recommended reading

Budget authority and executive titles come in for scrutiny in IT reform debate

Caitlin Fairchild/

Government chief information officers without authority over their agencies’ technology spending are like “toothless tigers,” former Rep. Tom Davis, R-Va., testified Tuesday before the House Oversight and Government Reform Committee he once chaired.

The committee’s current chairman, Rep. Darrell Issa, R-Calif., plans to introduce legislation this Congress that would give CIOs authority over their agencies’ information technology procurement spending and reserve the title of CIO for just one person per agency.

Only Veterans Affairs CIO Roger Baker currently has budget authority. Without that authority, CIOs are handicapped in their ability to reduce wasteful spending by rescoping technology projects for shorter-term deliverables and increasing shared services, Issa has argued.

Rep. Gerry Connolly, D-Va., the ranking democrat on the Oversight subcommittee that oversees federal IT policy, has endorsed the broad outlines of Issa’s proposed bill.

The Information Technology Acquisition Advisory Council has estimated the government can save up to $20 billion of its $80 billion annual IT budget through smarter purchasing and other reforms, a figure Issa cited during Thursday’s hearings.

“It’s not the waste of that $20 billion, it’s what that $20 billion could do if properly applied,” Issa said. “The leverage of $20 billion to save $200 billion is why it’s essential we fix this part of government that seems so broken.”

The Office of Management and Budget has cited smaller potential savings from specific IT reform initiatives, such as $5 billion in savings from consolidating federal data centers.

Giving agency CIOs budget authority would solve some problems but not all of them, said David Powner, director of information technology management issues at the Government Accountability Office.

Powner’s office has consistently faulted agencies for not being sufficiently transparent about their technology spending.

Some federal departments and agencies have more than a dozen employees with the title CIO, Issa said Tuesday. That obscures lines of authority and makes it difficult to hold people accountable for waste, he said.

Issa asked federal CIO Steven VanRoekel during the hearing whether agencies may be leveraging the prestige of the CIO title and the pay it brings to lure higher-qualified people into those positions.

VanRoekel replied that lines of authority ought to be clearer in government technology shops but that the problem was more about governance than titles. One of VanRoekel’s first acts in office was issuing a memo clarifying CIO authorities.

Ensuring that specific officials are responsible for specific projects is more important than those officials’ titles, Powner said. Powner credited the Federal IT Dashboard, which ranks high-cost projects across the government, with significantly increasing accountability for those projects but noted some agency CIOs are overstating projects’ likelihood of success.

Issa’s proposed legislation would also create a Commodity IT Acquisition Center tasked with overseeing large, governmentwide IT contracts, as well as agency-based Assisted Acquisition Centers of Excellence to develop expertise and best practices in particular technology purchasing categories.

Some former acquisition officials have expressed concern the new commodity center could duplicate work already being done by the General Services Administration and a coalition of industry groups has demanded assurance the new center won’t impinge on the GSA schedules program as a condition of its support.

Schedules are essentially menus of technology goods or services contracts GSA has negotiated with core vendors. Other agencies can buy goods and services off those schedules without doing any negotiating themselves, saving time and money.

Perhaps the greatest barrier to innovation in government technology is the fault of Congress rather than agencies, former Rep. Davis testified. The fact that Congress hasn’t passed a budget in the past several years means agencies are less willing to take risks and make long-term plans, he said, a point VanRoekel and Powner agreed with.

“This is not a Republican or a Democratic issue,” Davis said. “We can argue that there’s too much or not enough government, but we want the government we’re paying for and that’s really what this is about.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.