ten years. When systems failures are reported they can be always traced to managerial mistakes, faulty business processes and lapses in elementary good housekeeping.
While Director of Defense Information I could demonstrate in a large number of cases that unit cost operating savings of up to 70% were attainable over a seven year time period. Over three quarters of these savings had nothing to do with information technology. They were obtainable primarily from streamlining and consolidation of redundant functions and from business process redesign. Only after information resources management had delivered reformed business practices did it make any sense to computerize what remained.
The glaring malfeasance that GAO writes about are managerial and organizational failures first and foremost. In successful commercial businesses information technology professionals and contractors are very likely to deliver what is contracted for, especially if there are additional financial incentives to do so. In successful firms the accountability and responsibility for information resources management resides in the hands of operating managers. "Line" management remains accountable for benefits. Computer specialists are held accountable only for a small share of total information resource costs. Successful firms do not abdicate the management of information resources to technology experts. I do not think that the Federal Government should conduct its affairs otherwise.
Computers should not be budgeted and justified as separate functional line items by CIOs. Computers should be proposed, budgeted and justified by operating managers as catalytic contributors to achieving their business improvement plans. A CIO should not be asked to explain the benefits from computer investments or to explain how the overall computer budget of a firm relates to a firm's profits. Only business managers who balance all resources can do that.
The Act should not legislate that Federal and Agency Chief Information Officers become solely accountable to the President and to the Congress for the government's information resources. You should not expect CIOs to be solely accountable for directing and improving these resources. We do need CIO's, but their primary job should be to provide the leadership in showing how such accountability and responsibility for the $200 billion of information resources can be delivered by each Federal manager. After that is accomplished, you can then demand that the CIOs guide the $5-6 billion of annual information technology acquisition expenses so that the remaining $20 billion per annum for information technology operating and maintenance expenses are efficient, of high quality and responsive to the needs of the diverse customer constituencies.
In the information age information resource management is inseparable from all other acts of management. Effective information resources management always should come first in organizational priority, efficient information systems designs and architectures come second and information technology acquisition must come last. Unfortunately, many unsuccessful corporations learn this lesson too late. I believe that one should render to managers the responsibilities of management, and render unto the CIOs only that which is the CIO's.
Improved information resource management will not arise as the result of an improved computer technology acquisition process. That is what was wrong with the Brooks Act. While the original intention was to force an improvement in the efficiency of information resources by means of unique and stringent acquisition regulations, in actual practice it regressed to its lowest and least relevant common denominator.
I do not underestimate the cultural change that will be necessary to transform government managers, who have been reluctant to learn how to manage information technologies for the past forty years. One of the principal missions of the federal CIO is to make it possible for all federal managers to become proactive owners of their own information processes, whether computerized or not. Technology has now progressed so that operating managers can articulate their information requirements with confidence what they need, without having to master the details of how that may be accomplished. This hold true especially if the systems innovation cycle is kept much shorter than the managerial learning cycle. I recommend that you consider improving this Act to better balance the responsibilities between the CIOs and agency managers. After studying S. 946 I concluded that you expect too much from the new CIO position. The Act does not place the appropriate responsibility on information resources management where investment justification and budget accountability must always belongs.
B. Insufficient Guidance In Managing OutsourcingThe investigative report of this Committee of October 12, 1994 "Computer Chaos: Billions Wasted Buying Federal Computer Systems" correctly focuses on the flawed acquisition processes for major contracted information systems. The report did not diagnose why the federal government does not possess adequate means to manage outsourced information systems. The report failed to reveal that it was not only the acquisition process that was faulty, but that systems malfunctioned after they were finally delivered. The federal government's neglect can be found through the absence of attention to business process improvement methods, organizational design, benchmarking comparisons with best business practices and metrics that would highlight the lack of productivity of government information processes. Inadequate attention has been given to encouraging the disciplines that would improve information resources management The government has also neglected disciplines that would yield improved information systems designs, such as common information systems architectures, integrated computer-aided systems engineering tools, common data elements, data models, common graphic interfaces, software portability, shared communications protocols and systems integration criteria are particularly absent.
Instead, attention was focused on the ends - procurement of information technologies - and the not the means, which concern information resources management practices and systems design policies. The proposed Act falls short in remedying these deficiencies.
The cause of the "Computer Chaos" is the existing policy of treating each systems acquisition as a separate and discrete event with its own contract-specific technology solution. This has resulted in thousands of unintegrated, hard-to-maintain, impossible to manage contractor-dependent islands of automation. The legislation proposed by this Committee deals exhaustively with reforming the acquisition process for individual contracts. It does not add or specify sufficient powers to be held in the reformed system that would remedy the current inadequacies in managing the interoperability across systems that must ultimately link with each other. There is nothing in the Act that prescribes policies that mandate resource sharing. Even if the acquisition process is reformed, any unforeseen systems faults would become amplified after the system is finally delivered and then outsourced again for operations and maintenance. Given the way the Act is now written, what would be authorized as well controlled, but independent procurements, would become hard to manage as entrenched islands of agency specific methods and technologies.
This lack of a balanced policy is demonstrated nowhere as acutely as in the neglect of this Act to deal with matters of outsourcing and privatization of information services. Other legislation now pending in Congress calls for increasing the share of information technology to be contracted out to commercial vendors. Before any new legislation mandates such action, it should address how to manage the outsourcing of information technologies and how to harmonize the resulting operations with principles articulated in the Information Technology Management Reform Act. The CIO positions established by this Act are likely to spend more time in the next few years grappling with matters of outsourcing strategies than with any other issue. In the absence of explicit authority in this Act that empowers the CIOs to issue outsourcing policies, regulations, guidelines and policies, the effectiveness and the relevance of the CIO will be degraded. To highlight the importance of this matter, let me note the following facts:
The Information Technology Management Reform Act as currently written does not adequately address policies that assure that the federal government will effectively manage, coordinate and integrate information systems which are contracted out to commercial vendors. The Act does not prescribe what must remain as the government's core competencies and must remain inside the government as a responsibility for information resource management. The Act addresses in adequate detail how new systems are to be acquired by the federal government. It does not articulate what to do with what is already in place and what happens after new systems are installed. It does not specifically and constructively indicate the CIOs' roles to manage and integrate information resources which will increasingly reside in the hands of contractors. I favor the maximum amount of outsourcing of government information services to commercial enterprises, as long as one recognizes that contractors have good reasons to pursue their own technology choices, data definitions, systems design tools and unique solutions.
As currently written, this Act may succeed in eliminating much of the existing regulatory "Chaos of Acquisition" only to become saddled with a more costly "Chaos of Operations." Therefore the Act should include explicit principles and guidelines that stipulate how the CIOs shall pursue the achievement of interoperable and innovative outsourced systems that take advantage of shared economies. Specifically, the Act should empower the CIO to direct the delegation of functional tasks to inter-departmental "executive agents" on behalf of commonly shared processes that reach across existing lines of government organization. Such executive agents should be empowered to solicit contractor consortia for delivering support services for government-wide processes, similar to those existing in the commercial sector which support shared finance, personnel, logistics, transportation, telecommunications, cash management or banking functions.
In the information age the management of information resources is an essential attribute of the powers that every manager must have to exercise the essential duties of management. One can rent, contract out, sublet, license and delegate information technology. I subscribe to the idea that the commercial sector should perform that function to the fullest extent possible. But, I do not believe that oversight and integration of systems into synergistic and well-functioning management processes can and should be outsourced. You can manage with artificial limbs, kidney dialysis, or even a heart transplant, but not without your native-grown brain.
Any information technology outsourcing or privatization legislation should specify what functions, safeguards, capabilities and staff skills must be retained within the federal government before contractors may be employed to perform defined tasks. Guiding outsourcing policy should be one of the principal obligations of the Chief Information Officer of the United States.
The proposed Act should also articulate what are the human resource and managerial prerequisites that must be satisfied by each federal agency before an agency may be allowed to outsource mission-critical elements. The Act should specify the policies and safeguards that must be in place so that outsourcing actions will not result in short-term cost-reduction practices that impede or disrupt the ability of the federal government managers to function in the long run.
I have just completed a study of twelve of the largest commercial information technology outsourcing contracts awarded in the last four years. The evidence is overwhelming in that during the recent rush to downsize corporations, outsourcing was applied as just another means to shrink employment. Even though individual savings contributed by individual contracts may have been attractive, it did not follow that the performance of the organization as a whole improved. You may gain efficiency by outsourcing data centers only to discover that the ability to introduce business process innovations is crippled because of rigid contractual terms that favor efficiency over responsiveness.
A policy of outsourcing isolated bits of information processing technologies to realize lower costs for information technologies is not likely to deliver more effective information resource management to the government. Therefore, one of the principal roles of the prospective federal CIO should be to view outsourcing activities as a part of a coordinated effort that assures that each outsourcing move will contribute to a more effective government overall, both immediately and in the likely future.
This Act should stipulate that the CIO has the responsibility for directing that information systems outsourcing services become an enhancement that enables continued innovation and improvement initiatives by the government's operating executives who must remain accountable for delivering government services.
C. Inadequate Protection of Increasingly Vulnerable SystemsThe present functioning of federal government information systems can be seriously degraded, to the point of failure, by intrusions launched by technologically sophisticated attackers who use advanced software engineering methods in truly elegant ways. The most severe threat comes from experts whose interests are either terrorist or criminal. This suggests that the government CIO must exercise aggressive leadership coupled with the creation of a central coordinating authority with strong links to the private sector.
Ensuring the security, integrity and availability of information maintained on the government's systems must become one of the key responsibilities of the Chief Information Officer. The CIO of the United States must ensure that the federal government commits a significant share of its information systems resources to improving the integrity of the infrastructure that supports all government information processing operations. This calls for adopting realistic risk management practices throughout the government because interdependence, resource-sharing and consolidation increases vulnerability. I find nothing in the proposed Act which indicates that security matters deserve high priority attention from the CIO.
For example, the Act contains an extensive Section that deals with the maintenance of detailed records about contractor performance. The damage that can be inflicted by a single well-placed infoterrorist attack on a critical government information system can exceed the costs of contractor incompetence by a large multiplier. Yet, there is no indication in the Act that the Office of the CIO would collect, analyze and pursue incidents when information security infractions are detected. This unbalanced view about CIO priorities must be corrected by amending the Act to include the responsibility for the CIO to maintain and monitor compliance with information assurance policies.
Groups of knowledgeable and experienced people exist today within the federal government as well as in the private sector who are able to characterize the threats and can install practical countermeasures against information attacks. Presently, efforts which foster information assurance and security are diluted due to organizational differences, competing interests and disincentives to cooperate. As a result, whatever coordination in achieving information security that does exist today tends to be ad hoc and often dissipates the talents that could be applied to a coherent and decisive security effort.
The Act should define the CIO's leadership, policy roles and authority for coordinating information security assurance. Because of the sensitivities of the U.S. public to the role of government, it is imperative that this authority be constituted in such a way that the CIO will not infringe, without legal sanctions, on privacy rights and civil liberties.
The following information security functions and responsibilities should be defined in the proposed Act for the Office of the CIO with regard to governmental information systems security:
The proponents of this Act should realize that there is a price to be paid for streamlining, consolidation, standardization and outsourcing. Increased systems integration without increased emphasis on security is a prescription for disaster. Just as efficiency and integration permit those with a legitimate need and authorization to access needed information, they permit those without such authorization to obtain crucial and sensitive information. Not only cyber-terrorists and hackers pose a risk to federal information systems, but white collar businesses seeking an information advantage over competition. Information warfare is already waged on the economic front where technology competitors, foreign governments, foreign intelligence services and criminal elements with money to launder seek every advantage by exploiting security vulnerabilities of the government's information systems.
Unless increased vulnerability is offset by reliable protective means and well directed policies and practices under the leadership of the federal CIO, the benefits of reforms may be overwhelmed by their risks. Information security must be designed in the federal information systems at the outset. Responsibility for ensuring that responsible information security practices are both developed and practiced must be coordinated through a high level office. The CIO of the federal government must have the charter for reviewing government regulations, policies and procedures to ensure that they are designed to protect the integrity and security of the information maintained on federal systems.
If the distinguished members of this Committee think that my statements are unduly alarming let me assure you that based on my personal knowledge I feel completely justified in asserting that there is a clear and present danger to the security of the United States when some or most of the government's computers will cease to function. When we encounter the equivalent of an "Information Pearl Harbor" aimed at a government information system, Congress will surely look for accountability in setting overall information systems security policy. If Congress chooses to pass an Act to appoint the CIO of the United States, it should not be remiss in making clear what is expected of the CIO in this regard.
I did not say "if" a devastating event will happen. I said "when," because it is only a matter of time before crippling threats to the information integrity of the federal government will take place.
D. Inadequate Concern About Safeguarding Knowledge AssetsLong-term knowledge assets of any organization are:
The Information Technology Management Reform Act elaborates in great detail how to acquire rapidly obsolescent information technology, but neglects sustaining and enhancing our knowledge as a long term asset of the government. The Act does not articulate information resource management policies on how to manage the accumulation of useful new knowledge and how to preserve what already exists. Instead, it focuses on making better technology choices when making initial information technology acquisition decisions.
One of the primary missions of the federal CIO should be to shape policies and influence legislation that establish and preserve information investments that will have payoffs well beyond the short-term budget and election cycles. The Act currently does not specifically require the CIO to provide leadership in the formulation of policies that will result in the conservation of information systems assets.
It would be advisable for the Act to include Sections that specifically assign to the Office of the CIO responsibilities for tasks such as illustrated below:
D.1 Reusable SoftwareReusable software offers the single largest cost-reduction opportunity in the governments information technology budget. Hardware expenses have shrunk to less than 15% of typical information systems expenses for an agency. From now on, what matters in making information technology effective is software. By far the most decisive influence in managing the costs of systems is the competence with which the federal government manages its inventory of software, business process designs and data archives. The current Act's overemphasis on the acquisition of bargain hardware will not have much of an effect on total information resource costs. Putting pressure on unreasonable reductions in hardware costs will surely increase software, operating, support and user expenses.
To sustain a long and useful life, software must be portable from one computer to another. An acceptable level of portability exists when over 90% of application logic can relocate, without a major investment, to a new computing and operating system environment. The need for such high levels of portability comes from the imperative of preserving organizational knowledge that is embodied into software.
Acquisition managers and contractors usually do not think in such farsighted terms because they do not expect to be around when the benefits from software reuse arise. "Scrap and patch" is easier and often less rewarding than "build and recycle."
Therefore, the role of the CIO as currently described in the Act should be augmented to guide, and if necessary mandate, the construction, application and utilization of reusable software. The CIO should ensure that the government maintains software and business process "repositories" so that it does not have to pay for identical intellectual products many times over for each acquisition. The inventory of government owned or government-licensed intellectual products ought to facilitate the ability of contractors to lower their prices for systems to be delivered to government agencies, because they will be able to build upon what has come before and not incur the costs for reinventing what has been already paid for.
D.2 Standardization of Systems Engineering ProtocolsTo preserve valuable training, data, and software resources the government will need systems engineering tools that manage these long-term investments. Proper systems tooling allows the adoption of a "snap-in, snap-out" approach to technology insertion. This requires a high level of standardization of protocols and data formats which determine how intellectual products are connected with a knowledge "repository" and the available for linking with new applications.
In other words, the objective here is to make it possible for an obsolete workstation to uncouple from a network, so that a new one can take over without disruption. Standard systems engineering protocols should make it feasible to operate in diverse systems environments that meet the government-approved linking standards.
To achieve this flexibility requires the government to approve integrated computer-aided system engineering methods and data dictionaries that make it possible for contractors to compete in mixing and matching a wide range of computer models, using diverse operating systems that support a defined range of computer languages. Standardization of systems engineering protocols will make it easier to deliver mission-supporting information technologies that would continue to function through the transient phenomena of rapidly changing generations of hardware technology or versions of operating systems.
Without emphatic CIO leadership the acquisition and adoption of such systems methods will not happen. Therefore, this Act must explicitly state that the role of the CIO should be to guide, and if necessary mandate, the construction, application and utilization of reusable standard software engineering methods by government employees as well as contractors. The Act must be explicit how such policies become actionable and enforceable.
D.3 Business Process ImprovementThe gap in the current understanding by information technologists of what is needed to support rapid improvements in business processes is perhaps the chief reason why operating executives are dissatisfied with information systems support organizations. This misunderstanding is underscored by typically large annual expenditures for systems maintenance which often amount to more than 20% of the initial information technology development budget.
I view most of "maintenance" expenses as "development" cost overruns. Whenever a contractor is asked to make major changes in the logic of a program after the system is delivered, or launches on major integration efforts with other installed applications, I consider that to be a clue that business process improvement initiatives had not been properly matched to information systems development efforts. What usually masquerades as large maintenance expense is really an effort to patch over fundamental problems in design because the business process improvement effort became de-coupled from the information systems development process. The fault for this situation lies in the ambiguous language of the business managers, who are concerned with workflow, bureaucratic privileges and organizational relationships, as contrasted with the abstract logic of the systems people, who focus on procedures and systematic communications.
Policy guidance for business process improvement in the federal government should not be assigned to the CIO office. Business process improvement must rely on functional expertise. It involves tradeoffs that transcends information resources management concerns. In business process improvement projects information technology assumes usually only a small, even though catalytic role. Therefore, the CIO should concentrate principally on the introduction and promotion of methods that would seamlessly carry from the specification of functional objectives, though an exploration of alternatives, to the systematic construction of improved logic in computers.
The proposed Act should define the role of the CIO in specifying how business process improvement methods link with information systems designs, but not more than that. The Act should make clear that the expertise of the CIOs will concentrate on seeing to it that workflow descriptions as well as data models generated as by-products of business process improvement are captured as key elements in a "knowledge repository" of the government. The Act should not demand responsibilities from the CIO that have been explicitly reserved as roles of the government's operating managers
D.4 Open SystemsAs systems evolve, they should be designed and constructed to fit into a technological infrastructure that is independent of administrative processes and of proprietary practices by contractors or vendors. Open systems are desirable not only because they enable purchasing competitively priced equipment, but because they make it possible to develop information systems independently of technological and business changes. Open systems enable the rapid introduction of incremental operational changes without having to worry about the simultaneous insertion of technological innovation at the same time. Open systems are necessary to reduce the dependence of government agencies on super-large and one time revolutionary changes in favor of evolutionary adaptations that match the learning capacity of people.
The adoption of open systems standards offers an opportunity to preserve the value of the accumulated training and software knowledge of everyone who has contributed to government information systems over several generations of technological improvement. However, instituting technical openness as defined by CIO-promulgated software and communications technical standards is not sufficient. The increased volatility in how government organizations conduct their affairs calls for flexible designs that can absorb the shocks of consolidation, reorganization, privatization, centralization, decentralization, restructuring, realignment, reengineering and re-inventing. The design of information systems must be sufficiently robust to avoid expending large sums every time there is a major change in the scale or scope of operations. Open systems design must offer not only technological adaptability, but also much greater resilience in coping with rapidly changing conditions than is currently the case with systems projects that implement rigid specifications.
Pursuing open systems solutions is applicable to much more than computers. It is one of the most important policies for guiding the practice of information resources management, especially as it applies to training and developing the skills of government employees. Open systems offer a way to conserve general systems skills, since an employee does not have to track the technical minutiae of a rapidly changing marketplace. The payoffs from preserving and diversifying this knowledge capital are enormous because it enables government employees to be more responsive to government and customer needs, without having to become technical experts. My biggest problem with the Act is its omission of policies and guidance about the personal skills and career plans for civil service employees who will have to implement its provisions.
The greatest benefit of open systems is defined by what economists call the "residual value" of an investment. Extending the useful operating life of information systems offers greater economic life-cycle gains than perhaps any other influence. However, much of the current competitive contracting practices tend to favor rapid break-even periods, which is inconsistent with long residual values. The Act should state that one of the primary objectives of the Office of the CIO is to ensure that short-term budgetary incentives do not override lasting benefits to the government.
The immediate rationale for pursuing open systems, which is the preservation of knowledge, extends beyond adopting technical standards, which have been already assigned to the CIO in the proposed Act. The pending legislation should assign a much more comprehensive role to the CIO in becoming the chief advocate and guardian of open systems solutions. This influence will affect how agencies will coordinate their information resources across the entire federal government, and facilitate their sharing of proven business practices and processes. Open systems make it possible to break the contractual impediments that presently make it difficult for government agencies to enter into information technology-sharing arrangements. Open systems also inhibit the erection of proprietary barriers that are now created by systems contractors who must minimize their costs while maximizing their freedom to control what they do.
Open communications that connect inter-related governmental systems must allow for knowledge to be shared globally, irrespective of the technological conditions found locally. The institution of open systems solutions is mandatory to make computer-mediated work feasible and independent of agency, geographic location or functional specialization. Unless the proposed Act makes it possible for the CIO to enforce the adoption of open systems standards, the new position may not fulfill its promise of making available to information resources managers not only improved acquisition processes, but improved capabilities that are the essential characteristic of any well directed information resources organization.
ConclusionsThe placement of the U.S. CIO in the Executive Office of the President, as part of the Office of Management and Budget, is appropriate. It is a welcome change which fills a policy-making vacuum in a function that is critical to the functioning of effective government. The Chief Financial Officer (CFO) is already in OMB, because commercial, regulatory and fiduciary practices have recognized the responsibilities of the CFO for seeing to it that the recording, reporting and custodianship of corporate assets are an extension of the powers vested in the office of the Chief Executive.
Generally accepted financial reporting practices do not presently include measuring and publishing data about the value of accumulated information assets, such as the knowledge of employees, software and data. Yet the value of these assets now exceed reported tangible assets for over 80% of U.S. industrial corporations. Since the Federal government is almost entirely an information-based enterprise, the proposed Act should address as much the role of the CIOs as the fiduciary reporters about the custody of knowledge assets, as it concerns their roles in reducing acquisition and operating costs. The language of the Act should be revised to define the fundamental purpose of the CIO position in terms that are equivalent to those of the CFO.
Just a year ago the GAO reported to the Committee on Government Operations of the House of Representatives about the progress made in the first 3 1/2 years since the implementation of the Chief Financial Officers (CFO) Act. This GAO report stands out in its praise of the accomplishments of the Office of the CFO in instituting reforms that resulted in material improvements in government operations. I have examined this GAO report as well as other documents that relate to the effectiveness of the position of the CFO of the U.S. Government. I think that much can be learned from this experience of how that job was structured and from its track record. Perhaps the most important insight one can gain by comparing the relative stability and security of the jobs of corporate CFOs as compared with the rapid turnover and career instability of corporate CIOs. This concerns methods by which each of these executives project their organizational influence and power.
The CFOs have learned to leverage their roles by being recognized as close and trusted advisors of their Chief Executives. The CFOs have well defined fiduciary tasks as custodians of financial assets. They exercise influence through a network of appointees who can be relied to implement their central policy guidance locally. If a dictate is necessary, that is always conveyed through operating management where the direct accountability for results resides. Effective CFOs concentrate on mandating what ought to be done at times when plans and budgets for the entire enterprise are under review.
Most CIOs are only rarely seen as trusted advisors of their Chief Executive because they mostly do not have a well defined set of fiduciary responsibilities. In the absence of an adequate charter, such CIOs tend to exercise their influence through monopolistic power over the acquisition and custody of computers and telecommunications. This makes the CIOs' power rest on case by case interventions since they do not have the charter to assess the effectiveness of the uses of information resources. To fulfill the objective of achieving a substantial improvement in the delivery of information systems in support of the government, this Act should reflect many of the lessons learned from the ways the CFO of the United States and the CFOs of commercial enterprises operate. That will make the CIO of the United States a constructive addition to improving the management of the federal government in the information age.