The budget proposes $8.5 million ($7.7 million from the General Fund) for support of the department's operations in 1998-99, an increase of $1.5 million, or 21 percent, over estimated current-year expenditures. Current-year expenditures include $2 million transferred from Item 9899 of the 1997-98 Budget Act for DOIT's work on the year 2000 computer conversion projects. The increase in the budget year is proposed to support 19 new positions, as well as additional external consulting services.

Department Still Needs to Develop Information Technology Policies

Budget Proposal. The proposed budget includes establishment of two positions and $437,000 for consulting services to carry out information technology planning and project initiation. This request was initially approved by the Legislature in 1997-98, but was eliminated at the end of last year's budget process as part of the Public Employees' Retirement System loan repayment decision.

Background. Last year, we reported that the department indicated it was on the verge of completing a number of tasks which must be accomplished in order for it to fulfill its statutory oversight responsibilities. Among these tasks were development of policies regarding initiation and oversight of information technology projects, disaster recovery, information security, and improved reporting to the Legislature regarding information technology projects. Since last year, DOIT has not established formal policies for most of these issues, although the department has taken informal positions on some of these matters.

Specific Project Development Policies and Procedures Needed. Currently, departments submit project proposals to DOIT for review. After reviewing and approving a project, DOIT sends a letter of approval to the department indicating the conditions under which the project has been approved. Although DOIT supports the use of project initiation and deployment standards used in the private sector, it has yet to establish formal policies on:

• Use of independent oversight to ensure the proposed system does what the state wants it to do.

• Appropriate level of project management experience necessary.

• Whether a cost- or needs-based procurement should be conducted.

• Whether the vendor should provide a letter of credit or performance bond.

• How large a project should be.

• Whether the department should request the intellectual property rights from the vendor.
• Whether a department should use DOIT's risk assessment model.

• When development of a risk mitigation plan is necessary.

As a result of not having policies, the conditions required in the letters of approval come unexpectedly. Departments must then implement DOIT's recommendations after they have already begun planning for the project. Establishing these policies in advance of departments beginning their project planning could further improve the planning phase. Although DOIT generally supports these concepts (which are often referred to in the information technology industry as "best practices"), it has not developed and distributed a statewide policy on these and many other important issues as we discuss below.

Policy on Minimal Qualifications for Project Managers Still Critical.The Supplemental Report of the 1997-98 Budget Act required DOIT to report to the Legislature quarterly, beginning in September 1997, on its progress in providing training and certification of project managers. In response, the DOIT has entered into a partnership with the University of California, Davis to develop a project management training program which has since enrolled its first class of students. Because it is a two-year effort, projects are currently underway which are being managed by personnel not necessarily experienced or knowledgeable in project management skill sets. Additionally, since the training program is completely voluntary, it is unclear how many existing state project managers plan to complete it. Consequently, the impact of this training program is likely to be limited without a policy requiring such training.

It is also important that DOIT establish a policy that identifies minimum qualifications to be a project manager. Additionally, DOIT should review the qualifications of the project managers on all major information technology projects and decide whether their skills need to be augmented with public sector managers or private sector consultants who have the necessary project management experience.

Progress Still Needed on Procurement Policy Reform. In 1994, the Governor's Task Force on Government Technology Policy and Procurement identified the procurement process as one of the major obstacles to successful deployment of major information technology projects in California. Three years have elapsed since the report was issued and California uses the same policy to procure major projects today as it did then.

In the 1997-98 Budget Act, the Legislature required DOIT, in cooperation with the Department of General Services (DGS), to develop recommendations for improving the current state contracting practices so that contract awards are needs-based, not cost-based. In vetoing the language, the Governor indicated that it was not necessary because DGS had already developed such recommendations in pending procurement reform legislation. However, DGS' reform efforts have yet to be adopted by the Legislature. More importantly though, Chapter 508, the measure that created DOIT, clearly requires DOIT to develop procurement policies for information technology. Therefore, DOIT should develop and implement procurement policies for information technology goods and services, while DGS develops procurement policy for commodities.

Department Should Adopt Policy to Make Funding Requests Understandable. The 1997-98 Budget Act directed DOIT to develop a process to better coordinate between DOIT and the Department of Finance (DOF) the approval of departmental requests for information technology project funding. In response to the legislative directive, DOIT has adopted a new process that should result in more timely approval of proposed projects.

Although the process has been improved, the quality of the information contained in the documents has not. In general, state departments advise the Legislature about information technology projects through feasibility study reports (FSRs) for proposed new projects and special project reports (SPRs) when significant changes occur to existing projects.

In many cases, the documents provided to the Legislature are difficult to understand because they are poorly prepared and do not contain important summary information. To correct at least part of this problem, Chapter 508 required that these documents contain specific summary information at the front of the document. The DOIT has yet to require this summary information from departments. In the absence of this information, it is extremely difficult and sometimes impossible to evaluate the proposal. Consistent with its enabling statute, DOIT should create a form requesting summary information for departments to transmit to DOF, DOIT, and the Legislature with each FSR and SPR.

Policy to Advise Legislature of All Major Information Technology Projects Needed. Under current state policy, departments are required to notify the Legislature whenever they transmit an FSR or SPR to DOIT for review. Although this policy results in the Legislature being notified of some major information technology projects, many are not reported because state policy allows DOIT to delegate to departments the authority to approve their own projects. As a result, these departments are not required to report projects or funding amounts to the Legislature on these projects.

Given the unresolved problems with the state's information technology infrastructure, including telecommunications and networks, we believe that the Legislature should be notified of projects that would have to be reported had the department not received delegated authority. We recommend DOIT establish a policy on notifying the Legislature when funding is requested for these information technology projects. This would provide the Legislature with more complete information on projects and funding.

Analyst's Recommendation. In summary, we recommend that the Legislature adopt budget bill language directing DOIT to develop and distribute policies, per its enabling legislation, on the following:

• When a department should hire an independent oversight vendor.
• When a department should require a letter of credit or performance bond from the vendor.
• What is an appropriate size of a project.
• When acquiring intellectual property rights is appropriate.
• When a risk assessment model should be conducted on a project.
• When a risk mitigation plan needs to be developed.
• The level of experience project managers should have.
• How to determine whether a procurement should be cost- or needs-based.

In order to ensure the enactment of the policies, we recommend that the budget request for planning and project initiation be tied to completion of the policies. Specifically, we recommend the following budget bill language:

In addition to the funds otherwise appropriated by this item, the sum of $437,000 is hereby appropriated from the General Fund for the support of the Department of Information Technology for the 1998-99 fiscal year. The appropriation made by this provision is not available unless and until the Department of Information Technology drafts or produces final policies establishing (1) when a department should hire an independent oversight vendor, (2) the level of experience project managers should have, (3) how to determine whether a procurement should be cost- or needs-based, (4) when a department should require a letter of credit or performance bond from the vendor, (5) what an appropriate size of a project is, (6) when acquiring intellectual property rights is appropriate, (7) when a risk assessment model should be conducted on a project, (8) when a risk mitigation plan needs to be developed, (9) summary information that should be contained in the front of funding documents, and (10) notification to the Legislature of information technology projects which are being conducted under delegated authority. Final policies shall be distributed to state departments prior to June 30, 1999.

Project Cost and Schedule Estimates Are Rarely Accurate

Over the past several years, we have identified several major information technology projects where costs have increased significantly above the original or updated estimates. The problem of inaccurate project estimates is not new and is not unique to public sector projects. Nevertheless, the Legislature continues to be asked to approve budgets for information technology projects which are based on cost estimates which are likely to change, most often in an upward direction. Project implementation schedules are often optimistic as well.

Given this situation, we believe that FSR and SPR transmittal letters for information technology projects should address the probability that cost, benefit, and schedule estimates are likely to be accurate, including any qualifications regarding those estimates. To help improve the meaningfulness of budget requests based on estimates contained in information technology project-related documents, we recommend that the Legislature adopt the following supplemental report language:

The Department of Information Technology shall require that feasibility study report transmittal letters and special project reports address the sensitivity to change of the cost, benefit, and schedule estimates contained in these reports.

The DOIT's Advocacy Role Conflicts With Oversight Responsibilities

Budget Proposal. The 1997-98 Budget Act required DOIT, in collaboration with DOF, to develop a new process for the initiation and approval of information technology projects. The DOIT published a report in December 1997 outlining the new process. The budget proposes six additional personnel-years and $288,000 in consulting services to implement the new process. As a component of the new process, DOIT indicates its intention to become an advocate for departments before the legislative budget hearings once an information technology project is approved.

Analyst's Recommendation. The enabling legislation which created DOIT required the department to establish policy in a number of significant areas. Since DOIT has yet to establish these policies as discussed above, it would appear as though the proposed resources devoted to advocacy in the funding request could be better used to meet the department's statutory requirements. Alternatively, as we indicate later in this analysis, DOIT has limited resources for year 2000 remediation activities and these resources could be used for such efforts.

Additionally, it would appear as though a department which is supposed to critically assess a project from initiation through its life cycle would have a conflict of interest as an advocate for the project. In fact, DOIT itself has stated that it believes an oversight body should be severed from the unit it is overseeing. In its 1996 Annual Report, the department wrote: "The most effective project oversight is applied in a condition of independence, i.e., the individuals performing project oversight must be detached from the organizational chain of command."

In view of the above, we recommend that the Legislature approve DOIT's augmentation, but require the resources proposed for advocacy be redirected to responsibilities DOIT is required by statute to perform.

State Civil Service Classifications Still Need Reforming

In 1994, the Governor's Task Force on Government Technology Policy and Procurement identified the state's civil service classifications as too rigid and a barrier to hiring information technology expertise at higher than entry-level positions. The state's hiring policies require departments, as a general rule, to hire at the entry level. In some cases, this limits a department's ability to hire personnel with extensive experience. Additionally, the task force noted that the state is unable to match private sector salaries in this employment field.

To resolve this problem, DOIT indicated in its 1996 Annual Report that it is involved in reforming information technology civil service classifications. However, we are unaware of any steps taken in this regard. Consequently, we recommend that DOIT report to the Legislature, prior to budget hearings, on the progress that has been made in addressing the civil service classification issues identified in the Governor's task force report.

Department Continues to Be Leader On Year 2000 Conversion

In the 1960s and 1970s when mainframe computer capacity was expensive, programmers established a standard for identification of dates in order to reduce the amount of space needed. By using the last two digits to represent the year (for example, 1973 was designated as 73), computing costs were reduced. With the new millennium approaching, these computer systems must now distinguish between dates in the 1900s and the 2000s. Computers, both in the public and private sectors, are unable to distinguish between these dates and must be modified to accommodate the change to the year 2000 (Y2K).

Failure to make the Y2K change will for some systems simply produce undetectable erroneous calculations, but some systems will completely fail. The "failure date," as it is known, is not necessarily January 1, 2000. For some systems in California, it has been as early as 1995, because these systems were required to provide dates into the future (for example, licenses that were granted in the mid- to late 1990s that will expire after the year 2000).

The Y2K conversion poses a significant problem because (1) California has never undertaken such a large statewide information technology project; (2) in most cases, it is probably too late to begin to deploy a replacement system, as opposed to modifying a system, thus limiting choices in how to respond to Y2K; and (3) as we approach the year 2000, resources are likely to become more scarce and prices will increase.

Budget Proposal. The budget proposes an augmentation of four limited-term positions and $302,000 for consulting services for DOIT's Y2K program. This would increase to seven the number of positions which currently staff the program. With this augmentation, DOIT proposes to use its Risk Assessment Model (RAM) on each project to determine risk and prioritize high risk projects for additional oversight.

The DOIT Started Early and Continues to Plan For Compliance. The administration initially focused attention on this problem when the Governor's Office of Information Technology (now DOIT) was established in late 1995. Significant effort to develop a strong program was made in 1996. In October 1996, DOIT published a "white paper" describing the Y2K problem. In November 1996, the DOIT issued the "California 2000 Program Guide" which identified the DOIT's approach to fixing the Y2K problem. Additionally, DOIT established a Y2K site on its home page which facilitates the exchange of information on policies and process.

The DOIT identified almost 3,000 state computer systems, of these 1,100 are either fixed already or do not need to be fixed. Of the remaining 1,900 systems, 650 are mission critical, meaning that they enable the department to carry out its primary responsibilities such as issuing drivers' licenses, collecting taxes, et cetera. The remaining 1,250 systems were identified as essential but not mission critical and will also need to be fixed. The DOIT's approach to addressing Y2K issues is contained in its program guide.

The California 2000 Program Guide. The program developed by DOIT requires departments to: (1) create an inventory of existing systems, (2) identify those that are critical to the overall mission of the department or program, (3) assess the impact the century change will have on these mission critical systems, and (4) develop a plan to fix them and submit this plan to DOIT along with its budget and schedule for Y2K conversion activities. Departments were required to identify the impact mission critical computer systems have on the department, outside entities with whom it exchanges information, and the public.

The DOIT Continues to Be Proactive. In addition to creating the program guide, DOIT has proactively:

• Begun to create a plan to upgrade embedded chip technologies, such as facsimiles, elevators, security systems, and more.
• Offered seminars on the impact of litigation and ways to minimize litigation.
• Sponsored a convention to create a forum to discuss the interdependence of state departments, local and federal government systems in the context of Y2K.
• Begun to develop a white paper and seminar on how to plan and execute testing of systems.
• Begun to develop a program to help departments identify and minimize liability and recover some of its Y2K costs from responsible vendors.
• Begun to develop information to help departments identify and resolve desktop Y2K related issues.

Although DOIT has taken a proactive role on Y2K issues, we have the following concerns with some of its efforts.

Value of Validation Statements, as Implemented, Appears Questionable. Last year, the Legislature required DOIT to review the plans for departments requesting an augmentation in funding for Y2K efforts and issue a Statement of Validation for each project. Once the statement was issued by DOIT, the DOF was to release the funds for the project. The required components of the Statement of Validation are shown in Figure 5.

Figure 5
Year 2000 Program (Y2K) Statements of Validation
Required Components
	Reasonableness of the state agency's strategy for addressing its Y2K problems.
	Comprehensive systems inventory, an assessment of year 2000-impacted systems and the scope of work to address Y2K problems.
	Extent to which the department's plan is aligned with the Department of Information Technology's (DOIT) Y2K methodology.
	Consistency of the department's proposal with information available to DOIT, including plans, schedules, and costs.
	Extent to which the department's systems are critical to its business with a prioritization of these systems and a consequence of failure.
	Identification of high risk activities.
	Assumptions and methods used to estimate the resources required.
	Redirection of resources within the department.
	Coordination of statewide and interdepartmental implementations of interdependent year 2000 affected systems.

Our review of the Statements of Validation has found that they are merely restatements of a department's plan. Although all of the information included is helpful, the statements do not (1) evaluate plans on the degree of reasonableness, (2) determine the accuracy of the estimation of resources, or (3) coordinate the projects with the statewide Y2K efforts. In fact, some Statements of Validation were issued for departments whose plans indicated the department would be a year behind schedule and contained no contingency plan.

The analysis on the degree of reasonableness of the plans is important because if realistic plans are not established then the chances for modifying the computer system on time decrease. Due to the large number of Y2K projects, we believe that it will be difficult for DOIT to complete such a thorough analysis even with the department's proposed budget augmentation.

Quarterly Reports Provide Few Details. The Supplemental Report of 1997-98 Budget Actrequired DOIT to report on October 15, 1997 and quarterly thereafter, on the status of the state's Year 2000 conversion efforts. In addition to other issues, DOIT was to identify any program which it believes is at risk of not completing necessary conversion in a timely manner. For those programs at risk, DOIT was to identify the factors which create the risk and what steps are being taken to mitigate the risk. Lastly, DOIT was to update the estimate of the costs to accomplish Y2K compliance.

The DOIT has submitted two quarterly reports thus far. Each report indicated DOIT's concern with the state's ability to fix all of its mission critical systems in a timely manner. However, the reports did not identify any projects at risk of failing, steps being taken to mitigate risk, or provide a revised total project cost estimate. The DOIT did decide to meet individually with each of the departments with high risk projects to review their plans. For high risk projects, DOIT will require monthly updates and take appropriate action including escalation and intervention.

Shortfalls in Oversight of Departmental Plans. Although the Y2K plans DOIT requires departments to complete contain important information, DOIT has limited staff resources to follow up on those that are deficient. This is a significant shortcoming because some departmental plans filed with DOIT indicate the department's efforts will not be completed until a year after the computer's failure date; that the department has no contingency plan; and that potentially hundreds of millions of dollars are at risk of not being collected as a result. The DOIT has not required departments in such situations to submit detailed contingency plans or to explain how they would continue to function without an operational system.

Some Y2K plans submitted by departments include timelines which are too optimistic, with many not allocating enough time to test the finished products. In fact, if departments followed DOIT's suggested time line, all departments should be concluding development and moving into the testing phase now. However, as of January 1998, few departments had reached the testing stage. Additionally, even for those departments whose plans project completion before the computer's failure date, there is not enough time to invoke a contingency plan, should one be needed. Thus, although DOIT required departments to submit Y2K plans, the plans do not necessarily protect the state's assets and DOIT does not appear to have the resources to review each plan in detail and require specific remediation steps.

Costs Continue to Rise. In our Analysis of the 1996-97 Budget Bill, we estimated that efforts to fix the state's systems could exceed $50 million. In April 1997, DOIT projected costs at $83 million. After departments had submitted the first planning report, DOIT revised the cost estimate to $187 million in July 1997. In January 1998, DOIT calculated that project costs will exceed $240 million, based on an ex-trapolation of costs presented in the last quarterly reports submitted by departments.

We believe the costs for Y2K conversion will be substantially higher than DOIT's most recent estimates. The $240 million estimate DOIT provided in January 1998 does not include (1) conversion of essential, but nonmission critical systems such as payroll and accounting; (2) efforts to remediate embedded chip technologies; (3) legal review of existing contracts to determine liability for expenses and failure to perform, currently projected to cost 40 percent of total remediation expenses (on that basis, approximately $100 million for California); (4) complete replacement of computer systems where necessary; (5) departments which do not report to DOIT (Judiciary, Legislature, University of California, California State University, Community Colleges, and others); and (6) the redirection of personnel-years which DOIT currently estimated are valued at over $500 million. If all of these costs were to be included, we estimate that efforts to fix the state's systems could easily cost $1 billion.

What Else Should DOIT Do? Figure 6 (see next page) outlines DOIT's current Y2K program, and what we believe should be added. As we outline in the Crosscutting Issues section of this chapter, although DOIT developed a program early that contains important components, we believe that there are several steps the state--through DOIT--can take to strengthen its Y2K Program.

Analyst's Recommendation. We recommend that the Legislature approve DOIT's proposed budget request in order to ensure DOIT can increase its oversight of Y2K activities. Additionally, we recommend that the Legislature direct DOIT to prioritize its statewide efforts based on the most critical Y2K conversions; require departments to create detailed contingency plans for each mission critical project; enhance project management on high risk projects; and plan to fix systems that are essential, but may not be mission critical.

Figure 6
Department of Information Technology's (DOIT) Year 2000 (Y2K) Program
DOIT Y2K Program required:
Inventory of all computer systems.
Prioritization of mission critical systems within the department.
Development of a plan to remediate mission critical systems.
Estimate of cost to remediate.
Filing of quarterly progress reports.
To complement the Y2K Program, DOIT has also:
Conducted a seminar to review legal issues related to system failure.
Begun creation of a plan to fix all noninformation technology embedded chips (security badges, facsimile machines, building environment, elevators, et cetera.)
Established Master Services Agreements to facilitate departments in hiring vendors to assist in remediation efforts.
Crafted contract language to require all new information technology purchases to be Y2K compliant.
Created a web site to serve as a clearinghouse for Y2K information.
What DOIT should also do:
Require establishment of detailed contingency plans which include a date in which the plan is invoked if the proposed project has not met its goal.
Prioritize projects statewide by revenue generated, public safety impact, impact on other departments' systems, impact to citizens, or other criteria it determines are most important.
Concentrate resources on projects in these categories which are having difficulty meeting deadlines.
Continue to deny requests for specified new information technology projects thereby concentrating resources on Y2K efforts.
Take a more proactive role to keep projects on schedule, including intervening when necessary.

The DOIT Needs to Develop Data Center Configuration Policy

In 1996, DOIT contracted for a study of feasibility of consolidating the state's data centers. In July 1997, DOIT released the report, which recommended consolidation and identified savings if the major data centers were consolidated.

In the budget year, the Health and Welfare Agency Data Center (HWDC) proposes to purchase one of the two buildings it occupies. The Stephen P. Teale Data Center is proposing a long-term lease purchase of a new facility.

Should the state decide to consolidate the two data centers, such a consolidation could affect the facility needs of each. Accordingly, we recommend that the DOIT provide the Legislature with a five-year strategic plan for configuration of the state's data centers before the state purchases or leases any new data center facilities. We note that the DOF plans to release a report later this year on the fiscal impacts of consolidation.

(For a more thorough discussion of the issue, please see our write up in the Capital Outlay chapter, as well as the analysis on the HWDC in the General Government chapter.)

The budget proposes $199 million for support of the data center's operations in 1998-99, which is a decrease of $43.5 million, or 18 percent, from estimated current-year expenditures. The decrease is a result primarily of the cancellation of the Statewide Automated Child Support System (SACSS) and a decrease in the Interim Statewide Automated Welfare System (ISAWS) budget. In addition to these decreases, the budget includes increases in requested appropriations for the Child Welfare Services/Case Management System (CWS/CMS), the Statewide Fingerprint Imaging System (SFIS), additional computer capacity, and year 2000 conversion activities.

Data Center Operations

State Should Increase Expertise of State Staff

The data center budget requests $653,000 to hire four private sector consultants at $152 per hour, or $260,000 per consultant per year, to provide support for the HWDC Router Network. The network allows for electronic communication between computers. The data center indicates that these consultants will have special expertise, which they will pass on to data center staff over several years. (The budget documentation supporting the request, however, indicates that the consultants are needed due to workload, not expertise.)

If the need is for specialized expertise, it may be more advantageous to provide additional training to existing staff, who are more likely to remain at HWDC, rather than hire consultants to perform the services and transfer knowledge over several years. By doing so, the data center reaps the long-term benefit of having experts on staff.

Analyst's Recommendation. We recommend HWDC provide the Legislature, prior to budget hearings, with an estimate on how much it would cost to train existing state staff to perform the network-related services.

Acquisition of Data Center Building Premature

The HWDC currently leases two buildings in Sacramento. The HWDC proposes to purchase one of the two buildings in the budget year. Chapter 1032, Statutes of 1996 (AB 3280, Cunneen) authorized the issuance of revenue bonds to purchase these facilities. However, the state is not using this bonding authority and instead the data center is requesting a General Fund loan.

The budget includes a capital outlay request for the state to purchase one of the buildings using a $5.2 million loan from the General Fund. The loan would be repaid from the data center's revolving fund. The HWDC's support budget proposes $445,000 for maintenance and operating costs for the building after it is purchased. (Currently, these services are provided by the landlord within the lease amount.) If the loan is not granted, HWDC will need $455,000 in the budget year to continue the existing lease.

Purchase Is Premature. In our analysis of the request to purchase the building (please see the Capital Outlay chapter in this Analysis), we conclude that the proposed purchase is premature and recommend that it be denied. We believe that the proposal is premature given that the administration has endorsed a 1997 report calling for consolidation of HWDC with the Teale Data Center. Such a consolidation could affect the facility needs of HWDC. Accordingly, we recommend that the Department of Information Technology (DOIT) provide the Legislature with a five-year strategic plan for configuration of the state's data centers before the state purchases or leases any new data center facilities.

Thus, we recommend that the proposal for $445,000 for maintenance and operating costs of the data center be denied, and that the Legislature instead appropriate $455,000 to continue to lease the facility in 1998-99.

Data Center Should Seek Review

In 1995, the Department of Social Services (DSS) transferred to HWDC responsibility for three of the largest information technology projects any state in the nation had undertaken. The projects, which were to automate welfare, child support, and child welfare services, were transferred due to the difficulties the DSS was experiencing in developing the projects.

Accepting responsibility for these projects posed a significant challenge to HWDC for several reasons:

• Each project was unusually large in size.
• Each project was experiencing significant development troubles.
• Contracts for two of the three projects were incomplete and did not specify work that the state wanted to have done.
• The projects were at a stage where going back and making substantial changes to the basic design would have been akin to starting over.

• Finding state or private sector project managers with experience deploying projects this large was difficult at best.

Taking over these projects, even for a well-run organization such as HWDC, posed a potentially overwhelming task for the data center. Not only were the projects in trouble, but the skills necessary to administer a data center are quite different from those necessary to conduct project management oversight, especially for major projects. In addition, while the data center was attempting to salvage these three major projects, it still had to administer its operations and meet the needs of its state department customers.

In 1997, the HWDC had to cancel one of the projects after spending $100 million because it would not work as planned. The other two projects, compared to recently revised estimates, continue to experience very significant cost increases (more than 70 percent) and delays (schedule slippages of up to two years). Although cost increases and delays are not uncommon on large projects, there are methods by which they can be minimized. For example, the Governor's Task Force on Government Technology Policy and Procurement recommended that a project not take more than two years to finish; that it be deployed in small, discrete components; and that project managers have experience commensurate with the size of the project.

In addition to the three major projects transferred in 1995, the center has since been given responsibility for seven more projects, bringing the total to ten. The cumulative cost of the ten projects exceeds $1.2 billion. Figure 7 shows the projects currently being managed by the center. As the figure shows, half of the projects are estimated to cost at least $100 million each and require a number of years to implement.

Outside Review Could Be Helpful. The data center was initially created to provide computer and communication services to its constituent departments. Only recently has the data center had thrust upon it the responsibility for developing and deploying major automation systems.

When the three projects were transferred from DSS, HWDC was given significant responsibility without any review of whether it had the appropriate tools for developing and deploying projects of this magnitude. We believe that a review of the center's major projects by an experienced consultant is warranted and will identify areas in which the data center can modify its resources and approach to increase the chances for successful deployment of the projects. With more than $1 billion of projects at stake, it is in the interest of the state to ensure that the data center has all the resources necessary to increase the opportunity for success.

Figure 7
Heath and Welfare Agency Data Center Projects Being Developed and Deployed
(Dollars in Millions)
Project	Purpose of System	Estimated Budget	Estimated Duration
Statewide Automated Welfare System (SAWS) Planning	Planning efforts to automate welfare benefit calculation and determination.	$18	4 years
SAWS Technical Architecture (SAWS-TA)	Enable multiple welfare systems to exchange data.	$45.3	10 years
Interim SAWS (ISAWS)	Automate 14 percent of statewide welfare caseload.	$285	10 years
Welfare Case Data System (WCDS)	Automate 41 percent of statewide welfare caseload.	$288	11 years
Los Angeles Eligibility, Automated Determination, Evaluation and Reporting System (LEADER)	Automate 33 percent of statewide welfare caseload.	$243	8 years
SAWS Consortium IV (C-IV)	Automate 12 percent of statewide welfare caseload.	To be determined	To be determined
Statewide Automated Child Support System (SACSS)	Automate collection and enforcement of child support.	$100 expended; future costs to be determined	Unknown
Child Welfare Services Case Management System (CWS/CMS)	Automate cases of children in child welfare services.	$206	9 years
Electronic Benefits Transfer (EBT)	Enable the electronic exchange of funds for food stamp recipients.	$1.5 (planning only)	--
Statewide Fingerprint Identification System (SFIS)	Fingerprint welfare recipients to identify duplicate aid cases.	$38	5 years
Total		$1,224.8

Such a review would make recommendations on how the data center can mitigate risk on these issues:

• A single data center having to manage many of the largest projects in the nation.
• Different skill sets necessary between managing a data center and managing deployment of information technology projects.
• Circumstances that lead to canceling a project (such as SACSS after spending $100 million).
• Significant increases in project costs (such as the 73 percent increase for CWS/CMS).
• Delays in project deployment of several months to years.
• Size of the projects being much larger than information technology industry standards suggest they should.
• Project managers with limited experience, especially on major projects.
• Contracts needing specialized legal review.

Analyst's Recommendation. We believe that the tasks and responsibilities given to the data center would be daunting for any private or public sector entity, and that some additional assistance could be helpful to the center, the users of its systems, and the state as a whole. For this reason, we recommend that the center and DOIT report to the Legislature during budget hearings on their suggested strategy for addressing the issues raised above. Specifically, the center and DOIT should consider the need for additional tools and resources for the center, an outside review by an experienced consultant with expertise in project management to review the center's project management methodologies, and a review of legal contracts for major projects to ensure that the contract terms protect the state.

Statewide Automated Welfare System (SAWS)

Background

• Interim Statewide Automated Welfare System (ISAWS).

• Los Angeles Eligibility Automated Determination, Evaluation and Reporting System (LEADER).
• Welfare Case Data System (WCDS).
• Consortium IV (C-IV).

We describe the progress of the consortia in more detail below.

The budget proposes an increase of $4 million in the current-year and a decrease of $3 million in the budget year for SAWS planning efforts. The multiyear total estimated cost for SAWS planning is $18 million.

Impact of Welfare Reform on System Requirements. Of the four consortia authorized by the Legislature, two (ISAWS and LEADER) were close to finishing the development of systems based on requirements which were established prior to welfare reform legislation being enacted in 1997. These consortia will need to be modified to reflect the new policies resulting from welfare reform. The other two systems (WCDS and C-IV) are in the planning stages and will need to incorporate the new welfare policies into procurement documents.

The DOIT required HWDC to hire a consultant to conduct an assessment of the impact of welfare reform on each of the four projects and departments (all departments under the Health and Welfare Agency, as well as the Department of the Youth Authority, Office of Child Development and Education and the Department of Education). The assessment, due in March 1998, will include: (1) an assessment of how welfare reform policies will affect existing computer systems; (2) an analysis of the gaps between what the existing computer systems can do and what welfare reform policies need them to do; and (3) recommendations on how to close the gaps.

SAWS Technical Architecture Facilitates Exchange of Data. In addition to the four consortia, the HWDC is responsible for deployment of the SAWS Technical Architecture (SAWS-TA) which will enable the four consortia to exchange data. The SAWS-TA is also supposed to be able to identify recipients in order to reduce duplicate aid payments. The SAWS-TA will be run at the data center and serve as an information broker among each of the systems for all of the counties. The SAWS-TA was originally due to be deployed by October 1997, but has been delayed. The latest plan was to have it support LEADER by February 1998; however LEADER is now delayed due to the effort to incorporate welfare reform. It is unclear when the SAWS-TA will be complete. Total estimated project cost is $45 million over the ten year life of the project.

The budget requests an increase in spending authority of $3.5 million for the current year and a decrease of $1.6 million in the budget year.

Requested Reports Not Received

The 1997-98 Budget Act, the Supplemental Report of the 1997-98 Budget Act and the Welfare and Institutions Code required the HWDC to provide a series of reports related to the SAWS project during the year. The purpose of the reports is to apprise the Legislature of progress in implementing SAWS, of potential problems with the projects and the fiscal impact of any such problems. None of the reports has been submitted. The reports include:

• A report on the progress of implementing the Statewide Automated Welfare System, Technical Architecture (SAWS-TA) project, which was due by January 1, 1998.
• Quarterly reports to the Legislature, beginning October 1997, on the status and progress of incorporating welfare program requirements into the SAWS systems. The reports are to include issues, time lines and cost estimates.

• An annual report to the Legislature on the progress of SAWS, as well as interim reports as necessary to raise significant time-critical issues.

Since the Legislature needs to be aware of the progress of the projects before appropriating funds for them, we recommend that the Legislature take no action on the $88 million proposed for SAWS until it receives the required reports.

Implementation Status of the SAWS Consortia

The HWDC budget for development of ISAWS proposes a decrease of $221,000 in the current year and $14 million in the budget year as the data center will no longer need these baseline expenses with the project coming to completion. Funding for maintenance and operation for this project will be approximately $21 million annually thereafter.

Los Angeles Eligibility Automated Determination, Evaluation and Reporting System Delayed to Incorporate Welfare Changes. The LEADER is being implemented by Los Angeles County and is currently under development. Although testing was to begin late last year, further deployment has been suspended while policies reflecting welfare reform are incorporated into the system. A revised schedule and budget have not yet been released. This project will serve 33 percent of the statewide caseload, all in Los Angeles County, when complete.

The HWDC is requesting an increase of $2.7 million in the current year and $4.2 million in the budget year is DSS' local assistance budget to fund development and operational activities.

Welfare Case Data System in Procurement Phase. The WCDS will serve 18 counties representing 41 percent of the statewide caseload when completed. The consortium released its procurement document, the Invitation to Partner (ITP), in December 1997. The WCDS intends to conduct an alternative procurement, which is an iterative process allowing refinement of the conceived system as the vendors and consortium discuss the business problem that needs to be solved. Ultimately, it is up to the vendor to propose the solution. The information technology industry generally considers this a "best practice," thereby increasing the chances for success.

The estimate of total project costs is $288 million. The 1998-99 Governor's Budget requests an augmentation of $6.2 million, bringing the baseline expenditures to $18 million for the project. We discuss the proposed ITP in more detail below.

Consortium IV in Planning Stage. The C-IV, which will serve four counties and 12 percent of the statewide caseload when finished, is in the beginning stages of planning its strategy and procurement. The HWDC's proposed budget does not include monies for C-IV as it is still in the planning stages, for which it received an augmentation of $2 million in current-year expenditures.

Welfare Case Data System Lacks Welfare Reform Policies and Oversight

As indicated above, WCDS is one of the four consortia that comprise SAWS. When completed, it will serve 18 counties and 41 percent of the state caseload. The 1998-99 Governor's Budgetrequests $18 million to enter into a contract and begin development of the system. As currently envisioned, the state has a minor role in the deployment of the WCDS. Rather, the 18 counties which comprise the consortium are primarily responsible for development and deployment of this system.

The WCDS consortium finished developing its procurement document--now called the Invitation to Partner (ITP)--while the Legislature and Governor were enacting a new welfare program in response to federal welfare reform. We have two primary concerns regarding the ITP, which was developed by counties within the consortium.

Welfare Reform Changes Not Included. First, the ITP was developed before welfare reform legislation was enacted. Our review of the ITP indicates that the system is focused on determining welfare eligibility. Under welfare reform, however, county welfare departments are required to undertake tasks that go beyond eligibility determination. The changes require departments to exchange information electronically with many partners, including local school districts, the Immigration and Naturalization Service, substance abuse programs, child welfare services programs, and work programs, among others. More importantly, the changes suggest the need for comprehensive case management capability. These components do not appear to be included in the ITP and will likely add substantially to the cost and the effort to deploy the system.

To the extent that the vendor who is awarded the contract develops a flexible system (known as "open architecture"), the consortium could add welfare reform in modules in the future. However, it is not clear from the ITP whether the proposal will have this flexibility, or whether it will have a "closed architecture." If the latter is the case, then the consortium would need to revise the ITP to include welfare reform policies. Alternatively, the consortium could develop a plan in which the vendor goes back and incorporates welfare reform policies into the system after it is deployed. Trying to incorporate the policies into a system that does not allow for the degree of expansion that will be necessary significantly increases the risk of failure.

For this reason, we believe that it is critical to require that the system be created with an open architecture, which would allow "adding on" of welfare policy components, or that the procurement document be revised to include welfare reform policies.

Insufficient State Oversight. Our second concern with the proposal is that it envisions very little state oversight. This is because the administration proposes to have the counties sign the contracts with the vendors and, although the state and federal government will be responsible for 95 percent of the costs, the state will not be able to amend, suspend, or terminate the contract.

Although the counties and state will be working in cooperation, there will be times when the counties and state disagree on a direction, as was evidenced in 1995 on CWS/CMS and more recently on SACSS. The HWDC's willingness to allow the counties to have such an exclusive role raises a larger concern of what responsibility and authority HWDC is going to have over the deployment of the project. Although HWDC indicates it will have oversight responsibility, the 1995-96 Budget Act which authorized the four consortia, required HWDC to be ultimately responsiblefor each of the four projects--a much more significant role than simply providing oversight. If HWDC does not have the authority to require specific changes to the contract, then no state agency can be held accountable, despite the large investment of state money.

Approval of the $18 million being requested will essentially demonstrate the Legislature's approval of the project as conceived, which is preliminarily estimated to cost $288 million.

Analyst's Recommendation. We recommend that the Legislature appropriate the $18 million proposed for the Welfare Case Data System through Budget Bill language, making it available if (1) DOIT certifies that the procurement document allows for expansion in order to more easily accommodate welfare reform policies and (2) the contract with vendors is signed by DOIT and HWDC so that state oversight can be preserved. We recommend the adoption of the following budget bill language:

In augmentation of the funds appropriated by this item, an additional sum up to $18 million is hereby appropriated for development and implementation of the Welfare Case Data System (WCDS), subject to the review and approval of the Department of Information Technology (DOIT) of the Invitation to Partner (ITP) proposed by the WCDS Consortium. The DOIT shall certify that the ITP requires the vendor to provide an open architecture to allow the system to expand as needed. Additionally, both DOIT and the Health and Welfare Agency Data Center shall sign contracts with vendors which obligate state funds to create and deploy this project. The Department of Finance shall notify the Joint Legislative Budget Committee and the Legislature's fiscal committees at least 30 days before authorization of expenditure of any funds.

Statewide Automated Child Support System (SACSS)

Child Support Project Canceled; New Project Offers Opportunities, Challenges

The budget indicates that the administration plans to come forward in the spring with a plan for automation of child support. We recommend that the Legislature require that the new automation system be purchased using a method in which the state outlines for vendors its desired outcomes, rather than specifying a particular technology. In addition, we recommend that Health and Welfare Agency Data Center report at budget hearings on the status of the level of federal funding for the new project.

The SACSS is a federal and state-mandated computer-based system to provide an automated statewide child support enforcement tracking and monitoring capability through the offices of county district attorneys. In 1995, the administration transferred the responsibility to manage this project from the DSS to HWDC in order to resolve serious implementation problems. In November 1997, after two years of difficulty implementing the project, HWDC canceled the contract and project. The state had spent $100 million on the project.

The Governor's budget has set aside $20 million from the General Fund (in a non-Budget Act item in the Health and Welfare Agency) in anticipation of a Finance letter for planning and development of a new project. The HWDC indicates it anticipates having a plan for future automation efforts completed by March 1998.

There are some counties currently using the working components of SACSS. The vendor was retained to maintain and operate the system for these counties for six months, beginning in November 1997, and will transfer knowledge of the system to state staff so that they can maintain the system. The vendor will be paid $11 million for these services.

Audit of Project Due. Last year, the Legislature directed the Bureau of State Audits (BSA) to conduct an audit of the management of the SACSS contract and project. This audit is due to be released in late February and, thus, should be available for the Legislature to review during hearings on HWDC's budget. The 1997-98 Budget Act requires HWDC to respond with a plan for implementing the audit's recommendations or take other actions that will improve performance in order to better protect the state's interests and ensure success of the SACSS project.

New Project Offers Opportunity to Follow "Best Practices." Although it is important to deploy a statewide system for child support enforcement as soon as possible, the cancellation of the SACSS project gives the state an opportunity to "start from scratch" to procure a system in such a way as to increase the chance of successful deployment.

In 1994, the Governor's Task Force on Government Technology Policy and Procurement recommended that the state revise its procurement process such that it lays out the business problem that needs solving, rather than specifying the technology it wants to purchase. This process, known in state government as an alternative procurement, is considered a "best practice" by the information technology industry. This new procurement process was successfully employed for a major project at the Franchise Tax Board.

Although it may seem as though starting over on SACSS will take longer than transferring an existing technology to California, such a conclusion is not necessarily accurate. Even though the state started with an existing technology on the SACSS project (it was transferred from another state), it could not be made to work in California, even after years of significant effort, a substantial investment of state monies, and a major change in project management. Procuring a new child support system using a process in which the state outlines its business needs should increase the state's chances of deploying a successful project.

In addition to the procurement method, there are other industry best practices that should be considered for this and future automation projects to better protect the state and increase the chances for success. For example, vendors should be willing to share in any potential financial loss to a greater degree than they have in the past. Vendors can share in the risk by providing a letter of credit, receiving payment only upon acceptance of deliverables, and including liquidated and consequential damages in the contract. In order to protect the taxpayers' investment, the state needs to procure major information technology systems using industry best practices such as these.

We recommend that the Legislature require that the new project be based on this alternative procurement process model which details the outcome desired, rather than specifying a technical solution in the procurement documents. Additionally, we recommend that DOIT require other appropriate best practices be incorporated into the contract and project management methodology.

Future Federal Financial Participation Unclear. When California began deploying SACSS, the federal government agreed to pay 90 percent of development costs. It is unclear whether the federal government intends to share in any of the cost of creating another system in California. If not, then HWDC may need to ask the Legislature for several hundred million dollars from the General Fund to support future child support automation efforts.

In addition, when first planning automation for child support, the DSS believed the federal regulations required that each state deploy a single system statewide in order to receive 90 percent enhanced federal funding. A letter from the federal agency responsible for this program indicates that it has the authority to grant a waiver to allow states to deploy multiple systems, as long as counties can exchange information amongst themselves. Due to California's size, it may have more success by deploying multiple systems that can exchange data, rather than one system, statewide. It remains unclear, however, whether the federal government will share in the expense of deploying multiple systems if they agree to fund any future automation efforts in California. If the state decides to deploy multiple systems which can exchange information for child support automation, it needs to understand the level of federal financial participation.

We recommend that the HWDC report at budget hearings on the status of federal financial participation for the new child support automation efforts in California.

County Child Support Systems Need Upgrading for Year 2000

The counties have been planning to use SACSS since 1995. As a consequence, many counties did not devote resources to modify county-based child support enforcement computers to be able to accommodate the year 2000 change. (For a full discussion of the impact of the year 2000 on computers, see the Crosscutting issues section earlier in this chapter.)

With the cancellation of SACSS in late 1997, counties are now faced with having to modify their computers to accommodate the year 2000. This effort will be expensive and time consuming. Failure to modify existing systems can lead to serious problems ranging from miscalculations of child support orders to complete failure of systems. It is unclear whether counties are receiving any assistance from the state to complete these modifications and whether they will all be able to complete them in time. The state should help ensure that these systems will be able to function without failing until a statewide system is deployed.

Analyst's Recommendation. We recommend that the HWDC and DSS report during budget hearings on the progress of the counties in modifying existing child support systems to accommodate the year 2000.

Child Welfare Services Case Management System (CWS/CMS)

Contract Increases Not Justified

The budget proposes $48 million to continue support for the CWS/CMS in 1998-99. This includes an augmentation of $15.1 million to increase the vendor's contract. This is the first installment of a total contract increase over several years of $58 million.

Background. Chapter 1294, Statutes of 1989 (SB 370, Presley), required the implementation of the CWS/CMS. The primary goal of this system is to provide a statewide database, case management tools, and reporting system for the Child Welfare Services program. The DSS began the project in 1990.

In April 1995, the administration transferred responsibility for project management from the DSS to HWDC in an effort to improve the project's prospects for success. When HWDC was given responsibility for this project, the project was at a critical stage, with the counties no longer supporting the project and the state close to canceling the contract. The HWDC spent several months renegotiating the contract with the vendor. When the negotiations were completed, HWDC advised the Legislature that the vendor guaranteed that the project would be fully deployed by fall 1997, for $119 million, and that if there were delays the vendor would pay penalties up to $5,000 per day depending on the missed milestone; share in the loss of federal funding; and guarantee maintenance for 15 months after every county received the system.

The project is now estimated to cost approximately $206 million and is not projected to be fully deployed until June 1998. If the proposed increase of $58 million spread over several years is approved, the vendor's contract will be increased 60 percent above the amount negotiated in 1995. We have the following concerns with the proposed increase in funding for the vendor.

State Paying Twice. The proposed increase in funding is to pay the vendor for a variety of activities. These include additional help troubleshooting problems at the county level, changing the fundamental operating system, resolving problems experienced in Los Angeles and Fresno Counties, completing additional testing of data, extending the vendor's contract to maintain the system, and continuing independent validation and verification (IV&V) services. Each of the services proposed for funding is necessary due to project delays and the system not working as planned. In our view, the contract requires the vendor to deploy a working system, therefore the state should not pay for fixing what is not working. Of the proposed increases noted above, two in particular are worrisome.

Software and Hardware Upgrades Should Not Be Necessary at This Time. A portion of the increase is being requested to upgrade the system infrastructure--both software and hardware--which HWDC advises is necessary for the continued performance and viability of CWS/CMS. However, HWDC's quality assurance vendor estimates that major software and hardware changes such as those being proposed should occur only every two to two-and-a-half years. Yet, the system has been operating for only a year in most counties. Accordingly, we do not believe that there is operational need to make the changes now.

Maintenance Costs Agreed to in 1995 Negotiated Away. The budget includes $8 million for the contractor to maintain and operate the system through June 1999. The HWDC informed the Legislature when it renegotiated the contract in 1995 that it secured a firm 15 months of maintenance and operation from the time the system worked in all counties. Now the center indicates that due to the delay in completion, the contract was amended to allow maintenance to end earlier in exchange for other services. It appears, however, that these are services the vendor should perform without additional charge to make the system work.

Analyst's Recommendation. We believe that the contract requires the vendor to deploy a working system. Since these appear to be expenses the vendor is already under contract to produce, we recommend denying the requested $15.1 million augmentation and prohibit HWDC from amending the vendor's contract for these expenses.

Other Issues

Statewide Fingerprint Imaging System (SFIS) Expansion Not Justified

The 1995-96 Budget Act assigned responsibility for implementing the Statewide Fingerprint Imaging System (SFIS) to the HWDC. The system, modeled after one implemented in Los Angeles County in 1994, is intended to reduce the cost of fraud associated with state welfare programs. The contract for this project was to be awarded in June 1997 with full system operation in July 1998. However, award of the contract has been delayed.

The proposed budget includes an augmentation of $8.9 million in 1998-99 to implement the SFIS. The total amount proposed for the budget year is $10 million.

At the time this analysis was prepared, we had not received budget documentation to justify this request. Thus, we withhold recommendation, pending receipt and review of the documentation.

Electronic Benefits Transfer (EBT) System Delayed

Electronic Benefits Transfer (EBT) allows for the electronic transmission of funds to a food stamp recipient. The system uses debit card technology and retailer terminals to automate benefit authorization, delivery, redemption and financial settlement thereby eliminating the need for food stamp coupons. Federal Food Stamp regulations, implemented as a result of the federal Personal Responsibility and Work Opportunity Reconciliation Act of 1996, require that all states implement an EBT system by October 2002. Chapter 270, Statutes of 1997 (AB 1542, Ducheny) authorized EBT and established an EBT committee, which will advise HWDC on the planning, development and implementation of the statewide EBT.

The HWDC is required to certify one or more EBT processors as eligible to contract with counties to implement EBT systems. A county or group of counties will contract with the certified processors directly and will have principal responsibility to manage operation of the EBT system implemented by the county or group of counties. At the time this analysis was prepared, HWDC indicates that the project has been delayed.

The proposed budget requests $194,000 and two positions to complete planning efforts to implement an EBT program.

We recommend that HWDC report to the Legislature during budget hearings on the progress of certifying processors.

Automated Tape Library Not Yet Justified

The budget proposes an augmentation of $671,000 for an Automated Tape Library (ATL). The ATL will enable an automated system to access data on computer cartridge tapes, thereby increasing accuracy and productivity. Total project costs are estimated to be $7.2 million over the life of the five year project.

At the time this analysis was prepared, we had not received documentation to justify this request. Thus, we withhold recommendation, pending receipt and review of the documentation.

Year 2000 Funding Request Not Yet Justified

The budget proposes an augmentation of $3.6 million to continue the data center's activities to enable all computer systems to accommodate the year 2000. The data center's proposal is to purchase hardware for increased capacity, consulting services for testing, and general overhead expenses.

At the time this analysis was prepared, we had not received documentation to justify this request. Thus, we withhold recommendation, pending receipt and review of the documentation.