IT management is improving
- By Jason Miller
- Nov 13, 2002
Dave McClure, E-gov Guru
For 18 years, Dave McClure got a first-hand look at how agencies manage their IT infrastructures.
McClure recently became vice president for e-government at the Council for Excellence in Government, a Washington group that helps governments improve their operations. He took the post after a long career with the General Accounting Office.
From 1998 until this spring, McClure was GAO's director for IT management issues. He conducted governmentwide evaluations of IT investment and performance measures, and monitored major systems implementations.
That job followed stints as associate director for governmentwide and defense information systems issues, assistant director for governmentwide information resource management policies and issues, and senior IT analyst for economic development information systems.
At the council, McClure leads the e-government programs. He also participates in the council's E-Government Fellows Program and will work on intergovernmental partnerships.
McClure is an adjunct professor at Syracuse University's Strategic Information Management Program and a guest lecturer at the National Defense University.
He has a doctorate in public policy from the University of North Texas, and bachelor's and master's degrees in political science from the University of Texas.
GCN staff writer Jason Miller interviewed McClure. GCN: What progress have agencies made in managing IT over the last few years?
MCCLURE: Although it's uneven across the agencies, IT management is maturing. Some of it is self-initiated within agencies, and some remains a result of oversight pressure from the Office of Management and Budget, General Accounting Office, inspectors general.
There are three areas where you could point to marked differences in the last five years. The first is advances in IT capital planning and capability. Very little existed before 1997 or 1998 so the process maturity is much higher, and certainly there are challenges in implementing and practicing it.
The second would be attention to enterprise technical architectures. We have been talking about that for 10 to 15 years or longer in the federal government, and it's only been in the last two years that I think it's gotten serious.
The third is security. Security postures of agencies are in different stages, but there is much more technical and management attention to security programs than before. Prior to the year 2000 rollover, security was viewed as a systems or technical issue, and I think it is moving beyond that in the last few years.GCN: How has the Clinger-Cohen Act affected the way agencies manage IT?
MCCLURE: I think Clinger-Cohen certainly has had an impact. A convergence of factors has led to these improvements. Having a solid statutory foundation for management expectations in government is important.
The Bush administration has ramped up its use of the Clinger-Cohen Act, the Federal Acquisition Streamlining Act and the Government Information Security Reform Act. The statutes are being used increasingly, and [OMB associate director for IT and e-government] Mark Forman, who played a role in developing many of those, understands them and understands the role the administration has in using them to set expectations and justify investments.GCN: Where has OMB been most successful in using its authorities under Clinger-Cohen?
MCCLURE: OMB's responsibility to make sure agencies use the appropriate management practices and use the budget as a lever for enforcement has been ramped up under Mark Forman.
The CIO authority under Clinger-Cohen has always been a concern. The question everyone is raising is tracked every year: Are federal CIOs vested with enough authority and responsibility to do their jobs? It is a two-edged sword. They must have responsibility and powers under Clinger-Cohen, but they also must be part of a concerted management effort to use IT effectively. That is accomplished through implementation; the law itself can't do it successfully.GCN: Do CIOs lack effectiveness because they don't have that authority?
MCCLURE: Some of it has to do with the way IT is budgeted in federal government. IT is not normally a line item in agency funding requests; rather it is dispersed throughout the entity. By the nature of decentralized allocation, it is difficult for a single CIO to have visibility of and accountability for IT spending. Part of the success of CIOs in federal government is understanding the role they have and using it effectively.GCN: Do we need a governmentwide CIO?
MCCLURE: Yes, because we've always seen the need for someone to be able to take a large portfolio view of spending across the federal government from a single vantage point.
I think Mark Forman is playing much of that role right now, whether it is titled that way or not. Many of the exercises and drills OMB is putting the agencies through in identifying overlap and duplication, and also exploring ways to jointly invest in projects, are things that can only be done by an official who has that broader snapshot of what is going on across the entire government.GCN: What areas of IT management do agencies need to work on most, and where have they been most successful?
MCCLURE: IT performance management and measurement is still a vexing problem in government and the commercial sector. Agencies still are having trouble showing how IT affects business or program areas. It is not a science, and there is not a single way to do it.
IT human capital will be a huge issue for CIOs and agencies over next few years. Training, skills refreshment, hiring and other personnel issues, which we haven't paid much attention to in the past, will be at the forefront of what CIOs should focus on.
There also needs to be much more attention in re-engineering work or process redesign. IT systems and applications always work best when they are done in sync with process redesign. With the attention the administration has placed on business and technical reference models as part of the architecture, there is a tremendous opportunity to redesign workflow.
Another area that is getting more attention is making business cases for IT investments, but the sophistication must be increased. There needs to be more attention to risk management, flexibility and cost estimations, and folding in performance measurement.GCN: Much of what the administration is working on for the new Homeland Security Department is what GAO and others have been calling for for years. How will this effort be different?
MCCLURE: It remains to be seen whether the effort will be different. There are tremendous challenges in this large reorganization of government departments and agencies.
Part of the question is how aggressively some of these challenges are met with proposed solutions and mitigation strategies. The new department should not be consumed with that rather than exercising its new mission responsibilities.
That has always been the issue when federal agencies are reorganized. It takes so much time to put people and processes in the same place. A lot of time is spent on learning how to cope with the reorganization rather than focusing on effective mission and service delivery, which is why it was created in the first place.
There are a lot of lessons that can be learned from past experiences, both corporate and government.GCN: What is the biggest IT obstacle to getting the department up and running?
MCCLURE: Data sharing and integration are the main issues for the new department. They will have to be addressed through enterprise architecture.
Agencies must find common needs so they are collecting information once and sharing it effectively. Also, agreeing on data and technical standards and architecture management will be important in solving some sharing and integration issues.
Another issue is consolidation of systems' capabilities. This is a tremendous opportunity to consolidate IT, save money and think of new ways to operate.
The new agency must reorganize its IT so it is not simply an amalgamation of the existing IT entities within each component organization.
The other issue is security. The component agencies must maintain an adequate security management program and understand their strengths and weaknesses.