Too often, CIOs left wishing for funding for innovation, modernization

Friday - 6/6/2014, 3:55am EDT

Jason Miller, Executive Editor, Federal News Radio

Download mp3

Federal chief information officers have gotten used to the new normal when it comes to lower or at least flat IT budgets, but they still struggle on how best to move money from legacy systems to new or innovative programs.

The budget certainty provided by Congress under the Budget Control Act means senior technology managers are less worried about having money to spend and more concerned about how to change their spending habits.

TechAmerica and Grant Thornton surveyed 59 federal CIOs and other senior technology managers from 32 federal and legislative organizations and found CIOs are spending 73 percent of their budgets on operations and maintenance (O&M) of legacy IT systems.

George DelPrete, a principal with Grant Thornton and the chairman of the TechAmerica CIO Survey, said CIOs reported a drop in O&M spending by more than 10 percent as compared to the 2013 survey. He said respondents attributed that, in part, to the Office of Management and Budget's PortfolioStat process.

"There is a silver lining in the fact that the budget has been flat over the last couple of years. Many CIOs are saying that that's really driven them to find smarter ways of doing things and really put an enterprise approach into contracting for things like cell phones," DelPrete said. "There's been some very good savings that they've achieved because of the budget challenges and austerity they've had."

DelPrete said the fact that budget dropped from the top challenge for federal CIOs to number three is recognition of these efforts.

Securing devices, applications a challenge

Cybersecurity moved back up to the top of most CIOs' list of concerns and priorities after a brief respite at number two last year.

Of the respondents, 53 percent said threats increased by 25 percent to 50 percent over the previous year, while cybersecurity spending accounted for about 15 percent of all IT money.

DelPrete said concerns over cybersecurity came out through different aspects of the survey. Under mobility, CIOs said they still haven't figured out whether to lock down the device or the data.

Under cloud, senior IT managers praised the Federal Risk Authorization and Management Program (FedRAMP). Sixty percent said they have taken advantage of the standardized cloud security services, but there are ways to improve it. Some of the suggestions include improving the transparency, pricing and service offerings, as well as increasing the number of vendors who have received approval.

Finally, CIO support for the continuous diagnostic and mitigation is strong, but some said the National Institute of Standards and Technology's cyber guidance needs to stop being so academic.

One of the biggest surprises from the survey came from those who said CIOs do not need legislative help to do their job. Of the respondents, 27 percent said new legislation is not needed. Of those that said Congress needs to act, 18 percent said acquisition was in most need of reform.

Other CIOs said Congress needs to overhaul the Federal Information Security Management Act (FISMA), which has been on the agenda for the last four years but gotten little traction on Capitol Hill.

DelPrete said 75 percent of the respondents said they control less than half of their IT budget, but many said they have better insight into where and who is spending the IT funds.

"There's been a big push from OMB through PortfolioStat to create more executive level investment review boards to really have a good dialogue about IT spending and how it's working," he said. "It seems like it's paid some dividends in this area. Even though they don't own all this money, they do have a say in how it's being spent, and they look to make some changes."

Along those same lines, 89 percent of the CIOs said they are using shared services. TechAmerica and Grant Thornton used a broad definition of shared services to mean anything from agencywide or governmentwide contracts to back-office functions, such as human resources or financial management to other commonly used systems or services.

"There are a number of lessons learned CIOs shared with us. One is making sure your requirements are clear; making sure that you know where you are going can meet your needs, the organization has the capacity to provide the capability you need; that you do a rigorous cost analysis to make sure you are achieving that return on investment, and most important, that you have a clear business case to justify why you are making that move," DelPrete said.