Problem solve Get help with specific problems with your technologies, process and projects.

The Clinger-Cohen Act and enterprise risk management

The Clinger-Cohen Act (CCA) is Congress's legislative response to overseeing enterprise risk management. Should non-governmental businesses voluntarily adopt the Clinger-Cohen Act?

Can you outline some government legislation that has put an added emphasis on enterprise risk management?

One significant piece of enterprise risk management legislation is the Clinger-Cohen Act (CCA), which was passed...

in early 1996. The Clinger-Cohen Act encompasses both the Information Technology Management Reform Act and the Federal Acquisition Reform Act. As the Federal government relied more and more on Information Technology and systems, Congress deemed it necessary to impose more oversight on the enterprise risk management of IT.

The Clinger-Cohen Act was enacted as a response to a report released by U.S. Senator William S. Cohen of Maine in 1994 called "Computer Chaos: Billions Wasted Buying Federal Computer Systems." This report outlined the many ways that government squanders taxpayer funds on outmoded and unwanted computer equipment (Read a list of the report's recommendations).

Some of the long-standing, systematic problems that the Clinger-Cohen Act was enacted to resolve include:

  • Insufficient attention to the way business processes are conducted, and opportunities to improve these processes before investing in the IT that supports them;
  • Investments in new systems for which Agencies had not adequately planned, and which did not work as intended and did little to improve mission performance;
  • Implementation of ineffective information systems resulting in waste, fraud, and abuse; and
  • Outdated approaches to buying IT that do not adequately take into account the competitive and fast pace nature of the IT industry.

The Clinger-Cohen Act functions to streamline IT acquisitions and minimize layered approvals; it eliminates the delegation of procurement authority at the General Services Administration. Basically, each federal agency must have a CIO with clear responsibility and accountability for that agency's IT activities. Further, it mandates the CIO to ensure that all IT investments support the mission of the agency and are consistent with the agency's architecture. The Act's intent is to reduce risk and enhance manageability by encouraging an incremental, phased approach to IT projects instead of grand, sweeping projects. Indeed, it might do some good if this Act were voluntarily adopted by non-government organizations.

Dig Deeper on Data quality techniques and best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.