Enterpriseleadership.org sat down with Dan Mintz, the former CIO of the U.S. Dept. of Transportation, to discuss the roadblocks he had to overcome in order to bring about change in IT across the entire department. Before becoming DOT's CIO, he was director for government compliance program at Sun Microsystems.

Established in 1966, the U.S. Department of Transportation (DOT) has an annual budget of more than $70 billion and employees more than 60,000 people across the country.  Its mission is to "serve the United States by ensuring a fast, safe, efficient, accessible and convenient transportation system that meets the vital national interests and enhances the quality of life of the American people, today and into the future." Some of the agencies that comprise DOT include the Federal Aviation Administration (FAA), Federal Highway Administration, and the Federal Transit Administration.

About $3 billion of the DOT's annual budget goes to making sure that all of the DOT agencies have secure, timely, and cost-effective solutions. When Dan Mintz became head of the Office of the CIO in 2006, he found the organization concentrated too much on technical issues, He changed that focus to a business orientation, and improved the governance process by making needed changes to the investment review board. He also put mechanisms in place to rate how each agency implemented IT and security initiatives.

Enterpriseleadership.org sat down with Mintz, who left his post in 2009, to discuss the roadblocks he had to overcome in order to bring about change in IT across the entire department. Before becoming DOT's CIO, he was director for government compliance program at Sun Microsystems. Here is what he said:

He changed the organization's focus from being technical to a more business oriented and also improved the investment review board.

EL. Can you describe the IT organization's key responsibilities? How much did it allocate for IT spending?

DM. DOT has about 66,000 employees and spends about billion a year, much of which is grant money. The department spends mostly on programs. The FAA's air-traffic control spends about $2.5 billion a year on IT. I had policy impact. I had to ensure that the various requirements the government faced got done for all of that spend. My office had oversight for all of that. An appropriated budget supports the people who do oversight auditing. We ran a portion of the shared services for the department.

EL. Did you have oversight for all of the IT professionals in DOT?

DM. There was a faint dotted line to me. IT people within each of the operating administrations report directly to the CIO in charge. Program officers manage an IT spend, out of the control of those CIOs. There was a dotted line responsibility between those CIOs and me. I had policy input over the hiring of new CIOs. I participated in the performance plans and the performance reviews of the CIOs.

EL. What were the key challenges you faced in putting governance around IT investments?

DM. There were two issues. I had two responsibilities associated with the CIO function: how to transform the mission of the department, and how to optimize the use of technology. The civilian departments in the government are federated organizations. They are not a single organization. Each of the pieces of the civilian departments has its own political life separate from the middle. For example, DOT has the Federal Highways, the Federal Aviation Administration, and the Federal Railroads. All agencies of these are different. They all have their own budgets, and they eventually collect to the top. We needed a mechanism to pull together decisions that crossed all of these organizational boundaries, and to look at how to do the two responsibilities I mention. For example, how do you reduce congestion, how do you improve safety, and how do you start using more recent technology innovation? We needed a method of making decisions that supported those secretarial initiatives. These did not come naturally because they were independent organizations.

EL. Can you describe the investment review board you put in place?

DM. We needed a better mechanism to make investment decisions for what the budget did with things such as technology. We had an investment review board, which we revised on occasion to change its focus.  The investment review board consisted of the senior management of the various operating administrations. The deputy secretary chaired the committee. The goal was to look at these types of decision making.

We went to a two-layer investment review process -- one is at the department level, and the other, two individual investment review boards at the operating administration level. The latter boards fed into us. We did not have an organization that took into account this federated nature very well. This was a major part of our governance process at the management level.

EL. How did you measure the success of capital investments and capital planning?

DM. That is an on-going issue for the government to wrestle with. For example, if we did a grant program, we would have to determine if our goal was to be fast, accurate, or to make things more available. Those things might all contradict each other. Which is more important? We used ROI at least to bring some direction to the shared services part. If we consolidated the desktop support, consolidated data centers, or decided to do payroll in one place, we would use ROI to measure whether or not we saved money. Unfortunately, government cost accounting does not support that analysis very well. We did audit ROI. For consolidating desktop support, we looked at the investment. We tried to use metrics commercially. For example, we had a cost per desktop to provide support. We measured ourselves against other government departments, and we measured ourselves against industry standards. Our goal was to be competitive with that.

We got better at the output of programs. For example, if we did a grant, we needed to know how well it was received, and how accurate it was. The Office of Management & Budget (OMB), which represents the White House, puts out a quarterly rating for all the major programs. It is a red, yellow, and green rating. Everyone wants to get to green. We did that internally within our department, including smaller programs within the department. We tried to make it as objective as possible. We had numerical factors, but we provided a summary. Typically, the summary measured operational numbers, financial numbers, such as earned value management (a tool to measure whether or not we carried out the project successfully). Because of the importance of cyber security, we had many security measurements that we applied to determine how well we complied with our security controls. The National Institute of Standards generates an entire series of controls that we rated against various programs.

EL. Can you describe a couple of the capital programs that you put in place that required large investments of technology?

DM. The largest capital investment in our department included what we called the Next Generation for the FAA. The air-traffic organization managed most of that money. This investment's primary goal focuses on modernizing all aspects of the air-traffic control system. It involves both upgrading all of the systems in place at the FAA, and developing an integrating the activities of other departments involved with air activities. These other departments include the Air Force and National Oceanic Atmospheric Administration. The FAA has much work to do to improve its project management, making sure the project managers meet standards. The major focus here included using earned value management as a tool to do that kind of project.

Cyber security has been a big issue in the government, and always will be.  Historically we did cyber security oversight across the department. Each of the federated pieces of our department use to do their own security thing. We consolidated all of the cyber security activities and merged them into a single center. We gave it to the FAA to run because it is the largest, single proponent of that department. It runs under the direction of the CIO of the DOT. We created a cyber-security management center. For the first time, we had visibility into all of the systems for the entire department. We started to identify those areas where we had problems so that we could fix them.

EL. You gave a presentation that talked about collaborating more with the CFO.  How did you accomplish this?

DM. In a private company, the sales force drives the company.  The OMB functions as the federal government's equivalent to a private company's sales force. The money comes from that office. Typically, the strongest day-to-day activity associated with spending regardless of whatever legislation you have, focuses around the budget process. If you do not devote energy to improving the IT/CIO relationship, you, as a CIO, might make decisions completely disconnected from the way the budgeting process gets done. This problem exists within the larger civilian departments because they are federated. You have to pay attention between the IT staff and the budget staff. If you do not do this, you will have breakdowns in multiple locations, such as not communicating at the department level. Each of the individual components are not communicating. Decisions have no meaning.

We closed the communications gap by identifying a lead person within the CFO group and my office. Both of these people handled all of the coordination between the two departments. We adapted our calendar so that CIO activities folded more tightly into the budget cycle. We had been reviewing IT programs at the wrong time. We typically work on a budget two years ahead of time. If we did not decisions and have a discussion where we projected out two years, we would be late.  That was another one of our problems. We got agreement from OMB that nothing went out unless it had my signature. We assigned staff at local points. We integrated ourselves into the budget process. We made sure that the CFO got involved when we had IT discussions, which were also business discussions.

EL. Can you describe the CIO council?

DM. The federal CIO council consists of the CIOs of the federal departments. A member of the OMB chairs this council. At the DOT, each of the component agencies each had their own CIO. We had a DOT CIO council that met monthly to talk about issues. This structure had been around for several years. I felt that it had too much one-way communication. My office said it needed to have more communication back and forth between the operating administration CIOs and my office. Because it was a federated organization, one-way communication did not work.

I created a CIO council co-chaired by a CIO from one of the agencies. I did not run the meetings. The co-chair allowed me to talk at the meetings. That by itself might or might not survive me. I also created a cyber-security management center managed by a board of directors.  Two votes came from the FAA and two votes came from the department. I created a fifth vote from the co-chair. To make it more authoritative, we made the board a secretarially charted committee, signed off by the Secretary of Transportation. It had a different legal status. Thus, the co-chair position was not someone I knew. That person had real authority and had the fifth vote on one of the most important DOT functions. The biggest issues we had were cultural not technical. By creating that position and giving it authority and then giving it legal authority, we made that position significant.

EL. What professional organizations helped you the most to do your job better?

DM. I belonged to the Information Technology Association of America. IT helps to encourage a good relationship between government and private sector partners. Social networking and Web 2.0 will change the way the government will function. That is a big problem for the government to face. The private sector can better handle this type of organizational change. The government has difficulty changing those kinds of relationships. Organizations like this one will help in terms of that interface by actively allowing informal communications between both sectors.

Elizabeth M. Ferrarini is a technology writer from Boston, MA. Reach her at  elizabethferrarini@yahoo.com.