1.5.2 CIO Responsibilities – OMB Guidance

This section consists of language from OMB guidance that further demarcates, expands upon, or otherwise clarifies the responsibilities of agency CIOs with regards to investment management. See sections on OMB Memoranda and OMB Circulars for more information about these forms of OMB guidance. See sections on Office of Inspector General (OIG) and Government Accountability Office (GAO) to review how compliance with these documents is measured.

Strengthening IT Portfolio Governance
Strong oversight of spending through the use of effective investment review boards (IRBs) that include [COOs], CIOs, [CHCOs], CFOs, CAOs, PIOs, program officials, and other key executive decision makers is essential for efficient and effective IT portfolio management. Agencies with rigorous Investment Review Boards (IRBs) ensure that all stakeholder needs are addressed and that decisions are made in the best interest of the agency. Effective IRBs include the use of:

Enterprise-wide architectures that link business and technology to ensure that IT solutions meet business requirements, as well as identify areas of waste and duplication wherever consolidation is possible; and
Valuation methodologies used by decision makers to evaluate investments based on their value to the agency and the cost to the taxpayer.

This enables greater consistency and rigor in the process of selecting, controlling and evaluating investments an agency decides to fund, de-fund or terminate. Thus, the most advanced agencies employ their IRBs to implement effective IT solutions using savings gained from eliminating unnecessary and lower value investments, reducing operating costs, and freeing up capital to re-invest and pioneer innovative platforms, consistent with OMB guidance. (OMB M-13-09. Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management. March 2013.), (OMB M-15-14. Management and Oversight of Federal Information Technology.), (& 40 U.S.C. §11319. Responsibility for Acquisitions of Information Technology.)

Ongoing CIO Engagement with Program Managers
The CIO should establish and maintain a process to regularly engage with program managers to evaluate IT resources supporting each agency strategic objective. It should be the CIO and program managers’ shared responsibility to ensure that legacy and on-going IT investments are appropriately delivering customer value and meeting the business objectives of programs. (Ibid, Common Baseline E1.)

Visibility of IT Planned Expenditure Reporting to CIO
The CFO, CAO, and CIO should define agency-wide policy for the level of detail of planned expenditure reporting for all transactions that include IT resources. (Ibid, Common Baseline F1.)

CIO Defines IT Processes and Policies
The CIO defines the development processes, milestones, review gates, and the overall policies for all capital planning, enterprise architecture, and project management and reporting for IT resources. At a minimum, these processes shall ensure that the CIO certifies that IT resources are adequately implementing incremental development (as defined in the below definitions). The CIO should ensure that such processes and policies address each category of IT resources appropriately—for example, it may not be appropriate to apply the same process or policy to highly customized mission-specific applications and back office enterprise IT systems depending on the agency environment. These policies shall be posted publicly at agency.gov/digital strategy, included as a downloadable dataset in the agency’s Public Data Listing, and shared with OMB through the Integrated Data Collection (IDC). For more information, see OMB Circular A-130: Management of Information Resources. (Ibid, Common Baseline G1.)

CIO Role on Program Governance Boards
[To ensure] early matching of appropriate IT with program objectives, the CIO shall be a member of governance boards that include IT resources (including “shadow IT” or “hidden IT”—see definitions), including bureau IRBs. The CIO shall notify OMB of all governance boards [of which] the CIO is a member and at least annually update this notification. (Ibid, Common Baseline H1.)

Shared Acquisition and Procurement Responsibilities
The CIO reviews all cost estimates of IT related costs and ensures all acquisition strategies and acquisition plans that include IT apply adequate incremental development principles. (Ibid, Common Baseline I1.)

CIO Role in Recommending Modification, Termination, or Pause of IT Projects or Initiatives
The CIO shall conduct TechStat reviews or use other applicable performance measurements to evaluate the use of the IT resources of the agency. The CIO may recommend to the agency head the modification, pause, or termination of any acquisition, investment, or activity that includes a significant IT component based on the CIO’s evaluation, within the terms of the relevant contracts and applicable regulations. (Ibid, Common Baseline J1.)

CIO Role in Review and Approval of Acquisition Strategy and Acquisition Plan
Agencies shall not approve an acquisition strategy or acquisition plan (as described in FAR Part 724) or interagency agreement (such as those used to support purchases through another agency) that includes IT without review and approval by the agency CIO. For contract actions that contain IT without an approved acquisition strategy or acquisition plan, the CIO shall review and approve the action itself. The CIO shall primarily consider the following factors when reviewing acquisition strategies and acquisition plans:

Appropriateness of contract type;
Appropriateness of IT related portions of statement of needs or statement of work;
Appropriateness of above with respect to the mission and business objectives supported by the IT strategic plan; and
Alignment with mission and program objectives in consultation with program leadership. (Ibid, Common Baseline K1, J1.)

CIO Role in Approval of Reprogramming
The CIO must approve any movement of funds for IT resources that requires Congressional notification. (Ibid, Common Baseline L1.)

Purchasing to Support Telework
Agency CIOs, in coordination with CAOs shall develop or update policies on purchasing computing technologies and services to enable and promote continued adoption of telework. At the same time, purchasing policies must address the information security threats raised by use of technologies associated with telework. Given the unique mission and nature of each agency, agencies are granted broad discretion in formulating telework purchasing policies to best suit their unique needs. At a minimum, however, agency policies must address the following:

Selecting and acquiring information technology that best fits the needs of the Federal Government, and is technology and vendor neutral in acquisitions;
Determination of allowable IT products and services, to include remote access servers, client devices, and internal resources accessible through remote access;
Prioritizing use of government-wide and agency-wide contracts, to the maximum extent possible, for new acquisitions and renewal of services to leverage the government’s buying power;
Deploying new and modernizing existing agency IT systems and infrastructure to support agency teleworking requirements;
Compliance of all devices and infrastructure with federal security and privacy requirements; and
Proper disposal of devices no longer in use to ensure protection of sensitive information. (OMB M 11-20. Implementing Telework Enhancement Act of 2010 IT Purchasing Requirements. April 2011.)