One significant piece of enterprise risk management legislation is the Clinger-Cohen Act (CCA), which was passed in early 1996. The Clinger-Cohen Act encompasses both the Information Technology Management Reform Act and the Federal Acquisition Reform Act. As the Federal government relied more and more on Information Technology and systems, Congress deemed it necessary to impose more oversight on the enterprise risk management of IT.
The Clinger-Cohen Act was enacted as a response to a report released by U.S. Senator William S. Cohen of Maine in 1994 called "Computer Chaos: Billions Wasted Buying Federal Computer Systems." This report outlined the many ways that government squanders taxpayer funds on outmoded and unwanted computer equipment (Read a list of the report's recommendations).
Some of the long-standing, systematic problems that the Clinger-Cohen Act was enacted to resolve include:
- Insufficient attention to the way business processes are conducted, and opportunities to improve these processes before investing in the IT that supports them;
- Investments in new systems for which Agencies had not adequately planned, and which did not work as intended and did little to improve mission performance;
- Implementation of ineffective information systems resulting in waste, fraud, and abuse; and
- Outdated approaches to buying IT that do not adequately take into account the competitive and fast pace nature of the IT industry.
The Clinger-Cohen Act functions to streamline IT acquisitions and minimize layered approvals; it eliminates the delegation of procurement authority at the General Services Administration. Basically, each federal agency must have a CIO with clear responsibility and accountability for that agency's IT activities. Further, it mandates the CIO to ensure that all IT investments support the mission of the agency and are consistent with the agency's architecture. The Act's intent is to reduce risk and enhance manageability by encouraging an incremental, phased approach to IT projects instead of grand, sweeping projects. Indeed, it might do some good if this Act were voluntarily adopted by non-government organizations.
This was first published in January 2006