enterprise architecture


enterprise architecture

Analytics: Enterprise Architecture as an Enabler of Analytics Part I of II

Monday, March 5th, 2012 - 10:46
Monday, February 20, 2012 - 09:44
Over the next two posts, we will explore the enterprise architecture as an enabler of analytics. Most public sector organizations are all too aware of the incoming flood of information that they face on a daily basis in the form of both structured and unstructured data.  This information explosion has the potential to both overwhelm an agency’s internal systems and create management challenges that can hinder the execution of the agency’s charter.   Analytics drives intelligent decision making and helps predict future outcomes

Richard Spires

Wednesday, September 29th, 2010 - 10:21
Mr. Spires is responsible for the department's $6.4 billion investment in Information Technology (IT).
Radio show date: 
Tue, 10/05/2010
Intro text: 
Mr. Spires is responsible for the department's $6.4 billion investment in Information Technology (IT).
Magazine profile: 

Richard A. Spires

Wednesday, September 29th, 2010 - 10:17
Richard A. Spires was appointed in September 2009 to serve as the Department of Homeland Security’s (DHS) Chief Information Officer (CIO). In this capacity, Mr. Spires is responsible for the department’s $6.4 billion investment in Information Technology (IT). He leads and facilitates the development, implementation, and maintenance of the department’s IT architecture. Mr. Spires is the chairman of the DHS Chief Information Officer Council and the Enterprise Architecture Board.

HUD Transformation Initiative

Tuesday, January 12th, 2010 - 16:42
As mentioned here a few days ago in  blog entry on innovation, the Department of Housing and Urban Development has been given in fiscal year 2010, what seems to be a large pot of money and new authority to conduct a transformation initiative in four areas that have been historically underfunded in HUD as well as most other agencies: Research, evaluation, and program metrics Program demonstrations

Bajinder Paul interview

Friday, June 12th, 2009 - 20:00
Bajinder Paul
Radio show date: 
Sat, 06/13/2009
Intro text: 
Bajinder Paul
Complete transcript: 

Originally Broadcast June 13, 2009

Washington, DC

Welcome to The Business of Government Hour, "A Conversation About Management with a Government Executive Who is Changing the Way Government Does Business." The Business of Government Hour is produced by the IBM Center for the Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving Government effectiveness. You can find out more about the Center by visiting us on the web at businessofgovernment.org.

And, now, The Business of Government Hour.

Mr. Morales: Welcome to another edition of The Business of Government Hour. I'm Albert Morales, your Host, and Managing Partner of the IBM Center for the Business of Government.

Against the backdrop of one of the tumultuous years in the U.S. financial history, the Office of the Comptroller of the Currency continues to perform its primary mission of examining, supervising, and chartering national banks.

For OCC responding to the challenges of this economy requires a workforce with the right skills, motivation, and experience. It also requires a sound information technology strategy and an adaptive information technology infrastructure because failures in technology or technology related controls can jeopardize a bank's safety and soundness, as well as its ability to comply with laws and regulations.

With us this morning to discuss the IT strategy of his Office is our very special guest, Bajinder Paul, Chief Information Officer at the Office of the Comptroller of the Currency. Bajinder, welcome to the show, it's a pleasure having you here.

Mr. Paul: Well, thanks very much, Al, and it is a pleasure to be here this morning with you.

Mr. Morales: Also joining our conversation is Roxanne Aldrich, Partner in IBM's Treasury Practice. Roxanne, welcome, good to have you.

Ms. Aldrich: Good morning. Nice to be here.

Mr. Morales: Bajinder, let's start by providing our listeners some context about your organization. Could you take a few minutes and provide us an overview of the history and the mission of the Office of the Comptroller of the Currency, otherwise known as OCC?

Mr. Paul: Absolutely, and by the way that's an excellent question to start with. Just to give your listeners some background, some context about the OCC, or the Office of the Comptroller of the Currency, the OCC was established in 1863 as an independent agency of the Department of the Treasury. Now, the OCC is really the primary regulators of the national banks in this country. The OCC charters, regulates, and supervises all of the national banks in the U.S. and, in fact, in addition to the national banks we also supervise and regulate Federal branches of foreign national banks, as well.

In terms of the metrics, the overall metrics, the OCC manages close to or regulates about 1,700 national banks, 50 branches of the foreign national banks.

In terms of the assets, this is important when you talk about the mission of the OCC, the OCC regulates or supervises close to about $9 trillion in commercial banking assets, so that sort of gives your listeners the magnitude of the mission of the OCC.

And really an executive summary, the mission of the Agency is to really ensure the safety and soundness of the national banking system. The OCC has close to about 3,100 employees throughout the country. We have four district offices, 17 field offices throughout the country, and the majority of our workforce is in the field, examining the national banks. Some of these banks include, for example, some of the largest banks in the country, the Bank of America, the Wells Fargo's, the JPMorgan Chase, as well as many midsized and community banks throughout the country. So that's what really what we are at the OCC in terms of the mission.

Mr. Morales: Great, so with a mission that broad and 1,700 national banks, I think you mentioned, and $9 trillion, can you put a little bit of a finer point around how OCC is organized to meet all these various missions, and tell us maybe a little bit more about the geographic footprint in terms of district offices or where people reside within the organization?

Mr. Paul: Absolutely. If you look at the broader perspective in the organization, the OCC consists of really two primary business units, or what we call the supervision as a line of business and non-supervision line of business

Supervision includes supervising the large banks, the midsized community banks, and the national banking examiner that sets the policy in place to regulate and supervise the national banks.

The non-supervision components are your traditional, typical organization components, like for example the General Counsel, the Office of Management, and the Office of the CIO.

The cool thing at the OCC is that the heads of all these units report directly to the Comptroller. I, as the CIO, am privileged in that hierarchy to report directly to the head of the Agency, Comptroller John Dugan.

Ms. Aldrich: Okay, Bajinder, with this overview, could you give us a little bit more insight as to your area and your specific role within the Department? Your specific responsibilities and duties as OCC's Chief Information Officer? And could you tell us how your area is organized, the size of your staff?

Mr. Paul: Absolutely. Roxanne, I'm glad you asked that question. As the Chief Information Officer for the Agency, my responsibilities, my duties really are at the enterprise level. We provide IT services that encompass application delivery to our lines of businesses. It also includes providing infrastructure services.

For example, application hosting, disaster recovery, network services, client side desktop, desk side technology modernization. It also includes information security, as well as capital planning, IT investments, so it's a broad range of IT services for all of the users throughout the Agency, including the field, as well.

Ms. Aldrich: Regarding those responsibilities, what would you view as your top three challenges that you face in your position and how have you addressed these challenges?

Mr. Paul: Clearly, there are many, many, many priorities but if I had to name the top three, number one, IT being a strategic enabler to the business, I think is very important for the CIO to not be sort of in a silo and manage simply the IT resources. The CIO has to be a key strategic enabler to the lines of businesses. That means that the CIO and the CIO's organization need to understand the business, of the Agency first and foremost, and align IT to those priorities. So that's number one.

Number two, clearly, there's always important, especially in times of economic difficulties and disruptions that we have to be very cognizant and make sure that that IT costs are being managed well, they're being reduced over time, and while at the same time the level of services to our businesses are being provided in a better sense, they're improving. So reduced costs, total cost of ownership and improved services.

And, number three, my perspective as a CIO is really from a business standpoint, and I think customer satisfaction, customer outreach, to make sure that IT is providing the right sort of services at the right time. So those are really in a broad sense, are the three key priorities for me at the OCC.

Mr. Morales: Now, Bajinder, I understand that prior to coming to OCC you had spent some time at HUD, as well as the Department of Justice and at ATF. Can you tell me a little bit about your career path, and how did you get started in Government service?

Mr. Paul: Absolutely. Originally, I'm from India. I came to the U.S. back in 1970, '71 timeframe. So I had the unique privilege of going to high school and going to college here. And what I recall, as I was growing up in the U.S. was that message from my parents, that "work hard and the possibilities in the U.S. are limitless. This was the best country in the world."

And, you know, my life is an example of that. You know, I clearly remember when I was growing up in the U.S., upstate New York; I had a number of mentors who taught me English, who helped me through school. The only language I spoke was really sort of mathematics and science, and everything else had to be taught.

When I was ready to go to college it was a natural choice for me to be in the engineering field, so I did my undergraduate in electrical engineering from Cornell, and then I began to work in the private sector. For many, many years I worked in some of the top Fortune 500 companies. I reached a point in my professional career that I felt with full conviction that that -- you know, it's time for me to give back to the country that gave me so much. That I thought clearly that it was time for me to serve the public.

And so that was my really, the driving reason to come to the Federal Government and be a public servant, and it's been a fabulous ride. I mean I came to the Federal Government in 1992. I was in the Department of Commerce. And then, yes, over time took on more responsibilities. I worked at the ATF managing software development for the Agency. And that at HUD I was the Deputy CIO for IT operations, and then eventually I came to the OCC in 2007. So really in a nutshell that's sort of my pathway and career.

Mr. Morales: That's a wonderful story.

So, Bajinder, as you reflect back on your career, what have been perhaps some of the experiences that have influenced your management approach and what lessons have you learned through your career that perhaps you're bringing that to OCC?

Mr. Paul: There are many things I can contemplate and reflect back on. I think clearly one is mentorship. You know, I achieved a level of success not because of my own doing, all of my doing. I mean I had good people to help me along.

I can still remember people; I remember back in high school, I remember the name of my math teacher who took the time to teach me English. Now, she didn't have to, Mrs. Mann. I remember when I was in GE, I remember my manager who taught me some management skills and human relationships. So mentorship is very important to me, and I try to emulate that, as well. I try to emulate others in my profession, as well. I think that's number one.

And, number two, I think the importance of teamwork, the delivery of information technology is a highly complex undertaking. What one has to recognize in a leadership position is that that no one person has a complete solution. It takes a team of people to deliver, successfully deliver information technologies. So I think teamwork is extremely important.

And I think the number three is really the respect of diversity. I think it's important to have differences in opinions. I think different opinions and ideas really are sort of the foundation of optimizing an organization's way of doing business.

So those are some of the fundamental principles.

Mr. Morales: Excellent. What about OCC's information technology strategy? We will ask Bajinder Paul, CIO at the Office of the Comptroller of the Currency, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your Host, Mr. Morales. And today's conversation is with Bajinder Paul, CIO at the Office of the Comptroller of the Currency. Also joining us from IBM is Roxanne Aldrich.

Bajinder, we talk a lot about technology on this show. So could you give us a brief outline of OCC's information technology vision and strategy? Specifically, how does your roadmap to infrastructure optimization maturity fit into your overall IT approach and align with both OCC's and Treasury's business objectives?

Mr. Paul: Absolutely, Al. In fact, a great, great question. This is actually a very exciting time for information technology at the OCC. Clearly, it's a very challenging time from a business perspective. The national economy and the financial disruption that's taking place across the markets, however unfortunate that might be, it is a great time for information technology to really add value to the mission of the OCC.

So last year we began with the information technology modernization roadmap. And really and in a broader context there are five major components to that information technology modernization program.

One is what I call "infrastructure optimization." What that means is that as our business is emerging through a variety of disruptions we constantly have emerging needs by the business. So we need infrastructure that is flexible, that is agile, that is able to meet the demands and the needs of the business at any given time. That means that having the ability to provision, performance, capacity, or system applications, on demand without a lengthy period of time is extremely important to us.

So we began the modernization of our infrastructure, so that included, for example, virtualization. That included cloud computing, so that the information technology would be available on time, on demand, as needed by the business.

Number two, what I call the "mobile computing." Two-thirds of the OCC workforce is highly mobile. I mean imagine these examiners throughout the country, traveling in teams, conducting financial examination and risk examination of the national banks in the banking systems throughout the country.

We have large teams of examiners physically residing in the Bank of America, the JP Morgan Chase's, and so forth. So they depend on robust, reliable information technology solutions to be able to conduct the business. And, as you can imagine, especially in the current climate with all the financial disruptions, having timely information, secure information is extremely important. So the concept of secure access to OCC information anytime, anywhere, using any platform is at the heart of our modernization program for mobile computing.

And, number three, is what I call the "enterprise system modernization." We have to be able to look across from a business standpoint and understand some of the business processes and identify efficiencies or opportunities where IT can add value, and retire some of the legacy applications. By that, we can then provide a common set of services to all of OCC users, retire our legacy system, reduce the total cost of ownership, and improve how our workforce is using information through technology. So that's the third component.

Number four, is what I call "business intelligence, data analytics." At the end of the day, the OCC manages, uses, consumes lots and lots of data, and whether it's mortgage metrics, or share national credit, or credit card information, to assess the risks of a particular bank or banking system.

So how we process that information, how we process the data, you know, this is the cool part. I mean information technology can really add value through business intelligence and data analytics, and we can be very proactive from an IT perspective and give the necessary tools and technologies for our examiners to have sort of a forecasting, predictive information so that in the future we can be much better positioned to assess some of the risks, impending risks in the banking system. So that's number four.

And, number five, is what I call "information sharing and collaboration." At the end of the day, our mobile workforce in the field and also our workforce in headquarters, we share information, we share document, we also share document and information with our regulatory agencies, like the Federal Reserve Bank, FDIC, the main Treasury, and also the TARP. So it is about collaboration and information sharing. And, my gosh, this is -- information technology can add so much value to that, so that's the fifth leg of our modernization program.

But at the end of the day, all of this is really geared to improving, also, reducing the cost, improving services, bringing the right innovation through these technologies, and safeguarding our sensitive information. So this is in a nutshell is really what the OCC ITT modernization strategy is all about.

Mr. Morales: So, Bajinder, I want to go back to the first element that you described around your strategy, and that's around infrastructure. And you mentioned virtualization. First of all, what is virtualization? And tell me a little bit about how it makes OCC more flexible and adaptive, and perhaps you can describe some of the benefits? But, more importantly perhaps, what are some of the challenges that you see in implementing this strategy?

Mr. Paul: Virtualization is really a fancy name in my opinion for server consolidation. Clearly, there are many, many, many benefits to server consolidation. One is obvious, you reduce the physical footprint of the data center, therefore, you have less number of resources, physical resources to manage. There's a power consumption. Going green has become a huge issue for the industry, so by reducing the physical count of the number of servers at the data center has a huge impact on the power consumption.

But, more importantly, we need to be able to provision what I call "capacity" and "performance on demand." What that means is that when it comes to application hosting and the capacity that is needed on the server side, we cannot contain them in sort of silos; they ought to be available at the enterprise level. Same thing at the storage area network level, we need to be able to tap that storage capacity on demand as needed by the business.

The overall affect of virtualization is that by having that performance and capacity available on demand we can provide quicker and agile solutions for the business. And I'll give you one example of where actually we did that.

So recently, for example, working with our large bank supervision business unit, they had a need where they wanted to be able to automate how they launched, allocated, and deployed their examination resources throughout the country. Now, this is large bank supervision.

Obviously, in today's environment there are huge sort of challenges in examining banks, like the JPMorgan Chase or the Bank of Americas and all that. And here we were able to provision technology, using a virtualized environment where we deployed a fully automated system, within six months, on time, that meets the performance requirements of the users. And we were able to launch a capability where now the large banks supervision business unit is able to an automated fashion launch and deploy their resources throughout the country. And that was using a virtualized environment. So it has many benefits.

The fact that that capacity was available, we could quickly allocate that to business needs. The fact that we were able to reduce the physical footprint in the data center and be efficient in terms of public consumption and truly have a framework moving toward a more green data center. So all of these components are really powerful virtualization scheme.

Ms. Aldrich: So staying on this theme, Bajinder, you mentioned cloud computing, could you talk a little bit more about to what extent cloud computing is a natural extension of virtualization? And, if I may, if you could tell us about the differences between sub enterprise and enterprise level?

Mr. Paul: Cloud computing is just a natural extension to virtualization. It's somewhat of a new concept now in the IT industry, but at the OCC we began implementing cloud computing many months back.

First of all, let me make a distinction between the sub enterprise level cloud computing and the enterprise level cloud computing. I consider virtualization within the OCC as a sub enterprise level cloud computing. By that what I mean is that cloud computing, the concept or the idea behind cloud computing is that one can provision system resources at the enterprise level on demand.

Well, by virtualizing we're able to provision resources across the OCC enterprise, and the example I gave earlier in a business application for launching and deploying examination resources for examining large banks, that system is known as "STARs," by the way. We deployed that using the sub enterprise cloud computing, within six months, on time, you know, within budget, within performance level metrics. So that's the sub enterprise.

At the enterprise level really looking at the department wide, you know, are there sort of technologies that can be shared across the department or the other agencies. Or, by the way, are there external cloud computing that is available that can be leveraged.

So, for example, in our security posture, we actually deploy for our network scanning IP addresses, we use an external cloud as a leveraged infrastructure services, and that allows the OCC not to have to manage the infrastructure, itself, but rather the data, data that is specific to OCC. So that's an example of really the enterprise level cloud computing that we, at the OCC, began implementing last year. So having those two contacts really allows us to manage the scalability, if you will, of cloud computing.

Ms. Aldrich: There's obviously a lot of discussion visioned around green computing, which you briefly mentioned. Is OCC moving in this direction? And how does your IT infrastructure modernization strategy facilitate this effort? Does it include a move to a thin client environment?

Mr. Paul: Green computing is really a one key or simple part of our modernization strategy. We talked about the virtualization. Clearly, I mean that is central to going green. The fact that we can consolidate anywhere from 10 to 1 or 15 to 1 consolidation of servers, whether it's on the application side or the database side, we are seeing significant reductions in the footprint, and that's having a very positive impact on the power consumption.

And clearly, I mentioned earlier that we are highly mobile workforce, that means that we need to be able to apply secure access to OCC information anytime, anyplace, any platform. That implies thin client.

All of these things, the thin client, mobile computing, virtualization is sort of leading to sort of the green computing, if you will, and that's something we pay very close attention to. In fact, beyond just the application and database server consolidation we are also virtualizing our storage network, as well. So the total environment is now virtualized on the back end and on the front end. We have a very sound methodology for managing the migration to green computing, and it's working quite well for us.

Mr. Morales: As we talk about how technology has enhanced our ability to share information, it's also made organizations more vulnerable to unlawful and destructive breaches, the whole issue around security.

Without giving away too many trade secrets, can you tell us a little bit about your Department's efforts to improve IT security and controls? And what remains to be done to remedy this overall challenge?

Mr. Paul: Clearly, Al, I mean we manage, we share or we use sensitive information across the Agency and we share that with other agencies, regulatory, as well. Clearly, security is at the central part of our IT modernization.

So this is what we do, we don't look at security strictly as a compliance component. We build our security in the life cycle of our information technology development. So, for example, in our SDLC, System Development Life Cycle approach, security is weaved throughout all the phases in the SDLC, from requirements development, from business proposition, to requirements development, to testing, to development, and in production deployment.

Our infrastructure implementation, same thing, in all aspects of the life cycle implementation security is central to that. In fact, at the OCC we have a different connotation or context for security; we call it "risk information management." It's really looking at the business risk, it's looking at the IT risk, identifying that as early as possible, and taking proactive measures to make sure that the security issues are addressed upfront.

Another example for security is that all our assets are fully encrypted. So, for example, our laptops, our desktops, our wireless devices, our GSS infrastructure is fully encrypted and enabled.

So we have a risk profile that is really weaved throughout the life cycle implementation. And so far, so good, but security is something that obviously keeps me up late at night, so it's something that we can never be complacent about. We always have to be vigilant, so we're doing that.

Mr. Morales: Now, one of the focal areas and there's been quite a bit written about this, coming from the MIT Sloan School of Business, is around this issue of IT governance, specifically, it being key to an organization's ability to respond quickly and effectively to changing needs. And you talked a little bit about that earlier in the first segment around some of the economic issues facing our country.

Can you tell us a little bit about IT governance at OCC, specifically, what are you doing to foster this enterprise view of technology as opposed to the sort of more traditional stovepipe view of IT?

Mr. Paul: I think governance is a part of the overall picture. I think it's about balance. Clearly, I think leadership is a critical part of managing change, and having the governance to facilitate the change, if you will, is important.

The governance at the IT consists of a number of things. Clearly, in terms of release management, there's a discipline that we apply. In terms of IT investment management, there's an enterprise architecture that guides our IT investments. There's a governance there. Clearly, in terms of how we manage our infrastructure.

So a broad perspective throughout the system development life cycle from managing IT investments to managing change, there are sort of disciplined approaches where the different components of IT, whether security or IT operations or application development, they have to be in constant engagement in terms of the checks and balances in managing change.

But I think ultimately it's the leadership, the executive level, it's partnership with the businesses, it's partnership with the customers, that can �


Mr. Morales: Welcome back to The Business of Government Hour. I'm your Host, Mr. Morales. And with me today is Bajinder Paul, CIO at the Office of the Comptroller of the Currency. Also joining us from IBM is Roxanne Aldrich.

Bajinder, given the recent financial crisis, which we've talked about, I'm sure that OCC has had to respond to many evolving and emerging issues affecting the banking system. With programs, such as TARP and the like, how has your organization had to change to meet some of these new demands and, more specifically, what role does your IT organization play in assisting OCC and broader Treasury in managing and monitoring some of these new programs?

Mr. Paul: Well, clearly, I mean this is, as you mentioned, a tumultuous time for the country as a whole. Obviously, the disruptions in the financial markets are causing a lot of hardships for our citizens.

At the OCC information technology has a critical role in helping the mission of the Agency in terms of managing the risk and supervision of the National Banking System. In that sense, it's a pretty exciting time for information technology, meaning what I call the "strategic business enabler," to find the right solutions so that we can respond to the emerging business needs of ensuring the safety and soundness of our national banks quicker, faster through information technology.

I mentioned earlier that that part of our modernization strategy includes having infrastructure that is flexible and agile, that can meet the demand of the business, so I'll give you one example of that.

Outside of TARP, and I'll get back to TARP in a minute, the OCC actually manages what I call a "national helpdesk," so if, for example, a citizen has a problem with a bank, a particular bank, a national bank, they can call the OCC, and the helpdesk is located in Houston.

The good old way of calling the OCC and registering an inquiry or complaint was, one, you pick-up the phone and you talk to someone. The other person on the phone would write things down or enter the information, or I could e-mail my complaint inquiry or I could fax the inquiry or I could write a letter and so forth. And that process would take days and weeks for the OCC to respond to.

Well, information technology obviously can play a critical role in sort of streamlining that process, so that ultimately we could respond to the citizen in a much faster fashion. So, sure enough, I mean working with our Office Ombudsman that manages the National Helpdesk, we -- information technology deployed internet based, web based solution, where anyone who has access to the internet is able to securely file their inquiry online.

And the cool thing was that in information technology the application, the system that we deployed has enough data validation checks upfront so if a citizen made an error, let's say misspelling a bank name and so forth, the application would correct that or flag that upfront so it could be corrected by the user real-time. The end result was that that inquiry would be filed so much faster and OCC could respond to that inquiry in an expeditious manner. And we did that.

So this was an example of using information technology, responding in this critical environment to help the citizens of this country. And it's kind of interesting, we're still collecting metrics but some of our backlog, for example, of inquiries, and we get about 70,000 inquiries a year nationally. Our two-month backlog has now dropped down to 20% now; by 80% we have reduced the backlog within two months.

So it's -- I mean some of the metrics are just immense. All of the data validation, data checks and so forth, they are done upfront by the system so that there's no lag of days and weeks and so forth, so we can respond to the citizen much faster.

Similarly, you mentioned TARP, clearly this was an opportunity for information technology at the OCC to be a strategic enabler, so that we could work jointly with the Federal Reserve Bank, FDIC, with the TARP Office Main Treasury, and provide a collaborative environment where an application for relief program could be processed and shared by the -- all the respective agencies in a much more expeditious way.

Information technology at the OCC was able to deploy a secure, sort of a private cloud network for collaboration that allowed all of these agencies to share TARP applications and processes applications. So absolutely, so we play a critical role across the mission of the Agency, at the TARP and in the delivery of services to our citizens.

Mr. Morales: Now, Bajinder, I've been reading a lot about something called "XBRL," which stands for the extensible business reporting language. What is XBRL? And how does it simplify the exchange in use of business and financial performance data?

Mr. Paul: XBRL is, think of that as a like a standard, it's a protocol for sharing information, financial information, and why is XBRL important? Well, it's important because we share information with other banks, and we're talking about thousands of banks across the country. Not only OCC shares information or data with the banks, but other agencies, other regulatory agencies, like FDIC and OTS, for example, or the Federal Reserve Bank.

The idea behind XBRL is that if you have a common standard for data exchange, a common protocol, then the accuracy of data coming in from the bank could be in a common format, you would spend less time validating the information and more time using and analyzing that information.

So just to give you an example, there's something called a "call data report," or CDR. This is a quarterly report mechanism where more than 8,000 banks file in their quarterly information to OCC, FDIC, and OTS. And about two years back this program went through a major modernization where XBRL became sort of the standard mechanism to exchange information.

The data validation before and after, there's a tremendous difference. I mean the number of hours that the agencies would spend before the XBRL modernization used to be in days. And now it's been reduced to hours.

So what that means is that now the examiners are spending more time analyzing the data as opposed to validating the accuracy of the data coming in. So XBRL, having that sort of standard format, the standard protocol allows the agencies to accurately share the information, spend less time on data validation, and more time on analyzing the information.

Ms. Aldrich: Okay, Bajinder, I'm going to change gears just a bit and ask if you could tell us about your efforts to assist OCC's large bank supervision department in modernizing its strategic resource planning. And also if you could tell us how the strategies and resources application, also known as STARs, which you mentioned previously, how that works to eliminate duplicative reporting processes and ease administrative burdens?

Mr. Paul: STARs has been a huge, huge success at the OCC. It was really one of many enterprise solutions that we deployed, and it was a value proposition. As I mentioned earlier, that the large bank supervision, they examine the largest national banks in the country, there are roughly about 18 of those largest banks, and in this difficult time the large bank supervision business unit needed an efficient way of identifying a set of resources or examiners that that can be deployed or launched at a particular bank, depending on the particular need.

The good old-fashioned way of doing was that it would be done quite manually. Each set of examiners or the sub business units had their spreadsheet and they would manually go through the process of identifying people and resources and strategies, and that took weeks and at times even months to assemble a team and launch a team.

While the STARs Program, this is where the CIO, myself, and the head of the large bank would team as partners in understanding the business needs, and from there we'd develop an IT strategy.

And sure enough we were able to establish what I call the "IPT," which is the integrated product team, which consisted of IT experts, business users, on the large bank side, and jointly we went through a development process where we used a commercial off-the-shelf solution, COTS package, and it was incredible, within six months we had a solution for the deployed, fully tested, by the users, and it's actually being used now to help the large bank supervision in identifying, launching, and deploying their resources.

And we're still collecting metrics, but clearly we have gone from the era of where we take days and months possibly in launching resources, to really a matter of hours and a day at the most, for example. And that's important, because I mean the important mission that that OCC is involved in, which is to manage the risk for large banks. STARs has been a huge success.

Ms. Aldrich: In some quarters there's a perception that Government lags behind the commercial sector in technology innovation. So I have a two-part question, essentially. First, do you think this perception is accurate? And, second, how do you think Government could enhance its position to become a leader and driver for leveraging technologies?

Mr. Paul: I wouldn't generalize that perception. I think maybe in some of the agencies that perception may be reality, but my experience has been back when I was in the Department at justice, at HUD, and clearly at the OCC, these agencies are really lock-in step with the private sector, and we're pushing the envelope in many of the cases.

For example, we talked about virtualization. We talked about cloud computing. I mean cloud computing, for example, has become the latest topic, and it's a great thing that we, in the Federal Government, ought to be doing, but at the OCC we began using the cloud last year. So really we are at sort of the leading edge, if you will.

Agencies need to focus on innovation. A number of agencies are clearly at that level. OCC, the fact that we are using the cloud to leverage our infrastructure, which I call the "on time delivery," the fact that we are using thin client, mobile computing, business intelligence, data analytics. You know, that's tremendous sort of capabilities in terms of the innovation of using technology in a way that really enables the business.

So I mean I think that's the perception that the Federal Government lags behind private, I think that's a fast perception, it's too generalized. My experience has been there's a good partnership and the agencies are pushing the envelope and they're using leading technologies.

But I think at the end of the day it is truly about partnership between the public and the private sector, and I do want to make a plug in here that, indeed, I think the private industry also has a set of responsibilities in not only looking at technology for the sake of technology but really coming to the agencies and talking to the leadership and understanding the mission of the agencies. And I think once the technology service providers understand the mission then they can also talk about the right technology.

And, clearly, at the OCC we do that all the time and that's why we are able to leverage the state-of-the-art technology, and I think we need to do more and more of that across the Federal space.

Mr. Morales: So along this same theme of partnership and collaboration, Bajinder, what kinds of partnerships are you developing to improve IT operations or outcomes? And how do you think some of these partnerships are going to change or evolve over time?

Mr. Paul: I think partnership is critical, it's central, and there are different levels of partnership clearly. There's a partnership that I leverage within the OCC. I think it's important, as I mentioned before, that the CIO has to be seen as a business enabler.

So I have to have a strong partnership, a trust with my counterparts within the Agency. They have to be able to see that, indeed, as a CIO I am lock-and-step with them in delivering a set of capabilities that will enable their business or their outcome, their mission, and so forth. So that's one level of partnership.

The other level of partnership, which is extremely important, is really at the Department or the Federal Government level. We need to be leveraging solutions and technology that can be leveraged, that is available across the Federal Government, so that, for example, at the CIO counsel level there's a level of partnership there.

Third, which I think is extremely important partnership, that's between the public and the private sector. Recently I spoke at the Industry Advisory Council, IAC, in Washington, D.C., and my entire focus was on partnership.

I think it's extremely important, when I meet, for example, with the technology service providers, I ask them, I say, "When you come and meet with me demonstrate to me that you understand the mission of the OCC, demonstrate to me that you really understand when we talk about supervision or regulation of national banks that you, indeed, understand some of the challenges."

And when we have that discussion in that context it is amazing the synergy, the partnership that can be achieved, and that's something that I'm constantly speaking about in my meetings, in my presentation. In fact, some of the initiatives that you might have seen that's coming out of OCC, there's a technology refresh initiative coming out. Before that, we were consolidating our application contracts and so forth.

And one of the things that we did was we put out RFIs, request for information, and that was really to engage the industry and get their best practices, ideas, and so forth so that as we -- ultimately, when we sent out the RFP our RFP would reflect those best business ideas and so forth.

So partnership works at multiple levels but it's an important part of CIO in functioning and providing the best solution.

Mr. Morales: So, as you mentioned, really the key here is that it's -- there's layers of collaboration and partnerships, and those are very important, but at the end of the day they need to be aligned around the core business of the OCC and the understanding of the business.

Mr. Paul: Absolutely, absolutely, yes.

Mr. Morales: Great. So I want to go back to I think one of the critical dimensions of OCC, and this is the issue of your mobile workforce, the fact that you have I think something on the order of about 40% of your workforce is deployed, as you described, at a bank, in the field, doing their supervision and their operations. So tell me a little bit more about how you support these folks that are outside of the four walls of the OCC?

Mr. Paul: Really in OCC we use the expression, "business first, customer always." It is business and there's -- it is all about serving the customer, that's really our motto in terms of the IT services. What's really important for me is that we understand what's working in the field or what's not working, and we capture that information and make sort of decisions on an ongoing proactive basis.

So, for example, I have a number of resources, staff in the field, you know, district offices, field offices, and they have established what we call the "centers of excellence." Different areas, regional areas, have a different set of expertise or technical expertise that's needed by the examiner. So our workforce in the field has established these centers of excellence, they focus on, for example, information collaboration, office productivity, remote access solutions, application development, training, and so forth.

So the idea there is that there is a set of expertise available in the field as needed by the examination workforce, so if someone has a need for setting up a collaboration site or if someone has a particular need about remote access for an application, that these resources are available on demand as needed in the field, and that's working well.

And I like to gauge that, I like to collect information. So, for example, we use a system for helpdesk tickets, and every morning I come into my office, I look at the dashboard. That dashboard I can tell what's going on in the field office, in the district offices. I can see trend analysis, and I can see where are some of the pain points, whether it's the network or application performance issues and so forth. And within the first 10 minutes I can make a quick set of decisions, and I can pick-up the phone and call the person in the field and find out what's going on. So this is what I call "data driven management," I look at the data and I use that to drive the management of satisfying the customer.

The other thing that we do within OCC is I have customer satisfaction surveys, that's a leading indicator of what's going on. In fact, recently we conducted one and, my gosh, I was quite pleasantly surprised that our customer satisfaction was close to 90%. So that information is very helpful, and the majority of the information comes from outside of the four walls, if you will.

So I use that information to constantly, proactively understand what the priorities are, what the pain points are, and then proactively address those needs.

Mr. Morales: Great, excellent.

What does the future hold for the Office of the Comptroller of the Currency? We will ask its CIO, Bajinder Paul, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to our final segment of The Business of Government Hour. I'm your Host, Mr. Morales. And today's conversation is with Bajinder Paul, CIO at the Office of the Comptroller of the Currency. Also joining us from IBM is Roxanne Aldrich.

Bajinder, given the critical role IT plays in mission and program delivery, could you give us a view on how the role of the CIO has evolved but more importantly, what are some of the key characteristics of a successful CIO going into the future?

Mr. Paul: Absolutely, Al, and that's a very important question. The role of the CIO has changed and it must be changed. The CIO can no longer be the manager of what I call "IT resources." The CIO no longer can be seen as a techy, and exist in his own silo. And the CIO's new role has to be a business enabler. The CIO has to be at the table with the heads of the other business units, and has to understand the business first and then align information technology to those business priorities.

The CIO has to maintain the level of transparency, focus on reducing the cost of IT, focus on innovation. But, more importantly, aligning information technology to the business priorities of the agency.

Ms. Aldrich: Along these lines, Bajinder, what are some of the major opportunities and challenges your organization will encounter in the future? And then how do you envision your office will evolve over the next three to five years?

Mr. Paul: Yes, I mean I think there are many, many opportunities that we're looking forward to, as well as challenges. Clearly, all of you can understand that with all the disruption in the financial markets the challenges are immense. But at the same time I tend to see the glass as half full, as opposed to half empty.

And so I see lots of opportunities in information technology. I described my -- the information technology roadmap earlier. I think the business intelligence data analytics is going to be a huge enabler for the business of supervision and regulation of the national banks.

At the end of the day it is all about how we manage and process data to proactively take corrective actions, so I think technology will play a key role. I think cloud computing is going to be tremendous. I think we need to tap into the cloud and really, truly provide on demand solutions to meet the business needs. So I think those are some of the key opportunities.

And, again, the challenges for OCC, at the OCC, is that there would be constantly emerging business needs as we go through the financial disruptions and so forth, and the environment becomes more stable, the IT has to remain very agile and be flexible.

Ms. Aldrich: Bajinder, you mentioned a lot previously about how important team effort is, both within your organization and government, overall. Having said that, could you elaborate on your approach to empowering your employees? How do you lead change and enable your staff and those within the organization to accept the inevitability of change and make the most of it?

Mr. Paul: That's a very important question, by the way. I mean I think the human capital is probably the most precious sort of resources that any leader can have, and motivating and leading that -- those resources is really the key.

Yes, as I mentioned earlier, I think teamwork is of the utmost importance in any endeavor, especially in information technology. From my leadership standpoint, I believe in mentoring. I believe that all of us if we provide the right set of resources in a team environment that we can rally uplift our employees, and we do that.

At the OCC we use what we call "IPTs," which are the integrated product team. A typical team consists of employees from security, infrastructure, application, and from the business side. And each team member has roles and responsibilities. And it is interesting that when you induce that cross-communication and in a team setting the employees feel empowered, they feel as though they're no longer locked in their own little silo, but they're actually communicating and they're understanding and they're learning more.

And then, number two, is the recognition. It's very important that we recognize employees. At the OCC I make it a huge thing to recognize our employees. For example, even small things, like on a weekly basis, every Monday morning I send out an organization wide e-mail recognizing the contribution, no matter how big, no matter how small, but that an employee or a set of employees have made.

And it's just amazing, I mean the feedback that I get. I do simple things like, for example, having brownbag lunches with the CIO, and we have employees that come from all over the organization within IT, and it's an opportunity for them to have an informal conversation.

And so all of these things, there is no one silver bullet, but I think recognition, teamwork, IPTs, having an opportunity for informal discussions, ideas. We have boxes where throughout the hallways where the people, you know, employees can put in their ideas and so forth. And we talk about those ideas, so it's those type of recognition which at the OCC have been really central to the success of information technology.

Mr. Morales: So it's really tapping into the power of the masses?

Mr. Paul: Yes, absolutely, absolutely, yes.

Mr. Morales: That's great. Now, Bajinder, I understand that you are a recipient of the Federal 100 Award. That's just fantastic, so I have to take this opportunity to tap into you and ask you, aside from things like cloud computing, which you've talked about, what are some of the other emerging technologies that you think hold promise for improving Federal IT as you look into the future?

Mr. Paul: Well, I think we need to leverage the internet more and more. Web 2.0 I think is huge. I think we need to be paying particular attention, also, to social networking. I think mass collaboration will be huge. Again, the idea would be, is that we are to be able to communicate, share information from anywhere throughout the country anytime.

So I think leveraging the internet, Web 2.0. I think looking at mass collaboration technologies. I think business intelligence. I think data analytics is huge because most of the agencies process and consume and use data to make sort of decisions, so I think that those technologies are to be paid particular attention to. So those are some of the technologies I think we need to be focusing on.

Mr. Morales: That's great. Now, at the start of the Show, you told us just a wonderful story of how you got started in Federal Government. So I'm curious, what advice might you give to someone out there who may be thinking about getting into Federal Service?

Mr. Paul: You know, I mean I get very emotional about public service because I mean there's a deep conviction within me that drove me to become a public servant, and that conviction comes from the fact that I fundamentally believe that is my way of giving back to the country, to the citizens of this country.

And really I mean that's why I left the private sector. It's not about making money; it's really making a positive impact to the nation, to the society. And I think that conviction has driven me to work hard in the Federal Government, and all of these achievements that we have talked about, the Fed 100 and so forth, I mean I'm humbled by those, but I think my perspective always has been grounded in the fact that it is my responsibility and duty to serve the public. And that's why I'm in the public service arena.

So my advice would be, look, come to the Federal Government. The Federal Government needs your talents and we need to serve the public, but come with the conviction that it is about serving the public, it is about serving the country, it is about serving the citizens. And once, if you have that conviction, my gosh, I mean Federal Government, we have so many opportunities to make a huge impact.

And I'm a living example of that. I mean I came from a very humble beginning, and only in this country can someone have such opportunities through hard work. So that's -- that would be my advice.

Mr. Morales: That's a wonderful perspective. Thank you very much. Bajinder, unfortunately, we have reached the end of our time. I want to thank you for fitting us into your busy schedule, but more importantly, Roxanne and I would like to thank you for your dedicated service to our country across the many roles that you've held in Federal service.

Mr. Paul: Well, thank you very much, Al, and thank you, Roxanne. This -- I really enjoyed today's discussion. It was my privilege and honor to be here with all of you.

I just wanted to say that for you listeners if you would like to more about OCC please go to occ.gov, the website gives lots of information. And I look forward to future conversations.

Finally, I do wish to recognize my staff, some of the successes that I've talked about, you know, I'm just the mouthpiece, if you will. The hard work really comes from my staff, who are a dedicated set of men and women who work hard behind the scenes, and I just want to recognize them. They are making a huge impact to the business and the mission of the OCC, and I'm very proud of my organization.

Mr. Morales: Great, thank you.

This has been The Business of Government Hour, featuring a conversation with Bajinder Paul, CIO at the Office of the Comptroller of the Currency. My Co-host has been Roxanne Aldrich, Partner in IBM's Treasury Practice.

As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who may not be able to hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.

For The Business of Government Hour, I'm Albert Morales. Thank you for listening.

Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m. And visit us on the web at businessofgovernment.org. There you can learn more about our programs, and get a transcript of today's conversation. Until next week, it's businessofgovernment.org.

A Conversation with Kamal Bherwani: Chief Information Officer for New York City’s Health and Human Services and Executive Director of HHS-Connect

Tuesday, April 7th, 2009 - 10:13
Posted by: 
Local and state governments are under tremendous pressureto do more for citizens and to do it better. Technology hasenabled governments to do just that, and nowhere is this

Michael Duffy interview

Friday, October 31st, 2008 - 20:00
"Ultimately, the CIO needs to strive to be more of a business leader and strategist and less of a technologist."
Radio show date: 
Sat, 11/01/2008
Intro text: 
"Ultimately, the CIO needs to strive to be more of a business leader and strategist and less of a technologist."
Complete transcript: 

Originally Broadcast September 6, 2008

Washington, DC

Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about this center by visiting us on the web at businessofgovernment.org. And now The Business of Government Hour.

Mr. Morales: Good morning. I'm Albert Morales, your host and managing partner of The IBM Center for The Business of Government.

The U.S. Department of the Treasury acts as a steward of the U.S. economic and financial system. As such, the Department must keep pace with technological advancements, including those in areas of electronic commerce and security. The continuing rise of electronic commerce requires more efficient and secure IT infrastructure that is flexible and allows a rapid response to a constantly changing environment.

With us this morning to discuss his efforts in this area is our very special guest, Mike Duffy, Deputy Assistant Secretary for Information Systems and Chief Information Officer at the U.S. Department of the Treasury.

Good morning, Mike.

Mr. Duffy: Good morning, Al.

Mr. Morales: Also joining us in our studio is Jeff Smith, partner in IBM's federal civilian practice.

Good morning, Jeff.

Mr. Smith: Good morning.

Mr. Morales: Mike, I'd like to start by providing our listeners with some context around the Department. Could you give us an overview of Treasury's history and its mission today?

Mr. Duffy: Sure. First of all, I think Treasury may be the oldest department in the nation here. What I know for a fact is it was created in 1789. We needed a treasury in order to be able to pay the bills of our federal government. Today, Treasury is, as you mentioned, the steward of U.S. economic and financial development, and the financial systems that support that infrastructure.

We like to think of ourselves certainly as an influential participant in the global economy, and we're very proud of the role that we play in that. Some of the particular responsibilities that we have include promoting economic prosperity and ensuring financial security of the United States and the banking system. We're the ones who produce the currency and the coin that's used in our daily transactions.

And we're also the ones that manage all the electronic financial transactions. We have a role in supervising the national banks and thrift institutions. We do a bunch of tasks related to management of the federal government's finances, the internal financial operations, if you will. And then enforcing federal finance and tax laws -- I probably should add in we're also the ones that collect all the taxes, which no doubt endears us to the American public every April 15th.

Mr. Morales: Sure, sure. Well, Mike, that's obviously a very broad mission. So give us a sense of scale here. Can you tell us how Treasury's organized, perhaps a little bit about the size of the budget and the number of employees?

Mr. Duffy: The budget for Treasury is about $12 billion. That's the fiscal year 2008 enacted level. A large portion of that, of course, is for the Internal Revenue Service. And about a quarter of that total actually goes to operations, maintenance, and development of information technology systems. The Department is organized into 13 subunits, if you will, one of which is what we call Departmental Offices, which is headquarters, policy offices. My office falls within that framework as well.

And then we have 12 operational bureaus that carry out the various functions. Folks like the IRS, the Financial Management Service, the Bureau of Public Debt, and then the Bureau of Engraving and Printing. We have a wide variety of activities that fall within those 12 bureaus. Each of them really operates in some regards as a separate business, or a separate line of business.

Mr. Smith: Now that we've talked the larger departmental -- the Department of Treasury organization, can we talk a little bit more about your specific responsibilities as Deputy Assistant Secretary for Information Systems and Chief Information Officer within the Department of Treasury?

Mr. Duffy: Sure.

Mr. Smith: Can you tell us about the area in your purview, how you're organized, the size of your staff, your budget?

Mr. Duffy: I actually wear two hats, and my dual titles kind of designate that. As the Deputy Assistant Secretary for Information Systems, I play a very operational role. My office runs the IT infrastructure that supports the departmental offices, the headquarters offices. We also operate several Treasury-wide enterprise systems, such as the wide-area network, some enterprise directory services, and those types of infrastructure or Treasury-wide services.

As the CIO, I have what in essence is a policy and oversight role, and I'd like to think a collaborative role working with the bureaus on their bureau-specific IT initiatives, but ensuring that they comply with all the applicable federal laws and policies -- that we're securing those systems responsibly, and that in essence we're managing the taxpayer dollar frugally.

Mr. Smith: Regarding your responsibilities, what are the top three challenges that you face, and how have you addressed these challenges?

Mr. Duffy: I would say right now that the top three challenges probably are this: corporate network security, the governance and capital planning processes that we have, and then one that's a little bit of a broad brush but is kind of my mantra at the moment, using IT as a facilitator of mission accomplishment. Basically, it means using IT to get the business done, not engaging in IT for the sake of playing with technology.

So as we look at those three areas, corporate network security, we're very focused on a couple of areas. One is refining policies. There's quite a bit of government-wide policy, and that's probably 80 percent of what we work with. But then as we look at the specific missions of Treasury, we need to refine those policies or embellish them to deal with the circumstances that we have to handle within Treasury.

Because we're so highly networked, not only with the rest of the federal government, but quite frankly with the better part of American industry, financial and otherwise, policy issues get somewhat interesting for us from time to time. We also are looking at a whole host of IT security tools, kind of moving from simple firewalls and access controls up to the next generation of security measures.

And of course again, given the high degree of network connectivity that we have, we find that to be necessary. And then I should add that we're actively engaged in pursuing all of the government-wide initiatives that have come out in the last several years. So the federal desktop core configuration, implementation of that on the desktop, the implementation of the Homeland Security Presidential Directive 12, which is the government-wide identity management initiative. And then more recently, the Trusted Internet Connections Program, that's going to help us establish a true, secure, sensitive but unclassified network across the government.

In the capital planning area, the basic deal there quite frankly is just engaging our executives, not just our IT executives, but our business executives, and we've done that through a couple of mechanisms -- probably the most prominent is reestablishing our executive investment review board, which is chaired by the Deputy Secretary. And then finally, on using IT as a facilitator, there, it's kind of taking that executive engagement and taking it down to the bureau level, making sure that we have good visibility into what are the real business problems that each of the bureaus are trying to address, and then trying to marry that up with the technological solutions that are out there in the marketplace.

Mr. Morales: I understand that you came to Treasury after some 15 years with the Department of Justice; is that correct?

Mr. Duffy: That's correct.

Mr. Morales: Could you tell us a little bit about your career path, how you got started, and what brought you over to Treasury?

Mr. Duffy: Just for a quick background, I earned a master's degree in public administration from the University of Massachusetts, and before that, I got a Bachelors of Arts degree from Bowdoin College, and my concentration there was government legal studies. Then I got accepted into the Presidential Management Intern Program back in 1987 and landed a job at Health and Human Services. So that's where I started my federal career.

I parlayed an initial career in financial management into IT primarily by working the financial management aspects of IT at the Department of Justice, starting in '92. From there, I got more and more engaged in IT project management. I had a couple of different jobs. While I was at Justice, I spent actually two years in one of our litigating divisions engaged in strategic planning that gave me a much better sense of the business, and quite frankly, also what it was like to be in a subunit as opposed to the Department. Ultimately, I held jobs in information security, telecommunications, and then most recently was a deputy CIO at the Department of Justice.

Mr. Morales: That's a relatively broad set of experiences across the government. So as you kind of reflect back on those, what lessons have you learned, and how has that sort of affected your management and leadership style today?

Mr. Duffy: You know, the lesson learned is the one that I call my mantra, and that is it's not about the IT, it's about the business. Everything that we try to do in the Office of the CIO at Treasury -- and I'd like to think that I did this when I was at Justice -- everything that we do, we try to do with an eye towards how is this helping the business perform its mission.

That can be difficult at some times when you are dealing with some of the more arcane compliance-type issues. When you start getting into the depths of the Federal Information Security Management Act and the particulars within that or the particulars of how do you do earn value management on a major application. But it's important for us always to take a step back and say, okay, what's the real end objective here. So that's probably the greatest lesson learned.

Mr. Morales: And move on. Great

What about Treasury's information technology strategy?

We will ask Mike Duffy, Deputy Assistant Secretary for Information Systems and Chief Information Officer at the U.S. Department of the Treasury to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Mike Duffy, Deputy Assistant Secretary for Information Systems and Chief Information Officer at the U.S. Department of the Treasury.

Also joining us in our conversation from IBM is Jeff Smith.

Mike, we obviously talk a lot about technology on this show, so could you tell us a bit about Treasury's IT strategy? Specifically, could you tell us about your efforts to align information technology to support the departmental and bureau business goals and their strategic priorities?

Mr. Duffy: Absolutely. And indeed, the second part of your question is our strategy. So you saved me some portion of it. The issue of alignment I think is a really good one. We're actually in the process right now working with our bureau executives on refining the Department's IT strategic plan. As you may know, the Secretary released a revised version of his strategic plan back in 2007, as we stood up the executive board this past January.

That was an impetus for my office to start refining our IT strategic plan. So as we look at it right now, I look at three key mission support areas that we need to focus on. First of that is information and data analysis. The fact of the matter is that Treasury processes just incredible quantities of information every day.

A lot of what we do is transactional in nature, but to facilitate improvement in efficiency and accuracy in those transactions, we have to do a fair amount of analysis as well. We're processing incredible amounts of data. We take it in, we manage it, we manipulate it, and then we disperse it in some form or fashion depending on what the transaction is.

So data management tools are critically important to us, and then finally, collaboration tools. In the transactional world that we operate in, so for example, the financial management service, and all the transactions they execute with the banking industry every day, we're pretty mature. Where we have opportunities, I believe, is in the collaboration areas related to some of our enforcement responsibilities, certainly in the policy development and policy promulgation areas.

Then with that as an overall context, there's a couple of specific areas I'd like to be ultimately driving some successes. Obviously improved data management analysis. I've alluded to that already. More timely information sharing. Again, particularly in our enforcement arenas; increasing the reliability and efficiency of electronic transaction services where those opportunities exist

And then probably the two areas that are my greatest focal areas: achieving greater efficiency in our operations, and then the issues of greater data integrity and security. The efficiency of the operations I think is critical for us as a department, as it is for every federal department, because the fact of the matter is the budget is going to be pretty lean over the next several years. I think we all see that.

In order to free up funds to invest in the new capabilities that we want to implement to improve data management and those type of things, we're going to have to basically make our operations less expensive, more efficient. There's different strategies that can be employed there. Some of them are purely management, some of them are heavily technical, and the right mix, we're still working to discern

The IT security as a significant challenge. That's going to dominate, I think, for the next 12 months to 2 years. And then issues of data integrity I think are also very important, particularly as we get into more automated collaboration and information sharing in the policy arena. We need to make sure that the information that we're handling is good information, and certainly what we disseminate and disperse is good information.

Mr. Smith: So along these lines, given the complexity and the scale of Treasury, I would imagine that IT governance is very critical to you with respect to your abilities to respond quickly to changing business needs. So could you tell us a little bit about IT governance at Treasury, but specifically, could you describe your efforts to drive more of an enterprise view across the entire department as opposed to a very -- I hate to use the word traditional, but a more vertical approach to technology.

Mr. Duffy: Let me talk to the IT governance for a quick sec. We reestablished our executive investment review board this past January, and that's a key element to governance for IT. Executive engagement, particularly the business executives, is absolutely essential. Not only because we ultimately will probably have hard tradeoff decisions that we have to make -- we have a limited budget; we may want to buy 10 things but we can only afford 5, which are the 5 we're going to invest in -- but more importantly, to drive the overall direction, what are the key business problems that need IT solutions, and how practical are those IT solutions that us technical whiz guys come up with?

I mean, ultimately, it's not the technical people that are going to use these tools. It's the folks in the business that use the tools. So having that executive engagement is critical.

So we've done that through the e-board. We've also refined the Treasury CIO Council, which is comprised of the CIOs from each of the bureaus, kind of reoriented what we do and how we do it there. And then just the whole issue of driving the concept through my office that our mission is to support the business. And I think those three things are what I consider the three legs of the stool to improve governance.

The issue of enterprise-wide IT, this is one I have some mixed feelings on, because clearly, there are, as I indicated before, a need to have an enterprise view on a number of IT areas: corporate infrastructure, corporate networks, IT security, even things like the high-level IT governance and capital planning processes, those need to be viewed in a corporate way and department-wide. And the e-board and the refined CIO Council I think are the mechanisms through which we achieve that.

And we have some specific success stories I think in terms of dealing with Treasury-wide IT. Our new Treasury network program is an example. The progress we're making on HSPD-12. Treasury's for an extended period had an enterprise-wide directory system. We've had a Treasury-wide PKI capability. So those are good examples of where we're succeeding in the enterprise.

Having said that, it's important to remember that we do have very distinct business operations throughout Treasury, and those demand distinct tailored IT solutions for those businesses. We can certainly reuse particular technologies and techniques, but all those techniques and technologies still have to be tailored to the business. And that ultimately means that we're going to have quite a few bureau-specific applications and bureau-specific IT services.

Mr. Morales: Mike, I understand your Department's information technology capital investment portfolio totals just under $3 billion, or about 25 percent of the Department's overall budget. Kind of a two-part question here: would you elaborate on how you have strengthened the Department's IT capital investment process to ensure that investment decisions are mission-aligned and cost-justified. And the second part is, what roles do the Treasury Executive Investment Review Board, the e-board you've mentioned in the previous question, and the Technical Investment Review Board play in establishing a robust investment review process?

Mr. Duffy: The first response I'll make is that my office plays a role in strengthening our capital planning and investment, but the fact of the matter is that so much of this goes on at the bureau level that it's a lot of the efforts that have gone on at the bureaus, led by the bureau CIOs and the bureau heads that have really led to some of our recent successes.

So I think I really want to make note of that, and within that context, I should say, each of our bureaus has established bureau processes at the department level and we leveraged those. I've talked already about the e-board. That's an integral part to the overall improvement, and bringing the lessons learned, as well as the specific work that's going on at the bureaus, and synthesizing that at the department level is really where we've gained most of our traction.

We have done some more -- for lack of a better term, I'll call them technical things. We've refined our EVM, our earned value management polices and our guidance to help the bureaus implement EVM on all their major projects. We've developed what we call an EVM light for the non-major projects, the smaller projects for which it would be too costly to implement a full ANSI-compliant EVM. And that's helping us collect information on how well we're tracking to our budgets, how well we're tracking to our schedules, and then our performance metrics.

The big thing right now I think for us is really to institutionalize changes and the philosophies that are being promulgated at the executive level, and really push those down into all levels of the Department. In all honesty, probably the biggest challenge there is within the IRS. The Internal Revenue Service is an enormous organization in terms of size. They do incredible amounts of work. They have some of the most mature governance processes at their corporate level, but there are 98,000 people and probably 90 percent of our IT budget.

So even when we get the policy set right and the corporate level infrastructure set properly, there is still an awful lot of work in terms of pushing that down through the entire organization, so that work is well underway, but I would say that's our greatest challenge area.

Mr. Smith: You touched on this with your comments on earned value, but given the complexity and importance of Treasury's complex multimillion dollar projects, from an IT operations perspective, how has your Department sought to improve its project management disciplines and structure for monitoring project or program performance?

Mr. Duffy: We've done a couple of things. I mean, and some of this has been with some coaching from OMB, and quite frankly, even some of the policies that come out of OMB in the last several years, one of which was the requirement to get project managers certified in not just project management disciplines, but also acquisition management disciplines. That's incredibly important for a department like Treasury, where a very substantial amount of IT is actually contracted out.

We gain great benefit from the experience and capabilities of the private sector, but it does place some additional management burdens on us. It's a constant challenge to keep pace with all of those going on in our contracting arena, and quite frankly, to keep people trained at an appropriate level. The project management and acquisition certifications is a key element.

And then basically making better use of that earned value management data. So we have these systems, they produce reports. You get reports on 65 systems. Now you have to synthesize that data and say what does this really mean? Are there trends here that indicate issues that we need to follow up on? If so, then what are those issues and what are the decisions that we have to make? Managing the information that we get out of our earned value management systems and then making good use of that information I think is also a significant challenge area for us.

Mr. Smith: Switching gears just a little bit, technology has clearly enhanced the ability to share information, but it has also made organizations like Treasury more vulnerable to unlawful and destructive penetration. Would you elaborate on some of the critical security threats and challenges facing your agency's IT infrastructure, and the efforts that you've had to enhance your IT security and achieve effectiveness?

Mr. Duffy: In terms of the critical security threats and challenges, the fact of the matter is, as I mentioned earlier, we're so highly networked that almost by definition, we're vulnerable in some degree to every security threat that's out there. Whether it's a teenage hacker or some kind of malicious code that's launched against us in particular, or we just happened to be collateral damage as a result of one of our partners.

We effectively inherit every security threat that's out there just because we touch so many people with our networks in our daily transactions. So that definitely keeps us very, very busy in the IT security arena. Having said that, I don't know that we're all that much more different than many other federal agencies that are highly networked and have a wide variety of business partners, and certainly, we're no different than other parts of the corporate world that are highly leveraging the internet and network.

You know, what we're doing about it is kind of a three-pronged approach. One is again a policy issue, and we look at our policies and we take the government-wide policies, we apply those and then we look to see what are the specifics that we have to deal with within Treasury. Some particular issues we deal with is we have a large number of people that travel. And so we have equipment that's out on the road, we need to protect that equipment.

We need to make sure that their access back into the corporate network is well protected. And we have a number of policy initiatives that are dealing with that. And then those policy initiatives ultimately call for some new tools to be applied. But suffice to say, we're invested heavily in a number of new toolsets. The good news is there is a lot of help being offered by the corporate sector. There are a number of other agencies that have been dealing with these issues as we have, and we collaborate with those other agencies and share lessons learned and tools. And so that's been very helpful.

The other issue that we deal with is what I call security basics. So we go back to some of those core policies -- and just taking one example, configuration management. We're stepping up our monitoring and our enforcement of good IT hygiene, if you will, and making sure that we're doing all those basic things as well as we can. And you know, if we do all three of those, then you stand a fighting chance of being able to operate fairly securely out in the network world.

Mr. Morales: Mike, you talk about some of what I would characterize as the technical aspects of cyber security, but another component to it is the human side.

Mr. Duffy: Right.

Mr. Morales: For example, employees being careless about personal information and data security. So along that dimension, what are you doing to create more of a culture of accountability in protection of some of this sensitive personal information?

Mr. Duffy: Well, accountability kind of starts at the top, and Secretary Paulson has made management accountability a prime part of his strategic plan, and within that, if you read that strategic plan, it talks about IT security in particular. I've had the opportunity to discuss our IT security efforts with the Secretary, and he has tasked us with moving out very, very smartly on our improvement plan. And that accountability then kind of flows down. I can tell you that across the senior executive service ranks of the Department, IT management overall, and within that, IT security management is a core element.

Every executive who has any kind of responsibility whatsoever for IT is being assessed on that. Moving it down to kind of the employee level, that's an area where we're focused on training. We do the annual training. That's kind of the 101 requirement, and now what we're working through is how do we do kind of pervasive small doses of training.

One of the things that we're trying to do in the departmental offices is we have a weekly security tip that we just issue out in a global e-mail. We're starting to do some brown-bag lunches and other types of little town hall-type sessions. And we will focus on a very particular element of IT security. If there's been a particular problem that made the press recently, we'll take that and we'll do a little session on that. So we're looking for different ways to keep IT security on the front burner both at the executive level as well as the staff level. So far, we've seen those to be the most effective techniques.

Mr. Morales: Great. How is Treasury managing its IT infrastructure and its performance?

We will ask Mike Duffy, Deputy Assistant Secretary for Information Systems and Chief Information Officer, to share with us when we return on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Mike Duffy, Deputy Assistant Secretary for Information Systems, and Chief Information Officer at the U.S. Department of the Treasury.

Also joining us in our conversation from IBM is Jeff Smith.

Mike, let's spend a little bit of time on the President's Management Agenda, or the PMA. Could you tell us a little bit about how your department has performed overall in this area, and perhaps tell us about any lessons learned as you've executed the PMA?

Mr. Duffy: The President's Management Agenda is something that we spent a lot of time talking about, not just within the Department, but obviously across the federal government, particularly in the e-gov area. In the early stages of the administration, it got off to a rocky start. But over the last several years, I would say it's matured and resulted in a lot of really positive uses of IT, and ultimately is achieving many of its goals. And I think at Treasury, we've been one of the leaders in this area, but I would like to spend a couple of minutes telling you about some of the things that we have been able to achieve.

First of all, Treasury is the lead on several of the e-gov initiatives, including in the HR Line of Business, we're one of the three government HR Lines of Business. We have a system that we call HR Connect, which we're very proud of. Not only do we service all the Department of the Treasury, but we also service Department of Housing and Urban Development, the former Treasury Bureau that we used to call the Alcohol, Tobacco and Firearms, and the Secret Service is also a customer of ours.

So that's been a very, very successful program for us both from an IT technology point of view, but also from an IT governance point of view, which I think is a critical aspect of the PMA. Treasury also is the lead for an initiative called IRS Free File, which as it indicates allows certain taxpayers to be able to file all their taxes electronically at no cost. We also participate as one of the Financial Management Lines of Business and provide financial accounting services to a number of agencies throughout government.

More recently, we've become one of the key contributors to the Budget Formulation Line of Business, and Treasury has a system that we developed to help automate the budget process, the federal budget process, and that system now is being marketed to other federal agencies for use. What's really interesting about the budget line of business is that OMB did not mandate that, several agencies got together and said hey, we think this is a good idea, went to OMB and said, would you sponsor us as line of business? And OMB said, if you can get the money from agencies, we'll sponsor you, and lo and behold, a number of federal agencies kicked in the funds necessary to run this program. So we're very proud of being able to participate in that initiative.

Treasury has also then implemented I think 18 or so of the other e-gov initiatives, everything from the e-learning initiative, what's called GovTrip, which is the automated travel system, e-Rulemaking system, obviously we publish a lot of rules. Bottom line is I think we've done quite a bit of work in this area. We've been able to save the Department money, which means therefore we've been able to save the taxpayers dollars, and we've actually improved services to department users -- where we're talking about internal systems -- and taxpayers when we're talking about external systems.

Mr. Smith: So Mike, with the continuing rise of electronic commerce coupled with broadening counterfeit threat, the success of your department's varied missions relies on a solid information technology capability. But in some quarters, there's a perception the government lags behind the commercial sector in technology innovation.

Do you think that this is a fair perception, and do you think government could enhance its position to become a leader and driver for leveraging technologies, or how do you think that would happen?

Mr. Duffy: Actually, I don't think it's fair to say that the government lags behind technology innovation. I think where we lag behind is in the implementation and use of innovative technology, and there is a little difference there. The fact of the matter is that the government uses quite a bit a very innovative technology. I think we could also identify a couple of areas where the government actually either produced or substantially sponsored innovative technology. The internet and global positioning satellite services are two that come to mind

And it's interesting, because I have three kids who are teenagers, and they all take these very basic services for granted. Indeed, they don't know of a time when those didn't exist and they have no concept that the government actually substantially supported the development of those. So that said, I think, as I indicated, our real problem is we have a problem with the rapid deployment of technology. There's probably lots of different reasons for that. One that I think is a distinction between the government and private sector is our budget process. The fact of the matter is, we the Department of Treasury don't have unilateral authority over our budget; we have to work through a process, working through the President and OMB to get a President's budget, and then that has to go up and be approved through the congressional appropriations process.

And that's the nature of government and we have to work through that, but it is an inhibitor to very rapid expenditure and capitalization. Often in innovative technology, you need a fairly good chunk of dollars in order to make that initial investment, to bring on the talent necessary. By definition, if we're taking about innovative technology, it means that there's a relatively small labor force that can deal with that technology. In most cases, that labor force is not in the government, which means we have to contract for it. So there're processes there. Our processes are defined for very good reasons, but that is a distinction, I think, between the government sector and the private sector.

So what do we do about that? I think we have to recognize what our limitations are, what are the factors that we have to deal with, and we have to do a better job of planning around those. The other thing we can probably do better is actually sharing experiences and success stories across the government. DoD, for example, has done a much better job over the last several years of sharing with the civilian side of the government the different technologies that they are using. Dave Wennergren, for example, at DoD has been a real advocate of a couple of IT security technologies and strategies that have been very successful at DoD, and they are now sharing those with the civilian side of government. And that's incredibly helpful.

We in the civilian side do more of that information sharing. We're going to be able to make up a little ground in terms of the implementation of innovative technology.

Mr. Morales: As you know, transformation creates new competitive areas and competencies. What key competencies will be needed for IT staff to provide proper IT support, and specifically, what steps are being taken to attract and maintain a high quality technical and professional workforce to build these new competencies?

Mr. Duffy: Those are great questions, because that kind of is the crux of it. If we don't have an IT workforce capable of being able to identify what the problems are, be able to identify what the solutions are, and then actually manage the implementation of those, then by definition we won't be successful. So those three things are definitely core competencies and issues that we need to be looking at as managers. Some other things that come to mind is just an awareness of the changes that are going on both in the business that we manage, in this case the financial services for the U.S. government, but also what's going on in private industry. In the case of Treasury, that means the private industry, such as the financial services industry, but then also in the broader IT industry.

Being able to retain and then build, as we face the retirement boom, the subject matter expertise in those three areas, that is definitely going to be a challenge for us. I think in general, a competency that I really kind of gravitate towards when I am hiring new people is just basic problem solving, because so much of what we do is problem solving. When I think about general categories of people, I think of two categories. One is what I call the dreamers, and those are the folks that think up new solutions, not necessarily to any particular problem, but for example, who came up with global positioning satellite services? Who dreamt that one up?

And then there's the very practical, pragmatic problem solvers, and those are the guys who take those technology tools that are developed and actually apply them to specific business areas. So those are kind of very high-level issues that I think we have to deal with as we look at talent. What we're going to have to do more of is develop very, very targeted strategies, recognize where our skill gaps are going to start popping up, and then know in advance what we're going to do in terms of recruitment, what we're going to do in terms of retention and training, and then ultimately how those competencies are probably going to morph over time.

Mr. Morales: As the CIO, a big portion of your job is to put in place the policies and strategies for cultural change and educational outreach to help staff recognize that they are part of a broader enterprise. To this end and as the CIO, what kind of pushback have you gotten, and what are the types of pushback that you have received?

Mr. Duffy: There's two categories that I deal with in some regard. So I have my staff and the Office of the CIO. And the issues there are, like many IT staffs, we tend to be a little older than what you might find in the corporate sector. Many of them were trained in some of the older technologies -- for example, the older telecommunications technologies -- and the issue there is kind of a recognition of why that older technology has reached its end of useful life, and why we need to move to a new technology. So why does frame-relay point-to-point circuits no longer meet the need, and why do we need to move an MPLS network?

You know, why do we want to move off of a tried-and-true analog or a digital telephone system and move to VoiceoverIP? Those are interesting kind of cultural issues. Ultimately, I think what it comes down to again is basically a training issue. And not training in terms of classroom, but training in terms of making sure that my staff has a much better view of the big picture. What are the business drivers, what are the cost-benefit analyses that drive us to move in these directions.

And then the other category, of course, is working with the bureaus. And there, the challenge is I am looking at IT and the IT issues from a corporate perspective. They are looking at it from a very specific bureau mission perspective. The challenge for me is to basically sell my bureau counterparts, if you will, on why this particular policy or this particular strategy, or this particular initiative makes sense for the bureau, what is the bureau going to get out of it. If I can put it into those terms in a convincing way, then there is not much pushback. So that's I think the key challenge.

Mr. Smith: So Mike, we're starting to see many federal agencies as well as other communities launching their own Wikipedias and blogs. Could you tell us a little about -- about any efforts within Treasury to leverage some of these new social networking ideas and technologies?

Mr. Duffy: This is a really interesting area for me. It's one that I am still very much coming up to speed on. The area of information sharing and collaboration, as I think I alluded to earlier, holds a lot of promise for the Department. Figuring out how to work these technologies into our business processes I think is our key challenge. Really what we're doing within the Department is experimenting, I'm going to say, or prototyping these type of technologies for internal use. So we stood up a little wiki inside the Office of the CIO to do some collaborative work as preparation for the development or refinement of our IT strategic plan

We've thought about using a wiki for purposes of doing coordination of different policy documents. So for example, if we get something that comes in in draft that needs to be reviewed across the Department, we're playing around with how can we use a wiki or a blog as a more efficient and user friendly way of collecting comments and then being able to resolve those comments. I don't think we're yet at the point where we're using these operationally; I believe that some of our bureaus are beginning to conceptualize how they are going to be able to do that. But this is definitely I think an untapped area for us in Treasury.

Mr. Morales: So with that, what does the future hold for Treasury's IT capability?

We will ask Mike Duffy, Deputy Assistant Secretary for Information Systems, and Chief Information Officer, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to our final segment of The Business of Government Hour.

I'm your host, Albert Morales, and this morning's conversation is with Mike Duffy, Deputy Assistant Secretary for Information Systems, and Chief Information Officer, at the U.S. Department of the Treasury.

Also joining us in our studios from IBM is Jeff Smith.

Mike, given the critical role information technology plays in mission and program delivery, could you give us your view on how the role of the CIO has evolved in this regard, and what are the key successful characteristics of a CIO of the future?

Mr. Duffy: You know, as I think back to kind of the advent of the CIO at least in the federal sector, you kind of go back to 1996 and the initial Clinger-Cohen Act, and that act I think got us down on track of -- I'm going to call compliance -- and I don't mean that in a derogatory way, but I think a lot of the CIO responsibilities were very, very focused on making sure that we were doing things right.

And certainly that's an important part of the job. That was I think melded in with CIOs who were very, very technical in nature, and some of them were technologists who then got pushed up into this new role called chief information officer. I think over the last 10 years, the role has really morphed substantially to business facilitator. And it's important for us to be well-versed in policies and process and techniques for good management, and we certainly have a role in making sure that we're doing things correctly. But ultimately, the real value of a CIO is the degree to which IT is furthering the accomplishment of the mission of an agency, or of the business.

So that's really I think the big difference. With that said, I think the key characteristics, underlining characteristics, now are the ability to understand the business, and I see this with many of my peers across the government, and I hope with myself, we spend more time just trying to understand what our agencies do and why we do them, and then mixing that in with an understanding of technology.

I think that places more of a burden on us, certainly from a time point of view, because as technology gets increasingly complicated, we have to ensure that we're investing enough time to at least be somewhat conversant in it. And even the regulatory environment I think has expanded since 1996. But nonetheless, we have to carve out time to actually sit down, read the budget, not just the IT budget, but the mission budget. We need to meet with the mission leaders, the executives, the e-boards, and then even meet with folks outside. At Justice, I actually spent quite a bit of time meeting with law enforcement officials outside the federal government in order to better understand what the federal information sharing requirements were. Ultimately, what that means is that the CIO needs to strive to be more of a business leader and strategist and less of a technologist.

Mr. Morales: So continuing on sort of our view of the future, can you give us a sense of some of the key issues that will affect CIOs government wide across the next couple of years, and in your opinion, given Treasury's chairmanship of the Federal User Group, what emerging technologies do you think hold the most promise for improving federal IT?

Mr. Duffy: So in terms of key issues, protecting information I think is going to be the number one by far. And this is a kind of the confluence of the technical IT security, the policy IT security, and then this emerging area that we call privacy. And in Treasury, the Assistant Secretary for Management is the chief privacy officer, and we have a Deputy Assistant Secretary for Privacy and Records that is the subject matter expert, and supports the Assistant Secretary in that regard.

My office plays a supporting role as well, and we kind of share that responsibility with the privacy office. So the whole information protection area is I think going to be a dominant area for us. And then the other one I think is an issue related to efficiency, particularly in IT infrastructure. I'll reiterate that that's important because of the nature of the federal budget, the fact that our budgets grow at a very modest rates and yet our needs to invest in new technology are growing fairly rapidly.

So the math is that you have to free up money out of infrastructure in order to be able to invest in new capability and new technology. So those are going to be -- if I had to focus on two issues, those would be the two. So as I look at technologies then that address those issues, Federated Identity Management is huge. The fact of the matter is there is no way for any organization to be able to manage the identities of all of the users with whom they are going to interact.

So that is certainly true within Treasury. So in Treasury, we take the view that the actual management of the identity has to be done on a bureau-by-bureau basis. You know, at best, the bureau head is the one who is going to be able to manage their workforce, including managing the credentialing of that workforce. But now we need to be able to say that the credential in the Financial Management Service can be accepted and utilized by the IRS. And that's where the Federated Identity Management comes into play. So the technologies that facilitate that, technology such as PKI and HSPD-12 standards, things like enterprise directories -- all those types of foundational technologies are huge, and then some of the new tools that are coming along to help us there.

Web-based collaboration technologies -- we talked a little bit about that earlier -- that's a growth area, and one that we in the federal space are going to have to continually invest in. Data management tools are another significant opportunity area for us because of the vast amount of information that we collect, and then the information analysis tools.

Mr. Smith: So Mike, what are some of the major opportunities and challenges that the Department of the Treasury is going to encounter in the future, and how do you envision your office will evolve over the next five years?

Mr. Duffy: The challenges I think are fairly apparent. The issues of corporate network security, for all the reasons we've talked about this morning: IT governance; ultimately we have to do a really good job of managing the scarce dollars that we have. And probably more than the scarce dollars -- I mean the scarce dollars, the talent pool of people that we have, and indeed if you look at it more broadly, the information that we're asked to manage. Those are two I think fundamental areas, and then the third goes back to my mantra, and that is making sure that in everything we're doing in the IT area, we're doing with an eye towards how do we facilitate the accomplishment of the mission.

It's very easy on a day-to-day basis to lose sight of that. I myself do, even though I'm out there preaching it half the time, and I see my staff struggle with this every single day, my IT security staff, who is very focused on making sure that we're getting the best grade possible on FSMA audit. And that's exactly what I'm asking them to do, but I also want them to take the half step back and say, why is this important.

So as my office morphs, what do I see? As we talked about before, we do have a well-seasoned staff. So we're going to see a turnover in the staff over in the next five years. That, there is almost no doubt. So we're going to have some significant recruitment and retention issues that we have to deal with. You know, the marketplace is I think continuing to be a very competitive place. And it's an interesting challenge because as we try to hire in more talented, more technologically or business-oriented people, that actually raises their stock and makes them more attractive to the private sector.

So we're going to be I think in a constant challenge area in terms of retaining the good staff that we have. And indeed, I have come to the conclusion that we're probably going to have to reset our expectations in terms of the career length of federal IT workers, whereas before we're very accustomed to the 30-year fed, and you know, I myself have 21 years and so I have at least a reasonable short of making 30. I don't think that's realistic for the upcoming generation. You know, there's too many opportunities. Indeed, we created a very portable federal retirement system which makes it all that much easier for people to come in and out of the government, and we're going to need to plan to deal with that. And that's a human capital issue in some regard, but I think it's particularly acute in IT management, and so CIOs have to recognize that.

And then probably the continuing use of contract support and making sure that we're doing that very, very well. You know, again, the nature of IT is that we don't have a constant set of work challenges. It goes up, it goes down, and that's much more conducive to employing private sector folks to come in and help us get that job done.

Mr. Smith: Mike, you made a decision early on in your education to start a career in government, and you've obviously been very, very successful. So what advice might you give to a person who perhaps is at that stage where they may be either right coming out of school or perhaps maybe even mid-career around getting started in public service or in the federal government?

Mr. Duffy: Well, it's good you mentioned that. One of the things I like to do and try to carve out a little bit of time is actually mentor younger federal employees, particularly people that are in the Presidential Management Fellowship Program, which is the successor to the PMI program that I came in under. I think the primary message is to give public service a try. It's incredibly rewarding. Sometimes you have to go through some frustrations to get to that reward, but if you're willing to work through some of those frustrating times, at the end of a year or 2 years or 30 years, you can look back and see where you made significant contributions to the public and to the nation.

I think in particular in the IT field, we're becoming actually increasingly competitive; and there's variations within that. I think certain technologies, particularly some of the newer technologies we probably don't compete quite as well, but in some of the more mainstream network technologies, even IT security, the federal government actually has some ability to offer comparable compensation packages, particularly if you take into account things we can do with loan repayments and recruitment and retention bonuses, and leave and all that good stuff.

So it's a good opportunity. As somebody enters the workforce, I think my advice would be to focus on what's really important, and this kind of comes back again to my little mantra: why are we here, what are we doing to make the Treasury a better place -- the Treasury a more effective government agency, and ultimately how are we benefiting the taxpayers? If you can get your mind around that and focused on that, then government is definitely a great place to work.

Mr. Morales: That's a great perspective, thank you. Mike, unfortunately, we have reached the end of our time. I want to thank you for fitting us into your busy schedule, but more importantly, Jeff and I would like to thank you for your dedicated service to our country across your roles at Justice and now at Treasury.

Mr. Duffy: Well, thank you very much for the opportunity, and I enjoyed it. You know, what I would say is, is anybody who is interested in learning more about the Department of the Treasury or specifically the Chief Information Officers' office, probably the best place to get that info would be via our website, which is treasury.gov.

So I would invite the listening public to take a look there.

Mr. Morales: Great. Thank you.

This has been The Business of Government Hour, featuring a conversation with Mike Duffy, Deputy Assistant Secretary for Information Systems, and Chief Information Officer at the U.S. Department of the Treasury.

My co-host has been Jeff Smith, partner in IBM's Federal Civilian Practice.

As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who may not be able to hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.

For The Business of Government Hour, I'm Albert Morales. Thank you for listening.

Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m. And visit us on the web at businessofgovernment.org. There you can learn more about our programs, and get a transcript of today's conversation. Until next week, it's businessofgovernment.org.

Jonathan Q. Pettus: Enabling IT Collaboration Across the National Aeronautics and Space Administration

Tuesday, October 7th, 2008 - 16:16
Posted by: 
As the National Aeronautics and Space Administration(NASA) celebrates its 50th year, it continues to pursue oneof the most complex and exciting missions in the federal

William Vajda interview

Friday, January 18th, 2008 - 20:00
William Vajda
Radio show date: 
Sat, 01/19/2008
Intro text: 
Technology and E-Government; Managing for Performance and Results; Contracting; Collaboration: Networks and Partnerships...
Technology and E-Government; Managing for Performance and Results; Contracting; Collaboration: Networks and Partnerships
Complete transcript: 

Originally Broadcast January 19, 2008

Washington, D.C.

Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at businessofgovernment.org.

And now, The Business of Government Hour.

Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.

With the reauthorization of the No Child Left Behind Act of 2001, the U.S. Department of Education continues to work with its state and local partners in promoting educational excellence and access throughout the country. One critical way it does this is by providing its partner institutions with accurate, timely, and useful information. Information as a strategic asset enables decisionmakers at all levels to make better decisions faster and act sooner.

With us this morning to discuss his department's efforts in this area is our special guest, Bill Vajda, chief information officer at the U.S. Department of Education.

Good morning, Bill.

Mr. Vajda: Good morning.

Mr. Morales: And joining us in our conversation, also from IBM, is Paul Kayatta, partner in IBM's public sector general government practice.

Good morning, Paul.

Mr. Kayatta: Good morning, Al.

Mr. Morales: Bill, let's start by setting some context for our listeners around the Department of Education. Perhaps you could share with us a sense of the history, mission, and activities of the Department. Can you tell us when it was created and what's its mission today?

Mr. Vajda: Absolutely. ED was created in 1980, combining offices from several different federal agencies, with a mission to promote student achievement in preparation for global competitiveness by fostering educational excellence and ensuring equal access for all. Some of our $71.5 billion appropriation is dedicated directly to establishing policies on federal financial aid for education, and distributing as well as monitoring those funds, collecting data on America's schools and disseminating research, focusing national attention on key educational issues, and prohibiting discrimination and ensuring equal access to all for education in our society.

Mr. Morales: Now, you mentioned $71 billion in appropriations. Can you further expand on the scale of the Department in terms of number of full-time employees, geographic footprint, and the rest of the budget?

Mr. Vajda: As you can imagine, we're primarily a continental United States-based organization, so we have regional offices across the full United States. We've got about 4,500 employees, so in terms of federal departments, we are probably the smallest, if not the smallest, dedicated to all the different things we were just chatting about.

Mr. Kayatta: So Bill, now that you've given us a feel for the sense of the larger organization, perhaps you could tell us more about the area and specific role within your department. So what are your specific responsibilities and duties as the chief information officer?

Mr. Vajda: Well, I think solving problems, or at least solving more problems than I create is the first most important thing. There's a lot been written and a lot been spoken about what a federal CIO is supposed to be and supposed to do. A lot of that is codified in the E-Government Act and other statutes passed for how technology information systems are supposed to be operated in federal government. My primary responsibility in terms of the Department is to deliver the mission-enabling support, wherever it might need technology, in order to get the broader goals and priorities accomplished.

Mr. Kayatta: Can you give us a feel for how your area is organized, the size of your staff, budget?

Mr. Vajda: The OCIO is organized principally along two different directorates. We provide mainly operational support and information security support. There's functions within my office that handle all of the kind of mandated administrative responsibilities, so for all of the budget oversight, for all of the program oversight. We work in conjunction with the Office of Management to provide oversight to privacy and protecting information as part of our FOIA program. So by and large, the 70 or so people who work on this every day provide and leverage other resources available in the Department.

We have a number of different technology partners from industry who do specific things for us. But our principal role is really to provide oversight and direction to all of that, and we have obviously a budget and resources that match that.

Mr. Kayatta: Regarding those responsibilities, what would you say are the three largest challenges you have, and what are you doing to address those?

Mr. Vajda: Well, when I came on board, I promised the Secretary that I'd try to accomplish five things. And the first three, which answer this question very nicely, are making the operational infrastructure as efficient and effective as possible, and to the broadest extent in every one of those terms -- as cost-efficient, as operationally efficient, as technically efficient -- and to do that in a way that allowed the focus of the Department to be more on delivering the mission of education.

The second thing I promised was that we were going to make investments in information security. At the time I came on board, that was a very significant promise to make, right about the same time as a lot of folks around Washington remember the early Veterans Affairs privacy leak in the case with the stolen laptop. That was really kind of a seminal event in the way organizations decided to invest in that area.

Mr. Vajda: And the third one was obviously, I can't do it in a way that only works while I'm here, that I have to build an organization that can sustain all of those things for the long haul and not just for the short haul. And it reflects very well an extraordinary commitment on the part of the Secretary to make investments in these areas that are going to last and support this mission for the long haul.

Mr. Morales: Great. Now, you have sort of a very interesting background, having served in a couple different organizations within the federal government as well as in the private sector. Can you describe for our listeners your career path?

Mr. Vajda: That's a nice way of saying I can't hold a job. Well, it's certainly been an interesting one. I had an early mentor who advised me that the best way to build a career, first, was on things you were interested in, and second, was to try to get as broad a set of opportunities, and to take them, available to you to get an idea of what the other side of the fence looked like. I had the very good fortune of being in places where there were lots of opportunity present, and things that I knew how to do were interesting to people who had problems that needed to be solved.

I got a chance to spend time working internationally. I got a chance to spend time working for different kinds of organizations, whether they're international or federal government or private business. I got an opportunity in federal government to work now in my third department, taking on very similar challenges. But at the core, it really comes down to solving problems with technology. Anybody who is interested in that role I would say is probably already engaged in exactly the same career path I've had.

Mr. Morales: That's great. So as you sort of look back on all of these experiences, how do you think that they've prepared you for your current leadership role and shaped your management approach and style? And if you can, what management lessons have you learned and brought to the Department of Education, perhaps from these other departments or from the private sector?

Mr. Vajda: Probably humility would be the most important one. I had the opportunity in a number of cases to see different organizations respond to people who they had brought on board because they had all the answers and they knew exactly what needed to be done. And their way was the right way to do it, and they tried to push their way through problem solutions by implementing what I'm sure seemed to these different organizations an alien episcopology, almost like the Crusades blowing in. And I watched kind of empirically how successful that approach was. Most of the time, with the exception of problems that were severe and incredibly broken, that wasn't just a very successful way to do things. Most of the time, what I observed was there's a lot of good people in organizations who really understand what the problems are, who are passionate about wanting to fix them and wanting to do the right things, but for whatever reason, they lack an advocate or they lack a voice.

Part of the reason why I think I've had as many opportunities as I've had is when you come into an organization from the outside, a lot of the baggage that comes along with the role isn't there at the beginning. Certainly you collect it over time. But when you come in, part of the value of coming in isn't because you're necessarily smarter than anybody else or that you're necessarily any more capable than anybody else, but the fact that you don't carry baggage that at least for some period of time makes you an independent third party really frees up organizations to have more critical debate and more critical dialogue. So I'd say that's probably the first most important lesson.

When you implement that properly, there's a lot of discussion typically, particularly in the federal space, around issues of diversity and making sure we're as inclusive as possible based on all kinds of statutory requirements. The most important one is to respect the diversity of ideas. If there isn't a free and open debate, then you rarely ever get all of the information you need to make the right decision. And that creates kind of an awkward dichotomy, because when you're fundamentally walking in to solve problems, you're going to have a lot of people who are very interested in voicing views that might not be in agreement, and many cultures just don't tolerate that or foster that. And so being somebody who has to walk in and kind of put your arms around all of these different things going on and mediate some kind of a peaceful resolution that everybody can live with, that type of bureaucratic diplomacy is a very key skill.

And to the extent, I guess, that from my observations I've tried to conduct myself along those lines, maybe that's the reason I guess I get asked from time to time to go take some of these challenges on. I've found more often than not the wonderful thing is, particularly in federal government, it's full of people who are passionate about government and passionate about doing things for the citizens of the United States. And it's very, very easy to get motivated to come in and pitch in with all those folks every day.

Mr. Morales: That's fantastic. It's interesting that a lot of these lessons and experiences that you draw on are people-based as opposed to technically-based, which many times as employers are looking for qualifications, they tend to focus more on the technical skills as opposed to the people skills. And it's interesting that you find these probably perhaps to be more valuable than many of the technical skills.

Mr. Vajda: They're definitely the longer term threads in my career. Early on, I had the opportunity to work almost exclusively with technology. And I don't want to date myself, but when I started in the business, it was at a time when a lot of the kind of standing models of how IT was delivered in an organization were changing, the technology itself was changing. It was moving from mainframe-based platforms that were the penultimate kind of back office black box that most users didn't understand and that completely constrained the way they did business because of the cost of changing things, moving towards the microcomputers and the network-based computing, more local autonomy. And it led to more open standards and it led to more ubiquitous technology.

And over time, and certainly technologists know this and users know it even better these days, technology changes so fast that to base a career on something that's only going to be around for six months, when most people are planning on working 40 or 50 years, isn't a clever thing to do. So you get to a point really quickly where there are very few problems that there's just a simple technology fix is going to solve. What really the most challenging part of the job is is to program an organization and to get people to see things in a different way or to work together more effectively.

Mr. Morales: What is the U.S. Department of Education's IT strategy?

We will ask Bill Vajda, chief information officer at the U.S. Department of Education, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Bill Vajda, chief information officer at the U.S. Department of Education.

Also joining us in our conversation from IBM is Paul Kayatta.

Bill, can you tell us a bit more about the IT strategy at the Department of Education? How have you sought to modernize and standardize the use of technology so it benefits both the Department and the constituents that you serve, as well as align IT resources to the Department's strategic plan?

Mr. Vajda: Well, it really gets back to those three promises that I was telling you about. The first one, to try to make IT as efficient and cost-effective as possible, isn't just a challenge for OCIO, it's really a business challenge. And one of the first things that I looked at was how technology was being procured, how it was being used, who was making the decisions, and how all those things were working already within the Department. Because many of the decisions that the President's forwarded through his policies with market-based government, many of the things that Education had already been doing, reaffirmed that everything that the Department could possibly do to put the greatest possible investment on the educational priorities needed to remain, and that IT is a mission enabler that needed to be much, much more efficient.

Based on that assumption, we went out and took a look at were there economies of scale? Was there a different enterprise view? Were there newer technologies available that might provide those efficiencies? Were there other things that we were doing that were less than optimal? And we partnered with a number of different organizations to do that, with our contracting and acquisition people, with all of our business program managers, with our Office of Inspector General, to really try to get everything out on the table all at once. That resulted in a number of different recommendations that we've been driving towards since.

Prior to my arrival, the Department had already chosen to use vendor partners to deliver most of the operational IT every day. And so the way we had been doing it was we as government owned most of the assets, and we had enlisted partners from industry to operate them for us. For everybody who's ever worked with government who knows, the process of provisioning, acquiring, maintaining all of the licenses, all of the hardware, all of the spare parts, all of the things necessary to deliver the operational services is no small feat in and of itself. And so we decided that rather than having multiple different organizations involved in trying to choreograph everything we needed to get the kind of performance and reliability and quality in services we were looking for, we needed to come up with a different way, strategically different way, of providing IT in the Department.

So we use an acronym called GOCO -- government-owned, contractor-operated -- that kind of described where we were at. We said if we're going to optimize this, we need to provide the vendors who are ultimately responsible for the services with as much flexibility as possible to make choices within the confines of law and within the confines of all of the management guidance from OMB and from the Department that we establish, from NIST for security, from everything else, that they would have to conform to all those things. But to the extent possible, that we could give them flexibility to provision more effectively, we would do that.

So we went from this GOCO model to something we called COCO: contractor-owned, contractor-operated. So if they need something to provide 99.9 percent reliable telephone service, if they need to provide 99.9 reliable printer service, that they would have the option of deciding the most effective way to do that. And that significantly shifted risk burden from government on to our vendor partners by design. But from their perspective, it significantly lowered the risk burden of government being able to provide the kind of things they needed to get the job done as they'd agree to under their contract.

So we started that, like I said, shortly after I came on board, September maybe of 2006. We've recently awarded the contract this fall and we've selected a vendor partner, Perot Systems Corporation. They've been on board now about three months, so we're starting to get the data in, but everything points to we're accomplishing the goals we set out to accomplish.

Mr. Morales: Now, this may sound a bit loaded, but it's been my experience that information technology is an area that is sometimes noted for its turf battles and its proprietary views. So could you elaborate on your efforts to foster an enterprise view and begin to break down these barriers?

Mr. Vajda: Absolutely, and I would say that's not a challenge unique to the Department of Education. Some of it really comes kind of back down to basic empirical data. There's volume issues that you can take advantage of. There are licensing strategies that you can take advantage of when you look at things with a broader enterprise view rather than from an individual user view or an individual office view. But it fundamentally, for us, came down to also discussion really about what was fostering this just beyond parochial interest? And if you look at the operational timelines of most departments, you know, departments, contrary to agencies, have a lot more political appointees, a lot more kind of Schedule C staff than what a typical agency does. In that context, when you're promising the administration and the President that you're going to do a good job for them, you plan on that within the term of an administration.

When you account for the time that it takes to spin up and understand a culture and how to get things done within a particular organization, and maybe the time it takes to spin out, you've got an effective operating window of three to three and a half years to try to get anything done, any mission done that you've been assigned or promised that you'd do. And if the IT people come in at that point and say, well, we're going to take 11 months to do a requirements analysis. And maybe by the time we get done with that requirements analysis we're going to get a better handle on what the contract we're going to need to write is going to look like, and in the meantime, we can work on the budget requirements and make sure that we're aligned properly with something that happened two years before anybody showed up that matches what our program goals are, you've already blown by 364 days and 7 hours and probably 1 minute the amount of time that they wanted to focus on building a relationship with you and what it takes to solve the problems they've got.

You get to a point very quickly where you can understand why people have very strong parochial views, why they want to have very strong control over the technology, and why they're very impatient trying to figure out how to deliver it. And so we recognized that early on, and there was a lot of very senior-level discussion.

Very little of that, first, is unique to the Department, and very little of that is really something that's changeable because of all these external drives. But we wanted to make sure that we made investments in technology that absolutely shortened that cycle and that over time would make use of this common infrastructure a more desirable choice to folks coming in. And beyond that, once we have confidence that it's a credible alternative to everybody going ahead and going their own way, then you can start looking at things like where you might make more parts of that mandatory versus discretionary for different people who want to use it.

We're three months into it. It's not something that's a new experiment for government. There are a number of different state, federal, and local organizations that have chosen to use this model, and they're using it very successfully. And as a department with perhaps scale being a positive factor in this regard, hopefully we've got better command and control of our domain and we'll be able to get the job done.

Mr. Kayatta: So the path that you described earlier, moving to the contractor-owned and operated environment, is a trend that has been going on for a while in private sector. To what degree do you think the federal government will increasingly consider that approach?

Mr. Vajda: I think it's going to be organization-by-organization decision-making. Clearly, there are organizations in government that have a mission to be responsible for developing technology, and as a core part of their mission, I don't think you would see any movement away from that. But I think you're going to see a lot more business decision-type investment decisions coming down the pipe. Again, I used the term "mission enabler" earlier in describing IT. And for those organizations that are looking to optimize that, this is clearly going to be a legitimate option. And I think no doubt you'll see more organizations considering it as we move forward.

Mr. Kayatta: Your department's information capital investment portfolio is in the range of $540 million. Would you elaborate a little on how you have strengthened the Department's process to assure this investment decision's mission-aligned and cost-justified?

Mr. Vajda: Absolutely. We're very fortunate to have a very active chief operations officer in our department, Hudson LaForce, who's taken a lot of personal responsibility, along with all of the senior leadership team, for making sure that we establish a governance process that allows us to make the best apples-to-apples kind of decisions not only for technology, but for the way we invest in different programs, and implementing the intentions of Congress as our appropriations come to us. What that means for the OCIO is for any area where technology's required to get the mission done, we formed a body where we bring together all of the business program managers responsible for the outcome of those programs with the technologists, with the budget and acquisition people, with the other policymakers, to make sure that we reconcile up front investment decisions and investment expectations as we move forward.

Again, this reflects a lot of the things that you've seen coming out of OMB, a lot of the policy on performance-based views of managing organizations and outcomes that I believe is ultimately being very well-adopted across all of federal government. Ultimately, it comes down to, at the end of the day, making sure you're making the right decisions to solve the problems that you have. And technology is not typically the focus of the problems. It's really more the enabler. So it really gets back to the common theme of making sure you're making the most efficient decisions, the most efficient investments, and that the technology you're implementing matches those.

Mr. Kayatta: Bill, can you tell us a little bit about the Education Data Exchange Network, or EDEN? And how does this information create standards and form local and state education CIS?

Mr. Vajda: Well, the Department's Education Data Exchange Network is a performance-based data management initiative that's been a collaborative effort among the Department, state educational agencies, and industry partners to establish a process for states to directly submit elementary and secondary education data from the state, district, and school levels to the Department by electronic means. Started funding for it was 2003. It was operational by 2004. And this initiative has built a currently operational central repository that consolidates K through 12 information collected from states, districts, and schools.

Through EDEN, the Department's improving data quality and reducing the paperwork burden for state and local education partners. And through its data collections, EDEN collects and manages the following types of data: achievement, performance statistics, school characteristics, demographics, and program financial data. There's actually a tremendous body of information available on EDEN through the www.ed.gov website. I think rather than trying to represent all of that today, I'd suggest anybody who's interested, that they visit our website and find out for themselves.

Mr. Morales: Great. So shifting gears a bit, Bill, and perhaps delving down a bit deeper, IT appliances are designed to simplify the IT manager's life, but it's recognized that each new device introduced into a data center can add a certain amount of managerial complexity to the work of probably an already overburdened staff. Could you elaborate on your perspective of whether having too many of these single-purpose IT devices leads to complexity as opposed to simplicity?

Mr. Vajda: Gladly, but I'd point out that under a contractor-owned, contractor-operated model, it's not the technical infrastructure that we worry about. It's the performance outcome that we worry about. So when you go to a COCO model, those are burdens that are borne exclusively on the vendor partner and really not so much on the government partner. Certainly we have oversight that we have to provide to make sure that people are complying with all of the different laws and regulations and things we live under in the federal government. But to that end, and when you go to a COCO model, whether there are 30 e-mail servers or 1 e-mail server, that's really an investment decision on the part of the service provider and not so much on the part of government.

I would suspect that what they would tell you, and you can certainly see the trends in industry, that virtualization, consolidation, making the footprint smaller, and using more advanced management technology is definitely the way the operators are choosing to go. It requires less salary and ultimately it reduces the complexity. So I would say absolutely, I would expect to see vendor partners continue to take advantage of technology improvements and advancements, and it certainly would reduce the complexity over time to have fewer devices rather than more.

Mr. Morales: So as we talked about earlier, you know, migrating to the COCO model really helps begin to alleviate, from the government's perspective, a lot of these concerns?

Mr. Vajda: Yeah, and I think that's absolutely key for CIOs. When you really start focusing on problem-solving, it's not an issue of technology problem-solving, it's an issue of business problem-solving. And I had a good opportunity to chat with peers about this the other day, and it was raised that CIOs who approach the job with purely a technology problem-solving view will end up being the directors of information resource management. And if there's a technical problem, they'll be the ones getting the call in the middle of the night to make sure that the list servers are up and running, for example, and that the firewalls are operating like they're supposed to be.

But to be a chief information officer really means to be a business problem-solver. And if you want a seat at the table, whether you're working with an agency or whether you're working with a secretary, you'll get a chance to sit at the table by virtue of your contribution, not by virtue of your title. And I think fundamentally, that's what it's all about.

Mr. Morales: Good perspective.

What steps has the U.S. Department of Education taken to strengthen its IT security? We will ask Bill Vajda, chief information officer at the U.S. Department of Education, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Bill Vajda, chief information officer at the U.S. Department of Education.

Also joining us in our conversation from IBM is Paul Kayatta.

Bill, the E-Government Initiative is a critical component of the President's Management Agenda, and it seeks to improve and expand services to citizens, businesses, and agencies alike. Could you tell us about your department's efforts in this area, and what do you see as some of the challenges faced in this area, and what remains to be done?

Mr. Vajda: Well, this, of course, is a presidential initiative, so for the basic information, I recommend everybody go visit www.whitehouse.gov. A portion of that website's maintained by OMB, but I'm certain if you Google it, you'll be able to find it right away. It's a number of different initiatives overall that really speak to government-to-citizen, government-to-business, and government-to-government type of transactions.

We're very honored within the Department of Education to have been asked to be a managing partner for one of the lines of business called the Budget Formulation and Execution Line of Business. The focus of that is to build a budget of the future by promoting information sharing across government agency budget offices and building a budget community of practice. With this collaboration, the budget community can start to identify best practices for all aspects of budget formulation and execution. So the Budget Formulation and Execution Line of Business is striving to find solutions that are going to link budget formulation, execution, planning, performance, and financial information to arrive at the best performance outcomes for any department or agency. So areas of particular interest here include technology, of course, budget-performance integration, data collection and tracking, and financial management and integration, of course, with things like human capital.

Mr. Morales: Great. Now, earlier, Bill, we talked a little bit about some of the security issues that come with IT. Could you elaborate a bit more on your efforts around things such as encryption of data? And specifically, could you elaborate on your defense in-depth strategy, and how it strengthens the protection of personal identifiable information?

Mr. Vajda: Well, let me speak in a broad sense. Of course, information security is not something generally you broadcast out over through a radio interview. I'm certain you'll understand. But, of course, we're working in accordance with all of the guidance that's been put out through various different government organizations, defined by FSMA as well as the memoranda from the Office of Management and Budget, that really outlined requirements for protecting mobile devices, implementing two factor identification, implementing simple things like timeout functions on workstations and mobile devices, and making sure that we're maintaining all of our log data, and analyzing it appropriately to make sure that the only activity that's going on in our networks is authorized and appropriate.

Now, in addition to that, along with the investment in this operational capability we were talking about earlier, we've gone ahead and partnered with the Department of Homeland Security, with the US-CERT, to implement a managed security services program using their model. And we awarded that contract in the fall as well, and we're in the processing of implementing it and making it fully operational again, pretty much according to plan, along with the expectations we had.

In addition to those two capabilities, we've also partnered with the US-CERT to implement capabilities like Einstein, which is really a federal government-wide tripwire that we use to supplement and augment the other layers of our defensive strategy. When you take the basic infrastructure and the kind of oversight we're providing, we feel pretty comfortable that we're doing the things we need to do to ensure our data security and our assets security. Along with that, of course, we're actively reaching out to every user, every person who's participating in our domain, to make sure that they're aware of their responsibilities and that they're handling information right down to the desk level appropriately and accordingly with law.

Mr. Kayatta: Speaking of getting down to the people aspect, have you taken specific steps to help create or cultivate a culture of accountability and protection of sensitive data to ensure that there are improvements in addressing any possible security weaknesses?

Mr. Vajda: Absolutely. And we're very fortunate in our department to have strong partners in this regard. We are bifurcated, unlike a number of different departments. We've chosen to use our Office of Management to serve as our FOIA office, our records management office, and to house our chief privacy officer. And so we actually have at least two different staffs that focus on this on a daily basis, making sure we're doing things right, focusing not only on policy and procedures, but on training issues, on establishing the kind of criteria for labeling and marketing data, handling it appropriately, and making sure that it's integrated with our information systems oversight, with our information security oversight, so that in the unfortunate circumstances where things don't go according to plan, that it's being reported appropriately as required by the Office of Management and Budget and the US-CERT.

Mr. Morales: Now, we talk with many of our guests about collaborating with industry. And we're talked already a little bit about that this morning. But perhaps you could elaborate on what kinds of partnerships you are developing to improve the operations and the outcomes within education. And what are the areas that you would like to enhance or expand from a public-private collaboration perspective?

Mr. Vajda: Well, we've chatted a lot about it this morning, about how it's critically important to reach out and build those relationships within an organization. And we've been actively focused within the last year and a half on doing that with all the partners we chatted about before. Some of those partners actively work with other constituencies outside the Department. And so what we're really trying to do is establish a regime where we've got the most efficient dialogue and collaboration going on as possible. For program area-specific information, clearly we've stepped up a number of different organizational structures to deal with that, and those are available for anybody who might be interested, again, at the www.ed.gov website.

For those things that are specific to the OCIO, really what we've tried to do is not only reach out through our contracting partnerships, but reach out through other organizations and make ourselves available for interviews like this where we can get the word out, but really working through the Federal CIO Council, the American Council for Technology, working with folks like FCIA, like ITAA, like a firm -- a number of different organizations to make sure that the problems that we have, that we'd like to leverage the broader set of minds available who might have some very valuable ideas about what type of solutions might be available, that they've got access to us and that we've got access to them.

Mr. Kayatta: As a CIO, a big portion of your job is to put in place policies, cultural change strategies, and educational outreach to help staff recognize that they are part of a broader enterprise. To that end, do you encounter any pushback along the way in that responsibility?

Mr. Vajda: Probably no more so than anybody else does. The nice thing about having a lot of different people involved in a lot of different partnerships is you either completely succeed together or you all fail together. And I would expect, and I know for a fact from chatting with my peers, that pushback generally doesn't come typically at an organizational level. Pushback usually comes when you change the rules or you change a procedure at a desk level. And so the biggest, most important thing that you have in dealing with pushback is the responsibility to communicate why.

And what I found over time, and certainly the feedback I get, no matter whether you're within industry or government in these partnerships, is when you set an expectation, as long as people understand and know what it is they're driving for, whatever pushback you do get is absolutely legitimate, empirical data on whether or not you've chosen the right path or if you've considered everything that needs to be done. And if you can answer that question in a way that everybody understands, the pushback goes away. And if you can't, then it gives you fertile opportunity to go back and see if you've made the right choices and if you're following the right kind of path.

Mr. Morales: Bill, perhaps drawing from your broad set of experiences, could you tell us how federal managers can effectively manage an ever-increasing blended workforce that's composed of both government and contractors? And what are some of the key differences intrinsic to managing these two groups?

Mr. Vajda: Well, I think it depends on the nature of the relationship. You know, we were talking about GOCO and COCO. There are lots of other different types of relationships. It really, I would say, is more of an acquisition issue than a management issue. Because Robert Frost at one point had said good fences make good neighbors. Understanding what those fences are under a time-and-material type of contract versus a fixed-price contract sound kind of arcane, I know, probably to our radio listeners now, but are fundamental to the management strategy you take.

If you're responsible for managing a group of people, whether they're government or contractor, and you're doing it on a time-and-material type of a basis, then you really need to know what people are doing with their time. And the focus and the outcome are all based on time. If you work on something like a fixed-price basis, a service basis, a performance basis, then you're really looking at the outcome. And whether a vendor spends 1,000 man hours to accomplish a result with an army of people or whether they spend 3 hours to accomplish a result and they leverage heavily technology, how time factors into the equation really isn't as important as the outcome. And so if you're managing a blended workforce, probably the biggest challenge first is to understand those fences, and what the requirements are for management to comply and to be a good neighbor.

The temptation is, I know, when you have people available and you've got a lot of problems, to reach out and touch the first person who's available who you think can help. But when you're working with people who are fundamentally given the opportunity to solve problems however they see fit, it puts you in an awkward and challenging position. So I would say, while it depends, I think the biggest challenge is kind of contrary to one that people would expect, that it's really not managing people that becomes the biggest challenge in managing outcomes that really creates the new focus.

Mr. Morales: Now, I've been reading a lot about some of the new social networking ideas and technologies. And certainly these technologies are redefining the relationships that citizens have with their government, whether it be at a federal level or at a state and local level. So to that end, what is this thing that we're hearing about called "Web 2.0?" And more importantly, what does this mean for the federal government, and how does it enable what has come to be known as "Government 2.0?"

Mr. Vajda: That's a long and interesting question. And I guess first for our listeners, Web 2.0, per se, was coined by a gentleman named Tim O'Reilly back in September 2005, kind of discussing a paradigm shift for the way people were using the web. And folks who've been associated with this for a long time make lots of interesting distinctions. They all have a lot of different opinions. And for me at least, to sum it up, I guess, in a bounded way, you're looking at a set of technology, things like blogs or wikis or other types of collaboration tools that folks are using, as kind of the underpinning for a whole new way people are communicating and working together. So when you look at things like Web 2.0, what you're really seeing is a shift from kind of this Dewey Decimal System approach to using the Internet to one where people are using it for more complex functions to do their work and to do their jobs.

And when you look at that in a broader sense, and you take into account factors like the demographics of the United States and what's going on with baby boomers and what's going on with their children and the generation between them, and you look at the way people in all of that are progressing through their lives, what you're seeing is really the leading edge of a phenomenon that I think is going to define the way government interacts with its citizens and with the rest of society in the future. There are a lot of different things specific to that that we still haven't worked out yet. There are a lot of interesting technology challenges. There are a lot of interesting things that really cut in a broad-based way across a lot of different areas that CIOs focus on today, whether it's with architecture integration, HR strategy, privacy, all kinds of different impacts across the board. But really at its core what it speaks to is the way people are going to communicate with each other. And technology will facilitate any and all of that, but again, you can have the most secure, most capable wikis and collaboration tools and blogs and everything else, but it's ultimately up to the people to decide how and what they want to use those tools to chat about.<>/p

And in that regard, there's been a tremendous focus now within the CIO Council, within the CIO community, about what this means in terms of our outreach as a government to our constituents. And a lot of the people who use these tools today are younger adults, are teenagers, are folks who are really coming into the first experiences, both with the responsibilities of adulthood as well as with the responsibilities of being a member of our society. And we're running into a lot of really interesting generational issues in the way we're trying to anticipate and provide for these type of capabilities as we move forward. But there's a tremendous amount of work yet to be done.

Within the Federal CIO Council, the Best Practice Committee has kind of been chosen as the lead to drive through some of this, obviously in full partnership with the other committees on the council. But really, to try to get out in front of what this means, how we can start taking steps today to prepare for this, and how we can get under a broader strategy that reconciles using these capabilities as we move forward to give people the broadest, most rich experience with government.

There have been a number of interesting things that folks have done in this area. Molly O'Neill, who's my colleague over at EPA, recently ran an exercise associated with a policy issue at Puget Sound, and engaged a broad community of people with interests in that area as a community of practice to try to solve this problem using these tools. It's been done in a number of different organizations. CDC has done this. The intelligence community has taken this on. And we're really starting to see the first fruits and `benefits of using these tools to do business. The key is really going to be as we expand out to make sure that we're doing it in the most secure way and the most scalable way, and in the one that permits as much functionality as possible for the citizens.

Some of these things, of course, tie back directly to things like what I'm interested in. We have an office under education called the Office of Educational Technology that's run by a gentleman named Tim Magner, who's our director there. He's running something called "School 2.0," and it really focuses on how we're preparing our future workforce and our school systems to address the challenges of education in the 21st century. And it's an absolutely fascinating dialogue that I know has great meaning for everybody in the country. And I'd recommend, if you get a chance, you visit the website and see what he has to say.

Mr. Morales: Great.

What does the future hold for the U.S. Department of Education? We will ask Bill Vajda, chief information officer at the U.S. Department of Education, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Bill Vajda, chief information officer at the U.S. Department of Education.

Also joining us in our conversation from IBM is Paul Kayatta.

Bill, given the ubiquitous presence of information technology in mission and program delivery, how has this role of the CIO evolved?

Mr. Vajda: That's an interesting question. And I would contend that it's not just in mission and program delivery, it's really more or less in everything we do, both in our personal lives and our professional lives. As technology becomes more ubiquitous, you have to worry about it less. Obviously somebody has to worry about it, keep the lights on and things like that, but it allows you to focus more on not so much the technology itself as what you're using it for.

And the role of the CIO traditionally has been one where you're the person who's worrying about the technology. But when you get to a point like we've been discussing today, where you've got partnerships with different people, whether they're industrial partners, whether they're other government agencies, whether they're nonprofits, whatever it might be -- to provide different parts of that technology support for you, you start worrying a lot less about technology and you start worrying a whole lot more about how you can get a cost-effective, high-performance outcome in support of your organization's mission. You really move from being a director of information resource management, which implies you're the guy like the Maytag repairman who gets the call when something's broken --

Mr. Morales: Sort of the utility model.

Mr. Vajda: Right, to one where you're the chief strategist, where really your job is to be another smart person in the room who's trying to figure out how to use technology to solve a real business problem. And thankfully, that's a far more interesting challenge to base a career on than being the person who has to worry about what the next technology upgrade needs to look like.

Mr. Kayatta: Bill, you spoke earlier about the CIO Council. You are the co-chair of the Council's Best Practices Committee. Could you elaborate on the purpose of the CIO Council as well as the committee you co-chair?

Mr. Vajda: Sure. The Chief Information Officers Council is the principal interagency forum to assist federal CIOs in realizing their mandates to ensure the rapid and effective implementation of information management and information technology solutions. We do this -- we have the Council obviously to promote dialogue that allows us to create a more results-oriented, efficient, and citizen-centered federal government. So the CIO Council works to improve agency practices related to the acquisition, modernization, use, sharing, and performance of federal government information resources.

Within the Best Practices Committee, I personally like to say this is really more of a Promising Practices Committee. It's our charge not only to really kind of lead the standard for where things are working well and propagating the dissemination of that information, but really to try to focus on things that are coming down the pipe that we know are going to be significant, we know that they're going to have impacts across a broad area of responsibility within organizations, and to try to start leading the policy and the practice debate around how we might better implement those promising practices within the federal government IT domain.

Mr. Morales: So that's sort of a good segue to my next question in transitioning to the future. Can you give us a sense of some of the key issues that will affect the CIOs government-wide over the next couple years? And given this perspective, what emerging technologies hold the most promise for improving federal IT?

Mr. Vajda: Well, I think probably the biggest impacts over the next several years aren't going to be technology-related, because we've been discussing technologies in a constant state of change. I think the biggest challenges are going to be who's going to be running it? Who's going to be managing the shops? Who's going to be the people that you call when you need support in that area?

A lot has been said, and within the CIO Council, Janet Barnes, our co-chair on the federal workforce issues, the IT workforce issues, has devoted years of study to try to figure out how to solve that particular issue. And the good news is government continues to be a wonderful place to work, a very interesting challenge for folks who are passionate about delivering service to our citizens. And technology continues to become more efficient, more adaptive, and we've never had more tools available to us to be able to provide that type of leadership and management of IT resources in the federal government.

I would suspect probably the most challenging issue of all will be how are we going to get enough people in the door with the right sets of skills to provide continuity to what we have today while the baby boom generation is getting ready to walk out the door. They've all come to the end of a very full and successful career as a generational group. And unfortunately, the group behind them is smaller. There's not a technology solution that's going to be able to account for all of that collective energy. So I would say making sure that we're preparing the next generation to step into our shoes is probably the biggest challenge we've got to solve.

Mr. Kayatta: Your department is in a rather unique position in that it has one of the largest budgets in terms of dollars, but yet it is one of the smallest in terms of the number of people. You just mentioned the issue about people. What specific challenges do you think you might be facing, and what steps are being taken to attract and maintain a high-quality technical and professional workforce?

Mr. Vajda: Well, again, we have the third largest appropriation in government at about $70 billion. We have a very small operational budget, though. It should absolutely be noted that most of that money is provided back out to people in the form of student loans and grants, different investments we're obviously making, and ensuring that we've got very high-level quality in our educational system within the United States. And in order to support that, of course, what we're trying to do is partner with OPM, partner through the CIO Council with the IT workforce to take advantage of every flexibility Congress has allowed us to go out and find people who are going to be able to stand up to our requirements.

And we've been very fortunate. Education is a key issue on the minds of most citizens in the United States. And we've got no shortage of people who are interested in pursuing education and working in the Department as a career.

We are providing all of the incentives available through OPM. You'll see a lot of different things like performance incentives, bonuses, tuition reimbursements. They offer a lot of support through their website, www.opm.gov, for people who might be seeking federal careers in IT, not just in our department, but in other departments. And I recommend people go and visit the USAJOBS website.

Along with that, there are a number of interesting ways we're trying to reach out earlier in people's careers, whether it's through high school internships, college internships, even journeyman-level kind of opportunities to work in an exchange-like program with industry, to get people involved, get people aware of the type of things that we offer and the type of opportunities for building a career maybe like I've taken advantage of in the past.

So we're doing a number of different things. And I absolutely expect, if you ask me to come back in a year or so, I'll be able to report we've accomplished everything that we're looking to accomplish.

Mr. Morales: That's great, Bill, and we'll certainly do that. So as we take a look at the future and as we talk about the current and future generations, what advice could you give to someone who is perhaps out there and maybe considering a career in public service, say, specifically in federal government?

Mr. Vajda: I would offer, and it would be exclusively my view, that you need to follow your heart and you need to do things that you're passionate about. And public service in the future is going to look quite a bit different from the way public service has looked in the past. I know from my time, I have felt as equally proud of my contribution whether I was working in the public sector on the industry side as I was when I was working on the government side. And I know every contribution that people are making, no matter where they happen to sit, is helping move the country forward in the direction that we want to go.

I would say, particular to public service, Ovid 2,000 years ago looked at it as a virtue. And I've had the good fortune to work around a number of people who feel very passionately about what government does. I think we as citizens undervalue what a glorious achievement we've got in our Constitution and in our government. And any opportunity that you have to contribute to something like that, to be part of that proud history, is something that should be greatly respected and honored. And I think you'll find, certainly in the Washington area, if not a broader sense in the country today, there are a lot of patriots who are willing to step up and do the things that need to be done. And if you're that type of person, the federal government is absolutely the right place for you.

And to the extent that there's lots of information available about opportunities, if you visit some of the websites we've been talking about, whether they're with the -- my department in particular or through OPM or at the White House, and learn about what the President's initiatives are, learn about specific policy initiatives and find a way that because of your interests you can contribute, it is absolutely the best place to be.

Mr. Morales: That's fantastic advice, Bill. Thank you.

I want to thank you for fitting us into your busy schedule. But more importantly, Paul and I would like to thank you for your dedicated service to our country, given the various leadership roles that you've had within the federal government.

Mr. Vajda: Thank you very kindly. And again, for all that's been said, it's not just me, I've had the extraordinary good fortune in my career of working with a lot of great people. I find myself in their company again certainly in this position. There are a lot of dedicated people at OMB. There are a lot of dedicated people at the Federal CIO Council, at the Department of Education, across government that allow me the opportunity to help try to solve these problems and to make sure that we're implementing the best things we can for the citizens of the United States. And I like to think I'm just maybe the pointy edge of a much bigger spear of dedicated, passionate people who are out there to get the job done every day.

Mr. Morales: That's great. Thank you.

This has been The Business of Government Hour, featuring a conversation with Bill Vajda, chief information officer at the U.S. Department of Education. My co-host has been Paul Kayatta, partner in IBM's general government practice.

As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who may not be able to hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.

For The Business of Government Hour, I'm Albert Morales. Thank you for listening.

Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m., and visit us on the web at businessofgovernment.org. There, you can learn more about our programs and get a transcript of today's conversation.

Until next week, it's businessofgovernment.org.

The Back Office

Tuesday, November 20th, 2007 - 18:08
The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

2479 recommendations
The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

1344 recommendations