LegiStorm

Summary:
What GAO Found

A majority of the 71 private sector Chief Information Officer (CIO) survey respondents reported having responsibilities that aligned with those of agency CIOs in 13 of 14 key IT management areas. These areas include strategic planning, investment management, and information security. One area of responsibility (the statistical policy area) was reported by more than half of respondents as being outside their scope of responsibility. In addition, CIO respondents also reported sharing responsibility with other executives in each IT management area (see figure 1).

Figure 1: Extent of Sharing of IT Management Area Responsibilities Reported by 71 Private Sector Chief Information Officer (CIO) Respondents



Notes: Survey results are from a non-probability sample and may not generalize to all private sector CIOs.

This figure shows 16 areas because one of the 14 key responsibility areas (IT systems acquisition, development, and integration) is presented as three different items in order to provide increased visibility into these activities.

Private sector CIO respondents were highly educated and experienced, with a majority reporting previous IT-related experience, previous CIO experience, industry knowledge, and a college degree (see figure 2). Notably, a majority of respondents reported that their degrees were not IT-related. Respondents reported an average tenure in their current CIO role of about 6 years. Among respondents, CIOs with more authority over technology-related decisions tended to have a higher level of previous CIO experience, as well as the longest tenures.

Figure 2: Qualifications and Experience of Private Sector Chief Information Officer (CIO) Respondents



This graph shows selected responses from two survey questions. The variables are categorical and the numbers are not intended to add to 71 or the percentages to 100 percent.

Responsibilities currently assigned to the Federal CIO correspond to those of agency CIOs in 10 of the 14 key IT management areas. The Federal CIO's responsibilities also correspond to those of private sector survey respondents in each of five responsibility areas directly relevant to the roles of both. However, the Federal CIO position is not established in law, and its main legal authorities remain those established in 2002 for the OMB position from which the role was established. As such, its responsibilities are often more limited in key CIO management areas than those of the other types of CIOs. For example, the Federal CIO is not responsible for ensuring that cybersecurity duties are carried out. By formalizing the Federal CIO position and establishing responsibilities and authorities over government-wide IT management, the position's impact over federal IT may be more consistent over time and across administrations.

Private sector and former agency CIOs participating in panel discussions reported challenges faced by federal agency CIOs. Specifically, private sector CIO panelists stated that collaboration between the CIO and other senior executives is essential to driving successful business outcomes. Conversely, former federal CIO panelists reported difficulty achieving meaningful collaboration with other managers. In addition, private sector panelists stated that their companies often look for managerial skills, such as project management skills, when hiring CIOs. By contrast, former agency CIO panelists stated that technical skills are often a primary driver in the selection of agency CIOs. Fostering shared collaboration and increasing focus on managerial skillsets for agency CIOs could assist federal agencies and their CIOs in securing resources and implementing IT priorities.

Why GAO Did This Study

Over the years, Congress has enacted various laws in an attempt to improve the government's management of IT. GAO has previously reported on the challenges faced by federal agency CIOs.

GAO was asked to review the extent of alignment among the responsibilities of federal agency CIOs, their private sector counterparts, and the overall Federal CIO located in the Office of Management and Budget. This report examines (1) the responsibilities of selected CIOs in the private sector and how they compare to the responsibilities of federal agency CIOs; (2) the qualifications and tenure of selected CIOs in the private sector; (3) how the responsibilities of the Federal CIO compare with those of federal agency and private sector CIOs; and (4) how private sector CIO experiences can be applied to the challenges facing federal agency CIOs.

GAO conducted a survey of a non-generalizable sample of private sector CIOs and asked about their responsibilities, experience, and qualifications. Of 488 surveys sent, CIOs or CIO equivalents returned 71 fully complete responses. GAO then compared the results of the completed surveys to the responsibilities outlined in laws and Office of Management and Budget guidance for agency CIOs and the Federal CIO.

GAO also held two expert panels with both private sector CIOs and former federal agency CIOs. Both panels addressed their experiences with qualifications, tenure, reporting relationships, and challenges. After holding the panels, GAO analyzed the main points made by the panelists and developed resulting common themes from the discussions.