Federal chief information officers have gotten used to the new normal when it comes to lower or at least flat IT budgets, but they still struggle on how best to move money from legacy systems to new or innovative programs.
The budget certainty provided by Congress under the Budget Control Act means senior technology managers are less worried about having money to spend and more concerned about how to change their spending habits.
TechAmerica and Grant Thornton surveyed 59 federal CIOs and other senior technology managers from 32 federal and legislative organizations and found CIOs are spending 73 percent of their budgets on operations and maintenance (O&M) of legacy IT systems.
George DelPrete, a principal with Grant Thornton and the chairman of the TechAmerica CIO Survey, said CIOs reported a drop in O&M spending by more than 10 percent as compared to the 2013 survey. He said respondents attributed that, in part, to the Office of Management and Budget’s PortfolioStat process.
“There is a silver lining in the fact that the budget has been flat over the last couple of years. Many CIOs are saying that that’s really driven them to find smarter ways of doing things and really put an enterprise approach into contracting for things like cell phones,” DelPrete said. “There’s been some very good savings that they’ve achieved because of the budget challenges and austerity they’ve had.”
DelPrete said the fact that budget dropped from the top challenge for federal CIOs to number three is recognition of these efforts.
Securing devices, applications a challenge
Cybersecurity moved back up to the top of most CIOs’ list of concerns and priorities after a brief respite at number two last year.
Of the respondents, 53 percent said threats increased by 25 percent to 50 percent over the previous year, while cybersecurity spending accounted for about 15 percent of all IT money.
DelPrete said concerns over cybersecurity came out through different aspects of the survey. Under mobility, CIOs said they still haven’t figured out whether to lock down the device or the data.
Under cloud, senior IT managers praised the Federal Risk Authorization and Management Program (FedRAMP). Sixty percent said they have taken advantage of the standardized cloud security services, but there are ways to improve it. Some of the suggestions include improving the transparency, pricing and service offerings, as well as increasing the number of vendors who have received approval.
Finally, CIO support for the continuous diagnostic and mitigation is strong, but some said the National Institute of Standards and Technology’s cyber guidance needs to stop being so academic.
One of the biggest surprises from the survey came from those who said CIOs do not need legislative help to do their job. Of the respondents, 27 percent said new legislation is not needed. Of those that said Congress needs to act, 18 percent said acquisition was in most need of reform.
Other CIOs said Congress needs to overhaul the Federal Information Security Management Act (FISMA), which has been on the agenda for the last four years but gotten little traction on Capitol Hill.
DelPrete said 75 percent of the respondents said they control less than half of their IT budget, but many said they have better insight into where and who is spending the IT funds.
“There’s been a big push from OMB through PortfolioStat to create more executive level investment review boards to really have a good dialogue about IT spending and how it’s working,” he said. “It seems like it’s paid some dividends in this area. Even though they don’t own all this money, they do have a say in how it’s being spent, and they look to make some changes.”
Along those same lines, 89 percent of the CIOs said they are using shared services. TechAmerica and Grant Thornton used a broad definition of shared services to mean anything from agencywide or governmentwide contracts to back-office functions, such as human resources or financial management to other commonly used systems or services.
“There are a number of lessons learned CIOs shared with us. One is making sure your requirements are clear; making sure that you know where you are going can meet your needs, the organization has the capacity to provide the capability you need; that you do a rigorous cost analysis to make sure you are achieving that return on investment, and most important, that you have a clear business case to justify why you are making that move,” DelPrete said.
Agile development taking hold
Another big surprise from the survey came from CIOs saying how much they are using the agile development process for projects. About 83 percent said they were using agile or rapid development processes, but 46 percent said they needed to change their agency’s culture to be successful.
“The word agile means a lot of different things to different people,” DelPrete said. “Sometimes it’s modular waterfall, and sometimes it’s true agile development.”
He said some CIOs said they are using agile but describe a mindset that is waterfall, where the program or project must be perfect before it’s released to the customer. The point of agile is to get a version out there, let users test it and improve it as you go along.
DelPrete said there are several lessons learned that emerged from the survey, such as having a clear definition of what “done” means from all stakeholders, educating contracting officers that it’s fine not to have discreet requirements and more collaboration between technology and business folks.
“CIOs talked about how industry could help with the move to agile. They cited a few things such as providing guidelines and processes for how they use agile. They need education and training on how to use it, and provide clear examples of successful developments,” he said.
Everyone is in the cloud
The survey also showed just how integral cloud computing, mobility and big data are as a part of the federal technology landscape.
TechAmerica found 90 percent of the respondents are using cloud computing, mostly for commodity IT, such as email, collaboration, infrastructure-as-a-service and mobile applications. Additionally, the public versus private cloud debate continues to be about even, with 52 percent saying they are using private clouds while 48 percent are using public clouds.
CIOs also are concerned about their workforces, both long-time, skilled employees leaving, but also being able to recruit and train new workers.
DelPrete said program/project management, data analytics and cybersecurity remain the biggest areas of needs for agencies.
“CIOs would like to have models to allow them to look at workload of their staff and better allocate that work among them based on skillsets. That would also help them better justify budgetary needs for new resources,” he said. “The workload has not changed, and many CIOs say they are doing work with fewer staff but the same workload.”
CIOs said they would like to have more hiring flexibilities, including direct hire authority and signing bonuses.