Report 94022 Summary - December 1994
The State Needs To Reengineer Its Management of Information Technology
Results in Brief
The State's use of information technology has increased steadily over the years and now must be considered one of the State's most critical investments. The State currently spends an estimated $1.3 billion annually on information technology. The Office of Information Technology (OIT) within the Department of Finance is the office that has overall responsibility for the State's information technology investment.
The State's current model for managing statewide information technology does not work. The OIT has not provided the statewide leadership and coordination for information technology as intended by the 1983 legislation that established the office. Additionally, the OIT's oversight of information technology projects is limited and does not ensure that state departments implement projects successfully. Specifically, we noted the following:
- The OIT has been ineffective in its role of providing statewide leadership. Statewide leadership, which includes coordination activities, is critical as California significantly expands its investment and reliance on information technology. The OIT has not provided sufficient guidance for the State's decentralized information technology environment, it has provided only limited assistance in designing and implementing information technology projects, and it has provided limited leadership for personnel and training matters. Additionally, the OIT has failed to effectively coordinate multi-agency projects and data center activities and is not currently ensuring that the State's information technology community is involved in developing policy.
These problems have occurred because the OIT has narrowly interpreted its enabling legislation in such a way that it effectively limited its authority over information technology matters. Additionally, the OIT's resources have not kept pace with the growth in the State's information technology, and the OIT has chosen to focus these limited resources on budgetary oversight rather than statewide leadership.
- The OIT's oversight of projects is limited to reviewing documents that it requires departments sponsoring the projects to submit. However, the OIT does not verify the accuracy of the information in the reports it receives. Additionally, the scope of the OIT's document review is limited. It views itself as an "investment committee" to ensure that proposed projects are reasonable investments of public funds. The OIT does not do an in-depth technical review of a project's viability, nor does it assess the individual qualifications of key staff members assigned to projects to ensure that they have the appropriate skills and experience for the particular project. Further, the OIT does not ensure that departments adhere to the conditions it believes are essential to the success of projects. It has further limited its review by relying on an exception reporting system as the primary mechanism for the ongoing oversight. Finally, the OIT is most effective before the funding for the project is approved. Once a project is underway, and problems begin to surface, it is difficult for the OIT to successfully intervene on the project.
The State's Information Technology Program Needs To Be Reengineered
Because of these deficiencies, the State must reengineer the entire statewide information technology program to ensure that the State's interests and assets are protected and used to their maximum potential. To initiate the reengineering process, the State should establish a statewide chief information officer (CIO) position. The CIO should serve as a member of the governor's cabinet and head a new statewide information resources office.
The CIO and the information resources office should be given the powers, duties, and responsibilities to develop and implement a statewide plan for information technology. They should provide leadership and guidance to departments, manage and coordinate statewide resources, and monitor and oversee projects based on a risk assessment. In addition, the State should reevaluate the commitment of resources for managing its information technology. Finally, the State will need to address the statutory changes necessary to complete the reengineering process, and the proposed CIO will need to implement appropriate procedural changes.
In its response, the Department of Finance (DOF) states that there are many issues throughout the audit report with which it agrees. However, the DOF also responds that it has a number of fundamental, philosophical differences with us on how to manage information technology in the State as well as a few specific disagreements. In particular, the DOF is concerned about the balance between centralized versus decentralized control of information technology projects.
Although the DOF believes that it is now appropriate to reconsider how the State manages its computer and telecommunications technologies, it also believes that the OIT has met its assigned responsibilities and made substantial contributions to the State's successes in using information technology. Our comments follow the response from the DOF.
Blank page inserted for reproduction purposes only.