Since the announcement of the Office of Management and Budget’s 25-Point Plan to Reform Information Technology, the role of agency chief information officers is changing from policymaking and infrastructure maintenance to portfolio management for all IT.
To keep up with those changes, OMB Director Jack Lew released a memo this morning outlining the responsibilities for CIOs throughout the government as identified in the 25 Point Plan.
From the memo:
- Governance. CIOs must drive the investment review process for IT investments and have responsibility over the entire IT portfolio for an Agency. CIOs must work with Chief Financial Officers and Chief Acquisition Officers to ensure IT portfolio analysis is an integral part of the yearly budget process for an agency. The IT Reform plan restructured the investment review boards (lRBs) by requiring Agency CIOs to lead “TechStat” sessions -actionable meetings designed to improve line-of-sight between project teams and senior executives. Outcomes from these sessions must be formalized and followed-up through completion, with the goal of terminating or turning around one third of all under-performing IT Investments by June 2012.
- Commodity IT. Agency CIOs must focus on eliminating duplication and rationalize their agency’s IT investments. Agency commodity services are often duplicative and sub-scale and include services such as: IT infrastructure (data centers, networks, desktop computers and mobile devices); enterprise IT systems (e-mail, collaboration tools, identity and access management, security, and web infrastructure); and business systems (finance, human resources, and other administrative functions). The CIO shall pool their agency’s purchasing power across their entire organization to drive down costs and improve service for commodity IT. In addition, enterprise architects will support the CIO in the alignment of IT resources, to consolidate duplicative investments and applications. CIOs must show a preference for using shared services as a provider or consumer instead of standing up separate independent services.
- Program Management. Agency CIOs shall improve the overall management of large Federal IT projects by identifying, recruiting, and hiring top IT program management talent. CIOs will also train and provide annual performance reviews for those leading major IT programs. CIOs will also conduct formal performance evaluations of component CIOs (e.g. bureaus, sub-agencies, etc.). CIOs will be held accountable for the performance of IT program managers based on their governance process and the IT Dashboard.
- Information Security. CIOs, or senior agency officials reporting to the CIO, shall have the authority and primary responsibility to implement an agency-wide information security program and to provide information security for both the information collected and maintained by the agency, or on behalf of the agency, and for the information systems that support the operations, assets, and mission of the agency. Part of this program will include well-designed, well-managed continuous monitoring and standardized risk assessment processes, to be supported by “CyberStat” sessions run by the Department of Homeland Security to examine implementation. Taken together, continuous monitoring and CyberStats will provide essential, near real-time security status information to organizational officials and allow for the development of immediate remediation plans to address any vulnerabilities.