Agency CIO Roles Could Benefit from Adopting Private Sector Best Practices, according to GAO

GAO’s report entitled Chief Information Officers: Private Sector Practices Can Inform Government Roles found that most CIOs in the private sector reported “having responsibilities that align with those of agency CIOs in nearly all key IT management areas.” However, GAO found that responsibilities of the Federal CIO are more limited than their private sector counterparts because the Federal CIO position is not established in law.

GAO conducted this study as an element of improving federal IT management. GAO looked at the alignment of federal agency CIO responsibilities with those of CIOs in the private sector, as well as how private sector CIO experiences might be applied to agency CIO domains. GAO also compared responsibilities of the Federal CIO with those of agency and private sector CIOs, and it examined the tenure and qualifications of private sector CIOs.

To conduct its research, GAO polled 488 private sector CIOs regarding their responsibilities, experience, and qualifications, and received 71 completed responses. GAO compared these results with agency CIO and the Federal CIO responsibilities that it identified through legislation and OMB guidance. Additionally, GAO convened two expert panels consisting of private sector CIOs and former federal agency CIOs to discuss their experiences, qualifications, tenure, reporting relationships, and challenges.

GAO found that a majority of the 71 private sector CIOs surveyed reported having responsibilities that aligned with those of agency CIOs in 13 of the 14 key IT management areas listed below:

• IT leadership and accountability
• IT strategic planning
• IT workforce
• IT budgeting
• IT capital planning and investment management
• Information security
• E-commerce/E-business
• Enterprise architecture
• Systems acquisition, development, and integration
• Information collection
• Records management
• Information dissemination and disclosure
• Privacy
• Statistical policy

The area with the least overlap with agency CIOs was that of statistical policy.

All 71 respondents reported responsibility for seven of the 14 IT management areas. Sixty-eight CIOs, more than 95%, reported responsibility for the area of information security; and between 80% and 90% of respondents reported responsibility for five areas: privacy, information collection, records management, e-commerce/e-business, and information dissemination.

Private sector CIOs also reported sharing responsibility with other executives in the organization in each IT management area. The number of IT management areas of shared responsibility differed among respondents but at least 30% of respondents reported that they shared responsibility with other executives for 11 of the areas. Respondents reported shared responsibility most widely for records management, information dissemination, and information collection.

In GAOs expert panel discussions, private sector CIOs noted that the concept of shared accountability was a key part of their business culture, rather than shared responsibility. They also emphasized the use of cross-functional teams working together to drive business outcomes, such as increasing revenue and customer satisfaction. “In addition, private sector CIO panelists stated that a critical factor for a CIO’s success is an ability to bridge gaps between the technical and business parts of the company and promote two-way information exchange.”

On the topic of tenure and qualifications, GAO found private sector CIOs were highly educated and experienced, with most reporting previous IT-related experience, previous CIO experience, industry knowledge, and a college degree. However, a majority of respondents stated that their degree was not IT-related. Average reported tenure in their current CIO role was about 6 years.

Under the role of Federal CIO, GAO found overlap of 10 of the 14 IT management areas with those of agency CIOs. When compared to private sector CIO roles and responsibilities, GAO found five areas of direct overlap. But because the Federal CIO role is not established in law, its responsibilities are often more limited than its private sector counterparts.

GAO made three recommendations as a result of its analysis:

• Congress should establish the Federal CIO position in law and establish responsibilities and authorities for government-wide IT management. GAO believes that doing so will strengthen the position's impact over federal IT and its consistency across administrations.
• OMB should direct the Federal CIO to increase emphasis on shared collaboration between agency CIOs and other senior executives to accomplish agency-wide and government-wide goals.
• OMB should direct the Federal CIO to take steps to ensure that managerial skills, such as communication and program management skills, have an appropriate role in the hiring criteria for agency CIOs.