The latest assessment of California’s primary tech agency by the state auditor has identified severe weaknesses in Strategic Planning, Information Security, and Project Oversight that limit the state’s management of its multi-billion dollar IT portfolio.
The report by the independent and well-respected auditor’s office flies in the face of Gov. Gavin Newsom’s repeated pledges to turn around the State of California’s dismal technology record.
“The long list of IT systems that that have failed, incurred huge cost overruns and/or were delayed for years is, or at least should be, especially embarrassing to Gov. Gavin Newsom,” according to Sacramento-based news organization CalMatters.
Considered a tech savvy official, Newsom in 2013 published a book, “Citizenville: How to Take the Town Square Digital and Reinvent Government.” I interview him about the book and his plans to bring – in his words – “State of the art – 1976 technology into the 21st Century for the state.”
In “Citizenville,” he was clear-eyed about the obstacles. “Because of the vast network of rules, regulations and laws that apply to virtually everything in government services, people aren’t sure what they’re allowed to do, much less what they’re supposed to do. Then you get IT department people who are paranoid about introducing anything new,” he wrote. “Resisting new technology is the government’s default position.”
Given that kind of clear understanding of California’s state IT issues and obstacles, plus his overall knowledge of the technology bounty available in Silicon Valley and elsewhere in the Golden State, why the continuing shipwreck on Governor Newsom’s watch after almost five years in office?
According to the auditor’s report, “State law and policy give the California Department of Technology (CDT) responsibility for and broad authority over nearly all aspects of IT in state government.” Specifically, CDT must produce an annual IT strategic plan to guide the State’s acquisition, management, and use of IT. In addition, state law requires CDT to issue and maintain policies governing the State’s information security and gives CDT the authority to conduct independent security assessments of every state agency. Finally, CDT is responsible for providing oversight of the State’s IT projects.”
And while CDT has the authority to suspend or terminate problematic projects, the auditor points out that this authority has not been exercised by CDT since 2016, while a hundred or more state IT projects are approved each year. In addition, CDT’s requirement to perform independent security assessments of all state agencies will not be completed until 2030, according to the report.
Why has this been allowed to happen over and over again for more than a quarter century at least?
Unexpectedly, during one brief shining moment during the Schwarzenegger administration beginning in 2003, he directed a total reorganization of the state’s clumsy IT group into a consolidated, cabinet agency secretariat, and appointed former Ford executive and Michigan CIO Teri Takai its first director. Over the next several years Takai orchestrated a remarkable IT renaissance for the new California Technology Agency, with clear authority and a peer-to-peer relationship among other agency cabinet secretaries and the new CIO.
In my new book for publication later this year and co-written with former state legislator, Lloyd Levin, entitled “Why Can’t California Do IT?”, I explain the reason for this success.
I maintain that there are two key factors needed for states and other governmental bodies to achieve IT success. First is for the governor and state legislature to empower the state CIO and vest the office with the authority, responsibility, resources, and support to get the job done. This determination is demonstrated through a strong CIO governance model exemplified by statutorily vesting in the CIO the enterprise IT authority for policy AND operations, and overall IT budget and oversight jurisdiction, along with the unquestionable and visible support from the governor, including most significantly cabinet status for the state CIO.
Second, in addition to the importance of an empowered CIO, for IT implementation to truly succeed, the state, or any governmental entity needs active and engaged executive program leadership in all the other secretariats.
The career state employees the governor has appointed state CIO the last few years are good people, but the new state CIO should be from outside government.
It’s something Governor Newson should do, and should have done five years ago.