Enabling the business of federal agencies while ensuring security protection of agency and citizen information assets is uppermost on the minds of government CIOs. While the adoption of more rigorous IT enterprise architecture has helped many agencies gain a better overall picture of their IT environments, what they must address is enhanced visibility in order to “crosswalk” through their vast IT portfolios to analyze their investments from multiple business perspectives. From this vantage point, CIOs can better answer business questions about the value to be received from them and be able to develop more accurate pictures of mission gains and risks during project delivery.
Government budget and oversight leaders expect CIOs to have a plan for tackling longstanding issues such as dealing with operating systems that are no longer vendor supported or legacy hardware that can only be maintained by finding high-priced replacements on eBay or cannibalized components. It will also be assumed that agency CIOs will ensure mission-critical applications will always be upgraded with state-of-the-art programming code sets. On top of managing these normal IT expectations, federal CIOs are faced with an increasing number of reporting requirements from the Office of Management and Budget (e.g. High Value Assets, Technology Business Management, FITARA, CPIC, TBM) Further, these expectations will be met with little new money to allocate to these demands or to keep trained and competent technical staff on hand to deal with sustainment and new development.
In addition to the above expectations, CIOs struggle with reliable answers to basic questions such as: what is the degree of vulnerability their agency has to data breaches; what is a realistic potential for cyber ransomware attacks; does their IT department have the right functionality being prioritized and delivered; is the staff trained with the right skills to do development and sustainment when new technologies are implemented; and so forth. The answers to these questions require analysis that cuts across people, processes and technology. It should also provide a spectrum of likelihood of a milestone occurring and an estimate of the negative business impact if a risk is not mitigated.
When investment and sustaining decisions worth millions of dollars require consensus among several stakeholders across an enterprise, it is essential to ensure collaboration so that IT portfolio management and risk management is successful.
As a CIO for several large public enterprises and in government, I witnessed first-hand the dilemmas a CIO faces in dealing with such challenges. It is hard it is to get the facts and data to reliably know what tradeoffs to make when allocating resources to tackle demands.
In the past, most agency CIOs including me, used the most basic of tools like spreadsheets to track investments, assess trade-off, and ensure risks were understood and dispositioned. I am convinced that one practical answer is to consider a commercial-off-the-shelf solution that takes a unified crosswalk approach to IT planning and portfolio management in dealing with risks while being consistent with the agency enterprise architecture.
By gaining visibility across the IT environment, CIOs can demonstrate transparency between IT and business leadership, permitting multiple objectives to be compared by cost and functionality with each other. In turn, agency business leaders can more effectively manage risks tied to their IT investment decisions, ensuring they are continually optimized and aligned to support mission programs and citizen service.
While nothing is ever guaranteed, adept CIOs can enable their agency’s path through the daunting thicket of mission delivery risks. By adopting a strategic planning and IT portfolio management approach and solution, they will be on the path to building a long-term partnership with their agency business leadership.
Terry Milholland is a former chief technology officer and chief information officer of the Internal Revenue Service (2008-2016).