2015 State CIO Survey

The state IT and business landscape continues to change, reflecting both emerging approaches to delivering IT products and services, and also the faster paced, more complex environment faced by state CIOs. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the emerging role of the CIO as a broker of shared services, and on the use of incremental software development approaches to accelerate the delivery of value to customers. These topics share a common theme – customer expectations continue to rise, and state CIOs must be agile enough to adapt to changing circumstances and to rapidly deliver business value. We also asked CIOs about the characteristics they felt were most valuable for a state CIO, and which dimensions of the role were most critical for success.

State CIOs continue to preside over an increasingly diverse set of service delivery models and sourcing options. Since 2010 we have asked CIOs to tell us what business models they are using to deliver IT services. Over that time period there has been a steady progression towards data center consolidation and increased use of outsourcing, particularly for IT applications and services.

We asked CIOs about their business model and sourcing plans for the future. As their responses showed, the dominant future business model for the state CIO organization will be a shared services organization leveraging managed services and application outsourcing to deliver a significant proportion of the service portfolio. We also asked CIOs to what extent they saw their state CIO organization migrating from a direct provider of services to a ‘broker’ of services. Every respondent stated that they expected in the future to be functioning as a broker of services for at least some of their services. This is clearly the state CIO business model of the future – the differences will be in the mix of services provided and in the proportion of assets that are owned and operated by the state.

Not surprisingly, a significant majority of CIOs believed that this transition will have an impact on the funding of the state CIO organization. Almost one third of CIOs feel that the overall revenue to the CIO organization will decrease as a result of the change. When asked for advice for CIO organizations transitioning into a broker role, the same two recommendations occurred again and again: consolidate first; and exit strategies must be written in contracts up front.

State IT projects continue to receive significant exposure and attention, both from state legislators and from the media. There continues to be a general perception that states are struggling to implement technology solutions. This perception – whether warranted or not – ramps up the pressure on state CIOs to improve the management of technology projects and to clearly demonstrate the value that their organizations are providing to business customers. Over the last several years there has been a pronounced movement in the private sector away from extended, traditional waterfall lifecycle projects and towards the rapid delivery of software in an incremental fashion, often using agile software development techniques. This transition is also beginning to happen in the public sector, but at a slower pace.

We asked CIOs how they would characterize the use of agile approaches within their state. Almost all states have some degree of agile development ongoing. However, for most states the use is limited to certain projects and not subject to any centralized oversight or guidelines. There are a few states who have pioneered a statewide approach to agile and who have invested in state-level training and project management office programs. The majority of states are not yet in a position to decide whether these approaches will be more or less successful than traditional approaches. Almost three quarters of CIOs anticipate increased use of agile software delivery approaches in the next couple of years. It appears that agile is definitely moving into the mainstream in state government.

The state CIO position operates in a challenging environment of strategy, operations, service delivery and policy. New service demands, technology platforms, sourcing models and development approaches add excitement to each day. We asked state CIOs to rank the three most important leadership traits to the critical success of a state CIO. By a wide margin, ‘Communicator’ was viewed as the most important, with ‘Strategist’ and ‘Relationship Manager’ the second and third most important.

With a multi-dimensional role, state CIOs have many touch points within state government and externally. Relationships with key state executives are paramount to the success of the CIO organization, especially if a lack of clarity exists regarding the authority of the CIO. When asked to rate the importance of each relationship, the relationship between the state CIO organization and the cabinet secretary/director ranked the highest. This relationship was followed closely by the Governor/Chief of Staff and then state Budget Director.

We also asked the CIOs what they viewed as the most critical dimension of their role. ‘Enterprise vision and strategy’ was the clear number one choice. The second and third choices were ‘Security and risk management’ – an area of concern for all CIOs at the moment – and ‘Align IT for value creation,’ which echoes results earlier in the survey that highlighted the importance of the CIO in driving value to the business.

State IT projects continue to receive significant exposure and attention, both from state legislators and from the media. There continues to be a general perception that states are struggling to implement technology solutions. This perception – whether warranted or not – ramps up the pressure on state CIOs to improve the management of technology projects and to clearly demonstrate the value that their organizations are providing to business customers.

Over the last several years there has been a pronounced movement in the private sector away from extended, traditional waterfall lifecycle projects and towards the rapid delivery of software in an incremental fashion, often using agile software development techniques. This transition is also beginning to happen in the public sector, but at a slower pace. As one illustration, the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in late 2014 and contains provisions for federal government agencies with respect to an incremental approach. The recent policy guidance issued by the Office of Management and Budget defines this requirement as “development of software or services, planned and actual delivery of new or modified technical functionality to users that occurs at least every six months.”

A key focus of incremental development approaches is the rapid delivery of working software into the hands of business users, and then continuously adapting to change as more is discovered about the nature and scope of the business problem. Many of the inherent characteristics of incremental software development do not align well with traditional public sector funding and management practices, particularly where procurement and contracting with implementation vendors is required.

We wanted to understand the current state of agile/incremental software development within state governments, and wanted to hear the thoughts of state CIOs on the appropriate use of agile/incremental approaches. Although there are many incremental software development approaches available, agile is by far the most commonly used approach, and we used the term ‘agile’ to refer to incremental approaches in general throughout the survey.

We began by asking CIOs whether their state defined standards or guidelines for agile software development and project management. Almost half of the states already have some kind of standard or guideline for agile software delivery, and another third are developing one.

We then asked CIOs how they would characterize the use of agile approaches within their state. As the table below shows, almost all states have some degree of agile development ongoing. However, for most states the use is limited to certain projects and not subject to any centralized oversight or guidelines. There are a few states who have pioneered a state-wide approach to agile and who have invested in state-level training and project management office programs.

Given that use of agile approaches is beginning to be fairly widespread across the states, we wanted to understand how successful these approaches have been considered to-date, especially in comparison to traditional waterfall approaches.

Consistent with the limited/trial adoption of agile in most states, the majority of states are not yet in a position to decide whether these approaches will be more or less successful than traditional approaches. One fifth of states though – generally those who have invested in more structured agile programs – state that agile approaches have been superior to the traditional waterfall approach. CIOs who had experience using agile approaches in their states provided the following advice and commentary on the adoption of agile:

• “It really depends on the project on whether agile or waterfall is the more successful methodology. You need to select the right methodology for the right project.”

• “The key we have found is the level of business involvement makes all the difference. Where the business commits to participate, agile is far superior. If the business wants it to be “all IT” then it fails.”

• “In some cases, agile/incremental approaches have been very successful. It is entirely dependent upon the program/project manager’s level of maturity and ability to coherently work with oversight and procurement. It is critical that program/project managers have a proficiency in agile/incremental, not only from an operational perspective, but also from a sourcing and vendor management perspective. Some folks talk a good game, but really have only learned the buzz words and end up essentially trying to hybridize agile/incremental and waterfall. Additionally, our boiler-plate deliverables-based contract paradigm will need adjustment, which we are using pilot engagements to help steer.”

• “Business owners need a change of perspective: if they are thinking that a project has to last longer than two years, then they are probably thinking about the business problem the wrong way.”

• “Let success prove itself – you can’t convince people on the theory.”

To further investigate the factors that drive successful adoption of agile approaches, we asked CIOs their views on the top three critical success factors for the adoption of agile on projects. By far, the most common factors cited were picking the right types of projects on which to employ agile, effective training of staff, and the use of agile-specific project management methods and tools. A significant number of respondents also mentioned the use of experienced agile coaches as a key to success.

Where you have employed agile or incremental software development approaches on projects, what were the top three critical success factors?

We then asked CIOs, given their experience to-date, how they saw the use of agile approaches changing in the next 12-24 months? Almost three quarters of CIOs anticipate increased use of agile software delivery approaches in the next couple of years. It appears that agile is definitely moving into the mainstream in state government.

As CIOs considered the increased adoption of agile, they also offered some specific thoughts on the circumstances where agile methods may or may not be an appropriate choice:

• “The hardest problem in state IT is getting your authorizing environment to fund projects. Taking an incremental approach where you can deliver tangible value at each step is the most effective way of selling the projects you want to create.”

• “We no longer believe that the 2+ year project fits within the state application context. Too much changes over that period of time (business needs, elections, legislative sessions, federal government) and state government has not been great at the IT planning and anticipation process. The move to more rapid projects and development approaches are to lock in the benefits quickly and not wait for large projects where the benefits are delayed.”

• “The current method of planning the whole project takes too long on the big projects and the users continually change their requirements due to their evolving business. We need to deploy smaller pieces of functionality in a shorter period of time.”

IT procurement is always a subject of interest to state CIOs, and the intersection of agile with state procurement processes creates a number of interesting challenges. We asked CIOs how well they saw their state’s procurement and contracting policies matching the needs of agile software development approaches.

Only one quarter of CIOs believe that their state’s procurement and contracting processes fully support agile and incremental software development approaches. Some specific comments from CIOs on this topic included:

• “Arguably one of the biggest problems we have. More of an issue of expectation setting with the authorizing environment than contracting.”

• “The main disconnect is that agile is focused on fixing time (sprints) and letting the scope vary (project velocity), while procurement is historically more interested in fixing scope (project milestones) and letting the time be determined later.”

Although agile-specific project management methods and tools are considered very important by CIOs, relatively few states are putting in place agile-specific procurement or contracting methods. Two-fifths of states are making no changes, with about one fifth of states creating specific contract vehicles and contract types. Only about one-in-ten states are adopting more incremental approaches to requirements management or are changing oversight approaches to address the different circumstances of agile projects.

Finally, we asked CIOs what advice they would have for other state CIOs who are looking to explore increased adoption of agile or incremental software development approaches. The most common advice CIOs provided included:

• “Agile projects have a very hard time determining when they are ‘done.’ Rework is a real problem. If you don’t like rework, don’t do agile.”

• “Educate business customers on the value of agile development vs. waterfall. Ensure your customers (agencies) are truly ready for the sprint style approach, and fully understand the increased involvement/ commitment needed by agency resources as compared to traditional methodologies. Finding a champion who is capable of putting the ‘state government’ harness around an agile project is critical.”

• “Secure agreement from the business side early in the project effort and demonstrate success through a pilot initiative. The quickness of seeing a solution that is available to the business really demonstrates the value of agile and incremental approaches. With the challenges of state procurement and funding cycles, it truly helps to have full products available throughout the lifecycle of the project. Also, leveraging existing agency/business partners to advocate for the efficacy of agile to other business users really makes a huge impact. They become champions and coaches for the use of newer processes that more quickly meet business outcomes.”

• “Get a coach! Don’t try to do Scrum without a coach.”

Moving to a topic that we have tracked regularly over the five years of the CIO Survey, we polled CIOs on the state of technology procurement. In past years, procurement has been a top area of concern for CIOs, who have often questioned the ability of their state’s procurement entities and processes to effectively procure and contract for complex IT solutions and services under procurement laws designed in bygone eras. Additionally, CIOs consider lengthy procurement cycles problematic as technology innovations make timely purchasing imperative. The shift to a services-centric acquisition approach for IT has added to the disruption.

The 2015 survey responses indicate a clear split in opinion over procurement. Roughly one-half of CIOs (47%) exhibit negative outlooks on IT procurement processes. On the flip side, the same number of CIOs are very or moderately satisfied with the current system of IT procurement in their state.

Those who find procurement wanting note that archaic laws and regulations hamper acquisition processes, and several report that new and evolving computing models – including cloud and agile – are not well supported. Some samples from CIO comments:

• “The current system purchases IT the same way it purchases cars, copiers, etc. This is problematic for IT purchases particularly as we move to Agile.”

• “State procurement does not handle the rapidly changing environment of IT effectively. We see this often during large system replacements requiring longer than nine months to implement. While it is possible to maneuver within the guidelines, it takes consistent focus and intention. We are working with our state legislature to analyze overall procurement rules and processes to build awareness and to improve these efforts."

The state CIO position operates in a challenging environment of strategy, operations, service delivery and policy. Regardless of the state’s organizational and governance model, state CIOs have broad responsibilities for information technology within the executive branch and with agency customers. A core responsibility common to almost all is support of the technology infrastructure and initiatives directly related to security and infrastructure consolidation. While CIOs invest time and resources supporting these core elements, the landscape is shifting, presenting more opportunities and risks. New service demands, technology platforms, sourcing models and development approaches add excitement to each day. Like many other state leaders, the CIO must wear multiple hats and expect surprises. To be successful in this environment requires important leadership traits or attributes. What are these critical attributes? What skills and disciplines do state CIOs consider the most important? From a list of options, we asked state CIOs to rank the three most important leadership traits to the critical success of a state CIO.

In your experience, what are the three most important leadership traits or attributes to the critical success of a state CIO?

It’s evident the respondents are focused on communications skills and relationships as being the most critical to their position. Key attributes of a successful state CIO are the ability to outline their vision, build consensus, engage stakeholders, partner with vendors, promote innovation and drive change. Effectively communicating the strategic vision, enterprise policy imperative, security risks or business case investment is crucial in a setting of constant change, growing demands and fixed resources. These issues are only “heard” when communication is effective.

Being viewed as a strategist and establishing relationships are ranked highly because it’s vital to the evolving role of the state CIO. No longer just focused on infrastructure operations, the enterprise leader of the IT business is emerging as a leader who creates value for the enterprise. In addition, being a change manager, motivator, negotiator and facilitator are all attributes that resonate with state CIOs on any given day.

Technologist is not viewed as a highly important trait, but clearly necessary. Given the CIO role, this may seem surprising to some, however cultivating the “soft side” of leadership is perceived as more important to their success. In a state government organization with many non-technical stakeholders, state CIO communication often involves a “translator” role from the standpoint of technology capabilities in meeting business demands.

With a multi-dimensional role, state CIOs have many touch points within state government and externally. Relationships with key state executives are paramount to the success of the CIO organization, especially if a lack of clarity exists regarding the authority of the CIO. When asked to rate the importance of each relationship, the ratings were tightly clustered among four key officials, with the relationship between the state CIO organization and the cabinet secretary/director ranked the highest. From an organizational and reporting perspective, this result should be expected. Just more than half of the state CIOs report to a cabinet secretary or department director and not the Governor. This relationship was followed closely by the Governor/Chief of Staff and then state Budget Director. These results are generally consistent with previous NASCIO research and surveys, however CIOs often highlight the importance of a strong relationship with the budget director to gain support for initiatives and influence enterprise IT investments.

Even with the diverse organizational and operating models across the states, it must be noted that relationships with agency executives, agency CIOs and agency customers are all ranked in the top tier of importance. CIOs recognize alignment with the business side is often challenging and fostering these relationships is important to their success. This will become more important as CIO organizations move gradually to a broker role in IT service and solutions delivery. In similar fashion, CIO organizations are generally responsible (or required by law) to articulate the strategic IT direction, create governance and issue IT policies. The relationships with agency CIOs is critical with these endeavors because stakeholder input and ultimately enterprise buy-in is essential to success.

In a formal sense, the authority and responsibilities of the state CIO position is often contained in statutory language with broad intent. In practice, executing on these responsibilities to meet the needs of state government, drive results and produce outcomes highlights a long list of critical success factors for state CIOs. In fact, some CIOs might contend that many of these factors are equally critical and close in priority. Some are intertwined and interrelated and so it may be difficult to limit to discrete choices.

However, when asked to consider the important critical factors and rank the top five, several rise to the top of the weighted calculation, with enterprise vision and strategy a solid number one. The top ten selections are presented in the table above.

Security and risk management ranked second is an accurate reflection of the current cybersecurity posture in the public sector. State governments are at risk and the state CIO is the designated lead for all things cyber.

In 2015, we return to Enterprise Data Management, a topic first polled in a comprehensive manner in the 2014 CIO Survey. State agencies and CIOs are wrestling with a host of challenges around data governance, legacy data, data access and sharing, and major new flows of data from new sources. The survey included a short section with questions seeking to capture progress on data management practice and technology maturity, breadth/scope, and in advancing the role of the CIO.

Again, the findings indicated that states are mostly in the earlier stages of a truly “enterprise-wide” approach to data management. Less than 5% stated that they possessed formal data management policy and practices.

How would you characterize your data management function in-terms of importance and maturity?

Enterprise data management programs present a fragmented picture, as states’ programs and practices range from comprehensive and fairly mature to narrowly-focused and immature. The majority of states remain in the planning or start-up phases of their enterprise data approaches – and very few (2%) are enterprise-wide programs.

What best describes the scope and breadth of your state's enterprise data management program?

CIOs see a wide array of possible roles and responsibilities for their organizations in the management of enterprise data. The two most popular responses aligned with the 2014 CIO survey – taking the lead in advocating for data as a strategic asset (59%) and on the need to develop an enterprise data strategy (48%). Notably, the majority of CIOs see a current role as the lead and advocate for strategic data use but only 42% recommend that the CIO occupy this role going forward.

Mobile devices and applications have continued to be a high priority for a majority of CIOs. In the 2013 and 2014 surveys, we covered mobility in deep detail, finding that mobile initiatives were moving higher in importance and visibility – resulting in better agency coordination and collaboration – across state governments.

In our 2015 survey, we’ve again asked CIOs to report on the status of mobile devices and applications projects. A combined 50% of respondents report that such projects are in either the essential or high priority category. Those levels reflect a slight drop from the 60% total tallied by the “essential” and “high priority” categories in 2014.

Regarding technology approaches to increasing mobility investments, state CIOs are taking a hybrid approach – with the clear majority using a mixture of native mobile applications and responsive web design.

We asked CIOs about their cybersecurity program and compared their responses to those they provided in recent surveys of 2014 and 2012. As the figure below shows, the overall status of each activity continues to edge up in 2015. We added a new question on adding cyber insurance as part of their cyber plans and 20% of respondents reported purchasing such a policy.

We again asked CIOs to update us on the most significant barriers they faced in addressing cybersecurity. The top four barriers are as follows and are consistent with responses to the 2013 and 2014 surveys:

• Increasing sophistication of threats

• Lack of adequate funding

• Emerging technologies

• Inadequate availability of security professionals

CIOs commented that cybersecurity remains a hot and visible issue – but investment in security technologies lags behind the political and media attention paid to the issue.

What major barriers does your state face in addressing cybersecurity?

We asked CIOs to characterize the role of the Office of the CIO in the deployment of broadband networks in their states. The question was framed to include all public sector broadband and the approaches being used in the state.

The top two responses reveal that state CIOs are still most active in promoting public-private partnerships to deliver broadband services (69%) and in planning and sourcing public sector networks (78%).

What role(s) does the office of CIO play in the deployment of broadband in the state?

Disaster recovery and business continuity continue to grow into a key service offered by the offices of the state CIOs. We surveyed the CIOs to assess approaches they’re using, the role of the CIO, and components of the response plan.

In their approaches to rolling out disaster recovery and business continuity, states are most commonly using a federated approach – with responsibilities shared between the CIO and agencies. An enterprise approach led by the CIO’s office is the second most common approach (24%).

The CIOs were queried about their role in helping the state respond and recover from a manmade disaster and response data is captured in the figure below. Key responsibilities include coordinating the response to a disaster and maintaining critical infrastructure and communications in the state.

Regarding formal planning for disaster responses, CIOs are well along in developing crisis plans: 44% have plans in place and 33% have plans in progress.

What is the state CIO's role in helping the state repsond and recover from a natural or manmade disaster?

The Internet of Things (IoT) has attracted a great deal of public and media attention and is generating discussion in the state and local government technology space. It’s clear the policy framework is lagging technology adoption. The table below provides an illustration of the state of planning and activity with IoT. No states have adopted policies or developed an IoT roadmap, while roughly 1 in 5 have moved to the formal discussion phase. The majority of states remain in investigations and informal discussion phase. Based on existing and planned deployments of IoT devices in states to support transportation, law enforcement, agriculture, environmental protection and other functions, it is clear state CIOs will need to address the current gaps in IT policy and security to provide more explicit direction.

To what extent is the Internet of Things on your agenda?

Another topic in the headlines is the deployment of unmanned aerial systems (UAS) or “drones.” Following on to a question we first posed in the 2014 survey, we asked CIOs to report on their leadership roles and policy engagement for the use of civilian UAS in state government.

Most CIOs report an unstructured role today – with a willingness to serve when called up – or no role at all. With the projected growth of UAS activities in state government, CIOs will certainly be more involved in the coming years as states deal with issues of data management, privacy and cybersecurity. 

This year’s survey covered a wide variety of topics  –  business models for delivering operational services, approaches for new systems and the personal qualities important to an effective state CIO. Nonetheless, a common theme emerged throughout the survey – the importance of agility and delivering value to the business customer. Emerging trends in IT development and operations, whether agile software development or flexible sourcing models for IT shared services, focus on the business customer and on rapidly delivering value to them in a dynamic and unpredictable environment.

The transition of the state CIO to a broker of services is consistent with this theme. CIOs must be effective relationship managers and communicators, and must use these skills to keep state CIO organization services relevant to their business customers. The state CIO organization must increasingly be seen as the provider of choice if it is to succeed, and the state CIO will lead this evolution.

SURVEY PURPOSE

Grant Thornton LLP, The National Association of State Chief Information Officers (NASCIO) and CompTIA have collaborated for a fifth consecutive year to survey state government IT leaders on current issues, trends and perspectives. The survey sponsors seek to provide these state government IT leaders with an opportunity to voice their thoughts and opinions on matters of high importance. Governors, legislatures and business leaders can benefit from these knowledgeable insights about essential state IT services. The full report is available to download and print here.

METHODOLOGY

In Spring, 2015, the sponsors jointly developed a series of questions reflecting both the new issues of the day as well as follow-up on some of the questions they included in the 2013 and 2014 survey. The questions were presented to state CIOs in an online tool, and between June and August 2015, they individually logged in and addressed the forty-six multiple-choice and open-ended questions. The response rate was excellent with 47 of the NASCIO member states and territories completing the survey. Primary respondents were the state CIOs, although deputy CIOs and other senior state IT leaders contributed. Throughout the survey, we refer to them all as state CIOs. Thirty-four of the respondents also participated in the 2014 survey. However, new perspectives were introduced by 28% of the respondents who are different due to the normal turnover that occurs in state CIO positions. We also conducted in-person interviews with 18 state CIOs and incorporated their ‘advice from the trenches’ along with the quantitative and qualitative responses to the online survey. Click here for a list of states and territories that participated in the survey.

ANONYMITY

This report reflects the responses and opinions of the survey respondents to the maximum extent possible. However, to preserve anonymity we do not attribute responses to specific individuals.