So many chiefs, so little coordination

The growing number of roles with "chief" in the title are complicating governance and security efforts, especially when they bypass the CIO.

Shutterstock image: developing a plan.

Sometimes there's too many chiefs at the table.

Governance is hard. Even worse, its success hinges on a willingness to have crucial conversations about leaders’ expectations and outcomes. And as Kerry Patterson, Joseph Grenny, Ron McMillan and Al Switzler note in their book "Crucial Conversations: Tools for Talking When Stakes are High," we are neither comfortable nor skilled in the art of such discussions.

The Navy, for instance, has surveyed senior military and civilian leaders and found that they tend to be control freaks who dislike and sometimes avoid crucial conversations about personnel-related issues.

So when we look at federal IT governance, it shouldn't surprise us that agencies find it easier to invite someone else to the table when a new issue arises rather than directly address what's not working. The result is a proliferation of "chiefs" in federal information management. Unfortunately, merely creating more chiefs doesn’t ensure alignment of effort across all the chiefs at the agency.

In other words, surprised? No.

Concerned? Yes.

The Federal IT Acquisition Reform Act tries to address the roles of CIOs in federal agencies by requiring a relationship between bureau-level and agency-level CIOs. Although you'd be hard-pressed to conclude that CIOs at subordinate components don’t need to be in alignment with the agency CIO, the move is applauded more at agency HQs than within the bureaus.

And as though the reporting relationships between CIOs weren’t enough of a challenge, federal IT leaders now also must deal with a proliferation of other chiefs in the information management space — chief data officers, chief information security officers, chief knowledge officers, chief privacy officers, etc. And of course, if the position is important enough to warrant "chief" in the title, then the natural inclination is to have that person report to the agency head. And this is where the trouble starts.

If agency alignment and execution suffer when subordinate CIOs are not beholden to the agency CIO, it is even more troubling if all of these new chiefs don't have to be in sync with the CIO.

In the case of an agency creating a chief data officer position that reports directly to the agency head, it’s disconcerting to think that the data officer can work independently of the information officer. That split ensures bureaucratic stovepipes or, worse, is an indicator that despite the efforts of the Clinger-Cohen Act and FITARA, some still define CIO as "computing infrastructure officer." That is a tragic waste of a senior position because all substantive IT issues today require a chief who can focus on people, processes and technology.

Even more shockingly, some argue that chief information security officers should be independent of the CIO. That assertion confuses the important role of red teams, penetration testing and independent audits with the fundamental reality that if the person defending the network is detached from the person delivering information to the organization, the agency will suffer from a lack of accountability when information doesn’t flow and the mission’s not accomplished.

That bifurcation also seriously obstructs the important goals of getting security baked into IT solutions and replacing security based on denial of service with secure information sharing.

As George Labovitz and Victor Rosansky noted in their groundbreaking book, "The Power of Alignment," "Sustained excellence emerges when all the key elements of a business are connected to each other…. You must create alignment between people, customers, strategy and process."

It is hard enough to get things done in today's federal environment; there's no reason to make it harder by encouraging independent operators who further complicate governance.