Time for strategic up-reach—Battling the real problem with IT governance

As we enter a new year (though it feels strangely familiar to last year) it seems that there is an unfortunate recurrence of unresolved issues as to how technology is managed and governed in local government. We hear a common complaint that too many senior public managers and elected leaders simply don’t get “IT.” As we enter new waves of a never-ending pandemic—or so it seems—information technology has never been more important to the running of government operations. City and county IT leaders have expressed great frustration at the lack of understanding, let alone appreciation, of what it takes to sustain an emergency and what it takes to optimally keep operations going in both a secure and flexible manner. Never before have local governments had to transform their operations towards a mobile workforce environment. At the same time local governments have never had such a large infusion of federal dollars due to three different initiatives—CARES, ARP and the recently passed Infrastructure Bill. Billions of dollars have found their way into local government budgets. Despite all the added resources technology budgets by in large have not fared as well as had been anticipated.

It’s all too easy to ignore the need to upgrade legacy equipment and fortify cybersecurity defenses. It appears that the old mantra “if it ain’t broke, don’t fix it” still exists. All too often IT seems to be an afterthought until a crisis appears. Too many in public management view IT as an expense and not an investment. IT managers continue to be left out of key decisions regarding mission support and are brought in too often as an afterthought. It is not uncommon to hear a senior manager say, “We just received this grant opportunity and purchased this fantastic system, so here it is. Please install and maintain.” Questions such as system integrity, need for training and on-going support, and what potential risk does this new system pose by way of cyber integrity and issues of compatibility, are all too common. The current pandemic has taken a heavy toll on IT budgets, equipment and IT talent.

Some experts have stated that cyber-attacks have increased at least 50 percent last year with no let up in sight. Now is the time to invest in strengthening local government cyber posture and to help reduce risk. As I have written in earlier posts, cyber insurance has become a necessity, but it also has become far more expensive while at the same time coverage is being reduced. And to make matters worse, some insurance applications require some 11 pages of required information and merely filling them out is no guarantee that one will get the coverage they seek. Now public auditors are adding cybersecurity measures to their standard audits. They are asking questions and testing for data integrity and secure back-ups as a starting point. Even bond rating companies are adding cybersecurity to their list of criteria that will ultimately lead towards a bond rating. When you add this up, one must conclude that investing in tech may no longer be an option and that by ignoring IT may cost far more money in both the short and long term.

When it comes to IT talent and support, there is a growing concern regarding maintaining and attracting IT qualified staff. The compensation gap between the private and public sectors has only grown larger. But the pandemic has brought into focus a new dilemma—staff burnout. IT leaders have reported an unexpected exodus of early retirements or simply people leaving for other less pressure-filled positions. To make matters worse many public managers have ignored the pleas for creative ways to allow more staff to work remotely and from other states. They have resisted calls for at least granting operational and functional titles as opposed to required classifications. This small but potentially meaningful step has been identified as a strategy to help keep tech employees engaged and happier. It provides IT workers with a better sense of self-worth and meaningful identity. Too many managers are arbitrarily requiring workers to return to their offices despite the success of working remotely for nearly two years. Then there is the issue of training and certifications. It is critical for IT staff to be updated through training and development programs including certifications. Training and certifications benefit the jurisdiction and serves as another way of showing an institutions commitment (investment) towards valued staff.

Recent IT leader’s conferences and meetings have served as an echo chamber for complaints and frustrations that are shared and agonized over. Such meetings serve a strategic purpose that is likened to group therapy. But IT leaders must find ways to break out of their echo chambers and look upward.

Perhaps as we start the new year where new beginning are expected, it is a suitable time to think of ways to seek and pursue strategies aimed at having some one-to-one high-level conversations with senior management. For a lack of a better term, I have referred to this as “up-reaching.” In other words it is time to reach up and out and more aggressively and take a stand regarding IT talent, infrastructure and cybersecurity. I am promoting nothing more than civil discourse on issues of IT governance that have been simmering for some time. We must find more impactful ways to reach out to senior managers and come to a better understanding of the state of IT in city and county government. IT issues should be addressed and discussed head-on, and senior managers must better understand what is at stake and its timeliness. We have gotten to this point on sheer adrenaline and the desire to serve the public good. As the sense of “emergency” diminishes the environment that IT has operated under is no longer sustainable.

Dr. Alan R. Shark is the executive director of the CompTIA Public Technology Institute (PTI) in Washington, D.C. He is a fellow of the National Academy for Public Administration and chair of the Standing Panel on Technology Leadership. He is as associate professor for the Schar School of Policy and Government, George Mason University, and is course developer/instructor at Rutgers University Center for Government Services. Shark’s thought leadership activities include keynote speaking, blogging and a bi-weekly podcast called “Sharkbytes.” He also is the author or co-author of more than 12 books including “Technology and Public Management” and “ CIO Leadership for Cities and Counties.”