Creating a Public-Sector CIO Job Description

Transcription

1 Strategic Planning, J. Kost Research Note 18 September 2002 Creating a Public-Sector CIO Job Description To assist new public-sector CEOs as they take office and charge their transition teams with organizational design, we review the roles and responsibilities of the CIO that will help ensure success. Core Topic Government: E-Government and E- Governance Drivers, Strategies and Management Issues Key Issue How will governments address governance issues raised by the Internet? Strategic Planning Assumptions Through 2006, the effectiveness of most public-sector CIOs will be suboptimized primarily because the CEO will underutilize the position in achieving the enterprise s business objectives (0.8 probability). Public-sector organizations in which the CIO does not fully participate in setting the policy/business agenda of the enterprise will waste significant resources on technology that is not aligned with the policy agenda of the enterprise (0.9 probability). Since the primary challenges of the publicsector CIO are organizational rather than technical, success of the CIO depends on organizational clout provided by the relationship with the CEO or the authority vested in the CIO by the CEO (0.9 probability). The Role of the CIO The authority of a public-sector CIO varies dramatically from one jurisdiction to another; in part because the source of the CIO authority differs. There are three primary sources of authority for the public-sector CIO (See Figure 1): Relationship: A strong relationship with the CEO is the single most-important factor in determining the CIO's level of authority. Regardless of other factors, the CEO can help ensure that the CIO has an influential role in the strategic and tactical decisions that are made throughout the IS organization. Legal Authority: Some government jurisdictions have created the CIO role in law, specifically delineating the authority of the position. Despite the importance of the CIO's relationship with the CIO, the ability of a legally mandated CIO to assert authority still depends largely on the clear and legitimate responsibilities of the position set forth by law. Process Control: Many government jurisdictions have created a CIO role that is limited to controlling the processes that enable or inhibit IT activities. The CIO, in these circumstances, ensures that IT activities follow mandated procurement, financial and oversight processes. Such a CIO primarily possesses veto authority; the additional power to set and enforce standards is becoming more common. Gartner Entire contents 2002 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

2 Figure 1 Sources of Authority for the Public-Sector CIO Relationship Legal Authority CIO Success Process Control Source: Gartner Research The first government CIOs in the early 1990s were charged with balancing the benefits to the enterprise as a whole with the specific needs of user agencies. At that time, the perceived benefits of centralized decision making under a CIO included: The ability to develop standards that resulted in fewer technical impediments to cross-program communication Infrastructure consolidation, with the possibility of huge financial savings Simplified procurement processes A stronger pool of technical skills available to all agencies Lower risk from big IT projects The ability to broker and coordinate outsourced IT services along with in-house services The ability to develop and maintain portfolio management from an enterprise perspective (rather than a silo perspective) However, some user agencies perceived disadvantages in the enterprise CIO role, including: Another approval step (and more time) required to achieve new solutions Results in the interest of the entire enterprise, but counterproductive to the specific organization or program 18 September

3 Loss of control of infrastructure and a resulting degradation in service levels Possible competition for development time Required documentation of important projects for justification and prioritization Initially, some governments embraced a role that gave the enterprise CIO considerable authority over operations, standardsetting and procurement decisions. Other federal, state and local agencies, keen to support the notion of a CIO without actually changing the existing organizational structure, created policyonly CIOs, usually in the office of the CEO. With little authority to oversee operations or initiate projects, but with some ability to review and approve specific projects or strategic direction, this type of CIO position is usually created when the CEO has had little control over the organizational structure (due to legislative mandate, constitution or municipal charter) or a poor grasp of the importance of IT in achieving his or her agenda. In creating or changing the role of the CIO, care should be taken in determining the CIO's authority and responsibilities. The experience gained during the past 10 years can help guide this undertaking. Responsibility Checklist Here we present a review of the major responsibilities that can be assigned to a CIO, along with key pros and cons. 1. Policy Standards/Architecture: Standards guide the procurement and deployment of key pieces of the infrastructure. A standard may apply to a number of areas, including desktop hardware and software, networks, enterprise operating systems and databases. Should these decisions rest with the CIO? istency and uniformity Reduced cost of deployment Lower user-training costs Lower maintenance costs Economies of scale 18 September

4 User agency flexibility Possible greater dependence on fewer suppliers, which may result in monopolistic vendor behavior Strategic Planning: The technology plan of an enterprise should be aligned with the overall strategic business plan. Is the CIO best-suited to understand the link between the technology and business plans? Enterprisewide view Technology fit for the overall political/enterprise agenda Ranking of competing priorities If the CIO is responsible for day-to-day operations, it might be appropriate for someone else to be responsible for strategic planning to ensure another point of view Enterprise strategic plans are also needed; centralizing all IT staff may not accurately reflect agency needs Security/Privacy: Should security and privacy policies be set by the CIO? istency across the enterprise No weak links Economies of scale istency of tools istency of training Partitioning of certain kinds of data from other internal users may be more challenging (law enforcement, tax and health records) Some data has unique requirements (perhaps due to legal mandates) 2. Operations IT Service Delivery: Management of the jurisdiction s technology infrastructure is a key element in the importance of the role of technology in the political and business agenda. Data centers 18 September

5 (mainframes and servers) and telecommunication networks are the machinery that make government function. Data centers and networks are very expensive to operate, require the largest number of IT personnel, and drive many decisions about the degree to which innovation can occur. The question is whether the CIO should own and operate the infrastructure. Economies of scale More-robust infrastructure istency across agencies Capacity planning Modern tools and resources Larger talent pool Service levels for user agencies Increased vulnerability to a large disaster if not done correctly Less user control Portal Management: Historically, each agency decides which application it will present to its constituents via its own Web site. The question is whether to put these portals under the direction of the CIO. A common look and feel tituent interface based on user transactions rather than government organizational structure More-effective use of shared services Common development tools Lower overall maintenance costs Reduced agency flexibility on content Agency dependence on central resources and priorities Reduced agency flexibility on sourcing Enterprise Applications: Certain applications are (or should be) used by the entire enterprise. These include , enterprise 18 September

6 resource planning solutions and various other universally applied office systems. Should the CIO be responsible for these? Deployed enterprisewide Economies of scale Minimal interfaces required Reduced training costs Lower help desk costs Converting to enterprisewide use may result in lost investment and knowledge of existing systems Possibly lost flexibility for agency-specific requirements Application Development: Should the application development function be centralized? Multiprogram synergies Common data modeling Training commonalities Sourcing decisions Prioritization of resources Program business rules are often unique Resource priorities at the enterprise level may conflict with specific agency needs If separately elected, political conflicts may be created within the jurisdiction Help Desk: Key to the operation of any government program are the software applications that support it. Each program is unique and requires considerable interface between program managers and software code writers. Should this function be centralized? Training Uniform support istent asset management strategy 18 September

7 Economies of scale Central help desk may not be able to support agency legacy systems Competing priorities Project Management: Should large projects be managed at the enterprise level rather than allowing each agency to manage their own? Centralized "SWAT" teams can be better trained The highest priorities are given the best talent and most resources istent project management skills istency of tools Higher likelihood of code reuse Not all enterprise project managers are able to comprehend the business needs of the agency for whom the project is intended 3. Process Procurement: Most government jurisdictions maintain centralized procurement organizations to acquire goods and services on behalf of user agencies. These organizations maintain their own rules and regulations and exist primarily to enforce procurement procedures and ensure that funds are not wasted. Is the CIO best qualified to procure IT rather than another agency? A dedicated IS procurement organization is more likely to be empowered to reinforce positive steps than simply prevent bad things from happening Recognition of the unique pace of technology acquisition and deployment Understanding of IT goals and mission Economies of scale 18 September

8 Existing redundant procurement checks and balances ensure more protection from misdeeds Procurement professionals more likely to received adequate training in procurement organization Budgeting: Should the CIO become part of the funding-approval process, in which agencies must submit budget requests for IT operations and new projects to the CIO at appropriate intervals? Prioritization of projects across the enterprise Alignment of resources with business and political needs istency with IT strategic plan Additional bureaucratic approval steps Possibly an inappropriate command/control function for the IS organization Project Oversight: If project oversight is required internally or by an outside third party, should the person performing that oversight report directly to the CIO? Additional level of accountability to the overall enterprise Economies of scale, especially in managing sourcing Greater understanding and reliance on systems development methodology Possible hostile relationship between the oversight vendor and the project team with which it is supposed to be working most closely Oversight reporting to enterprise may not be aware of the unique business needs of user agency Competing priorities Performance Measurement: Governments need to constantly assess the productivity of systems and services. Is it appropriate to make the CIO responsible for measuring performance? Enterprise view (for comparison) Training 18 September

9 Tools Larger number of resources Interagency prioritization More likely to understand the nuances of legacy applications and be able to compare them with similar programs in other jurisdictions Outsourcing this function reduces the importance of who owns the process Business Process Re-Engineering: Some jurisdictions have selected CIOs with enough understanding of the business issues of the organization that the person is also well-positioned to take a leadership role in business process re-engineering. Is the CIO best qualified to do this on behalf of the enterprise? Enterprisewide view Objective view, with less loyalty to the status quo Ensures the consideration of technology in re-engineering decisions Agencies best able to determine how to change business practices Analysis and Recommendations Although we list the pros and cons for each CIO responsibility, many of the arguments against the individual responsibilities are quite weak. Many instances can be found where all of these functions we have reviewed are under the jurisdiction of the CIO or moving in that direction. Key attributes of an ideal CIO include the ability to: Understand the business issues of the enterprise Translate between business needs and technology solutions Offer strong leadership in the areas of business and technology Business issues drive technology. In government, business drivers are often elements of the current political agenda. Thus, the public-sector CIO must have keen political instincts. In such a political situation, the level of trust between the CIO and the CEO and other policy makers is key. 18 September

10 The CEO should select a CIO whom they can trust. The CEO should understand the skills and strengths of the CIO and, based on those factors, determine the appropriate level of CIO authority and responsibility. The CIO will be required to make difficult, controversial decisions that affect the entire enterprise, and must know that the CEO will support those decisions after appropriate consultation, even over the objections of others who directly report to the CEO. Related Research "Public Sector Technology Continuity in an Election Year" "Government IT Responsibility: Enterprise vs. Agency" Bottom Line: A CEO who has just come to the job or is about to begin a new term in office has a fresh opportunity to define the role of the CIO. The CEO should carefully review and grant authority to the CIO that is sufficient to help facilitate the CEO s policy agenda. The CEO must understand the role that technology will play in accomplishing this agenda, and select a CIO who can be trusted to help meet established goals. 18 September