Full Report (PDF)
Total Page:16
File Type:pdf, Size:1020Kb
Information Technology: The State Needs to Improve the Leadership and Management of Its Information Technology Efforts June 2001 BUREAU OF STATE AUDITS 2000-118 California State Auditor The first five copies of each California State Auditor report are free. Additional copies are $3 each, payable by check or money order. You can obtain reports by contacting the Bureau of State Audits at the following address: California State Auditor Bureau of State Audits 555 Capitol Mall, Suite 300 Sacramento, California 95814 (916) 445-0255 or TDD (916) 445-0255 x 216 OR This report may also be available on the World Wide Web http://www.bsa.ca.gov/bsa/ Alternate format reports available upon request. Permission is granted to reproduce reports. CALIFORNIA STATE AUDITOR ELAINE M. HOWLE STEVEN M. HENDRICKSON STATE AUDITOR CHIEF DEPUTY STATE AUDITOR June 27, 2001 2000-118 The Governor of California President pro Tempore of the Senate Speaker of the Assembly State Capitol Sacramento, California 95814 Dear Governor and Legislative Leaders: As requested by the Joint Legislative Audit Committee, the Bureau of State Audits presents its audit report concerning the State’s management of information technology (IT). This report concludes that the Department of Information Technology (DOIT), which is responsible for overseeing the State’s efforts to plan, develop, and manage IT, needs to provide stronger leadership and guidance to departments as they develop new IT projects. Additionally, DOIT has not sufficiently addressed other responsibilities such as completing a statewide inventory of projects to assist in the coordination of similar IT efforts and to enhance its oversight, releasing technical standards that establish common rules for IT projects, and consistently using state-mandated advisory councils to provide input on its operations. Although DOIT is implementing a new strategic vision for overseeing departments’ IT efforts, it is too early to assess the value that its new processes will add. While DOIT is responsible for overseeing the State’s IT efforts, departments are primarily responsible for planning, developing, and ensuring the quality of their respective IT projects. However, our review of four major projects revealed that departments are not always using best practices to manage such projects. The four IT projects we reviewed experienced varying degrees of cost overruns and delays; however, two of these projects, managed by the Department of Transportation and the Department of Health Services, had significant project management problems. Respectfully submitted, ELAINE M. HOWLE State Auditor BUREAU OF STATE AUDITS 555 Capitol Mall, Suite 300, Sacramento, California 95814 Telephone: (916) 445-0255 Fax: (916) 327-0019 CONTENTS Summary 1 Introduction 5 Chapter 1 DOIT Needs to Provide Stronger Leadership Over Departments’ Information Technology Efforts 15 Recommendations 32 Chapter 2 Some State Departments Are Not Managing Their Information Technology Efforts According to Best Practices 35 Recommendations 50 Chapter 3 DOIT Has Not Fully Satisfied Its Other Responsibilities 53 Recommendations 66 Appendix A Evaluation of Departments’ Project Management of Selected Information Technology Projects 69 Appendix B Major Completed and In-Development Information Technology Projects 73 Responses to the Audit Department of Information Technology 97 California State Auditor’s Comments on the Response From the Department of Information Technology 141 Business, Transportation and Housing Agency 149 Department of Transportation Health and Human Services Agency 155 Department of Health Services Employment Development Department State and Consumer Services Agency 167 Franchise Tax Board SUMMARY RESULTS IN BRIEF he State has a significant investment in information technology (IT)––more than an estimated $2 billion Audit Highlights . Tannually––and in the past has experienced several major Our review of the State’s failures in planned IT systems. When it passed legislation that leadership and management resulted in the creation of the Department of Information Tech- of its information technology nology (DOIT) in 1996, the Legislature envisioned that DOIT (IT) projects revealed the following: would provide the leadership, guidance, and oversight needed to protect the State’s investment in IT. Although DOIT is developing þ The Department of new processes to meet its responsibilities, it has not consistently Information Technology delivered what it has been asked to do by the Legislature. (DOIT), which is responsible for overseeing the State’s efforts to plan, The State needs strong leadership from DOIT to ensure that develop, and evaluate IT, departments develop IT systems effectively. However, DOIT is needs to provide stronger not consistently ensuring that departments plan their IT efforts leadership and guidance carefully. Planning is crucial to the proper development of IT to state departments. projects. State law requires DOIT to develop a statewide IT plan þ Four major projects we to outline the vision and direction of the State’s IT efforts, but it reviewed experienced has not updated its 1997 plan to address pressing issues and varying degrees of cost include current measurable objectives. Additionally, the state- overruns and delays, but two of these projects had wide plan does not include priorities to ensure that the most significant project important projects are considered first. Further, DOIT has not management problems. sufficiently reviewed the strategic plans of departments’ IT þ DOIT has not sufficiently projects. DOIT could increase the level of leadership and guid- met other responsibilities, ance it provides to increase the probability of success for the such as completing a State’s IT efforts. statewide inventory of projects, releasing key standards that establish DOIT is also responsible for the review and approval of the common rules for projects, proposed IT projects of departments. However, DOIT cannot and using state-mandated demonstrate that it has consistently and sufficiently performed advisory councils consistently. project reviews or that it considers all risks before departments develop their projects. In its oversight role for IT projects in The State has more than 2,500 development, DOIT requires departments to report their completed and in-development IT projects of which 235 had progress and, in some cases, requires departments to hire development costs greater than independent consultants to oversee projects. However, we $1 million. As such, the State found that DOIT does not always use these reports effectively, needs strong leadership to nor does it request the detail necessary to properly monitor ensure departments develop IT systems effectively. projects. DOIT has launched several programs for overseeing projects from planning through evaluation that may address these issues, but it has yet to fully implement these programs. 1 Although DOIT is responsible for overseeing departments’ IT efforts, departments are primarily responsible for planning, developing, and ensuring the quality of their IT projects. When we reviewed four major IT projects recently under development, we found that two projects had significant management problems. The Department of Transportation (Caltrans) undertook a major project to redesign how it collects and accounts for toll bridge charges without first establishing a supportable justification for the redesign. This particular project, which started in 1993, is about five years behind schedule and is expected to cost $28 million more than originally estimated. The Department of Health Services (Health Services) has been enhancing a management system for cases involving children from low-income families and individuals who have certain genetic diseases but is currently rethinking the technical direction of this project. Meanwhile, the project is expected to cost more than $10 million, almost double the original estimated cost of $5.6 million. The projects at the Employment Development Department and Franchise Tax Board were generally better managed but still experienced some cost overruns and delays. In addition, DOIT has not consistently fulfilled other responsibilities intended to improve the State’s management of IT projects. One area of particular concern is that DOIT lacks a mechanism to consistently assist departments in identifying and coordinating similar IT projects. Further, state law requires DOIT to maintain an inventory of IT projects, which could improve coordination and oversight, but it has not continuously maintained such an inventory and has only recently surveyed departments to collect sufficient information. In addition, DOIT has only recently prepared drafts of several key standards that establish common rules for IT projects, and has not yet begun to develop other standards. Also, DOIT has not consistently used two state-mandated councils established to provide advice on its activities. DOIT’s lack of progress on these requirements and on some past initiatives could lessen its credibility. Further, DOIT’s lack of an internal strategic plan to prioritize its use of resources while facing the turnover of key managers and other challenges has contributed to DOIT not making more progress in meeting its statutory responsibilities. 2 RECOMMENDATIONS To provide strategic guidance for IT activities, DOIT, in conjunc- tion with others, should update the statewide plan to address pressing IT concerns, priorities, and measurable objectives. DOIT should then ensure that it reviews