Report 2014-116 Recommendation 11 Responses

Report 2014-116: California Department of Consumer Affairs' BreEZe System: Inadequate Planning and Oversight Led to Implementation at Far Fewer Regulatory Entities at a Significantly Higher Cost (Release Date: February 2015)

Recommendation #11 To: Technology, California Department of

To ensure that IT projects have the oversight needed to better position them for success, CalTech should require state departments to follow its IT policies, including developing all necessary plans and receiving all required training.

Annual Follow-Up Agency Response From November 2017

Statewide Information Management Manual (SIMM) 45 updated for departments to follow CDT policies.

California State Auditor's Assessment of Annual Follow-Up Status: Fully Implemented

Annual Follow-Up Agency Response From October 2016

California Project Management Framework (CA-PMF) was published in May 2016. See TL 16-04. The CA-PMF offers guidance and insight on project management methods and approach (through the use of resources, tools, and templates), as well as narratives detailing the justifications for why specific activities should be performed. The CA-PMF is designed to be scalable to accommodate the various needs of projects.

Prior to completion of the CA-PMF, California Department of Technology (CDT) decided to separate policy mandates from project management guidance. In particular, CDT determined that the priority for policy mandates should be on reportable IT projects. As a result, CDT modified the IT Project Oversight Framework - SIMM 45 in July 2016 to include the oversight related components previously published in the CA-PMM.

These are:

- Project Management Risk Assessment

- Project Complexity Assessment

- Project Status Reports

- Independent Project Oversight Reports

Information Technology Project Oversight Division (ITPOD) has drafted an escalation process to raise awareness and foster appropriate actions concerning significant risks and issues to increasingly higher levels of CDT leadership. ITPOD has also drafted a Corrective Action Plan framework to notify departments that remediation is required. ITPOD intends to incorporate both of these processes to the IT Project Oversight Framework after state entities are provided with the opportunity to ask questions or provide comments - anticipated to be completed by December 2016.

California State Auditor's Assessment of Annual Follow-Up Status: Not Fully Implemented

1-Year Agency Response

Work on revisions to the (CA-PMM) is underway with implementation anticipated in July 2016. The new version will be re-named to: California Project Management Framework (CA-PMF). Release of the new CA-PMF will include the a policy clarification that departments must follow the CA-PMF or another documented methodology based on PMBOK (Project Management Institute Project Management Body of Knowledge). CA-PMM was written as a set of guidelines - not requirements.

ITPOD will document deficiencies concerning compliance with IT policies and when these are not remediated within a reasonable period of time, ITPOD will use an escalation process to bring greater attention to the resulting risks and issues to increasingly higher levels of leadership. Updates to the ITPOD Project Oversight Escalation process are under review, and implementation is expected March 2016.

California State Auditor's Assessment of 1-Year Status: Pending

6-Month Agency Response

Work on CA-PMM is underway with implementation anticipated in July 2016. Updates to the Project Oversight Escalation process are in development and implementation is planned for September 2015.

California State Auditor's Assessment of 6-Month Status: Pending

60-Day Agency Response

60-Day Update:

CalTech is undertaking a project to update and enhance the CA-PMM. This will provide the opportunity to strengthen the direction given to state entities concerning the Department's IT policies. At the same time, ITPOC is enhancing and updating the Project Oversight Escalation process to ensure that ITPOC management is apprised of project compliance deficiencies and so that the recommendation for remediation action are developed.

California State Auditor's Assessment of 60-Day Status: Pending

All Recommendations in 2014-116

Agency responses received are posted verbatim.