Q

The Clinger-Cohen Act and enterprise risk management

The Clinger-Cohen Act (CCA) is Congress's legislative response to overseeing enterprise risk management. Should non-governmental businesses voluntarily adopt the Clinger-Cohen Act?

Can you outline some government legislation that has put an added emphasis on enterprise risk management?

One significant piece of enterprise risk management legislation is the Clinger-Cohen Act (CCA), which was passed

in early 1996. The Clinger-Cohen Act encompasses both the Information Technology Management Reform Act and the Federal Acquisition Reform Act. As the Federal government relied more and more on Information Technology and systems, Congress deemed it necessary to impose more oversight on the enterprise risk management of IT.

The Clinger-Cohen Act was enacted as a response to a report released by U.S. Senator William S. Cohen of Maine in 1994 called "Computer Chaos: Billions Wasted Buying Federal Computer Systems." This report outlined the many ways that government squanders taxpayer funds on outmoded and unwanted computer equipment (Read a list of the report's recommendations).

Some of the long-standing, systematic problems that the Clinger-Cohen Act was enacted to resolve include:

  • Insufficient attention to the way business processes are conducted, and opportunities to improve these processes before investing in the IT that supports them;
  • Investments in new systems for which Agencies had not adequately planned, and which did not work as intended and did little to improve mission performance;
  • Implementation of ineffective information systems resulting in waste, fraud, and abuse; and
  • Outdated approaches to buying IT that do not adequately take into account the competitive and fast pace nature of the IT industry.

The Clinger-Cohen Act functions to streamline IT acquisitions and minimize layered approvals; it eliminates the delegation of procurement authority at the General Services Administration. Basically, each federal agency must have a CIO with clear responsibility and accountability for that agency's IT activities. Further, it mandates the CIO to ensure that all IT investments support the mission of the agency and are consistent with the agency's architecture. The Act's intent is to reduce risk and enhance manageability by encouraging an incremental, phased approach to IT projects instead of grand, sweeping projects. Indeed, it might do some good if this Act were voluntarily adopted by non-government organizations.

This was first published in January 2006

Dig deeper on Data quality techniques and best practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchAWS

SearchContentManagement

SearchOracle

SearchSAP

SearchSOA

SearchSQLServer

Close