THANK YOU FOR SUBSCRIBING
As a Chief Information Officer of a federal government agency, I have four core roles— to support the strategic objectives of the organization, enable daily operations, manage risk, and promote innovation. These responsibilities provide a framework for making strategic decisions on how to best manage technology to promote the overall success of the organization.
Supporting Strategic Objectives
Most federal agencies are knowledge-based organizations that depend on data to execute their missions, implement policies, and serve the public. Agencies must securely collect, store, analyze and share data in support of both its outward-facing and internal management functions. This puts technology at the center of mission delivery. Managing technology investments for complex organizations is challenging, but I will offer five principles for making technology more effective.
• Focus on the customer experience. Government agencies exist to serve citizens, and the services provided should be easy to use. The most significant way that CIOs support their agency missions is by ensuring that technology is designed with the citizen or employee experience in mind.
• Take a mobile-first approach. Most interaction with the internet is now done via mobile devices. To design a seamless citizen experience, agencies must take this into account by designing processes that can be accomplished on any device and applications that can be accessed on any screen.
• Manage data as a strategic asset. As knowledge-based organizations, government agencies hold valuable resources in the form of data. This means that data considerations should drive technology decisions, not the other way around. Technology must securely put data at the fingertips of citizens and employees when and where they need it.
• Build compliance in. Because government deals with sensitive information and must serve all citizens, cybersecurity, accessibility, and other regulatory considerations should be tightly integrated into all phases of planning, development, implementation, and maintenance of technology-enabled services. Attempting to retrofit systems to ensure security or compliance is both costly and ineffective.
• Adopt lean and agile principles. The services provided by government agencies are often needed most in the face of unplanned events such as financial crises, pandemics, and natural disasters. Additionally, technologies change faster than the life cycles for large scale transformation projects that take several years to deliver. Agile and lean methodologies allow technology teams to react to changes more quickly in the external environment and ensure that investments continuously deliver value rather than waiting until the end of a long-term initiative that could take several years to complete.
Enabling Daily Operations
Even before the Covid-19 pandemic accelerated the movement of work from primarily office-based to primarily remote-based, information technology enabled the daily operations of virtually all functions in a knowledge-oriented organization. For most agencies and mature businesses, most of the IT spending will fall into this category and includes things such as service desk, personal computing, network, and computing and data storage infrastructure. Because this type of IT spending indirectly supports all activities rather than a specific strategic objective, the primary management responsibility is to obtain the best possible performance for the amount spent. In general, achieving higher performance levels for indirect IT services requires more investment. The responsibility of the CIO is to balance the investment across indirect IT support to ensure that the right services are provided to the organization and the performance levels meet the needs of the employees.
It is no secret that cybersecurity threats continue to increase in quantity and sophistication. Because government agencies manage sensitive data and deliver essential public services that rely on technology, CIOs must ensure that risk is appropriately considered as part of any technology decision. This involves ensuring that the agency’s risk appetite is well-understood and communicated to every stakeholder involved in making technology decisions. Since threats are dynamic and unpredictable, CIOs must also focus on building a resilient infrastructure that provides a defense-in-depth approach to security that enables rapid identification, isolation, and remediation of successful attacks. This involves buying down risk by reducing vulnerabilities to attacks and improving the ability to respond. Cybersecurity risk is dynamic and should be continuously assessed and managed.
In many organizations, the CIO-function is largely seen as the provider of back-office technology, and innovation is the job of others who are either on the frontlines directly executing the mission or are in a role that explicitly has innovation in the job title or position description. My view is that innovation, like cybersecurity, is the responsibility of everyone in the organization. This does not imply that agencies should constantly invest in the newest commercial technologies. What it means is that everyone should be looking for ways to improve mission outcomes or internal management metrics. The concept of innovation can be fraught, and many argue that it is an overused term. I believe that innovation is a core responsibility of CIOs and offer three ideas for promoting it:
• Innovation is everyone’s job. The people performing a particular task are in the best position to understand the challenges associated with performing it. One of the lessons from the lean movement in manufacturing is that setting the expectation for frontline workers to make improvements and giving them the autonomy to do so leads to higher quality products and services. Embedding this philosophy into the culture of an organization is a powerful mechanism for promoting innovation.
• Innovation can be taught. The skills needed to drive innovation are well understood and teachable. Innovative ideas are not the product of the imagination of a lone genius, but the result of a systematic process that includes teamwork, building on existing knowledge, and experimentation.
• Use Minimum Viable Products to test for value, feasibility, and viability. To determine whether an idea is worth doing, there are three tests to consider. First, will the idea deliver value for a citizen or employee, and will the value be greater than what can be gained from something else. Second, is it feasible to scale the solution to support the need. Finally, is the idea viable from a cost perspective to sustain it. I advocate for using the approach of using minimum viable products to sequentially test whether these tests are met so scarce resources are focused on the most impactful ideas.