Summary

To help address the many challenges being faced by federal agencies, Congress has enacted a series of laws designed to improve agencies' performance. The Clinger-Cohen Act of 1996, for example, requires that each agency head designate a Chief Information Officer (CIO) to lead reforms to achieve real, measurable improvements in the agency's performance through better management of information resources. Recognizing the importance of the CIO position, congressional requesters asked GAO to conduct two reviews. The first, reported in July 2004, discussed the extent to which federal CIOs had responsibility for 12 functional areas that GAO had identified as either required by statute or critical to effective information and technology management, including information technology (IT) capital planning, strategic planning for information resources, and information security and privacy. This report focuses on the responsibilities of CIOs at 20 leading private-sector organizations. The questions GAO addressed were (1) What are the responsibilities of these CIOs, and how do they compare with those of federal CIOs? (2) What are the key challenges of these private-sector CIOs? (3) How do these organizations govern their information and IT assets enterprisewide?

The CIOs of most of the 20 leading private-sector organizations GAO met with had either sole or shared responsibility for 9 of the 12 information and technology management functional areas. Almost all of the private-sector CIOs had responsibility for five areas: (1) systems acquisition, (2) IT capital planning, (3) information security, (4) IT human capital, and (5) e-commerce. In only three areas--information dissemination and disclosure, information collection, and statistical policy--did half or fewer of the CIOs have responsibility. Eleven of the private-sector CIOs reported that aligning IT with business goals was their greatest challenge. Other major challenges that the CIOs frequently cited include controlling IT costs and increasing efficiencies, ensuring data security and integrity, and implementing new enterprise technologies. The private-sector CIOs described several approaches to governing their companies' IT assets, including utilizing an executive-level committee with the appropriate decision authority and establishing cross-organizational teams to drive broad collaborative efforts such as enterprisewide business processes. Several CIOs also described their ongoing efforts to balance between centralization and decentralization of decision authority as their companies' competitive environments evolve.