Survey shows CIOs losing seat at the table
ITAA's 18th annual CIO Survey finds more chief information officers are not reporting to the agency's head.
Agency chief information officers may be losing their place in the boardroom. A new survey of 46 agency senior technology managers from 30 federal organizations found a sharp increase in the number who said they report to the chief financial officer instead of the head of their agency. The 18th annual CIO Survey from the Information Technology Association of America found that the number of CIOs who say they report to CFOs increased to 23 percent, compared to fewer than 10 percent the past two years. “I’m not sure if know the reason but this trend is similar to industry,” said Paul Wohlleben, chairman of the ITAA task group that conducted the survey and a partner at Grant Thornton. “I think CFOs are in a stronger position than the average CIO. They deal with the money and have more access to the secretary.” Wohlleben also pointed out that because most, if not every, CFO is a political appointee so they carry more weight than career CIOs. Since the Clinger-Cohen Act became law in 1997, many CIOs slowly have climbed out of the backroom to become key decision-makers and visionaries. This move coincided with the Office of Management and Budget's focus on capital planning and investment control, enterprise architecture and other program management issues. But the survey showed that those gains now are eroding.Ed Meagher, deputy CIO at the Interior Department, said this trend of CIOs losing direct access to agency secretaries is growing. “We are moving away from being treated as adult CIOs instead of being looked at as the guy who fixes the box,” he said during a panel discussion about the survey sponsored by ITAA and the Potomac Forum in Washington. “CIOs need to be there every day to show the value we are adding.” Wohlleben said CIOs’ role is more important than who they report to. “CIOs that are effective understand how to talk to senior executives to help them understand why technology is good for them and the agency’s mission,” he said. “Not enough CIOs can do that well.” Meagher said one of the reasons agencies still have trouble with governance issues is this changing role. The survey found that governance issues remain because of lack of senior managers’ involvement, component agencies’ unwillingness to give up control of IT and conflicting agendas with other senior-level priorities. “CIO said their processes still are immature,” Wohlleben said. “While IT road maps help capture senior-level agreement, CIOs need help rolling the governance down to mid-level employees.” The survey also found that OMB's push for more governance has been helpful for all agencies in improving these functions. Meagher said that when CIOs lose their standing in the organization, their effectiveness on these governance issues diminishes. Simon Szykman, the National Institute of Standards and Technology’s CIO, said authority is the key for a CIO to be successful. Overall, the survey found few other changes in priorities and concerns from previous assessments. CIOs said cybersecurity remains their top priority, followed by standardization and consolidation and the IT workforce. Wohlleben said he was surprised by the number of CIOs who said funding and resources were a major challenge. He said in previous surveys many “whined” about funding, but the continuing resolutions and the omnibus spending bills are having a cumulative affect on agency programs. Respondents said OMB’s new initiatives such as the move to IPv6, implementing Homeland Security Presidential Directive 12 and reducing the number of Internet Gateways under the Trusted Internet Connections program have further stretched already lean budgets. Casey Coleman, the General Services Administration’s CIO, said her agency has made significant progress in moving toward more of an operational security outlook from a compliance process. “The balance that we need to have is between security and productivity,” Coleman said. Meagher said cybersecurity hasn’t progressed enough and more attention must be paid to centralizing control over IT security. “We need to respond so quickly that we don’t have time to talk about what we should do,” he said. “We need command-and-control capabilities in every department and the authority and funding to make it happen.”