[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]



 
  WHERE'S THE CIO? THE ROLE, RESPONSIBILITY AND CHALLENGE FOR FEDERAL 
 CHIEF INFORMATION OFFICERS IN IT INVESTMENT OVERSIGHT AND INFORMATION 
                               MANAGEMENT

=======================================================================

                                HEARING

                               before the

                SUBCOMMITTEE ON TECHNOLOGY, INFORMATION
                POLICY, INTERGOVERNMENTAL RELATIONS AND
                               THE CENSUS

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 21, 2004

                               __________

                           Serial No. 108-260

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform







                 U.S. GOVERNMENT PRINTING OFFICE

98-209                  WASHINGTON : 2005
_________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866)512-1800; 
DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, 
Washington, DC 20402-0001




                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana                  HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut       TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana              CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California                 DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky                  DANNY K. DAVIS, Illinois
JO ANN DAVIS, Virginia               JOHN F. TIERNEY, Massachusetts
TODD RUSSELL PLATTS, Pennsylvania    WM. LACY CLAY, Missouri
CHRIS CANNON, Utah                   DIANE E. WATSON, California
ADAM H. PUTNAM, Florida              STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia          CHRIS VAN HOLLEN, Maryland
JOHN J. DUNCAN, Jr., Tennessee       LINDA T. SANCHEZ, California
NATHAN DEAL, Georgia                 C.A. ``DUTCH'' RUPPERSBERGER, 
CANDICE S. MILLER, Michigan              Maryland
TIM MURPHY, Pennsylvania             ELEANOR HOLMES NORTON, District of 
MICHAEL R. TURNER, Ohio                  Columbia
JOHN R. CARTER, Texas                JIM COOPER, Tennessee
MARSHA BLACKBURN, Tennessee          BETTY McCOLLUM, Minnesota
PATRICK J. TIBERI, Ohio                          ------
KATHERINE HARRIS, Florida            BERNARD SANDERS, Vermont 
                                         (Independent)

                    Melissa Wojciak, Staff Director
       David Marin, Deputy Staff Director/Communications Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
          Phil Barnett, Minority Chief of Staff/Chief Counsel

   Subcommittee on Technology, Information Policy, Intergovernmental 
                        Relations and the Census

                   ADAM H. PUTNAM, Florida, Chairman
CANDICE S. MILLER, Michigan          WM. LACY CLAY, Missouri
DOUG OSE, California                 STEPHEN F. LYNCH, Massachusetts
TIM MURPHY, Pennsylvania             BETTY McCOLLUM, Minnesota
MICHAEL R. TURNER, Ohio

                               Ex Officio

TOM DAVIS, Virginia                  HENRY A. WAXMAN, California
                        Bob Dix, Staff Director
          Dan Daily, Professional Staff Member/Deputy Counsel
                         Juliana French, Clerk
            Adam Bordes, Minority Professional Staff Member




                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on July 21, 2004....................................     1
Statement of:
    Brubaker, Paul, executive vice president and chief marketing 
      officer, IS International; James Flyzik, partner, Guerra, 
      Kiviat, Flyzik & Associates; and Debra Stouffer, vice 
      president of strategic consulting services, Digitalnet.....    49
    Johnson, Clay, III, Deputy Director for Management, Office of 
      Management and Budget; Karen Evans, Administrator, Office 
      of E-Government and Information Technology, Office of 
      Management and Budget; and David Powner, Director, 
      Information Technology Management Issues, U.S. Government 
      Accountability Office......................................     8
    Nelson, Kimberly, Assistant Administrator of Environmental 
      Information and Chief Information Officer, Environmental 
      Protection Agency; Steven Cooper, Chief Information 
      Officer, Department of Homeland Security; Vance Hitch, 
      Deputy Assistant Attorney General, Information Resources 
      Management and Chief Information Officer, U.S. Department 
      of Justice; and Ira Hobbs, Deputy Assistant Secretary for 
      Information Systems and Chief Information Officer, 
      Department of the Treasury.................................    77
Letters, statements, etc., submitted for the record by:
    Brubaker, Paul, executive vice president and chief marketing 
      officer, IS International, prepared statement of...........    51
    Clay, Hon. Wm. Lacy, a Representative in Congress from the 
      State of Missouri, prepared statement of...................     6
    Cooper, Steven, Chief Information Officer, Department of 
      Homeland Security, prepared statement of...................    90
    Evans, Karen, Administrator, Office of E-Government and 
      Information Technology, Office of Management and Budget, 
      prepared statement of......................................    14
    Flyzik, James, partner, Guerra, Kiviat, Flyzik & Associates, 
      prepared statement of......................................    62
    Hitch, Vance, Deputy Assistant Attorney General, Information 
      Resources Management and Chief Information Officer, U.S. 
      Department of Justice, prepared statement of...............    97
    Hobbs, Ira, Deputy Assistant Secretary for Information 
      Systems and Chief Information Officer, Department of the 
      Treasury, prepared statement of............................   104
    Johnson, Clay, III, Deputy Director for Management, Office of 
      Management and Budget, prepared statement of...............    10
    Nelson, Kimberly, Assistant Administrator of Environmental 
      Information and Chief Information Officer, Environmental 
      Protection Agency, prepared statement of...................    80
    Powner, David, Director, Information Technology Management 
      Issues, U.S. Government Accountability Office, prepared 
      statement of...............................................    24
    Putnam, Hon. Adam H., a Representative in Congress from the 
      State of Florida, prepared statement of....................     3
    Stouffer, Debra, vice president of strategic consulting 
      services, Digitalnet, prepared statement of................    67


  WHERE'S THE CIO? THE ROLE, RESPONSIBILITY AND CHALLENGE FOR FEDERAL 
 CHIEF INFORMATION OFFICERS IN IT INVESTMENT OVERSIGHT AND INFORMATION 
                               MANAGEMENT

                              ----------                              


                        WEDNESDAY, JULY 21, 2004

                  House of Representatives,
   Subcommittee on Technology, Information Policy, 
        Intergovernmental Relations and the Census,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:40 p.m., in 
room 2154, Rayburn House Office Building, Hon. Adam Putnam 
(chairman of the subcommittee) presiding.
    Present: Representatives Putnam, Miller, Murphy, Ose, 
Turner, Clay, and Lynch.
    Staff present: John Hambel, senior counsel; Dan Daly and 
Shannon Weinberg, professional staff members/deputy counsels; 
Juliana French, clerk; Felipe Colon, fellow; Jamie Harper, 
legislative assistant; Colin Samples and Sean Hardgrove, 
interns; Adam Bordes, minority professional staff member; and 
Jean Gosa, minority assistant clerk.
    Mr. Putnam. A quorum being present, this hearing of the 
Subcommittee on Technology, Information Policy, 
Intergovernmental Relations and the Census will come to order. 
Good afternoon and welcome to the subcommittee's hearing on 
``The Role, Responsibility and Challenge for Federal Chief 
Information Officers and IT Investment Oversight and 
Information Management.''
    In 1996, Congress passed the landmark Clinger-Cohen Act, 
bringing fundamental changes to the way the Federal Government 
manages information technology. One of the most important parts 
of the act was the establishment of the Chief Information 
Officer as the position that leads agency efforts to manage IT.
    Now, 8 years after the passage of Clinger-Cohen, we must 
ask: Where is the CIO? Who do they report to? What authority do 
they have? And why is the turnover for the position so high?
    As many know, this subcommittee releases a report card on 
each agency's implementation of the Federal Information 
Security Management Act. On the last report card, the average 
grade was a D. Additionally, the scores for implementing e-
government under the President's management agenda, although 
improving, are not terribly encouraging.
    The subcommittee has held several hearings throughout this 
Congress examining the CIO's responsibilities, including 
managing IT investment, developing agency-wide enterprise 
architectures, and implementing sound information security 
practices. Throughout these hearings, I have learned that CIOs 
in the Federal Government are facing significant uphill 
challenges in meeting their responsibilities.
    To better understand these problems, I asked the Government 
Accountability Office to examine the role of the CIO in Federal 
agencies. As we will hear today, some of the findings, and the 
questions they raise, are intriguing. For example:
    The average tenure for a Federal CIO is only 23 months, yet 
experts say that a CIO needs 3 to 5 years on the job to be 
effective. CIOs often do not have control over all IT 
investment in an agency.
    Major bureaus may buy IT systems without going through the 
CIO, making capital planning and effective IT management all 
the more difficult.
    CIOs juggle many responsibilities and often face internal 
push back as they try to institute reforms at their agencies.
    CIOs have 13 major areas of responsibilities, from IT 
investment management to e-government to privacy. And with time 
and new laws, the role is sure to expand.
    Finally, Clinger-Cohen requires that CIOs at the largest 
department and agencies report directly to the agency head, but 
this is not always the case.
    In an increasingly networked world, the Government has 
become more dependent on information technology to deliver its 
services. Federal agencies cannot operate efficiently without 
solid leadership from a CIO that is supported by the top 
officials in the agency.
    I look forward to hearing from our panels of experts on 
this topic, including the administration's leadership in 
information technology, as well as former and current CIOs, to 
see what this subcommittee and this Congress can do to improve 
the situation.
    I welcome all the witnesses.
    [The prepared statement of Hon. Adam H. Putnam follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.001
    
    [GRAPHIC] [TIFF OMITTED] 98209.002
    
    Mr. Putnam. As is the case with all of our hearings, it is 
being Webcast and can be viewed by going to reform.house.gov 
and clicking on multimedia.
    I would like to recognize the distinguished Member from 
Missouri, the gentleman, Mr. Clay, for any opening remarks that 
he may wish to have.
    Thank you.
    Mr. Clay. Thank you, Mr. Chairman, and I thank the 
witnesses for taking their time to be with us today.
    I consider today's hearing an opportunity to extend the 
dialog our subcommittee established in March, when several of 
today's witnesses testified about the strengths and weaknesses 
of IT oversight within the CIO community. Since the Federal 
Government will spend approximately $60 billion on IT in fiscal 
year 2004, we must strive to utilize the best practices for 
implementation and oversight of our Government's investments.
    According to GAO's testimony, the CIO community is facing 
challenges due to limited resources, a strained IT work force, 
and the inconsistent delegation of IT management duties among 
non-CIO personnel. Further, the lack of tenure among CIOs is 
hindering agencies from achieving their long-term IT management 
goals and objectives. Such factors tell us why agencies rarely 
meet their full potential with regard to strategic planning, IT 
investment management, and work force training and development.
    At the heart of the matter are two issues. First, with an 
average CIO tenure of 23 months, we must promote mechanisms to 
ensure that long-term strategic planning and implementation 
does not cease due to limited tenures among those who serve. 
Second, I believe we ought to examine the issue of statutorily 
authorized CIO responsibilities that are being delegated to 
non-CIO personnel. Perhaps these problems stem from the lack of 
tenure among CIOs, human capital deficiencies, or inadequate 
agency planning. Nevertheless, it is our responsibility to 
identify the root cause of these problems and seek out 
appropriate remedies.
    Thank you, Mr. Chairman, and I ask unanimous consent that 
the full text of my remarks be included in the record.
    Mr. Putnam. Without objection.
    [The prepared statement of Hon. Wm. Lacy Clay follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.003
    
    [GRAPHIC] [TIFF OMITTED] 98209.004
    
    Mr. Putnam. With that, I would ask the first panel and 
anyone accompanying you who will be answering your questions to 
please rise for the administration of the oath.
    [Witnesses sworn.]
    Mr. Putnam. Note for the record that all the witnesses 
responded in the affirmative, and we will move directly into 
testimony.
    Our first witness is Mr. Clay Johnson. We are very 
appreciative of the time that he has made to be before this 
subcommittee. Mr. Johnson is Deputy Director for Management at 
the Office of Management and Budget, where he provides 
governmentwide leadership to executive branch agencies to 
improve agency and program performance. Before that he was 
Assistant to the President for Personnel, responsible for the 
organization that identifies and recruits 4,000 Government 
officials. He received his undergraduate degree from Yale and a 
master's from MIT's Sloane School of Management.
    Welcome to the subcommittee, and we look forward to your 
testimony. You are recognized.

STATEMENTS OF CLAY JOHNSON III, DEPUTY DIRECTOR FOR MANAGEMENT, 
 OFFICE OF MANAGEMENT AND BUDGET; KAREN EVANS, ADMINISTRATOR, 
 OFFICE OF E-GOVERNMENT AND INFORMATION TECHNOLOGY, OFFICE OF 
MANAGEMENT AND BUDGET; AND DAVID POWNER, DIRECTOR, INFORMATION 
 TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Johnson. Mr. Chairman, Ranking Member Clay, thank you 
for having me here today. I bet that I am going to refer you to 
Karen Evans for a lot of your questions, but let me give you my 
general comments and a general view of IT and e-government in 
the CIO world.
    As you mentioned, Ranking Member Clay, we spend almost $60 
billion a year on IT, more than anybody else in the world. We 
ought to be nearly the best at it, and we are not, and we share 
that goal. We need to figure out what we need to do to make 
sure that we are the best at IT since this is a goal we share.
    Something that the Federal Government does a lot of is 
sending information to people and receiving information from 
people; we send them money, they send us money. A lot of 
information and money changes hands. We take large amounts of 
information and we try to make sense of it for intelligence 
purposes; we take a lot of information and put it in the hands 
of Federal managers so that they can manage programs and costs 
more effectively. We move a lot of information around, and it 
costs us $60 billion a year to do that.
    The CIO is the person in the agency who is responsible for 
making sure that money is being spent most intelligently, and 
that the IT operations are producing the functionality that we 
intended when you all authorized and appropriated the money 
consequently, the CIO is extremely important.
    Relative to a couple of questions that have been asked and 
suggested here, I personally do not believe that the CIO needs 
to report to the Secretary of the department. The CIO needs to 
work for somebody who can help him or her be successful, and 
that is typically not the Secretary. The CIO is plenty 
important in an organization without having to report to the 
Secretary. I think the CIO ought to report to the senior 
management person in an organization. At Homeland Security, for 
instance, that is Under Secretary for Management, Janet Hale, 
who works most closely with Jim Loy. In a lot of agencies, it 
is the Deputy Secretary. To me, working for the Secretary is 
not the issue; it is working with somebody who is most involved 
in how the department is managed.
    And I think in terms of the primary responsibility that a 
CIO has, that the CIO in an organization does a whole lot. I 
think the CIO's primary responsibility is to make sure that it 
is very, very, very clear what a new IT project or an old IT 
project is supposed to accomplish and what the desired 
functionality is. Usually, is the bigger the project, the more 
disastrous it is or the more telling it is. Oftentimes, we will 
get in the middle of the development of new IT projects, and it 
is not clear what it is we are trying to accomplish, and then 
the problems begin. And the CIO, in my mind, is the regulator, 
the person at the agency that can assure that does not happen. 
Additionally, the CIO ensures that the program managers cannot 
spend IT funds unless the disciplines are in place, and it is 
really clear what we are supposed to be accomplishing, at what 
cost, for whom, and by when. And that is the primary role, in 
my opinion, from a 20,000 foot view, for a CIO. There are other 
responsibilities as well, but I think our discussion here 
should be what does the CIO need to have to make sure he or she 
can perform that role most effectively.
    [The prepared statement of Mr. Johnson follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.005
    
    [GRAPHIC] [TIFF OMITTED] 98209.006
    
    Mr. Putnam. Thank you, Mr. Johnson.
    Our next witness, our most frequent witness, is Ms. Karen 
Evans. Ms. Evans was appointed by President Bush to be the 
Administrator of the Office of Electronic Government and 
Information Technology at the Office of Management and Budget. 
Ms. Evans is a 20-year veteran of the Federal Government. 
Before joining OMB, she was Chief Information Officer at the 
Department of Energy and served as vice chairman of the CIO 
Council. Previously, she served at the Department of Justice as 
Assistant and Division Director for Information System 
Management.
    Welcome again. You are recognized.
    Ms. Evans. Good afternoon, Mr. Chairman and Ranking Member 
Clay. Thank you for inviting me to speak about the critical 
role that chief information officers play in driving increased 
agency performance, achieving results, and serving our 
citizens.
    In fiscal year 2005, the Federal Government will spend $60 
billion on information technology. This afternoon I will 
outline the vision, strategy, and tools the Office of 
Management and Budget and the Federal CIO Council have 
developed to enable CIOs to be more successful.
    Eight years ago Congress passed the Clinger-Cohen Act, 
creating the position of CIO and elevating them to senior 
management rank. Throughout the last 8 years, but especially 
under the focused attention of the President's management 
agenda and as a result of the E-Government Act of 2002, CIOs 
have taken on new and expansive responsibilities.
    To be most effective, the CIO should work most with and be 
responsible to the department's top management person, which in 
most cases, as previously stated, is the deputy secretary. 
Without a high performing and capable CIO, an agency will not 
be able to fully achieve the goals of the President, Congress, 
and the American people.
    As for my role, the OMB's Office of E-Government and 
Information Technology is statutorily responsible for managing 
Federal Government information technology and policy.
    Throughout the past few years, we have implemented a series 
of tools to support Federal CIOs.
    First, we are empowering CIOs to drive business and 
technology change through the President's management agenda 
scorecard. Supported by their secretary and deputy secretary, 
agency CIOs use the scorecard to manage agency performance.
    Second, we are driving accountability and responsibility to 
agency bureaus and program offices by requiring agencies to 
score and remediate their exhibit 300 IT business cases before 
submission to OMB. Also, we are requiring a closer alignment 
between the 300's and the Program Assessment Rating Tool, or 
the PART, to assist the CIO in ensuring that IT investments 
enhance and compliment the overall objective of a particular 
program.
    Third, we are positioning CIOs to play a key part in the 
long-term success of their agency through our investment in 
enterprise architecture. Developing their enterprise 
architecture, CIOs identify IT investments and develop a 
blueprint for the future, including detailed transition plans. 
Enterprise architecture, supported by budget and related data, 
is bringing greater rigor and stronger decisionmaking to 
information resource management.
    Fourth, we are enabling CIOs to provide leadership for IT 
investment performance by setting cost, schedule and 
performance requirements. Agencies are required to use the same 
standard used in industry. This will result in tighter 
management and increased investment responsibility by the 
immediate IT project manager and CIO.
    Fifth, we are providing CIOs with the ability to realize 
considerable cost savings for their agencies through 
acquisition activities such as the SmartBuy program. This 
allows dollars to be invested in providing better services and 
stronger results for core mission responsibilities.
    In addition to OMB, the Federal CIO Council plays a 
critical role in supporting CIOs in fulfilling their obligation 
to serve their fellow Americans, identify new governmentwide 
solutions, and ensure their agency strategic goals are 
achieved. The Council is successful because it exemplifies a 
critical e-government principle: encouraging cooperation and 
sharing of ideas and resources.
    The Council is led by OMB Deputy Director for Management, 
directed by myself, and vice-chaired by Dan Matthews, the CIO 
at the Department of Transportation. The Council membership 
consists of agency CIOs who chair committees focused on 
critical issues before the Federal IT community. In 
consultation with OMB, these committees are developing the 
tools to assist their fellow CIOs and agency IT employees, 
including the CIO strategic plan and the most recent 
recommendations on IT work force project management 
qualifications.
    While the necessary tools are in place, the road ahead for 
Federal CIOs is not without its challenges. To realize the 
vision of the President's management agenda and the E-
Government Act of 2002, CIOs must provide leadership to achieve 
their e-government migration milestones. In this, cross-agency 
collaboration is critical, both within an agency and across 
agencies. We need to continue to work in partnership with 
Congress, industry, and State and local governments.
    In conclusion, the administration will continue to work 
with agency heads, CIOs, and the CIO Council to empower CIOs to 
achieve results and transform our Federal Government into a 
more citizen service organization.
    We look forward to continued work with the committee on 
this matter, and I would be pleased to take questions at the 
appropriate time.
    [The prepared statement of Ms. Evans follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.007
    
    [GRAPHIC] [TIFF OMITTED] 98209.008
    
    [GRAPHIC] [TIFF OMITTED] 98209.009
    
    [GRAPHIC] [TIFF OMITTED] 98209.010
    
    [GRAPHIC] [TIFF OMITTED] 98209.011
    
    [GRAPHIC] [TIFF OMITTED] 98209.012
    
    [GRAPHIC] [TIFF OMITTED] 98209.013
    
    [GRAPHIC] [TIFF OMITTED] 98209.014
    
    Mr. Putnam. Thank you, Ms. Evans.
    Our third witness for this panel is David Powner. Dave 
Powner is responsible for a large segment of GAO's information 
technology work, including systems development and IT 
investment management reviews. He has over 15 years of public 
and private information technology-related experience. In the 
private sector, he had several positions with Quest 
Communications, including director of internal audits, 
responsible for information technology and financial audits, 
and director of information technology, responsible for Quest 
digital subscriber lines software development efforts.
    He has an undergraduate degree from the University of 
Denver and a graduate's degree from Harvard.
    Welcome to the subcommittee. You are recognized for 5 
minutes.
    Mr. Powner. Thank you, Mr. Chairman, Ranking Member Clay. 
We appreciate the opportunity to testify on the report we are 
releasing today on Federal CIOs. We have long been proponents 
of having strong agency CIOs to lead technology solutions that 
improve program performance.
    Eight years ago the Clinger-Cohen Act first required agency 
heads to designate CIOs. Effective CIOs can make significant 
differences in building the capabilities needed to implement 
improvements in the management of the billions spent annually 
on IT.
    This afternoon I will discuss CIO responsibilities and 
reporting relationships, tenure, and major challenges. I will 
also discuss actions to address our findings.
    First, CIO responsibilities and reporting relationships. As 
this chart to your left, Mr. Chairman, illustrates, the 27 
major departments and agency CIOs are generally responsible for 
most of the 13 key areas required by statute on critical to 
effective information and technology management. Not 
surprising, all 27 CIOs reported that they are responsible for 
areas such as capital planning and investment management, 
enterprise architecture, and information security.
    However, not all CIOs are responsible for each of the areas 
called for in law, and views were mixed as to whether it is 
important for CIOs to have responsibilities for each of these 
areas. A significant number of CIOs who do not hold these 
responsibilities believe that it did not present a problem 
because other organizational units were appropriately assigned 
these duties. A few former CIOs told us that some of these 
areas were distractions from CIOs' primary responsibilities.
    Regarding reporting relationships, 19 of the 27 CIOs told 
us that they report to the agency head as required by law. 
Consistent with Mr. Johnson's comments, views were mixed as to 
whether it is important for the CIO to report to the agency 
head. Some stated that a direct reporting relationship was 
crucial, especially when influencing budgets and policy 
decisions. Others stated that organizational placement was not 
as important as credibility and relationships with other key 
executives.
    Next, regarding CIO tenure since Clinger-Cohen was enacted. 
The median tenure of agencies' permanent CIOs is just less than 
2 years, or 23 months. Career CIOs, on average, stayed longer 
than political appointees. Nevertheless, in either case CIOs 
are staying less than the 3 to 5 years that was most commonly 
cited by both current and former CIOs as the time needed for a 
CIO to be effective.
    Since 1996, only about a third of the permanent CIOs who 
had completed their time in office stayed 3 years or more. 
Among reasons cited for high turnover were the political 
environment, pay differentials with the private sector, and the 
significant challenges CIOs face. Too short a tenure can reduce 
the CIO's effectiveness and ability to address the major 
challenges cited. These challenges included implementing 
effective IT governance practices, obtaining sufficient and 
relevant resources, and communicating and collaborating within 
the agency and with external partners.
    Congress and agencies can take actions to address these 
findings. With respect to Congress, hearings such as this, Mr. 
Chairman, help to raise the issues and suggest solutions. To 
further assist you in your oversight role, as requested, we are 
beginning work on private sector CIO responsibilities and best 
practices to complement the report we are releasing today.
    Agencies too can take actions to address the high turnover 
rate and challenges cited. Specifically, human capital 
flexibilities such as recruiting bonuses, retention allowances, 
and critical position pay authority may help to attract and 
retain qualified candidates.
    Regarding the major challenge of implementing effective 
governance practices, GAO and others have issued guides to 
assist agencies in institutionalizing sound governance such as 
our IT investment management framework.
    In summary, not all CIOs are responsible for the areas 
called for in law, nor do they all report to the agency head. 
In addition, most CIOs do not stay in office for the 3 to 5 
years recommended. Given the many challenges facing CIOs, 
having laws that focus on the most effective assignment of 
responsibilities, flexibilities to lessen turnover, and 
governance practices to effectively manage critical areas will 
be essential.
    This concludes my statement, Mr. Chairman. I would be 
pleased to respond to any questions that you have at this time.
    [The prepared statement of Mr. Powner follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.015
    
    [GRAPHIC] [TIFF OMITTED] 98209.016
    
    [GRAPHIC] [TIFF OMITTED] 98209.017
    
    [GRAPHIC] [TIFF OMITTED] 98209.018
    
    [GRAPHIC] [TIFF OMITTED] 98209.019
    
    [GRAPHIC] [TIFF OMITTED] 98209.020
    
    [GRAPHIC] [TIFF OMITTED] 98209.021
    
    [GRAPHIC] [TIFF OMITTED] 98209.022
    
    [GRAPHIC] [TIFF OMITTED] 98209.023
    
    [GRAPHIC] [TIFF OMITTED] 98209.024
    
    [GRAPHIC] [TIFF OMITTED] 98209.025
    
    [GRAPHIC] [TIFF OMITTED] 98209.026
    
    [GRAPHIC] [TIFF OMITTED] 98209.027
    
    [GRAPHIC] [TIFF OMITTED] 98209.028
    
    [GRAPHIC] [TIFF OMITTED] 98209.029
    
    [GRAPHIC] [TIFF OMITTED] 98209.030
    
    [GRAPHIC] [TIFF OMITTED] 98209.031
    
    [GRAPHIC] [TIFF OMITTED] 98209.032
    
    [GRAPHIC] [TIFF OMITTED] 98209.033
    
    Mr. Putnam. Thank you very much.
    I want to thank all of you for your opening remarks, and at 
this time I will yield for the first round of questions to the 
ranking member, the gentleman from Missouri.
    Mr. Clay. Thank you, Mr. Chairman, and thank all the 
panelists for being here today.
    Mr. Johnson, GAO found that agency CIOs were unanimously 
responsible for IT areas such as information security and IT 
investment management, but were much less likely to be 
responsible for areas such as information disclosure or 
statistical policy, all of which they are statutorily 
responsible for. Should the CIOs be responsible for each of 
these 13 areas, and are OMB or the CIO Council planning to 
respond to these findings?
    Mr. Johnson. Ask Karen Evans after me, and you should pay 
more attention to what she says than what I do. To answer your 
question, if that is the law, then that is what they are 
supposed to be doing, is one. I do think that 80+ percent of 
the value of a CIO is in those top four, five, or six 
categories. And when we have major problems in the IT arena, it 
is because we have a $100 million project that is producing 
nothing, or a $500 million project that is 2 years past due. 
And that is where the bigger numbers are and bigger 
opportunities to perform or fall behind.
    But in terms of the CIO Council addressing those particular 
things, I really don't know. If it was agreed to that is what 
they are supposed to be doing, then that is what they are 
supposed to be doing.
    Mr. Clay. Let me ask you, then, a followup. Whose 
responsibility does it become to fulfill the CIO's role when 
the position is vacant? And are there circumstances where the 
bureaucracy is demonstrating better results in agencies where 
the CIO position is vacant?
    Mr. Johnson. When the position is vacant, the chief 
operating officer of an agency, which may be the head of a 
smaller agency or under secretary for management at larger 
departments will fill the vacancies. If there is a vacancy in a 
political position or a career position, the work is supposed 
to be go on. Big IT development projects are supposed to 
continue on budget and on schedule. We are supposed to be 
running these agencies, and they are responsible for 
designating somebody to serve in an acting capacity in the 
absence of a CIO; and it might be the deputy CIO, it might be 
somebody from the outside, it might be any number of different 
people. But we are not supposed to stop spending $60 billion 
wisely just because the CIO is missing. We hold the operating 
head of the agency responsible for everything that goes on in 
that agency, whether all his or her senior positions are filled 
or not. The absence of people in those positions is not an 
excuse.
    Mr. Clay. OK, thank you for that response.
    And I will ask you, too, Ms. Evans. Welcome today. What 
about GAO's findings that the agency CIOs were responsible for 
IT areas such as information security and investment 
management, but much less likely to be responsible for areas 
such as information disclosure?
    Ms. Evans. In looking at those responsibilities--and I have 
had the opportunity to be an operational CIO, as well as being 
in component organizations, and I have had the opportunity to 
work with statistical agencies. Statistical agency and policy 
coordination is usually jointly developed in those agencies 
where statistical agencies are present, because by law 
statistical agencies have information requirements that are 
levied on them, as well, as to how they need to protect that 
information before it is released out to the public. And so 
usually what will happen is those responsibilities will be 
jointly done. The two that you specifically mentioned are 
usually jointly done with the general counsel's office and the 
CIO's office, because there is an information dissemination 
piece where the CIO's policies and rules and procedures would 
come in place, but there is also a programmatic piece 
associated with the management of that information.
    So I think those two areas really highlight the partnership 
that is required that a CIO must have into multiple program 
areas, because we don't necessarily have the expertise in all 
the program areas, so we have to partner with the appropriate 
expertise that we need. So there is a programmatic aspect to 
the two pieces that you have brought up that we would generally 
rely on general counsel advice as well as the statistical heads 
of the agencies as designated by law.
    Mr. Clay. OK, let me ask one last question. Do you believe 
the requirement to have agency CIOs report directly to the 
agency heads still make sense in today's environment?
    Ms. Evans. I would like to think that the focus of this is 
that IT is a strategic asset, and so the agency head, or the 
chief operating officer in this particular case, views IT as a 
strategic asset; therefore, the CIO would be involved in those. 
Do I think it is necessary that they directly report to the 
secretary? I don't think that is the case. I think that what is 
important is the way that IT is managed within that agency, and 
that it is viewed as a strategic asset and that the CIO manages 
it that way with the appropriate staff.
    Mr. Clay. Thank you for your response.
    My time has expired.
    Mr. Putnam. Mr. Johnson, thank you again for being with us. 
If you would just step back and in your time you have had an 
opportunity to evaluate this, see what is working, what is not 
working. If we were to make modifications to the law governing 
CIOs, what changes to the statute make the most sense for the 
operational day-to-day activities of making the Government 
work, holding it accountable, and running it efficiently?
    Mr. Johnson. Well, I have a better sense of what we need to 
make sure that all of this happens. If you are asking what of 
the Clinger-Cohen currently allows or doesn't allow, I don't 
know. But what I think the CIO needs to be able to do, and 
needs to be charged to do is to define really clearly what any 
dollars spent on IT is supposed to produce which is their most 
important role as I mentioned earlier. And oftentimes program 
managers say we need a new intelligence system or a new 
financial management system, and people start spending large 
sums of money before it is really clearly defined what it is 
that we are trying to accomplish. The CIO is the person that 
the head of the agency, Karen, all of you, and I should look to 
when we have IT projects that run amok, that are not producing 
defined goals with defined benefits at an acceptable cost, on 
schedule. That is their primary responsibility, in my mind, and 
they are the ones that we should hold accountable for that.
    If they need extra authorities or extra tools to be able to 
do that, then we should allow that. I don't know what Clinger-
Cohen allows now or not, but I do know that all too often we 
are not a very good client; we don't develop most of these 
systems ourselves, we hire other people to come in, we act as 
their client, and we work with them. The fact that we allow 
large, large sums of money to be spent on these projects that 
are years behind or have not achieved the functionality we 
expect, says that we are not as good a client and as good a 
spender of these resources as we should be. To me, we have to 
be a disciplined client and a disciplined spender. This means 
we have to be rigorously inclined to define what it is we 
consider success and what it is we are trying to accomplish: by 
when, for whom, and at what cost. And that is the discipline. 
That is the rigor that is missing, I think, between a really 
good spender of $60 billion and a not-so-wonderful spender of 
$60 billion.
    Mr. Putnam. What is the best management tool to impose that 
discipline, that rigor, to have that accountability when 
programs do go south? And, frankly, it happens more frequently 
than any of us would like, and it involves an awful lot of 
commas and zeros.
    Mr. Johnson. I think it is a combination of things. I think 
one of the things the President's management agenda points out 
is the value of clearly defining what you expect to achieve in 
human capital, in IT or budget integration, or competitive 
sourcing. Then you can hold someone accountable for achieving 
it, and you give quarterly updates on how good a job they are 
doing. So, for instance, one of the things that the President's 
management agenda does is require the IT operations in the 
agencies to use Form 300's, which develop really well thought-
out business cases. Are the business cases acceptable or not; 
do they define the adequacy of the management of the project, 
the security provisions being made, the desired functionality, 
and so forth? How good are our business cases, and does the 
value of the system far exceed the cost? And we could talk 
about what percent of the business cases are acceptable or not. 
That is information, particularly with the bigger projects, 
that we probably ought to be more interested in and pay more 
attention to than we are.
    But I think one of the things we have done is start to 
publicize what percent of the case are acceptable or not and, 
what percent of the systems are secure. That information is 
public, and some agencies are great and some agencies are not 
so great. We ought to be kind of hard on the agencies that are 
not so great. We required CIOs to utilize earned value 
management for all projects to determine whether projects are 
on budget and on schedule. And we keep track of what percent of 
the projects are within 30 percent of the planned budget and 
schedule, as an intermediate goal, and the ultimate goal is to 
get within 10 percent of the budget and schedule. That 
information ought to be made public; people ought to be held 
accountable for getting it to an acceptable level and holding 
it there.
    So it is a clear definition of success, and I think 
information about how good each CIO is or how good each agency 
is at achieving those standards should be made public. And we 
ought to be relentless about it. I think that we do a good job 
with the President's management agenda, but it can be even more 
visible than what it is today, which is a charge to us. In the 
past, what I heard a lot of people say about management issues 
in general in the Federal Government was: we have always had 
goals, we have always said we want to accomplish this with 
GPRA, and we want to accomplish this with IT. What seems to be 
new in the last couple of years is that we are actually 
expecting people to achieve those goals, and we are actually 
defining more clearly what success means. We are publishing 
report cards, and we are publishing performance information and 
letting the American people and Congress know who is achieving 
those goals, who is not, and making it real clear that we 
expect people to produce results.
    There are things that we are employing now: earned value 
management, Form 300's, President's management agenda. There 
have been other things as well that will allow us to do that 
even better. I don't know that we necessarily mandate those by 
statute, but that discipline, I think is, in general, what is 
called for.
    Mr. Putnam. So the oversight, the scrutiny, and the 
publicity that arises from failing to meet those goals then is 
the accountability you speak of.
    Mr. Johnson. Yes. Karen and I have talked about 
understanding that the more money involved, the greater the 
risk. Maybe there is a second and a third level of quality 
control that should exist for large IT projects. How do we 
ensure that it happens? Do we require it? Do we suggest it? I 
don't know yet. But whenever we are trying to write something 
new or develop a system, we are trying to do something that has 
never been done before, so there is risk involved. We must find 
out how to manage that risk. We just need to be more conscious 
of our track record, ensuring that it is not going to go awry. 
We need to try to do more things to make sure it doesn't. So, 
to do so, we can identify where we do have problems, identify 
where we do have success, make sure that we spread our best 
practices and avoid our worst practices, and have lots of 
clarity and accountability.
    Mr. Putnam. Ms. Evans, having been on both sides of this, 
is there enough accountability in the system currently on 
individuals, on CIOs?
    Ms. Evans. I would say that right now, based on the 
statutes that we have in place, the authorities that are out 
there and the responsibilities that we have, it is very clear 
what we are supposed to do. I would echo the same comments that 
Mr. Johnson has just made. And I was obviously in the Federal 
Government when Clinger-Cohen was first passed, and have seen 
how it continues to progress and evolve the roles, but the 
difference now is the accountability. We always knew what we 
were supposed to do; we have always had an A-130. We have 
always had A-11s. We have always had the guidance going forward 
of what we were supposed to do, but now OMB has stepped up and 
the President, himself, with the scorecard is really in a very 
public way publishing what are the expectations, what do we 
expect agencies to do, how do we expect them to perform, and 
holding them accountable, meeting with them quarterly and 
asking them about the progress of how they are going, giving us 
results that we can see, tangible results, not just telling us 
that they are doing it, but us actually can see it, because 
then, as the taxpayer, you will be able to see it as well, has 
really made a difference.
    And I have seen great, great changes that have occurred 
with the introduction of the scorecard, holding the agencies 
accountable, and it really has truly energized people within 
the agencies because they know at the highest ranks of the 
Federal Government their work is being looked at, and it is 
important and it is making a difference.
    Mr. Putnam. So Clinger-Cohen, has it had its intended 
impact?
    Ms. Evans. I would say yes. And I would say that you are 
going to continue to see more things happen. I think that 
Congress, 8 years ago, had the foresight to realize what 
information technology was going to do, the impact that it was 
going to have on the Federal Government. But as we continue to 
evolve and as you see technology continues to just morph and 
morph and morph, that it has had the impact; it has heightened 
the awareness, it has made agencies' officials be held 
accountable, and we are introducing more and more tools so 
there is more clarity to what the intent of Clinger-Cohen 
really was meant to be.
    Mr. Putnam. The A-130 was last revised in late 2000. Is it 
outdated, it is in need of revision, or is it OK the way that 
it is?
    Ms. Evans. You are right, it has not been updated since 
2000; however, as each piece of legislation comes out, we have 
implemented policy guidance to deal with the implementation of 
that legislation. We are in a review process for it right now 
to see if we really do need to update it, but there are no 
policy gaps as far as guidance to the agencies are concerned, 
because we have issued those. We are reviewing it. If we were 
to update it, it wouldn't happen until the next fiscal year, 
going into the next fiscal year.
    Mr. Putnam. Mr. Powner, you pointed out the turnover in the 
CIOs in your report.
    Mr. Johnson, we have had hearings about this at all levels 
of the Federal Government, the human capital problems.
    How big a deal is it? Is it typical of what we are seeing 
across the Federal Government, a little bit better, a little 
bit worse, is it a crisis, is it one of many problems? How 
would you characterize it?
    Mr. Johnson. I know in the political appointees in general, 
their adage is--which is what I was involved in with the 
President when he first came to office--the average time 
supposedly that somebody stays in a political position is 2\1/
2\ years or so, and the general reasons given for that is this 
is hard work, the volume of work, the public scrutiny, it is 
hard. You have been here long than I have. And it doesn't mean 
necessarily someone leaves, but they stay in one job on point 
11, 12 hour days, and 2\1/2\ years plus or minus, then they 
tend to move to something else or the good ones are asked to do 
something else, whatever, but 2\1/2\ years. So the fact that 
the turnover for CIOs is 2 years doesn't strike me as being 
dramatically different.
    I know of CIOs who, in general, can come in and have a huge 
impact on an organization within months, and I know other CIOs 
that can come into an organization and be there for 3 or 4 
years and have little impact. So I wish CIOs in general would 
be there 3 or 4 years, versus one or two, but I am not sure 
there is a direct correlation between time on the job and their 
effectiveness.
    This is a very hot market, and I don't know what impact the 
IT and the Internet growth of the industry in the late 1990's 
had on turnover. I would think it would be hard for us to 
compete with people that are hiring our CIOs and paying them 
lots of money and lots of stock options and so forth. It would 
be easier when the market is not heated up like that.
    I don't know that there is any immediate, direct problem 
with CIO turnover, because I think a good CIO can come in and 
have an impact in a very short period of time. I think the 
primary thing is being able to hire them initially and get them 
on board in a hurry, more so than once they are here, keeping 
them and letting them grow into the job. We spend so much money 
in almost every agency; we don't need to be hiring CIOs that 
can take 18 months to get up to speed. Invariably, when they 
walk in on the job, they have tens of millions of dollars of 
projects that need to be managed and huge issues bigger than 
anything they have ever faced, and they need to be effective 
pretty much within the first couple of weeks.
    Mr. Putnam. Ms. Evans, you chair the CIO Council. How would 
you characterize the turnover issue?
    Ms. Evans. I think it is indicative of the marketplace of 
where we are competing. Is it a problem that their turnover is 
every 18 months? Again, I would re-echo the same comments that 
Mr. Johnson did. When you come into the job, you have to be 
able to hit the ground running. You could be there 3, 4, 5 
years and not be a very effective person, and not just as CIO, 
but in any position. So do I see a change on the Council? They 
come in, we come in, we bring them up to speed, we make sure 
that the best practices are there so that they have everything 
that they need to hit the ground running. But for the most 
part, do I think that it impacts our overall performance on the 
Council? I would say no, because we have our processes and our 
procedures and our best practices; we continue to evolve those. 
We have those in place so that we can ensure that the turnover 
doesn't impact the functioning of the Council.
    Mr. Putnam. Mr. Powner, do you agree with that?
    Mr. Powner. In terms of the tenure and the turnover with 
the CIOs, a couple things that we heard that actually could 
help to mitigate some of the transition periods is the deputy 
CIO position. Many CIOs mentioned to us the importance of that 
position. The other thing that is very important, and this is 
in line with what Ms. Evans is saying here, is when we have 
performance-oriented goals, such as the E-Gov section of the 
PMA, which really covers a number of those top seven areas 
there, that keeps the focus on several key IT management areas, 
whether we have turnover or not. That is very important. Your 
grades, that is another area. Folks are very focused on those 
grades, whether we have turnover at the CIO position or not, 
because the heads of those agencies are clearly focused on 
those grades and those scores.
    Mr. Putnam. Thank you all very much. We have three panels 
today, so we are going to move right along. I really appreciate 
all of you coming down and spending some time with the 
subcommittee. These are important issues and you have all been 
very supportive of this subcommittee's agenda in working 
together with you to improve our IT efficiency.
    So the subcommittee will stand in recess and we will 
arrange for the second panel.
    [Recess.]
    Mr. Putnam. If the witnesses and anyone accompanying them 
will please rise and raise your right hands.
    [Witnesses sworn.]
    Mr. Putnam. Note for the record that all of the witnesses 
responded in the affirmative. We will move immediately into 
testimony.
    I would like to welcome our witnesses for this panel and 
introduce Paul Brubaker. Mr. Brubaker served as executive vice 
president and chief marketing officer for IS International. He 
has responsibility over marketing and helps guide IS toward 
future opportunities. He joined IS with over 16 years of 
experience in government services and the public sector. As the 
former deputy CIO for the Department of Defense, Mr. Brubaker 
was the Department of Defense's second highest ranking 
technology official.
    Welcome to the subcommittee. You are recognized for 5 
minutes.

STATEMENTS OF PAUL BRUBAKER, EXECUTIVE VICE PRESIDENT AND CHIEF 
  MARKETING OFFICER, IS INTERNATIONAL; JAMES FLYZIK, PARTNER, 
 GUERRA, KIVIAT, FLYZIK & ASSOCIATES; AND DEBRA STOUFFER, VICE 
     PRESIDENT OF STRATEGIC CONSULTING SERVICES, DIGITALNET

    Mr. Brubaker. Thank you, Mr. Chairman, Mr. Clay, and 
members of the subcommittee. I am here today speaking as a 
citizen. These are my own views and do not reflect those of my 
firm, per my general counsel.
    I was originally involved in developing the Clinger-Cohen 
provisions, including the CIOs and the deputy CIO provisions 
that were in the report language, as well as served at DOD, so 
I think I have a fairly unique perspective on both the 
formulation of the legislation and how it is applied at the 
largest Federal agency.
    I would like to commend you, Mr. Chairman and Mr. Clay, as 
well as the General Accounting Office, for convening this 
hearing today and undertaking this review. I would like to 
point out that--you see these outlined over here in the chart 
that GAO put forward--work before programs run amok, not after 
they run amok. Management is another area responsibility in 
developing and enhancing architectures, including operational 
architectures, and standards is absolutely key, encouraging and 
ensuring process change throughout the organization, and the 
intent was for visionaries and strategic thinkers as it relates 
to applying information technology in the enterprise. What is 
the most useful reporting structure? Simply reporting to the 
agency head. GAO made reference to a chief operations officer 
in their report today, which I believe to be an excellent idea 
and merits further study. Now, should a COO be established, 
then I would highly recommend that both the CIO and the CFO 
report directly to that person.
    The bottom here is that a seat at the management table is 
absolutely critical for a CIO to be effective; they should be 
tantamount to the financial officer in terms of the 
organizational structure. Wherever that CFO reports, the CIO 
should report as well.
    You asked about the specific duration of time in which a 
CIO must remain in their position to be most effective. 
Honestly, it has to be longer than 19 to 32 months, as was 
outlined in the report, especially given the fact that the 
general consensus out there in the management circles is that 
you need 3 to 5 years to be effective. I would highly recommend 
term appointments on the part of CIOs, certainly greater than 6 
years, no more than 12; can be reappointed; perhaps some perks 
related to retirement that would attract some of the best and 
brightest of that position.
    You asked about characteristics and qualifications that a 
CIO should possess. Simply put, knowledge of applied technology 
and a nose for transformation, a desire and a passion to 
reform, and business acumen. It is absolutely critical that if 
they are operating the capital planning and investment control 
process, that they understand concepts like risk management, 
risk mitigation, return on investment, and so forth.
    Major challenges? In a word I can sum it up: culture. The 
culture of the organization, when we introduced the concept of 
CIO, was not all-embracing, and basically what you have is an 
information-aged position that we are putting into an 
industrial-aged bureaucracy, and, frankly, it has been 
difficult and a long road to get it to work.
    And I would be pleased to answer any questions that you may 
have.
    [The prepared statement of Mr. Brubaker follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.034
    
    [GRAPHIC] [TIFF OMITTED] 98209.035
    
    [GRAPHIC] [TIFF OMITTED] 98209.036
    
    [GRAPHIC] [TIFF OMITTED] 98209.037
    
    [GRAPHIC] [TIFF OMITTED] 98209.038
    
    [GRAPHIC] [TIFF OMITTED] 98209.039
    
    [GRAPHIC] [TIFF OMITTED] 98209.040
    
    [GRAPHIC] [TIFF OMITTED] 98209.041
    
    Mr. Putnam. Thank you very much.
    Our second witness is James Flyzik. Mr. Flyzik is a partner 
in a consulting company he co-founded. Before this, he served 
as Senior Advisor to Governor Ridge in the Office of Homeland 
Security. He provided advice on the national strategy and 
information management. Prior to that, he was the Chief 
Information Officer for the Department of the Treasury.
    Welcome to the subcommittee. You are recognized for 5 
minutes.
    Mr. Flyzik. Mr. Chairman, Mr. Clay, distinguished members 
of the subcommittee, it is my pleasure to testify today on 
issues of critical importance to achieving world-class 
performance within Government agencies. I have been involved in 
information technology issues during my entire 27-year 
government career, and I now work in the private sector to find 
ways to help make government IT programs succeed. I applaud the 
subcommittee for making these issues a priority.
    I had the honor and privilege to work for the public for 
over 27 years as a career civil servant. I held senior 
information technology positions at Secret Service, Department 
of Treasury, CIO, served as Vice Chair of the Federal CIO 
Council from 1998 until 2002. I also had the privilege to head 
up the IT team during the reinventing government program and 
served on the administration's team during the crafting of the 
Information Technology Reform Act, the Clinger-Cohen 
legislation. I finished my career as an IT advisor to then 
Governor Ridge, following the terrorist attacks of September 
11. In all these roles, the empowerment of Federal CIOs was the 
key issue that impacted program success.
    My message today is simple: If the Government is to take 
full advantage of the power of IT, it must make achieving 
world-class IT implementation a priority on the agenda of the 
heads of our Government agencies. I believe progress to date 
has been good, but far short in what is needed and far short of 
what Clinger-Cohen originally envisioned. Many CIOs today find 
themselves being held responsible and accountable for results, 
but lack the authority to impact the programs they are expected 
to implement.
    I participated in the GAO study of these issues. With that, 
I will address the five questions posed by the subcommittee.
    What are the responsibilities of a Federal CIO most 
critical to success? The CIO must be responsible to bring best-
in-class IT practices to Government agencies. This implies 
responsibility for gaining detailed understanding of the key 
critical mission objectives and defining how IT can realize 
these objectives. If we are to hold CIOs accountable for 
program performance, then we need to empower them to make 
strategic decisions about resources. This means 
responsibilities for IT capital planning, investment decisions, 
budget execution, program and portfolio management. I would 
also suggest that an important responsibility for a CIO is to 
become credible in an agency and part of that senior team 
making strategic business decisions. This means becoming 
credible to senior political executives, career executives, 
middle management, and subordinates. Only when a CIO is seen as 
a key player can he or she be influential in getting results. A 
CIO will gain this credibility by understanding the business 
objectives of the agency and how IT can add value to meeting 
those objectives.
    On the question of reporting structure, a CIO that reports 
to the agency head immediately gains the empowerment of being 
on the senior leadership team if that CIO has a seat at the 
table. A seat at the table means being part of the strategic 
decisionmaking, not merely a line on an organization chart. Can 
other organizational models work? Yes, but only when the CIO 
gains the empowerment to effectuate change and is seen as part 
of that senior leadership. For example, during my tenure as CIO 
at Treasury, I reported on a dotted line to the secretary for 
all IT matters, but administrative reporting was through an 
assistant secretary. Yet I believe this worked. Why? Because 
the assistant secretary made it clear to all subordinate 
bureaus that all IT budget and program decisions needed to be 
approved by the CIO. In this case, it wasn't structure that 
empowered, it was process. But I must also point out that 
empowerment doesn't guarantee results. Empowerment provides the 
opportunity for results. A competent CIO will get the results.
    In reference to the question of time duration, I believe a 
CIO cannot achieve any meaningful results if they are in that 
role less than 2 years, based on budget and procurement cycles. 
On the other hand, I also believe it is in the best interest of 
Government agencies to bring in fresh ideas over time. I 
believe it a good practice to rotate CIOs and into key CIO 
Council executive committee positions to encourage the 
development of alternative viewpoints. I believe CIOs should be 
rewarded for innovative and creative enterprise approaches such 
as heading up governmentwide initiatives.
    In addressing the question of characteristics and 
qualifications, I would like to point out that the Federal CIO 
Council invested a great deal of time identifying many of the 
technical and business skill sets required to be a successful 
CIO. Universities now teach these. But rather than reiterate 
these well documented qualifications, I would like to point out 
that a good CIO needs to understand technology, but, more 
importantly, how to apply that technology to solve business 
problems. A good CIO has technical skills, finds ways to stay 
current on technology, understand business practices and 
business skills such as financial management, and know how to 
build relationships, relationships with Congress, top managers 
in the agency, the private sector, and their peers.
    Challenges they face are numerous and dynamic. The delicate 
balance of privacy versus national security, interoperability, 
information sharing. But in my opinion, the most challenging 
issue is the need to use technology to challenge and change 
agency cultures, traditional institutionalized processes. We 
have seen major programs continually plagued with cost overruns 
and time delays. We see now new powerful approaches such as 
performance-based acquisitions to address these. The concept is 
simple, yet implementing these concepts requires not just the 
CIO.
    Mr. Chairman, to sum up, if UPS and the Federal Express can 
tell you where and when your package is located at any point in 
time during shipment with a click of a mouse, why can't 
Government tell you when your tax return will arrive, how to 
change your mailing address without going agency by agency, 
when your street will be cleared from snow? Citizens demand and 
expect fundamental government information in realtime.
    I thank the subcommittee for giving me this opportunity to 
make my points, and I look forward to working with you in any 
way I can to help move these important issues forward. I would 
be happy to answer questions when appropriate.
    [The prepared statement of Mr. Flyzik follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.042
    
    [GRAPHIC] [TIFF OMITTED] 98209.043
    
    [GRAPHIC] [TIFF OMITTED] 98209.044
    
    Mr. Putnam. Thank you very much.
    Our third witness on this panel is Debra Stouffer. In 
February 2003, Ms. Stouffer became vice president of strategic 
consulting services at DigitalNet Government Solutions, where 
she is responsible for developing and managing a comprehensive 
suite of analytical and technical services designed to enable 
government and commercial business leaders to achieve improved 
mission performance. She previously served in the Federal 
Government as the EPA Chief Technology Officer, as the Federal 
Enterprise Architecture Program Manager at OMB, and as the 
Department of Housing and Urban Development's Deputy Chief 
Information Office for Information Technology Reform.
    Welcome to the subcommittee. You are recognized.
    Ms. Stouffer. Thank you. Good afternoon, Mr. Chairman and 
members of the subcommittee. Thank you for inviting me here to 
discuss the evolving role of the Federal CIO. My experience in 
the public sector has shaped my perspectives on the topics that 
I will share with you today.
    In terms of the CIO's responsibilities and criticality, the 
role of the Federal CIO today is broader and more complex than 
it ever has been. Further, the statutory and regulatory 
framework is complex as well. CIO responsibilities are derived 
from numerous IT-related statutes and regulations. For example, 
there are over nine IT-related statutes that lay out the CIO's 
responsibilities, and just since 1994 at least 12 separate 
memoranda and circulars issued by OMB related to Federal IT 
policy and budget procedures.
    New Federal CIOs often find it difficult to understand the 
Federal requirements to which they must comply and the 
competencies they must exhibit to perform effectively. Further, 
CIO duties vary across the Federal Government, depending upon 
the agency's size, complexity, and organizational structure. As 
size and complexity increase and structure is disaggregated, 
the influence the CIO has over business and budget decisions is 
likely to diminish.
    Until the past few years, Federal CIOs have been 
responsible for the more traditional information resource 
management concerns. Recently, however, as a result of the 
administration's efforts to ensure Federal agencies are 
citizen-focused and results-oriented, the CIO is increasingly 
viewed as a change agent for business modernization and 
transformation. Further, they must ensure that IT investments 
are delivering intended results in terms of mission 
performance, not just finishing on time and within budget.
    In terms of reporting structure, many Federal CIOs report 
to the executive heads of the agencies. I believe, however, 
similar to many comments you have heard today, that based on 
their evolving role, that CIO effectiveness would improve with 
organizational reporting to their agency's COO, that is, those 
executives responsible for the agency's day-to-day business 
operations This would provide the CIO with equal footing among 
agency business leaders in all key decisions regarding agency 
business operations. In addition, Federal CIOs informally 
report to the Administrator for Electronic Government at OMB; 
however, this reporting structure is not clearly defined in the 
E-Gov Act of 2002.
    In regards to their optimal time duration, it should be 
longer. Available evidence suggests that the median tenure of a 
Federal CIO is about 2 years. Often, 3 to 5 years is needed to 
lead business transformation. Equally important to tenure is 
the ability to participate in executive decisions, an activity 
often limited to politically appointed business leaders. Some 
CIOs are politically appointed; others are not. All need to 
have a seat at the table on their senior management teams. 
Perhaps term appointments are an option.
    In regards to personal traits and qualifications needed, 
CIOs must certainly have the correct technical and business and 
management skills to meet their agency's needs. Further, to 
lead transformation, they must be strong leaders, strong 
communicators, and have a strong business acumen.
    Challenges include the following: understanding the 
existing and complex Federal statutory and regulatory framework 
for information resources management; recruiting and retaining 
skilled IT professionals, to include project managers; 
fostering business and cultural change to achieve e-government 
transformation; maturing governance processes and integrating 
those governance processes; and ensuring adequate resources for 
cross-agency collaboration are identified and made available to 
the people that are charged with implementing e-gov 
initiatives.
    In conclusion, Federal CIOs can and should play a 
significant role in improving the management and performance of 
the Federal Government, and ensuring that our Government is 
more responsive to the needs of citizens. IT has transformed 
the way that we all do business, and none of us can predict 
what the future may hold. As the CIO role broadens and 
expectations increase, so do the challenges. I am confident, 
however, that with the proper support from Congress and the 
administration, CIOs can be successful and effective in their 
role.
    I thank the committee for the opportunity to speak this 
afternoon.
    [The prepared statement of Ms. Stouffer follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.045
    
    [GRAPHIC] [TIFF OMITTED] 98209.046
    
    [GRAPHIC] [TIFF OMITTED] 98209.047
    
    [GRAPHIC] [TIFF OMITTED] 98209.048
    
    [GRAPHIC] [TIFF OMITTED] 98209.049
    
    Mr. Putnam. Thank you very much. And I have been notified 
that we are expecting a series of votes around 4, so I would 
ask for your indulgence. We are going to cut the questions 
short for this panel in hopes of being able to get through the 
third panel before the voting bells go off.
    This is a unique opportunity, I would assume, for former 
CIOs to be able to come back and do essentially an exit 
interview with Congress and have the opportunity to reflect on 
what you wish someone would have told you or prepared you for 
as you went into the job, so that is my first question: What 
would you advise someone who is considering taking this job, in 
its current role and its current form, with its current 
responsibilities? What is it that you would share with them 
that you wished someone had shared with you?
    And we will begin with Mr. Brubaker.
    Mr. Brubaker. Well, I came at this with a little different 
background; I wasn't in the Federal Government, I had actually 
come off the Hill and gone into industry for a few years. So 
having been involved in what I thought I knew what the 
requirements were, having been involved in drafting legislation 
and the position description, if you will. My advice would be 
don't expect the agency to have an understanding of the roles 
and responsibility of the CIO when you walk in. Part of the job 
is actually to educate your management and the people that you 
work with and your colleagues in the agency as to what your 
role is. The first time you start snooping around IT 
investments--at least this was true when I was at the Defense 
Department--people tend to get pretty excited; they feel 
somewhat threatened. So you have to concentrate on your 
governance processes, and the culture and how you are going to 
overcome cultural obstacles, and have a proactive plan for 
addressing those issues.
    Mr. Putnam. Mr. Flyzik.
    Mr. Flyzik. Yes, Mr. Chairman, and you are right, it is 
kind of unique to have an opportunity to testify today, for the 
first time, where I didn't need to go through a clearance 
process with the legislative affairs, the legal counsel, OMB, 
and all the other various chains, but be able to write and say 
what I have been thinking. But with that in mind, I would 
suggest to you, sir, that building relationships and 
partnerships has to be a first step. As I mentioned in my 
testimony, I believe a CIO can only be effective if they are 
credible, and credible means building relationships within 
their own agency, the career officials, the political 
officials, members of the Hill like yourself and your staff, 
and OMB and those others, and the private sector. I think there 
is a very fine, delicate balance, too. A CIO needs to reach 
out, get out in the community and build these partnerships, but 
at the same time remember their responsibilities within their 
own agency. And I think it is a very delicate challenge that 
CIOs face to do that, but I think it is critical to gain that 
credibility, because once one gains credibility, then one has 
the power to effectuate change.
    Mr. Putnam. Ms. Stouffer.
    Ms. Stouffer. Several things are critical, in my opinion. 
One is to know the business. The CIO has to understand the 
business of the organization, understand where the performance 
gaps are, and be able to apply technology to close those 
performance gaps or enable business performance. Second, 
obviously, know information technology. You can't offer up a 
solution of enabling technology if you don't understand it and 
know how to apply it. Third, in building relationships, you 
need to communicate, communicate, communicate value, and you 
have to do that differently with different stakeholders. So it 
is important not to have one story, but to be able to 
communicate the value of enabling technology to different 
people in different ways so they understand it from their own 
unique perspectives.
    Mr. Putnam. I would ask all of you also if is it critical 
that the CIO report directly to the head of the agency? And I 
would ask you to be brief. Something more than yes or no.
    Mr. Brubaker. At this moment, yes. I think I covered it in 
my statement.
    Mr. Flyzik. As mentioned in my statement, I think it 
certainly helps gain that credibility I am talking about. I 
also suggested that the key issue is can the CIO be in the 
strategic management team and be empowered. If we are going to 
hold the CIO accountable for results, then they need the 
responsibility and the authority to control resources, both 
financial and human resources, to get the job done.
    Ms. Stouffer. In my opinion, it could be more effective for 
them to report to the COO, and that is a different person in 
different organizations. I say that because the head of an 
organization or the secretary or administrator is typically 
outward facing, they do a lot of externally-oriented work. The 
deputy or whoever is effectively the COO of the organization 
really runs the day-to-day business of that organization. 
Informally, if not formally, the assistant secretaries and 
administrators report to them anyway.
    Mr. Putnam. Is turnover a big deal? And if so, how do we 
fix it?
    Ms. Stouffer.
    Ms. Stouffer. I think that it is. And, I believe that term 
appointments, and perhaps politically appointed term 
appointments, might be one action to consider. It might help to 
have term appointments that extend more than 18 months or 2 
years. Often a CIO has even a shorter period than that to be 
effective when they are politically appointed, because the time 
it takes to bring them into the agency. Yet, because political 
appointees start out with a great deal of credibility, they 
have an easier time coming to the table with the other senior 
business leaders. For this reason, perhaps a politically 
appointed term would make the most sense.
    Mr. Putnam. Mr. Flyzik.
    Mr. Flyzik. Mr. Chairman, I believe the answer to that 
question is it depends how effective the deputy and the staff 
below the CIO are, and how well that succession planning has 
been built. If you build a very strong team and effective 
staff, then a program should be able to sustain its momentum 
through a turnover process. If you can sell your program to the 
ultimate customer of government, that is, the citizen of 
government, then the program will live beyond an individual. 
And the question is developing key players that can run those 
programs coming up right behind that CIO.
    Mr. Brubaker. Mr. Chairman, I strongly advocate term 
appointments. In my written statement I gave a little more 
detail on it, but I think a term appointment of at least 6 
years for a CIO would be smart, with a Senate confirmation for 
those who are statutorily required. You know, from personal 
experience, people can't wait you out. I actually, during my 
lame duck period, if you will, while the administration changed 
and people knew I was going out, I actually had somebody tell 
me that they were going to wait for the next guy, because I was 
challenging a program and something that they wanted to do. So 
I am a strong advocate of term appointments, political, with 
Senate confirmation for the statutorily appointed ones.
    Mr. Putnam. Why is it so important that a CIO have Senate 
confirmation?
    Mr. Brubaker. Why is it important?
    Mr. Putnam. I know you would never get that question in the 
Senate.
    Mr. Brubaker. It is important for oversight purposes, to 
make sure that you take a look at--it provides an opportunity 
to talk about what that agenda is going to be. It provides an 
opportunity for the appointee and the agency to commit to 
certain types of oversight and to ensure that appointee is 
going to be given the support on the part of the agency. It 
gives you an opportunity to have a hearing, it gives you an 
opportunity to talk to some of the agency officials to make 
sure that they understand what the roles and responsibilities 
are, and I think it is good to vet those people through that 
process.
    Mr. Putnam. How do we hold CIOs accountable?
    Mr. Brubaker. Mr. Chairman, can I add something to that as 
well?
    Mr. Putnam. Sure.
    Mr. Brubaker. If you are conducting oversight over other 
PASes, Presidential appointment, Senate confirmed, there is a 
hierarchy that is important as well, and I don't want to 
underestimate that. If you are giving advice on technology 
programs in an oversight capacity to somebody who is a 
Presidential appointment that has been Senate confirmed, you 
rank up there with them, and, frankly, that is another real 
reason to have a Senate confirmation; it is a hierarchical, it 
is a pecking order issue.
    Mr. Putnam. It is an ego issue for the Senate.
    But the accountability issue I think is important. How do 
we really get down to holding CIOs responsible for $100 million 
projects that go south, that fall 3 years behind, that are 
abandoned midstream? What is the appropriate level of 
accountability, what form does it take, and is it adequate?
    Mr. Brubaker. There is an accountability issue, but there 
is also a responsibility issue, and the issue that Clinger-
Cohen was a three-legged stool: you have responsibility that is 
delineated on the part of OMB, you have responsibility that is 
delineated to the agency head, and you have responsibility that 
is delineated to the CIO; and they all have to work in concert. 
And there is a lot of authority there, but there isn't the 
commensurate responsibility because the law, frankly, hasn't 
been implemented as it was originally envisioned. You know, can 
you take somebody to the woodshed, if you will, on a program 
that went south? Yes, you can do it, you can beat them up, but 
if they didn't have absolute responsibility, authority, and 
budget control over that program, then it is pretty difficult 
to make a fair case that they were responsible for the program 
going south. There is too much diffused responsibility and not 
enough--you know, we used to refer to it as who is the single 
belly button. Who is the single person that I can point to who 
has absolute accountability, authority, responsibility for a 
program? And, frankly, it is almost by design in the 
bureaucracy that responsibility is diffused among a lot of 
different people, because a lot of different people want to 
play in that role.
    And what Clinger-Cohen tried to do was delineate those 
responsibilities and be clear about who was responsible for 
what, and, frankly, we are not to that point yet; you have too 
many people with their hands in that cookie jar, and then when 
the cookie is gone, you can't figure out who took it.
    Mr. Putnam. Mr. Flyzik.
    Mr. Flyzik. Yes, sir. The accountability issue, as I 
mentioned before, I am a big advocate of performance-based 
approaches, and I think one can define performance metrics, as 
well as with contractors. However, if we are going to hold the 
CIOs responsible and accountable, they need to have the 
authority to control those resources. I would suggest that when 
a project is approved, particularly in a performance-based 
environment, that CIO be given the authority and the budget to 
put that program in place, and be held accountable, and have 
the authority to control the resources necessary to get that 
job done. And if more resources are needed, the authority to 
work with the CFO and agency head to come back up to the 
appropriations process and be completely in charge of the 
program. I feel in a lot of cases were are holding CIOs 
accountable because you have to hang someone when things don't 
work. But, yet, if you look behind the scenes, did that CIO 
really have the ability to control the financial resources and 
the human resources in that agency?
    I will give you an example. We talked today about the Ds 
received in information system security. I believe a lot of 
CIOs in Government know what it takes to address those 
deficiencies in information system security, yet they lack the 
dollars and the resources and the staff to do it, and the 
authority to get that resources and staff. So I think we need a 
model that, as when projects are approved, dollars are set 
aside, but those dollars are controlled by the CIO, and then we 
can hold them accountable.
    Mr. Putnam. Ms. Stouffer.
    Ms. Stouffer. I think there would be value in reworking the 
entire statutory framework and providing more clarity regarding 
roles and responsibilities and accountability. Clearly, the CIO 
needs to have influence on the budget process, particularly as 
it relates to information technology investments. So clearly 
understanding that they have a place at the table in that 
process is important. It would be helpful if OMB worked to 
develop strategy that is consistent across the board on how we 
pull funds when we do cross-agency initiatives. This strategy 
would address consistent criteria for how agencies are assessed 
for their share of an initiative making it easier for the CIOs 
when they are actually trying to implement e-gov initiatives 
and scramble for dollars at the same time.
    So I think, again, one value would be to rework the entire 
statutory framework and the guidance that is coming out of OMB, 
provide some clarity, perhaps consolidate some of it in such a 
way that it is easier to understand and point to; and I think 
that would be useful.
    Mr. Putnam. You have also served as a CTO.
    Ms. Stouffer. Yes.
    Mr. Putnam. Some agencies have them, some agencies do not. 
Please, if you will, share our impressions of the value of 
having a CTO as well as a CIO, and whether that is something 
that should be adopted by every agency.
    Ms. Stouffer. I believe that having a position entitled CTO 
is valuable. I think that even where you have organizations 
that don't have a position entitled CTO, you often have people 
fulfilling that role entitled something else. Typically they 
are more focused on the technology issues and less focused on 
the information issues and the business issues associated with 
performance gaps and leveraging technology to fill those gaps. 
So they are very focused on technology. I think CTOs are 
everywhere, they just have different titles at different 
agencies.
    Mr. Putnam. And finally, because we are going to need to 
seat the third panel--I hate to cut this short, but we will be 
submitting questions and answers for the record--as we have all 
of these hearings, typically agency culture, personnel and 
training are greater issues than technology itself in terms of 
being an impediment to progress and to change. Has the role of 
the CIO been fully accepted and worked into the management 
structure of the agencies as you have seen it? Ms. Stouffer.
    Ms. Stouffer. I believe that CIOs are becoming more and 
more effective. Obviously, as technology advances and as CIOs 
mature and their role in the organization is better understood, 
they are having more and more of an impact. Technology has now 
actually become disruptive in some cases because it is driving 
certain business decisions in areas where it can actually 
accomplish business needs. Having the knowledge of emerging 
technologies, and how they can further desired business 
outcomes is important. The CIO's contribution in making major 
business and technology decisions is increasingly recognized. 
So they are making progress.
    Mr. Putnam. Mr. Flyzik.
    Mr. Flyzik. Mr. Chairman, I believe the results are mixed 
all over the Government. I believe in some Government agencies 
you see CIOs making strategic decisions in part of every 
strategic process that takes place; I think in others we have a 
long way to go. I think in some agencies under secretaries, 
assistant secretaries view the CIO as someone that gets in the 
way and I need to find my way around that particular individual 
in order to get my programs done. All in all, though, I think 
we are moving in the right direction and I think hearings like 
these are a good way to keep the momentum on the move in that 
direction. I think culture change, sir, takes a long time. I 
know my life at Treasury, I believe it took, in my opinion, 
probably 10 years before we actually got into a true enterprise 
environment from the days it was first talked about to where 
everybody actually bought into a concept of an enterprise 
approach to very large programs. I think culture is going to 
take time, but I think we are moving in the right direction and 
I think we have to keep the pressure on and keep momentum 
moving in the right direction, and I applaud this subcommittee 
for being a catalyst in doing that.
    Mr. Putnam. Mr. Brubaker.
    Mr. Brubaker. Yes, I think the prior two speakers are 
right. It depends on the agency. Yes, in some cases; no in many 
others. But from my view, my experience in government, things 
seem to just be moving too slowly, and that is why I was 
particularly pleased to see the advocacy of the chief operating 
officer position in the GAO report. Maybe advocacy is too 
strong of a word, but they mentioned it, and I have seen it in 
the press and in some pronouncements out of GAO, where they 
seem to be advocating for a chief operating officer position 
that would be a term appointment with a contract that would 
lead that management team of the CIO and the CFO to really 
transform agencies. I think that is critical. I think you are 
still dealing with that industrial age bureaucracy, if you 
will, and we are expecting information age results out of it, 
and it just doesn't work.
    Mr. Putnam. Thank you all very much. I again apologize for 
cutting this short, but we are interested in hearing from all 
three panels before the meeting is broken up by votes.
    So at this time the subcommittee will recess to set up the 
third panel. Thank you all very much.
    [Recess.]
    Mr. Putnam. The third panel, I appreciate your patience and 
your willingness to come before the subcommittee. Please rise 
and raise your right hands for the administration of the oath.
    [Witnesses sworn.]
    Mr. Putnam. Note for the record that all the witnesses 
responded in the affirmative.
    Our first witness for this panel is Kim Nelson. Ms. Nelson 
is the Assistant Administrator for Environmental Information 
and Chief Information Officer at the EPA. Before joining EPA, 
Ms. Nelson served the Commonwealth of Pennsylvania for 22 
years. Notably, she was the first executive to hold the 
position of chief information officer in Pennsylvania's 
Department of Environmental Protection.
    Thank you for joining the subcommittee again. Your 
testimony is always very helpful. You are recognized for 5 
minutes.

   STATEMENTS OF KIMBERLY NELSON, ASSISTANT ADMINISTRATOR OF 
   ENVIRONMENTAL INFORMATION AND CHIEF INFORMATION OFFICER, 
     ENVIRONMENTAL PROTECTION AGENCY; STEVEN COOPER, CHIEF 
  INFORMATION OFFICER, DEPARTMENT OF HOMELAND SECURITY; VANCE 
HITCH, DEPUTY ASSISTANT ATTORNEY GENERAL, INFORMATION RESOURCES 
 MANAGEMENT AND CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF 
    JUSTICE; AND IRA HOBBS, DEPUTY ASSISTANT SECRETARY FOR 
 INFORMATION SYSTEMS AND CHIEF INFORMATION OFFICER, DEPARTMENT 
                        OF THE TREASURY

    Ms. Nelson. Thank you, Mr. Chairman. I appreciate the 
opportunity to return today and talk about some of the issues 
that are on your agenda today, particularly the role of the 
CIO. You have asked some important questions, and while I have 
answered those in my written testimony, I will just briefly 
touch on some of those as part of the oral testimony here 
today.
    First and foremost, I want to emphasize the fact that the 
chief information officer title has the word information in it, 
and that is important. What is also important is that the word 
technology is not there. And what I want to emphasize is the 
fact that it is the information component which I think is most 
important to the role that we play in our organizations. And 
while technology is important and we tend to talk a lot about 
IT and technology, the fact is that technology is only an 
enabler, and what you are looking for in a CIO is somebody who 
can really work with people and organizations to achieve 
results; and that takes a lot of work to work in concert with 
people and processes to make a difference in your organization.
    You have asked some questions about the responsibilities 
that are most critical for a Federal CIO. I was looking at this 
chart before the hearing began, and looked at all the 
responsibilities that were listed there. In my own testimony, I 
focused on those that are listed at the top as some of the most 
important ones, and I think that is supported by the chart. I 
would say, however, that the position I hold at EPA in fact 
includes all of those responsibilities in whole or in part, 
including the one at the bottom, statistical work. For 
instance, this last year my office, in conjunction with our 
Office of Research and Development, issued the first ever 
Report on the Environment. And again that is significant 
because it is the first time we were ever able to report to the 
American public what we know about the condition of the 
environment, and that is a way to use information to be able to 
demonstrate real results. Again, the focus being on how we use 
information.
    Reporting structure has been a topic today. I do think it 
is an important topic. I believe I am fortunate to have, 
frankly, one of the best positions in the entire Federal 
Government when it comes to the roles and responsibilities of a 
CIO. At EPA I report to the administrator through the deputy 
administrator. I have a position that is equal to the peers in 
my organization that manage the business units, the air office, 
the water office, the emergency response and waste office. So I 
sit at the table at the same level and with the same political 
appointment and confirmation by the Senate as the other people 
who are setting policy within the organization. I think that is 
important because if you look, frankly, at some of the most 
recent Gartner research, what it shows is that it is important 
to have that ability to sit at the table and have access to an 
understanding of the business of the organization. And, 
frankly, if I weren't at that same level, I would not be able 
to interact with those that are making business and policy 
decisions within the organization.
    When we talk about the duration, I, of course, am new to 
the Federal Government. I guess when you had your previous 
panel here, I am the first one speaking who actually came in as 
someone new to the Federal Government to have taken the CIO 
position. I had 22 years in State government; I actually held a 
very similar position in my agency shortly before I left there. 
I came into this position fully expecting to stay at least 3 
years, and in September will mark 3 years from the date I 
arrived and November will be 3 years from the date I was 
confirmed. And I expect it will take at least that amount of 
time to achieve some of the things I wanted to do when I came 
on board; and I cited a number of reasons why I think 3 years 
is important in my testimony that I submitted.
    Finally, some of the characteristics that are important to 
the CIO; you have already heard about vision, leadership, 
communication. They are all important. The bottom line is you 
have to be able to deliver results.
    And, last, the one point I want to make about the biggest 
challenge. The single biggest challenge, in my mind today, is 
the CIO's responsibility to manage enterprise-wide projects. We 
talked about some of those at a hearing earlier. The governance 
issues surrounding managing projects across agency are 
considerable, and we are treading new water here. We are 
breaking new ground, and it is critical we establish those 
processes for managing these governmentwide projects.
    So I will stop there and I will take questions later when 
you are ready. Thank you.
    [The prepared statement of Ms. Nelson follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.050
    
    [GRAPHIC] [TIFF OMITTED] 98209.051
    
    [GRAPHIC] [TIFF OMITTED] 98209.052
    
    [GRAPHIC] [TIFF OMITTED] 98209.053
    
    [GRAPHIC] [TIFF OMITTED] 98209.054
    
    [GRAPHIC] [TIFF OMITTED] 98209.055
    
    [GRAPHIC] [TIFF OMITTED] 98209.056
    
    [GRAPHIC] [TIFF OMITTED] 98209.057
    
    Mr. Putnam. Thank you.
    Our next witness is Steven Cooper. Mr. Cooper was appointed 
by President Bush to be the first CIO of the Department of 
Homeland Security. He and his team have responsibility for the 
information technology assets supporting 190 Federal employees 
of the 22 agencies now comprising the new department. Before 
joining Federal Government service, Mr. Cooper spent more than 
20 years in the private sector as an information technology 
professional.
    Welcome to the subcommittee. You are recognized, sir, for 5 
minutes.
    Mr. Cooper. Thank you, Mr. Chairman. It is indeed my 
pleasure to appear before you today and share a few views based 
upon nearly 30 years as an information technology professional, 
including the past 2\1/2\ in the Federal sector. I have served 
as the CIO of the Department of Homeland Security since its 
inception, and it has been a fairly significant learning curve 
for me coming into the Federal environment. There is, as you 
have heard from previous panelists, a significant amount of 
legislation and statutory requirements which, in a very short 
period of time, is fairly substantial to absorb. Therefore, I 
would argue that one of the primary responsibilities of any CIO 
is to ensure the optimal and appropriate use of information and 
to understand the legislative and statutory requirements that 
enable an agency to succeed and a CIO to be successful.
    A CIO must also act as an agent of change by guiding 
organizational and transformational and business process re-
engineering to most effectively meet the strategic and 
operational objectives of the agency. I would argue that the 
CIO is one of the very few individuals whose view of the agency 
is always horizontal. Every day we see not a vertical view of 
any particular business unit or organizational segment, but we 
are the people who are held accountable for understanding how 
all those moving parts and pieces that use information 
technology fit together. It is in that context that I do think 
that the placement of the CIO in the organization does become 
important.
    What is most important has been stated by my colleagues 
here on this panel and the previous panelists, and that is the 
seat at the business table is what is critical. The placement 
in the organization, simply put, the higher the level, the more 
that the placement kind of ensures the seat at the table. It 
doesn't automatically imply that a CIO cannot succeed if they 
do not report directly to the secretary. It makes it 
significantly more difficult the more levels that the 
individual is kind of down from the head of the agency, and you 
have to offset that by the time it takes to then build the 
credibility and gain the seat at the business table.
    With regard to roles and responsibilities, primarily the 
CIO is responsible for leading the use and application of all 
IT assets deployed across the department, and that includes 
both the human resources and the financial resources. That is 
what actually ensures the ability to use information 
effectively within the department. This is achieved, in my 
opinion, by guiding the department's development and use of 
enterprise architecture best practices, and they include 
obtaining senior management employee buy-in and involvement, 
demonstrating how IT can enable mission effectiveness and 
efficiency; guiding the proper choice of technology to meet 
mission goals; documenting and using portfolio management 
techniques that allow rapid decisionmaking regarding IT 
investment choices in very difficult times and also in a 
resource-constrained environment.
    As far as characteristics and qualifications that CIOs 
should possess, good business skills, business mission 
operation sense of what is going on in the agency, that is the 
credibility; good management skills, ability to lead change, 
working knowledge of IT gained from hands-on or practical 
experience, great communication skills, and most importantly, 
in my opinion, a sense of humor and a pretty tough skin. Guts 
are in there somewhere. We have to be able to place mission 
first and career second. We are held accountable for basically 
everything in the IT environment. And I will leave to my 
colleagues and previous panelists, and perhaps the question and 
answer period, how best to actually accomplish accountability, 
responsibility, and the blend thereof. I happen to think that a 
whole lot of it has to do with metrics and performance 
measures.
    In closing, I would simply like to say that the opportunity 
is unique at the moment inside the Department of Homeland 
Security simply because we are still in a startup mode, and a 
lot of what I face as a CIO in the Department of Homeland 
Security, I am envious of other CIOs who have a bit more 
stability and maturity to their organizations. So some of what 
my experience has been may not be reflective or may not be 
typical of what some of the other more mature departments and 
other Federal CIOs may face.
    I look forward to your questions.
    [The prepared statement of Mr. Cooper follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.058
    
    [GRAPHIC] [TIFF OMITTED] 98209.059
    
    [GRAPHIC] [TIFF OMITTED] 98209.060
    
    [GRAPHIC] [TIFF OMITTED] 98209.061
    
    Mr. Putnam. Thank you very much.
    Our next witness is Mr. Vance Hitch. Mr. Hitch serves as 
the Chief Information Office of the Department of Justice. He 
manages the Department's $1.7 billion IT program, overseeing 
management acquisition and integration of the Department's 
information resources. His oversight includes strategic 
planning, policy, capital planning, systems development, 
telecommunications, information security, data management, 
enterprise architecture, e-government, and user computing. 
Before coming to the Department of Justice, Mr. Hitch was a 
senior partner with Accensure. He has 28 years of experience in 
leading government organizations successfully through major 
change initiatives.
    Welcome to the subcommittee, sir. You are recognized.
    Mr. Hitch. Thank you, Mr. Chairman. I am pleased to be here 
to talk about my job and how it fits at the Department of 
Justice and the Federal community.
    As you have stated, I come from the outside, 27 years of 
outside experience managing large IT projects and major change 
programs, both in a variety of industries as well as 
government. I have been the CIO of the Department of Justice 
for 2 years this past April, so I already am senior to the 
average CIO, which is hard to believe.
    You asked a number of questions, responsibilities critical 
to my success. I believe my principal responsibility as a CIO 
is to create and lead an organization that will enable our 
mission accomplishment through technology. That is first and 
foremost my responsibility. And there is a lot of management 
responsibilities that go along with, but I view my job as 
mission accomplishment.
    At the Department of Justice I came upon a very 
decentralized organization, and, therefore, my job in 
accomplishing that mission was to more strongly coordinate from 
a central perspective the IT organization, and that has 
required major change. That was particularly important in the 
Department of Justice, since I came on board after September 11 
and a new mission had been created at the Department of 
Justice, and that was counterterrorism. So we really had to do 
things differently than we had done before, which was a burning 
platform for me; and I used that in terms of creating the 
organization that I needed to carry out what I view as my 
mission.
    Some of the key responsibilities that I have are those that 
are listed there on the chart by the GAO: obviously, enterprise 
architecture, IT investment management, security, IT human 
capital planning, and program oversight. And I think all of 
those are important, but I do think having a major impact on 
the IT budget is absolutely critical. Having the ability to 
start and stop projects, if necessary, is important. So I think 
those things are echoing what I have heard some of the other 
panelists say.
    One of the things that I did that is unique at the 
Department of Justice that I used as a platform to help create 
some of the change in carrying out my responsibilities was a 
program that we are now pursuing called the Law Enforcement 
Information Sharing Program. And initiated this program about a 
year ago as a way of bringing together our various law 
enforcement components who, as I said, grew up with strong 
cultures of their own and as a decentralized organization, to 
get them to better share information effectively. And that is 
particularly important in our counterterrorism as well as our 
law enforcement missions.
    The way I did that was by creating subgroups to deal with 
any policy changes we needed, any changes in our concept of 
operations, as well as technology; and out of that technology 
subgroup came what I call our strategic IT architecture for 
information sharing at the Department of Justice. We now have 
that as kind of the bible of what we are trying to do to 
achieve information sharing, and what I am doing is mapping all 
of the forty-some odd programs that we have and IT initiatives 
that we have that many of them came before I became CIO at the 
Department of Justice; they had their origins as stovepipe 
systems. I am sure you have heard that term. So it was my job 
to somehow fit them together.
    This IT information sharing architecture is what lets me do 
that, and I map into that architecture and then it basically 
allows me to identify the changes necessary in each IT program 
to achieve our overall information sharing goals. So that is 
one of the ways I have used enterprise architecture as a tool 
to help me achieve my mission.
    You wanted some comments, and you got lots of them from 
everybody, about the most important aspect of the reporting 
structure, and what is the most effective way that we can 
report. I will comment on what we have at the Department of 
Justice, which I think works very well. I will say that it was 
new with me coming on board, it did not exist prior to my 
coming on board as the CIO in April of 2 years ago.
    The reporting relationships that I have are I do report 
directly to the Attorney General on matters of IT policy and IT 
strategy, and I report to the Assistant Attorney General for 
administration on operational matters. I think reporting to the 
top of the organization is extremely important because I must 
be viewed at the same table and I must be viewed as a peer of 
the component heads, and those are the heads of the FBI, the 
heads of the Drug Enforcement Agency, the U.S. Marshals, all 
those major agencies within the Department of Justice. I must 
be viewed as somebody who can be their helper in making things 
happen at their agency and across the department in IT. And 
that is the only way that I will be able to achieve my mission 
of making IT a strategic enabler of our mission accomplishment, 
which is law enforcement and counterterrorism across the whole 
department.
    As part of my reporting responsibilities, I sit on the 
Strategic Advisory Council, which is chaired by the deputy 
attorney general, and that includes all the members of the 
largest components of the organization and deal with all 
strategic matters. Obviously, I sit on it as a representative 
of the IT interest of the whole department. I also sit on a 
council called the National Security Coordinating Council 
within the Department of Justice. It is composed of the 
component heads, once again, of the law enforcement agencies, 
and that enables me to get close to their business to make sure 
that I have my finger on the pulse of what is our mission and 
what we are trying to achieve from a law enforcement 
standpoint. So I think those are critical reporting 
relationships.
    Commenting on the duration, the term that is necessary. 
Basically, I believe 3 to 4 years is what is necessary to have 
a lasting impact. Actually, I do believe that I was effective 
almost immediately, and that is through having an impact on 
individual programs that were already underway. But given the 
fact that it takes at least 2 years to have an impact on the 
budget itself, because of the budgeting cycle in the Federal 
Government, to get those programs initiated and to make them 
real, it is going to take at least 3 to 4 years to have them 
implemented.
    Concerning the characteristics, I think you have heard a 
lot.
    Mr. Putnam. We will get to this in questions, but I do want 
to get to the testimony before we have votes, and your time has 
expired. So if you could just summarize for us, please, and 
then I will go to Mr. Hobbs.
    Mr. Hitch. OK.
    I don't think I have anything new to add in terms of 
characteristics of a CIO, except I do want to add one, which is 
persistence. You know, basically working in the Federal 
Government is a big bureaucracy; it takes a long time to 
accomplish things. I think you have to keep at it, go the extra 
mile, do whatever it takes to earn respect and confidence of 
the colleagues.
    Major challenges, I think my biggest one is culture change, 
because I said initially that we are going from a decentralized 
organization to one which is much more strongly centrally 
coordinated. The concept of a CIO was not there when I arrived, 
so making that culture change to become an effective CIO in 
that kind of organization is the biggest challenge that I face.
    [The prepared statement of Mr. Hitch follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.062
    
    [GRAPHIC] [TIFF OMITTED] 98209.063
    
    [GRAPHIC] [TIFF OMITTED] 98209.064
    
    [GRAPHIC] [TIFF OMITTED] 98209.065
    
    [GRAPHIC] [TIFF OMITTED] 98209.066
    
    Mr. Putnam. Thank you very much.
    Our next witness is Mr. Hobbs. Mr. Ira Hobbs is the 
Treasury Department's Chief Information Officer. Mr. Hobbs came 
to Treasury from the U.S. Department of Agriculture, where he 
has served as the Deputy Chief Information Officer for the past 
7 years. He has an extensive background in Federal policy 
development and information technology and program management, 
including a 22-year career at USDA.
    Welcome to the subcommittee, sir. You are recognized for 5 
minutes.
    Mr. Hobbs. Thank you. Mr. Chairman and members of the 
subcommittee, thank you for inviting me here today to discuss 
the roles and responsibilities of Federal chief information 
officers. With the current Clinger-Cohen Act as our guide, I 
have been one of many Federal executives working to improve our 
Government's management of our information and IT resources. 
While we still have many miles to go, I am proud of what, as a 
community, we have achieved, and I hope my perspective will add 
some value to our discussion this afternoon. Having already 
heard from so many experienced executives, I will keep my 
opening comments brief.
    I am honored to be here today representing the U.S. 
Department of the Treasury as its chief information officer. 
Prior to joining Treasury, I did serve as the Deputy Chief 
Information Officer of the Department of Agriculture, where I 
worked for 7 years under three different political CIOs.
    To be a successful Federal chief information officer, one 
must practice executive leadership, and have strong management 
and communication skills. Fundamentally, I believe these 
qualities are more important than having a strong technical 
background. The major challenges we face are not technical 
challenges; addressing and overcoming them requires seasoned 
and skilled leadership. Meeting these challenges also require 
support from the secretary's office, time to learn 
organizational business and culture, and to establish the 
relationships necessary to effectively implement change; 
prioritizing amongst the many competing responsibilities of a 
CIO; and, most importantly, directing and motivating employees 
and contractors who are the people every CIO relies on to get 
the job done and results achieved.
    In my experiences, some of the issues raised, such as the 
time required for CIOs to achieve transformation, are mitigated 
by having a strong deputy CIO. In addition to providing for 
continuity and complimenting the skills of a CIO, a good deputy 
CIO can shorten the learning curve of a new CIO and free the 
CIO to focus on high-priority outward-facing initiatives while 
the deputy CIO serves as the chief operating official 
internally, making sure that all of the trains are kept running 
and that they are kept running on time. This was the model 
during my tenure as deputy CIO at the Department of 
Agriculture, and I like to believe that it was a successful 
one.
    A large part of the progress we have made in recent years 
is due to the statutory framework laid out by Congress in the 
Clinger-Cohen Act and related legislation, the aggressive 
implementation of these laws by the Office of Management and 
Budget, and the continuing, maturing role of the Federal CIO.
    Thank you for the opportunity to be present today to 
present my thoughts, and I look forward to any questions that I 
might be able to answer.
    [The prepared statement of Mr. Hobbs follows:]
    [GRAPHIC] [TIFF OMITTED] 98209.067
    
    [GRAPHIC] [TIFF OMITTED] 98209.068
    
    [GRAPHIC] [TIFF OMITTED] 98209.069
    
    Mr. Putnam. Thank you very much. We appreciate all of your 
testimony and I am particularly pleased that we are were able 
to get through it without the votes interrupting us.
    For all of you, how do your offices interact with the other 
high-ranking officers in the agency, like the CFO, when making 
capital planning decisions? And we will begin with Ms. Nelson.
    Ms. Nelson. The partnership we have with the CFO is 
probably the most important partnership in the agency. We have 
set up a process since I have been at EPA as part of our 
investment and planning process where the deputy CIO and the 
deputy CFO oversee a committee made up of others throughout the 
agency that review our portfolio, and it is through that 
committee that is chaired by the two offices that the portfolio 
is approved and then ultimately comes to me for final approval. 
I work with the CFO to ensure that everything that is in that 
portfolio is accounted for in our budget. So no longer are we 
doing what we used to do, which is put business cases forward 
when funding didn't exist in the budget for those business 
cases.
    Mr. Cooper. In the Department of Homeland Security, under 
the under secretary for management, all of the CXOs, the chief 
administrative officer, the chief human capital officer, the 
chief procurement officer, the chief financial officer, chief 
information, we meet twice a week and basically are in lockstep 
on almost everything related to management, particularly the 
financial budget process, capital planning and investment. I 
would argue that within the department we have a very strong 
and every effective relationship with the other chiefs, and we 
will continue to mature those processes. It is also reflected 
in our investment review process, which we have introduced into 
the department.
    Mr. Putnam. Mr. Hitch.
    Mr. Hitch. At the Department of Justice , I report from an 
operational standpoint to the assistant attorney general for 
administration, to whom the controller reports. So I interact 
on a regular basis with the controller and the CFO. From a more 
form standpoint, I chair the IT investment management process 
and I invite as members both the controller and the assistant 
attorney general for administration to review all our IT 
projects in some level of detail as they are coming along. 
Also, in the budget process, which we go through, it seems 
like, all the time, but we are going through right now for the 
2006 budget year, I am involved in all of the budget 
deliberations about all of the IT budget items, both in the 
initial cuts as well as the final cut.
    Mr. Putnam. Mr. Hobbs.
    Mr. Hobbs. Being new to the Department of the Treasury, our 
relationship is evolving; however, to start out, we have both a 
chief financial officer and a budget officer. I have been 
involved in all of the 2006 budget preparations in terms of 
hearings by the deputy secretary with all of the major bureaus 
and asked to comment and provide feedback on proposals in that 
regard. The CFO and I have a relationship that we are starting 
to evolve as we look at our capital investments and our ongoing 
investments, and so I believe that we are on a firm footing to 
establish a very strategic and tactical relationship in terms 
of our reviewing the information technology budgets and 
performance of IT investments for the department.
    Mr. Putnam. Mr. Hobbs, you are relatively new to the 
Treasury, you said your relationship is still evolving, but 
tell us, if you would, were there major differences in process, 
procedures, and approach, the fusion of the CIO into management 
between the two Federal departments that you have now worked 
for?
    Mr. Hobbs. I think it is fair to say that they are 
different. At the Department of Agriculture the process was a 
lot more mature. The Department of Treasury has gone through a 
fairly large reorganization that has pulled a lot of that 
maturity out of its organizations. It is now being 
reformulated, but I think they are on a very positive path. We 
have some growing to do, we have some maturing to do, but the 
deputy secretary has established a process where we all have an 
equal seat at the table from a management perspective, and he 
expects us to work together for a common good in terms of how 
we deliver goods and services back to the citizens. That 
involves a very active engagement and role by the CIO in the 
budget and funding process of IT investments across the 
department.
    Mr. Putnam. Mr. Cooper, Mr. Hitch, let me ask you a twist 
on the same question. Both of you have extensive private sector 
experience, senior partner at Accensure. How dramatic a 
difference did you find between your work at the private sector 
for years and your career in the Federal world? Mr. Hitch 
first.
    Mr. Hitch. Well, it was pretty dramatic. I did have a taste 
of what it might be like because during my career I worked with 
the Federal Government on many major projects, as well as State 
and local governments, so I knew kind of what I was getting 
into, but you never really know for sure until you are there. 
And then going through the budget process is where you really 
learn how to operate in the Federal Government, I think, 
effectively. So it was a very big change, but I do think my 
background prepared me very well for the challenges that I 
face, because we are dealing with very large projects, we are 
dealing with culture change and major change programs, and as I 
said in my statement, having a business perspective is 
extremely important, because we are really managing a 
portfolio. And then I think also the process orientation that I 
bring, understanding the business processes, where you start. 
You don't start with the technology. I think really having that 
as a strong background really helps me be effective in my 
organization, because that is why I said my main job, I 
believe, is enabling the mission of the organization through 
technology.
    Mr. Putnam. Mr. Cooper.
    Mr. Cooper. Yes. Having served as a CIO in the private 
sector, it is, in my opinion, dramatically different. In the 
private sector the CIO was a member of the executive committee; 
there were basically about five or six people across the 
company, and those people effectively sat at the same table, 
heard all the same business decisions, participated in strategy 
vision development for the corporation. That is a little 
different than what I have experienced thus far in the 
Department of Homeland Security. Not a value judgment, just 
different.
    One of the things that was able to be done in the private 
sector, if business drivers or external events drove a change 
in the business plan of the corporation, the ability of 
basically the CIO to immediately reprioritize or reprogram or 
change the investment of assets or the direction of programs or 
something was in fact instantaneous. That is, again, a little 
bit different in the Federal sector; there are more people 
involved, it is a little bit lengthier process, honestly a 
little bit more convoluted for me in the learning curve type of 
situation.
    The other thing that plays out is that there was a more 
effective process to prioritize in the private sector across 
different business units. The way I would exemplify that, in 
the Department of Homeland Security I can tell you the top 10 
of each of our under secretaries and/or their major programs. 
Where I have a little bit more difficulty is determining which 
of all of those top 10 are in fact the department's top 10. 
Now, part of that is maturity, so this is not criticism. We are 
learning, we are shaping, we are putting processes and we are 
becoming more effective with each month that goes by. But that 
is a significant difference. Those three examples that I give 
you are significantly different than what I had experienced in 
the private sector.
    Mr. Putnam. Ms. Nelson, difference between State and 
Federal?
    Ms. Nelson. You know, I had the good fortune of having an 
almost identical position in an environmental agency in State 
government, so the transition here probably wasn't nearly as 
startling as it was for somebody simply coming in from the 
private sector. The roles, responsibilities, and reporting 
relationship were almost identical. What is different, and I 
tell everybody, are things like this. We didn't have anybody in 
the general assembly who really cared and held hearings. We 
didn't have anybody in our legislative and budget and finance 
committee, which is comparable to GAO, who cared and audited or 
wrote reports. We didn't have an inspector general who provided 
the kind of oversight that we often get here. And, in fact, we 
didn't have anything like a Clinger-Cohen Act. What we did, 
while it is almost identical to the roles and responsibilities 
I have now, we simply did because it was good government, and, 
consequently, we often did it without a lot of oversight like 
this.
    Mr. Putnam. You have heard the second panel of former CIOs, 
and like all good former Federal employees, they have an awful 
lot of bolder statements to make than perhaps they would have 
made had they still been on the payroll. What do you glean from 
what they have shared with this subcommittee, what lessons 
learned can you apply, particularly with respect to the 
questions that we have asked both panels, the turnover, the 
reporting to the top administrator? Most of you have touched on 
this, but if you would address it more fully, just if you would 
reflect on what they have said with regard to those and other 
matters that they raised.
    Mr. Hobbs, we will begin with you.
    Mr. Hobbs. And here I was waiting for you to come the other 
way.
    Mr. Putnam. Well, I like to keep people off guard.
    Mr. Hobbs. First with respect to the issue on turnover. I 
think that succession planning is an integral part of any 
manager's responsibility, for one never knows the moment, the 
hour, the day when a person will leave. I believe very strongly 
in the dual role of the CIO and the deputy CIO. My own 
experiences have demonstrated over 7 years I served under three 
different CIOs, yet our organization continued, I thought, to 
move forward and to function.
    I am not sure that going to term appointments means any 
more than going to politically appointed positions means any 
more than going to career appointed positions. I think it is 
inherently the responsibility of each manager to prepare for 
the organization in terms of when you are not there, not so 
much for while you are there. So I think succession planning is 
the key and I think that it is one of the missing elements that 
we have in the Federal Government in terms of how we prepared 
our organizations for transitions and transformations.
    I believe it is also very critical, when we talk about 
transformation, I hear people talking 3, 4, and 5 years. I 
believe the transformations come in succession. And what I mean 
by that is, as one of my colleagues here said today, it takes 
2\1/2\ years to effect a budget process. That is one form if 
transformation. It takes 2 or 3 years to impact people and 
culture. That is another form of transformation. The important 
thing is to establish an approach and a plan about how you are 
going to do it and then build in the succession planning models 
that allow your organization to function in your absence. I 
believe that is key and critical for us who are in government 
leading large organizations.
    Mr. Putnam. Mr. Hitch.
    Mr. Hitch. I do think turnover is an issue. I do think that 
turnover is an issue for CIOs everywhere, not just in the 
Federal Government. But I do think it is even more of an issue 
in the Federal Government. I think that it does take a while to 
have a lasting impact. I think you need to be effective early 
on and you can be effective on a lot of issues early on, but to 
have a lasting impact, to really change the culture, to really 
change the programs, to really bring in the people that are 
needed, at least in an organization that needs a lot of help 
when you first get there, is going to take a while to do. So I 
think turnover is an issue. I think the 3 to 4 year timeframe 
is realistic and perhaps even optimistic and aggressive, in 
terms of really getting something done, but I feel that is a 
good benchmark. It somewhat depends on the maturity and the 
depth of the organization you came in to run, if you are taking 
over. I came into an organization that didn't have a real CIO 
and didn't perform many of the Clinger-Cohen functions, so I 
had to create an organization, fill those positions. So I think 
that turnover is an issue depending on the stability and 
maturity of the CIO organization within the agency you are 
talking about.
    Mr. Putnam. Mr. Cooper.
    Mr. Cooper. I too would agree that I think turnover is an 
issue and it is important to be addressed. I would actually 
concur with what Mr. Hobbs said. I think the key points that he 
raised, deputy succession planning, are fundamental and 
critical success factors in addressing that.
    But I would offer one additional observation that I 
actually haven't heard mentioned in any of our three panels 
today. One of the things that I have observed in a relatively 
short period of time, so I have no data beyond about 2, 2\1/2\ 
years, the lure of the private sector for skilled and seasoned 
chief information officers out of the Federal Government is 
very, very significant. One of the things that obviously plays 
a role in that is kind of the overall ability of the Federal 
environment to compensate and incent and reward not just chief 
information officers, but key career individuals across the 
Federal Government. I would suggest that perhaps over time that 
might be something that could be explored through surveys or 
appropriate bodies to explore how much does compensation and 
incentives play a role in decisions to leave the Federal 
Government from a CIO position.
    Ms. Nelson. In preparation for today's hearing, I actually 
brushed up on some long overdue reading and research, and while 
most of it confirmed my own suspicions, there was one thing 
that I found very surprising, and it was a Gartner survey of 
CEOs across the country. In response to a question about 
transformation, they cited two things that most often get in 
the way of transformation. The first was culture, and we have 
talked about that on several occasions. The second, 
interestingly enough, was IT, both technology and their 
technology organizations, their IT organizations. They cited 
them as often being slow, cumbersome, risk adverse, and getting 
in the way of the changes they want to make.
    That being the case, and in combination with another survey 
that was done of what are the characteristics most exhibited by 
successful government CIOs, one of those characteristics was 
the fact that the CEO of the organization selected the CIO. And 
I think those two go hand in hand to paint the picture that I 
agree with. I believe a CIO can best serve the organization if 
they are political, because that means they are sitting with 
the most senior leadership in the organization. In most 
agencies, the senior leadership is political; the cabinet head, 
the deputy secretary. So in order to be able to sit at the 
table to truly understand the business, the strategy, and the 
policies of the organization, I do think you need a political 
CIO.
    I agree with Ira that you are going to have turnover. I 
don't think the turnover of political CIOs is all that much 
different than the turnover of political appointees in general. 
So we just need to accept the fact that you are going to have 
turnover, just like the Army accepts the fact that you can 
bring people in for a couple of years and train them and put 
them back out when there is a draft. Accept the fact and have a 
strong deputy CIO, have a strong transition planning process, 
and I think those two things combined can oftentimes achieve 
the greatest results, because the CIO is close to the CEO, or 
in government case, a deputy secretary or agency head, 
understands the demands, understands they have a short time 
period, and they will push for change.
    Mr. Putnam. Mr. Cooper, you raised the issue of 
compensation, which is a fair one to raise. I had been raising 
the issue of accountability on the negative side. Compensation 
is certainly an appropriate thing to bring up on the positive 
side, on the encouragement, incentivizing side. It does raise a 
number of interesting questions. For example, in Department of 
Homeland Security, your department's budget is what?
    Mr. Cooper. For IT or overall? Overall it is about $40 
billion.
    Mr. Putnam. And for IT?
    Mr. Cooper. About 10 percent, about 4.2 of that.
    Mr. Putnam. So slightly larger than most of the private 
sector companies----
    Mr. Cooper. That is correct.
    Mr. Putnam [continuing]. That are attracting a lot of our 
talent and paying them substantially more. I hate to ask you to 
solve the question that you raised, but recognizing that it is 
a legitimate issue, how do we arrange a schedule that is 
commensurate with running the Department of Defense, running 
the Department of Homeland Security or running the Department 
of Justice or Treasury? Of course, I think Mr. Hobbs just goes 
out to the printer in the back room and pulls a few sheets of 
or something like that to take care of the Christmas bonus. But 
if you don't work in that department, how do we compensate 
people and compete with the private sector, knowing what people 
would be worth in the private sector for far less 
responsibility than what you carry?
    Mr. Cooper. Mr. Chairman, would you allow me to think on 
this for a week and get back to you?
    Mr. Putnam. I would.
    Mr. Cooper. I don't have a good answer. I am not trying to 
duck the question at all; it is one that we really have talked 
about a fair amount in the department. We simply just don't 
have a real effective answer yet. There is perhaps a model that 
might serve. I know, for example, that in the Department of 
Veterans Affairs physicians actually are on slightly different 
pay scales; they are able to pay higher than just what I think 
of as the GS pay scale. I also know that in our own department 
there are some incentives around our scientists for, 
specifically, the reason that we have to compete with the 
universities and the research institutes across the United 
States. Those might serve as models for key technical personnel 
in the Federal Government. But if you allow me to give it a 
little bit more thought, I would like to comment.
    Mr. Putnam. Sure. And there is an entire commission working 
on it. I think this is what somebody gave Paul Volcker the job 
of going and solving this problem. It is a legitimate issue, 
but there are no easy answers considering the system of 
government that we have.
    Mr. Hitch, what brought you into public service? What 
brought you into the public sector, coming from where you were?
    Mr. Hitch. Yes, I kind of went in the reverse direction 
from what we find in many of the CIOs who spend a long time 
career in the Government and then went outside. Frankly, I came 
to the Department of Justice to make something happen that I 
would hope would help the national security of the country. And 
I think that goal is something that is real, the desire to do 
public service, just like people in Congress or anything else; 
you are here to do public service. It is especially hard on 
CIOs because there is such a huge disparate pay scale, and the 
draw of the counterparts in the private sector funds that work 
for us who make multiples. So I think a different pay schedule, 
something like Steve was talking about, may be helpful.
    I do think we do need to solve better, I think, the problem 
of just accountability and responsibilities, because I hear it 
in a lot of private discussions among CIOs, and I also have 
experience in some of the components within Justice who brought 
people in from the outside, very, very accomplished CIOs who 
were on the outside, who came in basically because of changes 
in culture and not able to adapt quickly enough to the culture, 
an inability to make something happen in a realtime basis, 
which is different in the Federal Government from the private 
sector. You can make things happen faster in the private 
sector, that is why I made the comment about persistence.
    So I think the reporting relationships are important, 
because that is what enables you to make something happen in 
more of a reasonable time. It is going to take longer in the 
government than it does in the private sector, but if you 
aren't positioned properly in the organization and don't have 
enough credibility and are viewed as a peer by the people that 
you need to influence strongly in order to be effective, it is 
a disincentive, so that is a reason a lot of people leave.
    Mr. Putnam. I would like to give our panelists an 
opportunity for closing comments as we wind this down. Give us 
the answer to the question you wish you had been asked or final 
thoughts, whatever you choose, beginning with Ms. Nelson. And, 
Mr. Hobbs, you are going to get the last word for us. So, Ms. 
Nelson, you are recognized.
    Ms. Nelson. The day is late, everybody is tired, I am sure, 
so I have said everything I needed to say or someone else has 
said it. So thank you for the opportunity.
    Mr. Putnam. Beautifully spoken.
    Mr. Cooper.
    Mr. Cooper. That is tough to follow, but I would echo the 
same thing. Thank you.
    Mr. Putnam. Mr. Hitch.
    Mr. Hitch. I am not going to delay this any more.
    Mr. Putnam. You all act like it is excruciating.
    Mr. Hobbs. I guess, Congressman, the last word does come to 
me. I think it important, from my perspective, that the role of 
the Federal CIO continues to be examined, and certainly applaud 
you for the work that you have done within our community in the 
last couple of years and continue to ask us to raise the bar in 
terms of performance and in terms of accountability and in 
terms of results. But I also point out sometimes that when we 
are called, it seems as if we are islands unto ourselves, that 
we somehow are responsible for everything. And so I simply 
point out what an old friend has always said to me: it is more 
about the team than it is about the individual. And that team 
is both the management group across the department, as well as 
the organization that CIOs build. So sometimes I think it 
important to examine team performance just as closely as we 
look at the CIO's role. We hope sometimes to have more 
authority and more responsibility than we actually have. So I 
applaud you for your effort, but I also point out the team is 
smarter than any one individual is ever going to be in terms of 
improving the economy and the efficiency of government, and 
that is where I believe the proof of the pudding truly lies, 
with the team.
    Mr. Putnam. Thank you very much. I appreciate the testimony 
of all of our witnesses, and in the event that there may be 
additional questions we did not have time for today, the record 
will remain open for 2 weeks for submitted questions and 
answers.
    This meeting is adjourned.
    [Whereupon, at 5 p.m., the subcommittee was adjourned, to 
reconvene at the call of the Chair.]
    [Additional information submitted for the hearing record 
follows:]
[GRAPHIC] [TIFF OMITTED] 98209.070