The Challenge of Technology Management and Local Government

Like most of today’s organizations, technology is playing are larger and larger role in local government. GMIS members know its use is increasing, in part because the public has come to assume that their local governments will provide services in the same manner in which they receive them from the private sector. The public expects to get what they want, when they want it, and that the delivery process should be easy. To the extent that government agencies do not meet their expectations, the public’s confidence in government to do its job declines.

However, the use of technology presents risks. These risks often become apparent only after a new technology is adopted, or when the routine use of certain technologies makes government so dependent upon them that new risks emerge. Government technology managers are often faced with the challenge of mitigating and managing these risks. 

A recent research project looked at how government agencies can respond and manage these risks.  It was conducted by the Bloustein Local Government Research Center at Rutgers for New Jersey’s Municipal Excess Liability Joint Insurance Fund—a self-insurance fund of almost 600 of New Jersey’s municipalities, local authorities, fire districts and other agencies.  

The study found a range of risks stemming from technology. It found that there are six interrelated categories of risk: cybersecurity, legal, operational, financial, reputational and societal. While we all know about cybersecurity breakdowns, an inadequate understanding of the other risks can also lead to technology failure. 

Neglecting to address an organization’s risks in any of these areas can have a negative financial impact on taxpayers and create reputational (and political) damage that affects the elected officials making (or failing to make) the decisions. Inattention to risks may also result in lawsuits that arise from an organization’s failure to protect its computer assets or its citizens’ personal information; responding to such litigation is both time-consuming and expensive. 

The study found that agencies can manage their risks by becoming "technologically proficient" when it comes to how they manage their technology. The report defines this term as establishing and institutionalizing the following activities:

• Governance – establishing a process for overseeing and making technology decisions that includes the governing body
• Planning – developing a three-year technology plan that is reviewed annually, approved through the governance process and tied to the annual budget
• Cyber Hygiene – making sure all employees are trained and retrained in proper cyber-hygiene practices 
• Technical Competency – ensuring that the necessary staffing, management attention and financial resources are available to execute the technology plan

The study included a survey of New Jersey local government technology practices. It found that agencies use a combination of their own full- or part-time employees and contractors to manage their technology. Generally, they do not consider the full range of risks. Many organizations have a decentralized approach to technology management; which can lead to disorganization, duplication of services and an increased risk of technology failure.

The report includes an approach to assess an organization’s technology risk maturity (a measure of risk) and create a technology profile (a way of defining its use). It also includes best practice and resource guides to help organizations achieve technological proficiency. 

Managing today’s technology requires new resources of time, attention, and money in a political environment in which those resources are limited. Nevertheless, the public insists that government meet their technological expectations without increasing their taxes. This paradox is difficult to resolve.  

Becoming technologically proficient starts at the top with the organization’s governing body. They are the ones who need to understand the risks of the technologies they use, and marshal the resources their organization needs in order to successfully manage them. Their ultimate goal should be to meet the public’s expectations for services delivered at a reasonable cost, while ensuring that all is being done to protect their personal information as well as the organization’s technology assets and reputation.