When John Thomas Flynn became chief information officer for Massachusetts in 1994, he had to explain to Gov. William Weld what the title meant. But that was the least of Flynn's problems. "There was no model in state government for CIO when I took that position in Massachusetts," he recalled. "I ended up modeling my job after the position at General Motors, which had divisional information officers report to the CIO."
In the five years since Flynn created what he believes to be one of the first true state CIO positions in the country, the role of the CIO still remains ill-defined, making the job complicated, stressful and subject to high rates of turnover. "There's an ongoing dynamic to what the proper role of the state CIO should be," said Flynn, who later became CIO for California and last year joined Litton/PRC as vice president.
On the one hand, states realize they need someone in charge of technology, which now constitutes as much as 10 percent of a typical state budget. On the other hand, nearly half of the states still don't have an official "CIO" position and many still divide IT budgets by agency, each of which has its own IT director and data center.
For CIOs, the reality of working with divided authority and locking horns with independent agency heads can burn out the most determined people. "I think more CIOs fail because the deck is stacked against them," said George Lindamood, former CIO for Washington and now an independent consultant.
Balancing Policy and Operations
If there's one card in particular state CIOs need to be dealt, it's the one for authority. Less than a half-dozen CIOs have a position in their governor's cabinet, according to Flynn, who was president of the National Association of State Information Resource Executives (NASIRE) while California's CIO. "You need two things to get your job done," he continued. "First, the absolute authority from the governor to be accountable for getting the job done, and second, overall operational responsibility for all IT aspects of the state."
Flynn firmly believes that controlling the purse strings makes it easier to get things done, but without operational authority, meeting policy goals can be difficult. He cited a lack of control over California's multiple data centers as a key impediment to his efforts to streamline and improve how the state used IT.
Having that kind of authority can lead to trouble, however. While CIO in Washington, Lindamood held both the policy and operations role for IT, but he was criticized for holding too much power. Ironically, his authority came about because the state was determined to do things the way they were done in the private sector. "I told them if our role is to emulate the private sector, then don't worry about it," recalled Lindamood. "We're doing exactly what the private sector does."
In retrospect, Lindamood now believes separating policy and operations into two different roles makes sense. Not only is the dual role extremely demanding, but there are instances where a conflict of interest could occur. The most obvious example is outsourcing, which is happening with greater frequency these days. "The person in charge of operations is going to resist outsourcing, because it does away with his power," Lindamood explained. "When the same person is also in charge of policy, how can he or she decide, without conflict of interest, when outsourcing is appropriate?"
Harmful Turnover Rates
In 1996, Congress passed the Clinger-Cohen Act, which directed major agencies of the federal government to appoint CIOs. Despite the mandate, a number of cabinet agencies avoided creating the new post. Many of those that followed the mandate failed to give CIOs the power of the purse. The first crop of CIOs also ran into the brick wall of federal bureaucracy, with its legions of civil servants watching political appointees come and go. As a result, few CIOs received the credibility they needed to get the job done. Not surprisingly, frustration among federal CIOs has been high, according to a special report in Government Executive magazine, leading to a steady turnover in the position.
Turnover rates among state CIOs ranges from normal to high, depending on who's talking. "I don't think there's been any more or less turnover," said Michael Benzen, current NASIRE president and CIO for Missouri. "While it may seem high to some, I don't think it's anything to worry about." Part of the recent surge in CIO turnover stems from the election of 21 new governors last November. With elections taking place in approximately one-third of the states every two years, turnover appears to be a constant for CIOs.
But some former CIOs believe the lack of continuity and longevity in a state's senior IT position does a certain amount of harm. "There's some research to indicate that the CIO needs to be on the job for at least four years -- five would be better -- to have an impact," said Lindamood. "But having been there, I can tell you that burnout begins to set in after two or three years." Flynn said he has always believed that CIOs should be appointed by governors, but admits that four years isn't a lot of time to get things done. "There's room for discussion for a more nonpolitical role for CIOs," he observed.
For some, the issue isn't turnover, but the selection process for CIOs. "I'm concerned about what motivates the governor to pick a person for CIO," said John Kost, former Michigan CIO and now vice president of marketing and business development for TRW Public Sector. "Are they being picked for their IT knowledge and knowledge of government or because of some political payoff?" Kost advocates having CIOs who have a close relationship with their governor. He believes close personal relations can be transferred to professional relations that can be leveraged to guide the governor's vision using technology.
"Practice What You Preach"
So how do CIOs change their role from one of consensus-maker working on the periphery with limited authority, to one that controls the power of the purse and has a seat at the governor's cabinet table? One way is to "practice what you preach," according to Flynn. Last year, the association representing state information executives became simply, "NASIRE, Representing CIOs for States," changing its bylaws and extending membership to only those members recognized by governors as the CIO for the state.
Another step has been to open up a dialogue between CIOs and the National Governors' Association (NGA). In February, Kost addressed the Information Technology Task Force at the NGA's winter meeting in Washington, D.C., where he discussed CIO models and best practices. "I spelled out for them what I saw as the four models of a state CIO and the role factors that would be part of any model," Kost explained.
Those four models include: a cabinet-level role, a subcabinet position, a bureau role and a confederation of agencies into an IT board. Kost urged the 23 governors at the task-force meeting to consider the following factors when defining the role of CIO for their state:
What sort of relationship exists between governor and CIO?
Is the CIO responsible for the state's information systems?
Is he or she responsible for telecommunications?
Is the CIO position a policy or operations role?
Does the CIO oversee project management?
Is the CIO in charge of IT purchasing?
How much responsibility does the CIO have for the business process?
Does the CIO have budget oversight on IT projects?
Does the CIO have authority in the area of applications development?
Others, including Flynn, have recommended giving current and would-be CIOs some training to deal with the complex job. "I recommended to NASIRE they start a CIO academy," he said. "I'd like to see a training program for CIOs that's different from what we know about now, such as the Kennedy School approach," referring to Harvard University's John F. Kennedy School of Government.
Specifically, Flynn would like to see training geared toward a life-cycle approach for state CIOs, with emphasis on budgeting, strategic planning, creating standards and tying the knowledge in with the IT community. "Right now, CIOs only exist in half the states," he said. "Who knows, maybe in the next generation we may see more CIOs
rising to executive levels, maybe as governors."
But not everyone believes creating models or setting standards through training is the answer. When Lindamood worked at Gartner Group after leaving the public sector, he received numerous calls asking for a model CIO job description. "We resisted offering one because circumstances vary so widely from state to state," he said. "The list of questions and issues are the same, but the permutations and combinations of answers are not." According to Lindamood, states need to resist writing detailed job descriptions for CIOs. "Some of them are as long as a book in the bible and there's no way a human being can measure up to that," he added.
Others dismiss the idea of creating models or training out of hand. "It would be presumptuous for us to tell the governors what their CIO should be doing," said NASIRE's Benzen. "By the time they are in the position of CIO, they don't need to be told what to do."
Perhaps the best solution is not the model approach, but what could be described as the practical approach. Four years ago, Larry Olson became Pennsylvania's first CIO. Under the direction of Gov. Tom Ridge, he successfully consolidated and outsourced the state's numerous data centers and standardized all desktop software to Microsoft applications.
Olson, who left the public sector last January to become a principal at aligne, Inc., a management consulting firm, explained that he had the governor's authority to set IT policy but used an iron-fist-in-a-velvet-glove approach to meeting his goals. "I knew that taking a disparate group of agencies that had never worked together and using an iron fist to make them agree to my views would never work. I used a consensus approach and it worked." But Olson said while one hand was outstretched in a conciliatory gesture to the state's agencies, it was understood that his other hand held a club, should they get out of line.
Like Kost, Olson believes that CIOs need more than a seat at the table to perform their jobs. "You still need the relationship with the governor as far as the vision of IT is concerned," Olson said. "Your success depends on whether you can get across to the governor and his nontechnical executives the understanding of why they should invest in IT. The governor and his deputies are nontechnical people. They need to understand the value of what you are doing, not what the technology can do."
Olson, who said he knows technology but is not a technical person, said he got his best knowledge on how to be a CIO by sitting down with his colleagues and just talking with them. "Talking with a Carolyn Purcell (Texas CIO) or a John Kost can teach you more in a few hours than you can learn from a week of seminars," he explained.
But the ultimate success factor comes back to who's ultimately in charge and their own vision of technology's role. "Your state may have the best CIO in the country," observed Olson, "but if information technology is not on the governor's agenda, it's not going to happen."