There seems to be a lot of confusion over whether an agency chief information officer must report directly to the head of the agency as required by law.
Since the Clinger-Cohen Act became law in 1996, the “should they or shouldn’t they” debate has been a central part of many IT modernization discussions.
So let’s set the record straight once and for all: Yes, the Clinger-Cohen Act does require the CIO to report directly to the head of the agency.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
To understand this, I turned to Mark Forman, who helped write the bill and is a former administrator for e-government and IT at the Office of Management Budget.
Forman, who is now executive vice president for Dynamic Integrated Services, found the reference in the Paperwork Reduction Act section of the bill, 44 U.S.C. 3506 (a) (2)(a), if you are keeping scoring at home:
“§3506. Federal agency responsibilities
(a)(1) The head of each agency shall be responsible for—
(A) carrying out the agency’s information resources management activities to improve agency productivity, efficiency, and effectiveness; and
(B) complying with the requirements of this subchapter and related policies established by the Director.
(2)(A) Except as provided under subparagraph (B), the head of each agency shall designate a Chief Information Officer who shall report directly to such agency head to carry out the responsibilities of the agency under this subchapter.
(B) The Secretary of the Department of Defense and the Secretary of each military department may each designate Chief Information Officers who shall report directly to such Secretary to carry out the responsibilities of the department under this subchapter. If more than one Chief Information Officer is designated, the respective duties of the Chief Information Officers shall be clearly delineated.
(3) The Chief Information Officer designated under paragraph (2) shall head an office responsible for ensuring agency compliance with and prompt, efficient, and effective implementation of the information policies and information resources management responsibilities established under this subchapter, including the reduction of information collection burdens on the public. The Chief Information Officer and employees of such office shall be selected with special attention to the professional qualifications required to administer the functions described under this subchapter.”
Forman admitted that it’s a little hard to understand the way Congress wrote the final version. But when you read the above language, there shouldn’t be any doubt.
Yet, 21 years later despite the requirement being in black and white, despite several executive orders and policies from the Office of Management and Budget, the debate lingers.
The latest example comes from the Labor Department. The Labor inspector general and the department’s associate deputy secretary Nikki McKinney had a fascinating back and forth about the reporting structure of the agency’s CIO.
The IG found Labor’s IT governance structural “does not appropriately align authority and responsibility,” and is “ambiguous, ad hoc and reliant on personnel to fulfill their duties without codified policies or procedures.”
At the heart of the IG’s report is the fact the CIO doesn’t report directly to the secretary or deputy secretary and instead to the assistant secretary for administration and management (ASAM).
“We found DoL’s organizational structure limited the CIO’s ability to execute IT governance, resulted in infrequent contact with the most senior level leadership and left the ASAM to represent IT issues and concerns for several DoL governing boards instead of the CIO,” the report states.
Sounds pretty damning for Labor, right? CIO not reporting to the agency senior leaders is a recipe for IT disaster stew.
Until you read McKinney’s response and dig deeper into the situation where the debate takes an unexpected turn.
First, McKinney points out the flaws in the IG’s report, specifically how the auditors focused on process instead of outcomes. She said the IG has an lack of understanding about how Labor’s leadership functions where one-on-one meetings don’t result in major changes.
“Goals and outcomes are achieved by marshalling the organization’s component parts to achieve success,” McKinney wrote. “One might imagine, in the auditor’s view, the CIO is both the quarterback and the receiver, throwing the ball and then catching it. Instead, the department’s career CIO is empowered by DoL leadership, including the ASAM, to implement the vision of the CIO.”
It’s rare to see such an aggressive response to an IG report.
Former and current federal officials familiar with how the Labor Department is set up said the issue the IG highlighted has been a sticking point between auditors and the leadership for decades.
“I think at Labor, the current model has been working well. There is value to moving the CIO to report directly to the secretary, but there are also cons like running to the secretary for every day blocking and tackling. The model is rarely good or bad, it’s really about execution. And the current execution is working well,” said a government official with knowledge of Labor’s CIO office, who requested anonymity because they didn’t get permission to speak to the press. “If the CIO reports to the secretary then it could also become a political position and secretary brings in their own CIO and then you get temporary ones who may not have as much success in longer term enterprise reform of IT that is so needed in all of these departments.”
Current and former officials said if the current model isn’t broken, then why fix it?
One former Labor Department official, who requested anonymity in order to talk about the inner workings of the agency, said the leadership believes the current model meets the spirit and intent of the Clinger-Cohen Act, the Federal IT Acquisition Reform Act (FITARA) and all the executive orders and policies different administration’s issued over the last 20 years.
“The CIO does have direct access to [the] secretary and deputy secretary whenever he feels the need to talk to them, and they both have reached out directly to [Labor CIO] Gundeep [Ahluwalia] to ask a question or ask for something to be fixed. Gundeep can walk directly into the secretary’s office or call directly,” said a former Labor Department senior executive. “The bottom line is the CIO has the authority when he needs it. I think what the IG misses is the CIO is the IT expert not the secretary or deputy secretary or the assistant secretary for administration and management. When Labor’s leadership is looking to the CIO for input, direction, advice and recommendations, we aren’t telling him what to do, he’s telling us and other leaders what we need to know.”
A former deputy secretary at a cabinet agency with knowledge of Labor said there is no barrier to communication between the CIO and senior leaders but when managing a large department, it doesn’t always make sense to go to the secretary or deputy secretary for every issue.
The former deputy secretary pointed out that no CIO talks to the secretary every day. These departments are too big, too complicated for that kind of constant interaction not just for the CIO, but for any of the senior leaders.
The former and current officials said it’s about effectiveness rather than dots or straight lines on an org chart.
The sources said Ahluwalia is at every budget formulation meeting, not just for technology projects. He’s at every IT acquisition board meeting and included in almost every strategic conversation across the mission and program areas.
The fact that budget, human resources, acquisition and department administration all fall under the ASAM means that the CIO is in the meetings and has a connection to all the areas that make the department function, the former officials say.
In the end, Forman and other former Federal CIOs said that is what Clinger-Cohen aimed for— having an effective CIO that transforms the agency’s mission.
“From my perspective when I was at OMB, the key to success became the requirement for the agency head to promulgate guidance on the CIO role and authorities for that agency,” Forman said. “It is important to understand the governance model at the time [of the Clinger-Cohen Act] was to hold the secretary/agency head accountable with the support of the CIO. There are few if any hearings today where the secretary/agency head are actually called to task for not properly using the CIO and too many where the CIO is called to testify about their lack of authority, which doesn’t help the situation because it avoids the accountability by a secretary/agency head that doesn’t use the CIO role for the purposes outlined in the Clinger-Cohen Act.”
Suzette Kent, the former federal CIO during the Trump administration, said the laws and policies aimed to ensure there was a clear direction of accountability for execution.
“Today, the direct connection between agency leadership and its CIO is even more critical given the highly digital environment for both workforce and mission activities, resiliency demands and increased security requirements. Direct CIO access structure drives the most effective, timely actions. Less direct interaction structures can dilute the urgency and clarity of communications,” Kent said. “The quality of the outcomes become more dependent on the interpretations of people participating. I have observed teams achieving effective outcomes in less direct reporting structures, but I attribute that to the individuals’ skills and willingness to work in a collaborative nature. Recent times have demanded urgent decisions between agency heads and CIOs and strong pre-existing working relationships were important to those outcomes.”
Maybe it’s time to revisit the true role of the CIO? Few doubt the importance of reporting structures, but maybe a better measure of a CIO’s impact is how the agency transforms. Labor, with its current reporting structure, seems to be doing quite well despite its decision to not exactly meet the Clinger-Cohen Act. We’ve seen CIOs who report directly to the agency head struggle to make a difference. The discussion should center more on the type of person in the role rather who they report to.