CIO University Learning Objectives
Derived from Clinger-Cohen Core Competencies (Revised 9/00)

Clinger-Cohen Core Competencies

Learning Objectives

1.0: Policy and Organizational

General Discussion: The CIO has one of the most serious positions in the government and must be able to talk to an extremely wide range of people. They work in a fast-changing environment (technology, legislation, policy, and politics) and there is a "felt pain" about the size and scope of the job.

Competency 1.1-Department/Agency missions, organization, function, policies, procedures

1.1 LO 1: Explore the varied interpretations of IT including IT as seen in legislation; IT focus (operational vs. technical), and its typical locations in organizational structures.


1.1 LO 2: List and describe the elements of the CIO's role that are common to all CIOs regardless of size of the organization.


1.1 LO 3: Define the role of the CIO, differentiating between the role of the CIO as the COO of the information group, and the role of the CIO as a critical staff member of the top management team. (See also 5.7 LO4)


1.1 LO 4: Describe the various models/patterns of organizational structure in Federal agencies (including GAO's maturity schema for CIOs) and evaluate the organizational structure of the CIO's own agency to the general models available. (Note: Same as 1.4 LO 3)


1.1 LO 5: Using metrics where possible identify and discuss the environment, attributes, and best practices that characterize an effective CIO organization.


1.1 LO 6 Identify and describe how the IT mission/purpose supports the enterprise mission. (See also 5.1 LO 3)


1.1 LO 7:Identify and discuss the ways in which an organization's stated mission and/or mission statement influences its decision making. (See also 5.1 LO 3)


1.1 LO 8: Discuss and illustrate (using organizational illustrations) how the IT mission and structure supports the organizational mission. (See also 5.1 LO 3)

Competency 1.2-Governing laws and regulations (e.g. Clinger-Cohen, GPRA, PRA, GPEA, OMB Circular A-130, PDD 63)

1.2 LO 1: Legislation such as the Clinger-Cohen Act, the CFO Act and acquisition reform legislation is driving a new management paradigm in the federal government. List the major provisions of such legislation and discuss the implications of such legislation on the CIO and on his/her organization.


1.2 LO 2: Identify current and emerging legislation and or regulation relevant to the CIO's responsibilities. Assess the provisions of the legislation, including performance mandates, and discuss the implications for his/her organization. (See also 5.1 LO 9)


1.2 LO 3: Discuss the role (impact, interaction) of oversight, regulatory, and government-wide policy groups on the CIO and his/her responsibilities and organization.


1.2 LO 4: Discuss the importance of utilizing a comprehensive system or scorecard to track and communicate emerging legislation, regulations, and intergovernmental legislation, including changes in acquisition regulations/guidelines. List the steps necessary to develop, implement and maintain such a monitoring system. (Same as 1.5 LO1: 1.6 LO8)


1.2 LO 5: Compare and contrast metrics that can be used to assess the organization's performance, particularly its compliance with relevant legislation, and the intent of that legislation. Consider both IT legislation and other relevant legislation. (See also 1.3 LO 5)


1.2 LO 6: Assess the impact of technology on the implementation of "electronic government." Consider benefits and unintended consequences. ( See also 1.6 LO 12)

Competency 1.3-Federal government decision-making, policy making process and budget formulation and execution process

1.3 LO 1: Discuss the strategic planning process for the CIO and IT. Demonstrate the importance of the process as it assesses the internal and external organizational environment, addresses organizational strengths, weaknesses, and culture and anticipates and forecasts the impact of future trends.


1.3 LO 2: Design a strategic planning process that links IT/CIO strategic plans to enterprise/program strategic plans, and enterprise/program strategic plans to government-wide strategy, strategic goals and performance objectives.


1.3 LO 3: Discuss the advantages and limitations of different decision-making approaches, and identify a method or methods of effective decision-making that supports the agency mission.


1.3 LO 4: Describe approaches needed to develop a culture/climate of innovation and creativity that will support the Clinger-Cohen mandate to create and develop IT initiatives. (Same as 1.4 LO 8; 2.1 LO 19)


1.3 LO 5: Identify and evaluate methods that assess the CIO's effectiveness as he/she implements the organization's strategic plan. (See also 1.2 LO 5)

Competency 1.4-Linkages and interrelationships among Agency heads, COO, CIO, and CFO functions

1.4 LO 1: Identify and evaluate the attributes of organizational culture and discuss how the organization's culture, affects its decision-making process. (Same as 2.4 LO 4)


1.4 LO 2: Describe traditional Agency head, COO, CIO and CFO roles and functions and compare those to the relationships and outcomes that are mandated by Clinger-Cohen, NRA, and other relevant regulation and legislation.


1.4 LO 3: Describe the various models/patterns of organizational inter-relationships in and among Federal agencies and compare/contrast the organizational structure of the CIO's own agency to general models available to take advantage of these interrelationships. (Same as 1.1 LO 4)


1.4 LO 4: Utilizing a systems perspective, discuss organizational structure, line and staff responsibilities, the flow of communications, independent and interdependent decision-making, and the contribution of IT and the CIO to the organizational structure. Analyze these organizational interactions within his/her own organization.


1.4 LO 5: Describe and map both the structure and the processes of an organization and its information flows.


1.4 LO 6: Assess technology's role in streamlining delivery of services to external entities (include citizenry, federal, state, local and international governments.)


1.4 LO 7:Examine Clinger-Cohen and other recent legislation to identify the mandates to create and develop IT initiatives. Compare these mandates to approaches taken in his/her organization.


1.4 LO 8: Describe the approaches needed to develop a culture/climate of innovation and creativity that will support the Clinger-Cohen mandate to create and develop IT initiatives. (Same as 1.3 LO 4)


1.4 LO 9: Discuss the elements found in a dynamic organizational environment and articulate and apply the methods needed to create a shared vision that empowers such an environment.

Competency 1.5-Intergovernmental programs, policies, and processes

1.5 LO 1: Discuss the importance of utilizing a comprehensive system or scorecard to track and communicate emerging legislation, regulations, and intergovernmental legislation, including changes in acquisition regulations/guidelines. List the elements necessary to develop, implement and maintain such a monitoring system. (Same as 1.2 LO 4; 1.6 LO8)


1.5 LO 2: Discuss the legislative, regulatory and coordination dimensions and mechanisms of intergovernmental programs, policies and processes.


1.5 LO 3: Discuss the effect of Government policy- making, coordinating organizations, and/or advisory groups on individual government organizations.


1.5 LO 4: Oversight and enforcement entities external to the CIO's organization may affect the CIO in fulfilling his/her responsibilities. Discuss the role of the CIO in interacting with these entities and their programs and policies.


1.5 LO 5: Analyze multi-sector partnership opportunities enabled by technology that may assist the CIO in fulfilling the organization's mission.

Competency 1.6-Privacy and security

1.6 LO 1: Define privacy and security. Distinguish between privacy issues and security concerns.


1.6 LO 2: Identify and discuss legislation and regulation regarding privacy and security. Analyze the effect of these laws and regulations in differing contexts.


1.6 LO 3: Evaluate security and privacy laws and regulations relative to the openness that is sought in FOIA (Freedom of Information Act).


1.6 LO 4: Define and discuss concepts involved in IT security technologies, including cyber terrorism and its countermeasures, and various auditing and monitoring tools and techniques.


1.6 LO 5: In a specific agency, be able to analyze current practices regarding both privacy and security, and design systems needed to achieve organizational excellence.


1.6 LO 6: Assess internal and external factors affecting an organization's privacy policies and practices.


1.6 LO 7 Discuss the importance of utilizing a comprehensive system or scorecard to track and communicate emerging legislation, regulations, and intergovernmental legislation-and their effect on privacy and security issues. List the steps necessary to develop, implement and maintain such a monitoring system. (Same as 1.2 LO 4)


1.6 LO 8: Discuss global privacy issues, including those emerging from, and in, the international arena.


1.6 LO 9: Be able to identify and discuss national security concerns emanating from global trade practices.


1.6 LO 10: Discuss and give examples of the importance of planning, developing, and implementing systems addressing privacy and security concerns.


1.6 LO 11: Use a systems approach to describe the potential impact of organizational policies on security and privacy as well as the effect of security and privacy practices on other elements of the organization.


1.6 LO 13: Be able to identify and discuss privacy and security issues that may occur relative to other IT responsibilities such as records management, archival records, freedom of information requests, declassification, firewalls, security involving partners (extended enterprises) etc.


1.6 LO 14: Assess the legal and social effects of emerging technology on individuals including both internal and external customers.


1.6 LO 15: Assess the effect of technology on the implementation of "electronic government." Consider benefits and unintended consequences. (Same as 1.2 LO 6)


1.6 LO 16: Discuss the potential privacy and security "trade-offs" involved when considering collaborative technologies, Knowledge Management, E-Commerce


1.6 LO 17: Discuss concerns regarding the protection of America's critical infrastructures, both governmental and commercial, including power, transportation, banking and telecommunications systems. Include in the discussion, PDD 63, and the Critical Infrastructure Assurance Office (CIAO) and other efforts to protect and maintain America's physical and cyber infrastructure. (See also Core Competency 10 regarding IT Security and Information Assurance)

Competency 1.7-Information Management

1.7 LO 1: Define, discuss, and evaluate technology and technological advancement. Include current and emerging concepts.


1.7 LO 2: Identify and classify the types of agency and interagency resources that may be used for tracking legislation, technology, regulation, and other external drivers. (See also 1.5 LO 1)


1.7 LO 3: Compare, contrast and evaluate internal and external sources of information that will assure awareness and understanding of new and emerging technology and its business implications.


1.7 LO 4: Since rapidly emerging technology can overwhelm the regulatory responsibilities of a government entity, identify and evaluate approaches and methods to anticipate and forecast emerging and future trends


1.6 LO 5: Discuss bleeding edge, leading edge and trailing edge IT, and the importance of maintaining a properly balanced portfolio of technologies in one's organization.


1.7 LO 6: Effective IT management plans in an integrated manner for managing information throughout its life cycle. Discuss the IT planning, budgeting, implementation, and control lifecycle with reference to this concept, (Reference: OMB Circular A-130)

2.0 Leadership/

General Discussion: Management concepts are important but CIOs must move beyond management to leadership. They must be able to understand the dimensions of Clinger-Cohen, and how they play out operationally in their organization. Interpersonal skills are essential for success because of the frequency of change, and the need to communicate vision.

Competency 2.1-Defining roles, skill sets, and responsibilities of Senior Officials, CIO, staff, and stakeholders.

2.1 LO 1 Compare and contrast theories of multiple managerial and leadership roles. Illustrate their application in the workplace.


2.1 LO 2: Know theories of multiple managerial and leadership skills. Demonstrate their application in the workplace.


2.1 LO 3: Compare the various roles and skills of a CIO with the OPM listing of Executive Core Qualifications that all CIOs are expected to demonstrate.


2.1 LO 4: Identify the interpersonal skills demonstrated by leaders and discuss the importance of these interpersonal skills in supporting essential leadership and managerial roles. .


2.1 LO 5 Discuss the importance of CIOs identifying their own interpersonal skill sets, as well as those of their staff.


2.1 LO 6: Define leadership and distinguish among the different types of leaders


2.1 LO 7: Discuss visionary leadership and why such leadership is so important today.


2.1 LO 8 Discuss the relationship between program visionary leadership and technical visionary leadership and the need for both.


2.1 LO 9: After defining the communication process, and the variety of communication media, demonstrate effective communication skills.


2.1 LO 10: Discuss the communications barriers present in various situations and media, and practice/model approaches to overcome and/or manage these communication barriers.


2.1 LO 11: Identify and demonstrate behaviors related to effective listening and feedback


2.1 LO 12: Discuss the advantages and disadvantages of each of the different small group and network communication patterns.


2.1 LO 13: Describe the range-and effect-of interpersonal communications (including media) in individual, small group, and organizational communication.


2.1 LO 14: Discuss and demonstrate the application of the principles of individual behavior and group behavior in organizations.


2.1 LO 15: Define the concept of motivation and discuss its importance in the organization.


2.1 LO 16: Evaluate both need-based theories of motivation and process-based theories. Illustrate/demonstrate the application of these theories in motivating individuals in the workplace.


2.1 LO 17: Identify and analyze the needs of both internal and external stakeholders.


2.1 LO 18: Discuss the advantages and limitations of different decision-making approaches, and identify methods of effective decision-making that support the specific agency mission of the CIO.


2.1 LO 19: Describe the approaches needed to develop a culture/climate of innovation and creativity that will support the Clinger-Cohen mandate to create and develop IT initiatives (Same as 1.3 LO 4 and 1.4 LO 8)


2.1 LO 20: Understand the role of conflict in an organization and demonstrate effective conflict management skills.


2.1 LO 21: Design approaches to champion initiatives

Competency 2.2-Methods for building federal IT management and technical staff expertise

2.2 LO 1: Explain the importance of knowledge capital. (Also see Competency 2.6 Principles and practices of knowledge management.)


2.2 LO 2: Identify approaches, and develop a plan to create an environment that encourages continuous learning. (See also 7.1 LO 1 and 12.0 LO1)


2.2 LO 3: Differentiate among the different learning styles, and discuss/demonstrate how communication and learning opportunities needed to build/maintain technical staff expertise should address a variety of learning styles.


2.2 LO 4: List, describe, and evaluate different individual and organizational developmental tools. Include in the developmental tools: Team building practices, feedback/reinforcement systems, delegation, Junior boards, etc. as well as traditional education and developmental opportunities.


2.2 LO 5: Analyze organizational structures to identify, evaluate, and plan career development paths. (Same as 2.7 LO 8)


2.2 LO 6: Discuss methods and approaches that can be used by staff to maximize training and learning and to utilize new skills. (See also 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)


2.2 LO 7: Compare and contrast the effectiveness of various staff recruitment, development and retention plans. (Also see Competency 2.7)


2.2 LO 8: Analyze organizational structure and current staffing to facilitate succession planning.

Competency 2.3-Competency testing - standards, certification, and performance assessment

2.3 LO 1: Describe, classify, evaluate, and compare IT certifications, tests, and academic degrees presented by IT personnel.


2.3 LO 2: Discuss the concepts of organizational design as they apply to the development of job descriptions appropriate to the organization, and the development of selection criteria based upon both the job description and job specifications.


2.3 LO 3: Some federal positions (such as that for CIO) have legislated and/or regulated requirements. Identify and discuss positions, particularly those impacting IT, for which there are legislated or regulated requirements.


2.3 LO 3: Discuss the role (appropriateness, advantages, limitations) of testing in the selection process.


2.3 LO 4: Although well-designed position descriptions and job specifications are integral to the selection process, they are also fundamental to the development of a comprehensive performance appraisal process. Compare and contrast and evaluate the various approaches to performance appraisal

Competency 2.4-Partnership/team-building techniques

2.4 LO 1: Discuss Organizational Development (OD), and OD techniques, and their role in team building and partnering.


2.4 LO 2: Discuss the principles of group dynamics, and the ways in which the theories of group dynamics assist a manager in anticipating behavior. Give particular attention to the role organizational culture plays in the adoption and support of teams.


2.4 LO 3: List and define typical team roles.


2.4 LO 4 Identify and evaluate the attributes of organizational culture and discuss how the organization's culture, affects its decision-making process. (Same as 1.4 LO 1)


2.4 LO 5: Describe the team building process, including the need for trust and the importance of empowerment.


2.4 LO 6: Discuss and apply the principles of team leadership in a variety of settings including a matrix environment, an inter-organizational environment, and in a systems environment.


2.4 LO 7: Report on the practices involved in good meeting discipline, including when to schedule (and not schedule) meetings, when to make decisions, and when to involve others in the decision-making process.


2.4 LO 8: Evaluate the contributions that self-awareness tools bring to team building.


2.4 LO 9: Discuss significance of diversity and individual differences when involved in team building activities.


2.4 LO 10: Since individual differences extend to learning style(s), differentiate among the different learning styles, and discuss/demonstrate how communication and learning opportunities can address each learning style. (Note: Same as 2.2 LO 2)


2.4 LO 11: Identify appropriate team-building approaches to be used in multi-disciplinary, inter-organizational, and partnership situations.


2.4 LO 12: Compare and contrast the concepts and applications of teaming and partnering.

Competency 2.5-Personnel performance management technique

2.5 LO 1: Support the concept that an organization can be more effective if performance profiles of incumbent personnel are developed, and staffing specifications are developed that address the unit's weaknesses.


2.5 LO 2: Evaluate advantages and disadvantages of different performance management approaches.


2.5 LO 3: Discuss the potential performance advantages of communicating job/role expectations.


2.5 LO 4: Identify possible advantages and disadvantages of utilizing a process in which staff participate in identifying their performance objectives.


2.5 LO 5: Justify the value of timely performance feedback, and identify opportunities to practice such timely feedback.

Competency 2.6-Principles and practices of knowledge management

General Discussion: Knowledge Management involves the use of disciplined processes (and their supporting tools) to optimize application of knowledge in support of the organization's overall mission. Knowledge Management as a discipline is exploding because of needs arising from budget, growth and personnel issues coupled with the realization that knowledge (including the retention and reuse of intellectual capital) has value. Although the availability of technology is enabling the explosive growth being seen in KM, it is essential to remember that Knowledge Management is much more than technology. KM involves linking people to people, people to content and content to content.


2.6 LO 1: Define Knowledge Management and illustrate its value in your organization


2.6 LO 2: Distinguish among each of the four levels (Data, Information, Knowledge, Wisdom) of Knowledge Management


2.6 LO 3: Compare the various roles that a CIO may assume in support of Knowledge Management


2.6 LO 4: Illustrate the strategic importance of Knowledge Management in an organization


2.6 LO 5: Relate the ways in which Knowledge Management can support the strategic goals of an organization.


2.6 LO 6: Examine the effect of knowledge management on individual and organizational effectiveness, including KM's potential effect on business processes.


2.6 LO 7: Explore the role of organizational culture in the development and implementation of an integrated KM process.


2.6 LO 8: Identify and evaluate technological tools that may be used in implementing Knowledge Management systems


2.6 LO 9: Describe the role of technology in converting data and information into organizational knowledge


2.6 LO 10: Develop a policy statement on Knowledge Management that clearly articulates a vision of KM's attributes and its strategic importance to your organization.


2.6 LO 11: Formulate a KM process that incorporates best practices.


2.6 LO 12: Chart a KM process for an organization that addresses identifying the information that is required, the methods of obtaining the information, the role of technology in the KM process, and the ownership of the KM process


2.6 LO 13: Evaluate a variety of organizational approaches (policies, budget, assessment, rewards) that can be used to institutionalize the paradigm shift needed to make Knowledge Management processes successful.


2.6 LO 14: Assess potential linkages among COO, CIO, CFO and CKO functions in an organization. Describe the ways in which these relationships can be enhanced through a comprehensive KM process.


2.6 LO 15: Formulate a strategy to facilitate training and education of knowledge workers within the participant's organization. (See also 2.2 LO 6, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)


2.6 LO 16: Identify approaches that can be developed and implemented to develop a culture of knowledge sharing, collaboration and support of KM.


2.6 LO 17: Distinguish between Communities of Practice and Communities of Interest., and explain their contribution to a comprehensive KM process.


2.6 LO 18: Evaluate approaches to measuring the effectiveness of KM efforts.


2.6 LO 19: Prepare a business case that can be used to support the development and implementation of a comprehensive Knowledge Management process at the participant's organization.

Competency 2.7-Practices which attract and retain qualified IT personnel

2.7 LO 1: Discuss the role of encouragement and recognition in the motivation, learning and retention processes.


2.7 LO 2 Describe the ways in which a culture of trust functions as a motivator, encourages innovation, and retains personnel.


2.7 LO 3: Design approaches to develop and implement a culture of trust.


2.7 LO 4: Discuss the opportunities and challenges present in a workplace that exhibits diversity in gender, race, creed, national origin and generational differences..


2.7 LO 5: Support the concept that a clearly defined and jointly held vision improves personnel recruiting, retention and employee performance.


2.7 LO 6: Justify why a CIO and top management should model a culture of shared vision and shared leadership.


2.7 LO 7: Develop a comprehensive plan to create an environment that encourages continuous learning and provides opportunities for staff to apply learning. (See 2.2 LO 1)


2.7 LO 8: Analyze organizational structures to identify, evaluate, and plan career development paths. (Same as 2.2 LO 5)


2.7 LO 9: List and describe survival strategies in a Civil Service environment.


2.7 LO 10: Compare and contrast the effect of the presence (or absence) of infrastructure on the achievement of organizational mission.


2.7 LO 11: Discuss the motivational and performance effects that empowerment brings to the workplace.

3.0: Process/Change Management

General Discussion: The paramount role of the CIO is as Chief Visionary of the organization. As such the CIO works in strong partnership with the CEO/COO who is the chief change agent. CIOs need to distinguish between the behavioral and affective dimensions of change management (including essential stakeholder "buy-in") that are more related to leadership and the cognitive dimensions of process management that provide "measuring points" and are a tool for change management. It is important that CIOs be familiar with Organizational Development (OD) concepts and OD's importance as an independent discipline. It is also essential for CIOs to be open to the role of Business Process Improvement as a frame/context for introducing any type of new business-based technology change including e-government, Smart Cards and other government initiatives.


3.0 LO 1: CIOs frequently must lead change (technology adoption, skill transfer, etc.) in an organization. Discuss the concept of change, and the dimensions of behavioral change


3.0 LO 2: Discuss the role of leadership in successful change initiatives.


3.0 LO 3: Discuss the role of the CIO as a leader of change in his/her organization. (See also 9.6 LO 6 and 9.7 LO 7)


3.0 LO4: Justify the importance of stakeholder "buy in" in successful change efforts.


3.0 LO 5: Identify and demonstrate the use of approaches that can be used by a CIO to achieve stakeholder support in change efforts.


3.0 LO 6: Discuss Process Management as it relates to change management. Include the roles of strategic planning, and the transfer of strategic vision into tactical goals.


3.0 LO 7: When considering the process of change management, discuss the role of goals, budgets and activities to achieve those goals


3.0 LO 8: Federal CIOs work within a large system that includes the OMB, different administrations, and multiple initiatives requiring change over years. Discuss the dimensions of the government environment as a factor in successful change management.


3.0 LO 9: Evaluate the benefits derived from a CIO "networking" with colleagues, peers, superiors and subordinates as he/she promotes a vision of the organization.


3.0 LO 10: Clinger Cohen mandates that the CIO promote improvements to work processes in organizations. Identify and discuss the ways that CIOs, working collaboratively with the program leadership, may indeed promote such improvements to work processes. Include in the discussion the potential role of interorganizational relationships and partnerships with the business domain.

Competency 3.1-Techniques/models of organizational development and change

General Discussion: It is important that CIOs be familiar with Organizational Development (OD) concepts and OD's importance as an independent discipline. CIOs need to be able to critically assess the organization against strategic goals, be familiar with the tenets of change management, and assess planned change from a systems perspective.


3.1 LO 1: Discuss Organizational Development, its concepts and methods, and its importance as an independent discipline.


3.1 LO 2: Identify and discuss the classical elements of change management


3.1 LO 3. Identify and discuss methods and metrics available for organizational assessment that an executive may utilize to assess the need for change.


3.1 LO 4: Discuss the importance of the organization and its stakeholders being ready for change. Identify approaches to assess workplace culture and environment regarding their readiness for change. Design approaches (including the identification of individuals) to prepare the workplace for change


3.1 LO 5: Demonstrate the ability to perform SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis.


3.1 LO 6: Identify quantitative and qualitative approaches to the evaluation of performance, quality, productivity, customer satisfaction, usability, cycle time, cost, functionality, risk, etc.


3.1 LO 7: Design approaches to recognize, evaluate, communicate and champion change possibilities, including those arising from "best practices."


3.1 LO 8: Resistance to change is an organizational reality. Comprehensively discuss the critical importance of addressing resistance to change. Include identification of the barriers to change, identification and assessment of strategies for overcoming resistance to change, including leverage points and other opportunities to effectively implement change.


3.1 LO 9: List and describe the variety of change techniques and tools including education and training.


3.1 LO 10: Differentiate between voluntary and mandated change strategies and the approaches to their implementation.


3.1 LO 11: Assess planned change from a holistic systems perspective. Include the identification of multiple points at which risk assessment and abatement techniques should be applied.


3.1 LO 12: Design a comprehensive plan to implement, communicate, and champion a unified change initiative.


3.1 LO 13: Organizational Development involves structure, process, and culture. Demonstrate gap analysis approaches to identify staffing needs and to plan for education and training as appropriate. (See also 2.2 LO 6, 2.6 LO 15, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)

Competency 3.2-Techniques and models of process management and control

3.2 LO 1: List and discuss the principles of process management and control.


3.2 LO 2: Compare and contrast the major tools, techniques and methods of process management.


3.2 LO 3: Identify, describe and evaluate process simulation tools used to support process change management.


3.2 LO 4: Describe gap analysis activity (gaps between present and desired state) and discuss the application of its results. (One example: Can I add 90,000 transactions to the network and preserve sub-second response time?)


3.2 LO 5: Assess internal control systems relative to other business systems


3.2 LO 6: Since most process improvements and/or changes have systemic implications, identify and assess the impact of the business process improvement program on all aspects of the organization. (See also 3.4 LO 12)

Competency 3.3-Modeling and simulation tools and methods

General Discussion: Modeling and Simulation tools and methods are valuable adjuncts in Process/Change Management. It is essential to remember, however, that all these tools and techniques should be considered within the context of supporting the mission and strategic plan of the organization.


3.3 LO 1: Identify and describe modeling and simulation approaches. Include among the approaches systems dynamics modeling, benefit cost analysis, costing, capital budget and investment, forecasting, sourcing models (build or buy), and transferability (how transferable it is to the mission).


3.3 LO 2: Compare and contrast among modeling and simulation tools demonstrating that the tools chosen appropriately offer productivity, reliability, availability accessibility in support of the organization's missions.


3.3 LO 3 Demonstrate how to build from business goals to process change and/or technology solutions.


3.3 LO 4: Identify and describe tools for IM/IT product design and development. (Include among the tools OO, data warehousing, COM etc.)


3.3 LO 5: Demonstrate analysis of organizational requirements (assess organization, assess staff, identify expertise and identify gaps), and design a program(s) to train staff in simulation and modeling tools needed to support the organizational mission and its strategic plan. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)

Competency 3.4-Quality improvement models and methods

General Discussion: A valuable adjunct to any discussion on quality is to address the concept of "highest quality" vs. "expected outcome."


3.4 LO 1: Explain the different uses/meanings of the term "quality"


3.4 LO 2: Identify and assess quality factors in business, information and technical areas. Include among the general indicators of quality all the "ilities" such as productivity, reliability, availability, accessibility, and address the "three pesky questions (Core Mission, Outsourcing and Redesign)."


3.4 LO 3: Discuss the dimensions of "quality" when addressing customer (employees, customers, and stakeholders) expectations.


3.4 LO 4: Identify and discuss the ways in which quality can be integrated into the culture of the organization.


3.4 LO 5: Defend the integration of quality dimensions into the articulation of performance standards.


3.4 LO 6: Develop a model of the relationships/linkages that emanate from customer needs and expectations (including quality perceptions), which result in organizational initiatives. Show how these expectations drive strategic planning and are linked to performance goals and objectives.


3.4 LO 7: Illustrate the ways in which quality initiatives (tactical goals) can be developed so that they advance strategic goals.


3.4 LO 8: Describe the CIO's responsibility regarding quality improvement


3.4 LO 9: Differentiate and prioritize among quality factors. Include, but do not limit the discussion to issues such as, "If a 98% quality assurance program costs $100,000 and a 99% quality assurance program costs $1,000,000, the CIO needs to be able to assess the cost/benefit between them"


3.4 LO 10: Discuss and plan ways in which a CIO may analyze organizational requirements and design a program(s) to train staff in quality models and methods. Include in the discussion/planning programs that will address ISO 9000, the Baldridge award, QFD, CMM, Customer vs. Owner. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 10.1 LO 3, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)


3.4 LO 11: Define Activity Based Costing (ABC) and discuss the potential role of ABC as a process assessment tool. (See also 4.3 LO 3 and 4.5 LO 2)


3.4 LO 12: Since most process improvements and/or changes have systemic implications, identify and assess the impact of the business process improvement program on all aspects of the organization. (See also 3.2 LO 6)

3.5 Business Process Redesign/Reengineering Models and Methods

3.5 LO 1: Define Business Process Improvement, redesign, and reengineering (BPI/BPR))


3.5 LO 2: Champy defines reengineering as "the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical contemporary measures of performance, such as cost, quality, service, and speed." Discuss this statement and its implications for an organization.


3.5 LO 3: Trace and assess the history, evolution, and relationships of BPR, BPI, TQM, and similar initiatives.


3.5 LO 4: Identify and discuss the characteristics of successful Business Process Improvement (BPI), redesign, and reengineering (BPR)


3.5 LO 5: List and discuss the models and methods that may be utilized in a comprehensive Business Process Improvement effort.


3.5 LO 6: Discuss the potential problems that may beset a Business Process Improvement effort.


3.5 LO 7: Discuss Business Process Improvement and the CIO's role of a change agent.

4.0: Information Resources Strategy and Planning

General Discussion: IT must be a value-adding dimension of the business plan. IRM strategic planning must begin with the business strategic planning process and integrate with the organization's business functions and plans since business planning and IRM planning are parallel and coupled processes. Thus the CIO must be able to ask the right questions and understand the answers. .
IRM planning should also address cross-governmental and inter-agency planning issues as these are increasingly important in e-government
The planning process itself must be holistic, flexible (not platform or vendor specific), at a high level and must be in balance with the overall business strategy. IT's strategic plan must be a lesson in integrating since IT should be woven into the very fabric of the way the organization does its work.
Understanding IT architecture is essential.


4.0 LO 1: Discuss the advantages and disadvantages to approaches to coordinating IT across government entities in order to facilitate electronic government. See also Core Competency 9.0: E-Government/Electronic Business/Electronic Commerce


4.0 LO 2: Explore the impact of the citizen/consumer's access to government as part of the strategic planning process.

Competency 4.1-IT baseline assessment analysis

4.1 LO 1: Define and describe performance goals and distinguish performance goals from performance standards.


4.1 LO 2: In IT planning, differentiate between "baseline" analysis (inventory of hardware, software and skills) and "assessment" which places that baseline into the business and IT strategic plan.


4.1 LO 3: Identify the reasons that a CIO would need to know the status of the current technology architecture. Describe the process in which current technology architecture, including platforms, networks, etc. is identified.


4.1 LO 4: Explain classical benchmarking, particularly as applied to IT hardware, software, and IT staff skills and abilities. (Reference: "Benchmarking" by Camp)


4.1 LO 5: Evaluate current baseline analysis against established benchmarks.


4.1 LO 6: Describe the ways in which benchmarks may be used to forecast performance of both your organization and your competition.


4.1 LO 7: Evaluate various IT performance analysis and assessment processes.


4.1 LO 8: Explain the importance of IT performance assessment/ analysis and summarize the ways in which assessment results can be used in developing appropriate and timely IRM strategies and plans that support business goals.


4.1 LO 9: Design performance analysis and assessment approaches that address each element of IT. Include technology components (inventory of physical components, technical viability of components, capacity plan to manage extension of inventory and performance measuring plans to assess ability to remain current with technological evolution), personnel (capabilities and skills), organizational structure and culture, and business plan linkage.


4.1 LO 10: Describe and define IT architectural principles.


4.1 LO 11: Evaluate the role of IT architectural principles in IT/IRM strategic planning.


4.1 LO 12: Characterize the baseline architecture of an organization's/agency's IT/IRM.


4.1 LO 13: Discuss and describe the role of IT performance goals and standards with respect to the enterprise/program strategic plan, general goals, and performance goals.


4.1 LO 14: Assess the agency's baseline architecture in terms of its effectiveness in meeting enterprise/program strategic goals and performance goals and identify gaps that should be addressed.


4.1 LO 15: Describe the relationship between IT strategic planning and IT functional analysis.


4.1 LO 16: Describe how IT visionary strategic planning is linked to enterprise/program visionary strategic planning.

Competency 4.2-Interdepartmental, inter-agency IT functional analysis

4.2 LO 1: Define functional analysis in an IRM setting


4.2 LO 2: Define the context (purpose and goals) for functional analysis. Discuss when cross functional work is desirable and when it is not desirable. (Note: Successful CIOs use cross-function systems or data where it adds value to the bottom line.)


4.2 LO 3: Assume there is a mission and a baseline analysis. Analyze the functional requirements for the IT group, including functions that will be needed "cross functionally."


4.2 LO 4: Given the context of an IT interaction, define the current scope (i.e., interagency, intergovernmental, between federal and state, international, etc), and assess the potential challenges and consequences of a wider scope developing


4.2 LO 5: Design systems to address interdepartmental, interagency and intergovernmental functional analyses.


4.2 LO 6: Discuss when OD interventions may be needed for functional analysis to succeed.


4.2 LO 7: List and describe functional analysis tools and issues. Include BPR, security, privacy, accessibility, and open access issues in this discussion. (See also Core Competency 10.0 on IT Security and Information Assurance)


4.2 LO 8: IT needs can be addressed in a number of ways including, "Use what we've got, Build new, Acquire from the private sector, Acquire from the public sector," etc. Compare and contrast these potential solutions.


4.2 LO 9: Justify the statement that "cross-functional IT aspects must be embedded in the system." Include the communication channels (interdepartmental, interagency, intergovernmental) appropriate to the level of discussion.


4.2 LO 10: Identify the criteria required to determine whether to "stop" or "kill" a project. (Same as 5.2 LO 9. See also Competency 6.5 on Project Risk Management and Competency 7.3 on Risk Management Models and Methods.)

Competency 4.3-IT planning methodologies

4.3 LO 1: List and describe a comprehensive IT planning process.


4.3 LO 2: Compare and contrast the range of IT planning methodologies. Include at least the following in the discussion of these IT planning methods: Martin's Information Engineering approach, gap analysis, weighted priorities (especially in terms of backbone questions), modeling techniques, Business Process Improvement and Business Process Reengineering.


4.3 LO 3: Discuss the value of applying Activity Based Costing (ABC) to IT planning. (See also 4.5 LO 2 and 3.4 LO 11)


4.3 LO 4: Define the activities and tasks of IT planning, and assess the interoperability of the resources available

Competency 4.4-Contingency Planning

4.4 LO 1: Identify the need for contingency planning, and for garnering the needed resources to protect against costly IT "events." The discussion should include but not be limited to issues such as the following: Data integrity, Disaster recovery, Emergency preparedness, System crash and backup planning, Cyber terrorism, and Program contingencies such as Y2K was in 1998 and 1999.


4.4 LO 2: Develop and support contingency plans to protect against costly IT "events." Plans should identify risks to the IT plan, inventory opportunities for failure (including degradation of service), and identify resources to protect against such events.


4.4 LO 3: Discuss the value of interoperability of resources in support of contingency needs.

Competency 4.5-Monitoring and evaluation methods and techniques

4.5 LO 1: Identify and describe approaches that will assess value, benefit, and cost of IT and its impact on the business, or the organization's components.


4.5 LO 2: Discuss the value of Activity Based Costing (ABC) in demonstrating the value, and benefits of IT. (See also 3.4 LO 11 and 4.3 LO 3)


4.5 LO 3: Demonstrate the value of establishing periodic and timely reviews and reporting milestones in which IT performance is compared/contrasted to the IT strategic plan


4.5 LO 4: Describe the benefits involved in a periodic review of contingency planning for IT.


4.5 LO 5: Describe the importance of establishing and evaluating program success factors.


4.5 LO 6: Understand project management planning and control tools. (See also Core Competency 6.0: Project/Program Management)


4.5 LO 7: Identify ways in which IT milestones may be linked to the organizational reporting structure.


4.5 LO 8: Describe how to do configuration planning with respect to IT plans, including identifying the baseline and tracking changes to the baseline

5.0 Performance Assessment: Models and Methods

General Discussion: The basic question: Is IT meeting both the business plan goals and the needs of constituents? There must be a "balanced scorecard"-revenue/program accomplishment with both customer and employee satisfaction.
The CIO must be aware of the range of perspectives on performance systems, and of the types of performance measures available and must embrace a systems perspective for IT and its assessment process(es). The CIO must understand the importance of baseline assessment measures-existence, qualitative measures and quantitative measures (example: ROI) in the performance assessment cycle.

Competency 5.1-GPRA (Government Performance Results Act) and IT: Measuring the business value of IT-and customer satisfaction

5.1 LO 1: List and describe non-monetary contributions to business value including usability, efficiency, productivity, perceived value, etc.


5.1 LO 2: Defend the value of gathering and analyzing data and using the information in supporting assessment conclusions and decisions.


5.1 LO 3: Describe how IT strategic planning relates to the business mission, vision, strategy, goals and objectives of an organization. (See 1.1 LO 6, 1.1 LO 7 and 1.1 LO 8)


5.1 LO 4: Describe how the IT systems support the IT strategic plan in terms of business mission, vision, strategy, goals and objectives of an organization.


5.1 LO 5: Develop a strategic plan that is linked to specific performance goals. (See 1.1 LO 6, 1.1 LO 7 and 1.1 LO 8)


5.1 LO 6 identify the ways that IT is tied to an organization's critical success factors.


5.1 LO 7: Discuss how IT relates to both internal (process) customers, and external (Congress, customers, etc.) business drivers.


5.1 LO 8: List and describe how IT aligns with the core process of the business.


5.1 LO 9: List current federal performance legislation (e.g. GPRA, ITMRA, Clinger-Cohen, PRA of 1995, GPEA, CFO Act, Section 5.08, DIWIA and other relevant performance legislation) and describe/discuss the performance mandates that a CIO must address. (See also 1.2LO 2)

Competency 5.2-Monitoring and measuring new system development: When and how to "pull the plug" on systems

General Discussion: It is essential for CIOs to understand that when and how to "pull the plug" is an issue for both new systems and existing systems.


5.2 LO 1: Schematize the entire IT lifecycle (using PPBS or SA CMM SEI at Carnegie Mellon), including both funding and retirement, and show how integral performance measures can support each phase of the cycle. (Also see Core Competency 7.0 on Capital Planning and Investment Assessment)


5.2 LO 2: Evaluate the different approaches to life cycles to determine if the most appropriate life cycle has been chosen.


5.2 LO 3: Identify criteria and integrate "go/ no go" checkpoints into the development life cycle.


5.2 LO 4: List and describe the decision tools and evaluation systems that are typically used to make go/ no go decisions. Include tools that address cost and schedule data as well as rules of thumb such as "when a system gets behind 20%, it is time to `kill' it."


5.2 LO 5: Identify the types of decision tools and criteria that are used within the development life cycle to determine when a system has reached maturity. Discuss the importance of this process. Include concepts such as 80/20 and tools such as Pareto Analysis


5.2 LO 6: Identify criteria to be used when analyzing whether to replace an existing system.


5.2 LO 7: Compare and contrast the characteristics and the challenges involved in "new" systems, both those that are replacing existing systems, and those that are completely new.


5.2 LO 8: Describe the process involved in choosing the most appropriate control measures. (See also 6.3 LO 2)


5.2 LO 9: Identify and evaluate the criteria required to determine whether to "stop" or "kill" a project. (Same as 4.2 LO 10)

Competency 5.3-Measuring IT success: practical and impractical approaches.

5.3 LO 1: List and explain the various criteria (time, budget, etc.) that may be used to determine IT "success." Assess the importance of aligning these criteria with stakeholder needs.


5.3 LO 2: Identify and evaluate approaches/tools for measuring IT success that may be used (based on the organization's need for information). Include among the tools, the GQMM (Goals, Questions, Metrics, Measures) approach, the Balanced Scorecard (financial, customer, internal business process, innovation/learning), Benchmarking, Best Practices, Clinger-Cohen (plus/minus 10 percent), OMB Circular A-11 Exhibit 300 B, Raines Rules, etc. (See 5.5 LO 3 and 6.3 LO 2


5.3 LO 3: Identify and compare leading and lagging indicators that are appropriate for the organization and its activities.


5.3 LO 4:Discuss the need for measurements, the limits of analysis, and the hazards of measurement for measurement's sake.


5.3 LO 5:Distinguish between outcome and output, i.e., what the system needs to achieve and output (what the system does.


5.3 LO 6: Discuss the importance of identifying a few critical measures of IT success, and devise systems to keep those "critical measures" visible.


5.3 LO 7: Explain the role of survey instruments in achieving IT success.


5.3 LO 8: Assess success relative to risk.

Competency 5.4-Processes and tools for creating, administering and analyzing survey questionnaires.

5.4 LO 1: Discuss the importance of questionnaires and other survey instruments in addressing customer satisfaction and helping to identify gaps that may exist in the "soft side" of IT.


5.4 LO 2: List, describe and evaluate the strengths and weakness of a variety of survey collection techniques including interviews, elite interviews, focus groups, surveys, questionnaires, etc.


5.4 LO 3: List, describe and evaluate the applicability of frameworks such as maturity measures, CMM, ISO 9000, questionnaires in specific organizational settings.


5.4 LO 4: List and discuss the characteristics of good survey design. Discuss validity and reliability. (Reference: GSA link to GAO documents.)


5.4 LO 5:Discuss possible "interactions" among various survey instruments, and the importance of addressing the risks arising from such interactions before they occur.

Competency 5.5 Techniques for defining and selecting effective performance measures.

5.5 LO 1:Support the statement that the "Key Criteria in establishing measures of effective performance is alignment-alignment with stakeholder needs, mission, vision, critical success factors, etc."


5.5 LO 2: Discuss the advantages and disadvantages of building user feedback into the design and development of performance measures.


5.5 LO 3:List, describe, and evaluate techniques that are appropriate for measuring effective performance. Identify where these techniques/practices may be found. Include best practices, benchmarking etc. (See also 5.3 LO 2 and 6.3 LO 2)


5.5 LO 4: Discuss the importance of identifying the purpose of establishing specific measurements of effective performance. Anticipate the use of the data obtained and identify the "behavior" that may need to be modified.

Competency 5.6-Examples of and criteria for performance evaluation

5.6 LO 1: Identify, evaluate and report on sources of performance evaluation information including internal databases, government-wide databases, proprietary databases, and web sites such as ( and Performance Pathways (


5.6 LO 2: Identify and prioritize criteria that address strategic and tactical dimensions of IT, demonstrating the ways in which typical criteria can be focused (business, information quality, technical application) and evaluating whether the technology is fulfilling strategic business needs as well as the tactical dimensions of service, information and system quality.


5.6 LO 3: Discuss the approaches to, and the value of identifying/ prioritizing customers and stakeholders.

Competency 5.7-Managing IT reviews and oversight processes

5.7 LO 1: Discuss the significance/importance and impact of IT reviews.


5.7 LO 2: Define the role and responsibilities of managers (program managers, project managers, program leads, etc.) in the IT review process.


5.7 LO 3: Beginning with the requirements definition phase, identify key performance parameters for each phase in the lifecycle that's being used. (See also 4.5 LO 6; and 5.1 LO 4)


5.7 LO 4: Describe the dual role of the CIO-as CEO in IT and in the Clinger-Cohen role in agency leadership. (See also 1.1 LO 3, and 1.4 LO 2)


5.7 LO 5: Describe the importance of the CIO "having a seat at the table." Consider that as part of the CIO's line responsibility, he/she is responsible for the reviews and the oversight process. He/she must have visibility in the process-and also has the responsibility to advise the organization's leadership team.


5.7 LO 6: Show IT's strength as a solution provider that can demonstrate business value.


5.7 LO 7: Design a method to ensure that measurement data that has been collected in the assessment process is used in the review and decision making processes.

6.0: Project/Program Management

General Discussion: Both program management and project management require the same set of skills, including communication, effective decision making, and team building. However, there is a difference in scalability and granularity between the management of projects and programs, and therefore a need to distinguish between the two.

    Project Management: A project may be an element of a program, is relatively short term and has a defined beginning and end. They are often detail oriented and may change.
    Program Management
    : A program is considered to be a set of related on-going activities with a common focus and could include multiple projects. Although a program has a target, it is not bounded in time, and can accommodate change.
    Decision-making is essential to both project and program management.


6.0 LO 1: Examine the importance of ethics, integrity and objectivity in program/project management.


6.0 LO 2: Describe the elements that affect the deployment of enterprise-wide program oversight capabilities.


6.0 LO 3: Justify the requirements of a project by demonstrating that the program is related to the enterprise mission and GPRA..


6.0 LO 4: Develop procedures for establishing and maintaining a Configuration Control Board (CCB).


6.0 LO 5: Define a project in terms of internal and external factors.


6.0 LO 6: Identify the types of external integration opportunities that exist with vendors, extranets, distance learning, etc.

Competency 6.1-Project scope/requirements management

6.1 LO 1: Classify how programs/projects fit into the global picture of organization, other programs, Congress, and the organization's internal and external stakeholders.


6.1 LO 2: List and define the elements involved in the scope (money, time, people, impact, etc.) of the program/project being considered


6.1 LO 3:Discuss how the program/project scope elements address the needs of the organization, including its vision, values, history and culture


6.1 LO 4: Discuss the way in which vision impacts scope and requirements, i.e., most of the project resources are committed once the planning stage is completed.


6.1 LO 5: Illustrate the essential and central role of information/knowledge in the management of projects/programs


6.1 LO 6: Assess and anticipate the potential positive and negative effects that arise from change (mission, organizational structure, organizational resources, and global


6.1 LO 7: Discuss how to identify, manage and control project requirements.


6.1 LO 8: Discuss the ways in which project requirements affect project scope and scope management.


6.1 LO 9: Illustrate how poor requirements may cause "requirements creep."


6.1 LO 10: Discuss and design approaches systems to track both technology changes and user needs changes so as to reduce risk.


6.1 LO 11: List and discuss the types of organizational and project change that may occur due to partnering.


6.1 LO 12: List and evaluate risks that may emerge to threaten the success of a program.


6.1 LO 13: Evaluate the decision-making methods and tools (both micro and macro) and analyze the outputs they make available to the project/program manager.


6.1 LO 14: Discuss the implications of rapid design modeling techniques and methods on requirements and scope management.


6.1 LO 15: Analyze the need (business/mission) that is driving the requirements.

Competency 6.2-Project integration management

6.2 LO 1: Define and illustrate project integration and implementation.


6.2 LO 2:Develop plans to integrate project management and business management.


6.2 LO 3: Establish software management approaches to include promotion of process improvements, COTS risk assessment, human systems integration design and applications security analysis.


6.2 LO 4: Discuss and give examples of the importance of innovation and creative thinking in creating alternate program integration strategies.


6.2 LO 5: Describe integration across programs including the reallocation of resources.


6.2 LO 6:Compare, contrast and evaluate available "knowledge management" tools.


6.2 LO 7: Assess the value of electronic communication tools as an integration driver.

Competency 6.3 Project time/cost/ performance management

6.3 LO 1: Describe and evaluate project management planning techniques and tools that support the project lifecycle.


6.3 LO 2: List, describe and evaluate project/program performance metrics. (See also 5.2 LO 8, 5.5 LO 3)


6.3 LO 3: Identify criteria and analyze performance, resources, cost, and schedule in order to achieve business objectives.


6.3 LO 4: Discuss the importance of program control processes and industry best practices.


6.3 LO 5: Describe the importance of financial management techniques and tools.


6.3 LO 8: Identify, evaluate, and integrate cost, time and performance drivers so that the tradeoffs that are made are reached in a realistic way.

Competency 6.4-Project quality management

6.4 LO 1: Define characteristics of quality. Include usability, quality assurance and quality control.


6.4 LO 2: Identify quality requirements and evaluate/establish metrics to achieve those requirements.


6.4 LO 3: Identify and discuss ways to build quality into systems.


6.4 LO 4: Design and implement approaches to obtain feedback from users.


6.4 LO 5: Design approaches, including the use of metrics that cover the full range of quality requirements, which assure that quality programs are implemented.


6.4 LO 6: Discuss the advantages of independent verification and validation (IV&V) and design approaches to tie IV&V to the quality assurance program.

Competency 6.5-Project risk management

6.5 LO 1: Define risk


6.5 LO 2: Assess project management risk, including at least the five (technical, supportability, cost, schedule, and programmatic) major types of risk.


6.5 LO 3: Identify, discuss, develop and disseminate risk taxonomy. (Reference: SEI from Carnegie Mellon University and Defense Systems Management College.)


6.5 LO 4: Identify approaches to quantify risk assessment and to prioritize among risks. (Reference: DSMC Risk Management manual.)


6.5 LO 5: Describe and evaluate the risk mitigation process, and how it is tailored to particular situations.


6.5 LO 6: Evaluate monitoring and control systems. Discuss their implementation.


6.5 LO 7: Discuss the need for risk management in completed systems. Include discussion of the "larger environment" in which the system will be functioning.


6.5 LO 8: Define the risk management process.


6.5 LO 9: Characterize the differences among risk management, problem management and crisis management.

Competency 6.6-Project procurement management

6.6 LO 1: Describe the project management lifecycle.


6.6 LO 2: Discuss the CIO's lifecycle responsibility for project and program management.


6.6 LO 3:Describe the CIO's involvement in the early phases (concept exploration and procurement) of acquisition management.


6.6 LO 4: Identify necessary metrics to manage cost, schedule, and performance throughout the project lifecycle.

7.0 Capital Planning and Investment Assessment

General Discussion: it is essential that CIOs understand the importance of Capital Planning and Investment Analysis. Clinger-Cohen mandated such planning and assessment and changed the "rules of the game." Successful industry does the same things.
Clinger-Cohen decentralized IT and made each agency autonomous in the way it plans, invests in and implements IT. Capital planning is needed to provide a framework for running government with the same disciplines as private business.
In addition to Clinger-Cohen other legislation involved in these significant changes include:

    PRA-Paperwork Reduction Act of 1995,
    -Government Performance and Results Act (Results Act) (PL 103-62),
    Title V Extract-Federal Acquisition Streamlining Act of 1994 (PL 103-355) which sets standards for planning, organizing and monitoring projects,
    Chief Financial Officers Act (PL 101 576)

    BEA-Budget Enforcement Act
    BBA-Balanced Budget Agreement

The OMB and the White House have also issued guidance related to the acquisition and management of information resources, including:

    OMB Circular A-11
    OMB Circular A-94
    OMB circular A-109
    OMB Circular A-123
    OMB Circular A-127
    OMB Circular A-130
    Executive Order 13011 Sec. 2(b)(3)
    OMB Memorandum M-97-02

In the new paradigm IT decisions need to be supported by using business case analysis. Business cases will be presented to the Investment Review Board that includes the CIO. Finance and acquisition will need to be linked to capital planning.
IT is only one of six CIO responsibilities emanating from the PRA and the Clinger Cohen Act. These responsibilities are:
1. Information collection and burden reduction
2. Statistical activities
3. Records management
4. Privacy (Privacy Act)
5. Information Technology
6. Security


7.0 LO 1: Discuss the appropriation process and the way that politics (both local agendas and national issues) may affect the capital planning and investment process


7.0 LO 2: Use a structured process to identify functional requirements and assess if those requirements support core mission.


7.0 LO 3: Evaluate the role of the "three pesky questions (Core mission, Outsourcing, and Redesign)" iin Capital Planning and Investment Assessment


7.0 LO 4:Compare and contrast differing Portfolio and individual approaches to projects.


7.0 LO 5: Identify and analyze the hard criteria (e.g. ROI and shelf life) and the soft criteria (Veteran's Administration addresses "principles" such as internal customer satisfaction, quality of life, etc.) that would be included in the IT capital planning and assessment decision-and design a sample evaluation instrument that reflects these criteria as well as other forms of performance metrics.


7.0 LO 6: Since all capital planning and investment assessment decisions should be evaluated across a broad spectrum of criteria, discuss the value of developing a uniform (within an agency) approach to evaluate alternative investment decisions.
(Note: This need for evaluation assumes that there are limited resources (fiscal, human, etc.) available for capital planning and investment.) (See also 7.7 LO 4)


7.0 LO 7: In addition to monetary metrics, identify, compare and evaluate metrics such as human capital, customer satisfaction and internal growth when assessing capital planning and investment projects. (Reference: BSC method)

Competency 7.1-Best practices

General Discussion: Although there are current "best practices" in cost benefits, risk management, etc., the CIO needs to be aware of both current best practices and emerging best practices. Thus, a desirable approach to "Best Practices" is one that emphasizes continuous learning.


7.1 LO 1: Identify the approaches needed, and develop a plan to create an environment that encourages continuous learning.(Same as 2.2 LO 2)


7.1 LO 2: Identify and evaluate current Best Practices in capital planning and investment. Include the GAO, information technology, Investment Maturity Model (ITIM), OMB among those evaluated.


7.1 LO 3: Evaluate current and emerging Best Practices relative to the enterprise's strategic plan.


7.1 LO 4: Develop approaches to examine internal and external processes and practices and to develop appropriate benchmarks.

Competency 7.2-Cost benefit, economic, and risk analysis

7.2 LO 1: Describe and interpret a variety of methodologies used in cost benefit, economic and risk analysis.


7.2 LO 2: Compare and contrast among the methodologies used in cost benefit, economic and risk analysis in order to be able to implement a single set of methodologies with common standards throughout a large organization. (See 7.6 LO 5)


7.2 LO 3: Compare and contrast the implications of commonly used metrics such as ROI, NPV, IRR, MIRR etc. This comparison should address not only the outcomes of the metrics, but also the assumptions upon which the metrics are based. Note: Some methods (NPV) result in positive or negative numbers, while IRR results in a percentage, but is less robust. Often percentages are more appealing, and more compelling.


7.2 LO 4: Analyze cost and economic data, assess its quality, and communicate its meaning to others.


7.2 LO 5: Identify and evaluate qualitative approaches that can be used in risk analysis in addition to the more traditional quantitative methodologies.


7.2 LO 5: Analyze the quantitative data behind qualitative decisions adequately to be able to ask appropriate questions. (See 7.6 LO 5)


7.2 LO 6: Justify the reason that Clinger-Cohen requires a risk-adjusted ROI before making an investment.


7.2 LO 7:When presented with a need, evaluate a variety of solutions that include but are not limited to IT-based solutions.

Competency 7.3-Risk management models and methods

7.3 LO 1: Discuss the reasons why risk analysis and risk management are vital. Include discussion of the role risk management plays and how the specifics relate to the organization and its mission.


7.3 LO 2: Discuss and illustrate each of the three major areas of risk-cost, technical (including obsolescence) and management capability


7.3 LO 3: Compare and contrast the commonly accepted standards, tools, and methods used in risk management


7.3 LO 4: Apply and evaluate commonly used best practice risk management models including opportunity cost, sunk cost, etc. (References:, documents from the GAO Investment Guide; OMB A94, A11 Part 3, Capital Programming Guide; and GAO Report assessing Risks and Returns)


7.3 LO 5: Given a business case, be able to apply risk management models and methods.


7.3 LO 6: Develop and implement an approach that will scan internal and external customers, stakeholder acceptance/"buy-in", schedule, acquisition, safety, feasibility, etc to identify significant hard and soft areas of risk that might have be missed through the exclusive use of the commonly used best practice risk management models.

Competency 7.4-Weighing benefits of alternative IT investments.

General Discussion: In many enterprises, it is assumed that a question or a need can best be addressed through an IT solution. However, it is essential for the CIO to be aware that IT is not the answer to every problem. There may be a variety of possible solutions-and IT applications and/or investments may represent only a part of those solutions. A CIO must look at Clinger Cohen. The CIO must know what the enterprise business is and use this information to identify gaps and deficiencies.


7.4 LO 1 Create an analysis and decision-making process that will ensure that when a CIO is presented with a need, ALL alternatives (and not only IT alternatives) are evaluated.


7.4 LO 2: Compare and contrast the commonly accepted standards, tools, and methods available for evaluating benefits of alternative IT investments.


7.4 LO 3: Compare and contrast the advantages of uniform IT investment assessment standards vs. the value of flexibility in assessing alternative IT investments. Include OBM A 94, A11 (a standard), and "best practices" in the discussion.


7.4 LO 4:. Discuss the role of forecasting in cost-benefit analysis. Include situations in which IT systems are making an investment in information that does not show up immediately in the ROI, but needs to be inserted into the ROI forecast.


7.4 LO 4 Evaluate cost benefits of alternative IT-and non IT-solutions, and be able to support and justify the best alternative.

Competency 7.5-Capital investment analysis-models and methods

7.5 LO 1: Compare and contrast and demonstrate the use of the various capital investment models and methods, e.g. Capital Assets Pricing Model (CAPM), Internal Rate of Return (IRR), Net Present Value (NPV), Modified Internal Rate of Return (MIRR), etc.


7.5 LO 2: Select and apply the appropriate model to analyze Capital Investment in IT.


7.5 LO 3: Critique the Balanced Score Card (BSC) method and justify its use as part of the capital investment analysis process.

Competency 7.6-Business case analysis

7.6 LO 1: List and define the elements (customers, management, and technical cost) of a Business Case Analysis.


7.6 LO 2: Discuss each of the elements of a comprehensive Business Case Analysis. The elements to be discussed include at least:
1. Best practices;
2. Business Process Reengineering, Business Process Improvement and Benchmarking
3. Cost benefit, economic, and risk analysis
4. Risk management;
5. Weighing the benefits of alternative IT investments;
6. Evaluating over time the impacts and effects in technical, acquisition, risks, and organizational areas.
7. Capital investment analysis;
8. Portfolio analysis
9. Integration of performance with mission and budget process


7.6 LO 3: Utilizing case studies, examine how Business Case Analysis provides the means to evaluate the quantitative and qualitative aspects of competing investment opportunities. (One illustration: The FBI has three investment initiatives before it: 1) Add 1500 agents to the field; 2) Obtain laptops for field agents; and 3) build a new building.).


7.6 LO 4:Discuss the use of and be able to apply "Raines Rules" in developing a Business Case Analysis.
Reference: Raines Rules Document [from OMB Memorandum of October, 1996--

Business Case Analysis-demonstrate a projected return on the investment that is clearly equal to or better than alternative uses of available public resources. Return may include improved mission performance in accordance with GPRA measures; reduced cost; increased quality, speed, or flexibility; and increased customer and employee satisfaction. Return should be adjusted for such risk factors as the project's technical complexity, the agency's management capacity, the likelihood of cost overruns, and the consequences of under- or non-performance.)


7.6 LO 5:Verify the validity of measurements used in developing/calculating investment metrics.
Note: The CIO need not be a financial analyst, but must be able to understand different methodologies that have been used to calculate return, etc. See also 7.2 LO 1; 7.2 LO 2; 7.2 LO 4; and 7.2 LO 5


7.6 LO 6: Compare and contrast the models and methods of Business Case Analysis, both in government and in industry. (Examples: Ratio analysis, a typical business tool, could be used to assess against performance/outcomes against agencies of similar size and mission. Public Building Services have developed benchmarks against private industry real estate firms.)

Competency 7.7-Integrating performance with mission and budget process.

7.7 LO 1: Evaluate the contribution of specific capital investment initiatives to mission performance. Example: If your organization is charged with safety, as is FAA, that mission aspect will be a qualitative factor in capital planning decisions.


7.7 LO 2: Discuss the role of capital planning in an agency's strategic planning process.


7.7 LO 3: Demonstrate the importance of alignment of capital planning with agency mission.


7.7 LO 4: Develop approaches to assess the qualitative and quantitative contribution of capital planning investments to the agency mission. (See also 7.0 LO 6)

Competency 7.8-Investment review process

7.8 LO 1: Discuss the need for an investment review process. Include in the discussion, the role of the "decision makers" (and who they may be), and an identification of the types of information that will be needed.


7.8 LO 2: Identify the information and measurement tools that will be needed for the investment review process. Include "checkpoints" that may trigger additional information.


7.8 LO 3: Discuss different approaches to the investment review process. Include approaches that are oriented to the culture of the specific organization, e.g., some organizations are detailed and quantitative, others are consensus based, etc., and select appropriate approach to their culture.


7.8 LO 4: List the stages of an investment review process. Design an investment review process that includes each of these steps/stages.


7.8 LO 5: Since an investment lifecycle has many points of investment, describe the capital planning process in life-cycle terms. Include OMB Circular A11 in the discussion.

Competency 7.9-Intergovernmental, Federal, State, and Local Projects

7.9 LO 1: Assess the impact of regulation on state and local partners. Include budget effects, etc. Examples may include "Welfare to Work," Medicare, etc.


7.9 LO 2: Identify and/or design shared solutions within and/or between agencies/governments to leverage investments.

8.0: Acquisition

General Discussion: Acquisition links technology investment to the business outcomes and results, as defined by the end consumer. Acquisition needs to move from what been a singular focus on process to one that considers both process and objectives. Acquisition anticipates what is needed before it is officially stated, and develops requirements that include the end users and must be linked to business outcomes.
The CIO must understand the new dynamic, and understand lifecycle management. He/she must move from a risk averse process to one of risk management, and create an innovative acquisition environment throughout the organization. The CIO should monitor changes in acquisition models and methods.
Acquisition includes four stages-(1) Defining the business objective; (2) Requirements definition and approval; (3) Sourcing and (4) Post-Award management. The post-award management phase can be multi-year, and the CIO must be aware of technology cycles, and the impact of the length of the cycle.
Acquisition needs to be seen as part of a larger structure or process in which it is one link in the capital planning and strategy process. It is the "cost" part of the cost/benefit analysis. The CIO must understand his/her role in business objectives, and forge a partnership with the other senior leaders of the organization.
There needs to be a dynamic interplay between industry choices/resources and acquisition decisions
The CIO and senior management should understand the impact of government on industry, both in terms of laws and regulations, the impact of specific procedures, and the actual acquisition process.


8.0 LO 1: Compare and contrast acquisition, contracting, and procurement.


8.0 LO 2: Describe the various phases with the acquisition lifecycle. Include reference to maintenance phase, purchasing, training, etc.

Competency 8.1-Alternative functional approaches

8.1 LO 1: Describe the ways in which a strategic plan, annual performance plan, specific requirements, and capital planning process must drive the acquisition strategy.


8.1 LO 2: Demonstrate the development of an acquisition strategy. Include interpretation of internal and external environments, the business, fiscal and political environments, awareness of A76 methodology, contracting strategy, and technological and environmental change in the development of the acquisition strategy.


8.1 LO 3: Identify and evaluate the range of alternatives to acquisition that should be explored in the pre-phase of the project. Include the role of technology, reengineering, architecture, training, processes, procedures, elimination of functions, etc. in the listing of alternatives.


8.1 LO 4: Discuss alternative ways to translate the business objective into requirements. (IRS Example: Instead of acquiring a system, one option was to retain a company to do the acquisition).


8.1 LO 5: Since change may occur through technology or through organization, define the role of CIO in leading change. (See also 3.0 LO 3, 9.6 LO 6, and 9.7 LO 6)


8.1 LO 6: Discuss the differences between acquisition as a planned event and as a reactive event. In particular address reactive events that may be described as poor planning, i.e., a 5-year contract is due to expire in 6 weeks, and acquisition must react.


8.1 LO 7: Illustrate the use of cost, schedule, and performance goals to plan and manage acquisitions.

Competency 8.2-Alternative acquisition models

Discussion: Competency 8.2 and Competency 8.3 examine different dimensions of the same concept.


8.2 LO 1: Define the components typically included in an acquisition model. These components might include relationship between government and supplier, internal relations, motivation of supplier, elements of sourcing, etc.


8.2 LO 2: Compare, contrast, and evaluate various acquisition philosophies. Include, but do not limit the identification to: changing the operational process instead of purchasing; doing the work in house or outsourcing; outsourcing to one or to several contractors; intergovernmental outsourcing; unitary RFP or multiple awards; level at which the acquisition is managed (e.g., seat management -- all desktop needs to one contractor, versus individual PC support contracts.)


8.2 LO 3: Justify the need to design acquisition philosophies and models that fit the organization's mission, needs and culture.


8.2 LO 4: Design an acquisition philosophy or model that fits the organization's mission, needs, and culture. Among the factors considered include sourcing issues, type(s) of contract, award fees, use of subcontractors, etc.


8.2 LO 5: Evaluate the variety of processes or methods available for acquisition. Include the FAR (which includes several methods), DFAR, UCC, etc.


8.2 LO 6:Using tools, methodologies and rules evaluate the development acquisition model/plan for different acquisitions. Include the vehicle to be used, i.e., GSA schedule; contractor(s) motivation; unitary RSP or multiple awards etc.

Competency 8.3: Streamlined acquisition methodologies

8.3 LO 1: List and describe various acquisition models. Include among the models considered: DoD 5000; FAA's spiral development model; IRS's outsourcing acquisition-agency as super system's integrator; commercial best practices (off-the-shelf) SAP (Streamlined Acquisition Process); Defense Enterprise Program (C17); and USMC Compressed Acquisition.


8.3 LO 2: Compare, contrast, and evaluate acquisition methodologies. Include, but do not limit, the analysis to:
1. Methodologies which establish internal decision making process
2. Time, budget, performance, risk management as elements of analysis.
3. Determination of resources or authority to acquire by self, e.g., single procurement vs. OMB circular A 109 Fly-off,
4. Procuring an annual renewable service approach (as opposed to purchasing)
5. Relations with users and industry during the process
6. Evaluation methodology to be used
7. Commercial item (COTS driven)
8. RFP/solicitation
9. Market research/RFI (request for information)
10. GWAC (Government Wide Acquisition Contract)
11. Delegate parts of process (Executive Agent needed)
12. GSA Schedules


8.3 LO 3: Describe the process of creating/engineering streamlined acquisitions.

Competency 8.4-Post-award IT contract management models and methods, including past performance evaluation

8.4 LO 1: List and describe post-award contract management methods and strategies that must be anticipated and incorporated into the planning phase of the contract. Include at least the following in the listing and description:
· Performance based service contracts.
· Methods of control (interfaces, checkpoints).
· Benchmarks (agreed-upon).
· Tracking performance -- build a system for tracking and rewarding good performance.
· Creating incentives for good performance (includes share in the savings e.g. California Franchise Tax Board)
· Managing changes in the contract -- negotiation between users and contractors about requirements scope creep
· Termination strategies


8.4 LO 2: Discuss the management of partnering relationships. Include organizational interface and structure of the relationship (motivation, checkpoints, information needs, metrics).


8.4 LO 3: Discuss the importance of pre-termination and termination decision points.

Competency 8.5-IT acquisition best practices

8.5 LO 1: Devise systems for tracking and evaluating commercial and other public sector "best practices." Include state, local, and other federal agency best practices. Discuss the importance of leading change and implementing appropriate best practices.


8.5 LO 2: Discuss approaches to encouraging ethical acquisition behavior on the part of all involved in the acquisition process.


8.5 LO 3: Discuss leadership and managerial approaches that will create an environment of trust within the organization.
(References: SA-CMM, Software Program Managers Network (both a repository and a network)


8.5 LO 4: Define "knowledge management, knowledge sharing as it relates to Acquisition. (See also Competency 2.6: Principles and practices of knowledge management)


8.5 LO 5: Explore the resources of the Project Management Institute and the Project Management Body of Knowledge (PMBOK) (Note: PMBOK has been adopted by the IEEE and serves as the de facto US standard for project management. See to download the PMBOK. The Information Systems Specific Interest Group is the largest SIG in PMI and is experiencing the fastest growth. Its URL is

9.0: E-Government/
Electronic Business /Electronic Commerce

E-Government, E-Business, E-Commerce is changing the look of business, the feel of business and the way business and government work. It is changing the traditional way of viewing the individual agency and its needs. E-Government demands that CIOs be aware of their stakeholders (program managers, functional areas, employees, suppliers, the public) as customers. Customers want to go to a single point for action/information-and they are not interested in distinctions among governmental entities. An enterprise cannot perceive itself as an "island," but may need to seek partnerships.
CIOs need to have a strategic vision for e-Government and e-Business, and needs to utilize business case analysis and BPR/BPI. Program leadership should be responsible for identifying and implement e-government solutions that will improve business effectiveness.
CIOs should be aware that there might be a distinction between e-Government and e-commerce. They will be dealing with intra- and inter-governmental agencies, and external customers. There is a stewardship responsibility, and security/privacy concerns. Certain roles are inherently governmental and can't be "contracted out." CIOs must engage in risk management in making certain decisions regarding e-government.
Baseline technology underlies e-Government and CIOs should maintain a model of continuous improvement enabling the model of e-business through utilization of emerging technologies.


9.0 LO 1: Since e-government appears to lend itself to economies of scale, evaluate potential collaborative efforts, and the risks and benefits that might result from such efforts.

Competency 9.1-Strategic business issues and changes with the advent of

9.1 LO 1: Evaluate the demands of e-government and e-business as driven by external factors, legislation, regulation and market place factors


9.1 LO 2: Evaluate the demands of e-government along with the other critical issues vying for support in the budget and relate them to mission alignment, budget oversight, and capital planning coordination in an effective planning process.


9.1 LO 3: Evaluate internal factors, including record-keeping, human resources, etc. when making decisions involving e-government, e-commerce.


9.1 LO 4: Plan and develop business case processes in support of e-government initiatives.


9.1 LO 5: Evaluate alternative business models and partnerships for delivery of e-government services that are enabled by technology.


9.1 LO 6: Analyze value of ERP, supply chain, CRM in developing appropriate e-government projects.


9.1 LO 7: Defend the importance of maintaining a citizen/public focus in the strategic planning process


9.1 LO 8: Justify the need to develop a strategy for integrating vision and implementation issues in e-government initiatives.


9.1 LO 8: Analyze the potential impact of e-government solutions on employees, customers and suppliers.


9.1 LO 9: Identify and evaluate the "new" time frames and new skill sets needed for successful e-government.

Competency 9.2-Web development strategies

General Discussion: Web development, like e-government, raises new issues. It is essential that delivery strategies be part of the overall strategic planning for e-commerce. There will be new development cycles, and training required for them. CIOs may wish to consider putting a web-interface on a "legacy system" as part of a multi-part BPR/BPI, while redeveloping the legacy system(s) into a more modern approach. Privacy and security issues have to be borne in mind, and may require modifications in COTS products.


9.2 LO 1: Assess the impact of web development technology on the implementation of e-government.


9.2 LO 2: Evaluate build/buy/partnership issues relative to web development.


9.2 LO 3: Assess delivery strategies as part of web development


9.2 LO 4: Identify strategies and oversight required for web-based development


9.2: LO 5: Explore the organizational implications and structure needed for web-based development


9.2 LO 6: Discuss approaches to web content management


9.2 LO 7: Compare, contrast and evaluate a single agency approach to e-government vs. a multi-agency portal with a common infrastructure.


9.2 LO 8: Identify and evaluate best practices to determine when to move a project on-line.


9.2 LO 9: Analyze considerations related to privacy, security and accessibility in government web sites.

Competency 9.3-Industry standards and practices for communications

9.3 LO 1: Identify and evaluate industry standards and practices regarding development of programs, projects, etc., in support of e-government.


9.3 LO 2: Evaluate the differences between browser-based and client-based applications and their applicability to the information required.


9.3 LO 3: Compare, contrast, and evaluate customer relations management in private sector and government implementations. :


9.3 LO 4: Identify advantages and disadvantages of developing interagency common operating environments. Consider political, cultural and business dimensions in such common operating environments.

Competency 9.4-Channel issues (supply chains)

9.4 LO 1: Identify and define the different channel and supply chain issues (including people, data, and suppliers) in e-government and e-commerce.


9.4 LO 2: Evaluate supply chain models to ensure that the various channels of service delivery are both mission focused and optimized.


9.4 LO 3: Explore optional expansion of potential channels through federal exchanges and auctions, including property asset disposal.

Competency 9.5-Dynamic pricing

General Discussion: It is important for CIOs to understand transaction-based fees and models and where to "draw the line" between free transactions and revenue producing transactions in e-government.


9.5 LO 1: Compare and contrast the history of government-based public information transactions and those that occur in the private industry


9.5 LO 2: Analyze and evaluate alternative funding models in development and delivery of e-government, e-commerce, e-business.


9.5 LO 3: Discuss the ways in which the CIO can facilitate the discussion(s) to determine the value of government information.

Competency 9.6-Consumer/citizen information services

9.6 LO 1: Discuss the existing CRM models and evaluate the value of those models to the participant's agency.


9.6 LO 2: Evaluate the significance of market research and consumer profiles in e-government, e-business.


9.6 LO 3: Forecast consumer/citizen expectations regarding e-government.


9.6 LO 4: Identify and evaluate alternative methods, including kiosks, to address the digital divide in the delivery of e-government services and information. (Same as 9.7 LO 4)


9.6 LO 5: Discuss the advantages and disadvantages of marketing internally and externally to deliver government services public electronically.


9.6 LO 6: Discuss the role of the CIO as a leader of change in e-government, e-commerce. (See also 3.0 LO 3; Same as 9.7 LO 6)

Competency 9.7-Social issues

9.7 LO 1: Identify today's critical social issues (including privacy, affordability, accessibility, security, etc.) and the role of the CIO as his/her enterprise enters e-government, e-commerce.


9.7 LO 2: Define, discuss and understand the Digital Divide.


9.7 LO 3: List and discuss the laws (and regulations) relative to security, privacy, accessibility, confidentiality, Freedom of Information Act and PKI and their applicability in e-government, e-commerce.


9.7 LO 4: Identify and evaluate alternative methods, including kiosks, to address the digital divide in the delivery of e-government services and information. (Same as 9.6 LO 4)


9.7 LO 5: Evaluate e-government and its potential role in organizational change.


9.7 LO 6: Discuss the role of the CIO as a leader of change in e-government, e-commerce. (See also 3.0 LO 3; Same as 9.6 LO 6)

10.0: IT security/information assurance

General Discussion: IT security/Information Assurance (IA) involves Critical infrastructure protection (CIP.) There is a clear link between CIP and IA, which may be defined as the preservation of the availability, integrity, and confidentiality of the mission critical information via resisting, recognizing and responding to attacks, accidents and adverse conditions. DoD defines IA as availability, integrity, confidentiality, non-repudiation, and authentication.
The CIO must constantly manage risk in which business competencies have to be balanced with lock down and lock out procedures. In addition there is the issue of balance--risk vs. cost. There may be a need for the CIO to categorize mission critical information for risk analysis and planning and implementation and to determine the level of protection required.


10.0 LO 1: Discuss the dimensions of risk management in IT security/IA. Include time that the system can be down, optimizing cost vs. functionality, using cost/benefit analysis to determine level of risk, probability of event and cost of the event.


10.0 LO 2: Describe the techniques of the IT security discipline. Include encryption, access control, physical security, training, threat analysis, authentication and policy issues.


10.0 LO 3: Discuss organizational change including mobile commuting, remotely connected devices (laptops and Palm Pilots), and telecommuting (home use, telecommuting sites, GFE vs. personal PC) and evaluate IA threats and needed policy initiatives.


10.0 LO 4: Discuss the potential threats to IA and IT security arising from criminal (fraud, extortion, theft) exploitation of our system.


10.0 LO 5: Examine the impact of breaches of IT security/IA such as loss of integrity, confidentiality, loss of business, loss of good name, as well as the potential threat of litigation.

Competency 10.1-Fundamental principles and best practices in IA

General Discussion: It is essential that a CIO identify and institutionalize IA best practices into the policies, procedures, and training of his/her organization. This institutionalization extends to acquisitions and additional scrutiny upon vendors/contractors to ensure that they too are using best practices IA. A particular challenge for the CIO is the cost inherent in good IA since IA is a process that balances risk vs. cost (manpower, money, access.) Although OMB has stated that there will be no new money for IA and that it must come from existing IT budgets, CIOs MUST plan for these costs. In particular they need to be aware that the 1994 joint security commission recommended 5%-8% be spent on IA while the Gardener Group identified expenditures of 8%-10% on IA, except in enterprises where 10% IA expenditure has been identified as the norm. In addition, training should be a significant component of a comprehensive IA policy. Employees must understand the importance of IA, be committed to using best practices, recognize when they (or their system) is under attack, and know immediate actions to take.


10.1 LO 1: Define IA and discuss its significance for specific agencies and organizations


10.1 LO 2: Identify recognized sources of best practices in IT security/IA. Include CIO web page, NIST, FedCIRC, JTF-CND, NIPC CIAO, SANS, NDU, CIS, CSI, SEI, GAO, NCSC, and SSI among the sources.


10.1 LO 3: Discuss the development of strategic alliances in IA and the role they may play in assuring fundamental principles and best practices in the discipline.


10.1 LO 4: Develop a continuous learning plan that monitors and disseminates information and training about IA best practices throughout the enterprise. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 13, 11.0 LO 2 and 12.0 LO 2)


10.1 LO 5: Justify the vital importance of determining the current security state of practice within the organization.


10.1 LO 6:Develop base-line measures of the security state of practice, and perform gap analysis to identify security initiatives that must be undertaken.


10.1 LO 7: Since resources and needs may be different in different agencies, develop a risk management plan that articulates a hierarchy of needs to protect systems for the participant's specific agency, and that incorporates those needs into the agency budget..


10.1 LO 8 There is a need for "thin" IA policies that provide for agile and adaptive solutions. Design thin, agile, adaptive policies and procedures that provide checklists, contingency planning, accreditation, accountability, monitoring, resistance, recognition and response to accidents, attacks and adverse conditions and training appropriate for the participant's agency. (Same as 10.3 LO 3)


10.1 LO 9: Discuss the importance of phasing, scheduling and institutionalizing from within a broad group of best practices so as to address organizational culture and mission.


10.1 LO 10: When outsourcing, justify the importance of requiring best practices, and the value of linking outsourcing to alliances and partnerships that require best practices.


10.1 LO 11: Defend the importance of evaluating the IA and core competencies of vendors/contractors as well as the level of performance in achieving the contract outcomes.


10.1 LO 12: Discuss approaches that ensure that IA principles are built into entire policies and systems from the beginning.


10.1 LO 13: Design a comprehensive internal policy that stresses the internal relationships between IT and programmatic areas and will articulates the role of IT in providing tools (training, passwords, protection, etc.) for data protection as identified by the programs.


10.1 LO 14: Defend the role of ongoing training in institutionalizing IA and IA best practices throughout the organization. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 11.0 LO 2 and 12.0 LO 2)

Competency 10.2-Threats and vulnerabilities to IT systems

General Discussion: CIOs and their staff must be aware that threats can be internal or external (both local and remote) and may even originate in software coding which may contain errant codes, back doors and Trojan horses.


10.2 LO 1: Deduce the security implications of software assurance, including legislation dealing with source manufacturing. Include internal GOTS, external COTS, internet/intranet, legacy codes, applicable legislation regarding source manufacturing, and the individuals (US trained vs. H-1B visas vs. off-shore workforce) developing software.


10.2 LO 2: List and discuss hardware and architecture security issues and interdependences. Include National Information Infrastructure (NII), locks and guard dogs, directed energy and chipping, the possibility that hardware and applications can be modified, and the use of a "certificate to operate" as the USAF requires.


10.2 LO 3: Describe the importance of using private vendors who have internal code scanning tools (ex. Mercury and McCabe), network scanning tools (ex. Tivoli), and application specific scanning as found in such private sector vendors as MS, Cisco, and Sun.


10.2 LO 4: Justify the resources needed to build a "sensible" workflow wherein IA issues can be tracked including JIT applications, sub-contracting issues, PKI, etc.


10.2 LO 5: Evaluate the cost benefits of higher-level models and architectures regarding vulnerability including communication models, and data in use, motion and at rest


10.2 LO 6: Discuss the capabilities, tools, and methods of hackers, and state-sponsored intruders and attackers such as hactivists, transnational organized crime, industrial and international espionage.


10.2 LO 7: Discuss the role of human factors in IA. Include human computer interaction, design, training, sabotage, human error prevention and error identification, personal use policies and monitoring, and internal contractor integrity. (See also 10.3 LO 6)


10.2 LO 8: Evaluate tools sets available to the CIO to assess security posture of the network and applications such as red teaming, white hatting, security evaluations and security audits (See also 10.3 LO 7 and 10.4 LO 2)


10.2 LO 9: List and discuss the IA concerns of threat model elements, disclosure, destruction, distortion and disruption (denial) of information.


10.2 LO 10: Evaluate telephone access and potential vulnerability to systems.

Competency 10.3-Legal and policy issues for management and end users

General Discussion: CIOs need to be highly aware of organizational accountability issues. Someone can gain access to your network, and you have a responsibility to other organizations. There may be legal implications due to lack of due diligence. Personal information may be disclosed, there may be a loss of public trust and poor public relations. It is also essential for CIOs to understand the relationship between having firm baselines and the ability of an organization to respond to threats. (One example involves an attack on a hospital involving patient monitoring systems, but the hospital couldn't change configurations despite threats.)


10.3 LO 1: Evaluate risk management (accurate, timely, available data protected from intrusion and misuse) vs. organizational accountability (the potential of an enterprise-wide attack launched through a single desktop PC) and the need to look at cultural changes and issues such as the advent of e-government.


10.3 LO 2: Discuss the importance of organizational accountability.


10.3 LO 3 There is a need for "thin" IA policies that provide for agile and adaptive solutions. Design thin, agile, adaptive policies and procedures that provide checklists, contingency planning, accreditation, accountability, monitoring, resistance, recognition and response to accidents, attacks and adverse conditions and training appropriate for the participant's agency (Same as 10.1 LO 7)


10.3 LO 4: Discuss the relationship between having firm baselines and the ability of an organization to respond to threats.


10.3 LO 5: Justify the importance of having a configuration control policy and a Configuration Control Board (CCB) to ensure IA


10.3 LO 6: Discuss the role of human factors in IA. Include human computer interaction, design, training, sabotage, human error prevention and error identification, personal use policies and monitoring, and internal contractor integrity. (See also 10.2 LO 7)


10.3 LO 7: Evaluate tools sets available to the CIO to assess security posture of the network and applications such as red teaming, white happing, security evaluations and security audits. (See also 10.2 LO 8 and 10.4 LO 2)


10.3 LO 8: Design contingency plans to cover the inherent risks to IT. Include both IT security contingency plans as well as disaster recovery, business resumption, etc.


10.3 LO 9: Discuss the importance of legal review of IT policies and behaviors, including rules of evidence and forensics issues, right to privacy, constitutional oversight, system administrator limitations and network monitoring. Remember the importance of "train of evidence" that may be needed for forensic study.


10.3 LO 10: Justify the need for software licensing policies and personnel policies.

Competency 10.4-Sources for IT security assistance

10.4 LO 1: Define advice and assistance terminology-security evaluations (vulnerability and/or risk assessment to establish level of practiced security); security audit (determination of the adherence to a designated policy);, red teaming (unanticipated review penetration testing emulating what an adversary might do to a network); and white hatting (anticipated review with actual intruders under controlled conditions).


10.4 LO 2: Evaluate tools sets available to the CIO to assess security posture of the network and applications such as red teaming, white hatting, security evaluations and security audits. (See also 10.3 LO 7 and 10.2 LO 8)


10.4 LO 3: Develop policies to identify and report intrusion activity. This will require that the CIO must know of existing reporting systems, including when and where to report intrusion activities. (Same as 10.5 LO 1)


10.4 LO 4: List and discuss response assistance that is available. Include CERT, CIAC, Service CERTs, DOD CERTs, FedCIRC, and commercial services including MS security group and Cisco.


10.4 LO 5: Design and justify policies to establish vehicles for IA assistance


10.4 LO 6: Discuss the importance of understanding and using information sharing and analysis centers as well as other partnership=based security assistance programs. Include FSISAC (financial), IT-ISAC, TISAC (telecom), and EP-ISAC (electric power) in the discussion.

Competency 10.5-Standard operating procedures for reacting to intrusions/misuse of federal IT systems

General Discussion: CIOs need to ensure that a process exists to address threats, restorations and corrections, as well as notification to users, partners, and the public as necessary. CIOs also need to be aware of legal implications and appropriate partnering with law enforcement.


10.5 LO 1: Develop policies to identify and report intrusion activity. This will require that the CIO must know of existing reporting systems, including when and where to report intrusion activities. (Same as 10.4 LO 3)


10.5 LO 2: Evaluate the development and use of "information conditions" that indicate that specific threat awareness levels and prompt specific preparedness activities.


10.5 LO 3: Justify the development, testing and use of Notification Policies covering intrusion or misuse. Include users (with potential "need to know" stratification, notification of strategic partners and alliances, and public notification (PAO, FOIA, and Congress as necessary).


10.5 LO 4: Discuss potential legal implications in responding to intrusions as well as partnering with law enforcement.


10.5 LO 5: Differentiate between restoration and recovery procedures.


10.5 LO 6: Design policies to be used during restoration and recovery operations, including policies address human and fiscal resources, contingency support agreements with other agencies, etc.


10.5 LO 7: Describe the CIOs role in the development and promulgation of misuse policies.


10.5 LO 8: Describe the learning opportunities that may arise from "incidents." Develop feedback processes to maximize these learning opportunities.

11.0: Technical

General Discussion: One must distinguish between technical and technology. A CIO must have an integrative understanding of how technology works, but not be technical in the sense of a developer. The CIO must understand the strengths and weaknesses of tools, how they work, what they are good for, and also their limits.
Communication skills are essential for CIOs. There is a huge dichotomy between the people and technology sides of an organization. The CIO must play the role of a "universal translator" especially regarding technical ideas and terms. The CIO must be able to ask the right technology questions and understand the answers since the CIO needs to make decisions and judgments.
The CIO needs to know what the state-of-the-art technology is, and must have more breadth (rather than depth) in emerging technology.
The CIO must be able to make use of analytical processes, including statistical measures, in order to make competent decisions.
The CIO should bring technical vision (interaction between the business and technology) to guide the organization into new business directions while remembering that the business rules must be the drivers of the technology.
It is critical that the CIO be "savvy" about the organizational culture and is able to manage not just the culture, but also the culture's expectations. Thus, interpersonal skills are as essential as technology in facilitating complex social and people issues.
The CIO must distinguish between the technology itself and the process of applying the technology, and must take a systems-approach to technical issues.


11.0 LO 1: Discuss approaches for translating information technology needs into knowledge and skill sets for the workforce. .


11.0 LO 2: Describe the various methods for assessing the state of organizational and individual training. Include an understanding of a "gap analysis" that portrays to the rest of the agency the need for specific organizational and individual IT training. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, and 12.0 LO 2)


11.0 LO 3: Evaluate methods for developing individual and organizational training plans, measuring the effectiveness of the training conducted and certifying, when possible, the training of individuals and organizations.


11.0 LO 4: Defend the importance of examining the business mission, strategic drivers, and alternative solutions (including "contracting out) before embarking on an IT solution.

Competency 11.1-Information, technology, architectures client/server, collaborative processing, telecommunications

11.1 LO 1: Discuss the Clinger-Cohen mandate for developing IT-enabled business solutions according to an enterprise-architecture framework.


11.1 LO 2: Evaluate the value of CRUDES (Create, Retrieve, Update, Delete, Exchange, and Share) when developing architecture.


11.1 LO 3: Compare and contrast the dimensions of different architectural frameworks. Include the DoD architecture framework with the corresponding Federal architecture frameworks.


11.1 LO 4: List and define the taxonomy of architecture. Include organization architecture and structure, and form vs. function. (Reference: Federal Enterprise Architecture Conceptual Framework; the State of Oregon at and ; and DoD which uses analogy of systems=blueprint, technical=building codes; operational=requirements)


11.1 LO 5: List and discuss the main elements of the enterprise architecture. Map the current enterprise architecture so as to develop a baseline (as is) and design for the future (what is to be.)


11.1 LO 6: Discuss the need for, and the development of a transition plan to move IT from where it is to where it will be going. Note that this requires knowledge of available technology.


11.1 LO 7: Describe the multi-dimensional nature of architecture and its need to evolve over time. Discuss the need for security as it relates to architecture.


11.1 LO 8: Justify the need to build or develop a history of the organization's architecture and the business cases that were used to support it.


11.1 LO 9: List and discuss the Federal architecture guidance (including the potential use of contractors) for business and technology drivers.

Competency 11.2-Emerging/developing Technologies

11.2 LO 1: Classify technology by "state of the art" and by organization.


11.2 LO 2: Design a process that monitors emerging technologies and provides some evaluation of the technologies.


11.2 LO 3: Design a process that evolves standards


11.2 LO 4: Distinguish between risk management approaches to legacy and pioneering technologies.


11.2 LO 5: Discuss Enterprise Application Integration (EAI) and Identify ways to integrate emerging technologies into existing processes and into existing and planned IT infrastructure.

Competency11.3 Information Delivery Technology (Internet, intranet, kiosks, etc.)

11.3 LO 1: Discuss information delivery technology trends


11.3 LO 2: Discuss the legalities and subtleties of electronic communication technologies, including when to use written, verbal, fax, e-mail, etc. as well as hardware and software considerations.


11.3 LO 3: Compare and contrast communication media, considering impact and architecture. Include Net-iquette, iconographic communication, layers of meaning, etc.


11.3 LO 4: Compare, contrast, and evaluate the strengths and limitations of various communications media.


11.3 LO 5: Describe and define communication protocols.


11.3 LO 6: Discuss current ethical and intellectual property issues.


11.3 LO 7: Evaluate the public policy implications of media choices.


11.3 LO 7: Describe and evaluate potential liabilities inherent in adopting new technology.


11.3 LO 8: Discuss the equal access issues in information delivery. Include both Section 508 (handicapped access) and limited access to selected communities.

Competency 11.4-System life cycle

11.4 LO 1: Discuss the IT lifecycle as a discipline. List and describe the components of the system lifecycle.


11.4 LO 2: List and describe the standards such as SEI, ISO 12207, STD-16, ISO 9000 etc. that apply to the life cycle.


11.4 LO 3: Identify the impact of costs, benefits, risks, resources and time to market on the system life cycle.


11.4 LO 4: Distinguish between system development life cycle and the system life cycle.


11.4 LO 5: Describe the technology architectures, i.e., systems, hardware, software, and communications.


11.4 LO 6: Evaluate the different parts of the life cycle to achieve a useful and cost effective outcome.


11.4 LO 7: Describe the impact of Commercial-off-the-shelf (COTS) availability to the build or buy decision.


11.4 LO 8: Discuss the heuristics of life cycle-when to know when you have enough etc. Include Total Cost of Ownership, lessons learned, etc.


11.4 LO 9: Discuss the importance of managing change.

Competency 11.5-Software Development

11.5 LO 1: Evaluate the strengths and weaknesses of different models, approaches and methodologies relating to software development such as CMM, emerging best practices, IDEF, RAD, JAD, IBT, OO and Spiral Development.


11.5 LO 2: Discuss the importance of adopting and applying a systems engineering perspective and process to software development.


11.5 LO 3: Develop a process to analyze the make vs. buy decision. Understand statistical measures as a tool to make informed decisions.


11.5 LO 4: Discuss Pareto's law and the impact of core requirements-i.e., 80% of the design and testing is up front before coding begins.

Competency 11.6-Data Management

11.6 LO 1: Discuss the value of relating information management and data management plans to the use of information I the agency.


11.6 LO 2: Discuss the criticality of data interoperability and the role of data standardization in it.


11.6 LO 3: Contrast information management to data management.


11.6 LO 4: Evaluate reliability and validity of data, including originating source and processing of the data.


11.6 LO 5: List and describe the attributes (availability, accessibility, security, volatility, usability, manipulability, etc.) of data management.


11.6 LO 6: Discuss both traditional and emerging concepts and technologies of data management including process modeling, EAI, data cleaning, data modeling, data mining, data warehousing, data exchange and interchange etc.


11.6 LO 7: Describe and analyze problems of scale.


11.6 LO 8: Measure, evaluate and justify the cost and value of data and data quality.

12.0 Desk Top Technology Tools

General Discussion: It is expected that the CIO and his/her staff will be familiar with and competent in the use and applications of desktop technology tools.


12.0 LO 1: Identify the steps needed, and develop a plan to create an environment that encourages continuous learning, such learning to include competency in the use and applications of desktop technologies. (See also 2.2 LO 1 and 2.2 LO 3)


12 LO 2: Discuss the implications, cost-benefit, productivity, etc. of training mandates such as those contained in Executive Order 11299 and other directives. (See also 2.2 LO 6, 2.6 LO 15, 3.1 LO 13, 3.3 LO 5, 3.4 LO 10, 10.1 LO 3, 10.1 LO 13, and 11.0 LO 2)