Federal Chief Information Officer: Leadership Needed to Confront Serious
Challenges and Emerging Issues (Testimony, 09/12/2000,
GAO/T-AIMD-00-316).

Pursuant to a congressional request, GAO discussed the creation of a
federal chief information officer (CIO), focusing on the: (1) structure
and responsibilities of existing state and foreign governmentwide CIO
models; (2) federal CIO approaches proposed by two bills; and (3) type
of leadership responsibilities that a federal CIO should possess.

GAO noted that: (1) GAO has not evaluated the effectiveness of state and
foreign government CIOs or equivalent positions--however, these
positions appear to apply some of the same principles outlined in GAO's
CIO executive guide; (2) state CIO are usually in charge of developing
statewide information technology (IT) plans and approving statewide IT
standards, budgets, personnel classifications, salaries, and resource
acquisitions; (3) national governments in other countries have also
established a central IT coordinating authority and have different
implementation approaches in doing so; (4) Congress is considering
legislation to establish a federal CIO; (5) two proposals--H.R. 4670,
the Chief Information Officer of the United States Act of 2000, and H.R.
5024, the Federal Information Policy Act of 2000--share a common call
for central IT leadership from a federal CIO, although they differ in
how the roles, responsibilities, and authorities of the position would
be established; (6) regardless of approach, strong and effective central
information resources and technology management leadership is needed in
the federal government; (7) a central focal point such as a federal CIO
can play the essential role of ensuring that attention in these areas is
sustained; (8) although the respective departments and agencies should
have the primary responsibility and accountability to address their own
issues--and both bills maintain these agency roles--central leadership
has the responsibility to keep everybody focused on the big picture by
identifying the agenda of governmentwide issues needing attention and
ensuring that related efforts are complementary rather than duplicative;
(9) another task facing central leadership is serving as a catalyst and
strategist to prompt agencies and other critical players to come to the
table and take ownership for addressing the agenda of governmentwide
information resources and technology management issues; (10) a federal
CIO could provide sponsorship, direction, and sustained focus on the
major challenges the government is facing in areas such as critical
infrastructure protection and security, e-government, and large-scale IT
investments; and (11) consensus has not been reached within the federal
community on the need for a federal CIO.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-00-316
     TITLE:  Federal Chief Information Officer: Leadership Needed to
	     Confront Serious Challenges and Emerging Issues
      DATE:  09/12/2000
   SUBJECT:  Information resources management
	     Centralization
	     Chief information officers
	     Proposed legislation
	     Strategic information systems planning
	     Foreign governments
	     Computer security
	     Productivity in government
IDENTIFIER:  Australia
	     United Kingdom
	     Canada

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO/T-AIMD-00-316
For Release on Delivery Expected at 10 a. m. EDT Tuesday, September 12, 2000

GAO/ T- AIMD- 00- 316

FEDERAL CHIEF INFORMATION OFFICER

Leadership Needed to Confront Serious Challenges and Emerging Issues

Statement of David L. McClure Associate Director, Governmentwide and Defense
Information Systems Accounting and Information Management Division Testimony

Before the Subcommittee on Government Management, Information and
Technology, Committee on Government Reform, House of Representatives

United States General Accounting Office

GAO

Page 1 GAO/ T- AIMD- 00- 316

Mr. Chairman and Members of the Subcommittee: It is a pleasure to be here to
participate in today's hearing on establishing a federal chief information
officer (CIO). As you know, the rapid pace of technological change and
innovation has offered unprecedented opportunities for both the government
and commercial sectors to use information technology (IT) to improve
operational performance, reduce costs, and enhance service responsiveness to
citizens and consumers. Yet at the same time, a range of issues have emerged
about how to best manage and integrate complex information technologies and
management processes so that they are aligned with mission goals, strategies
and objectives.

In 1999 we issued a series of reports- our Performance and Accountability
Series- that describe management challenges confronting individual agencies
and the government as a whole. 1 One of the many challenges facing the
government is effectively using information technology to help achieve
program results. Since 1990, we have also periodically reported on
government operations that we have assessed as high risk because of their
greater vulnerability to waste, fraud, abuse, or mismanagement. In the
information resources and technology management area, we have designated
information security 2 and four agency IT modernization efforts as high
risk. 3

The government has made improvements in its IT management, such as updating
policies and guidance to reflect best practices. Moreover, agencies are
responding with concerted actions to effectively address critical IT
management shortcomings. Nevertheless, our work shows that agencies continue
to be challenged by (1) fundamental weaknesses in information technology
investment selection and management control processes, (2) slow progress in
designing and implementing information technology architectures, (3)
inadequate or immature software development, cost estimating, and systems
acquisition practices, (4) the need to build effective chief information
officer leadership and organizations, and (5) significant computer security
weaknesses.

1 Major Management Challenges and Program Risks: An Executive Summary( GAO/
OCG- 99- ES, February 1999) provides an overview of this series. 2 Beginning
in 1997, we also designated the Year 2000 computing challenge as a high-
risk area.

3 High- Risk Series: An Overview( GAO/ HR- 95- 1, February 1995), High- Risk
Series: Information Management and Technology( GAO/ HR- 97- 9, February,
1997), and High- Risk Series: An Update (GAO/ HR- 99- 1, January 1999).

Page 2 GAO/ T- AIMD- 00- 316

Sustained and focused central leadership is key to improving the federal IT
performance track record. Two legislative proposals for helping achieve such
leadership have been introduced by members of this Subcommittee– H. R.
4670, the Chief Information Officer of the United States Act of 2000,
introduced by Representative Turner; and H. R. 5024, the Federal Information
Policy Act of 2000, introduced by Representative Davis.

In my remarks today, I will

briefly describe the background of the federal government's current
information resources and technology management framework,

briefly explain the structure and responsibilities of existing state and
foreign governmentwide CIO models,

discuss the federal CIO approaches proposed by the two bills, and

discuss the type of leadership responsibilities that we believe a federal
CIO should possess.

The federal government's information resources and technology management
structure has its foundation in six laws: the Federal Records Act, the
Privacy Act of 1974, the Computer Security Act of 1987, the Paperwork
Reduction Act of 1995, 4 the Clinger- Cohen Act of 1996, and the Government
Paperwork Elimination Act of 1998. Taken together, these laws largely lay
out the information resources and technology management responsibilities of
the Office of Management and Budget (OMB), federal agencies, and other
entities, such as the National Institute of Standards and Technology.

In general, under the government's current legislative framework, OMB is
responsible for providing direction on governmentwide information resources
and technology management and overseeing agency activities in these areas,
including analyzing major agency information technology investments. Among
OMB's responsibilities are

ensuring agency integration of information resources management plans,
program plans, and budgets for acquisition and use of information

4 The Paperwork Reduction Act of 1995 revised the information resources
management responsibilities established under the Paperwork Reduction Act of
1980, as amended in 1986. Background

Page 3 GAO/ T- AIMD- 00- 316

technology and the efficiency and effectiveness of interagency information
technology initiatives;

developing, as part of the budget process, a mechanism for analyzing,
tracking, and evaluating the risks and results of all major capital
investments made by an executive agency for information systems; 5

directing and overseeing implementation of policy, principles, standards,
and guidelines for the dissemination of and access to public information;

encouraging agency heads to develop and use best practices in information
technology acquisition;

reviewing proposed agency information collections to minimize information
collection burdens and maximize information utility and benefit; and

developing and overseeing implementation of privacy and security policies,
principles, standards, and guidelines.

Agencies, in turn, are accountable for the effective and efficient
development, acquisition, and use of information technology in their
organizations. For example, the Paperwork Reduction Act of 1995 and the
Clinger- Cohen Act of 1996 require agency heads, acting through agency CIOs,
to

better link their information technology planning and investment decisions
to program missions and goals;

develop and implement a sound information technology architecture;

implement and enforce information technology management policies,
procedures, standards, and guidelines;

establish policies and procedures for ensuring that information technology
systems provide reliable, consistent, and timely financial or program
performance data; and

implement and enforce applicable policies, procedures, standards, and
guidelines on privacy, security, disclosure, and information sharing.

5 This responsibility is in addition to OMB's role in assisting the
President in reviewing agency budget submissions and compiling the
President's budget, as discussed in 31 U. S. C. Chapter 11.

Page 4 GAO/ T- AIMD- 00- 316

Another important organization in federal information resources and
technology management- the CIO Council- was established by the President in
July 1996. Specifically, Executive Order 13011 established the CIO Council
as the principal interagency forum for improving agency practices on such
matters as the design, modernization, use, sharing, and performance of
agency information resources. The Council, chaired by OMB's Deputy Director
for Management with a Vice Chair selected from among its members, is tasked
with (1) developing recommendations for overall federal information
technology management policy, procedures, and standards, (2) sharing
experiences, ideas, and promising practices, (3) identifying opportunities,
making recommendations for, and sponsoring cooperation in using information
resources, (4) assessing and addressing workforce issues, (5) making
recommendations and providing advice to appropriate executive agencies and
organizations, and (6) seeking the views of various organizations. Because
it is essentially an advisory body, the CIO Council must rely on OMB's
support to see that its recommendations are implemented through federal
information management policies, procedures, and standards. With respect to
Council resources, according to its charter, OMB and the General Services
Administration are to provide support and assistance, which can be augmented
by other Council members as necessary.

CIOs or equivalent positions exist at the state level and in other
countries, although no single preferred model has emerged. The specific
roles, responsibilities, and authorities assigned to the CIO or CIO- type
position vary, reflecting the needs and priorities of the particular
government. This is consistent with research presented in our Executive
Guide: Maximizing the Success of Chief Information Officers- Learning from
Leading

Organizations, 6 which points out that there is no one right way to
establish a CIO position and that leading organizations are careful to
ensure that information management leadership positions are appropriately
defined and implemented to meet their unique business needs.

Regardless of the differences in approach, the success of a CIO will
typically rest on the application of certain fundamental principles. While
our executive guide was specifically intended to help individual federal
agencies maximize the success of their CIOs, several of the principles
outlined in the guide also apply to the establishment of a governmentwide
CIO. In particular, our research of leading organizations demonstrated that
it is important for the organization to employ enterprisewide leaders who

6 GAO/ AIMD- 00- 83, Exposure Draft, March 2000. State and Foreign

Government CIO Models Exist But Approaches Vary

Page 5 GAO/ T- AIMD- 00- 316

embrace the critical role of information technology and reach agreement on
the CIO's leadership role. Moreover, the CIO must possess sufficient stature
within the organization to influence the planning process.

We have not evaluated the effectiveness of state and foreign government CIOs
or equivalent positions; however, these positions appear to apply some of
these same principles. With respect to the states, according to the National
Association of State Information Resource Executives, the vast majority have
senior executives with statewide authority for IT. State CIOs are usually in
charge of developing statewide IT plans and approving statewide technical IT
standards, budgets, personnel classifications, salaries, and resource
acquisitions although the CIO's authority depends on the specific needs and
priorities of the governors. Many state CIOs report directly to the state's
governor with the trend moving in that direction. In some cases, the CIO is
guided by an IT advisory board. As the president of the National Association
of State Information Resource Executives noted in prior testimony before
this Subcommittee, “IT is how business is delivered in government;
therefore, the CIO must be a party to the highest level of business
decisions . . . [and] needs to inspire the leaders to dedicate political
capital to the IT agenda.” 7

National governments in other countries have also established a central
information technology coordinating authority and, like the states, have
used different implementation approaches in doing so. Preliminary results of
a recent survey conducted by the International Council for Information
Technology in Government Administration indicate that 8 of 11 countries
surveyed have a governmentwide CIO, although the structure, roles, and
responsibilities varied. Let me briefly describe the approaches employed by
three foreign governments to illustrate this variety.

Australia's Department of Communications, Information Technology and the
Arts has responsibility for, among other things, (1) providing strategic
advice and support to the government for moving Australia ahead in the
information economy and (2) developing policies and procedures and helping
to coordinate crosscutting efforts toward e- government.

The United Kingdom's Office of the E- Envoy acts in a capacity analogous to
a “national government” CIO in that it works to coordinate
activities across government and with public, private, and international
groups to

7 Testimony of Otto Doll, President, National Association of State
Information Resource Executives before the U. S. House of Representatives,
Committee on Government Reform, Subcommittee on Government Management,
Information and Technology, March 24, 2000.

Page 6 GAO/ T- AIMD- 00- 316

(1) develop a legal, regulatory and fiscal environment that facilitates
ecommerce, (2) help individuals and businesses take full advantage of the
opportunities provided by information and communications technologies, (3)
ensure that the government of the United Kingdom applies global best
practices in its use of information and communications technologies, and (4)
ensure that government and business decisions are informed by reliable and
accurate e- commerce monitoring and analysis.

Canada's Office of the CIO is contained within the Treasury Board
Secretariat, a crosscutting organization whose mission is to manage the
government's human, financial, information, and technology resources. The
CIO is responsible for determining and implementing a strategy that will
accomplish governmentwide IT goals. Moreover, the CIO is to (1) provide
leadership, coordination and broad direction in the use of IT; (2)
facilitate enterprisewide solutions to crosscutting IT issues; and (3) serve
as technology strategist and expert adviser to Treasury Board Ministers and
senior officials across government. The CIO also develops a Strategic
Directions document that focuses on the management of critical IT,
information management, and service delivery issues facing the government.
This document is updated regularly and is used by departments and agencies
as a guide.

While these countries' approaches differ in terms of specific CIO or CIOtype
roles and responsibilities, in all cases the organization has responsibility
for coordinating governmentwide implementation of egovernment and providing
leadership in the development of the government's IT strategy and standards.

As you know, the Congress is currently considering legislation to establish
a federal CIO. Specifically, two proposals before this Subcommittee- H. R.
4670, the Chief Information Officer of the United States Act of 2000, and H.
R. 5024, the Federal Information Policy Act of 2000- share a common call for
central IT leadership from a federal CIO, although they differ in how the
roles, responsibilities, and authorities of the position would be
established.

Several similarities exist in the two bills:

Both elevate the visibility and focus of information resources and
technology management by establishing a federal CIO who (1) is appointed by
the President with the advice and consent of the Senate, (2) reports
directly to the President, (3) is a Cabinet- level official, and (4)
provides central leadership. The importance of such high level visibility
Proposed Legislation

Provides a Stronger Central Focus to the Government's Management of
Information Technology

Page 7 GAO/ T- AIMD- 00- 316

should not be underestimated. Our studies of leading public and
privatesector organizations have found that successful CIOs commonly are
full members of executive management teams. 8

Both leave intact OMB's role and responsibility to review and ultimately
approve agencies' information technology funding requests for inclusion in
the President's budget submitted to the Congress each year. However, both
require the federal CIO to review and recommend to the President and the
Director of OMB changes to the IT budget proposals submitted by agencies. As
we have previously testified before your Subcommittee, an integrated
approach to budgeting and feedback is absolutely critical for progress in
government performance and management. 9 Certainly, close coordination
between the federal CIO and OMB would be necessary to coordinate the CIO's
technical oversight and OMB's budget responsibilities.

Finally, both bills establish the existing federal CIO Council in statute.
Just as with the Chief Financial Officers' Council, there are important
benefits associated with having a strong statutory base for the CIO Council.
Legislative foundations transcend presidential administrations, fluctuating
policy agendas, and the frequent turnover of senior appointees in the
executive branch. Having congressional consensus and support for the Council
helps ensure continuity of purpose over time and allows constructive
dialogue between the two branches of government on rapidly changing
management and information technology issues before the Council. Moreover,
as prime users of performance and financial information, having the Council
statutorily based can help provide the Congress with an effective oversight
tool in gauging the progress and impact of the Council on advancing
effective involvement of agency CIOs in governmentwide IT initiatives.

The two bills also set forth duties that are consistent with, and expand
upon, the duties of the current CIO Council. For example, the Council would
be responsible for coordinating the acquisition and provision of common
infrastructure services to facilitate communication and data exchange among
agencies and with state, local, and tribal governments.

8 Executive Guide: Improving Mission Performance Through Strategic
Information Management and Technology( GAO/ AIMD- 94- 115, May 1994) and
GAO/ AIMD- 00- 83, Exposure Draft, March 2000. 9 Office of Management and
Budget: Future Challenges to Management( GAO/ T- GGD/ AIMD- 00- 141, April
7, 2000).

Page 8 GAO/ T- AIMD- 00- 316

While the bills have similarities, as a result of contrasting approaches,
the two bills have major differences. In particular, H. R. 5024 vests in the
federal CIO the information resources and technology management
responsibilities currently assigned to OMB as well as oversight of related
activities of the General Services Administration and promulgation of
information system standards developed by the National Institute of
Standards and Technology. On the other hand, H. R 4670 generally does not
change the responsibilities of these agencies; instead it calls on the
federal CIO to advise agencies and the Director of OMB and to consult with
nonfederal entities, such as state governments and the private sector.

Appendix I provides more detail on how information resources and technology
management functions granted to the federal CIO compare among the two bills,
and with OMB's current responsibilities.

Let me turn now to a few implementation issues associated with both of these
bills. One such issue common to both is that effective implementation will
require that appropriate presidential attention and support be given to the
new federal CIO position and that adequate resources, including staffing and
funding, be provided. As discussed below, each bill likewise has unique
strengths and challenges.

H. R. 4670: This bill creates an Office of Information Technology within the
Executive Office of the President, headed by a federal CIO, with a limit of
12 staff. Among the duties assigned to the CIO are (1) providing leadership
in innovative use of information technology, (2) identifying opportunities
and coordinate major multi- agency information technology initiatives, and
(3) consulting with leaders in information technology management in state
governments, the private sector, and foreign governments. OMB's statutory
responsibilities related to information resources and technology management
would remain largely unchanged under this bill.

One strength of this bill is that it would allow a federal CIO to focus
fulltime attention on promoting key information technology policy and
crosscutting issues within government and in partnership with other
organizations without direct responsibility for implementation and
oversight, which would remain the responsibility of OMB and the agencies.
Moreover, the federal CIO could promote collaboration among agencies on
crosscutting issues, adding Cabinet- level support to efforts now initiated
and sponsored by the CIO Council. Further, the federal CIO could establish
and/ or buttress partnerships with state, local, and tribal governments, the
private sector, or foreign entities. Such partnerships were key to the
government's Year 2000 (Y2K) success and could be

Page 9 GAO/ T- AIMD- 00- 316

essential to addressing other information technology issues, such as
critical infrastructure protection, since private- sector systems control
most of our nation's critical infrastructures (e. g., energy,
telecommunications, financial services, transportation, and vital human
services).

A major challenge associated with H. R. 4670's approach, on the other hand,
is that federal information technology leadership would be shared. While the
CIO would be the President's principal adviser on these issues, OMB would
retain critical statutory responsibilities in this area. For example, both
the federal CIO and OMB would have a role in overseeing the government's IT
and interagency initiatives. Certainly, it would be crucial for the OMB
Director and the federal CIO to mutually support each other and work
effectively together to ensure that their respective roles and
responsibilities are clearly communicated. Without a mutually constructive
working relationship with OMB, the federal CIO's ability to achieve the
potential improvements in IT management and cross- agency collaboration
would be impaired.

H. R. 5024: This bill establishes an Office of Information Policy within the
Executive Office of the President and headed by a federal CIO. The bill
would substantially change the government's existing statutory information
resources and technology management framework because it shifts much of
OMB's responsibilities in these areas to the federal CIO. For example, it
calls for the federal CIO to develop and oversee the implementation of
policies, principles, standards, and guidance with respect to (1)
information technology, (2) privacy and security, and (3) information
dissemination.

A strength of this approach would be the single, central focus for
information resources and technology management in the federal government. A
primary concern we have with OMB's current structure as it relates to
information resources and technology management is that, in addition to
their responsibilities in these areas, both the Deputy Director for
Management and the Administrator of the Office of Information and Regulatory
Affairs (OIRA) have other significant duties, which necessarily restrict the
amount of attention that they can give to information resources and
technology management issues. 10 For example, much of OIRA is staffed to act
on 3,000 to 5,000 information collection requests from agencies per year,
review about 500 proposed and final rules each

10 While OMB's Director is responsible for these functions, they have
generally been delegated to the Office of Information and Regulatory
Affairs, which reports to the Deputy Director for Management.

Page 10 GAO/ T- AIMD- 00- 316

year, and to calculate the costs and benefits of all federal regulations. A
federal CIO, like agency CIOs, should be primarily concerned with
information resources and technology management. This bill would clearly
address this concern.

Another important strength of H. R. 5024 is that the federal CIO would be
the sole central focus for information resources and technology management
and could be used to resolve potential conflicts stemming from conflicting
perspectives or goals within the executive branch agencies.

In contrast, a major challenge associated with implementing H. R. 5024 is
that by removing much of the responsibility for information resources and
technology management from OMB, the federal CIO could lose the leverage
associated with OMB's budget- review role. A strong linkage with the budget
formulation process is often a key factor in gaining serious attention for
management initiatives throughout government, and reinforces the priorities
of federal agencies' management goals.

Regardless of approach, we agree that strong and effective central
information resources and technology management leadership is needed in the
federal government. A central focal point such as a federal CIO can play the
essential role of ensuring that attention in these areas is sustained.
Increasingly, the challenges the government faces are multidimensional
problems that cut across numerous programs, agencies, and governmental
tools. Although the respective departments and agencies should have the
primary responsibility and accountability to address their own issues- and
both bills maintain these agency roles- central leadership has the
responsibility to keep everybody focused on the big picture by identifying
the agenda of governmentwide issues needing attention and ensuring that
related efforts are complementary rather than duplicative. Another task
facing central leadership is serving as a catalyst and strategist to prompt
agencies and other critical players to come to the table and take ownership
for addressing the agenda of governmentwide information resources and
technology management issues.

In the legislative deliberations on the Clinger- Cohen Act, we supported
strengthened central management through the creation of a formal CIO Central
and Effective

Federal Information Resources and Technology Management Leadership Is Needed

Page 11 GAO/ T- AIMD- 00- 316

position for the federal government. 11 A CIO for the federal government
could provide a strong, central point of coordination for the full range of
governmentwide information resources management and technology issues,
including (1) reengineering and/ or consolidating interagency or
governmentwide process and technology infrastructure; (2) managing shared
assets; and (3) evaluating attention, progress evaluations, and assistance
provided to high- risk, complex information systems modernization efforts.

In particular, a federal CIO could provide sponsorship, direction, and
sustained focus on the major challenges the government is facing in areas
such as critical infrastructure protection and security, e- government, and
large- scale IT investments. For example, to be successful, e- government
initiatives designed to improve citizen access to government must overcome
some of the basic challenges that have plagued information systems for
decades – lack of executive level sponsorship, involvement, and
controls; inadequate attention to business and technical architectures;
adherence to standards; and security. In the case of e- government, a CIO
could (1) help set priorities for the federal government; (2) ensure that
agencies consider interagency web site possibilities, including how best to
implement portals or central web access points that provide citizens access
to similar government services; and (3) help establish funding priorities,
especially for crosscutting e- government initiatives.

The government's success in combating the Year 2000 problem demonstrated the
benefit of strong central leadership. As our Year 2000 lessons learned
report being released today makes clear, the leadership of the Chair of the
President's Council on Year 2000 Conversion was invaluable in combating the
Year 2000 problem. 12 Under the Chair's leadership, the government's actions
went beyond the boundaries of individual programs or agencies and involved
governmentwide oversight, interagency cooperation, and cooperation with
partners, such as state and local governments, the private sector, and
foreign governments.

It is important to maintain this same momentum of executive- level attention
to information management and technology decisions within the

11 Improving Government: Actions Needed to Sustain and Enhance Management
Reforms( GAO/ T- OCG- 94- 1, January 27, 1994), Government Reform: Using
Reengineering and Technology to Improve Government Performance( GAO/ T- OCG-
95- 2, February 2, 1995), and Government Reform: Legislation Would
Strengthen Federal Management of Information and Technology( GAO/ T- AIMD-
95- 205, July 25,

1995). 12 Year 2000 Computing Challenge: Lessons Learned Can Be Applied to
Other Management Challenges (GAO/ AIMD- 00- 290, September 12, 2000).

Page 12 GAO/ T- AIMD- 00- 316

federal government. The information issues confronting the government in the
new Internet- based technology environment rapidly evolve and carry
significant impact for future directions. A federal CIO could maintain and
build upon Y2K actions in leading the government's future IT endeavors.
Accordingly, our Y2K lessons learned report calls for the Congress to
consider establishing a formal chief information officer position for the
federal government to provide central leadership and support.

Consensus has not been reached within the federal community on the need for
a federal CIO. Department and agency responses to questions developed by the
Chairman and Ranking Minority Member of the Senate Committee on Governmental
Affairs regarding opinions about the need for a federal CIO found mixed
reactions. In addition, at our March 2000 Y2K Lessons Learned Summit, which
included a broad range of public and private- sector IT managers and
policymakers, some participants did not agree or were uncertain about
whether a federal CIO was needed. Further, in response to a question before
this Subcommittee on the need for a federal IT leader accountable to the
President, the Director of OMB stated that OMB's Deputy Director for
Management, working with the head of the Office of Information and
Regulatory Affairs, can be expected to take a federal information technology
leadership role. The Director further stated that he believed that
“the right answer is to figure out how to continue to use the
authority and the leadership responsibilities at the Office of Management
and Budget to play a lead role in this [IT] area.”

In conclusion, Mr. Chairman, the two bills offered by members of this
Subcommittee both deal with the need for central leadership, while
addressing the sharing of responsibilities with OMB in different ways. Both
bills offer different approaches to problems that have been identified and
should be dealt with in order to increase the government's ability to use
the information resources at its disposal effectively, securely, and with
the best service to the American people. Regardless of approach, a central
focal point such as a federal CIO can play the essential role of ensuring
that attention to information technology issues is sustained.

Mr. Chairman, this concludes my statement. I would be pleased to respond to
any questions that you or other members of the Subcommittee may have at this
time.

For information about this testimony, please contact me at (202) 512- 6240
or by e- mail at mcclured. aimd@ gao. gov. Individuals making key
contributions to this testimony include John Christian, Lester Diamond,
Contacts and

Acknowledgments

Page 13 GAO/ T- AIMD- 00- 316

Tamra Goldstein, Linda Lambert, Thomas Noone, David Plocher, and Tomas
Ramirez.

Page 14 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Budget Develop, as part of the budget process, a mechanism for analyzing,
tracking, and evaluating the risks and results of all major capital
investments made by an executive agency for information systems.

Implement periodic budgetary reviews of agency information resources
management activities to ascertain efficiency and effectiveness of IT in
improving agency mission performance.

Take actions through the budgetary and appropriations management process to
enforce agency accountability for information resources management and IT
investments, including the reduction of funds.

Review and recommend to the President and the Director of OMB changes to
budget and legislative proposals of agencies.

Review and recommend to the President and the Director of OMB changes to
budget and legislative proposals of agencies.

Advise and assist the Director of OMB in developing, as part of the budget
process, a mechanism for analyzing, tracking, and evaluating the risks and
results of all major capital investments made by an executive agency for
information systems.

Implement periodic budgetary reviews of agency information resources
management activities to ascertain efficiency and effectiveness of IT in
improving agency mission performance.

Request that the Director of OMB take action, including involving the
budgetary or appropriations management process, to enforce agency
accountability for information resources management and IT investments,
including the reduction of funds. CIO Council The Deputy Director for

Management serves as the Chairperson of the CIO Council, which was created
by Executive Order.

Serves as the Chairperson of the CIO Council, established by the bill in
statute.

Serves as the Chairperson of the CIO Council, established by the bill in
statute.

Electronic records In consultation with the Administrator of the National
Telecommunications and Information Administration, develop and implement
procedures for the use and acceptance of electronic signatures by agencies
by April 21, 2000.

Ensure that, no later than October 21, 2003, agencies provide for the option
of the electronic maintenance, submission or disclosure of information and
for the use and acceptance of electronic signatures, where

Advise the Director of OMB on electronic records. b In consultation with the
Director of

OMB and the Administrator of the National Telecommunications and Information
Administration, develop and implement procedures for the use and acceptance
of electronic signatures by agencies by October 1, 2000.

Ensure that, no later than October 1, 2003, agencies provide for the option
of the electronic maintenance, submission or disclosure of information and
for the use and acceptance of electronic signatures, where

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 15 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Electronic records (cont'd) practicable.

Develop and implement procedures to permit private employers to store and
file electronically with agencies forms containing information pertaining to
the employees of such employers.

In consultation with the Administrator of the National Telecommunications
and Information Administration study and periodically report on the use of
electronic signatures.

practicable. In consultation with the Director of OMB, develop and implement
procedures to permit private employers to store and file electronically with
agencies forms containing information pertaining to the employees of such
employers.

In consultation with the Director of OMB and the Administrator of the
National Telecommunications and Information Administration study and
periodically report on the use of electronic signatures.

Assisted by the CIO Council and others, monitor the implementation of the
requirements of the Government Paperwork Elimination Act, the Electronic
Signatures in Global and National Commerce Act and related laws. Information
dissemination Provide direction and oversee

activities of agencies with respect to the dissemination of and public
access to information.

Foster greater sharing, dissemination, and access to public information.

Develop and oversee the implementation of policies, principles, standards,
and guidance with respect to information dissemination.

Cause to be established and oversee an electronic Government Information
Locator Service (GILS).

Advise the Director of OMB on information dissemination. b Provide direction
and oversee

activities of agencies with respect to the dissemination of and public
access to information.

Foster greater sharing, dissemination, and access to public information.

Develop and oversee the implementation of policies, principles, standards,
and guidance with respect to information dissemination.

Cause to be established and oversee an electronic GILS.

Information resources management policy

Develop, coordinate, and oversee the implementation of uniform information
resources management policies, principles, standards, and guidelines.

Oversee the development and Advise the Director of OMB on

information resources management policy. b

Develop, coordinate, and oversee the implementation of uniform information
resources management policies, principles, standards, and guidelines.

Oversee the development and

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 16 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Information resources management policy (cont'd)

implementation of best practices in information resources management.

Oversee agency integration of program and management functions with
information resources management functions.

In consultation with the Administrator of General Services, the Director of
the National Institute of Standards and Technology, the Archivist of the
United States, and the Director of the Office of Personnel Management,
develop and maintain a governmentwide strategic plan for information
resources management.

Initiate and review proposals for changes in legislation, regulations, and
agency procedures to improve information resources management practices.

Monitor information resources management training for agency personnel.

Keep the Congress informed on the use of information resources management
best practices to improve agency program performance.

Periodically review agency information resources management activities.

Report annually to the Congress on information resources management.

implementation of best practices in information resources management.

Oversee agency integration of program and management functions with
information resources management functions.

In consultation with the Director of OMB, the Administrator of General
Services, the Director of the National Institute of Standards and
Technology, the Archivist of the United States, the Director of the Office
of Personnel Management, and the CIO Council, develop and maintain a
governmentwide strategic plan for information resources management.

Initiate and review proposals for changes in legislation, regulations, and
agency procedures to improve information resources management practices.

Monitor information resources management training for agency personnel.

Keep the Congress informed on the use of information resources management
best practices to improve agency program performance.

Periodically review agency information resources management activities.

Report annually to the Congress on information resources management.
Information technology management

In consultation with the National Institute of Standards and Technology and
the General Services Administration, develop and oversee the implementation
of

Serve as the principal adviser to the President on matters relating to the
development, application, and management of IT by the federal government.

Serve as the principal adviser to the President on matters related to the
efficient and effective development, use, and management of IT and other

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 17 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Information technology management (cont'd)

policies, principles, standards, and guidelines for IT functions and
activities.

Ensure that agencies integrate information resources plans, program plans,
and budgets for acquisition and use of technology.

Provide direction and oversee activities of agencies with respect to the
acquisition and use of IT.

Promote the use of IT by the federal government to improve the productivity,
efficiency, and effectiveness of federal programs.

Oversee the effectiveness of, and compliance with, directives issued under
section 110 of the Federal Property and Administrative Services Act (which
established the Information Technology Fund).

Coordinate OIRA policies regarding IT acquisition with the Office of Federal
Procurement Policy.

Oversee the development and implementation of computer system standards and
guidance issued by the Secretary of Commerce through the National Institute
of Standards and Technology.

Designate agencies, as appropriate, to be executive agents for
governmentwide acquisitions of IT.

Compare agency performance in using IT.

Encourage use of performancebased management in complying with IT management
requirements.

Evaluate agency practices with Advise the President on

opportunities to use IT to improve the efficiency and effectiveness of
programs and operations of the federal government.

Advise the Director of OMB on IT management. b

Report annually to the President and the Congress on IT management.

Promote agency investments in IT that enhance service delivery to the
public, improve cost- effective government operations, and serve other
objectives critical to the President.

Direct the use of the Information Technology Fund by the Administrator of
General Services.

Consult with leaders in state governments, the private sector, and foreign
governments.

information resources by the federal government.

Develop and oversee the implementation of policies, principles, standards,
and guidelines for IT functions and activities, in consultation with the
Secretary of Commerce and the CIO Council.

Promulgate, in consultation with the Secretary of Commerce, standards and
guidelines for federal information systems.

Review the federal information system standards setting process, in
consultation with the Secretary of Commerce, and report to the President.

Provide advice and assistance to the Administrator of the Office of Federal
Procurement Policy regarding IT acquisition.

Ensure that agencies integrate information resources plans, program plans,
and budgets for acquisition and use of technology.

Provide direction and oversee activities of agencies with respect to the
acquisition and use of IT.

Promote the use of IT by the federal government to improve the productivity,
efficiency, and effectiveness of federal programs.

Establish minimum criteria within 1 year of enactment to be used for
independent evaluations of IT programs and management processes.

Direct and oversee all actions by the Administrator of General

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 18 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Information technology management (cont'd)

respect to the performance of investments made in IT.

Direct agencies to develop capital planning processes for managing major IT
investments.

Direct agencies to analyze private sector alternatives before making an
investment in a new information system.

Direct agencies to undertake an agency mission reengineering analysis before
making significant investments in IT to support these missions.

Services with regard to the provision of any information resources- related
services for or on behalf of agencies, including the acquisition or
management of telecommunications or other IT or services.

Direct the use of the Information Technology Fund by the Administrator of
General Services.

Oversee the effectiveness of, and compliance with, directives issued under
section 110 of the Federal Property and Administrative Services Act (which
established the Information Technology Fund).

Oversee the development and implementation of computer system standards and
guidance issued by the Secretary of Commerce through the National Institute
of Standards and Technology.

Designate agencies, as appropriate, to be executive agents for
governmentwide acquisitions of IT.

Compare agency performance in using IT.

Encourage use of performancebased management in complying with IT management
requirements.

Evaluate agency practices with respect to the performance of investments
made in IT.

Direct agencies to develop capital planning processes for managing major IT
investments.

Direct agencies to analyze private sector alternatives before making an
investment in a new information

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 19 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Information technology management (cont'd)

system. Direct agencies to undertake an agency mission reengineering
analysis before making significant investments in IT to support these
missions. Innovation Conduct pilot projects with selected

agencies and nonfederal entities to test alternative policies and practices.

Assess experiences of agencies, state and local governments, international
organizations, and the private sector in managing IT.

Provide leadership in the innovative use of technology by agencies through
support of experimentation, testing, and adoption of innovative concepts and
technologies, particularly with regard to multiagency initiatives.

Conduct pilot projects with selected agencies and nonfederal entities to
test alternative policies and practices.

Provide leadership in the innovative use of technology by agencies through
support of experimentation, testing, and adoption of innovative concepts and
technologies, particularly with regard to multiagency initiatives.

Assess experiences of agencies, state and local governments, international
organizations, and the private sector in managing IT. Interagency
cooperation Ensure the efficiency and

effectiveness of interagency IT initiatives.

Issue guidance to agencies regarding interagency and governmentwide IT
investments to improve the accomplishment of common missions and for the
multiagency procurement of commercial IT items.

Identify opportunities and coordinate major multiagency IT initiatives.

Ensure the efficiency and effectiveness of interagency IT initiatives.

Issue guidance to agencies regarding interagency and governmentwide IT
investments to improve the accomplishment of common missions and for the
multiagency procurement of commercial IT items. National security systems
Apply capital planning, investment

control, and performance management requirements to national security
systems to the extent practicable.

Consult with the heads of agencies that operate national security systems.

Consult with the heads of agencies that operate national security systems.

Apply capital planning, investment control, and performance management
requirements to national security systems to the extent practicable.
Paperwork reduction

Review agency collections of information to reduce paperwork burdens on the
public.

Advise the Director of OMB on paperwork reduction. b Provide advice and
assistance to

agencies and to the Director of OMB to promote efficient collection of
information and the reduction of paperwork burdens on the public.

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 20 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Privacy and security Provide direction and oversee

activities of agencies with respect to privacy, confidentiality, security,
disclosure, and sharing of information.

Develop and oversee the implementation of policies, principles, standards,
and guidelines on privacy, confidentiality, security, disclosure and sharing
of agency information.

Oversee and coordinate compliance with the Privacy Act, the Freedom of
Information Act, the Computer Security Act, and related information
management laws.

Require federal agencies, consistent with the Computer Security Act, to
identify and afford security protections commensurate with the risk and
magnitude of the harm resulting from the loss, misuse, or unauthorized
access to or modification of agency information.

Review agency computer security plans required by the Computer Security Act.

Oversee agency compliance with the Privacy Act.

Advise the Director of OMB on privacy, confidentiality, security,
disclosure, and sharing of information. b

Provide direction and oversee activities of agencies with respect to
privacy, confidentiality, security, disclosure, and sharing of information.

Develop and oversee the implementation of policies, principles, standards,
and guidelines on privacy, confidentiality, security, disclosure and sharing
of agency information.

Oversee and coordinate compliance with the Privacy Act, the Freedom of
Information Act, the Computer Security Act, and related information
management laws.

Require federal agencies, consistent with the Computer Security Act, to
identify and afford security protections commensurate with the risk and
magnitude of the harm resulting from the loss, misuse, or unauthorized
access to or modification of agency information collected or maintained.

Establish governmentwide policies for promoting risk- based management of
information security as an integral component of each agency's business
operations.

Direct agencies to use best security practices, develop an agencywide
security plan, and apply information security requirements throughout the
information system life cycle.

Review agency computer security plans required by the Computer Security Act.

Oversee agency compliance with the Privacy Act.

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 21 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Records management Provide direction and oversee

activities of agencies with respect to records management activities.

Provide advice and assistance to the Archivist of the United States and the
Administrator of General Services to promote coordination of records
management with information resources management requirements.

Review agency compliance with requirements and regulations.

Oversee the application of records management policies, principles,
standards, and guidelines in the planning and design of information systems.

Advise the Director of OMB on records management. b Provide direction and
oversee

activities of agencies with respect to records management activities.

Provide advice and assistance to the Archivist of the United States and the
Administrator of General Services to promote coordination of records
management with information resources management requirements.

Review agency compliance with requirements and regulations.

Oversee the application of records management policies, principles,
standards, and guidelines in the planning and design of information systems.
Statistical policy and coordination

Provide direction and oversee activities of agencies with respect to
statistical activities.

Coordinate the activities of the federal statistical system.

Ensure that agency budget proposals are consistent with systemwide
priorities for maintaining and improving the quality of federal statistics.

Develop and oversee governmentwide statistical policies, principles,
standards, and guidelines.

Evaluate statistical program performance and agency compliance with
governmentwide statistical policies, principles, standards, and guidelines.

Promote the sharing of information collected for statistical purposes.

Coordinate U. S. participation in international statistical activities.

Advise the Director of OMB on statistical policy and coordination. b Provide
direction and oversee

activities of agencies with respect to statistical activities.

Coordinate the activities of the federal statistical system.

Consult with the Director of OMB to ensure that agency budget proposals are
consistent with systemwide priorities for maintaining and improving the
quality of federal statistics.

Develop and oversee governmentwide statistical policies, principles,
standards, and guidelines.

Evaluate statistical program performance and agency compliance with
governmentwide statistical policies, principles, standards, and guidelines.

Promote the sharing of information collected for statistical purposes.

Coordinate the U. S. participation in

Appendix I Comparison of OMB's Current Functions and Those Assigned to the
Federal CIO by H. R. 4670 and H. R. 5024

Page 22 GAO/ T- AIMD- 00- 316

CIO Responsibility Function OMB's Current Functions a H. R. 4670 H. R. 5024

Statistical policy and coordination (cont'd)

Establish an Interagency Council on Statistical Policy, headed by an
appointed chief statistician.

Provide opportunities for training in statistical policy.

international statistical activities. Establish an Interagency Council on
Statistical Policy, headed by an appointed chief statistician.

Provide opportunities for training in statistical policy. a While OMB's
Director is responsible for these functions, they have generally been

delegated to the Office of Information and Regulatory Affairs, which reports
to the Deputy Director for Management. These functions are outlined in the
Privacy Act of 1974, the Computer Security Act of 1987, the Paperwork
Reduction Act of 1995, the Clinger- Cohen Act of 1996, and the Government
Paperwork Elimination Act of 1998.

b H. R. 4670 specifically authorizes the CIO to advise the Director of OMB
to “ensure effective implementation of the functions and
responsibilities assigned under chapter 35 of title 44, United States
Code.” These functions include electronic records (through the
Government Paperwork Elimination Act of 1998), information dissemination,
information resources management policy, information technology management,
paperwork reduction, privacy and security, records management, and
statistical policy and coordination.

(512023)

Orders by Internet For information on how to access GAO reports on the
Internet, send an e- mail message with “info” in the body to:

Info@ www. gao. gov or visit GAO's World Wide Web home page at: http:// www.
gao. gov

Contact one: Web site: http:// www. gao. gov/ fraudnet/ fraudnet. htm E-
mail: fraudnet@ gao. gov 1- 800- 424- 5454 (automated answering system)
Ordering Information

To Report Fraud, Waste, and Abuse in Federal Programs
*** End of document. ***