United States General Accounting Office
Executive Guide
GAO
February 2001
Maximizing the Success of Chief Information Officers
Learning From Leading Organizations
GAO-01-376G
Preface
Information technology (IT) has become integral to providing
government services, and the management of information in the
federal government has moved out of the back office and off the
mainframe into the home and office and onto the Internet. As the
federal government fully embraces e-commerce and other leading-edge
implementations of IT that benefit citizens, leadership in managing
the government«s information resources becomes of paramount
importance. The development of new service approaches and the
enhancement of old ones in this new information era require the
active participation of information management organizations from
the beginning.
The efficient, effective, and innovative use of information
technology requires a level of leadership and focus that goes
beyond what would be provided in a technical support function.
Congress recognized the need for greater leadership in information
management and technology in the Clinger-Cohen Act of 1996, which
mandated the position of chief information officer (CIO) for
executive departments and agencies. This act and other laws define
the general responsibilities of the CIO and many of the processes
required to manage information in the federal government.
Virtually all of the major executive agencies have appointed
CIOs, and many have taken positive steps toward the implementation
of important information management processes specified by law. To
reap the full benefits of information management reform, federal
agencies must utilize the full potential of CIOs as information
management leaders and active participants in the development of
agency strategic plans and policies. The CIOs themselves must meet
the challenges of building credible organizations, and developing
and organizing information management capabilities to meet agency
mission needs.
This guide is intended to assist federal agencies in maximizing
the success of CIOs. Principles and practices gleaned from the case
studies presented in our guide offer concrete suggestions on what
agency executives can do to ensure the effectiveness of their CIO
organizations. The guide does not address all of the
responsibilities which fall to federal agency CIOs - only those
which have parallels in the private sector. Moreover, we find that
practices used by federal agency CIOs tend to differ from those
used by leading organizations. We did not study the reasons for
these deviations specifically, but they likely result from the
context in which federal CIOs operate. Both operational and
structural aspects of the CIO«s environment can vary significantly
in the federal sector versus the private sector. Rather than dwell
on differences, our study shows that there is much common ground
between public and private CIO organizations on which to build
efforts for improvement. The specific key conditions and strategies
described in this guide can be used as suggestions for federal CIOs
to apply or adapt to their environments, where appropriate.
We would like to thank the Private Sector Council and the
leading practice organizations we selected for our study, which are
listed on page 59, for providing us with the information about
their practices and assisting us in producing this executive guide.
We would like to thank members of GAO«s Executive Council on
Information Management and Technology for their comments and
suggestions in the development of this guide. We would also like to
thank the individuals who provided helpful comments on the exposure
draft of this guide.1
This guide was prepared under the direction of Lester Diamond,
Assistant Director, Information Technology Management Issues, who
can be reached at (202) 512-7957 or [email protected]. Key
contributors were Tamra Goldstein, Sondra F. McCauley, and Tomas
Ramirez.
David L. McClure Director, Information Technology Management
Issues
1 Executive Guide: Maximizing the Success of Chief Information
Officers (Exposure Draft) (GAO/AIMD-00-83, March 31, 2000).
Contents
Page
Federal Information Management Reform
The rapid pace of technological change and innovation in the
current information age poses wide-ranging opportunities for
improved information management2 and enhanced performance in
achieving agency missions and goals. At the same time, however, the
proliferation of technology has brought with it a range of thorny
issues surrounding managing and integrating complex processes,
computer equipment, and telecommunications networks. In its
oversight role, Congress has established a series of laws to define
the role of information management in government and to mandate
basic processes to manage the government information technology
(IT) investment. This section provides a brief overview of that
legislative history.
The federal government«s management of its information resources
to date has produced mixed results. Consistent with reform
legislation, agencies have taken constructive steps to implement
modern IT strategies, systems, and management practices and
policies directed toward achieving cost savings, increasing
productivity, and improving the timeliness and quality of federal
service delivery. To the extent that the nearly $27 billion in
annual planned obligations for information technology can be
invested and managed more wisely, federal programs will operate
more effectively and at less cost.
For years, Congress has been working to increase the
effectiveness of information and technology management in the
federal government. An early effort was the Brooks Act, enacted in
1965, which called for centralized oversight of federal information
technology acquisitions by the General Services Administration
(GSA). The Paperwork Reduction Act of 1980 (PRA) applied life cycle
management principles to information management and focused on
reducing the government«s information-collection burden. To help
accomplish this, PRA designated senior information resources
manager positions in the major departments and agencies with
responsibility for a wide range of functions including information
resource planning, budgeting, organizing, controlling, training,
and ensuring the absence of duplication in information systems. PRA
also created the Office of Information and Regulatory Affairs
within the Office of Management and Budget (OMB) to provide central
oversight of information management activities across the federal
government.
In the 1990s, Congress enacted additional laws holding agencies
accountable for effective management of public information
resources. In particular, the Chief Financial Officers (CFO) Act of
1990 and the Government Management Reform Act of 1994 spelled out
an ambitious agenda to remedy the government«s lack of useful,
relevant, timely, and reliable financial information. For the
government«s major departments and agencies, these laws
(1) established senior-level CFO positions, (2) required annual
financial statement audits, and (3) set expectations for more
modern systems to support integrated management of budget,
accounting, and program information. The Government Performance and
Results Act of 1993√ commonly known as GPRA or the Results Act
√required that agencies set strategic goals, measure performance
toward those goals, and report on their progress. Effective
implementation of the Results Act hinges on agencies« ability to
produce meaningfully integrated information to manage performance
and measure results.
In this guide, information management refers to all aspects of
the management of all information resources, including technology,
funds, human capital, and management processes, as well as the
underlying information. IT refers to technology used to support the
management of information.
Further, amendments to the PRA in 1995 required that agencies
indicate in strategic information resources management plans how
they are applying information resources to improve the
productivity, efficiency, and effectiveness of government programs,
including improvements in the delivery of services to the
public.
With this increased focus on agency accountability also came
recognition of the need to elevate the agencies« information
management positions to more strategic, executive, levels,
comparable to the CFO positions created in 1990. The Clinger-Cohen
Act of 1996 amended the PRA, renaming and elevating former
information resources manager positions to executive-level CIOs who
report directly to the agency head and have information management
as a primary responsibility. The new information management leaders
are accountable for not only the range of information management
activities outlined in the PRA, but also for more strategic IT
functions such as developing architectures, managing portfolios,
and measuring the performance of information technology
investments. Among other things, the Clinger-Cohen Act also (1)
required senior executive involvement in IT decision-making, (2)
imposed much-needed discipline in acquiring and managing technology
resources, (3) called for the redesign of inefficient work
processes before investing in technology, and (4) repealed the
Brooks Act, eliminating GSA«s central acquisition authority.
Primary procurement responsibility now rests directly with federal
agencies.
Together with a number of other laws enacted over the past
several years to foster improvements in such areas as financial
management, acquisition, and computer security, this legislation
discussed above composes a statutory framework for achieving
performance-based management and accountability in not just
information management, but overall federal management.3 (Appendix
I provides a list of these key federal laws affecting information
management.) As the executive leaders for information and
technology management, federal CIOs have a key role in helping
their agencies fulfill many of the provisions embodied in this
management reform framework.
Even with the guidance provided by OMB for establishing the new
information technology management leadership positions, agencies
face distinct challenges in effectively positioning federal CIOs
and supporting organizations to ensure that information management
adds value in their business/mission performance .4 CIOs in the
federal sector face structural and cultural hurdles generally not
found elsewhere. Some of these additional challenges are described
in the final section of this guide.
3
Managing for Results: The Statutory Framework for
Performance-Based Management and Accountability
(GAO/GGD/AIMD-98-52, January 28, 1998) and Managing for Results:
The Statutory Framework for Improving Federal Management and
Effectiveness (GAO/T-GGD/AIMD-97-144, June 24, 1997).
4
OMB guidance on implementing federal CIO positions includes
Memorandum for the Heads of Executive Departments and
Establishments, ƒImplementation of the Information Technology
Management Reform Act of 1996,≈ M-96-20, April 4, 1996; and
Memorandum for the President«s Management Council, ƒWhat Makes a
Good CIO?,≈ June 28, 1996.
Overview of Fundamental Principles
The basis for this guide is the belief that federal agencies
could benefit from examples set by a few leading organizations
whose CIO organizations have gained a reputation for outstanding
information management in their enterprises. This work is intended
to provide pragmatic guidance that federal agencies can consider in
determining how best to integrate CIO functions into their
respective organizations. Our target audience includes senior
federal executives and managers, although our observations can also
provide insights for senior information management officials
throughout the public and private sectors. (Appendix II provides
more details on the objectives, scope, and methodology of our
work.) Based on interviews with private-sector and state CIOs and
other research, we have developed a framework of critical success
factors and leading principles. The balance of this guide describes
this framework and its application to CIOs in the federal
government.
CIOs of leading organizations we interviewed described a
consistent set of key principles of information management that
they believed contributed to the successful execution of their
responsibilities. These principles touch on specific aspects of
their organizational management such as formal and informal
relationships among the CIO and others, business practices and
processes, and critical CIO functions and leadership activities.
The specific nature of these principles varied depending on the
organization«s mission, size, culture, and other factors, but each
underlying key principle was consistently observed.
The CIOs interviewed considered these principles instrumental
because they address critical organizational and operational
aspects of the CIO«s role. Notably, the principles address senior
executives« responsibility for creating an effective management
context for their CIOs, as well as the CIOs« responsibilities for
building credibility and organizing information technology and
management to meet business needs. The practices are not new ideas
in the general management of organizations, but rather are the
application of well-founded principles in the maturing area of
information technology and management.
These principles are most effective when implemented together in
a mutually reinforcing manner. As ad hoc efforts, each individual
principle addresses a single aspect that is necessary, but is not
sufficient for success by itself. The failure to execute a single
principle may render the others less effective. Further, although
there is no precedence among the principles, organizational
conditions may make it more feasible to address one principle
before another. For example, the chief executive officer (CEO) may
ƒposition the CIO for success≈ in advance of hiring a new CIO while
the other principles await the CIO«s attention.
Figure 1 illustrates the six fundamental principles described by
the CIOs interviewed during the development of this guide. In
addition, for each principle, several key characteristics of
organizations that successfully execute these principles are
listed. These key characteristics can provide insights into what
constitutes successful CIO organizations.
Figure 1: Six Principles and Key Characteristics of CIO
Management in Leading Organizations
Evaluating the intent of the six principles, we observed that
they naturally fell into three distinct sets, which we refer to as
critical success factors. Figure 2 illustrates the six principles
and their relationship with the three critical success factors and
their respective organizational foci.
Figure 2: Critical Success Factors and Organizational
Relationships
Critical Success Factors
Principles
Organizational Foci
a COO-Chief Operating Officer
Understanding the six principles in terms of critical success
factors is particularly useful because of characteristics that are
shared by principles within the same success factor. Following is a
brief description of each critical success factor.
Align Information Management Leadership for Value Creation
The principles under the first critical success factor, ƒAlign
Information Management Leadership for Value Creation,≈ advocate the
need to recognize the role of information management in creating
value and positioning the CIO for success; both of these principles
address issues of senior executive support. Both principles require
that the leaders of the enterprise embrace the critical role
information management can play in the success of the organization
and the leadership role the CIO must play in order for information
technology and management to meet its potential. The first
principle addresses the acceptance of this premise by senior
executive management, and the second ensures that the CIO has the
organizational legitimacy to execute his or her role.
Promote Organizational Credibility
While the first success factor refers to legitimacy at a
strategic planning level, this success factor addresses a more
operational level. The principle that addresses the need to ensure
the credibility of the CIO organization and the principle that
encourages measuring success and demonstrating results, if executed
successfully, will lead to the confidence of those with operational
responsibility in the enterprise. Without credibility, the CIO
organization will struggle to be accepted as a full participant in
the development of new organizational systems and processes.
Execute CIO Responsibilities
The last critical success factor, ƒExecute CIO Responsibilities≈
addresses the need to organize information resources to meet
business needs and to develop the associated human capital. These
two principles provide the foundation for the CIO«s effectiveness
in carrying out the CIO organization«s specific responsibilities.
Once executive management endorses the centrality of the CIO
organization and becomes a partner in the development of new
systems, the CIO organization must execute its responsibilities
successfully.
The last section in figure 2, ƒOrganizational Foci,≈ illustrates
how both principles within a single critical success factor require
the same organizational units to collaborate in their execution.
Both principles within a critical success factor also focus on the
same organizational units as targets of their implementation. For
example, in the case of, ƒPromote Organizational Credibility,≈ both
principles rely on the collaboration of senior executives and
division heads for success and have as their target the senior
management of the enterprise.
The common features within a critical success factor can become
especially significant as the CIO, and other players, plan the
execution of the six principles described in this guide. As this
group plans its strategy, it can utilize the commonality among
principles to link initiatives and utilize the synergy between
related efforts. For example, while organizing information
resources to meet enterprise needs and developing human capital are
distinct initiatives, they share extensive areas of commonality.
Executing both principles in
Page 10 GAO-01-376G CIO Executive Guide
conjunction with each other can create opportunities for
efficiency and effectiveness not otherwise available.
Finally, the organization of principles into critical success
factors illustrates the extent to which the work of a successful
CIO must extend throughout the enterprise. In particular, the role
that the CEO and other senior managers play in ensuring the success
of the CIO should be noted. While it is the responsibility of the
CIO to execute the specific responsibilities of his or her
position, it became clear to us during our case studies that the
successful CIO relies extensively on both vertical and horizontal
relationships within the enterprise in order to carry out these
responsibilities.
This executive guide includes examples from our case study
organizations as well as information from selected federal
organizations, which helped us confirm the applicability of our
findings to federal government experience. At the conclusion of
each principle, we provide a case study to describe the principle
in practice at one of the organizations we visited, as well as
strategies to consider when implementing the principle. Although
this guide focuses on fundamental practices rather than detailed
guidance, the examples illustrate and complement much of the
specific guidance contained in similar and related GAO documents
cited in appendix III.
The Federal CIO Environment Today
The CIO position in the federal government is still evolving.
Agencies are learning how a CIO can help improve effectiveness and
efficiency and better realize the benefits of their information
resources. Current federal CIOs are learning how to carry out their
responsibilities in the federal environment with all of the
incumbent expectations and constraints. Both the agencies and the
CIOs are working to meet the letter and intent of the Clinger-Cohen
Act and associated legislation effectively. The principles offered
in this guide are intended to provide insight into what CIOs at
leading organizations consider critical to their success, and
provide advice to federal CIOs and senior agency management as they
work to improve the use of information technology and management in
the federal government.
The federal CIO faces an environment that includes many of the
elements encountered by CIOs interviewed for this guide. At the
same time, the federal CIO faces additional challenges as a result
of specific legislative responsibilities (e.g., records management
and defined contracting requirements). The federal CIO is also
subject to a funding process that is more complex and uncertain
than in most other organizations. The effect of the appropriations
process and the highly distributed management structures found in
several federal agencies tend to move some of the control of
processes having to do with information management away from the
CIO. Together, these characteristics, among others, differentiate
the federal CIO environment from other environments. These
differences, and their impact on the framework developed in this
guide, will be discussed in the ƒUsing this Guide≈ section. The
following discussion focuses on the common elements among the
private, state, and federal sectors, and the application of the
framework across all three.
In a series of one-on-one interviews with half of the Federal
CIO Council, we found that federal organizations face many of the
same issues as their private-sector and state government
counterparts. Specifically, federal organizations must overcome the
challenges of effectively linking information technology and
management to agency missions, positioning and legitimizing
information management leadership, measuring performance, and
building capabilities and skills. Our meeting with five members of
the Federal Small Agency CIO Council and a number of independent
studies provide similar conclusions.5 The six principles that
emerged from our discussions with private-sector and state
government CIOs also describe the general areas that federal CIOs
agreed needed to be addressed. However, the specific approaches to
executing those principles tended to differ among the various
sectors.
The Federal Chief Information Officer: Third Annual Top Ten
Challenges Survey, Association for Federal Information Resources
Management, November, 1998; Implementing Best Practices, Capital
Planning and IT Investment Committee, Federal CIO Council, June
1998; The Impact of Change: Clinger-Cohen Act Implementation,
Laying the Foundation for Year 2000 and Beyond, Eighth Annual ITAA
Survey of Federal CIOs, Grant Thornton LLP, December 1997; and
IAC/CIO Task Force Draft Report, Federal Chief Information
Officer«s Working Group and Industry Advisory Council, July 9,
1996.
In three of the principle areas, the level to which practices of
leading private versus federal organizations have evolved is
significantly different. For example, in principle I, while leading
organizations generally include their CIOs in executive business
decisionmaking, in the federal government setting information
management is still often viewed as a support function rather than
a strategic activity. Leading organizations also consider various
leadership models and position their CIOs at a clear, executive
level, as in principle II. In contrast, federal CIO implementation
is in more nascent stages, lacking criteria for matching CIO types
with organizational needs. Further, in principle V, while leading
organizations are flexible in reassigning staff and structuring
capabilities across business and technology lines, federal staffing
practices and organizational structures are less flexible in
nature.
Performance measurement (principle IV) and information
management human capital development (principle VI) are two areas
that private, state, and federal CIOs all agreed must be addressed
in order for the CIO and the supporting organization to be
successful. Practices used by both the private and public sectors
in the area of performance measurement are still evolving. In both
performance measurement and human capital development, practices
used by the federal CIOs differed from those of CIOs in leading
organizations, though federal CIOs were actively trying to address
the issues. Differences in the approaches used probably resulted
from specific constraints in the federal CIO environment, including
a focus on nonfinancial program benefits, rather than financial
return on investments.
Credibility building, principle III, is the one area in which
CIOs in both the public and private sector have all adopted similar
practices. The precise application of the practices depended on the
specific contexts of their organizations, but the approaches were
consistent. It may be noted that this is one of the few principles
that CIOs may address themselves, without regard to organizational
constraints or CEO support. Of course, as stated earlier, the
effectiveness of this principle is moderated by the extent to which
the other principles have been implemented.
The following table summarizes the practices of our sample
organizations in each principle area and compares them with
practices in the federal CIO environment.
Table 1: Comparison of Leading Practices and Federal CIO
Management Practices
In terms of critical success factors, federal CIO organizations
tend to trail the CIOs interviewed for this guide in the ƒAlign
Information Management Leadership for Value Creation≈ and ƒExecute
CIO Responsibilities≈ factors. The successful execution of these
two critical success factors depends to a great extent on officials
other than the CIO. In the first success factor, the CIO depends to
a great extent on the other senior executive officers to support
the inclusion of the CIO in critical strategic discussions. In the
other factor, the federal CIO tends to be constrained by
organizational attributes typical of the federal sector. These
attributes include, but are not limited to, relatively little
flexibility in financial reward systems and highly distributed
organizational structures in a number of federal agencies.
This is not to say that there are no examples of progress in the
federal sector in either of these two success factors. The federal
response to the year 2000 computing challenge created an
opportunity in many agencies for CIO and program organizations to
partner in responding to specific agency mission needs. This
partnering took place at the senior executive level and contributed
to the success of the federal Y2K effort. In addition, the CIO
Council, the Office of Personnel Management, and individual
agencies have been working together to develop new approaches to
compensating and retaining information technology and management
workers.
It is interesting to note that the remaining critical success
factor, ƒPromote Organizational Credibility,≈ is executed about the
same within all sectors, since all sectors approach principle III
similarly, and no sector executes principle IV well. As noted, it
is within this critical success factor that the CIO is able to
operate with the greatest individual flexibility.
Table 1 indicates that a gap exists between the practices of
federal CIOs and CIOs of leading organizations. Areas in which gaps
exist should be examined carefully to understand the basis for the
differences as well as opportunities for greater implementation of
the principles. It is possible that the business context for
federal CIOs is sufficiently different from that of CIOs in leading
organizations that lessons learned may not be applicable. Some of
these differences are described in the final section of this guide.
At the same time, an understanding of the information technology
and management practices of leading organizations could contribute
to the development of improved CIO management practices in the
federal sector.
The following sections describe each of the general principles
and practices discovered in our work with leading CIO
organizations.
Critical Success Factors
Principles
Organizational Foci
Critical Success Factor 1: Align Information Management
Leadership for Value Creation
The CIO and supporting organization must have active support and
commitment at the very top of the enterprise or they will remain
limited and tangential to the business, despite their potential
contribution to mission accomplishment. This first critical success
factor focuses on the role of the senior executive of the
enterprise in developing a culture that includes the CIO in
senior-level decision making and that assumes the potential of IT
in creating value for the enterprise. Executive leadership is
essential to the successful execution of this factor.
A common theme among the CIOs we interviewed was that the
message of the importance of IT to the organization must be
communicated at the highest levels. Senior executives must embrace
the central role of technology, and the CIO must be a full
participating member at the table with them as business strategy is
discussed. This behavior begins with the CEO, who sets the example
for senior and mid-level executives and, through them, the rest of
the organization. In addition, the participation of the CIO in
long-range strategic planning is necessary to take full advantage
of the opportunities IT can provide and to ensure that the
technology infrastructure is in place as business strategies
develop.
Principle I: Recognize the Role of Information Management in
Creating Value
ƒThe CIO«s ability to add value is the biggest single factor in
determining whether the organization views IT as an asset or a
liability.≈
Instituting an effective CIO organization does not start with
selection or placement of an information technology and management
leader, nor does it begin with establishing a structure for
managing information resources and activities. Rather, it begins
with consideration on the part of executive-level managers of the
role of IT and how vital it is to accomplishing mission objectives.
It also entails thinking about ways to incorporate the information
technology and management leader in the executive-level management
structure and create an environment that facilitates
business/technology sharing and exchange of ideas. Moreover, CEOs
and governors can set powerful examples through their own strong
relationships with CIOs. Such relationships symbolize the
importance of information technology and management within their
organizations.
Key Characteristics
Senior executives have primary responsibility for setting the
business context for their CIOs and formulating strategies for
integrating information technology and management into their
business operations. Executives of leading organizations no longer
regard technology management as a separate support function and
instead strive to understand how investments in information
resources are made and how they integrate with other investments
and the overall business vision. These executives also increasingly
focus on the management, operations, program and service delivery
benefits, and performance of their major strategic information
systems. CEOs have a key role in setting the example for the rest
of the agency to follow in seeking to understand information
technology and management concepts and appreciating the strategic
role that information technology and management can play in helping
to accomplish business objectives. Viewing information and
technology not just as assets to manage, these CEOs assign their
information technology and management leaders a prominent role in
business decision making. Recognizing the business transformation
potential of IT, these executives also position their CIOs as
change agents with responsibility for applying technology to
achieve major improvements in fundamental business processes and
operations. With CEO support, the CIOs are in a good position to
have significant impact on not just IT, but the entire business
enterprise.
Following the CEO«s lead, members of the senior executive team
learn to value the advice of the CIO in setting business directions
and developing strategies for improving organizational capabilities
and competitiveness. They seek to embrace fundamental information
technology and management principles and work with their CIOs to
develop a shared vision of the role of IT within the business
context. They engage in dialogue on
Page 18 GAO-01-376G CIO Executive Guide
ways that technology can be incorporated to improve business
processes, outputs, and outcomes. They incorporate information
management as an intrinsic part of their business planning and
decision making processes, discussing the benefits and risks
associated with specific strategies for improving service, reducing
cycle time, or reducing costs.
In leading organizations, senior managers make joint decisions
on information resources, formulate business plans, and set
performance expectations. Increasingly, managers make IT investment
decisions based on the value of the investments to their
enterprises, not just to a specific business unit or function. By
asking strategic and operational questions at the beginning of the
planning and evaluation period, senior managers gain a better
understanding of the potential benefits and value of IT.
Information and technology managers in leading organizations are
also adopting processes that help them quantify and align projects
with their organizations« business planning and measurement
processes. They produce plans that link to overall business plans
and assign managers to act as liaisons between business units and
CIO organizations. Increasingly, managers also focus on measuring
reliability, responsiveness, and customer satisfaction, which in
the eyes of senior management are just as important as strictly
financial measures.
Leading organizations work to create environments that are
conducive to sharing ideas on how information technology can
support the businesses and vice versa. They adopt formal mechanisms
and structures that facilitate the ability of their businesses and
information technology and management leaders to understand and
communicate one another«s issues and work together to accomplish a
shared business vision. These mechanisms and structures include
forums, councils, and boards for discussion and exchange on
business and technology issues. Such forums help promote
organizationwide perspective and facilitate the ability to achieve
consensus or stakeholder buy-in to business/technology directions.
For example, one state has a strategic planning forum that brings
together major stakeholders statewide to identify strategic and
tactical issues, including IT issues confronting the state. The
state prepares a strategic planning document based on this
stakeholder input. This process has helped to integrate information
management into overall business planning by aligning IT products
and services with business functions and linking technology to the
state«s overall strategic direction.
To further support the business/technology collaboration,
leading organizations adopt a common business language, skillfully
avoiding technical jargon and instead using language that general
managers and legislatures can understand. They use analogies,
terminology, and processes that help fuse business and technology
interests and ideas together. Other strategies for
business/technology learning include informal activities such as
newsletters, presentations, reports, and service-level results
placed in common areas to communicate the effectiveness of their
CIO organizations. Leading organizations further the two-way
exchange of ideas and perspectives by bringing in experts from the
field to advise or educate managers on recent trends and
developments in both the business and technology arenas. Realizing
that attitudes, expectations, and culture seldom change quickly,
they plan for whatever time and resources are necessary to create a
common ground and organizational cohesiveness. Their efforts go a
long way in shoring up commitment from across the organization to
strategies for achieving common goals.
Leading organizations also focus on hiring managers who bring a
hybrid of business and technical expertise to the organization. One
large multinational corporation uses ƒtechnical facilitators≈ to
support its initiatives. In the past, this company had experienced
problems in sharing information resources. Managers in the
different lines of business were unwilling to share information
resources because each felt his or her particular line of business
was unique. Because technology was becoming critical to future
success in this business sector, top managers were increasingly
assigned to support and manage the company«s internal information
management functions. Several of the managers assigned had both
business and technology acumen and had the ability to raise
business issues from a technical perspective in a nonthreatening
manner. In resolving business issues, they were sometimes able to
identify more efficient technical opportunities.
Case Study: Recognizing the Role of Information Management in
Creating Value
Due to changes in market conditions and requirements for
increased productivity through using common components, a large
manufacturing company decided that it needed to make major changes
in the way it managed IT to support the business. The company had
outsourced its information management function, but lacked the
infrastructure to provide strategic direction, discipline, and
overall management of information management to ensure optimal
implementation and cost. Given this situation, the company was
faced with a proliferation of legacy systems and inefficient
business processes built around them. The company also met with
bureaucratic business resistance to change to a common information
systems environment.
By way of improvement, senior executives adopted a new IT
strategic direction and focus that tracked back to the company«s
business priorities¬ ƒcommon, lean and fast, global, and growth.≈
Senior management then hired a CIO as a change agent, reporting to
the Vice Chairman and the company«s senior decision making council,
and gave him responsibility for transforming the IT function,
thereby making him an enabler of the function and an integral part
of the business strategy.
The CIO recruited an IT management team that understood both the
business and technical sides of the enterprise. He instituted a
matrix management organization, creating a leadership structure
that provided flexibility for meeting future information management
needs as well as maintaining existing IT systems. The new IT
organization became responsible for such strategic activities as
participating in the development of overall business strategies;
prioritizing IT requirements; generating IT business plans; setting
technical and architectural standards; managing user interfaces,
outsourcing contracts, suppliers, and systems engineering; and
allocating IT resources. To assess performance, the IT organization
instituted several sets of measures that link directly to the
business objectives and priorities defined by the CEO in the
company«s strategic plan.
The major steps that the company took to improve, are
illustrated in figure 3, below.
Figure 3: Steps for Transforming Business Operations Using
Information Management
•
Defined strategic business priorities including Common,
Lean, Fast, Global and Growth
•
Executive team shared a challenging vision of the role of
IT
•
Implemented a matrix IT organization (functional and
operational alignment)
•
Established virtual organizational structure for
flexibility and responsiveness
Strategies to Consider
Instituting information technology and management as a support
function separate from the business is an ineffective and outdated
model. Leading organizations recognize the role of IT in supporting
mission accomplishment and seek to integrate it with business
operations. The following outlines the strategies that senior
executives in leading organizations commonly use to promote
information management leadership involvement in business decision
making and maximize the benefits from their IT investments.
Focus on efforts to incorporate the CIO organization into the
overall business by
•
ensuring executive leadership and commitment for the CIO
organization, both at the career and political levels;
•
embracing the CIO as a full participant of the executive
management team;
•
developing structured approaches for exploring the broad
range of opportunities and strategies in information technology
available to enhance the business; and
•
focusing technology initiatives on creating value and
providing the information needed by internal and external
customers.
Provide an atmosphere that supports executive understanding of
IT by
•
creating and using formal and informal executive
communication channels to make the business case for integrating
information management into organizationwide decision-making;
and
•
emphasizing returns and metrics that clearly link
information management with an organization«s business
needs.
Principle II: Position the CIO for Success
ƒThere is no cookie-cutter approach, so knowing what fits in an
organization is key to finding the right CIO to match with the
organization.≈
There is no one right way to establish a CIO position.
Diversities in corporate missions, structures, cultures, and
capabilities prohibit a prescriptive approach to information
management leadership. There are nonetheless a number of practices
and alternative strategies that senior executives in leading
organizations use to help define and institute their CIO positions
to effectively meet business needs. This section examines those
practices, providing pragmatic guidance that other organizations
can also consider in determining how best to integrate CIO
functions into their respective organizations.
Key Characteristics
Senior executives in leading organizations recognize that a
one-size-fits-all solution to establishing information management
leadership does not exist. Rather, they take responsibility for
ensuring that their CIO models are consistent with the business,
technical, and cultural contexts of their enterprises. Executives
do so by examining their internal environments and asking a series
of questions about the problems that need fixing, how information
technology and management can help, and how a CIO might best fit
within their management structures to guide technology solutions.
The answers to these questions help them choose from a range of
alternative CIO approaches.
Specifically, by defining mission improvement objectives, senior
executives determine whether their organization needs a CIO who is
a networking/marketing specialist, business change agent,
operations specialist, policy/oversight manager, or any combination
thereof. Studying existing IT capabilities helps define the
structure and responsibilities of the new CIO organization.
Considering the centralized or decentralized nature of the
enterprise helps determine the corporate CIO«s authority level and
how the CIO shares responsibility with other managers across the
agency. Further, appreciating organizational culture and change
readiness helps define the pace and extent to which CIOs can
accomplish business transformation.
Business executives keep in mind that initial CIO models adopted
should not be set in stone, but may have to be adjusted over time
as their enterprises grow or mature. For example, while a company
may need a business strategist to build a new IT capability, over
time another type of CIO may be better suited to sustaining
operations. This evolution in the CIO role is also reflected by the
introduction of variant leadership positions in information
management (i.e., chief knowledge officers or chief technical
officers) that diffuse responsibility across several senior-level
managers. For example, one industry organization that we visited
has multiple product line CIOs. The most senior information
management executive positioned at a level above these CIOs asserts
that he is not the ƒcorporate CIO≈ and does not want to be. With
the belief that one person cannot embody all the knowledge needed
to effectively direct information technology and management in an
organization, this executive uses an executive-level technology
committee as a forum for building consensus for IT initiatives.
In conjunction with determining their CIO models, senior
executives clearly define up front the roles, responsibilities, and
accountability of their CIOs for enterprisewide information
management, better enabling their CIOs to operate effectively
within the parameters of their positions vis-à-vis those of their
senior management counterparts (i.e., CFO, COO). Typically, CIOs
serve as a bridge between top managers, IT professionals, and end
users. CIOs provide leadership and vision, focusing senior
executives on highvalue information technology issues, investments,
and decisions. They may also serve as business change agents,
challenging conventional approaches and developing new methods and
systems for delivering mission benefits. The case study at the end
of this section provides an example of a CIO hired specifically to
help transform information management and business operations.
In this strategic capacity, CIOs take the lead role in
integrating information and technology management and performance
across the entire information life cycle. They are responsible for
such activities as planning, setting standards and policies, and
designing and managing architectures to guide introduction of
technology products and services. While not all CIOs necessarily
have hands-on responsibility, their purview may also incorporate
any or all of the operational elements of information and
technology management, such as data processing, infrastructure
management, and systems acquisition.
Senior executives provide their CIOs with the authority they
need to effectively carry out their diverse responsibilities.
Executives ensure this by giving the CIO a key role in IT
investment decision-making, providing budget control, or ensuring
leadership backing for information technology and management
programs and initiatives. Formally documenting or, in the case of
public-sector organizations, legislating, CIO roles and
responsibilities can help in managing performance and expectations
of both the enterprise and the CIO. For example, the position of
one state government CIO that we interviewed was based on a
specific statute establishing the CIO at the cabinet level and
assigning clear-cut responsibilities for funding and overseeing IT
operations statewide.
While there is no single template for doing so, senior
executives in leading organizations apply consistent criteria in
selecting their CIOs. The most obvious criterion is relevant IT
expertise. Rather than being technical experts specifically, their
CIOs intuitively understand IT principles and trends and act as
strategists, applying technology and approaches skillfully to help
resolve or overcome daunting business challenges. But even while IT
expertise is important, their CIOs are business managers as well,
with experience in administrative, financial, and corporate
management. Such experience better enables the CIOs to work with
business managers to build a shared vision for meeting mission
needs. For instance, one state government CIO attributed his
success to his breadth of experience across a variety of financial,
retail, and IT units, which facilitates his ability to
Page 24 GAO-01-376G CIO Executive Guide
get buy-in from stakeholders in the state. Additional
proficiencies critical to CIO success include leadership ability,
innovation and flexibility, effective communications skills,
interpersonal skills, and political astuteness. The weight that
senior executives assign to each of these criteria in selecting a
CIO depends on the information management leadership model and the
needs of the enterprise.
CIOs are no longer tied to a single functional unit√i.e., the
ƒIT shop.≈ Instead, they are positioned as senior executives with
the ability to strategically view and apply IT to the best
advantage of the enterprise. CIOs generally report to and partner
with their agency heads, forging relationships that ensure high
visibility and support for far-reaching information management
initiatives. As active members of the CEOs« executive teams, these
CIOs are well situated to provide advice and direction, integrate
IT with the business vision, and take part in high-level
decision-making. Active participation in executive processes and
committees facilitates the CIOs« ability to build effective
executive-level working relationships.
Case Study: Positioning the CIO for Success
In 1996, this manufacturing company instituted a CIO position to
help build its information management capability after deciding to
split its former internal IT service provider off as an independent
business. For years, the manufacturing company had relied on a
wholly owned subsidiary to provide IT products and services. With
minimal IT talent left in the company following the split-off, the
CIO had to create a new IT leadership staff.
The company used a consultant to search for a CIO to build the
in-house information management capability. Essentially, the
company wanted a CIO with IT expertise, strong management skills,
and background experience in managing large, centralized companies.
The current CIO exceeded their requirements. He came highly
recommended due to his prior success in transforming two other
companies and his skill in outsourcing, which would be needed to
manage the manufacturer«s continued reliance on information
technology contract services. The CIO accepted the position only
after obtaining senior executives« commitment to his vision for
transforming not just information technology and management, but
processes in the entire company.
Senior executives set the CIO up to succeed. They positioned him
as a member of the senior decision-making board, reporting to the
Vice-Chairman of the company. They gave him the flexibility to
bring in managers from the outside and set up a matrix management
organization consisting of multiple business sector CIOs aligned
with functional CIOs across the company, all reporting to the
corporate CIO. They required that any IT initiative include
collaboration between a sector CIO and a process-responsible CIO,
as illustrated in figure 4. Senior executives also made the CIO the
final authority on all IT budget, operations, and process
management issues. During the period from 1996 through 1999, the
CIO has been effective in lowering projected annual IT costs, for
1999 the total reduction was over $450 million, when taking into
account both cost avoidance and cost reduction, while enhancing the
provision of IT services to the company.
Figure 4: Matrix Management Organization in a Leading
Organization
Global Processes and Systems
Strategies to Consider
In the absence of a single model for instituting a CIO, senior
executives take precautions to ensure that their information
management leadership positions are appropriately defined and
implemented to meet their unique business needs. The following is
an outline of the strategies that senior executives in these
organizations use to determine the types of CIOs they need, select
individuals to carry out these roles, and position them as
effective and influential members of the senior executive
decision-making team.
Determine the CIO model by
•
examining the current environment and identifying what
the enterprise expects to accomplish through information management
before establishing a CIO position to lead improvements;
and
•
making the CIO type (i.e., business strategist, marketing
specialist, policy and oversight manager, operations specialist,
etc.) consistent with the enterprise«s mission, history, current
environment, culture, and change readiness.
Define clear roles and accountability for the CIO by
•
delineating CIO roles and responsibilities vis-à-vis
those of other senior managers;
•
ensuring that the CIO has the authority needed to be
effective; and
•
documenting CIO roles, responsibilities, and
accountabilities to help manage expectations and
performance.
Select a CIO with the right skills set by
•
choosing someone with information technology and
management expertise and the potential to help in business
transformation, consistent with the CIO model selected;
and
•
ensuring that the individual also has the leadership and
communications skills and other proficiencies needed to effectively
carry out the CIO position.
Make the CIO a business partner by
•
having the CIO partner with other senior executive
managers,
•
empowering the CIO to work with other senior executives
to discuss and decide among alternative IT products and strategies
for meeting business needs, and
•
ensuring that the CIO is involved in strategy discussions
at the highest levels so that he or she can lead the enterprise in
using information management to corporate advantage rather than
merely responding to client requests.
Critical Success Factors
Principles
Organizational Foci
Critical Success Factor 2: Promote Organizational
Credibility
The second critical success factor focuses on the CIO«s ability
to establish the CIO organization as a central player in the
enterprise. The legitimacy of the CIO and the CIO organization must
be developed for the CEO«s message of information technology and
management«s central role to be accepted and for the CIO
organization to become a full participant in formulating corporate
strategy.
Both principles in this critical success factor pertain to the
demonstration of the CIO organization as an entity that can
complete critical projects successfully and contribute to the well
being of the enterprise. This effort is largely the responsibility
of the CIO, and the focus is lateral and downward. The CIO must
create an environment in which the ability of the CIO organization
to contribute to the success of the enterprise is recognized.
Success, to be appreciated, has to be demonstrable and measurable.
If the CIO is not able to demonstrate that he or she deserves the
support of the CEO and makes a valuable contribution to the
corporate mission, the CIO will not be effective as a full
participant in the corporate decision-making process.
Principle III: Ensure the Credibility of the CIO
Organization
ƒWhile placement of the CIO position at a high level within the
organization may carry some weight, the CIO generally must earn
credibility by making things happen.≈
Instituting a CIO position consistent with organizational needs
and finding a capable leader to fill the job are no guarantee of
CIO success. Rather, the burden of ensuring information technology
and management effectiveness shifts from senior executives to the
CIO and his or her supporting organization. Given the relative
newness of the position vis-a-vis the rest of the business, the CIO
is faced with having to gain the attention and respect of managers
at all levels across the organization and build the support and
cooperation needed to effectively execute the information
management leadership role. The following is a discussion of the
strategies that CIOs in leading organizations use to legitimize
their roles and successfully collaborate with their business
counterparts to guide IT solutions to meet mission needs.
Key Characteristics
CIOs in leading organizations recognize that providing effective
information management leadership and vision is a principal means
of building credibility for their CIO positions. CIOs do this in a
number of ways. Foremost, they do not manage IT in a vacuum, but
rather make sure that the information management program is well
integrated with what senior executives want to accomplish. CIOs
work with their executive peers to jointly produce a vision
educating senior managers on the strategic value of IT, providing
advice and direction, and setting expectations of what can be
achieved. CIOs express this vision in business rather than
technical terms, and in such a manner as to generate enthusiasm,
buy-in, and motivation for managers to strive together toward the
achievement of common goals. Further, CIOs participate on executive
committees and boards that provide forums for promoting and
building consensus for IT strategies and solutions. We found this
to be true for each of the case study organizations that we
visited. Having achieved senior management interest and backing,
CIOs can leverage this support as needed to help ensure cooperation
for carrying out information technology and management and business
change initiatives across the enterprise.
Effective CIOs, and their supporting organizations, do not set
out to force their ideas and solutions on their business
counterparts. Instead, they seek to bridge the gap between
technology and the business by networking informally, forming
alliances, and building friendships that help ensure support for
information technology and management. CIO organizations then work
with rather than for the businesses, getting them involved in
projects and driving ownership and accountability to line
management, rather than to the IT shop. For example, in one case
study, the state legislature placed the CIO organization in charge
of managing the planning, funding, and implementation of a project
to develop a single telecommunications network to serve the state«s
entire education community. Rather than a technical challenge, the
project has been a huge coordination effort, requiring that the CIO
organization overcome rivalries and achieve the commitment and
cooperation of traditionally autonomous education sectors.
CIOs retain the support of their business colleagues by
following through on commitments to effectively lead business
transformation projects, provide needed IT products and services,
and train and educate the user community. Through it all, CIOs
strive to maintain open communications and build trust. They do so
by being accessible to the businesses, listening to user feedback,
and focusing on user needs.
CIOs recognize that balancing short-term successes with
longer-term business change initiatives is key to keeping their
business customers satisfied. In the initial months of tenure, CIOs
set out to understand their enterprises« needs and tackle tough
issues (i.e., runaway projects and crisis situations such as year
2000 management) that demand immediate attention or could pose
immediate obstacles to success. In the short term, they also focus
on building relationships, addressing business imperatives (i.e.,
process streamlining and consolidation), and demonstrating success
by promptly providing highimpact products and services (i.e.,
commercial off-the-shelf software and desktop equipment) that allow
them to achieve positive and visible accomplishments fairly
quickly. CIOs recognize that showing interim results concurrent
with more protracted efforts such as multiyear systems
developments, ƒbig-ticket≈ infrastructure projects, or business
process reengineering can have significant positive impact on CIO
credibility.
Often, CIOs outline plans of attack or roadmaps to help guide
them in effectively implementing their short- and long-term
strategies. Documenting their courses of action helps them manage
schedules and expectations and provides baselines against which to
assess progress and performance. These CIOs are careful not to get
caught in the cycle of continual planning, but take steps to ensure
effective progression from planning to implementation. They return
to their plans iteratively, updating them as progress is made and
business needs evolve.
Finally, CIOs in leading organizations recognize that there is
too much going on in the area of information technology and
management for them to absorb all of the issues alone. Rather than
allowing their technology ideas and programs to stagnate, they keep
abreast of changes in the fast-paced environment that might be
applied to enhance capability and improve mission performance in
their own organizations. They do so through avid reading, working
with vendors, and following market directions. CIOs also benchmark,
partner with, or seek advice from successful peers and competitors
on initiatives that provide opportunities for exchanging ideas,
sharing capability and expertise, and achieving mutual benefits in
the larger information technology and management community. For
example, one state CIO with whom we met said that he values the
GAO-01-376G CIO Executive Guide Page 31
guidance received from a CIO advisory board of private industry
representatives, convened by the governor to facilitate learning
from business organizations. This CIO also partners with a major IT
corporation on a project to acquire standard desktop equipment for
all agencies under the governor«s purview. Participation in key
councils, advisory groups, and government, trade, and professional
associations such as the Industry Advisory Council and the National
Association of State Information Resource Executives is also useful
for exchanging ideas, sharing information, and identifying new ways
to meet common challenges.
Case Study: Ensuring the Credibility of the CIO
Organization
This state«s Justice Network (JNET) illustrates how
implementation of many of the practices discussed in this section
has enhanced the credibility of the CIO and his supporting
organization. JNET is a highly successful project started by the
CIO organization enabling agencies to jointly develop a single,
secure, web-based system to support administration of criminal
justice across the state. The project responds to the governor«s
priority for consolidated agency projects, thereby ensuring
high-level support for CIO efforts. The CIO organization conceived
the idea for JNET after receiving multiple requests from criminal
justice agencies for funding to develop redundant systems. The
organization identified the joint project as a good opportunity to
save on costs, share information, and reduce redundancy and errors
by making it possible to enter new offender information only once
as subjects proceed through the criminal justice process.
Historically, the state«s justice agencies have been highly
autonomous and distrustful of outsiders. Prior attempts to get the
agencies to work together failed. IT managers recognize that
success with the current initiative goes a long way in increasing
CIO credibility with the state agencies.
The CIO organization launched JNET by bringing together
stakeholders from across the state in a series of meetings over the
course of 2 months to establish a vision for a shared system that
would also meet individual justice agency information needs. Under
executive order, a senior-level leadership committee, including the
CIO, is responsible for establishing JNET policy, direction, and
standards and for authorizing the release of JNET funds. A steering
committee consisting of justice agency representatives works with
information management professionals and consultants to refine
project details. Its biweekly meetings provide a good opportunity
for the CIO organization to build relationships with the state
agencies and for agency representatives to get acquainted and learn
about one another«s operations and data resources. With central
responsibility for controlling contracts and funding drawn from the
agencies« budgets, the CIO organization is credited with being the
ƒglue≈ that holds JNET together. A JNET office, established to
administer the project on a day-to-day basis, also reports directly
to the CIO.
Under CIO guidance, JNET has been planned as a multiphase,
multiyear development effort with interim products and results. The
CIO organization has helped agencies successfully complete a pilot
phase to prototype initial JNET content and applications, also
demonstrating the CIO organization«s ability to help deliver on
commitments. Three additional phases involve testing the system«s
basic data-sharing function and adding new capabilities such as
data importing, on-line processing, and document management.
Initially, the justice agencies thought JNET was a bad idea; agency
representatives were pessimistic and merely went through the
motions of working together. They posed such resistance that at one
point, the CIO had the lieutenant governor make a surprise visit to
a steering committee meeting to oversee project progress,
demonstrate senior management support, and ensure agency
cooperation toward meeting common objectives. Once the agencies saw
the operational prototype and the project«s potential, they
realized that their individual sacrifices had paid off.
Today, JNET continues to grow in scope and popularity. Along
with it, CIO credibility has increased. The CIO organization is
currently working with several counties to help link them with
JNET. Next steps include instituting JNET at the local level and
ultimately partnering with other states to construct a nationwide
justice network. JNET«s success has served to legitimize and
increase the value of the CIO function to its business
counterparts. Now, other agencies, including the departments of
Health and Public Welfare, also want to work with the CIO
organization on similar cross-functional information management
initiatives.
Strategies to Consider
While senior executives are responsible for creating the
environments and positions likely to ensure CIO success, it is the
responsibility of the CIOs themselves to make that success a
reality. Regardless of all the promising skills, strategies, and
technologies they may bring to bear, no CIO can be effective
without first building credibility with business executives, IT
professionals, and user communities alike to ensure commitment and
support for their information management leadership and
initiatives. The following practices, commonly used by CIOs in
leading organizations to build credibility, can also be considered
and applied by CIOs in federal departments and agencies to better
legitimize their positions and help ensure success in their
individual business/cultural environments.
Provide information management leadership and vision by
•
ensuring that the vision encompasses senior management
priorities,
•
educating top managers on the value of information
technology and management in helping to accomplish mission
objectives,
•
articulating the vision in business terms to facilitate
line management understanding and achievement of buy-in,
and
•
using senior management discussion and decision-making
forums as opportunities to build consensus for IT programs and
initiatives.
Establish effective working relationships by
•
networking informally and forming alliances with other
senior managers to help defuse potential opposition and build
commitment to new technology directions;
•
getting managers from the business side of the enterprise
involved and accountable for information management
projects;
•
fulfilling commitments to provide effective IT goods and
services; and
•
establishing open communications and feedback mechanisms,
such as surveys and questionnaires, as a way to build
trust.
Balance quick successes with long term impact by
•
setting priorities and distinguishing between short term,
high-impact initiatives and longer term objectives that require
more vested interest; and
• outlining a plan or strategy for accomplishing these
priorities in an efficient and effective manner.
Leverage external information technology and management
expertise by
•
keeping abreast of technological change and incorporating
new products and strategies in the enterprise«s IT program as
appropriate,
•
forming partnerships and building off of the success and
expertise of external CIO peers, and
•
networking and participating in forums in the larger
community to debate and identify ways to address common information
technology and management issues and concerns.
Principle IV: Measure Success and Demonstrate Results
ƒMeasurement determines what one pays attention to. The things
that are measured become relevant; the things that are omitted are
out of sight and mind.≈
In many organizations the value of information technology and
management is considered intangible¬difficult to measure and mired
in terms of ƒsoft dollars≈ or ƒstrategic assets.≈ For this reason,
in the past, few organizations embarked on programs to measure the
effectiveness of IT systems. However, it has become increasingly
evident that without a measurement process where results can be
demonstrated, not only is information management at a disadvantage
when competing for scarce resources, but also when making its case
in support of efficiency and effectiveness initiatives. For the CIO
organization to be viewed as part of the business, a structured
process needs to be in place to measure success and demonstrate
results to the organization. This section discusses the approaches
that leading organizations use to measure performance and
results.
Key Characteristics
While there is no standardized approach to performance
measurement, leading organizations strive to understand and measure
what drives and affects their businesses and how to best evaluate
results. These organizations have generally struggled with
identifying and adopting measures to assess the value of IT, but
have been able to put some measures in place to help demonstrate
performance. They use measures for a variety of purposes. The
measures are a vehicle for communicating with senior management and
stakeholders in the areas the organization deems important.
Measures also serve as vital management and decision-making tools,
providing information that can be used to make improvements in
business outcomes and service delivery.
Many managers told us that the measures that capture the most
attention from senior management are simple ones¬or at least simple
in terms of how they are expressed. In a number of instances, the
organizations we visited used uncomplicated terms to communicate
measures, but the underlying concepts were quite involved and
required a good understanding of IT and business fundamentals.
These organizations collapsed a lot of information into a form that
effectively communicated the success or failure of information
technology and management activities and, in the case of the
latter, expanded on the issues and supplied additional information.
For example, one international organization, involved in several
product lines, measures its performance in line with the following
organizational business priorities:
•
Maximize performance (i.e., improve service and reduce IT
and management costs)
•
Improve business processes (i.e., IT projects and
E-commerce)
•
Increase team contributions
•
Create a leading-edge electronic communications
process
Even though these measures seem simple, a considerable amount of
time, effort, and data are involved in amassing and assessing the
results tied to these business priorities.
To establish joint ownership for performance management,
organizations strive to construct measures jointly with their
stakeholders, customers, managers, and CIO staff. They work
together to achieve a common understanding of goals, metrics, and
anticipated outcomes that are easy to understand but are aimed at
adding value. Managers told us that performance measurement systems
work best when combined with established measures that reflect
customer/stakeholder needs and the activities of employees that are
directly involved in information management. The CIO organization«s
responsibility does not end with the establishment of measures, nor
does the CIO organization have sole responsibility for
technological success. As a practical matter, those responsible for
judging the success of programs and their supporting functions
should agree on the measures used and become involved in monitoring
the outcomes.
Although approaches vary, leading organizations develop measures
with a focus toward improving not only internal IT performance but
also external relationships with technology users and the overall
business. Organizations balance various technical measures to
ensure that IT products and services are deployed in the most
effective and efficient ways and lead to desired business results.
They focus on monitoring short- and long-term IT measures that
directly affect business activities and produce real business
value. This means that IT activities must be directly related to
company relationships with customers, clients, and suppliers, and
also affect business results, such as direct costs or market
share.
Leading organizations use performance measures that focus on
business outcomes such as customer satisfaction levels, service
levels, and in some instances total requests satisfied. For
example, one state agency commissioner requires that his
departments develop tactical plans for all areas, not just IT. All
executives participate in the planning process. The performance
measures are broken down to meaningful levels as a way of holding
the ƒIT shop≈ and other departments accountable for the services
they provide. IT goals and objectives are incorporated into the
plans and IT performance outcomes are provided to the commissioner
and his executive staff on a quarterly basis. This exercise has
served to build credibility and help demonstrate the value that IT
adds to the organization. The existence of performance measures has
also made a difference in how agencies behave because the
documentation they provide serves to make them accountable.
To properly collect and analyze information, leading
organizations develop measurement systems that provide insight into
their IT service delivery and business processes. The establishment
of an information feedback system allows organizations to link
activities and functions to business initiatives and management
goals. This feedback, in turn, leads to increased IT productivity
and organizational effectiveness. One state we visited established
an information services board to develop statewide policy standards
and to monitor projects as part of its portfolio management
process. The board, however, has
Page 36 GAO-01-376G CIO Executive Guide
increasingly become more involved in monitoring and making
recommendations on troubled IT projects. Some of the lessons
learned from the board«s project reviews are that:
•
the board needs to get involved early in monitoring and
overseeing projects before considerable funds are spent on the
projects;
•
long-term, high-cost projects are no longer sustainable
because sponsors tend to be unable to sustain long-term
support;
•
projects are best managed in a limited-commitment, phased
approach; and
•
projects should quickly demonstrate results.
Once planning and decision-making structures are in place and
performance results can be used as part of the decision-making
process, organizations are in a better position to ensure that
goals and objectives clearly link and align with IT performance
measures. Leading organizations also assess the readiness of their
organizations to use IT measures and their receptiveness to data
collection, measurement, and analysis. Further, they nurture a
philosophy that is positive toward performance management and
measurement, and they view measures as a way to focus on business
value and customer satisfaction.
In summary, managers at the organizations we studied cautioned
that IT performance measurement is in its infancy and measurement
techniques are still evolving, partly due to changes in technology.
Most of the organizations are continually looking for ways to
improve their IT measurement systems as a means of supporting
achievement of organizational goals.
Case Study: Measuring Success and Demonstrating Results
To measure its information technology (IT) and management
initiatives, one state instituted a performance measurement process
(illustrated in figure 5) that is driven by an IT strategic plan.
The plan sets forth the goals and strategies needed to support the
state«s entities in developing IT plans, in using information
resources, and in defining IT performance measures. The IT
strategic plan also aligns very closely with the state«s strategic
plan, that sets forth four broad goals for the use of IT within the
state: (1) improve service delivery; (2) make information more
accessible; (3) use IT to improve productivity; and (4) invest in
people, tools, and methods. The IT strategic plan also incorporates
stakeholder involvement by including perspectives by state agency
executives, legislators, educators, and other stakeholders on the
use of the state«s IT resources. Also included in the plan is
information from the state«s biennial IT performance report. This
report evaluates the state«s progress toward meeting the last
biennium«s IT Strategic Plan goals and includes a summary of
strategic and operational performance measures. These measures, in
part, are the result of the state«s previous IT strategic plan and
are meant to measure how well IT resources are being used to
achieve the state«s overall strategic goals and operational
(technical) objectives. These results are published in the State«s
Biennial IT Performance Report and are used to benchmark the
state«s information management services. The state legislature also
uses this information to allocate future funding.
Figure 5: Performance Measurement Framework
measured and monitored
Strategic Performance Measures
Operational Performance Measures
• Progress made in deploying the state« s Educational
• Number of workload transactions completed and
Telecommunications network
telephone lines installed
• Increase in state«s use of Internet resources
• Number of driver«s licenses issued for specific periods
• Increase in the number of courts having access to state«s
Justice Information Network.
Information from the Biennial IT Performance Report is used to
develop the IT Strategic Plan
Strategies to Consider
Performance measurement is a critical step in ensuring results
and success from any project, but especially from information
technology and management initiatives whose value is often
difficult to capture. While performance measurement is still
evolving in principle and in practice, leading organizations have
pinpointed a number of strategies that have proven useful in
gauging the impact and benefits of their IT investments. These
strategies are discussed below.
Engage internal and external stakeholders in defining and
managing IT performance by
•
ensuring that mission delivery and IT performance
measures are integral to strategic management and decision-making
processes; and
•
establishing internal and external customer groups to
periodically review, validate, and accept IT performance
measures.
Ensure that processes are in place to balance business and
technical measures by
•
developing specific technical performance measures for IT
products and services and balancing them with business-driven
measures, and
•
demonstrating that the performance measurement data
generated are reliable and useful.
Establish an effective data collection and performance feedback
process by
•
developing well-designed performance data collection
methods;
•
establishing a limited set of outcome-based performance
measures that link to mission outputs and outcomes; and
•
utilizing concise, understandable performance reporting
tools and techniques and conducting performance measurement
reviews, as needed.
Critical Success Factors
Principles
Organizational Foci
Critical Success Factor 3: Execute CIO Responsibilities
The CIO and supporting organization are ultimately responsible
for successfully executing their role in the enterprise«s mission.
How central this role is to the strategic plans of the enterprise
will depend on each of the first two critical success factors, but
support from the top and all efforts to build credibility will be
futile unless the CIO organization is run effectively. If the CIO
organization is not able to execute its responsibilities, and if it
is not able to play the critical role for which it has been
developed, the corporation will learn to work around it, or it will
be replaced.
There are many aspects to successfully organizing and running a
CIO organization. However, this critical success factor, as well as
the underlying principles, focuses on the elements that leading
organizations believe are most central to the CIO«s responsibility.
Determination of the CIO organization structure must fall to the
CIO, as he or she is the senior executive of that unit. Aligning
the CIO organization with the needs of the enterprise is critical
to the satisfaction of those needs. Communicating enterprise
requirements to staff and making appropriate decisions to meet the
needs of the enterprise are the responsibility of the CIO. As the
CIO organization«s representative in strategic decision-making
forums, the CIO must be the translator of those strategies into CIO
organization initiatives.
Along with technology, human capital is the central resource the
CIO has to execute his or her responsibilities. While the CIO is
accountable for and reviews technology decisions, staff from
business areas may develop most of the investment proposals. Human
capital plans for the information management and technology area
are seen as the particular responsibility of the CIO. In the
current IT environment, technology has become a commodity. The
human capital involved in applying that technology to achieve the
mission of the enterprise is a resource that requires the CIO«s
attention. The hiring, retention, and training of information
management and technology personnel is seen by leading
organizations as a fundamental principle of good CIO practice.
Principle V: Organize Information Resources to Meet Business
Needs
ƒWhile the CIO is important, it is the operating environment for
the entire organization that will make it successful.≈
Developing a CIO organization is an ongoing process that demands
a clear understanding of the organization«s responsibility for
helping meet business needs. This responsibility, along with parent
business processes, market trends, internal legacy structures, and
available IT skills, drives decisions as to the structure of the
CIO organization and how the organization is aligned with the rest
of the enterprise. Ultimately, the CEO controls the assignment of
information technology and management functions to the CIO, the CIO
organization, and other organizational units. Once these decisions
are made, the CIO organization must provide effective, responsive
support through efficient allocation of resources and the
day-to-day execution of its responsibilities. This principle
examines the practices that leading organizations commonly use in
establishing CIO organizations to effectively meet their mission
needs.
Key Characteristics
It is the duty of a CIO to manage expectations and help ensure
that all members of a CIO organization have a clear understanding
of their responsibilities. In leading organizations, evolving
business processes play a key role in determining how these
information management responsibilities are structured and adapted
to meet changing needs. We found that leading organizations quickly
reallocate and make information resources available on a routine,
sometimes daily or hourly basis to address changes in business
processes. External factors, such as market trends, changing
technology, and available skills as well as internal legacy
structures and corporate ventures, also influence how a CIO
organization is formed, aligned, and adjusted to help support the
rest of an enterprise. For example, one organization that we
studied had experienced two mergers that required the company to
quickly integrate the new businesses and restructure to meet
growing business needs. Human resources systems were consolidated
and new corporate structures were quickly defined to ensure
continued support to the enlarged customer base. The company
remains prepared to restructure to meet ever-changing business
requirements.
In lieu of establishing either completely centralized or
decentralized CIO organizations, leading organizations manage their
information resources through a combination of such structures. In
this hybrid, the CEO assigns central control to a corporate CIO and
supporting CIO organization, while delegating specific authority to
each business unit for managing its own unique information
management requirements. The corporate CIO and supporting CIO
organization centrally formulate policies and standards for all
IT-related activities. They also centrally manage architectures and
a core set of infrastructure components to provide common IT
services to the entire corporation. The corporate CIO works with
CIOs or other information managers in each of the business units to
ensure efficient, reliable, and interoperable technology for the
entire corporation. The following figure illustrates traditional
centralized and decentralized organizational structures, in
comparison with the hybrid combination used by leading
organizations today.
Figure 6: Comparison of Decentralized, Centralized, and Hybrid
Structures
Leading organizations decide, as part of a sourcing strategy,
whether to provide specific information technology and management
services with in-house staff or external providers. An
organization«s sourcing strategy is part of a larger human capital
development strategy, which is discussed in principle VI. The
shortage of skilled IT workers in the current market environment is
often a major reason for leading organizations to outsource. The
CIO and decision-making authorities decide what type of work is
appropriate to outsource and what type of work is best performed
internally. Typically, leading organizations cultivate long-term
skills such as contract management, project management, and
security management, while outsourcing short-term skills such as
application development. For example, one state capital that we
visited is home to over 600 software companies. IT skills are in
great demand which made hiring by the state difficult, so this CIO
looked for alternatives to in-house software development and
management. It made sense for the state to outsource tactical
functions such as help desks and mainframe management.
On the other hand, there are responsibilities such as IT
planning and oversight that must remain in-house. As the state
contracts out more of its information technology and management
functions, it is also essential that it have good contract
management expertise.
Along with effective allocation of available resources, leading
organizations execute their information management responsibilities
reliably and efficiently. Technology is highly integrated with the
business processes in these organizations because technology is
viewed as an enabler for the business, not just a tool. The
organizations make IT investment decisions based on business case
analyses and return-on-investment projections. Consistent with a
fundamental strategic information management approach, the
organizations also focus on continuous process improvement. The
organizations provide reliable information management capabilities
on a daily basis, but also look to the future by pursuing new
initiatives that show how technology can improve the business of
tomorrow. For example, one state CIO that we interviewed said that
his role was to identify enterprisewide and strategic initiatives
to improve state information management. One initiative involved
establishing strategic direction, guidelines, and standards for
instituting electronic commerce in the state government. Electronic
commerce was to be used for such activities as renewing licenses
and paying taxes.
Leading organizations simplify projects by producing incremental
deliverables that quickly show success and demonstrate the impact
of effective CIO management while still focusing on long-term
objectives. As discussed in principle III, carrying out successful
projects is expected in leading organizations, and adds to the
credibility of the CIO and the CIO organization.
Case Study: Organizing Information Resources to Meet Business
Needs
Implementing a combination of centralized and decentralized
information management enables leading organizations to effectively
support their business operations. One leading organization
implements a combination of centralized and decentralized IT and
structures to best meet the needs of its three diverse lines of
business√an international services division, an international
industry division, and a retail division. The organization uses a
centralized IT infrastructure with decentralized development
efforts to provide efficiency and security for its corporate
customers. Efficiency is the number one priority of the
organization in terms of dollars spent as well as technology
performance.
The organization has CIOs in each of its three business units.
Each business unit makes IT investment decisions based on business
requirements and the technology available to support those
requirements. For example, desktop platforms and software vary
among business units depending on the unique needs of each business
area. The work in the business units is all performed in-house and
is not outsourced, as business expertise is considered a core
competency. The business CIOs work together to determine how IT can
be used to reach customers across business lines. The international
services and international industry divisions have some common
requirements based on the international nature of the two
divisions. The international industry division and the retail
division have common requirements based on the specific industry.
The CIOs of these divisions work together, leveraging opportunities
for shared IT products and services so that each unit can invest
fewer dollars to accommodate common needs.
The corporate IT organization«s role is to aggregate needs
across business units and provide solutions that can be integrated
to serve the entire corporation. Common components of each business
area include data centers, human resources, payroll, a financial
architecture, and a common desktop environment. Standard processes
and tools, such as contingency planning, interdependency
identification, protocols, and risk management, are used to
coordinate multiple business areas. These standard utilities
evolved through two corporate mergers and are now institutionalized
across the corporation. The mergers required that the organization
quickly adopt new organizational structures and address new
business requirements. The standard processes and policies
developed, applied, and improved as a result of the mergers provide
this organization with the flexibility it needs to adapt to future
changes in responsibility.
This organization is constantly looking to improve its IT
investment processes. All technology investments are justified
using business case analyses. The decision-making process for
establishing business cases recently evolved to include competitive
needs. Competitive needs were not considered when this organization
initially postponed electronic commerce initiatives due to low
return-on-investment projections. The organization fell behind the
competition in providing this service and the delay may have cost
it customers. As a result, competitive needs are now considered
part of the decision-making process.
Strategies to Consider
An effective CIO organization is a dynamic structure, responding
not only to business, mission, and cultural requirements, but also
to rapidly changing technologies, elusive skills, and competing
resources in the external market environment. Leading organizations
recognize the myriad forces driving their IT capabilities. The
following is an outline of the strategies that these organizations
consider in deciding how to effectively structure, source, and
execute their technology management operations.
Create a clear understanding of responsibilities within the
organization by
•
articulating a common description of responsibilities to
all levels of the CIO organization, and
•
assigning responsibilities to parts of the organization
based on skills and organizational structure.
Use a combination of centralized and decentralized
organizational structures by
•
centrally formulating policy and standards for all
IT-related activities, and providing common IT services through a
centrally managed infrastructure; and
•
delegating authority to the business units to manage
individual information management requirements.
Create an adaptable organizational structure by
•
redeploying internal resources to quickly address
changing business and customer requirements.
Select appropriate sourcing strategies by
•
considering outsourcing noncore responsibilities to
address the shortage of skilled IT workers in the current market
environment, and
•
keeping core competencies in-house.
Execute CIO responsibilities efficiently by
•
providing reliable and efficient IT services and
products,
•
making IT investment decisions based on business case
analyses and return-on-investment, projections, and
•
producing incremental deliverables to demonstrate results
while still focusing on longterm objectives.
Principle VI: Develop Information Management Human Capital
ƒProviding good benefits packages and building core competencies
are other ways of attracting, stimulating, and retaining IT
workers¬ especially among today's Δself-preservation-minded
generation-Xers.«≈
As is true with the other principles, the business requirements
of an enterprise drive decisions related to the specific types of
resources needed to implement technology successfully. External
market forces and internal legacies influence the types of skills
available to a CIO organization. Given these realities, the CIO
organization must provide an effective, responsive IT workforce to
help accomplish missions and goals. This principle discusses the
strategies that leading organizations use to assess their skill
bases and attract, recruit, and retain IT professionals.
Key Characteristics
Leading organizations develop human capital strategies to assess
their skill bases and recruit and retain staff who can effectively
implement technology to meet business needs. Figure 7 provides an
overview of the strategy that leading organizations use to secure
information management human capital.
Figure 7: Strategy for Securing Human Capital in Leading
Organizations
Training
it
u
Outsource
Leading organizations assess their IT skills on an ongoing basis
to determine what expertise is needed to meet current
responsibilities and support future initiatives. They can evaluate
the skills of their employees using methods provided by entities
such as Carnegie Mellon University«s Software Engineering
Institute6 and the Information
Curtis B. Hefley, W.E. & Miller, S. (1995). People
Capability Maturity Model. [Technical Report CMU/SEI-95-MM-02].
Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon
University.
GAO-01-376G CIO Executive Guide Page 47
Technology Association of America. Needed skills are compared
with existing capabilities in the organization to determine gaps in
the IT skills base. For example, the state university at one of our
case study locations had conducted a study revealing continuing
gaps in the state«s ability to recruit and retain IT workers
vis-à-vis industry. In response to the governor«s initiative to
expand the state«s IT workforce, proposals were made for a program
to recruit and fund college and university students willing to
study technology management as a prelude to becoming part of the
state government«s labor force. Strengthening the skills and
capabilities of IT professionals through training and innovative
hiring practices is part of a formula for building information
technology and management capabilities.
Leading organizations sometimes use surveys that compare missing
capabilities with market availability to determine what skills to
acquire through hired professionals. When professionals with the
necessary skills cannot be hired, these organizations supplement
the existing workforce with external information resources. More
specifically, they cultivate expertise in their internal
workforces, while outsourcing skills that are available from
multiple sources at lower cost. Leading organizations may even
choose to replace labor with technology when they cannot hire the
skilled professionals they need. Core information management
functions include project management, security management, and
contract management practices that can apply to a variety of
projects. The various staffing and sourcing strategies provide
leading organizations with dynamic workforces that can quickly
carry out these functions to meet changing business needs.
Studies forecast an ever-increasing shortage of IT
professionals, presenting a great challenge for both industry and
the federal government. Organizations are finding it difficult to
retain staff when their competitors can always offer higher
salaries. For example, one state government CIO organization that
we studied experienced a 22 percent turnover in IT professionals.
Despite having higher technology wages than any other state in the
country, the state remains at a disadvantage in competing with
industry and must rely on alternative strategies and incentives to
attract and retain skilled workers.
While benefits, recognition, and challenging responsibilities
are also useful in securing staff, leading organizations identify
training as a major nonsalary incentive for attracting and
retaining skilled IT professionals. Leading organizations dedicate
an increasing percentage of their IT budgets to training. Sometimes
such funds are devoted to retraining existing nontechnical
personnel to supply them with IT expertise. For example, one
industry case study organization sponsors a 3-month course to
retrain about 2,000 legacy employees in project management skills.
The company also offers a range of formal classroom training, less
formal workshops, and informal mentoring programs. Given the change
management environment for IT in this company, staff always wants
and needs to be in a learning mode. Similarly, another industry CIO
told us that he provides IT training through a program that pays
new employees 50 percent of their salaries while they attend
school. Upon completion of training, the employees each earn 75
percent of their salary during an initial performance evaluation
period, and full salary at the end of that period.
While managers in leading organizations are accountable for
creating opportunities for their employees« training, individual
staff are responsible for taking advantage of those opportunities.
In general, leading organizations provide training as part of a
changing high-tech work environment that includes state-of-the-art
tools and methods allowing skilled IT workers to perform their jobs
to the best of their ability.
We identified additional strategies that leading organizations
use to enhance their information management workforces.
Specifically, these organizations bring in employees with desirable
skills from across the enterprise to work in conjunction with IT
professionals, thereby maximizing the capability of their technical
resources. These employees make up cross-functional teams that
provide an appropriate mix of business expertise and IT skills to
accomplish the various tasks of a project. Working together, the
members reflect the interests of not just information technology
and management, but the user community and the project«s
stakeholders, and provide a holistic blend of technical, project
management, value management, budget, finance, and procurement
skills and capabilities to meet mission needs.
Case Study: Developing Information Management Human
Capital
Using a variety of staffing and sourcing strategies provides
leading organizations with dynamic workforces that can quickly meet
changing business needs. One leading company«s CIO said that
recruiting information management workers with special skills in
areas such as data networks and systems administration is extremely
competitive. To be successful in recruiting, his organization has
devised different offer packages to attract employees. A package
might include accelerated salary schedules or stock options. Once
hired, the company sends these employees back to college for IT
training and invests in them. This CIO acknowledges, however, that
his company does not spend enough on training. Currently,
approximately 1 percent of the IT operating budget is devoted to
training.
This organization also provides training to new employees
through a program that pays 50 percent of the employee«s salary
while he or she attends school. Upon completion of training, the
employee enters a performance evaluation period during which the
employee earns 75 percent of his or her salary. After successfully
completing the performance evaluation period, the employee then
begins earning a full salary.
The organization increased its salary base to compete with other
companies in retaining and attracting talented information
management workers. Besides salaries, company managers view a good
working environment and awards and recognition as essential for
retaining employees. Recently, the CIO took over 400 employees and
guests to a five-star hotel for an evening out to celebrate the
group«s accomplishments. When senior managers appreciate business
accomplishments, they are willing to spend funds for staff
recognition. This CIO admits that his IT workers are constantly
asked to work long hours and undergo a lot of stress though they
get little in return for the amount of work they do.
This CIO believes that money is not the only motivator for IT
staff. He feels that an important element to managing staff is
finding ways to recognize individuals and say ƒthank you.≈ When the
thank you comes from inside the organization, it goes a long way.
The CIO uses different means to show his appreciation. For
instance, his staff publishes a monthly appreciation newsletter
through the Intranet. The CIO believes there is big payoff in these
types of activities and the costs are minimal, if any. The CIO also
views time off as a good incentive bonus because it does not cost
the company very much. Other incentives his group has undertaken
include taking staff out for lunch or handing out $100 American
Express checks. In today«s environment, organizations have to be
creative. One of the managers created a thank you toolkit to show
her appreciation to her staff. The CIO states, ƒIf you don«t have a
lot of money to spend, you have to ask yourself, what are the
little things you can do to show your appreciation.≈
Strategies to Consider
Given the increasing shortage of IT professionals in the current
market environment, securing an effective, responsive technology
management workforce is a challenging task for both business and
government organizations alike. Leading organizations have
identified the following strategies that help in assessing their IT
skills and recruiting, retaining, and utilizing talent to meet
their business needs. These organizations consider and apply the
various strategies as appropriate within the organizational,
financial, and cultural parameters of their individual business and
government enterprises.
Assess the skill base by
•
determining expertise needed to perform information
management responsibilities, and
•
identifying gaps between skills available and skills
needed.
Identify innovative ways to attract talent by
•
providing good benefits packages, and
•
building core competencies.
Provide training, tools, and methods to help retain expertise,
including
•
directing an increasing percentage of the budget to fund
training,
•
evaluating staff to make sure they are achieving the
desired technical skills,
•
holding managers accountable for providing training
opportunities for their staffs, and
•
providing a high-tech environment of tools and
methodologies for skilled IT professionals.
Employ alternative methods and sources for supplying talent,
including • outsourcing and supplementing the existing workforce
with external expertise,
•
bringing in employees with desirable skills from across
the enterprise to work with and help maximize the capability of
information technology and management professionals, and
•
replacing labor with technology.
Using This Guide
The principles and practices we developed based on our
interviews with leading organizations in the private sector and
state government have enabled us to construct a framework to guide
federal CIO organizations. In our discussions with about half of
the CIOs of major federal departments and agencies and five CIOs of
small federal agencies, we found that they generally agree with the
leading organizations on the fundamental management principles for
information management and technology. At the same time, we found
that the practices used by federal CIOs tend to differ from those
used by leading organizations. We did not study the reasons for
these deviations specifically, although some likely result from the
context in which federal CIOs operate. Both operational and
structural aspects of the CIO«s environment can vary significantly
between the public sector and the private sector.
Rather than dwell on differences, it is more useful to focus on
the considerable common ground between public and private CIO
organizations to build efforts for improvement. The specific key
conditions and strategies described in this guide can be used as
suggestions for federal CIOs to apply or adapt to their
environments, as appropriate. More generally, the key conditions
and strategies can be thought of as addressing specific aspects of
the six primary principles, which CIOs from all sectors agree are
critical to the successful execution of their responsibilities and
realization of the potential benefits of information technology
investments. Taken as areas of focus, these aspects may be
evaluated by federal CIO organizations and tackled using techniques
suited to their situations. Recognition of the differences
described above, as well as others, should influence the
application of advice provided in this guide. But the advice of
CIOs of leading organizations should remain relevant regardless of
the specifics of the situation.
The ideas presented in this guide may also provide the
foundation for further discussion within the federal CIO community.
Many federal CIOs, in the normal course of their own efforts, have
already begun working along the lines of the advice provided in
this guide. These CIOs have gained valuable insights into applying
the practices of leading organizations to the federal sector. The
CIO Council, or other organizations of federal CIOs, can create an
opportunity for sharing these experiences, using the principles
described in this guide as an organizing framework. The challenge
of understanding how the federal context influences the
effectiveness of the principle may be best met with support from
managers who work in the same context.
In addition, the specific key conditions and strategies
described in this guide will provide insight when considering areas
of future study. For example, specific principles may be
investigated more deeply and strategies for implementing a
principle, such as developing information technology human capital,
may be proposed in more detail. Or those aspects of the federal CIO
environment that constrain the federal CIO flexibility and hinder
the ability to perform effectively may be examined more closely,
and specific strategies to cope with those aspects may be proposed.
Understanding how CIOs of leading organizations approach their
work, and acknowledging those aspects of the federal CIO
environment that limit the ability to implement similar strategies,
may prompt congressional and executive board discussions about the
need for future legislation and policy changes.
A few dimensions in which the federal and private sector can
differ are described below. These examples largely stem from the
nature of the public sector in which federal CIOs operate. Many of
these examples were mentioned by federal CIOs interviewed for this
guide. However, the extent to which the differences create
additional constraints on the CIOs depends on how they and agency
leaders respond to them.
•
Senior executive management in the federal sector can
differ significantly from the private sector. The agency head is a
political appointee who often is more focused on policy issues than
on internal management and operations. This can deny the CIO the
ƒCEO≈ support that is so critical for the successful integration of
information technology into business or mission
functions.
•
The budget decision-making process used for information
technology projects can present particular challenges for the
federal CIO not found in the private sector. For example,
legislative actions, such as tax law changes and Medicare payment
process changes, may require extensive system modifications, and
the CIO does not have the flexibility to decide whether or not to
pursue them. This ties up resources that might otherwise have been
expended differently. In fact, mandated projects often must be
funded by money that had been planned for other projects. Long-term
investment strategies are difficult because agencies are asked to
put together funding requests 1824 months in advance of funding
availability. In addition, IT funds may be contained within the
appropriations for a specific program or an overall administrative
budget, making them less visible and, if part of discretionary
spending, more subject to volatile changes in the federal budget.
As a result, the CIO may not have control or direct oversight over
much of the IT funding within the agency.
•
Personnel decisions in the federal sector are often
constrained due to work rules or organizational factors. Current
information management job descriptions do not match the
occupations recognized in the industry today. Training funds are
often limited due to larger budget considerations. Recently, the
Office of Personnel Management (OPM) found salaries in the federal
government to be lower than in the private sector. On November 3,
2000 OPM implemented a governmentwide policy increasing salaries in
several IT categories in an effort to make federal employment more
competitive. Because this policy was recently implemented, we
cannot yet assess the impact of these changes on federal employment
practices.
•
The federal CIO may direct an organizational structure in
which duties that would typically be a CIO«s responsibility in the
private sector are not under his or her direction at all. For
example, some federal CIOs are in charge of large policy and
oversight functions with little operational responsibility. While
this may be an appropriate model, it is critical that any model be
matched with the overall needs of the agency in mind.
•
The range of responsibilities, as defined by legislation,
that accrue to the CIO are very broad in the federal sector,
including areas such as records management and Freedom of
Information Act requirements, for which there is little parallel in
the private sector. While federal CIOs often may not have
operational authority for the full range of responsibilities in the
legislation, they and their agencies are still subject to oversight
by the Congress in many of these areas.
Though the environment faced by a CIO in the federal sector
clearly differs from that of CIOs in other contexts, the principles
that form the basis for this guide remain relevant. The underlying
principles were observed consistently in our sample of leading
organizations, and were cited as being critical to the success of
their CIOs. Federal CIOs can learn from the successes of these
leading organizations and can apply the principles as appropriate
in their own organizations. In addition, agency heads and other
senior leaders in the federal government can gain an understanding
of their roles in executing the critical success factors that must
be addressed as CIOs work to meet the letter and intent of the
Clinger-Cohen Act and related legislation.
Appendix I Federal Legislation Affecting Information
Management
Federal Financial Management Improvement Act of 1996 (Public Law
104-208) ¬ This Act requires that agency financial management
systems comply with federal financial management system
requirements, applicable federal accounting standards, and the U.S.
Government Standard General Ledger (SGL) in order to provide
uniform, reliable, and more useful financial information. The act
requires that auditors for each of the 24 departments and agencies
named in the CFO Act report, as part of their annual audits of the
agencies« financial statements, whether the agencies« financial
management systems comply substantially with federal financial
management systems requirements, applicable federal accounting
standards, and SGL at the transaction level. The act also requires
that GAO report on its implementation annually.
Clinger-Cohen Act of 1996 (Public Law 104-106) ¬ This law is
intended to improve the productivity, efficiency, and effectiveness
of federal programs through the improved acquisition, use, and
disposal of IT resources. Among other provisions, it (1) encourages
federal agencies to evaluate and adopt best management and
acquisition practices used by both private and public sector
organizations,
(2) requires agencies to base decisions about IT investments on
quantitative and qualitative factors associated with the costs,
benefits, and risks of those investments and to use performance
data to demonstrate how well the IT expenditures support
improvements to agency programs, through measurements such as
reduced costs, improved employee productivity, and higher customer
satisfaction, and (3) requires executive agencies to appoint CIOs
to carry out the IT management provisions of the act and the
broader information resources management requirements of the
Paperwork Reduction Act. The Clinger-Cohen Act also streamlines the
IT acquisition process by eliminating the General Services
Administration«s central acquisition authority, placing procurement
responsibility directly with federal agencies, and encouraging the
adoption of smaller, modular IT acquisition projects.
Paperwork Reduction Act (PRA) of 1995 (Public Law 104-13) ¬ PRA
applies life cycle management principles to information management
and focuses on reducing the government«s information-collection
burden. To this end, PRA designated senior information resources
manager positions in the major departments and agencies with
responsibility for a wide range of functions. PRA also created the
Office of Information and Regulatory Affairs within the OMB to
provide central oversight of information management activities
across the federal government.
Government Management Reform Act of 1994 (Public Law 103-356) ¬
This legislation expands the requirement for a fully audited
financial statement under the CFO Act to 24 agencies and components
of federal entities designated by the Office of Management and
Budget. The act requires the Department of the Treasury to produce
a consolidated financial statement for the federal government,
which GAO is to audit annually.
Federal Acquisition Streamlining Act of 1994 (FASA) (Public Law
103-355) ¬ This law requires agencies to define cost, schedule, and
performance goals for federal acquisition programs (to include IT
projects) and monitor these programs to ensure that they remain
within prescribed tolerances. If a program falls out of tolerance,
FASA requires the agency head to review, take necessary actions,
and, if necessary, terminate the program.
Government Performance and Results Act (GPRA) of 1993, Public
Law 103-62 ¬ GPRA requires agencies to prepare multiyear strategic
plans that describe mission goals and methods for reaching them.
The act requires agencies to develop annual performance plans that
OMB uses to prepare a federal performance plan that is submitted to
the Congress along with the President«s annual budget submission.
The agency plans must establish measurable goals for program
activities and describe the methods by which performance toward
those goals will be measured. The act also requires agencies to
prepare annual program performance reports to review progress
toward annual performance goals
Chief Financial Officers (CFO) Act of 1990 (Public Law 101-576)
¬ The CFO Act provides a framework for improving federal government
financial systems. It centralizes within OMB, through the Deputy
Director for Management and the Office of Federal Financial
Management, the establishment and oversight of federal financial
management policies and practices and requires OMB to prepare and
submit to Congress a governmentwide, 5-year financial management
plan. The act also requires the 24 major agencies to have CFOs and
deputy CFOs and lays out their authorities and functions. Further,
the act sets up a series of pilot audits under which certain
agencies are required to prepare agencywide financial statements
and subject them to audit by the agencies« inspectors general.
Computer Security Act of 1987 (Public Law 100-235, as amended by
Public Law 104106) ¬ This law addresses the importance of ensuring
and improving the security and privacy of sensitive information in
federal computer systems. The act requires that the National
Institute of Standards and Technology develop standards and
guidelines for computer systems to control loss and unauthorized
modification or disclosure of sensitive information and to prevent
computer-related fraud and misuse. The act also requires that all
operators of federal computer systems, including both federal
agencies and their contractors, establish security plans.
Federal Managers« Financial Integrity Act (FMFIA) of 1982
(Public Law 97-255) ¬FMFIA requires agencies to establish internal
accounting and administrative controls in compliance with standards
established by the Comptroller General. The act also requires that
OMB establish, in consultation with the Comptroller General,
guidelines that the agencies shall follow in evaluating their
systems of internal accounting and administrative controls.
Government Information Security Reform (P.L. No. 106-398, Div.
A, Title X, subtitle G) -This legislation amends 44 U.S.C. Chapter
35 by enacting a new subchapter on "Information Security." The
Security Act requires the establishment of agencywide information
security programs, annual agency program reviews, annual
independent evaluations of agency programs and practices, agency
reporting to OMB, and OMB reporting to Congress. The Act covers
programs for both unclassified and national security systems, but
exempts agencies operating national security systems from OMB
oversight. The Security Act is to be implemented consistent with
the Computer Security Act.
Government Paperwork Elimination Act (GPEA) (P.L. No. 105-277,
Div. C, Title XVII) -GPEA requires that by 2003 federal agencies
provide, where practicable, for the option of submitting,
maintaining, or disclosing information in electronic form as a
substitute for paper, and for the use and acceptance of electronic
signatures.
Privacy Act of 1974 (Public Law 93-579) ¬ The Privacy Act
protects the privacy of individuals identified in information
systems maintained by federal agencies by regulating the
collection, maintenance, use, and dissemination of information by
such agencies.
Freedom of Information Act of 1966 (Public Law 89-554) ¬ This
law established the right of public access to government
information by requiring agencies to make information accessible to
the public, either through automatic disclosure or upon specific
request, subject to specified exemptions.
Appendix II Objectives, Scope, and Methodology
The objective of our research was to determine how several
leading organizations have implemented their CIO positions and
supporting management infrastructures. We were interested in
identifying effective CIO management practices used across a
variety of organization types and structures. In doing so, we also
sought to develop specific case study information on how CIOs have
helped improve the effectiveness of their organizations« business
operations. We have used this information to develop suggested
guidance to assist federal agencies in effectively integrating
newly created CIO functions into their respective
organizations.
We synthesized a great deal of literature and research on CIO
organizations to provide ideas on effective practices in
information technology and management. This body of knowledge
served as a foundation for designing our project approach. We then
conducted case studies at a number of private and public
organizations. We have found that case studies provide an abundant
source of information describing management practices and the
intellectual background that led to the development of those
practices. Case studies also provide the flexibility to pursue
particularly rich avenues of inquiry as they develop during
interviews. Finally, they are also an excellent means of
communicating the essence of practices that have worked well by
capturing the context as well as the specific practice.
We identified candidate organizations for our study based on
awards and recognition from professional organizations and
publications over the past several years. We conducted multi-day
visits to organizations that agreed to participate in our study to
learn
•
each organization«s approach to selecting, positioning,
and defining the roles and responsibilities of its CIO;
•
techniques for instituting IT policies and standards,
managing technical personnel and financial resources, building
customer/supplier relationships, and measuring the performance of
IT organizations in meeting business needs; and
•
strategies for promoting and facilitating business and
organizational change through IT.
We visited three private and three public sector organizations
recognized as leaders in successfully managing information and
technology investments to create value and improve business
performance. We selected private organizations across a range of
dimensions, including type of business, number of employees, and
revenues. All private organizations contacted had received
recognition by professional organizations and publications,
corporate executives, or independent researchers. Our selection of
state organizations was based on recognition by professional
publications, state CIOs, and the National Association of State
Information Resource Executives (NASIRE). In particular, NASIRE
awards recognition to states whose systems have made important
contributions to the operations of state governments. The following
organizations participated in our study:
•
Commonwealth of Pennsylvania
•
State of Texas
•
State of Washington
•
Chase Manhattan Bank
•
General Motors Corporation
•
J.C. Penney
We also interviewed the former CIO of the state of California
and the current CIO at U.S. West Communications, although we did
not conduct comprehensive case studies at these entities.
We conducted site visits to each participating organization and
obtained supporting documentation, illustrations, and examples.
During the visits, we interviewed the CIO, members of the senior
executive team, IT managers, and other officials as identified by
the host organization, to obtain their individual perspectives on
information and technology management issues. Based on the
documentation and interviews obtained from our site visits, we
compared practices across organizations to identify innovative
practices used by individual organizations as well as common
practices used across the variety of organizations participating in
our study.
We subsequently interviewed 50 percent of the Federal CIO
Council members as a means of comparing federal CIO practices with
our case study results and ensuring that practices used in the
industry and state organizations also addressed the challenges
found in the federal government. We selected a mix of federal
organizations to visit, taking into consideration their various
mission types (civilian, military, or regulatory), centralized and
decentralized structures, and prior GAO study results. Further, we
met with a panel of CIOs from five small federal agencies to
determine whether the practices identified are also applicable
across diverse organizational sizes (based on dimensions such as
budget, personnel, etc.). These discussions, which are summarized
in the section entitled ƒCurrent Federal CIO Environment,≈ helped
us identify similarities and differences in the CIO management
practices of federal versus leading organizations. The discussions
have also enabled us to pinpoint areas where federal agencies can
benefit from integrating the practices of such leading
organizations in their respective organizations.
Our research was conducted from March through October 1999 and
culminated in the issuance of an exposure draft in March 2000.
Since March 2000 we received comments from a variety of
organizations and individuals. Based on suggestions from the
general public we have considered and made changes to the text
where appropriate. General consensus of those providing input was
that the CIO Guide represented leading practices and that the
document was insightful and valuable.
Appendix III Related GAO Documents
Information Security Risk Assessment: Practices of Leading
Organizations
(GAO/AIMD-00-33, November 1, 1999).
Executive Guide: Creating Value Through World-class Financial
Management
(GAO/AIMD-99-45, Exposure Draft, August 1999).
Executive Guide: Leading Practices in Capital Decision-Making
(GAO/AIMD-99-32, December 1998).
Executive Guide: Information Security Management: Learning From
Leading Organizations (GAO/AIMD-98-68, April 1998).
The Results Act: An Evaluator«s Guide to Assessing Agency Annual
Performance Plans
(GAO/GGD-10.1.20, Version 1, April 1998).
Executive Guide: Measuring Performance and Demonstrating Results
of Information Technology Investments (GAO/AIMD-98-89, March
1998).
Agencies' Annual Performance Plans Under the Results Act: An
Assessment Guide to Facilitate Congressional Decisionmaking
(GAO/GGD/AIMD-10.1.18, Version 1, February 1998).
Business Process Reengineering Assessment Guide (GAO/AIMD
10.1.15, Version 3, May 1997).
Agencies« Strategic Plans Under GPRA: Key Questions to
Facilitate Congressional Review (GAO/GGD-10.1.16, Version 1, May
1997).
Assessing Risks and Returns: A Guide for Evaluating Federal
Agencies' IT Investment Decision-Making (GAO/AIMD-10.1.13, Version
1, February 1997).
Executive Guide: Effectively Implementing the Government
Performance and Results Act
(GAO/GGD-96-118, June 1996).
Strategic Information Management (SIM) Self-Assessment Toolkit
(Exposure Draft, Version 1.0, October 28, 1994).
Executive Guide: Improving Mission Performance Through Strategic
Information Management and Technology (GAO/AIMD-94-115, May
1994).
Meeting the Government«s Technology Challenge: Results of A GAO
Symposium
(GAO/IMTEC-90-23, February 1990).
Appendix IV Selected CIO Resources
Professional Organizations
Association for Federal Information Resources Management:
www.affirm.org Chief Financial Officers Council: www.financenet.gov
Federal Chief Information Officers Council: www.cio.gov Government
Information Technology Services Board: www.gits.gov Industry
Advisory Council: www.iaconline.org Information Systems Audit and
Control Association and Foundation: www.iasca.org Information
Technology Association of America: www.itaa.org Information
Technology Resources Board: www.itrb.gov International Federation
of Accountants: www.ifac.org National Association of State
Information Resource Executives: www.nasire.org Society for
Information Management: www.simnet.org
Publications
Beyond Computing: www.beyondcomputingmag.com CIO Magazine:
www.cio.com Federal Computer Week: www.fcw.com Government Computer
News: www.gcn.com Government Executive: www.govexec.com
InformationWeek: www.informationweek.com
International Data Group: www.idg.com Sloan Management Review:
www.mitsloan.mit.edu/smr/index.html
GAO-01-376G CIO Executive Guide Page 61
Research Organizations
Forrester Research, Inc.: www.forrester.com Foundation for
Performance Measurement: www.fpm.com Gartner Group: www.gartner.com
GIGA Information Group: www.gigaweb.com International Data
Corporation: www.idc.com IT Governance Institute:
www.itgoverence.org/itgi META Group Inc.: www.metagroup.com Yankee
Group: www.yankeegroup.com
Federal Resources
Federal Acquisition Regulation: www.ARNet.gov/far/ Critical
Infrastructure Assurance Office: www.caio.gov Federal Computer
Incident Response Capability: www.fedcirc.gov Federal Information
Processing Standards: www.itl.nist.gov General Accounting Office:
http://www.gao.gov/ GSA«s Policyworks: www.policyworks.gov IT
Policy On-Ramp: www.itpolicy.gsa.gov National Partnership for
Reinventing Government: www.npr.gov Office of Management and Budget
Homepage: www.whitehouse.gov/omb
Other Resources
Chief Information Officer ¬ Treasury Board of Canada:
http://www.cio-dpi.gc.ca/home_e.html
Appendix V Selected Books and Articles
ƒBest Practices in Improving IT Staff Competencies,≈ GIGA
Information Group, December 1998.
Blodgett, Mindy, ƒThe CIO Starter Kit: Ten Tools Every New CIO
Needs to Succeed,≈ CIO Magazine, May 15, 1999.
Boar, Bernard H., Practical Steps for Aligning Information
Technology with Business Strategies: How to Achieve a Competitive
Advantage (John Wiley & Sons, Inc., New York, New York,
1994).
Boar, Bernard H., Strategic Thinking for Information Technology
(John Wiley & Sons, Inc., New York, New York, 1996).
Bryson, John M., Strategic Planning for Public and Nonprofit
Organizations: A Guide to Strengthening and Sustaining
Organizational Achievement (Jossey-Bass Publishers, San Francisco,
California, 1991).
Camp, Robert C., Benchmarking: The Search for Industry Best
Practices That Lead to Superior Performance (ASQC Quality Press,
New York, New York, 1989).
Cortada, James W., Best Practices in Information Technology
(Prentice Hall PTR, Upper Saddle River, New Jersey, 1998).
Earl, Michael J., and Feeny, David F., ƒDoes the CIO Add Value?≈
Informationweek, May 30, 1994.
Ferris, Nancy, ƒCIOs on the Go,≈ Government Executive, March
1999.
Government Executive Magazine/Price Waterhouse, The Manager«s
Edge (National Journal Group, Washington, D.C., 1998).
Hubbard, Douglas, ƒThe IT Measurement Inversion,≈ CIO
Enterprise,≈ April 15, 1999.
Mayor, Tracy, ƒMaking a Federal Case of IT,≈ CIO Magazine, July
1, 1999.
Morin, Therese; Devansky, Ken; Little, Gard; and Petrun, Craig,
Information Leadership: A Guide for Government Executives
(PricewaterhouseCoopers, LLP, 1999).
Stephens, Charlotte S., The Nature of Information Technology
Managerial Work: The Work Life of Five Chief Information Officers
(Quorum Books, Westport, Connecticut, 1995).
Stuart, Anne, ƒThe CIO Role: The New IS Role Models,≈ CIO
Magazine, May 15, 1995.
Tapscott, Don and Caston, Art, Paradigm Shift ¬ The New Promise
of Information Technology (McGraw-Hill, Inc., New York, New York,
1993).
Wakin, Dr. Edward, ƒThe Multifaceted CIO,≈ Beyond Computing, May
1995.
Wang, Charles B., Techno Vision II: Every Executive«s Guide to
Understanding and Mastering Technology and the Internet
(McGraw-Hill, Inc., New York, New York, 1997).
Weill, Peter and Broadbent, Marianne, Leveraging the New
Infrastructure: How Market Leaders Capitalize on Information
Technology (Harvard Business School Press, Boston, Massachusetts,
1998).
Woldring, Roelf, ƒChoosing the Right CIO,≈ Business Quarterly,
Spring 1996.
Wreden, Nick, ƒExecutive Forum: Proving the Value of
Technology,≈ Beyond Computing, July/August 1998.
Appendix VI Selected Information Management Reports and
Guidance
An Analytical Framework for Capital Planning and Investment
Control for Information Technology, U.S. General Services
Administration, Office of Policy, Planning and Evaluation, Office
of Information Technology, May 1996.
ƒBest IT Practices in the Federal Government,≈ CIO Council and
IAC, October 1997.
Capital Programming Guide, Version 1.0, Supplement to Office of
Management and Budget Circular A-11, Part 3: Planning, Budgeting,
and Acquisition of Capital Assets, July 1997.
Evaluating Information Technology Investments: A Practical
Guide, Version 1.0, Office of Information and Regulatory Affairs,
Information Policy and Technology Branch, Office of Management and
Budget, November 1, 1995.
Federal Enterprise Architecture Framework, Version 1.1, Federal
CIO Council, September 1999.
Federal Information Technology, Executive Order on ITMRA, The
White House, July 17, 1996.
Federal IRM Training Roadmap: A Guide for Federal CIOs, (Draft),
Federal CIO Council, Education and Training Committee, January
1999
Funding Information Systems Investments, M-97-02, Office of
Management and Budget, October 25, 1996.
IAC / CIO Task Force Draft Report, Industry Advisory Council,
July 9, 1996.
Implementing Best Practices: Strategies at Work, Federal CIO
Council, Capital Planning and IT Investment Committee, June
1998.
Implementing Capital Planning and Information Technology
Investment Processes: An Assessment, Federal CIO Council, Capital
Planning and IT Investment Committee, Best Practices Subcommittee,
May 29, 1998.
ƒMajor System Acquisitions,≈ Circular No. A-109, Office of
Management and Budget, April 5, 1976.
Management of Federal Information Resources, Circular No. A-130,
Revised, Office of Management and Budget, February 8, 1996.
Meeting the Federal IT Workforce Challenge, Federal CIO Council,
Education and Training Committee, June 1999.
Preparation and Submission of Budget Estimates, Circular No.
A-11, Revised, Office of Management and Budget, June 23, 1997.
ROI and the Value Puzzle, Federal CIO Council, Capital Planning
and IT Investment Committee, April 1999.
Strategic Plan, Federal CIO Council, Fiscal Year 2000.
The Federal Chief Information Officer: Fourth Annual Top Ten
Challenges Survey, Association for Federal Information Resources
Management, December 1999.
The Impact of Change: Clinger-Cohen Act Implementation, Laying
the Foundation for Year 2000 and Beyond, Eighth Annual ITAA Survey
of Federal CIOs, December 1997.
Appendix VII Project Adviser Acknowledgments
We would like to acknowledge the following individuals whose
advice and assistance throughout this project have been
invaluable.
Dr. Lynda McDonald Applegate Professor of Business
Administration Harvard Business School
Thomas V. Fritz President & Chief Executive Officer Private
Sector Council
Laraine Rodgers Vice President Emerald Solutions
Paul Rummell Senior Partner KPMG Consulting
(310400)
Ordering Information
The first copy of each GAO report is free. Additional copies of
reports are $2 each. A check or money order should be made out to
the Superintendent of Documents. VISA and MasterCard credit cards
are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.
Orders by mail:
U.S. General Accounting Office
P.O. Box 37050 Washington, DC 20013
Orders by visiting: Room 1100 700 4th St. NW (corner of 4th and
G Sts. NW)
U.S. General Accounting Office Washington, DC
Orders by phone: (202) 512-6000 fax: (202) 512-6061 TDD (202)
512-2537
Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on how to
obtain these lists.
Orders by Internet: For information on how to access GAO reports
on the Internet, send an e-mail message with "info" in the body
to:
[email protected]
or visit GAO's World Wide Web home page at:
http://www.gao.gov
Contact one:
To Report Fraud,
• Web site: http://www.gao.gov/fraudnet/fraudnet.htm
Waste, or Abuse in
• e-mail: [email protected] •
1-800-424-5454 (automated answering system)
