Does the OMB memorandum change materially the roles of the CIO?
The OMB memorandum adds to the CIO responsibilities, as defined by the Clinger-Cohen act of 1996, a recommendations that CIOs should work with the Chief Financial Officers and Chief Acquisition Officers as well as with the Investment Review Boards (IRBs). * Such coordination should have the goal of terminating one third of all underperforming IT investments by June 2012. Though this objective useful, it cannot be construed as an enlargement of the CIOs role as portfolio manager for all of IT. The job of eliminating underperforming systems was always one of the principal CIO tasks.
The OMB memorandum adds to the CIO responsibilities the mission of managing “commodity IT”. CIOs are advised to pool agency purchasing power to improve the use of commodity IT. For instance this concerns dealing with e-mail, collaboration tools, human resources or administration. To achieve that, CIOs should rely on “enterprise architectures” and the use shared commercial services instead of standing up separate services. Although these recommendations are commendable, the government does not have an enterprise architectural design in place as yet. It has been unsuccessful in organizing efforts in which commercial shared services are used in the government. Though efforts have been made to organize pooled e-mail service in the Army, Congress has denied such funding. In the absence of establishing methods for pooling “commodity IT” funds, this enlargement is not executable.
The OMB memorandum adds to the CIO responsibilities a “program management” mission. This is largely as a personnel management function. In the absence of administrative rules it is not apparent how a CIO, without authority, can conduct annual performance reviews of component CIOs. He cannot be accountable for the performance of IT program managers, especially where such personnel reports to Acquisition officers. There is no way how CIOs can carry out the OMB dictated “program management” responsibilities to enlarge their authority.
The OMB memorandum adds to the CIO the primary responsibility for implementation of information security programs that support the assets and missions of an agency. Such authority is subject to an examination of implementation in “CyberStat” sessions conducted by the Department of Homeland security. In the absence of a qualified staff or funding needed to carry out such responsibility this enlargement of CIO responsibilities is lacking an understanding how security responsibilities are managed in agencies such as DoD, which accounts for more than a half of total government IT spending. The proposed enlargement in security matters not sufficiently explained to be credible.
The OMB memorandum requires the CIOs to participate in cross-agency portfolio management through the Federal CIO Council (CIOC). The objective would be to reduce duplication of IT spending across agency boundaries. In the absence of changes in the budgeting processes it is not clear how the CIOC can take actions that would pool agency funds into a multi-agency program. The CIOC is a committee without fiscal power. It cannot be seen as the basis for the enlargement of the powers of a CIO.
Memorandum M-11-29 from the Director of OMB makes an attempt to increase the power of the federal CIOs. However, the memorandum lacks substance. Other than increasing the coordination between CIOs there is no evidence that the powers of the CIO would change in any way.