CIO Roles and Responsibilities - Circular No. IRM-101
CIO Roles and ResponsibilitiesA.PurposeofCircular
This circular establishes the policy and responsibilities of the Department of Health and Human Services (HHS) and Operating Division (OPDIV) Chief Information Officers (CIOs) to ensure compliance with legislative and executive level guidance and to support the needs of the Department. It supersedes the current Principal Information Resource Management (IRM) Official and IRM Advisory Council Circulars.
Direct questions, comments, suggestions, or requests for further information to the Office of Information Resources Management, (202) 690-6162.
Filing Instructions: ///
Cancellation Date: In effect until superseded or canceled
Material Superseded: ///
Government and private industry must improve services and reduce costs to survive in the current political and economic environment. Following industry's experience, Congress recognizes that better management practices, enabled by information technology, are critical for success. New legislation in the Clinger-Cohen Act mandates an increased role for the CIO and the streamlining of processes to manage and acquire information technology. Responding to this mandate, HHS selected a Department CIO and requested that each OPDIV designate a CIO. Further, the current IRM Advisory Council will be renamed the CIO Advisory Council, with responsibilities to satisfy the intent of Congress and the needs of the Department.
1. Clinger-Cohen Actof 1996
The "Clinger-Cohen Act of 1996" (CCA) (Public Law 104-208) incorporated the "Federal Acquisition Reform Act of 1996" (FARA) and the "Information Technology Management Reform Act of 1996" (ITMRA). The CCA does not change the FARA or the ITMRA except to rename them together to be the "Clinger-Cohen Act of 1996”. The portions of the CCA that were known as the FARA and ITMRA were initially introduced into law as Divisions D and E respectively of the "Defense Appropriations Act of 1996" (Public Law 104-106).
The CCA requires the head of each executive agency to design and implement a process for maximizing the value, and assessing and managing the risks, of information technology acquisition, implementation and operation. Agency heads are directed to utilize the same performance and results-based management practices as encouraged by the Director of the Office of Management and Budget (OMB), and to prepare an annual report to the Congress concerning progress in achieving such goals. It requires agencies to designate a CIO with primary duties relating to information technology acquisition and management. The CCA also requires the head of each agency, in consultation with the CIO and Chief Financial Officer, to establish policies and procedures to ensure the integration of financial and information systems. Agency heads are required to identify any major information technology acquisition program, phase, or increment, that has significantly deviated from its cost, performance, or schedule goals and report any discrepancies to the Director of OMB.
2. Paperwork Reduction Act
The “Paperwork Reduction Act of 1980" (PRA) (Public Law 104-13) established the first legal requirement to do IRM planning. The PRA of 1995 requires each agency IRM program official to, in accordance with guidance by the Director of OMB, develop and maintain a strategic IRM plan that describes how IRM activities help to accomplish agency missions. Agencies must develop and maintain an ongoing process to ensure that IRM operations and decisions are integrated with organizational planning, budget, financial management, human resources management, and program decisions. Agency IRM program officials must, in cooperation with the agency Chief Financial Officer, develop a full and accurate accounting of information technology expenditures, related expenses, and results; and establish goals for improving information resources management's contribution to program productivity, efficiency, and effectiveness, methods for measuring progress toward these goals, and clear roles and responsibilities for achieving them. IRM Program officials must maintain a current and complete inventory of the agency's information resources, including directories necessary to fulfill the requirements of section 3511of the PRA.
3. Establishment ofHHSCIO
The Secretary of Health and Human Services designated the Assistant Secretary for Management and Budget (ASMB) as the HHS CIO on March 1, 1996, and delegated all authorities under Public Law 104-106.
In a memorandum to OPDIV Heads dated August 2, 1996, the HHS CIO appointed the Deputy Assistant Secretary for Information Resources Management (DASIRM) as HHS Deputy CIO and chair of the HHS IRM Advisory Council. In this same memorandum, the CIO requested OPDIV Heads to designate a CIO for their respective divisions, and that the OPDIV CIOs serve as members of the HHS IRM Advisory Council and HHS investment Review Board. Within each OPDIV, the CIOs were made responsible for IT long-term strategic planning, IT architecture management, IT budget review, IT performance and results-based management, and IT capital planning and investment control.
4. TheCIO Advisory Council
The CIO Advisory Council was established in March 1989 as the IRM Advisory Council by the ASMB. The DASIRM serves as chair and the Chief Information Officers for each of the OPDIVs serves as members of the Council. The Council advises the ASMB on the development and promotion of Department-wide IRM goals, strategic policies, and initiatives, and enhances communication among the OPDIVs. The original IRM Advisory Council was renamed the CIO Advisory Council in November 1997.
5. Executive Order13011, Federal Information Technology
In December 1995, the Commissioner of GSA's Information Technology Service invited a group of agency CIOs to form a Federal CIO Working Group. The Industry Advisory Council (IAC) was also invited to participate with the Working Group to assist in establishing guidelines for the CIO position. Between January 1996 and July 1996, the Federal CIO Working Group and the IAC developed recommendations to help agencies implement the ITMRA. The recommendations included: models for the CIO organization; establishment of a Capital Planning and Investment Control process; establishment of an information technology executive board; technology and business management training; and other CIO-related activities. The first three of the twelve recommendations of the Working Group involved establishing and implementing a Federal CIO Council. On July 16, 1996, Executive Order 13011 entitled "Federal Information Technology" established the Federal CIO Council, composed of the CIOs and Deputy CIOs of the 28 major Federal agencies, as the principal interagency forum to improve the management of information resources. Response to the ITMRA by the Office of the president, OMB, and GSA suggest that it is appropriate to transition the current IRM Advisory Council to a new CIO Advisory Council.
This circular applies to all HHS organizations. Within this circular, the term OPDIV includes the OPDIVs as well as the Office of the Secretary as a combined, single entity.
2. CIO Functions
The scope and importance of the CIO has increased with the passage of CCA, the issuance of Executive Order 13011, and the pervasiveness of information technology in today's world. This circular will define the policy governing and the responsibilities of the HHS CIO, the OPCIV CIOs, and the CIO Advisory Council in accordance with legislation and executive-level guidance.
The Secretary has appointed an HHS CIO to provide advice and assistance to the Secretary and to other senior HHS management officials to ensure the effective acquisition and use of HHS information technology and resources. The CIO reports directly to the Secretary and ensures that information technology is acquired and information resources are managed for HHS in a manner that:
- Maximizes the benefits derived by HHS and by the public served
- Is consistent with the politics, requirements, and procedures that are applicable in accordance with the CCA.
2. Appointment of OPDIV CIOs
The OPDIV CIO should report to the OPDIV Head or shall have direct access to the OPDIV Head if not in a direct reporting relationship. In either case, the OPDIV CIO shall serve as a member of senior management involved in establishing agency directions, priorities, plans, and investments.
3.IRM andInformation Technology Functional Authority
All information technology and IRM functions may not be under the direct control of the HHS or OPDIV CIOs. IRM is becoming more and more pervasive and distributed, so that it cannot be under any one person's control. Even within an OPDIV it is necessary for the CIO to team with the business units. When IRM functions are performed under the control of a business unit program manager, the OPDIV CIOs shall coordinate and facilitate OPDIV decision making on IRM issues, policies, and initiatives. The OPDIV CIO shall initiate action, via the OPDIV Head if necessary, to resolve information technology and IRM issues and present a consolidated OPDIV position. In the matter of technology infrastructure, the OPDIVs CIOs should coalesce as a decision body (as members of the CIO Advisory Council), to define and codify HHS infrastructure standards and build/modify their own OPDIV infrastructure to conform to these standards.
4.The CIO Advisory Council
The HHS CIO will establish a CIO Advisory Council; the Deputy CIO will chair the Council. OPDIV CIOs will serve as members of the Council. The members will represent the OPDIVs on IRM issues such as goals, strategies, policies, and responses to proposed legislation. The Council will serve as a forum to gain consensus on cross-cutting issues, and to share experiences, ideas, and promising practices to improve the management of information technology and information resources.
F. ResponsibilitiesThe HHS CIO and OPDIV CIOs are key members of the Department's management team for establishing the vision and strategic direction of the enterprise. The CIOs, in full partnership with the OPDIVs' program executives, provide the necessary and critical perspectives and the methods and tools to achieve technology and business improvement. As information technology experts and information resource experts, the CIOs assist their OPDIVs to use information technology in achieving the mission and goals, and deliver high quality products and services to OPDIVs. The CIOs roles include information technology and business life-cycle management activities, showing in Figure F-1, and as detailed below for the ASMB/CIO and OPDIV CIOs.
Figure F-1 CIO Life-cycle Management Activities
The ASMB/CIO will have the following responsibilities unique to this position:
- Advise the Secretary and OPDIV Heads on actions necessary to become and remain compliant with the CCA and OMB IRM policy and guidance.
- As a member of the HHS senior management team, actively participate in strategic planning and performance and results-based management of the HHS enterprise.
- Develop and coordinate HHS IRM strategic plans, budgets, and annualperformance reports, and forward such plans and reports to OMB.
- Represent HHS on the Federal CIO Council.
- Create and maintain a collegial environment with program executives and OPDIV CIOs while using regular meetings of the HHS CIO Advisory Council, program budget analysis, and good business practices to gain acceptance of IRM policies, activities, standards, and decisions.
The OPDIV CIOs will be responsible for the activities shown under the following major information resource management and information technology life-cycle management functions.
a) PLANNING (including the integration of IRM planning with strategic business planning, information technology planning and budgeting, capital planning, and information and architecture development).
The CIO plays a lead role in the business improvement process. This process begins with creating a vision and developing goals, strategies, performance measures, plans, and architectures to move the enterprise into the future. The CIOs' role is critical in providing an enterprise and cross-functional perspective and for advising OPDIV executives as to how information technology will enable current operations, as well as the transition to a more effective environment. Planning responsibilities include the following:
- Participate in strategic business planning and in creating the vision of the enterprise; identify opportunities to achieve the vision.
- Bring an enterprise-wide view; a business process orientation; and an understanding of the OPDIV programs, technology, and organization.
- Serve as the agency's lead information technologist. Develop the agency's information technology architecture. Establish agency IT policies, standards, and processes that implement and support the ITA and other responsibilities.
- Formulates and conducts the agency's IT capital planning and investment review process consistent with HHS and government-wide requirements.
- Define the current information technology environment and provide strategies for closing the gap between the current and the targeted environment as defined in the OPDIV information technology architecture.
- Lead information technology and IRM strategic planning; establish OPDIV information technology performance measures.
- Develop information technology tactical plans and budgets; perform information technology investment analyses and capital planning; make the business case for information technology initiatives.
- Determine probable outcomes for information technology investments.
b) PROCESS IMPROVEMENT
The OPDIV CIO has the necessary enterprise perspective and the infrastructure to support enterprise process design and reengineering. Infrastructure includes architectures, analysis and design methods and tools, and networks and processing platforms that are critical components in enabling process innovation. The CIO responsibilities include the following:
- Partner with operational leaders to reengineer the Department's processes from which systems and information requirements are derived.
- Promote an understanding of the enterprise's cross-functional view, using information and information technology architectures.
- Provide methods and tools to facilitate inter-OPDIV and intra-OPDIV process innovation.
- Provide an information technology infrastructure to test and communicate improved processes.
c) INFORMATION TECHNOLOGY SERVICES DELIVERY
The CIO will manage or oversee the OPDIVs' IRM program to ensure that IRM services support their programmatic and administrative operations. Services include information collection; information dissemination, including printing; data administration, and records management; forms management; information and computer security; conducting and reporting on information resources inventories; requirements analysis; and design, development, and acquisition of system applications and infrastructure.
d) CONTINUOUS IMPROVEMENT
The CIO will continually evaluate the IRM program performance against measures established in strategic and program planning, and against industry best practices. Responsibilities include the following:
- Adjust operational systems and new information technology capital project plans according to lessons learned.
- Identify and leverage information technology assets to support new business opportunities.
- Reuse and extend existing assets.
- Enhance service levels.
- Achieve and raise performance targets.
- Incorporate achievements and lessons learned into the next strategic planning cycle.
The CIO Advisory Council will advise the HHS CIO on the development and promotion of Department-wide IRM goals, strategies, policies, and initiatives and will enhance communication among the OPDIVs. The Council's responsibilities include the following:
- Review proposed or existing Department-wide strategies, policies, and initiatives that concern IRM and recommend appropriate action.
- Respond to proposed or existing legislation, or Government-wide regulations or standards concerning IRM and recommend appropriate action.
- Address IRM issues that cut across OPDIV organizational lines or affect the whole Department, and recommend viable alternatives or action plans when necessary.
- Pursue IRM initiatives through subgroups created to investigate issues and recommendations, new technology, new or revised standards, managerial innovations, or changes in legislation for Council adoption.
- Endorse and recommend individual OPDIVs to take the lead on developing specific Department-wide IRM initiatives.
- Sponsor conferences and symposia to expand the understanding of IRM activities throughout the Department.
Strategic planning is long-term planning (spanning from the present through five years and beyond) that integrates organizational IRM requirements and activities over the planning period.
Capital planning is a discipline used by management to reduce the risk and increase the return associated with making investments.
Information technology architecture is an integrated framework for evolving or maintaining existing information technology and acquiring new information technology to achieve strategic goals and information resources management goals.
(Ref: Clinger-Cohen Act (ITMRA),Public Law 104-208, Title44U.S.C., section 3502, Feb. 10,1996)
Information architectures integrate agency work processes and information flows with technology to achieve the agency's strategic goals; reflect the agency's technology vision and year 2000 compliance plan; and specify standards that enable information exchange and resource sharing, while retaining flexibility in the choice of suppliers and in the design of local work processes.
(Ref: RainesRules for Federal Information Technology Investment)
Information resources management
Information resources management is the process of managing information resources to accomplish agency missions and to improve agency performance, including through the reduction of information collection burdens on the public.
(Ref: Paperwork ReductionActof1995, Pub.L104-13,Title44 U.S.C, section3502.Jan.4,1995)
"Clinger-Cohen Act of 1996."
"Paperwork Reduction Act of 1995" (PL 104-13), Title 44 U.S.C.
OMB Circular No. A-130, "Management of Federal Information Resources", February 8, 1996.
IAC/CIO Task Force "Final Report", dated July 15, 1996.
Executive Order #13011, "Federal Information Technology", July 16, 1996.