GAO Finds Issues With FITARA Guidance, Asks OMB To Clarify CIO Roles

In a report released Thursday, the Government Accountability Office (GAO) found that no Federal agency has created policies that fully address the CIO’s role within Federal laws and guidelines, due to gaps in guidance, funding and authority.

In line with that finding, GAO called on OMB to clarify the CIO’s role in budgeting decisions and the management of processes related to IT, define the CIO’s authority over IT spending, and provide new guidance for issues not included in existing guidance.

In its response to GAO, OMB agreed to the first two recommendations, but said it believes existing guidance already covers some of GAO’s recommendations, especially on information security policies.

In addition, GAO made recommendations to each of the 24 CFO Act Federal agencies to revise their policies to fully address the CIO’s role in several key areas – and most of the agencies agreed with those recommendations.

CIOs Not Empowered in Key IT Areas

GAO reviewed Federal laws and guidelines, the policies of the 24 CFO Act agencies, a survey of CIOs, and interviews with agency officials in an effort to determine how Federal agencies have addressed the role of the CIO and the challenges that CIOs face in accomplishing their goals.

GAO highlighted six ‘key areas’ where the CIO’s role must be defined: IT leadership and accountability, IT budgeting, information security, IT investment management, IT strategic planning, and the IT workforce.

Their review revealed that most agencies’ policies did not delegate these key areas to CIOs, although interviews with agency officials revealed that CIOs are still involved in those key areas at most agencies, even when not required to be by policy.

Agency CIOs also reported obstacles to implementing their duties in these key areas, especially in the areas of the IT workforce and IT strategic planning. Only 4 out of 24 CIOs reported “very effective” implementation of their responsibilities in IT workforce issues, and only 5 reported “very effective” implementation in IT strategic planning.

CIOs Frustrated by Staffing, Financial Resources, Short Tenures

Surveying agency CIOs revealed that the common challenges of hiring IT personnel and a lack of financial resources as the biggest obstacles to effectively managing IT operations. At least half of CIOs identified each of these areas as a major challenging factor. GAO noted that these issues have long been top challenges, as they were identified in previous surveys from 2016, 2011, and 2004.

Hiring ranked as the top challenge, with all but one CIO describing it as challenging. Those officials pointed to slow processes, uncompetitive salaries, and lack of involvement in interviews.

“Further compounding this issue is the lack of consistent leadership in the CIO position,” GAO said. The agency highlighted a previous recommendation that CIOs stay in office 3 to 5 years to be effective, but noted that the median tenure for permanent agency CIOs between 2012 and 2017 only reached 32 months.

Unclear FITARA Guidance from OMB

GAO found that gaps in the Office of Management and Budget’s (OMB) FITARA guidance were partially responsible for the lack of effective agency policies. “OMB’s guidance does not fully address the three commonly identified CIO challenges in our survey,” the report notes.

GAO called out OMB’s guidance in other areas as well.

“The guidance does not comprehensively address all CIO responsibilities, such as those relating to assessing the extent to which personnel meet IT management knowledge and skill requirements and ensuring that personnel are held accountable for complying with the information security program,” the report says. “Correspondingly, the majority of the agencies’ policies did not fully address nearly all of the responsibilities not included in OMB guidance.”

GAO also noted that guidance for “IT planning, programming and budgeting decisions” and “execution decisions and the management, governance, and oversight processes related to IT” did not ensure that CIOs have a significant role in those areas.

The significance of OMB’s guidance is not lost on agency CIOs, as most of them pointed to OMB guidance as a major enabler in their management of IT. During interviews, CIOs said that FITARA guidance helped them gain a significant role in IT budgeting, keeping the agency aligned with the administration’s priorities and providing a framework for managing cybersecurity.

Recent