Power Seekers

he architects of the 1996 Clinger-Cohen Act had a grand vision of a corporate-like chief information officer in every agency with enough authority to chart the path of information technology. The CIO, as envisioned in the law, would join the chief financial officer and the chief operating officer or deputy secretary in setting the agency's strategic course. There is no doubt that Clinger-Cohen-which started life as the 1996 Information Technology Management Reform Act and was renamed in honor of co-sponsors Rep. William Clinger, R-Pa., and Sen. William Cohen, R-Maine-has prompted significant changes. Today's CIOs have much more power and responsibility than the information resources management directors who preceded them, and they exert far more influence over performance management for IT personnel and the development of IT architecture.

As described in the Clinger-Cohen Act, each CIO was to be in charge of all capital planning and IT investment while ensuring that IT projects were managed well and met investment criteria. Second, the CIO was to ensure the security of all agency systems and enhance business practices. Third, the CIO was to make sure technology was applied properly to ensure the improvement of agency processes.

Those requirements-a tall order by anyone's measure-may be part of the reason that CIOs, despite significant advances, have yet to take root as envisioned. Whether due to lack of understanding or of willingness, some agencies got off to a bad start in applying the law. Some hired CIOs who were too focused on technology at the expense of business acumen, while others simply named the existing assistant secretary for administration or the comptroller to the CIO's position. Although the law is being taken much more seriously now, there are other problems. There is a great disparity today in how effective CIOs are-or can be-given the structure of their agencies, the amount of power and authority they have been given, and how they are perceived by their peers, subordinates and supervisors.

In many cases, CIOs don't have the ear of the agency head because they are simply too far down the food chain. While some agencies, such as the Veterans Affairs Department, have placed their CIOs at the assistant secretary level, giving them ample power, other CIOs merely report to an assistant secretary, diluting their power and reach. "If you are a peer with assistant secretaries and undersecretaries, you're viewed that way. If you report to the deputy secretary and that person views IT as critical, you have a powerful position," says Roger W. Baker, CIO at the Commerce Department and co-chair of the CIO Council, a group of federal CIOs who meet regularly to develop recommendations on IT-related policies, procedures and standards. "At Commerce, the CIO has the full support of the Secretary and deputy secretary, which lets the CIO move forward and make the necessary changes. If you don't have that, it's a constant battle and CIOs are on their own to figure out how to manage."

Winning Power

Winning power requires a cultural shift that will no doubt take longer than the five years CIOs have been around, says David L. McClure, director of IT management issues at the General Accounting Office. "When we did our best practices report on the effective use of CIOs several months ago, we found that what makes CIOs most successful is when other senior managers value their input and want that advice and position to play a prominent role," McClure says. "If there isn't an encouragement or wanting of the CIO in the inner circle, it's hard to break in."

The way agencies structure the CIO position also can help CIOs accomplish more. "Take the [just-retired] CIO at the Agriculture Department, Joe Leo. He [had] the authority to approve every information technology transaction within the department, because it's written into the law. The rest of us don't," says George Molaski, the Transportation Department CIO.

"You have to establish credibility with the agency head as well as key members of the agency head's staff, the CFO and procurement executive committees," says James Flyzik, the Treasury Department's CIO and vice chairman of the CIO Council. "I believe I do have the ability to work with the CFO to get any key issue I need to the Secretary's attention . . . . I also have a healthy relationship with the assistant secretary of management and CFO, and that's a key ingredient if you look across agencies."

But more than anything, power-or the lack of it-is a major key to a CIO's success or failure. Because Clinger-Cohen fails to specify how CIOs should be chosen, agencies choose them any number of ways. CIOs who are politically appointed, for example, tend to have more power and influence than those who hold career positions. The CIOs at the State and Treasury departments are career positions, for example, but the CIOs at the Veterans Affairs and Defense departments and the Environmental Protection Agency are congressionally confirmed.

In many cases, CIOs simply don't have enough power to get the job done to the standard set by Clinger-Cohen, says Paul Brubaker, deputy CIO at the Defense Department. Brubaker was a key architect of Clinger-Cohen while serving as an aide to former Defense Secretary William Cohen when he was in the Senate. "CIOs are still relegated to an after-the-fact type of review as opposed to being proactive managers involved in the strategy of the organization," Brubaker says. "The only real power they have is to step in and recommend to the agency head that they don't think a particular system should be funded."

Elevating the Position

Many observers believe that to truly fulfill the vision set out in Clinger-Cohen, the CIO position must be elevated throughout government. One way to do that, they say, is to create a central authority for the position. "The biggest payoff in terms of e-government initiatives and other programs will be in interagency approaches where we can view the government from a customer perspective," Flyzik says. "Without some type of central authority who has control over interagency funds, we won't be successful in doing that to the degree that will be acceptable to the customers of government."

But that's where the debate gets contentious. While some believe there are valid grounds for creating a governmentwide CIO, others believe the power already lies within OMB and simply needs to be reinforced. Still others believe the same level of authority can be achieved by formalizing the CIO Council. "I'm less concerned with the title of the position than with the need to get that function off and running," Flyzik notes.

Perhaps the simplest change would be to make the CIO Council, currently under the leadership of the OMB deputy director for management, a permanent government entity by enshrining it in a statute. That would strengthen the role of all CIOs, proponents say.

"I'm a big believer of interagency working groups, and people ought to consider making sure they never go away, because they allow the government to share information across agencies and have many projects [that] involve more than one agency," says John Koskinen, OMB's deputy director for management when Clinger-Cohen was passed and later the government's Y2K czar. (He's now city administrator of the District of Columbia.)

But others are firm in their belief that CIO leadership belongs with OMB, which has had much of the responsibility so far. "If OMB would just strengthen its responsibility and authority in that area, it could work," says Gloria Parker, the Housing and Urban Development Department's CIO and a co-chair of the CIO Council's federal IT workforce committee. "OMB could mandate that we do certain things alike-that we all use the same investment technology process or e-mail system. Today, they just give us guidelines but are hesitant to tell the Secretary of a department what he or she needs to run their business. If OMB can't do it, and they have been mandated to do it, how would a federal CIO . . . make a difference?"

Seeking a Champion

Others say that to get a seat at the tables of power, CIOs must have a champion at the Cabinet level. And for many, that means creating a governmentwide CIO-someone who could plead their case at the highest levels of government. Duties might include evaluating high-risk, highly visible, high-dollar projects; helping set the government's overall IT priorities; helping to determine where technology could be used across agency lines; and playing a key role in addressing e-government and information security priorities.

"When Clinger-Cohen was first debated in 1995, we testified in favor of the creation of a federal CIO," GAO's McClure says. "It allows a central leadership role to be focused on larger items and issues that cut across agencies and are multidimensional in nature. By their very nature . . . agencies are going to be focused on their individual missions and objectives. Trying to step above that to common goals and opportunities for reengineering or consolidating technology processes and infrastructure requires someone who can . . . look from a governmentwide perspective." Having a federal CIO might make sense if the position were structured properly, says Daniel Porter, the Navy's CIO. "If it's just to oversee other CIOs, I don't think the new position is justified," Porter says. "But there are a set of roles that would clearly both inspire and justify the position of federal CIO, like setting priorities for this idea of citizen-centricity," he says, adding that other aspects of a federal CIO's mission could include development of a public key infrastructure and the use of encryption for network applications. "It could be sort of a national certificate authority," Porter says.

Richard Clarke, the Clinton administration's national coordinator for security, counterterrorism and infrastructure protection, said in early December that a governmentwide CIO confirmed by the Senate and accountable to a single congressional oversight committee is an essential element of a comprehensive federal cybersecurity plan. "We need to create a CIO with clout, with the budgetary authority and operational authority to create standards within the government and to enforce them within the government," he told participants in Microsoft's SafeNet conference for security and privacy. Clarke, who was appointed by President George Bush and retained by Clinton, said that a governmentwide CIO was too important to be held hostage to competing bureaucratic or congressional fiefdoms. The relationship between agency CIOs and a governmentwide CIO is a matter of some concern. While some, such as Porter and Brubaker, favor dual reporting where departmental CIOs would report both to the federal CIO and to their own department heads, others contend that would be divisive. Not everybody thinks appointing a governmentwide CIO is a good idea. Renny DiPentima, formerly CIO of the Social Security Administration and now president of government sector operations of SRA International of Fairfax, Va., a systems integrator and consulting firm, says doing so would be a step in the wrong direction. "With Clinger-Cohen, we put more power in program managers' hands to run their businesses the way commercial managers run their businesses. If we create a federal CIO, there is the risk that they could reinstate the approval process that says, 'you can't buy anything unless you come to me,'" he says.

Governmentwide CIO

But no matter which side people take, virtually all agree that within two years-and maybe much sooner-the United States will indeed have a governmentwide CIO. President Bush has said repeatedly that he believes the concept of the federal CIO is sound. Two bills are on the table, each promoting the idea. The Chief Information Officer of the United States Act, H.R. 4670, sponsored by Rep. Jim Turner, D-Tex., proposes to make the federal CIO a Cabinet official appointed by the President. Under that bill, the federal CIO would advise the President, chair the CIO Council and direct the IT budget to encourage innovative and cooperative IT practices in federal agencies. A second bill, H.R. 5024, the Federal Information Policy Act of 2000, sponsored by Rep. Tom Davis, R-Va., proposes to create an office that would take on many of OMB's responsibilities, including all IT management functions.

Whether there is someone out there who could fill this ambitious role is a matter of much debate. Many favor Koskinen, who rallied the troops and solved the government's Y2K problems. But when asked about the possibility, Koskinen says he's flattered, but unlikely to take the job. An October article in CIO magazine suggested Koskinen and four others-Laraine Rodgers, vice president of Emerald Solutions of Phoenix; former presidential candidate Ross Perot, chairman of Perot Systems of Dallas; Stephen Goldsmith, a partner at Baker & Daniels in Indianapolis and a Bush campaign adviser; and Ralph Syzgenda, CIO of General Motors Corp. in Detroit.

But Sally Katzen, former OMB deputy director for management, says it's simply too early to speculate on who would get the job or how it should be structured. "There is a new administration, and the new President and the director of OMB will have to think through how they want this function handled," she says. "It will depend on how they structure the role of the federal CIO and what the duties will be, how important the function is, and who he wants to be accountable for it."

Making Strides

In the meantime, things are looking up for CIOs. Strides have been made in the perception of the position as well as in the actual working relationships of CIOs. And, observers say, more improvements are on the way. Among other things, the Y2K issue did much to make agency CIOs more influential. And the increasing importance of e-government could do the same thing. "It's just like when CFOs were first put in place," HUD's CIO Parker notes. "They had to gain respect and find their place in government. It's the same with CIOs. Two or three years from now, I think you'll see CIOs heading up all IT investment strategies and IT capital planning for the department. They will be responsible for all business process improvement and for the IT budget, and they will have the power to turn things on and off based upon how well those projects are going. They would be at the same level in terms of authority [as] assistant secretaries. I would hope that at some point, if a CIO chooses to remove funding from a project, assistant secretaries wouldn't be able to get around that."

Individual agencies also are making progress. Slowly but surely, they are beginning to conform more to Clinger- Cohen's CIO vision. In the Navy, for example, CIO Daniel Porter has spearheaded the Navy-Marine Corps Intranet, acting as a key adviser to the Secretary of the Navy and the chief of naval operations. But progress will continue to vary from agency to agency, says Commerce CIO Baker. "In agencies where there is a growing contingent of management that truly understands what the CIO needs to succeed, you're going to see tremendous empowerment, and CIOs will get more and more authority each year," Baker says. "But where you don't have management that understands or [where you have] CIOs you don't trust, it's not going to happen as quickly."