Home Performance audit, Government Information Technology Agency, state-wide technology contracting...

Reference URL

Rate

To link to the entire object, paste this link in email, IM or document

To embed the entire object, paste this HTML in website

To link to this page, paste this link in email, IM or document

To embed this page, paste this HTML in website

Performance audit, Government Information Technology Agency, state-wide technology contracting issues

1 of 3

View Description

View PDF & Text

This page

All

Subset

PDF
Text

Text Search...

A REPORT
TO THE
ARIZONA LEGISLATURE
Debra K. Davenport
Auditor General
Government Information
Technology Agency
State-wide Technology
Contracting Issues
Performance Audit Division
JANUARY • 2003
REPORT NO. 03 – 01
Performance Audit
The Auditor General is appointed by the Joint Legislative Audit Committee, a bipartisan committee composed of five
senators and five representatives. Her mission is to provide independent and impartial information and specific
recommendations to improve the operations of state and local government entities. To this end, she provides financial
audits and accounting services to the State and political subdivisions, investigates possible misuse of public monies, and
conducts performance audits of school districts, state agencies, and the programs they administer.
The Joint Legislative Audit Committee
Representative Roberta L. Voss, Chair Senator Ken Bennett, Vice Chair
Representative Robert Blendu Senator Herb Guenther
Representative Gabrielle Giffords Senator Dean Martin
Representative Barbara Leff Senator Peter Rios
Representative James Sedillo Senator Tom Smith
Representative James Weiers (ex-officio) Senator Randall Gnant (ex-officio)
Audit Staff
Dot Reinhard, Manager and Contact Person
Catherine Dahlquist, Team leader Lori Babbitt
Rachel Rowland
Copies of the Auditor General’s reports are free.
You may request them by contacting us at:
Office of the Auditor General
2910 N. 44th Street, Suite 410 • Phoenix, AZ 85018 • (602) 553-0333
Additionally, many of our reports can be found in electronic format at:
www.auditorgen.state.az.us
2910 NORTH 44th STREET • SUITE 410 • PHOENIX, ARIZONA 85018 • (602) 553-0333 • FAX (602) 553-0051
DEBRA K. DAVENPORT, CPA
AUDITOR GENERAL
STATE OF ARIZONA
OFFICE OF THE
AUDITOR GENERAL
WILLIAM THOMSON
DEPUTY AUDITOR GENERAL
January 9, 2003
Members of the Arizona Legislature
The Honorable Janet Napolitano, Governor
Mr. Chris Cummiskey, incoming Director
Government Information Technology Agency
Ms. Betsey Bayless, Director
Department of Administration
Transmitted herewith is a report of the Auditor General, A Performance Audit of the Government Information
Technology Agency (GITA)—State-wide Technology Contracting Issues. This audit was conducted in
accordance with Laws 2000, Chapter 110 §1(E), and under the authority vested in the Auditor General by
A.R.S. §41-1279.03 I am also transmitting with this report a copy of the Report Highlights for this audit to
provide a quick summary for your convenience.
As outlined in its response, GITA disagrees with the first finding. It plans to implement or implement
differently 3 of the 4 recommendations directed to it. Further, GITA disagrees in part with one
recommendation, and does not plan to implement the entire recommendation.
Also, as outlined in its response, the Department of Administration agrees with the first finding and
plans to implement the two recommendations directed to it.
My staff and I will be pleased to discuss or clarify items in the report.
This report will be released to the public on January 10, 2003.
Sincerely,
Debbie Davenport
Auditor General
Enclosure
cc: Mr. Craig Stender, former Director Mr. J. Elliott Hibbs, Director
Government Information Technology Agency Department of Revenue
(former Director—Department of Administration)
In accordance with Laws 2000, Chapter 110 §1(E), the Office of the Auditor General
has conducted a performance audit of three areas involving the Government
Information Technology Agency (GITA). This audit was conducted under the author-ity
vested in the Auditor General by A.R.S. §41-1279.03.
GITA was established in 1997 to plan and coordinate information technology for state
government and provide related consulting services. One of its primary statutory
responsibilities is to develop a state-wide plan for information technology that entails
among other things adopting state-wide information technology standards, such as
requirements for ensuring the security of state agencies' information technology sys-tems
and developing a detailed listing of the State's information technology assets.
In addition, GITA is responsible for approving agencies' information technology proj-ects
costing between $25,000 and $1 million, and monitoring the projects that are
considered critical to the State. GITA also provides staff support for the Information
Technology Authorization Committee (ITAC), which reviews and approves state
agencies' information technology projects costing more than $1 million.
This was not a Sunset review of GITA but rather a performance audit that focused on
three defined areas.1 The three areas outlined in law for this audit are 1) GITA's abil-ity
to contract and enter into interagency and intergovernmental agreements, 2)
whether the contracting function affects GITA's ability to independently evaluate state
agencies' information technology plans, and 3) the Statewide Technology Licensing
Agreement (STLA) account.
l GITA’s contracting ability—State law provides GITA with general authority to for-mulate
policies, adopt rules, and contract and enter into interagency and inter-governmental
agreements. Statutes do not provide GITA with any delegated
purchasing authority, or exempt it from state procurement laws and codes.
l GITA’s ability to independently evaluate information technology projects—GITA
is statutorily required to review and either approve or disapprove agency infor-mation
technology projects estimated to cost between $25,000 and $1 million
to determine if they are viable and benefit the State. In fact, for projects requir-ing
GITA approval, the Arizona Administrative Code specifically prevents agen-page
i
1 GITA’s Sunset review is due October 1, 2005, as GITA is scheduled to terminate July 1, 2006.
Office of the Auditor General
SUMMARY
cies from committing or spending monies or from entering into project-related
contracts or vendor agreements before receiving GITA’s written approval.
l STLA account—Legislation approved in April 2000 established the STLA account
and directs that monies in the account be used for state-wide technology license
agreements designated by GITA’s director. A state-wide technology license
agreement is a contract with a vendor for information technology products and
services, such as computer software and maintenance.
Changes needed to ensure state-wide information tech-nology
contracts benefit the State (see pages 5 through
14)
Changes are needed to address problems with a multi-million dollar contract GITA
developed and negotiated and to help ensure that future state-wide information tech-nology
contracts benefit the State. When GITA negotiated a 5-year, $30.6 million
state-wide contract with Computer Associates International, Inc. for mainframe and
non-mainframe software (effective March 31, 2000), it anticipated that the contract
would save the State millions of dollars. However, an analysis conducted by the State
Procurement Office a year after the contract was signed found that the payment obli-gation
for this state-wide contract was a 389 percent increase from previous
Computer Associates contract amounts.
GITA failed to use procedures that would ensure the contract was necessary or rea-sonable.
Specifically, although GITA does not have procurement authority, it
bypassed the State Procurement Office (SPO) when developing and negotiating this
contract. GITA did not ensure that the contract was competitively bid nor did it pro-vide
the proper justification for declaring the contract as “competition impracticable.”
Further, even though this contract canceled and replaced some existing contracts
with Computer Associates that had been developed and negotiated by other state
agencies, GITA made only limited attempts to get stakeholder input and buy-in. GITA
also failed to follow other sound procurement practices, including verifying the
State’s need for the software products independent of the vendor’s projections. For
example, in justifying the need for the contract, the vendor provided GITA with a list-ing
of anticipated agency information technology projects. However, it was later
determined that this list contained over $43 million in unfunded agency information
technology projects.
page ii
State of Arizona
GITA did not take any steps to verify funding for these projects or even perform an
analysis of the likelihood that they would be funded prior to entering into the contract.
Because the State was unable to meet its payment obligation, the Department of
Administration’s director requested SPO to renegotiate the contract with Computer
Associates in 2001. During the renegotiation, the contract was extended for 2 addi-tional
years at no extra cost, so it appears that the primary benefit to the State is that
the $30.6 million payment will be spread over 7 years rather than the original 5-year
term.
However, SPO should investigate further renegotiation with Computer Associates to
address two remaining problems. First, SPO should investigate renegotiating with
the vendor to increase the State’s mainframe processing capacity during the 2 addi-tional
years. As a result of the State’s growing population, agencies are processing
more and more transactions, such as driver’s license applications and income tax fil-ings.
This activity requires additional mainframe processing capacity, which can be
very costly. The initial contract allowed for 20 percent annual growth in the process-ing
capacity of the State’s mainframe computers, but additional growth was not pro-vided
for in the 2 years added to the contract. Second, SPO should investigate nego-tiating
with the vendor to get a product mix that more closely reflects the State’s cur-rent
and projected need for Computer Associates products. The State is currently
using only about half of the 102 mainframe products available for state-wide use, and
three agencies have additional agreements with Computer Associates totaling $1.6
million for other software products. Whether or not renegotiation is successful, GITA
should work with state agencies to develop a strategy for replacing Computer
Associates software in case it should become beneficial to do so.
In addition to addressing problems with the Computer Associates contract, several
additional steps should be taken to ensure that future state-wide information tech-nology
contracts meet the State’s needs.
l First, GITA should develop written policies and procedures to guide its involve-ment
in the development and procurement of state-wide information technolo-gy
contracts. If GITA identifies the need for a state-wide information technology
contract that would financially commit the State to over $1 million, it should
establish a written justification which, at a minimum, should include such things
as an independent assessment of the State’s need for the products or services,
stakeholder input, a plan to fund the contract, and an exit strategy for replacing
the proposed products. In addition, GITA should limit its role in the procurement
process to an advisory capacity.
l Second, the Legislature should consider requiring GITA to submit written justifi-cations
for those state-wide information technology contracts that would finan-cially
commit the State to over $1 million to ITAC and the Joint Legislative Budget
Committee (JLBC) for review. ITAC comprises representatives from the
Legislature, state agencies, private industry, and the courts. This committee cur-page
iii
Office of the Auditor General
rently approves state agency information technology projects that exceed $1
million, and conducts periodic reviews of critical projects.
l Third, SPO should be responsible for conducting contract negotiations and
develop policies and procedures guiding state-wide information technology
contract procurement.
Policy needed to help ensure GITA’s independence in
reviewing and approving agency technology projects
(see pages 15 through 16)
GITA needs to develop a policy to ensure its independence when reviewing and
approving state agencies’ technology projects. GITA is involved in three interrelated
functions associated with state agencies’ acquisition of information technology:
l Adopting state-wide standards for information technology that provide state
agencies with direction on minimum and acceptable information technology
requirements.
l Reviewing state agency information technology projects estimated to cost
between $25,000 and $1 million to determine if they benefit the State, and
approving or disapproving them.
l Participating in developing state-wide information technology contracts.
GITA’s involvement in all three functions can potentially create concerns about the
agency’s ability to objectively review and approve or disapprove agency technology
projects. Auditors did not find evidence that GITA’s independence had been com-promised.
However, some could argue that GITA could set standards and only
approve projects that would require an agency to use certain vendors’ products, even
if those products are not the most cost-effective or most appropriate, because the
products would justify a particular state-wide contract that GITA helped to develop.
In conducting its work, GITA should provide alternatives whenever possible to ensure
it continues to objectively review and approve state agencies’ technology projects.
To avoid conflict, or even the appearance of conflict, GITA should develop a written
policy that requires it to recommend, or offer, more than one vendor or product when-ever
possible, as it formulates conditions for project approval. If more than one alter-native
is not available, GITA should state that fact in the memo sent to the agency
indicating the project review’s outcome.
page iv
State of Arizona
pagev
Office of the Auditor General
STLA account should be allowed to repeal (see pages 17
through 19)
The STLA account should be allowed to repeal on June 30, 2003, as scheduled
because it is not needed and has not been used. Legislation approved in April 2000
established the STLA account and directs that monies in the account be used for
state-wide technology license agreements designated by GITA’s director. If a state
agency chooses to purchase a product or service available on one of the designat-ed
contracts, the agency is required to transfer its payment to the STLA account. The
amount an agency would need to transfer to the account would be based on rates
determined jointly by GITA and the Department of Administration.
There were two main reasons given for establishing the STLA account: 1) to provide
a mechanism for monitoring agency software usage, and 2) to provide a means for
funding future state-wide technology initiatives. According to legislative hearing min-utes
and JLBC fiscal notes, it was believed the STLA account would facilitate moni-toring
agency use of software to determine actual purchasing volumes so that the
State could negotiate better discount rates with vendors. However, the State already
has mechanisms in place for obtaining this information, such as GITA’s annual inven-tory
of state agency information technology assets. GITA also intended the STLA
account to act as a repository of savings, which it could use to fund future state-wide
technology initiatives. The savings would be generated by setting the rates charged
to the agencies using designated contracts’ products and services slightly higher
than needed to pay the vendor. However, GITA does not have authority to spend the
monies in the STLA account because the law appropriates the monies only to the
Department of Administration and requires that they be used for state-wide technol-ogy
licensing contracts.
Despite the STLA account being in existence for more than 2 years, it has never been
used. GITA’s director must designate a state-wide technology licensing agreement,
or contract, for payment through the account for it to be used. However, no contracts
have been designated for the account. The state-wide contract with Computer
Associates was considered, but it did not generate any of the anticipated savings, so
the director decided against designating it for the STLA account. Additionally, in
October 2002, GITA determined that the account was not necessary and should be
allowed to repeal, citing several factors, including a lack of funding for a contract
administrator position to oversee the contracts designated for the account.
pagevi
State of Arizona
page vii
Office of the Auditor General
TABLE OF CONTENTS
1
5
5
7
9
12
14
15
15
16
16
17
17
18
18
19
Introduction & Background
Finding 1: Changes needed to ensure state-wide infor-mation
technology contracts benefit the State
GITA anticipated contract would save millions
GITA neglected basic procedures in negotiating contract
Renegotiation solved problems but others remain
Steps needed to address future contracts
Recommendations
Finding 2: Policy needed to help ensure GITA’s inde-pendence
in reviewing and approving agency technol-ogy
projects
GITA’s responsibilities create potential for conflict for interest
Policy needed to help ensure objectivity
Recommendation
Finding 3: STLA account should be allowed to repeal
STLA account not needed to monitor agency software usage
GITA lacks authority to use STLA account as it intended
STLA account has never been used
Recommendation
Agency Response
page viii
State of Arizona
page1
Office of the Auditor General
INTRODUCTION
& BACKGROUND
In accordance with Laws 2000, Chapter 110 §1(E), the Office of the Auditor General
has conducted a performance audit of three areas involving the Government
Information Technology Agency (GITA). This audit was conducted under the author-ity
vested in the Auditor General by A.R.S. §41-1279.03.
GITA responsibilities, staff, and budget
GITA was established in 1997 to plan and coordinate information technology for state
government and provide related consulting services. One of its primary statutory
responsibilities is to develop a state-wide plan for information technology which
entails, among other things, adopting state-wide information technology standards,
such as requirements for ensuring the security of state agencies' information tech-nology
systems and developing a detailed listing of the State's information technolo-gy
assets. In addition, GITA is responsible for approving agencies' information tech-nology
projects costing between $25,000 and $1 million, and monitoring the projects
that are considered critical to the State. GITA also provides staff support for the
Information Technology Authorization Committee (ITAC), which reviews and
approves state agencies' information technology projects costing more than $1 mil-lion.
To perform these responsibilities, GITA is appropriated 21 FTE positions, including a
director, deputy director, and staff. Funding for GITA is generated through a pro rata
share of .15 percent of total payroll for all agencies and the legislative and judicial
branches of state government. In fiscal year 2002, GITA expended $2.7 million.
Audit scope and background
This was not a Sunset review of GITA but rather a performance audit that focused on
three defined areas.1 Specifically, pursuant to Laws 2000, Chapter 110 §1(E), the
audit was required to focus on: 1) GITA’s ability to contract and enter into interagency
1 GITA’s Sunset review is due October 1, 2005, as GITA is scheduled to terminate July 1, 2006.
page2
1 GITA’s rules define an information technology project as a specific series of activities involving the implementation of new
or enhanced information technology systems over a prescribed period of time. If a project’s cost exceeds $1 million, GITA
will review it and then make recommendations to the Information Technology Authorization Committee (ITAC). ITAC, which
comprises representatives from the Legislature, private industry, local and federal government, state government, and the
courts, will then decide whether to approve or disapprove the project.
2 This requirement pertains to those state agencies required to submit information technology plans to GITA for approval
and includes most agencies, departments, commissions, and boards. The universities, community colleges, and the leg-islative
and judicial branch agencies are not subject to this requirement.
State of Arizona
and intergovernmental agreements, 2) whether the contracting function affects
GITA’s ability to independently evaluate state agencies’ information technology
plans, and 3) the Statewide Technology Licensing Agreement (STLA) account.
l GITA’s contracting ability—State law provides GITA with general authority to for-mulate
policies, adopt rules, and contract and enter into interagency and inter-governmental
agreements. Statutes do not provide GITA with any delegated
purchasing authority, or exempt it from state procurement laws and codes.
However, because GITA is statutorily required to develop a state-wide plan for
information technology and to review and approve state agencies’ information
technology projects, it has been involved in developing state-wide contracts for
information technology services.
l GITA’s ability to independently evaluate information technology projects—GITA
is statutorily required to review and either approve or disapprove agency infor -
mation technology projects estimated to cost at least $25,000 to determine if
they are viable and benefit the State.1 In fact, the Arizona Administrative Code
specifically prevents agencies from committing or spending monies on infor-mation
technology projects subject to GITA’s review or from entering into proj-ect-
related contracts or vendor agreements before receiving GITA’s written
approval.
In addition, GITA is also responsible for setting state-wide standards for infor -
mation technology. These standards consist of statements GITA developed that
provide state agencies with direction on minimum and acceptable information
technology requirements. Examples include standards for ensuring the securi-ty
of state agencies’ information technology systems, and standards for coordi-nating
and implementing agency or state computer networks.
l STLA account—Legislation approved in April 2000 established the STLA
account. Monies in the account are to be used for state-wide technology license
agreements designated by GITA’s director. A state-wide technology license
agreement is a state-wide contract with a vendor for information technology
products and services, such as computer software and maintenance. If a state
agency chooses to purchase a product or service available on one of the des-ignated
state-wide technology contracts, the agency is required to transfer its
payment to the STLA account.2 The amount an agency would need to transfer
to the account would be based on rates established jointly by GITA and the
Department of Administration. Law allows the rates to reflect both the cost for
the use of the product and/or service, and furtherance of state information tech-
Law requires monies in
STLA account to be
used for state-wide
technology licensing
agreements.
GITA does not have any
delegated procurement
authority.
Statutes require GITA to
approve or disapprove
agencies’ information
technology projects
costing between
$25,000 and $1 million.
page3
Office of the Auditor General
nology policies, standards, innovation, and strategic direction. Therefore, the
rates charged to an agency could be higher than the amount required for ven-dor
payments.
The report present findings and recommendations in three areas:
l Changes are needed to ensure state-wide information technology contracts
meet the State’s needs, including requiring ITAC and JLBC to review written jus-tifications
for state-wide information technology contracts that would obligate
the State to over $1 million, and the need for GITA and the State Procurement
Office to develop policies and procedures specifying how state-wide technolo-gy
contracts should be handled and their respective responsibilities in the pro-curement
process.
l GITA should develop a written policy to ensure that state agencies’ information
technology projects are reviewed objectively.
l The STLA account should be allowed to repeal on June 30, 2003, as it is not
needed and has never been used.
Audit methodology
Auditors used several methods to assess the three areas identified in statutes.
General methods used to obtain an understanding of GITA’s contracting authority,
independence, and the STLA account, included reviewing statutes, legislative min-utes,
and GITA’s policies, standards, and procedures; and interviewing personnel
from GITA, the Department of Administration, the Joint Legislative Budget
Committee, the Office of Strategic Planning and Budget, and the Legislative Council.
In addition, auditors used the following specific methods in reviewing each of the
three areas:
l Contracting authority—To obtain a better understanding of GITA’s contracting
role and authority, auditors conducted a literature search of best practices in
information technology contracting and reviewed recent information technology
contracts in which GITA participated. In addition, auditors conducted an exten-sive
review of a state-wide contract with Computer Associates International, Inc.
because it was developed and negotiated by GITA, financially committed the
State to $30.6 million, and legislative interest in this contract was sparked by
recent publicity about problems California experienced with a state-wide infor-mation
technology licensing contract. Specifically, the California State Auditor’s
Office noted that the state executed an information technology licensing con-tract
worth almost $95 million with Oracle Corporation despite evidence sug-
page4
1 California State Auditor Bureau of State Audits, Enterprise Licensing Agreement: The State Failed to Exercise Due
Diligence When Contracting with Oracle, Potentially Costing Taxpayers Millions of Dollars, Report Number 2001-128, April
2002.
2 The 13 agencies contacted included the Arizona Health Care Cost Containment System, Department of Administration,
Department of Economic Security, Department of Education, Department of Environmental Quality, Department of Health
Services, Department of Insurance, Department of Public Safety, Department of Revenue, Industrial Commission, State
Compensation Fund, State Land Department, and Supreme Court.
3 An additional nine projects received conditional approval or were disapproved during this period, but were not readily
available for auditors’ review.
4 The eight states contacted were Colorado, Florida, Nevada, New Mexico, Ohio, Texas, Washington, and Wisconsin.
These states were selected because they had a centralized information technology unit responsible for state-wide strate-gic
information planning.
State of Arizona
gesting that the need for the licenses was limited.1 To review the Computer
Associates’ contract, auditors reviewed historical documents GITA compiled,
and interviewed personnel from GITA, the Department of Administration, and
Computer Associates to reconstruct what occurred during the initial negotiation
and subsequent renegotiation. In addition, auditors interviewed personnel from
13 state agencies to determine their involvement in the original Computer
Associates negotiations and current and anticipated use of contract products.2
It should be noted that some of the individuals with a primary role in the original
negotiations were no longer available to be interviewed.
l Independence issue—To determine whether GITA’s objectivity in reviewing and
approving agencies’ information technology projects could be influenced by its
involvement in setting information technology standards and participating in
contract development and negotiation, auditors examined all of the 56 agency
project plans GITA reviewed from January 2000 through September 2002 that
were conditionally approved or disapproved.3
l STLA account—To obtain further information about the account’s purpose and
use, auditors interviewed information technology and procurement staff from
eight states to obtain information on their states’ use of STLA-type accounts;4
reviewed information from the federal Office of Management and Budget to
determine if assessing a surcharge for products purchased through the STLA
account would violate federal cost principles; and reviewed STLA account doc-uments
to determine whether any revenue and expenditure activity had
occurred since the account’s inception.
This audit was conducted in accordance with government auditing standards.
The Auditor General and staff express appreciation to the director and staff of the
Government Information Technology Agency and the director and staff of the
Department of Administration for their cooperation and assistance throughout the
audit.
Changes needed to ensure state-wide informa-tion
technology contracts benefit the State
The State needs to make several fundamental changes to help ensure that state-wide
information technology contracts in general—and a $30.6 million contract GITA
developed and negotiated in particular—are in the State’s best interest. In develop-ing
and negotiating a 5-year, $30.6 million contract with Computer Associates in
2000, GITA failed to use procedures that would ensure the contract was necessary
or reasonable, or even that the State would be able to afford the payments. Although
the State Procurement Office (SPO) subsequently renegotiated the contract in 2001
to extend it for 2 additional years at no cost, other problems remain, and SPO should
investigate renegotiating the contract again. To help ensure that such problems do
not recur, the Legislature should require the Information Technology Authorization
Committee (ITAC) and the Joint Legislative Budget Committee (JLBC) to review writ-ten
justifications for state-wide information technology contracts that financially com-mit
the State to over $1 million. In addition, SPO and GITA should individually devel-op
policies and procedures to better define their respective roles in the contracting
process.
GITA anticipated contract would save millions
When GITA negotiated a 5-year, $30.6 million state-wide contract, effective March 31,
2000, with Computer Associates, it anticipated that the contract would save the State
more than $6 million through a combination of cost savings and cost avoidance. The
contract, which covers software for mainframe and non-mainframe computers,
superseded other existing contracts that individual agencies had negotiated with
Computer Associates.
page5
Office of the Auditor General
FINDING 1
page6
State of Arizona
Contract covered software for variety of applications—The state-wide
Computer Associates contract provides software for two types of computers—main-frame
and non-mainframe.
l Mainframe software runs on powerful central computers designed to service the
needs of many users. The software ranges from operating systems to individual
programs and applications. This part of the contract contains about 100 different
mainframe software products for performing such tasks as database manage-ment,
job scheduling, security, and report programming. Because mainframe
software helps operate large computers instead of individual personal comput-ers,
software cost is based on the size of the computer and speed at which data
is processed rather than the number of users. A mainframe’s processing capac-ity
is defined as “MIPS,” or millions of instructions per second. The contract set
the State’s MIPS at 1,800 for the first year and gradually increased it to 3,000 in
the contract’s last year. All state agencies can use the mainframe products on the
State’s mainframes. Currently, the State has three mainframes operated by the
Departments of Administration, Economic Security, and Public Safety. This por-tion
of the contract was valued at nearly $21 million.
l Non-mainframe software is sometimes called “distributed” software because it
runs on many individual computers, rather than from a single machine. This part
of the contract initially included over 20 Computer Associates products and/or
suites of products for performing tasks such as network security and Web man-agement.
The non-mainframe products were available to all state agencies. This
portion of the contract was valued at over $9 million.
GITA’s reasons for establishing the contract—GITA anticipated that this
contract would save the State more than $6 million over the life of the contract. At the
time the contract was being developed and negotiated, the State was in the process
of consolidating some of its large data centers. GITA believed that the contract would
eliminate costly upgrade fees that Computer Associates would charge when a state
agency moved from its own smaller mainframe to a much larger, centralized data
center mainframe computer with increased processing capacity. In addition, GITA
anticipated establishing rates for the non-mainframe software products that would not
only cover the software contract cost but also help fund future technology initiatives.
Firm commitment contract superseded other contracts—This contract
differs from other Arizona state-wide information technology contracts in two ways.
First, it is a firm commitment contract, meaning that the State pays a fixed annual
amount regardless of the number of contracted software products or the amount of
MIPS actually used (unless the amount exceeds the capacity allowed in the contract).
In contrast, use- and volume-based contracts would base pricing on the actual MIPS
and/or software products purchased or used. Second, because this contract is a
state-wide agreement including Computer Associates’ mainframe processing soft-ware,
it canceled and replaced the State’s other contracts with Computer Associates
Computer Associates
contract requires State
to pay a fixed amount,
regardless of use.
GITA believed state-wide
Computer
Associates contract
would save the State
more than $6 million
over 5 years.
page7
Office of the Auditor General
for the same products. These other contracts were negotiated by such agencies as
the Department of Economic Security and the Department of Administration.
GITA neglected basic procedures in negotiating contract
GITA did not take appropriate steps to ensure the Computer Associates contract was
in the State’s best interest. Specifically, it failed to actively solicit the involvement of
the State Procurement Office, and as a result, standard procurement practices,
including the State’s competitive bidding requirement, were not followed. GITA also
failed to employ sound procurement practices, such as independently determining
the State’s need for the software products, determining whether agencies had ade-quate
monies to pay for the contract’s products, or establishing a plan for adminis-tering
the contract. As a result, the State was unable to meet its payment obligation.
State Procurement Office did not have active role—GITA bypassed SPO
when it developed and negotiated the Computer Associates contract, although GITA
has no procurement authority.1 Generally, agencies without purchasing authority
work with SPO when procuring goods and services. However, although the
Department of Administration indicates that at least one former member of SPO was
aware of the negotiations, auditors were unable to find evidence that GITA actively
sought SPO involvement. As a result, GITA did not ensure that standard procurement
practices or codes were appropriately followed. For example, the contract was nei-ther
competitively bid, nor was there a request to deem the contract “competition
impracticable,” which allows for bypassing the process of obtaining competitive bids
when proper justification is provided. In addition, SPO officials were unable to pro-vide
much explanation as to their absence in the process other than saying that dur-ing
this period, GITA was a new agency and was acting independently.
Contract development practices inadequate—Without the benefit that
SPO’s advice might have provided, GITA failed to employ contract development
practices that would ensure the Computer Associates contract was necessary, rea-sonable,
or would benefit the State. Within 1 year, the State found itself operating with
a contract it could not pay for. Practices GITA did not follow ranged from not assess-ing
need to not setting up appropriate contract management.
l Need based on vendor analyses and projections—GITA did not perform an
independent analysis to justify the contract, but relied on the data that Computer
Associates supplied. Specifically, GITA relied on the vendor’s estimates for the
State’s growth in mainframe processing capacity, or MIPS, and anticipated
needs for additional Computer Associates products. Although current GITA offi-cials
indicated that an independent analysis was conducted prior to the original
contract negotiation, they were unable to provide auditors with documentation
of such analysis. In fact, documents GITA provided indicate that the need for the
Within 1 year, the State
found itself operating
with a contract it could
not pay for.
GITA failed to employ
sound procurement
practices such as inde-pendently
determining
the State’s need for the
products.
1 Because GITA has no procurement authority, the Computer Associates’ contract was signed by the director of the
Department of Administration, who is the State’s chief procurement officer.
page8
State of Arizona
contract was based solely on information provided by Computer Associates. For
example, in justifying the need for the contract, the vendor provided GITA with a
listing of anticipated agency information technology projects. However, it was
later determined that this listing contained over $43 million in unfunded agency
information technology projects. GITA did not verify that there was funding for
these projects or even perform an analysis of the likelihood that they would be
funded before it entered into the contract.
l Contract exceeded available funding—GITA failed to ensure a funding plan or
strategy was developed for how the State would pay for the state-wide contract.
Consequently, an analysis SPO conducted a year after the contract was signed
found that the state-wide contracts’ payment obligation was a 389 percent
increase from the previous Computer Associates contract amounts, and aver-aged
an annual payment of over $6 million a year. Further, SPO indicated that
the contract’s paystream exceeded the State’s combined budgets by $15.5 mil-lion
over the contract term. Despite these significant increases, GITA failed to
determine how the increased costs would be divided among the agencies. In
addition, monies anticipated from agencies’ use of the Computer Associates-distributed
products were not realized because the software was not being
used.
l Contract negotiations lacked stakeholder input—Despite the fact that the
Computer Associates state-wide contract directly impacted several individual
agencies, GITA did not effectively solicit these agencies’ involvement. Although
GITA was able to provide evidence that it made some limited attempts to gath-er
feedback on agencies’ mainframe products, there was little to no evidence
that it sought agency input on distributed products. Consequently, it was unable
to show any formal attempts it made to ensure agencies took an active part in
the contract’s development. For example, audio tapes GITA provided of the
State’s Chief Information Officer (CIO) Council meetings during December 1999
and January 2000 showed little more than a mention of the Computer
Associates contract. Additionally, documents GITA provided showed an e-mail
it authored soliciting feedback from the CIO Council membership only 1 day
prior to the contract signing.
Additionally, auditors conducted interviews with CIOs and information technolo-gy
staff from 13 state agencies who were aware of the Computer Associates
contract and they overwhelmingly indicated having little knowledge about or
input into the contract. Without adequate agency input, the State cannot guar-antee
that the state-wide contract would include the appropriate products and
services that all agencies are using or anticipated using. For example, the
Industrial Commission continues to pay $73,000 annually to Computer
Associates for two products, one of which could have been included in the
state-wide contract.
Interviews with informa-tion
technology staff
from 13 state agencies
found they had little
knowledge about or
input into the Computer
Associates contract.
page9
Office of the Auditor General
l Existing contracts not reviewed—Even though this contract superseded existing
state agency contracts with Computer Associates, there is no evidence to show
that GITA reviewed the existing contracts before entering into the state-wide con-tract.
Specifically, there is no evidence that GITA evaluated whether the
statewide contract would be more advantageous than the existing ones. For
example, prior to the state-wide contract, the Department of Administration had
a financially advantageous contract in place with Computer Associates, called a
“site license.” This license allowed multiple users and mainframe processors to
use Computer Associates mainframe products as long as these processors
were located at the same site. These types of licenses avoid many of the
charges that are characteristic of current mainframe software contracts, such as
certain upgrade fees, but are no longer available. However, there is no evidence
that GITA weighed advantages such as DOA’s site licenses when determining if
the state-wide contract was beneficial.
l State-wide contract lacked management—Although the State was obligated
when the contract was entered into, GITA did not have a documented plan in
place for how the contract would be managed. Specifically, GITA did not have a
plan in place for assessing fees to agencies using Computer Associates main-frame
products. Additionally, GITA did not provide sufficient information to the
agencies on the products available through the state-wide contract or their cost.
GITA officials indicated that the agency was unable to administer the contract
because it did not receive funding for a contract administrator. However, this only
provides additional evidence that GITA entered into the contract without proper
consideration of how it would be administered.
l Contract lacked adequate Attorney General review—GITA failed to allow ade-quate
time for the contract to be comprehensively reviewed for legal and pro-curement
issues. GITA requested that the Attorney General’s Office review the
20-page state-wide contract—a step it was not required to take—but it provided
the Attorney General’s Office only 1 day for the review. A letter written by the
Assistant Attorney General indicated that because of the short time frame, he was
able to review the contract only for form and may have been able to identify other
issues if more time had been allowed. According to documentation GITA provid-ed,
the contract signing was rushed to meet the vendor’s fiscal year-end.
Renegotiation solved some problems but others remain
As a result of the State’s inability to pay Computer Associates, SPO initiated a rene-gotiation
of the state-wide contract in June 2001. Although the State benefited
through the renegotiation by extending the contract from 5 years to 7 years, which
had the effect of stretching out the payments for 2 additional years at no cost, some
additional changes also appear warranted. The State should investigate the possi-
Attorney General’s
Office given only 1 day
to review the Computer
Associates contract.
page10
State of Arizona
bility of a further renegotiation with Computer Associates. Additionally, to give the
State an ability in the future to negotiate more advantageous terms or to switch from
Computer Associates products, GITA should begin researching a replacement strat-egy
that would lessen the impact of moving off of Computer Associates products
should that become necessary or advantageous.
Renegotiated contract—In the spring of 2001, the Department of
Administration’s director requested SPO to renegotiate the contract with Computer
Associates because the State was unable to meet its payment obligation. Computer
Associates had informed SPO that GITA was in breach of contract for its ongoing fail-ure
to pay the amounts set forth in the state-wide contract and demanded payment
of $9.8 million within 10 days. As a result, SPO, in conjunction with personnel from
GITA and the Information Services Division of the Department of Administration,
began preparation for the renegotiation. Specifically, SPO conducted an analysis of
the original contract’s shortcomings and found that not a single agency was using
the distributed products offered in the contract and these products should have been
competitively bid. SPO argued to sever this part of the contract and reduce the
State’s obligation by $9 million. However, according to the SPO staff who took part in
the renegotiation, Computer Associates argued that these distributed products were
“free throw-ins” and the contract was structured with the $9 million figure to generate
employee commissions. In the end, the renegotiation resulted in the State losing the
ability to use all but one of the distributed products, and the State’s financial obliga-tion
remained the same. Further, the distributed product available for use, TNG
Unicenter, is volume-limited, meaning that the product is limited to a certain number
of users. Consequently, the renegotiated contract’s benefit appears to be extending
the contract payments and terms for 2 more years.
SPO should consider renegotiating the state-wide contract—SPO
should investigate further renegotiating the Computer Associates contract to try to
get more value from it. Although the contract contains a standard provision that
allows the State to terminate it for convenience, this is not a viable option because
Computer Associates products currently play an integral role in the operation of the
State’s mainframe and application environment and could not be immediately
replaced. For example, the Arizona Health Care Cost Containment System (AHC-CCS)
uses Computer Associates database software to help administer the State’s
Medicaid program. It could take several years for AHCCCS to transition to another
product because the computer programs have been written specifically for the
Computer Associates database software. Nonetheless, there are still two concerns
that SPO should attempt to address:
l First, SPO should investigate further renegotiating with the vendor to allow the
State’s mainframe capacity to increase proportionally during the 2 additional
years added to the contract. As a result of the State’s growing population, agen-cies
are processing more and more transactions, such as driver’s license appli-cations
and income tax filings. This activity requires additional mainframe pro-cessing
capacity, which can be very costly. The initial contract allowed for 20
Renegotiation resulted
in contract term being
extended from 5 to 7
years.
Terminating Computer
Associates contract for
convenience not a
viable alternative.
page11
Office of the Auditor General
percent annual growth in the processing capacity of the State’s mainframe com-puters,
but additional growth was not provided for in the 2 years added to the
contract. Renegotiating this portion of the contract now could potentially save
the State costly upgrade fees if the mainframe capacity is exceeded during the
contract term.
l Second, SPO should investigate renegotiating the contract to try to get a prod-uct
mix that more closely reflects the State’s current and projected needs. As of
August 2002, little more than half of the available mainframe products the con-tract
allows for state-wide use are being used. Specifically, the State is using only
55 of the 102 available mainframe products and does not have the ability to
change unused products for those that may be useful. For example, currently
three state agencies have additional agreements with Computer Associates
totaling $1.6 million above and beyond the cost of the state-wide contract for
other software products.
Recently, the Department of Administration’s director asked his staff to conduct an
analysis to determine if the State is getting value from the Computer Associates
state-wide contract. Staff indicated that during November of 2002 they will begin sur-veying
other states using Computer Associates products to determine if the pricing,
terms, and conditions of Arizona’s contract are comparable to the other states’ con-tracts.
Specifically, the analysis will compare information such as processor size,
MIPS usage, product usage, contractual ability to change out obsolete products, and
discounts offered. Department of Administration staff also indicated that an outside
consulting firm will conduct a cost analysis based on the information gathered in this
survey.
State should develop replacement strategy—GITA should work with the
Department of Administration and state agencies to develop a strategy for replacing
the Computer Associates software in case it should become beneficial to do so.
According to the Information Technology Governance Institute, replacement strate-gies
are an essential part of an organization’s information technology plans.1
Although replacing software can be both time-consuming and costly, having an exit
strategy in place could provide the State with the leverage to negotiate more advan-tageous
terms in future state-wide software contract negotiations. Further, because it
can take several years to transition off software, it is important that GITA begin assist-ing
agencies in developing an exit strategy either while the contract is being devel-oped
or immediately after the State enters into it. Since the State entered into the
Computer Associates contract in 2000, it is important that GITA begin assisting the
agencies in developing a replacement strategy now.
1 The Information Technology Governance Institute was established by the Information Systems Audit and Control
Association in 1998, to clarify and provide guidance on current and future issues pertaining to information technology
governance, control, and assurance.
Steps needed to address future contracts
Arizona needs to take steps to ensure that future state-wide information technology
contracts meet the State’s needs and are in its best interest. This process will require
multiple stakeholders’ involvement and coordination to ensure the best result. Proper
oversight is critical and policies and procedures are needed to ensure that a stan-dardized
process is defined and followed.
GITA’s role in contracting should be defined in policy and proce-dure—
GITA’s role in the development and procurement of state-wide information
technology contracts should be better defined and guided by policy and procedure.
Because GITA has no procurement authority, it should limit its role in the procurement
process to an advisory capacity. However, GITA’s statutory responsibilities for state-wide
information technology planning put it in the best position to identify the need
for and develop the justification for state-wide information technology contracts. If
GITA identifies a need for a state-wide information technology contract that would
commit the State to over $1 million, GITA should also develop a written justification
that, at a minimum, includes the following items.
l Independent assessment of the need for the technology
l Input and feedback from the impacted agencies
l Cost-benefit analysis
l Plan for funding the contract
l Plan for administering the contract
l Exit strategy for replacing the technology.
Currently, GITA and SPO are working to define their respective roles in the develop -
ment and procurement of state-wide information technology contracts. GITA should
ensure that its policies and procedures cover its role in identifying and justifying state-wide
information technology contracts as well as how it will coordinate with SPO.
Additional reviews should be required—The Legislature should consider
requiring additional reviews over state-wide information technology contracts that
financially commit the State to over $1 million. First, the Legislature should require
that before the State enters into these types of contracts, GITA submit the contract
justifications to ITAC for review and approval.1 ITAC comprises 14 members, which
include representatives from the Legislature, state agencies, private industry, and the
page12
1 Currently, ITAC is scheduled to repeal on June 2, 2003. GITA has indicated its intent to propose legislation to align ITAC’s
termination with GITA’s Sunset date of July 1, 2006.
State of Arizona
GITA’s role in the infor-mation
technology pro-curement
process
should be limited to an
advisory capacity.
page13
Office of the Auditor General
courts. ITAC is statutorily charged with approving or disapproving all proposed state-wide
technology projects that cost over $1 million. GITA officials indicated that ITAC’s
approval was not required for the Computer Associates state-wide contract because
it was not considered a “project.” Therefore, ITAC approval should be required for
state-wide contracts that financially commit the State to over $1 million to ensure they
are in the State’s best interest.
In addition to ITAC approval, the Legislature should consider requiring the Joint
Legislative Budget Committee (JLBC) to also review the contract justification for
state-wide contracts financially committing the State to over $1 million. Specifically,
JLBC staff should review the proposed funding plan to assess its feasibility and pres-ent
its findings to the JLBC. The JLBC should review these findings and make rec-ommendations
to GITA and SPO regarding the plans.
SPO should develop policies and procedures for state-wide con-tracts—
SPO should take the lead in negotiating state-wide information technology
contracts and develop policies and procedures guiding contract procurement.
SPO’s Information Technology Unit employs procurement officers specializing in
information technology procurement, including networking services and
software/hardware maintenance. To ensure that the State is obtaining the most
advantageous state-wide contract, SPO, not GITA, should take the lead on informa-tion
technology procurements, including developing the request for proposal with
GITA acting as technical advisor. Further, although both statute and administrative
rule guide the information technology procurement process, SPO should develop
policies and procedures on how state-wide information technology contracts should
be handled and specific requirements for those contracts that financially commit the
State to over $1 million, including ensuring that affected stakeholders are involved in
the procurement process, proper analyses have been conducted, and ITAC and the
JLBC have reviewed a written justification.
SPO should develop
guidelines on the devel-opment
of state-wide
information technology
contracts.
page14
State of Arizona
Recommendations
1. The State Procurement Office should investigate renegotiating the Computer
Associates contract to increase the mainframe growth allowance for the 2 years
added onto the contract and to obtain a better product mix.
2. GITA should work with stakeholders to develop a strategy for replacing the
Computer Associates software in case it should become beneficial to do so.
3. GITA should limit its role in state-wide information technology procurements
solely to an advisory capacity.
4. GITA should develop policies and procedures guiding its involvement in state-wide
information technology contract development. If GITA identifies a need for
a state-wide information technology contract that commits the State to over $1
million, GITA should also develop a written justification which, at a minimum,
includes the following items:
l Independent assessment of the need for the technology,
l Input and feedback from the impacted agencies,
l Cost-benefit analysis,
l Plan for funding the contract,
l Plan for administering the contract, and
l Exit strategy or plan for replacing the technology.
5. The Legislature should consider broadening ITAC statutes to include the manda-tory
review and approval of the written justification for state-wide information
technology contracts that financially commit the State to over $1 million to ensure
they are in the State’s best interest.
6. The Legislature should consider requiring the JLBC also review the written justi-fication
for state-wide information technology contracts that financially commit
the State to over $1 million to assess the feasibility of the funding plan.
7. The State Procurement Office should develop policies and procedures on how
state-wide information technology contracts should be handled, including ensur-ing
that affected stakeholders are involved in the procurement process, proper
analyses have been conducted, and that ITAC and JLBC have reviewed any con-tract
justifications.
Policy needed to help ensure GITA’s independ-ence
in reviewing and approving agency technol-ogy
projects
GITA needs to develop a policy to help ensure its independence when reviewing and
approving state agencies’ technology projects. GITA is involved in three interrelated
functions associated with state agencies’ acquisition of information technology that
could lead to situations in which its independence might be questioned. Therefore,
GITA should establish a written policy that indicates how it will ensure that agencies’
technology projects are objectively evaluated.
GITA’s responsibilities create potential for conflict of inter-est
GITA performs a variety of functions and activities associated with state agencies’
acquisition of information technology. Three of these are closely related:
l Setting state-wide standards—GITA is statutorily required to adopt state-wide
standards for information technology. These standards consist of statements
GITA developed that provide state agencies with direction on minimum and
acceptable information technology requirements. Examples include standards
for ensuring the security of state agencies’ information technology systems, and
standards for coordinating and implementing agency or state computer net-works.
l Project review and approval—GITA is required to review any information tech-nology
projects estimated to cost at least $25,000 to determine if, among other
things, they benefit the State.1 Based on its review, GITA can approve, condi-tionally
approve, or disapprove the project. If the project is approved, the agency
page15
Office of the Auditor General
FINDING 2
1 If a project is estimated to cost over $1 million, GITA will review it and then make recommendations to ITAC, which will
then decide whether to approve or disapprove the project. ITAC is composed of representatives from the Legislature, pri-vate
industry, local and federal government, state agencies, and the courts.
may proceed with implementing it. If the project is conditionally approved, GITA
will identify the conditions the agency must satisfy for approval. If the project is
disapproved, the agency cannot implement it.
l Development of state-wide information technology contracts—GITA also partic-ipates
in developing state-wide information technology contracts, as discussed
in Finding I, pages 5 through 14. These contracts can involve major acquisition
of hardware and software across many agencies.
GITA’s involvement in all three functions can potentially create concerns about the
agency’s ability to objectively review and approve or disapprove agency technology
projects. Specifically, some might argue that GITA could set standards and only
approve projects that would require that an agency use certain vendors’ products,
even if those products are not the most cost-effective or most appropriate, because
the products would justify a particular state-wide contract that GITA helped to devel-op.
Policy needed to help ensure objectivity
Although auditors did not find evidence that GITA’s independence was currently
being compromised, GITA should nonetheless develop a written policy to ensure it
continues to objectively review and approve state agencies’ technology projects.
Auditors examined 56 agency project plans GITA reviewed from January 2000
through September 2002 and found only two instances in which GITA made its
approval contingent upon the agency also assessing a competing product with con-sideration
to its adequacy and cost-effectiveness. However, to help ensure GITA
remains objective in its review of agency projects, it should adopt a policy of recom-mending,
or offering, more than one vendor or product whenever possible, as it for -
mulates conditions for the project approval. If more than one alternative is not avail-able,
GITA should state that fact in the memo sent to the agency indicating the proj-ect
review outcome.
Recommendation
1. To help ensure it remains objective when reviewing and approving agency tech-nology
projects, GITA should develop a written policy that requires it to recom-mend,
or offer, more than one vendor or product whenever possible, as it for -
mulates conditions for project approval. If alternative vendors or products are
not available, GITA should state that fact in the memo sent to the agency indi-cating
the project review’s outcome.
page16
State of Arizona
page17
Office of the Auditor General
STLA account not need-ed
to collect agency
software usage informa-tion.
FINDING 3
STLA account should be allowed to repeal
The Statewide Technology Licensing Agreement (STLA) account should be allowed
to repeal on June 30, 2003, as scheduled, because it is not needed and has not been
used. A reason for establishing the STLA account was that it would allow for central-ized
billing and purchasing, enabling the State to monitor agencies’ software usage
and thereby negotiate increased discount rates based on volume; however, other
mechanisms already exist for this purpose. Further, GITA intended the account to act
as a repository for savings because it believed that establishing state-wide technol-ogy
contracts would generate significant discounts and state agencies could be
charged rates slightly higher than needed to pay the vendor. GITA intended to use
these extra monies (or “savings”) to pay for future state-wide technology initiatives,
but it lacks statutory authority to spend the account monies in this way. In addition,
the director of GITA has never designated any state-wide technology contracts for the
account, and as a result, the account has never been used.
STLA account not needed to monitor agency software
usage
The Legislature established the STLA account in April 2000. Law requires the monies
in the account to be used for state-wide information technology licensing contracts.
According to legislative hearing minutes and JLBC fiscal notes, a reason given for
establishing the account was that centralized billing and purchasing would facilitate
monitoring agency use of software to determine actual purchasing volumes so that
the State could negotiate better discount rates with vendors. However, the State
already has mechanisms in place for obtaining this information. For example, statute
requires GITA to conduct an inventory of state agency information technology assets,
including software, which is performed annually; so it already has a mechanism for
capturing product usage that could be used to negotiate discounts. Additionally, sim-ilar
information would be available from the State’s designated software licensing
agent for software purchases made by agencies under the State’s volume license
agreements.
GITA lacks authority to use STLA account as it intended
GITA does not have the statutory authority to use the STLA account as it intended.
GITA originally intended the STLA account to act as a repository for savings, which
could be used to pay for future state-wide technology initiatives. Specifically, GITA
anticipated that the State would receive better discounts by establishing state-wide
information technology contracts, and planned to work with the Department of
Administration to set the rates charged to the agencies using designated contracts’
products or services slightly higher than needed to pay the vendor. These surcharges
would generate extra monies, or “savings,” which GITA would then use to fund other
technology initiatives in the State.
However, the STLA legislation did not give GITA the authority to spend the monies in
the account. Rather, law stipulates that these monies are appropriated to the
Department of Administration and restricted for designated state-wide technology
licensing contracts. Although an amendment was proposed in 2000 that would have
allowed for the savings in the STLA account to be used as GITA intended, it did not
pass. Furthermore, federal cost principles prohibit state agencies that purchase
goods and services with federal monies from being charged more than the cost of
the product. State agencies such as the Department of Economic Security and the
Arizona Health Care Cost Containment System receive significant portions of their
funding from the federal government and could not use these federal dollars to pay
for fees beyond the actual cost for the product or service.
STLA account has never been used
Although the account has been in existence for over 2 years, it has not been used.
To be used, GITA’s director must designate a state-wide technology licensing
agreement, or contract, for payment through the account. However, no contracts
have been designated for the account. One state-wide contract that was considered
for the STLA account was with Computer Associates for mainframe and non-main-frame
computer software (see Finding I, pages 5 through 14). However, this contract
did not generate any of the savings GITA anticipated; therefore GITA’s director decid-ed
against designating the contract for the STLA account.
In October 2002, GITA determined that the account was not necessary and should be
allowed to repeal. Two reasons GITA gave for this decision include lack of funding for
a contract administrator position to oversee the contracts designated for the account,
page18
State of Arizona
GITA lacks statutory
authority to spend
monies in the STLA
account.
GITA has never desig-nated
any contracts for
the STLA account.
page19
Office of the Auditor General
and the autonomous procurement authorities held by state agencies, which limit
GITA’s ability to require agencies to use state-wide mainframe license agreements.
Recommendation
1. The STLA account should be allowed to repeal on June 30, 2003, as scheduled,
because it is not necessary and has not been used.
page20
State of Arizona
Office of the Auditor General
AGENCY RESPONSE
State of Arizona
JANET NAPOLITANO
GOVERNOR
CRAIG STENDER
DIRECTOR
STATE OF ARIZONA
GOVERNMENT INFORMATION TECHNOLOGY AGENCY
100 North 15 Avenue, #440
Phoenix AZ 85007
January 3, 2003
The Honorable Debbie Davenport
Auditor General
2910 North 44th Street
Phoenix AZ 85018
The Honorable Debbie Davenport:
Enclosed for your review is the Government Information Technology Agency (GITA) response
to your revised preliminary performance audit report draft dated December 23, 2002. We
appreciate the opportunity to respond to the Office of the Auditor General report. In addition,
thank you for the professionalism and courtesy demonstrated by your audit staff in working with
the GITA staff over the past several months.
As we have mentioned many times during the course of the audit, one of our primary concerns
with the audit report is that Finding 1 comments on only one contract, allegedly negotiated solely
by a now deceased GITA staff member, and formally executed by the Department of
Administration. Further, the report does not distinguish between contracting methods and
techniques allegedly in use at the time of the contract and the methods used in GITA today,
nearly three years later under a different State CIO and management team. Finally, given the
nature of the recommendations, we continue to believe the tone of Finding 1 is overly critical.
Thank you for your consideration.
Sincerely,
Craig Stender
Director & State CIO
CS:mc
Enclosure
1
Government Information Technology Agency
Performance Audit Response
January 3, 2003
GITA Disagrees with Most Key Findings in Finding 1
The Government Information Technology Agency (GITA) disagrees with most of the key
findings and conclusions in Finding 1. The main premise of Finding 1 is that GITA’s
involvement in contracts is fundamentally flawed. The auditors, however, focused on only one
statewide software contract, overseen several years ago by a prior GITA staff member, to arrive
at this finding. The auditors fail to acknowledge that GITA has provided advice and consulting
on at least 20 other equally important statewide IT contracts in the last five years. Further, the
auditors imply the CA contract is not in the best interests of the State. In fact, an objective
review of the contract by Gartner Inc., the oldest and largest information technology research and
advisory firm in the country, finds the State’s contract with Computer Associates (CA) to be
above average in comparison to CA contracts with other public entities. The Finding repeatedly
states GITA did not involve stakeholders in the CA contract. Evidence of stakeholder
involvement was provided to the auditors, including e- mails, audiotapes and other documentary
and anecdotal evidence. The contract itself was signed by the Director of the Department of
Administration, the State’s Chief Procurement Officer by Statute – a highly pertinent fact only
mentioned by the auditors in a footnote. The Finding states there was a failure to determine if
funding was available for the CA contract. In fact, evidence shows that a financial plan was
presented to the budget offices and the using agencies for their review before the Computer
Associates contract was signed.
These issues are addressed in more detail below:
Auditors Commented on Only One Contract – The main premise of Finding 1 is that GITA’s
involvement in contracts is fundamentally flawed. The auditors, however, focused on only one
statewide software contract, overseen several years ago by a prior GITA staff member, to arrive
at this finding. The auditors fail to acknowledge that GITA has provided advice and consulting
on at least 20 other equally important statewide IT contracts in the last five years. For example,
GITA has received accolades for its support of statewide interests in regard to contracts with
Microsoft from the City of Phoenix, Maricopa County, Department of Environmental Quality,
the State Procurement Office and many others. GITA has also been praised for its active
involvement in multi-state efforts through the National Association of State Chief Information
Officers (NASCIO) to lobby Microsoft for greater protections for all of the states.
If the intent of the audit was to evaluate and draw conclusions on GITA’s performance in regard
to its advisory role in contracts, the auditors should have reviewed and commented on all
contracts in which GITA has been involved. If the auditors’ intent was to evaluate only the
Computer Associates contract, then their conclusions are valid only for the CA contract.
Moreover, the auditors’ conclusions should acknowledge that they are commenting on one
contract only (CA) dated several years ago and not imply, with the negative tone carried
throughout Finding 1, that GITA’s current involvement in all statewide contracting matters is
2
suspect. To ensure objectivity, GITA requests the auditors include either a disclaimer or an audit
limitation statement in the final report that addresses this issue.
Auditors Fail to Quantify Benefits -- Further, the auditors imply the CA contract is not in the
best interests of the State. In fact, an objective review of the contract by Gartner Inc., the oldest
and largest information technology research and advisory firm in the country, finds the State’s
contract with Computer Associates (CA) to be above average in comparison to CA contracts
with other public entities. A copy of the Gartner report is enclosed.
Gartner’s rating scale gives a rating of 5 for “contractual results substantially consistent with all
other customers analyzed.” To quote from that report, “In summary, it is the expert opinion of
Frank DeSalvo, Software Asset Management Research Director for Gartner, that the State of
Arizona CA agreements were above average (7.5 to 8 Rating) when compared to other CA
contracts established by other organizations in the public sector during the periods in question.”
GITA offered to have the auditors speak to Gartner as an objective technical expert regarding the
CA contract.
The auditors’ report references an analysis prepared by SPO one year after the contract was
signed. No basis has been established for the assumptions and conclusions in that analysis.
Therefore, the SPO analysis should not be treated by the auditors as fact.
Finally, the auditors also fail to take into account fundamental changes in the State’s business
and financial condition. Evidence shows that agency-specific contracts in place when the CA
statewide contract was executed would have expired. If these agreements had been re-negotiated
by individual State agencies (rather than on a statewide basis), all using agencies would have
faced significant increases in mainframe software costs. Further, changes in the State’s
information technology infrastructure, such as data center consolidation, increases in MIPs,
purchases of new or upgrades of existing machines, etc., must be taken into account to accurately
assess the contract’s benefits.
Stakeholder Involvement Was Demonstrated-- The Finding repeatedly states GITA did not
involve stakeholders in the CA contract. Evidence of stakeholder involvement was provided to
the auditors, including e-mails, audiotapes and other documentary and anecdotal evidence.
Some of this evidence was in fact referred to in the auditors’ report.
The finding states the auditors interviewed CIOs and IT staff at 13 State agencies who indicated
having had little knowledge of or input into the CA contract. The finding fails to state that a
majority of the persons in the position of CIO at the time of the signing of the CA contract were
not in those positions at the time of the auditors’ interviews. Had the auditors interviewed these
individuals, they could have validated the stakeholder involvement.
State Procurement Office Was Involved -- The contract itself was signed by the Director of the
Department of Administration, the State’s Chief Procurement Officer by Statute – a highly
pertinent fact only mentioned by the auditors in a footnote. Clear evidence was presented to the
auditors that the State Procurement Office’s was involved in the CA contract process. For
instance, evidence shows a meeting was held on March 1, 2000, weeks before the Computer
3
Associates contract was signed. At that meeting, a comprehensive discussion took place on the
relative roles of GITA and SPO in statewide procurement matters and the status and plans for
about a dozen pending contracts, including the Computer Associates contract. Participating in
this discussion was the person serving as both Legal Counsel for the Department of
Administration and Acting State Procurement Administrator, as well as the SPO IT Unit
Manager, the GITA Director and others.
GITA has been and will continue to work with SPO to clarify the role of each party in regard to
statewide IT contracts. GITA has previously provided the auditors with copies of a draft
Interagency Service Agreement between GITA and SPO for this purpose.
Funding Needs Were Presented -- The Finding states there was a failure to determine if
funding was available for the CA contract. In fact, evidence shows that a financial plan was
presented to the budget offices and the using agencies for their review before the Computer
Associates contract was signed.
Finally, the auditors’ own recommendations state GITA’s role should be purely advisory in
nature. An advisory role, which GITA believes to be its correct role, would conflict with the
auditors’ contention that GITA should have been more active in determining funds availability
and allocating costs among agencies. These duties, as suggested in the report, are the statutory
responsibilities of the State’s budget offices and the using agencies.
In addition to the key points discussed above, GITA also disagrees with many other points in
Finding I, including:
Competition -- It is the responsibility of the State Procurement Office (SPO) to determine the
method of procurement and to document the reason for such decision. It was the responsibility
of the Department of Administration, who signed the CA contract and was a primary user of CA
products, to request the “sole source” or “not practical to compete” designation for the CA
contract.
Attorney General Approval -- The auditors acknowledge that Attorney General review was not
required, but was nevertheless sought. This is an example of the measures taken to ensure the
contract was in the State’s best interest.
Contract Administration -- Administration of all statewide IT contracts is the responsibility of
the State Procurement Office. As the auditors note many times in the report, GITA does not
have general procurement authority.
Migration Strategy -- The findings state that GITA should work with State agencies to develop
a strategy for replacing Computer Associates products. This seems to imply CA products are
defective or deficient. In fact, they are some of the most widely used mainframe products in the
world. The Finding correctly notes that replacing mainframe products can be both time
consuming and costly.
4
GITA Responses to Recommendations
Finding 1:
Recommendation 1 – This recommendation is directed to SPO.
Recommendation 2 – The finding of the Auditor General is agreed to and a different method
of dealing with the finding will be implemented. GITA’s statutory role is to review and
approve agency annual Information Technology plans (including migration plans) and
Project Investment Justifications and to define technical standards known as the State’s IT
Enterprise Architecture (EA). The EA provides the framework for future technology
investments for the State. The agencies are responsible for developing specific migration
plans for obsolete technology.
Recommendation 3 – The audit recommendation is agreed to and the audit recommendation
will be implemented. Furthe r, this is GITA’s current policy.
Recommendation 4 – The first sentence of the finding is agreed to and the audit
recommendation will be implemented by GITA. GITA has previously provided the auditors
with copies of a draft Interagency Service Agreement between GITA and SPO for this
purpose.
The rest of the finding of the Auditor General is not agreed to and the recommendation will
not be implemented. GITA believes that written justifications for all high dollar contracts,
regardless of whether technology is involved, would serve the interests of the State.
However, GITA believes that this responsibility should rest with the requesting agencies and
SPO. Requiring GITA to prepare written justifications for technology contracts on behalf of
or in concert with various State agencies could compromise GITA’s independence. (See
Finding 2)
Recommendation 5 – This recommendation is directed to the Arizona Legislature.
Recommendation 6 – This recommendation is directed to the Arizona Legislature.
Recommendation 7 – This recommendation is directed to SPO.
Finding 2:
Recommendation 1 – The audit recommendation is agreed to and the audit recommendation
will be implemented. This is current GITA practice. A draft updated policy consistent with
this practice is being prepared for circulation and comment.
Finding 3:
Recommendation 1 – This recommendation is directed to the Arizona Legislature.
5950 Canoga Avenue, Suite 600
Woodland Hills, CA 91367
213-999-7485
December 11, 2002
Jeff Hessenius
Chief Financial Officer
State of Arizona
Government Information Technology Agency
100 North 15th Avenue, Suite 440
Phoenix, AZ 85007
Dear Jeff,
Gartner was requested by The State of Arizona, Government Information Technology
Agency to provide a value analysis, focused on the terms and pricing of the State of
Arizona Computer Associates contract, dated March 2001, as compared to those of
other public entities in force at that time.
Gartner is the oldest and largest information technology research and advisory firm with
more than 11,000 clients in over 90 countries. Our review of the State’s CA contract
was performed by Gartner analyst Frank DeSalvo, Research Director for Software Asset
Management.
We appreciate the opportunity to provide Gartner’s expert opinion relative to this issue. If
you have any questions regarding this assessment, please contact me at 213-999-7485
or Jeffrey.Heath@gartner.com.
Kindest regards,
Jeff Heath
Sr. Account Executive, Public Sector
Gartner
Prepared for:
The State of Arizona
Government Information Technology Agency
2
Objective of the Report
The State of Arizona entered into a set of statewide enterprise agreements with
Computer Associates (CA) in 2000. The Government Information Technology
Agency (GITA) has asked the Gartner to provide a high-level assessment
comparing the State of Arizona agreements with other governmental clients that
signed CA agreements during that time period.
Computer Associates
CA is the second largest software manufacturer in the world, and is the leading
provider of mainframe software to corporations and governments in the United
States. Computer Associates has been in existence for 26 years, and currently
has a market capitalization valued at $8.74B.
Most major Fortune 1000 companies in the United States have agreements with
Computer Associates and many have enterprise agreements. It was typical for
5-year CA agreements to be renegotiated at customer initiation within two (2) to
three (3) years because of changes in circumstances and needs.
Most governmental entities also have agreements with Computer Associates;
however, despite the clear advantages, few state governments have followed
corporate America’s lead in pursuing enterprise contracting arrangements with
Computer Associates. The enterprise-wide deals usually provide pricing and
cost protection advantages not available from separate agreements negotiated
separately by individual agencies.
CA has an aggressive sales and licensing organization, known for being tough
negotiators. Their goal in negotiating agreements is to get the maximum amount
possible. This is achieved, partly, through keeping as much ambiguity in the
agreement as possible, thus allowing different interpretations over time that can
justify incremental costs. Pricing on CA agreements varies widely from client to
client, with discounts ranging from 95% below list pricing to 40% over. Further,
the pricing variation does not have a direct correlation to the size of the
organization involved or the length of relationship with CA, but rather to the
negotiation experience and persistence of the persons involved in the CA
negotiations.
The majority of organizations of a similar size in the private sector feel the
importance of the CA relationship and the size of the deals warrants at least one
dedicated in-house expert to manage the relationship/contract on a full-time
basis and to inform/educate customers regarding the underlying agreements.
Prepared for:
The State of Arizona
Government Information Technology Agency
3
Gartner Analyst Qualifications, Frank DeSalvo
Frank DeSalvo, Research Director for Software Asset Management has over 20
years experience analyzing software contracts and license programs from
companies such as Computer Associates, IBM and other mainframe software
vendors. Annually, he reviews about 1,000 client software license agreements
from the major vendors.
In 1991, Mr. DeSalvo negotiated, on behalf of the 10th largest bank in the U.S.,
the first enterprise wide license agreement signed by Computer Associates. In
the last 36 months he has reviewed over 500 CA agreements, of which
approximately 150 were from governmental entities, including state
governments, state agencies, cities, counties, and Federal government
agencies.
Before joining Gartner, Mr. De Salvo was Chief Financial Officer/Chief
Information Officer with more than 30 years of financial and IT experience,
including participation in numerous mergers and acquisitions. He was a founding
member of the Software Asset Management Interest Group (SWAMI). Well-known
for his innovative approach to software contracting, he initiated various
licensing models that are now industry standards.
As a consultant, he has been advising Fortune 1000 professionals in the art of
asset management since 1994. Mr. DeSalvo is also a Certified Public
Accountant.
Assessment of State of Arizona CA Agreements
We completed a detailed review of the Computer Associates license agreements
with the State of Arizona dated March 31, 2000 (“Original Agreements”), as
amended as of June 29, 2001 (“Re -negotiated Agreements”), and we then
prepared this high-level assessment. This assessment compares the State of
Arizona agreements with other CA agreements signed during the same time
period and rates them. The rating scale is 1 to 10, with a rating of 5 indicating
contractual results substantially consistent with all other customers analyzed.
Arizona’s performance ratings are as follows:
· Terms and conditions
Rating = 8
· Pricing (based on MIPS, net of included taxes)
Original Agreements Rating = 7
Re-negotiated Agreements = 8
· Overall assessment
Original Agreements Rating = 7.5
Re-negotiated Agreements = 8
Prepared for:
The State of Arizona
Government Information Technology Agency
4
In summary, it is the expert opinion of Frank DeSalvo, Software Asset
Management Research Director for Gartner, that the State of Arizona CA
agreements were above average (7.5 to 8 Rating) when compared to other CA
contracts established by other organizations in the public sector during the
periods in question.
Furthermore, in comparing the pricing of the State of Arizona statewide
enterprise agreement with a similar enterprise-wide agreement negotiated by a
much larger state during the same time period, we find the pricing very similar.
However, we find the terms and conditions of the Arizona agreements far
superior to that negotiated by the other state. (Note: The other state’s agreement
has since been re-negotiated as well.) Finally, statewide enterprise-wide
agreements, such as the original CA agreement, were considered innovative at
the time that the contract was established. Even through 2002, very few states
(less than 5) have negotiated a statewide enterprise-wide license.
Because the enterprise license in a governmental environment is such a unique
instrument, from which there is very little to model, attaining an overall 5 rating for
an initial enterprise contract would be considered a difficult task. The State of
Arizona’s 7.5 overall rating on the original CA contract would be considered a
very good.
Arizona’s Performance Rating Detailed Analysis by Attribute
Highlights of Favorable, Extraordinary Provisions
Seven (7) out of ten (10) deals with Computer Associates reviewed by Gartner
contain no extraordinary provisions. The inclusion of a significant number of
extraordinary clauses in the State of Arizona contracts has potential to
dramatically reduce overall software costs and provide strong contract
protections to the State. Further, these provisions may be critical to limit future
vendor interpretations that could have otherwise generated significant additional
expenditures and risks.
1. The defi nition used for “Licensee Sites” makes the contract non-data site
specific and is a concession not typically granted by Computer Associates.
This concession enables the State and its affiliates to change its business
as necessary without incurring additional costs.
2. The allowance for data centers “owned, operated or controlled” by
Licensee in the definition of “Licensee Sites” is also a favorable
concession. The word “controlled” expands the right to use beyond most
other agreements analyzed.
Prepared for:
The State of Arizona
Government Information Technology Agency
5
3. The inclusion of “future data center sites” allows for future planned or
unplanned data center changes. This also eliminates creative
interpretation by CA of what constitutes a data center and paves the way
for data center consolidation and other positive business/IT changes.
4. The agreements contain no ties to particular kinds of machines or CPU
sizes and no additional charges for processor, operating system or
machine changes or upgrades. Most CA agreements contain some of
these restrictions.
5. There are no bump charges, upgrade fees, transfer or replacement fees,
reinstatement charges, late payment charges or fees under the
agreements. Most CA agreements permit many of these additional
charges.
6. The right to process data for organizations other than those controlled by
the licensee usually requires a separate license for that instance. In the
State of Arizona agreements, all members of the State’s buying
cooperative regardless of ownership or control by the State are included in
a single license.
7. In addition, the right to process data for another state, the State of Hawaii
as defined and the ability to expand this two (2) more times is extremely
unusual.
8. The ability to use 200 MIPS of additional capacity each year without being
out of compliance and without generating supplemental license fees is not
generally granted.
9. The ability to continue to use the Software for the licensed final capacity
plus 200 MIPS at no additional fees except maintenance fees provides for
a type of perpetuity that is highly favorable to the State (subject to CA’s
interpretation of the MPR).
10. Capping maintenance at 600 MIPs even after contract termination is a
highly favorable concession negotiated by a select handful of customers
during a limited time period. Now customers trying to negotiate contracts
with CA are no longer able to get this concession.
11. Eliminating CA’s ability to accelerate all current and future payments in the
event of a missed payment and enabling the State’s ability to fund out in
the event of a future non-appropriation of funds, places the State in a
much stronger bargaining position during times of fiscal crisis.
Prepared for:
The State of Arizona
Government Information Technology Agency
6
12. The incorporation of an annual audit snapshot view eliminates the need
for continuous tracking of all hardware and protects against any
unplanned spikes in capacity between audit dates.
13. The addition of software product protection in the form of expanded
product warranties and the ability to receive source code for any
unsupported products provides the State with stronger ability to insure it
can run its business properly using CA products. Typically, CA offers
very limited warranties and access to source code only in cases where it
has been finally adjudicated as bankrupt.
14. The inclusion of the State of Arizona’s protective “Uniform Terms and
Conditions” provides for the inclusion of several terms typically not
delineated in comparative agreements and affords the State additional
protections. Examples include termination for convenience,
indemnification of the State, Arizona procurement code protections, right
to offset, etc.
15. The insertion of the “Special Terms and Conditions” clearly established
the intended users, which is often not addressed. The inclusion of a
service-level agreement for performance monitoring is also not often
included.
Terms and Conditions
The terms and conditions negotiated for the State of Arizona agreements are
generally consistent with other CA agreements negotiated by our clients in many
respects, however the State of Arizona has been able to establish unique
concessions and interpretations, some of which are highlighted above that
provide for expansion and control of the data processing environments. Since
the primary change in the Re-negotiated Agreements was the pricing, we have
given the Terms and Conditions the same rating for the Original Agreements and
Re-negotiated Agreements.
Terms and Conditions Rating = 8
Pricing
For the purposes of calculating the pricing, we have compared the product list to
CA list pricing at that time and applied various factors based on deals other state,
local governments, and agencies closed during that period.
Prepared for:
The State of Arizona
Government Information Technology Agency
7
Original Agreements: Based on the information provided, the net pricing
negotiated falls in the normal range of our clients. The special consideration of
expanded use and other extraordinary financial provisions were factored in as
cost avoidance measures that create additional value and result in an above -
average pricing rating.
Pricing Rating (Original Agreement) = 7
Re-negotiated Agreements: Based o n the information provided, the net pricing
negotiated falls above the normal range of our clients. The special consideration
of expanded use and other extraordinary financial provisions were factored in as
cost avoidance measures that create additional value and result in an above -
average pricing rating.
Pricing Rating (Re-negotiated Agreements) = 8
Overall Assessment
Original Agreements: For the original agreements, based on a baseline of 5, we
have weighted Terms and Conditions as 8 and Pricing as 7, and give the
agreements an overall assessment of 7.5.
Overall Assessment Rating: Original Agreements = 7.5
Re-negotiated Agreements: For the re-negotiated agreements, based on a
baseline of 5, we have weighted Terms and Conditions as 8 and Pricing as 8,
and give the contract an overall assessment of 8.
Overall Assessment Rating: Re-negotiated Agreements = 8
PLEASE NOTE: The Contract Development consulting provided by Gartner is being
provided as business advice. Gartner is not a law firm. No information provided by
Gartner in connection with this communication should be construed as legal advice.
Gartner recommends that the Client seek legal advice from its own attorneys in
connection with any legal issues, terms and conditions.
Jane Dee Hull
Governor
J. Elliott Hibbs
Director
ARIZONA DEPARTMENT OF ADMINISTRATION
OFFICE OF THE DIRECTOR
100 NORTH FIFTEENTH AVENUE, SUITE 401
PHOENIX, ARIZONA 85007
Telephone: (602) 542-1500 w Fax: (602)542-2199
January 3, 2003
Ms. Debra K. Davenport, CPA
Auditor General
2910 North 44th Street
Suite 410
Phoenix, Arizona 85018
Dear Ms. Davenport:
Thank you for providing the Department of Administration the opportunity to review the findings
and recommendations contained in the revised draft Auditor General Report on the Statewide
Technology License Agreement Account that impact the State Procurement Office. As I stated
in my December 17, 2002 comments, the Department appreciates the hard work of the Auditor
General’s staff in reviewing this account and making constructive suggestions for improving
State processes and procedures relative to the procurement of Information Technology
Software.
In accordance with the Joint Legislative Audit Committee’s procedures, the ADOA official
responses to each of the recommendations are shown below:
Recommendation 1: The State Procurement Office should investigate
renegotiating the Computer Associates contract to increase the mainframe growth
allowance for the 2 years added onto the contract and to obtain a better product
mix and seek concessions for other Computer Associates products the State may
need in the future.
The finding of the Auditor General is agreed to and the audit recommendation
reflects actions already being implemented. The ADOA Information Services Division
and the State Procurement Office have held two meetings with representatives from
Computer Associates as part of the renegotiation process. The third meeting is
scheduled for January 9, 2003. Additionally, ADOA has sought, and will continue to
seek, input from all other mainframe user agencies using CA products throughout the
renegotiation.
Recommendation 7: The State Procurement Office should develop policies and
procedures on how state-wide information technology contracts should be
handled, including ensuring that affected stakeholders are involved in the
procurement process, proper analyses have been conducted, and ITAC and JLBC
approval has been obtained.
The finding of the Auditor General is agreed to and the audit recommendation will
be implemented.
Ms. Debra K. Davenport, CPA
January 3, 2003
Page Two
While ADOA agrees with the two findings, we have the following comments regarding three
specific areas:
“State Procurement Office did not have active role”
The Department agrees with the finding that the contract was not competitively bid and that a
written determination that competition was impracticable was not made. However, the
Government Information Technology Agency (GITA) was negotiating for replacement of an
existing CA contract for products which, as the audit report indicates, could not reasonably be
replaced. Bidding of the CA contract would not have resulted in any reasonable competition.
Therefore, even though a written determination was not made, competitive bidding was
impracticable.
“Renegotiation solved some problems but others remain”
The Department agrees that a replacement strategy for CA products should be investigated.
However, ADOA staff believe any investigation should include a comprehensive analysis of all
mainframe software contracts and should involve the Arizona Department of Administration and
all other mainframe user agencies.
“Renegotiated contract”
The Department notes that by extending the CA contract by two years, the State benefited from
a net cost avoidance of $12 million for the two additional contract years, as well as an average
annual payment reduction of $1.5 million.
Thank you again for the opportunity to comment on the report. Should you have any questions
regarding this response, please feel free to contact Tara Roesler, Finance and Planning
Manager for the Information Services Division, at 542-2016 or John Adler, State Procurement
Officer, at 542-5511.
Sincerely,
J. Elliott Hibbs
Director
01-23 Department of Building and
Fire Safety
01-24 Arizona Veterans’ Service
Advisory Commission
01-25 Department of Corrections—
Arizona Correctional Industries
01-26 Department of Corrections—
Sunset Factors
01-27 Board of Regents
01-28 Department of Public Safety—
Criminal Information Services
Bureau, Access Integrity Unit,
and Fingerprint Identification
Bureau
01-29 Department of Public Safety—
Sunset Factors
01-30 Family Builders Program
01-31 Perinatal Substance Abuse
Pilot Program
01-32 Homeless Youth Intervention
Program
01-33 Department of Health
Services—Behavioral Health
Services Reporting
Requirements
02-01 Arizona Works
02-02 Arizona State Lottery
Commission
02-03 Department of Economic
Security—Kinship Foster Care
and Kinship Care Pilot
Program
02-04 State Parks Board—
Heritage Fund
02-05 Arizona Health Care Cost
Containment System—
Member Services Division
02-06 Arizona Health Care Cost
Containment System—Rate
Setting Processes
02-07 Arizona Health Care Cost
Containment System—Medical
Services Contracting
02-08 Arizona Health Care Cost
Containment System—
Quality of Care
02-09 Arizona Health Care Cost
Containment System—
Sunset Factors
02-10 Department of Economic
Security—Division of Children,
Youth and Families, Child
Protective Services
02-11 Department of Health
Services—Health Start
Program
02-12 HB2003 Children’s Behavioral
Health Services Monies
02-13 Department of Health
Services—Office of Long Term
Care
Performance Audit Division reports issued within the last 12 months
Future Performance Audit Division reports
Department of Commerce
Registrar of Contractors
Water Infrastructure Finance Authority

Object Description

Rating
TITLE	Performance audit, Government Information Technology Agency, state-wide technology contracting issues
CREATOR	Office of the Auditor General
SUBJECT	Arizona--Government Information Technology Agency--Auditing; Information technology--Arizona; Contracting out--Arizona--Auditing;
Browse Topic	Government and politics
DESCRIPTION	This title contains one or more publications
Language	English
Publisher	Office of the Auditor General
Material Collection	State Documents
Source Identifier	LG 6.2:R 36
Location	o51573635
REPOSITORY	Arizona State Library, Archives and Public Records--Law and Research Library

Description

TITLE	Performance audit, Government Information Technology Agency, state-wide technology contracting issues
DESCRIPTION	48 pages (PDF version). File size: 345 KB
TYPE	Text
RIGHTS MANAGEMENT	Copyright to this resource is held by the creating agency and is provided here for educational purposes only. It may not be downloaded, reproduced or distributed in any format without written permission of the creating agency. Any attempt to circumvent the access controls placed on this file is a violation of United States and international copyright laws, and is subject to criminal prosecution.
DATE ORIGINAL	2003-01
Time Period	2000s (2000-2009)
ORIGINAL FORMAT	Born Digital
Source Identifier	LG 6.2:R 36
Location	o51573635
DIGITAL IDENTIFIER	03-01.pdf
DIGITAL FORMAT	PDF (Portable Document Format)
REPOSITORY	Arizona State Library, Archives and Public Records--Law and Research Library.
File Size	352927 Bytes
Full Text	A REPORT TO THE ARIZONA LEGISLATURE Debra K. Davenport Auditor General Government Information Technology Agency State-wide Technology Contracting Issues Performance Audit Division JANUARY • 2003 REPORT NO. 03 – 01 Performance Audit The Auditor General is appointed by the Joint Legislative Audit Committee, a bipartisan committee composed of five senators and five representatives. Her mission is to provide independent and impartial information and specific recommendations to improve the operations of state and local government entities. To this end, she provides financial audits and accounting services to the State and political subdivisions, investigates possible misuse of public monies, and conducts performance audits of school districts, state agencies, and the programs they administer. The Joint Legislative Audit Committee Representative Roberta L. Voss, Chair Senator Ken Bennett, Vice Chair Representative Robert Blendu Senator Herb Guenther Representative Gabrielle Giffords Senator Dean Martin Representative Barbara Leff Senator Peter Rios Representative James Sedillo Senator Tom Smith Representative James Weiers (ex-officio) Senator Randall Gnant (ex-officio) Audit Staff Dot Reinhard, Manager and Contact Person Catherine Dahlquist, Team leader Lori Babbitt Rachel Rowland Copies of the Auditor General’s reports are free. You may request them by contacting us at: Office of the Auditor General 2910 N. 44th Street, Suite 410 • Phoenix, AZ 85018 • (602) 553-0333 Additionally, many of our reports can be found in electronic format at: www.auditorgen.state.az.us 2910 NORTH 44th STREET • SUITE 410 • PHOENIX, ARIZONA 85018 • (602) 553-0333 • FAX (602) 553-0051 DEBRA K. DAVENPORT, CPA AUDITOR GENERAL STATE OF ARIZONA OFFICE OF THE AUDITOR GENERAL WILLIAM THOMSON DEPUTY AUDITOR GENERAL January 9, 2003 Members of the Arizona Legislature The Honorable Janet Napolitano, Governor Mr. Chris Cummiskey, incoming Director Government Information Technology Agency Ms. Betsey Bayless, Director Department of Administration Transmitted herewith is a report of the Auditor General, A Performance Audit of the Government Information Technology Agency (GITA)—State-wide Technology Contracting Issues. This audit was conducted in accordance with Laws 2000, Chapter 110 §1(E), and under the authority vested in the Auditor General by A.R.S. §41-1279.03 I am also transmitting with this report a copy of the Report Highlights for this audit to provide a quick summary for your convenience. As outlined in its response, GITA disagrees with the first finding. It plans to implement or implement differently 3 of the 4 recommendations directed to it. Further, GITA disagrees in part with one recommendation, and does not plan to implement the entire recommendation. Also, as outlined in its response, the Department of Administration agrees with the first finding and plans to implement the two recommendations directed to it. My staff and I will be pleased to discuss or clarify items in the report. This report will be released to the public on January 10, 2003. Sincerely, Debbie Davenport Auditor General Enclosure cc: Mr. Craig Stender, former Director Mr. J. Elliott Hibbs, Director Government Information Technology Agency Department of Revenue (former Director—Department of Administration) In accordance with Laws 2000, Chapter 110 §1(E), the Office of the Auditor General has conducted a performance audit of three areas involving the Government Information Technology Agency (GITA). This audit was conducted under the author-ity vested in the Auditor General by A.R.S. §41-1279.03. GITA was established in 1997 to plan and coordinate information technology for state government and provide related consulting services. One of its primary statutory responsibilities is to develop a state-wide plan for information technology that entails among other things adopting state-wide information technology standards, such as requirements for ensuring the security of state agencies' information technology sys-tems and developing a detailed listing of the State's information technology assets. In addition, GITA is responsible for approving agencies' information technology proj-ects costing between $25,000 and $1 million, and monitoring the projects that are considered critical to the State. GITA also provides staff support for the Information Technology Authorization Committee (ITAC), which reviews and approves state agencies' information technology projects costing more than $1 million. This was not a Sunset review of GITA but rather a performance audit that focused on three defined areas.1 The three areas outlined in law for this audit are 1) GITA's abil-ity to contract and enter into interagency and intergovernmental agreements, 2) whether the contracting function affects GITA's ability to independently evaluate state agencies' information technology plans, and 3) the Statewide Technology Licensing Agreement (STLA) account. l GITA’s contracting ability—State law provides GITA with general authority to for-mulate policies, adopt rules, and contract and enter into interagency and inter-governmental agreements. Statutes do not provide GITA with any delegated purchasing authority, or exempt it from state procurement laws and codes. l GITA’s ability to independently evaluate information technology projects—GITA is statutorily required to review and either approve or disapprove agency infor-mation technology projects estimated to cost between $25,000 and $1 million to determine if they are viable and benefit the State. In fact, for projects requir-ing GITA approval, the Arizona Administrative Code specifically prevents agen-page i 1 GITA’s Sunset review is due October 1, 2005, as GITA is scheduled to terminate July 1, 2006. Office of the Auditor General SUMMARY cies from committing or spending monies or from entering into project-related contracts or vendor agreements before receiving GITA’s written approval. l STLA account—Legislation approved in April 2000 established the STLA account and directs that monies in the account be used for state-wide technology license agreements designated by GITA’s director. A state-wide technology license agreement is a contract with a vendor for information technology products and services, such as computer software and maintenance. Changes needed to ensure state-wide information tech-nology contracts benefit the State (see pages 5 through 14) Changes are needed to address problems with a multi-million dollar contract GITA developed and negotiated and to help ensure that future state-wide information tech-nology contracts benefit the State. When GITA negotiated a 5-year, $30.6 million state-wide contract with Computer Associates International, Inc. for mainframe and non-mainframe software (effective March 31, 2000), it anticipated that the contract would save the State millions of dollars. However, an analysis conducted by the State Procurement Office a year after the contract was signed found that the payment obli-gation for this state-wide contract was a 389 percent increase from previous Computer Associates contract amounts. GITA failed to use procedures that would ensure the contract was necessary or rea-sonable. Specifically, although GITA does not have procurement authority, it bypassed the State Procurement Office (SPO) when developing and negotiating this contract. GITA did not ensure that the contract was competitively bid nor did it pro-vide the proper justification for declaring the contract as “competition impracticable.” Further, even though this contract canceled and replaced some existing contracts with Computer Associates that had been developed and negotiated by other state agencies, GITA made only limited attempts to get stakeholder input and buy-in. GITA also failed to follow other sound procurement practices, including verifying the State’s need for the software products independent of the vendor’s projections. For example, in justifying the need for the contract, the vendor provided GITA with a list-ing of anticipated agency information technology projects. However, it was later determined that this list contained over $43 million in unfunded agency information technology projects. page ii State of Arizona GITA did not take any steps to verify funding for these projects or even perform an analysis of the likelihood that they would be funded prior to entering into the contract. Because the State was unable to meet its payment obligation, the Department of Administration’s director requested SPO to renegotiate the contract with Computer Associates in 2001. During the renegotiation, the contract was extended for 2 addi-tional years at no extra cost, so it appears that the primary benefit to the State is that the $30.6 million payment will be spread over 7 years rather than the original 5-year term. However, SPO should investigate further renegotiation with Computer Associates to address two remaining problems. First, SPO should investigate renegotiating with the vendor to increase the State’s mainframe processing capacity during the 2 addi-tional years. As a result of the State’s growing population, agencies are processing more and more transactions, such as driver’s license applications and income tax fil-ings. This activity requires additional mainframe processing capacity, which can be very costly. The initial contract allowed for 20 percent annual growth in the process-ing capacity of the State’s mainframe computers, but additional growth was not pro-vided for in the 2 years added to the contract. Second, SPO should investigate nego-tiating with the vendor to get a product mix that more closely reflects the State’s cur-rent and projected need for Computer Associates products. The State is currently using only about half of the 102 mainframe products available for state-wide use, and three agencies have additional agreements with Computer Associates totaling $1.6 million for other software products. Whether or not renegotiation is successful, GITA should work with state agencies to develop a strategy for replacing Computer Associates software in case it should become beneficial to do so. In addition to addressing problems with the Computer Associates contract, several additional steps should be taken to ensure that future state-wide information tech-nology contracts meet the State’s needs. l First, GITA should develop written policies and procedures to guide its involve-ment in the development and procurement of state-wide information technolo-gy contracts. If GITA identifies the need for a state-wide information technology contract that would financially commit the State to over $1 million, it should establish a written justification which, at a minimum, should include such things as an independent assessment of the State’s need for the products or services, stakeholder input, a plan to fund the contract, and an exit strategy for replacing the proposed products. In addition, GITA should limit its role in the procurement process to an advisory capacity. l Second, the Legislature should consider requiring GITA to submit written justifi-cations for those state-wide information technology contracts that would finan-cially commit the State to over $1 million to ITAC and the Joint Legislative Budget Committee (JLBC) for review. ITAC comprises representatives from the Legislature, state agencies, private industry, and the courts. This committee cur-page iii Office of the Auditor General rently approves state agency information technology projects that exceed $1 million, and conducts periodic reviews of critical projects. l Third, SPO should be responsible for conducting contract negotiations and develop policies and procedures guiding state-wide information technology contract procurement. Policy needed to help ensure GITA’s independence in reviewing and approving agency technology projects (see pages 15 through 16) GITA needs to develop a policy to ensure its independence when reviewing and approving state agencies’ technology projects. GITA is involved in three interrelated functions associated with state agencies’ acquisition of information technology: l Adopting state-wide standards for information technology that provide state agencies with direction on minimum and acceptable information technology requirements. l Reviewing state agency information technology projects estimated to cost between $25,000 and $1 million to determine if they benefit the State, and approving or disapproving them. l Participating in developing state-wide information technology contracts. GITA’s involvement in all three functions can potentially create concerns about the agency’s ability to objectively review and approve or disapprove agency technology projects. Auditors did not find evidence that GITA’s independence had been com-promised. However, some could argue that GITA could set standards and only approve projects that would require an agency to use certain vendors’ products, even if those products are not the most cost-effective or most appropriate, because the products would justify a particular state-wide contract that GITA helped to develop. In conducting its work, GITA should provide alternatives whenever possible to ensure it continues to objectively review and approve state agencies’ technology projects. To avoid conflict, or even the appearance of conflict, GITA should develop a written policy that requires it to recommend, or offer, more than one vendor or product when-ever possible, as it formulates conditions for project approval. If more than one alter-native is not available, GITA should state that fact in the memo sent to the agency indicating the project review’s outcome. page iv State of Arizona pagev Office of the Auditor General STLA account should be allowed to repeal (see pages 17 through 19) The STLA account should be allowed to repeal on June 30, 2003, as scheduled because it is not needed and has not been used. Legislation approved in April 2000 established the STLA account and directs that monies in the account be used for state-wide technology license agreements designated by GITA’s director. If a state agency chooses to purchase a product or service available on one of the designat-ed contracts, the agency is required to transfer its payment to the STLA account. The amount an agency would need to transfer to the account would be based on rates determined jointly by GITA and the Department of Administration. There were two main reasons given for establishing the STLA account: 1) to provide a mechanism for monitoring agency software usage, and 2) to provide a means for funding future state-wide technology initiatives. According to legislative hearing min-utes and JLBC fiscal notes, it was believed the STLA account would facilitate moni-toring agency use of software to determine actual purchasing volumes so that the State could negotiate better discount rates with vendors. However, the State already has mechanisms in place for obtaining this information, such as GITA’s annual inven-tory of state agency information technology assets. GITA also intended the STLA account to act as a repository of savings, which it could use to fund future state-wide technology initiatives. The savings would be generated by setting the rates charged to the agencies using designated contracts’ products and services slightly higher than needed to pay the vendor. However, GITA does not have authority to spend the monies in the STLA account because the law appropriates the monies only to the Department of Administration and requires that they be used for state-wide technol-ogy licensing contracts. Despite the STLA account being in existence for more than 2 years, it has never been used. GITA’s director must designate a state-wide technology licensing agreement, or contract, for payment through the account for it to be used. However, no contracts have been designated for the account. The state-wide contract with Computer Associates was considered, but it did not generate any of the anticipated savings, so the director decided against designating it for the STLA account. Additionally, in October 2002, GITA determined that the account was not necessary and should be allowed to repeal, citing several factors, including a lack of funding for a contract administrator position to oversee the contracts designated for the account. pagevi State of Arizona page vii Office of the Auditor General TABLE OF CONTENTS 1 5 5 7 9 12 14 15 15 16 16 17 17 18 18 19 Introduction & Background Finding 1: Changes needed to ensure state-wide infor-mation technology contracts benefit the State GITA anticipated contract would save millions GITA neglected basic procedures in negotiating contract Renegotiation solved problems but others remain Steps needed to address future contracts Recommendations Finding 2: Policy needed to help ensure GITA’s inde-pendence in reviewing and approving agency technol-ogy projects GITA’s responsibilities create potential for conflict for interest Policy needed to help ensure objectivity Recommendation Finding 3: STLA account should be allowed to repeal STLA account not needed to monitor agency software usage GITA lacks authority to use STLA account as it intended STLA account has never been used Recommendation Agency Response page viii State of Arizona page1 Office of the Auditor General INTRODUCTION & BACKGROUND In accordance with Laws 2000, Chapter 110 §1(E), the Office of the Auditor General has conducted a performance audit of three areas involving the Government Information Technology Agency (GITA). This audit was conducted under the author-ity vested in the Auditor General by A.R.S. §41-1279.03. GITA responsibilities, staff, and budget GITA was established in 1997 to plan and coordinate information technology for state government and provide related consulting services. One of its primary statutory responsibilities is to develop a state-wide plan for information technology which entails, among other things, adopting state-wide information technology standards, such as requirements for ensuring the security of state agencies' information tech-nology systems and developing a detailed listing of the State's information technolo-gy assets. In addition, GITA is responsible for approving agencies' information tech-nology projects costing between $25,000 and $1 million, and monitoring the projects that are considered critical to the State. GITA also provides staff support for the Information Technology Authorization Committee (ITAC), which reviews and approves state agencies' information technology projects costing more than $1 mil-lion. To perform these responsibilities, GITA is appropriated 21 FTE positions, including a director, deputy director, and staff. Funding for GITA is generated through a pro rata share of .15 percent of total payroll for all agencies and the legislative and judicial branches of state government. In fiscal year 2002, GITA expended $2.7 million. Audit scope and background This was not a Sunset review of GITA but rather a performance audit that focused on three defined areas.1 Specifically, pursuant to Laws 2000, Chapter 110 §1(E), the audit was required to focus on: 1) GITA’s ability to contract and enter into interagency 1 GITA’s Sunset review is due October 1, 2005, as GITA is scheduled to terminate July 1, 2006. page2 1 GITA’s rules define an information technology project as a specific series of activities involving the implementation of new or enhanced information technology systems over a prescribed period of time. If a project’s cost exceeds $1 million, GITA will review it and then make recommendations to the Information Technology Authorization Committee (ITAC). ITAC, which comprises representatives from the Legislature, private industry, local and federal government, state government, and the courts, will then decide whether to approve or disapprove the project. 2 This requirement pertains to those state agencies required to submit information technology plans to GITA for approval and includes most agencies, departments, commissions, and boards. The universities, community colleges, and the leg-islative and judicial branch agencies are not subject to this requirement. State of Arizona and intergovernmental agreements, 2) whether the contracting function affects GITA’s ability to independently evaluate state agencies’ information technology plans, and 3) the Statewide Technology Licensing Agreement (STLA) account. l GITA’s contracting ability—State law provides GITA with general authority to for-mulate policies, adopt rules, and contract and enter into interagency and inter-governmental agreements. Statutes do not provide GITA with any delegated purchasing authority, or exempt it from state procurement laws and codes. However, because GITA is statutorily required to develop a state-wide plan for information technology and to review and approve state agencies’ information technology projects, it has been involved in developing state-wide contracts for information technology services. l GITA’s ability to independently evaluate information technology projects—GITA is statutorily required to review and either approve or disapprove agency infor - mation technology projects estimated to cost at least $25,000 to determine if they are viable and benefit the State.1 In fact, the Arizona Administrative Code specifically prevents agencies from committing or spending monies on infor-mation technology projects subject to GITA’s review or from entering into proj-ect- related contracts or vendor agreements before receiving GITA’s written approval. In addition, GITA is also responsible for setting state-wide standards for infor - mation technology. These standards consist of statements GITA developed that provide state agencies with direction on minimum and acceptable information technology requirements. Examples include standards for ensuring the securi-ty of state agencies’ information technology systems, and standards for coordi-nating and implementing agency or state computer networks. l STLA account—Legislation approved in April 2000 established the STLA account. Monies in the account are to be used for state-wide technology license agreements designated by GITA’s director. A state-wide technology license agreement is a state-wide contract with a vendor for information technology products and services, such as computer software and maintenance. If a state agency chooses to purchase a product or service available on one of the des-ignated state-wide technology contracts, the agency is required to transfer its payment to the STLA account.2 The amount an agency would need to transfer to the account would be based on rates established jointly by GITA and the Department of Administration. Law allows the rates to reflect both the cost for the use of the product and/or service, and furtherance of state information tech- Law requires monies in STLA account to be used for state-wide technology licensing agreements. GITA does not have any delegated procurement authority. Statutes require GITA to approve or disapprove agencies’ information technology projects costing between $25,000 and $1 million. page3 Office of the Auditor General nology policies, standards, innovation, and strategic direction. Therefore, the rates charged to an agency could be higher than the amount required for ven-dor payments. The report present findings and recommendations in three areas: l Changes are needed to ensure state-wide information technology contracts meet the State’s needs, including requiring ITAC and JLBC to review written jus-tifications for state-wide information technology contracts that would obligate the State to over $1 million, and the need for GITA and the State Procurement Office to develop policies and procedures specifying how state-wide technolo-gy contracts should be handled and their respective responsibilities in the pro-curement process. l GITA should develop a written policy to ensure that state agencies’ information technology projects are reviewed objectively. l The STLA account should be allowed to repeal on June 30, 2003, as it is not needed and has never been used. Audit methodology Auditors used several methods to assess the three areas identified in statutes. General methods used to obtain an understanding of GITA’s contracting authority, independence, and the STLA account, included reviewing statutes, legislative min-utes, and GITA’s policies, standards, and procedures; and interviewing personnel from GITA, the Department of Administration, the Joint Legislative Budget Committee, the Office of Strategic Planning and Budget, and the Legislative Council. In addition, auditors used the following specific methods in reviewing each of the three areas: l Contracting authority—To obtain a better understanding of GITA’s contracting role and authority, auditors conducted a literature search of best practices in information technology contracting and reviewed recent information technology contracts in which GITA participated. In addition, auditors conducted an exten-sive review of a state-wide contract with Computer Associates International, Inc. because it was developed and negotiated by GITA, financially committed the State to $30.6 million, and legislative interest in this contract was sparked by recent publicity about problems California experienced with a state-wide infor-mation technology licensing contract. Specifically, the California State Auditor’s Office noted that the state executed an information technology licensing con-tract worth almost $95 million with Oracle Corporation despite evidence sug- page4 1 California State Auditor Bureau of State Audits, Enterprise Licensing Agreement: The State Failed to Exercise Due Diligence When Contracting with Oracle, Potentially Costing Taxpayers Millions of Dollars, Report Number 2001-128, April 2002. 2 The 13 agencies contacted included the Arizona Health Care Cost Containment System, Department of Administration, Department of Economic Security, Department of Education, Department of Environmental Quality, Department of Health Services, Department of Insurance, Department of Public Safety, Department of Revenue, Industrial Commission, State Compensation Fund, State Land Department, and Supreme Court. 3 An additional nine projects received conditional approval or were disapproved during this period, but were not readily available for auditors’ review. 4 The eight states contacted were Colorado, Florida, Nevada, New Mexico, Ohio, Texas, Washington, and Wisconsin. These states were selected because they had a centralized information technology unit responsible for state-wide strate-gic information planning. State of Arizona gesting that the need for the licenses was limited.1 To review the Computer Associates’ contract, auditors reviewed historical documents GITA compiled, and interviewed personnel from GITA, the Department of Administration, and Computer Associates to reconstruct what occurred during the initial negotiation and subsequent renegotiation. In addition, auditors interviewed personnel from 13 state agencies to determine their involvement in the original Computer Associates negotiations and current and anticipated use of contract products.2 It should be noted that some of the individuals with a primary role in the original negotiations were no longer available to be interviewed. l Independence issue—To determine whether GITA’s objectivity in reviewing and approving agencies’ information technology projects could be influenced by its involvement in setting information technology standards and participating in contract development and negotiation, auditors examined all of the 56 agency project plans GITA reviewed from January 2000 through September 2002 that were conditionally approved or disapproved.3 l STLA account—To obtain further information about the account’s purpose and use, auditors interviewed information technology and procurement staff from eight states to obtain information on their states’ use of STLA-type accounts;4 reviewed information from the federal Office of Management and Budget to determine if assessing a surcharge for products purchased through the STLA account would violate federal cost principles; and reviewed STLA account doc-uments to determine whether any revenue and expenditure activity had occurred since the account’s inception. This audit was conducted in accordance with government auditing standards. The Auditor General and staff express appreciation to the director and staff of the Government Information Technology Agency and the director and staff of the Department of Administration for their cooperation and assistance throughout the audit. Changes needed to ensure state-wide informa-tion technology contracts benefit the State The State needs to make several fundamental changes to help ensure that state-wide information technology contracts in general—and a $30.6 million contract GITA developed and negotiated in particular—are in the State’s best interest. In develop-ing and negotiating a 5-year, $30.6 million contract with Computer Associates in 2000, GITA failed to use procedures that would ensure the contract was necessary or reasonable, or even that the State would be able to afford the payments. Although the State Procurement Office (SPO) subsequently renegotiated the contract in 2001 to extend it for 2 additional years at no cost, other problems remain, and SPO should investigate renegotiating the contract again. To help ensure that such problems do not recur, the Legislature should require the Information Technology Authorization Committee (ITAC) and the Joint Legislative Budget Committee (JLBC) to review writ-ten justifications for state-wide information technology contracts that financially com-mit the State to over $1 million. In addition, SPO and GITA should individually devel-op policies and procedures to better define their respective roles in the contracting process. GITA anticipated contract would save millions When GITA negotiated a 5-year, $30.6 million state-wide contract, effective March 31, 2000, with Computer Associates, it anticipated that the contract would save the State more than $6 million through a combination of cost savings and cost avoidance. The contract, which covers software for mainframe and non-mainframe computers, superseded other existing contracts that individual agencies had negotiated with Computer Associates. page5 Office of the Auditor General FINDING 1 page6 State of Arizona Contract covered software for variety of applications—The state-wide Computer Associates contract provides software for two types of computers—main-frame and non-mainframe. l Mainframe software runs on powerful central computers designed to service the needs of many users. The software ranges from operating systems to individual programs and applications. This part of the contract contains about 100 different mainframe software products for performing such tasks as database manage-ment, job scheduling, security, and report programming. Because mainframe software helps operate large computers instead of individual personal comput-ers, software cost is based on the size of the computer and speed at which data is processed rather than the number of users. A mainframe’s processing capac-ity is defined as “MIPS,” or millions of instructions per second. The contract set the State’s MIPS at 1,800 for the first year and gradually increased it to 3,000 in the contract’s last year. All state agencies can use the mainframe products on the State’s mainframes. Currently, the State has three mainframes operated by the Departments of Administration, Economic Security, and Public Safety. This por-tion of the contract was valued at nearly $21 million. l Non-mainframe software is sometimes called “distributed” software because it runs on many individual computers, rather than from a single machine. This part of the contract initially included over 20 Computer Associates products and/or suites of products for performing tasks such as network security and Web man-agement. The non-mainframe products were available to all state agencies. This portion of the contract was valued at over $9 million. GITA’s reasons for establishing the contract—GITA anticipated that this contract would save the State more than $6 million over the life of the contract. At the time the contract was being developed and negotiated, the State was in the process of consolidating some of its large data centers. GITA believed that the contract would eliminate costly upgrade fees that Computer Associates would charge when a state agency moved from its own smaller mainframe to a much larger, centralized data center mainframe computer with increased processing capacity. In addition, GITA anticipated establishing rates for the non-mainframe software products that would not only cover the software contract cost but also help fund future technology initiatives. Firm commitment contract superseded other contracts—This contract differs from other Arizona state-wide information technology contracts in two ways. First, it is a firm commitment contract, meaning that the State pays a fixed annual amount regardless of the number of contracted software products or the amount of MIPS actually used (unless the amount exceeds the capacity allowed in the contract). In contrast, use- and volume-based contracts would base pricing on the actual MIPS and/or software products purchased or used. Second, because this contract is a state-wide agreement including Computer Associates’ mainframe processing soft-ware, it canceled and replaced the State’s other contracts with Computer Associates Computer Associates contract requires State to pay a fixed amount, regardless of use. GITA believed state-wide Computer Associates contract would save the State more than $6 million over 5 years. page7 Office of the Auditor General for the same products. These other contracts were negotiated by such agencies as the Department of Economic Security and the Department of Administration. GITA neglected basic procedures in negotiating contract GITA did not take appropriate steps to ensure the Computer Associates contract was in the State’s best interest. Specifically, it failed to actively solicit the involvement of the State Procurement Office, and as a result, standard procurement practices, including the State’s competitive bidding requirement, were not followed. GITA also failed to employ sound procurement practices, such as independently determining the State’s need for the software products, determining whether agencies had ade-quate monies to pay for the contract’s products, or establishing a plan for adminis-tering the contract. As a result, the State was unable to meet its payment obligation. State Procurement Office did not have active role—GITA bypassed SPO when it developed and negotiated the Computer Associates contract, although GITA has no procurement authority.1 Generally, agencies without purchasing authority work with SPO when procuring goods and services. However, although the Department of Administration indicates that at least one former member of SPO was aware of the negotiations, auditors were unable to find evidence that GITA actively sought SPO involvement. As a result, GITA did not ensure that standard procurement practices or codes were appropriately followed. For example, the contract was nei-ther competitively bid, nor was there a request to deem the contract “competition impracticable,” which allows for bypassing the process of obtaining competitive bids when proper justification is provided. In addition, SPO officials were unable to pro-vide much explanation as to their absence in the process other than saying that dur-ing this period, GITA was a new agency and was acting independently. Contract development practices inadequate—Without the benefit that SPO’s advice might have provided, GITA failed to employ contract development practices that would ensure the Computer Associates contract was necessary, rea-sonable, or would benefit the State. Within 1 year, the State found itself operating with a contract it could not pay for. Practices GITA did not follow ranged from not assess-ing need to not setting up appropriate contract management. l Need based on vendor analyses and projections—GITA did not perform an independent analysis to justify the contract, but relied on the data that Computer Associates supplied. Specifically, GITA relied on the vendor’s estimates for the State’s growth in mainframe processing capacity, or MIPS, and anticipated needs for additional Computer Associates products. Although current GITA offi-cials indicated that an independent analysis was conducted prior to the original contract negotiation, they were unable to provide auditors with documentation of such analysis. In fact, documents GITA provided indicate that the need for the Within 1 year, the State found itself operating with a contract it could not pay for. GITA failed to employ sound procurement practices such as inde-pendently determining the State’s need for the products. 1 Because GITA has no procurement authority, the Computer Associates’ contract was signed by the director of the Department of Administration, who is the State’s chief procurement officer. page8 State of Arizona contract was based solely on information provided by Computer Associates. For example, in justifying the need for the contract, the vendor provided GITA with a listing of anticipated agency information technology projects. However, it was later determined that this listing contained over $43 million in unfunded agency information technology projects. GITA did not verify that there was funding for these projects or even perform an analysis of the likelihood that they would be funded before it entered into the contract. l Contract exceeded available funding—GITA failed to ensure a funding plan or strategy was developed for how the State would pay for the state-wide contract. Consequently, an analysis SPO conducted a year after the contract was signed found that the state-wide contracts’ payment obligation was a 389 percent increase from the previous Computer Associates contract amounts, and aver-aged an annual payment of over $6 million a year. Further, SPO indicated that the contract’s paystream exceeded the State’s combined budgets by $15.5 mil-lion over the contract term. Despite these significant increases, GITA failed to determine how the increased costs would be divided among the agencies. In addition, monies anticipated from agencies’ use of the Computer Associates-distributed products were not realized because the software was not being used. l Contract negotiations lacked stakeholder input—Despite the fact that the Computer Associates state-wide contract directly impacted several individual agencies, GITA did not effectively solicit these agencies’ involvement. Although GITA was able to provide evidence that it made some limited attempts to gath-er feedback on agencies’ mainframe products, there was little to no evidence that it sought agency input on distributed products. Consequently, it was unable to show any formal attempts it made to ensure agencies took an active part in the contract’s development. For example, audio tapes GITA provided of the State’s Chief Information Officer (CIO) Council meetings during December 1999 and January 2000 showed little more than a mention of the Computer Associates contract. Additionally, documents GITA provided showed an e-mail it authored soliciting feedback from the CIO Council membership only 1 day prior to the contract signing. Additionally, auditors conducted interviews with CIOs and information technolo-gy staff from 13 state agencies who were aware of the Computer Associates contract and they overwhelmingly indicated having little knowledge about or input into the contract. Without adequate agency input, the State cannot guar-antee that the state-wide contract would include the appropriate products and services that all agencies are using or anticipated using. For example, the Industrial Commission continues to pay $73,000 annually to Computer Associates for two products, one of which could have been included in the state-wide contract. Interviews with informa-tion technology staff from 13 state agencies found they had little knowledge about or input into the Computer Associates contract. page9 Office of the Auditor General l Existing contracts not reviewed—Even though this contract superseded existing state agency contracts with Computer Associates, there is no evidence to show that GITA reviewed the existing contracts before entering into the state-wide con-tract. Specifically, there is no evidence that GITA evaluated whether the statewide contract would be more advantageous than the existing ones. For example, prior to the state-wide contract, the Department of Administration had a financially advantageous contract in place with Computer Associates, called a “site license.” This license allowed multiple users and mainframe processors to use Computer Associates mainframe products as long as these processors were located at the same site. These types of licenses avoid many of the charges that are characteristic of current mainframe software contracts, such as certain upgrade fees, but are no longer available. However, there is no evidence that GITA weighed advantages such as DOA’s site licenses when determining if the state-wide contract was beneficial. l State-wide contract lacked management—Although the State was obligated when the contract was entered into, GITA did not have a documented plan in place for how the contract would be managed. Specifically, GITA did not have a plan in place for assessing fees to agencies using Computer Associates main-frame products. Additionally, GITA did not provide sufficient information to the agencies on the products available through the state-wide contract or their cost. GITA officials indicated that the agency was unable to administer the contract because it did not receive funding for a contract administrator. However, this only provides additional evidence that GITA entered into the contract without proper consideration of how it would be administered. l Contract lacked adequate Attorney General review—GITA failed to allow ade-quate time for the contract to be comprehensively reviewed for legal and pro-curement issues. GITA requested that the Attorney General’s Office review the 20-page state-wide contract—a step it was not required to take—but it provided the Attorney General’s Office only 1 day for the review. A letter written by the Assistant Attorney General indicated that because of the short time frame, he was able to review the contract only for form and may have been able to identify other issues if more time had been allowed. According to documentation GITA provid-ed, the contract signing was rushed to meet the vendor’s fiscal year-end. Renegotiation solved some problems but others remain As a result of the State’s inability to pay Computer Associates, SPO initiated a rene-gotiation of the state-wide contract in June 2001. Although the State benefited through the renegotiation by extending the contract from 5 years to 7 years, which had the effect of stretching out the payments for 2 additional years at no cost, some additional changes also appear warranted. The State should investigate the possi- Attorney General’s Office given only 1 day to review the Computer Associates contract. page10 State of Arizona bility of a further renegotiation with Computer Associates. Additionally, to give the State an ability in the future to negotiate more advantageous terms or to switch from Computer Associates products, GITA should begin researching a replacement strat-egy that would lessen the impact of moving off of Computer Associates products should that become necessary or advantageous. Renegotiated contract—In the spring of 2001, the Department of Administration’s director requested SPO to renegotiate the contract with Computer Associates because the State was unable to meet its payment obligation. Computer Associates had informed SPO that GITA was in breach of contract for its ongoing fail-ure to pay the amounts set forth in the state-wide contract and demanded payment of $9.8 million within 10 days. As a result, SPO, in conjunction with personnel from GITA and the Information Services Division of the Department of Administration, began preparation for the renegotiation. Specifically, SPO conducted an analysis of the original contract’s shortcomings and found that not a single agency was using the distributed products offered in the contract and these products should have been competitively bid. SPO argued to sever this part of the contract and reduce the State’s obligation by $9 million. However, according to the SPO staff who took part in the renegotiation, Computer Associates argued that these distributed products were “free throw-ins” and the contract was structured with the $9 million figure to generate employee commissions. In the end, the renegotiation resulted in the State losing the ability to use all but one of the distributed products, and the State’s financial obliga-tion remained the same. Further, the distributed product available for use, TNG Unicenter, is volume-limited, meaning that the product is limited to a certain number of users. Consequently, the renegotiated contract’s benefit appears to be extending the contract payments and terms for 2 more years. SPO should consider renegotiating the state-wide contract—SPO should investigate further renegotiating the Computer Associates contract to try to get more value from it. Although the contract contains a standard provision that allows the State to terminate it for convenience, this is not a viable option because Computer Associates products currently play an integral role in the operation of the State’s mainframe and application environment and could not be immediately replaced. For example, the Arizona Health Care Cost Containment System (AHC-CCS) uses Computer Associates database software to help administer the State’s Medicaid program. It could take several years for AHCCCS to transition to another product because the computer programs have been written specifically for the Computer Associates database software. Nonetheless, there are still two concerns that SPO should attempt to address: l First, SPO should investigate further renegotiating with the vendor to allow the State’s mainframe capacity to increase proportionally during the 2 additional years added to the contract. As a result of the State’s growing population, agen-cies are processing more and more transactions, such as driver’s license appli-cations and income tax filings. This activity requires additional mainframe pro-cessing capacity, which can be very costly. The initial contract allowed for 20 Renegotiation resulted in contract term being extended from 5 to 7 years. Terminating Computer Associates contract for convenience not a viable alternative. page11 Office of the Auditor General percent annual growth in the processing capacity of the State’s mainframe com-puters, but additional growth was not provided for in the 2 years added to the contract. Renegotiating this portion of the contract now could potentially save the State costly upgrade fees if the mainframe capacity is exceeded during the contract term. l Second, SPO should investigate renegotiating the contract to try to get a prod-uct mix that more closely reflects the State’s current and projected needs. As of August 2002, little more than half of the available mainframe products the con-tract allows for state-wide use are being used. Specifically, the State is using only 55 of the 102 available mainframe products and does not have the ability to change unused products for those that may be useful. For example, currently three state agencies have additional agreements with Computer Associates totaling $1.6 million above and beyond the cost of the state-wide contract for other software products. Recently, the Department of Administration’s director asked his staff to conduct an analysis to determine if the State is getting value from the Computer Associates state-wide contract. Staff indicated that during November of 2002 they will begin sur-veying other states using Computer Associates products to determine if the pricing, terms, and conditions of Arizona’s contract are comparable to the other states’ con-tracts. Specifically, the analysis will compare information such as processor size, MIPS usage, product usage, contractual ability to change out obsolete products, and discounts offered. Department of Administration staff also indicated that an outside consulting firm will conduct a cost analysis based on the information gathered in this survey. State should develop replacement strategy—GITA should work with the Department of Administration and state agencies to develop a strategy for replacing the Computer Associates software in case it should become beneficial to do so. According to the Information Technology Governance Institute, replacement strate-gies are an essential part of an organization’s information technology plans.1 Although replacing software can be both time-consuming and costly, having an exit strategy in place could provide the State with the leverage to negotiate more advan-tageous terms in future state-wide software contract negotiations. Further, because it can take several years to transition off software, it is important that GITA begin assist-ing agencies in developing an exit strategy either while the contract is being devel-oped or immediately after the State enters into it. Since the State entered into the Computer Associates contract in 2000, it is important that GITA begin assisting the agencies in developing a replacement strategy now. 1 The Information Technology Governance Institute was established by the Information Systems Audit and Control Association in 1998, to clarify and provide guidance on current and future issues pertaining to information technology governance, control, and assurance. Steps needed to address future contracts Arizona needs to take steps to ensure that future state-wide information technology contracts meet the State’s needs and are in its best interest. This process will require multiple stakeholders’ involvement and coordination to ensure the best result. Proper oversight is critical and policies and procedures are needed to ensure that a stan-dardized process is defined and followed. GITA’s role in contracting should be defined in policy and proce-dure— GITA’s role in the development and procurement of state-wide information technology contracts should be better defined and guided by policy and procedure. Because GITA has no procurement authority, it should limit its role in the procurement process to an advisory capacity. However, GITA’s statutory responsibilities for state-wide information technology planning put it in the best position to identify the need for and develop the justification for state-wide information technology contracts. If GITA identifies a need for a state-wide information technology contract that would commit the State to over $1 million, GITA should also develop a written justification that, at a minimum, includes the following items. l Independent assessment of the need for the technology l Input and feedback from the impacted agencies l Cost-benefit analysis l Plan for funding the contract l Plan for administering the contract l Exit strategy for replacing the technology. Currently, GITA and SPO are working to define their respective roles in the develop - ment and procurement of state-wide information technology contracts. GITA should ensure that its policies and procedures cover its role in identifying and justifying state-wide information technology contracts as well as how it will coordinate with SPO. Additional reviews should be required—The Legislature should consider requiring additional reviews over state-wide information technology contracts that financially commit the State to over $1 million. First, the Legislature should require that before the State enters into these types of contracts, GITA submit the contract justifications to ITAC for review and approval.1 ITAC comprises 14 members, which include representatives from the Legislature, state agencies, private industry, and the page12 1 Currently, ITAC is scheduled to repeal on June 2, 2003. GITA has indicated its intent to propose legislation to align ITAC’s termination with GITA’s Sunset date of July 1, 2006. State of Arizona GITA’s role in the infor-mation technology pro-curement process should be limited to an advisory capacity. page13 Office of the Auditor General courts. ITAC is statutorily charged with approving or disapproving all proposed state-wide technology projects that cost over $1 million. GITA officials indicated that ITAC’s approval was not required for the Computer Associates state-wide contract because it was not considered a “project.” Therefore, ITAC approval should be required for state-wide contracts that financially commit the State to over $1 million to ensure they are in the State’s best interest. In addition to ITAC approval, the Legislature should consider requiring the Joint Legislative Budget Committee (JLBC) to also review the contract justification for state-wide contracts financially committing the State to over $1 million. Specifically, JLBC staff should review the proposed funding plan to assess its feasibility and pres-ent its findings to the JLBC. The JLBC should review these findings and make rec-ommendations to GITA and SPO regarding the plans. SPO should develop policies and procedures for state-wide con-tracts— SPO should take the lead in negotiating state-wide information technology contracts and develop policies and procedures guiding contract procurement. SPO’s Information Technology Unit employs procurement officers specializing in information technology procurement, including networking services and software/hardware maintenance. To ensure that the State is obtaining the most advantageous state-wide contract, SPO, not GITA, should take the lead on informa-tion technology procurements, including developing the request for proposal with GITA acting as technical advisor. Further, although both statute and administrative rule guide the information technology procurement process, SPO should develop policies and procedures on how state-wide information technology contracts should be handled and specific requirements for those contracts that financially commit the State to over $1 million, including ensuring that affected stakeholders are involved in the procurement process, proper analyses have been conducted, and ITAC and the JLBC have reviewed a written justification. SPO should develop guidelines on the devel-opment of state-wide information technology contracts. page14 State of Arizona Recommendations 1. The State Procurement Office should investigate renegotiating the Computer Associates contract to increase the mainframe growth allowance for the 2 years added onto the contract and to obtain a better product mix. 2. GITA should work with stakeholders to develop a strategy for replacing the Computer Associates software in case it should become beneficial to do so. 3. GITA should limit its role in state-wide information technology procurements solely to an advisory capacity. 4. GITA should develop policies and procedures guiding its involvement in state-wide information technology contract development. If GITA identifies a need for a state-wide information technology contract that commits the State to over $1 million, GITA should also develop a written justification which, at a minimum, includes the following items: l Independent assessment of the need for the technology, l Input and feedback from the impacted agencies, l Cost-benefit analysis, l Plan for funding the contract, l Plan for administering the contract, and l Exit strategy or plan for replacing the technology. 5. The Legislature should consider broadening ITAC statutes to include the manda-tory review and approval of the written justification for state-wide information technology contracts that financially commit the State to over $1 million to ensure they are in the State’s best interest. 6. The Legislature should consider requiring the JLBC also review the written justi-fication for state-wide information technology contracts that financially commit the State to over $1 million to assess the feasibility of the funding plan. 7. The State Procurement Office should develop policies and procedures on how state-wide information technology contracts should be handled, including ensur-ing that affected stakeholders are involved in the procurement process, proper analyses have been conducted, and that ITAC and JLBC have reviewed any con-tract justifications. Policy needed to help ensure GITA’s independ-ence in reviewing and approving agency technol-ogy projects GITA needs to develop a policy to help ensure its independence when reviewing and approving state agencies’ technology projects. GITA is involved in three interrelated functions associated with state agencies’ acquisition of information technology that could lead to situations in which its independence might be questioned. Therefore, GITA should establish a written policy that indicates how it will ensure that agencies’ technology projects are objectively evaluated. GITA’s responsibilities create potential for conflict of inter-est GITA performs a variety of functions and activities associated with state agencies’ acquisition of information technology. Three of these are closely related: l Setting state-wide standards—GITA is statutorily required to adopt state-wide standards for information technology. These standards consist of statements GITA developed that provide state agencies with direction on minimum and acceptable information technology requirements. Examples include standards for ensuring the security of state agencies’ information technology systems, and standards for coordinating and implementing agency or state computer net-works. l Project review and approval—GITA is required to review any information tech-nology projects estimated to cost at least $25,000 to determine if, among other things, they benefit the State.1 Based on its review, GITA can approve, condi-tionally approve, or disapprove the project. If the project is approved, the agency page15 Office of the Auditor General FINDING 2 1 If a project is estimated to cost over $1 million, GITA will review it and then make recommendations to ITAC, which will then decide whether to approve or disapprove the project. ITAC is composed of representatives from the Legislature, pri-vate industry, local and federal government, state agencies, and the courts. may proceed with implementing it. If the project is conditionally approved, GITA will identify the conditions the agency must satisfy for approval. If the project is disapproved, the agency cannot implement it. l Development of state-wide information technology contracts—GITA also partic-ipates in developing state-wide information technology contracts, as discussed in Finding I, pages 5 through 14. These contracts can involve major acquisition of hardware and software across many agencies. GITA’s involvement in all three functions can potentially create concerns about the agency’s ability to objectively review and approve or disapprove agency technology projects. Specifically, some might argue that GITA could set standards and only approve projects that would require that an agency use certain vendors’ products, even if those products are not the most cost-effective or most appropriate, because the products would justify a particular state-wide contract that GITA helped to devel-op. Policy needed to help ensure objectivity Although auditors did not find evidence that GITA’s independence was currently being compromised, GITA should nonetheless develop a written policy to ensure it continues to objectively review and approve state agencies’ technology projects. Auditors examined 56 agency project plans GITA reviewed from January 2000 through September 2002 and found only two instances in which GITA made its approval contingent upon the agency also assessing a competing product with con-sideration to its adequacy and cost-effectiveness. However, to help ensure GITA remains objective in its review of agency projects, it should adopt a policy of recom-mending, or offering, more than one vendor or product whenever possible, as it for - mulates conditions for the project approval. If more than one alternative is not avail-able, GITA should state that fact in the memo sent to the agency indicating the proj-ect review outcome. Recommendation 1. To help ensure it remains objective when reviewing and approving agency tech-nology projects, GITA should develop a written policy that requires it to recom-mend, or offer, more than one vendor or product whenever possible, as it for - mulates conditions for project approval. If alternative vendors or products are not available, GITA should state that fact in the memo sent to the agency indi-cating the project review’s outcome. page16 State of Arizona page17 Office of the Auditor General STLA account not need-ed to collect agency software usage informa-tion. FINDING 3 STLA account should be allowed to repeal The Statewide Technology Licensing Agreement (STLA) account should be allowed to repeal on June 30, 2003, as scheduled, because it is not needed and has not been used. A reason for establishing the STLA account was that it would allow for central-ized billing and purchasing, enabling the State to monitor agencies’ software usage and thereby negotiate increased discount rates based on volume; however, other mechanisms already exist for this purpose. Further, GITA intended the account to act as a repository for savings because it believed that establishing state-wide technol-ogy contracts would generate significant discounts and state agencies could be charged rates slightly higher than needed to pay the vendor. GITA intended to use these extra monies (or “savings”) to pay for future state-wide technology initiatives, but it lacks statutory authority to spend the account monies in this way. In addition, the director of GITA has never designated any state-wide technology contracts for the account, and as a result, the account has never been used. STLA account not needed to monitor agency software usage The Legislature established the STLA account in April 2000. Law requires the monies in the account to be used for state-wide information technology licensing contracts. According to legislative hearing minutes and JLBC fiscal notes, a reason given for establishing the account was that centralized billing and purchasing would facilitate monitoring agency use of software to determine actual purchasing volumes so that the State could negotiate better discount rates with vendors. However, the State already has mechanisms in place for obtaining this information. For example, statute requires GITA to conduct an inventory of state agency information technology assets, including software, which is performed annually; so it already has a mechanism for capturing product usage that could be used to negotiate discounts. Additionally, sim-ilar information would be available from the State’s designated software licensing agent for software purchases made by agencies under the State’s volume license agreements. GITA lacks authority to use STLA account as it intended GITA does not have the statutory authority to use the STLA account as it intended. GITA originally intended the STLA account to act as a repository for savings, which could be used to pay for future state-wide technology initiatives. Specifically, GITA anticipated that the State would receive better discounts by establishing state-wide information technology contracts, and planned to work with the Department of Administration to set the rates charged to the agencies using designated contracts’ products or services slightly higher than needed to pay the vendor. These surcharges would generate extra monies, or “savings,” which GITA would then use to fund other technology initiatives in the State. However, the STLA legislation did not give GITA the authority to spend the monies in the account. Rather, law stipulates that these monies are appropriated to the Department of Administration and restricted for designated state-wide technology licensing contracts. Although an amendment was proposed in 2000 that would have allowed for the savings in the STLA account to be used as GITA intended, it did not pass. Furthermore, federal cost principles prohibit state agencies that purchase goods and services with federal monies from being charged more than the cost of the product. State agencies such as the Department of Economic Security and the Arizona Health Care Cost Containment System receive significant portions of their funding from the federal government and could not use these federal dollars to pay for fees beyond the actual cost for the product or service. STLA account has never been used Although the account has been in existence for over 2 years, it has not been used. To be used, GITA’s director must designate a state-wide technology licensing agreement, or contract, for payment through the account. However, no contracts have been designated for the account. One state-wide contract that was considered for the STLA account was with Computer Associates for mainframe and non-main-frame computer software (see Finding I, pages 5 through 14). However, this contract did not generate any of the savings GITA anticipated; therefore GITA’s director decid-ed against designating the contract for the STLA account. In October 2002, GITA determined that the account was not necessary and should be allowed to repeal. Two reasons GITA gave for this decision include lack of funding for a contract administrator position to oversee the contracts designated for the account, page18 State of Arizona GITA lacks statutory authority to spend monies in the STLA account. GITA has never desig-nated any contracts for the STLA account. page19 Office of the Auditor General and the autonomous procurement authorities held by state agencies, which limit GITA’s ability to require agencies to use state-wide mainframe license agreements. Recommendation 1. The STLA account should be allowed to repeal on June 30, 2003, as scheduled, because it is not necessary and has not been used. page20 State of Arizona Office of the Auditor General AGENCY RESPONSE State of Arizona JANET NAPOLITANO GOVERNOR CRAIG STENDER DIRECTOR STATE OF ARIZONA GOVERNMENT INFORMATION TECHNOLOGY AGENCY 100 North 15 Avenue, #440 Phoenix AZ 85007 January 3, 2003 The Honorable Debbie Davenport Auditor General 2910 North 44th Street Phoenix AZ 85018 The Honorable Debbie Davenport: Enclosed for your review is the Government Information Technology Agency (GITA) response to your revised preliminary performance audit report draft dated December 23, 2002. We appreciate the opportunity to respond to the Office of the Auditor General report. In addition, thank you for the professionalism and courtesy demonstrated by your audit staff in working with the GITA staff over the past several months. As we have mentioned many times during the course of the audit, one of our primary concerns with the audit report is that Finding 1 comments on only one contract, allegedly negotiated solely by a now deceased GITA staff member, and formally executed by the Department of Administration. Further, the report does not distinguish between contracting methods and techniques allegedly in use at the time of the contract and the methods used in GITA today, nearly three years later under a different State CIO and management team. Finally, given the nature of the recommendations, we continue to believe the tone of Finding 1 is overly critical. Thank you for your consideration. Sincerely, Craig Stender Director & State CIO CS:mc Enclosure 1 Government Information Technology Agency Performance Audit Response January 3, 2003 GITA Disagrees with Most Key Findings in Finding 1 The Government Information Technology Agency (GITA) disagrees with most of the key findings and conclusions in Finding 1. The main premise of Finding 1 is that GITA’s involvement in contracts is fundamentally flawed. The auditors, however, focused on only one statewide software contract, overseen several years ago by a prior GITA staff member, to arrive at this finding. The auditors fail to acknowledge that GITA has provided advice and consulting on at least 20 other equally important statewide IT contracts in the last five years. Further, the auditors imply the CA contract is not in the best interests of the State. In fact, an objective review of the contract by Gartner Inc., the oldest and largest information technology research and advisory firm in the country, finds the State’s contract with Computer Associates (CA) to be above average in comparison to CA contracts with other public entities. The Finding repeatedly states GITA did not involve stakeholders in the CA contract. Evidence of stakeholder involvement was provided to the auditors, including e- mails, audiotapes and other documentary and anecdotal evidence. The contract itself was signed by the Director of the Department of Administration, the State’s Chief Procurement Officer by Statute – a highly pertinent fact only mentioned by the auditors in a footnote. The Finding states there was a failure to determine if funding was available for the CA contract. In fact, evidence shows that a financial plan was presented to the budget offices and the using agencies for their review before the Computer Associates contract was signed. These issues are addressed in more detail below: Auditors Commented on Only One Contract – The main premise of Finding 1 is that GITA’s involvement in contracts is fundamentally flawed. The auditors, however, focused on only one statewide software contract, overseen several years ago by a prior GITA staff member, to arrive at this finding. The auditors fail to acknowledge that GITA has provided advice and consulting on at least 20 other equally important statewide IT contracts in the last five years. For example, GITA has received accolades for its support of statewide interests in regard to contracts with Microsoft from the City of Phoenix, Maricopa County, Department of Environmental Quality, the State Procurement Office and many others. GITA has also been praised for its active involvement in multi-state efforts through the National Association of State Chief Information Officers (NASCIO) to lobby Microsoft for greater protections for all of the states. If the intent of the audit was to evaluate and draw conclusions on GITA’s performance in regard to its advisory role in contracts, the auditors should have reviewed and commented on all contracts in which GITA has been involved. If the auditors’ intent was to evaluate only the Computer Associates contract, then their conclusions are valid only for the CA contract. Moreover, the auditors’ conclusions should acknowledge that they are commenting on one contract only (CA) dated several years ago and not imply, with the negative tone carried throughout Finding 1, that GITA’s current involvement in all statewide contracting matters is 2 suspect. To ensure objectivity, GITA requests the auditors include either a disclaimer or an audit limitation statement in the final report that addresses this issue. Auditors Fail to Quantify Benefits -- Further, the auditors imply the CA contract is not in the best interests of the State. In fact, an objective review of the contract by Gartner Inc., the oldest and largest information technology research and advisory firm in the country, finds the State’s contract with Computer Associates (CA) to be above average in comparison to CA contracts with other public entities. A copy of the Gartner report is enclosed. Gartner’s rating scale gives a rating of 5 for “contractual results substantially consistent with all other customers analyzed.” To quote from that report, “In summary, it is the expert opinion of Frank DeSalvo, Software Asset Management Research Director for Gartner, that the State of Arizona CA agreements were above average (7.5 to 8 Rating) when compared to other CA contracts established by other organizations in the public sector during the periods in question.” GITA offered to have the auditors speak to Gartner as an objective technical expert regarding the CA contract. The auditors’ report references an analysis prepared by SPO one year after the contract was signed. No basis has been established for the assumptions and conclusions in that analysis. Therefore, the SPO analysis should not be treated by the auditors as fact. Finally, the auditors also fail to take into account fundamental changes in the State’s business and financial condition. Evidence shows that agency-specific contracts in place when the CA statewide contract was executed would have expired. If these agreements had been re-negotiated by individual State agencies (rather than on a statewide basis), all using agencies would have faced significant increases in mainframe software costs. Further, changes in the State’s information technology infrastructure, such as data center consolidation, increases in MIPs, purchases of new or upgrades of existing machines, etc., must be taken into account to accurately assess the contract’s benefits. Stakeholder Involvement Was Demonstrated-- The Finding repeatedly states GITA did not involve stakeholders in the CA contract. Evidence of stakeholder involvement was provided to the auditors, including e-mails, audiotapes and other documentary and anecdotal evidence. Some of this evidence was in fact referred to in the auditors’ report. The finding states the auditors interviewed CIOs and IT staff at 13 State agencies who indicated having had little knowledge of or input into the CA contract. The finding fails to state that a majority of the persons in the position of CIO at the time of the signing of the CA contract were not in those positions at the time of the auditors’ interviews. Had the auditors interviewed these individuals, they could have validated the stakeholder involvement. State Procurement Office Was Involved -- The contract itself was signed by the Director of the Department of Administration, the State’s Chief Procurement Officer by Statute – a highly pertinent fact only mentioned by the auditors in a footnote. Clear evidence was presented to the auditors that the State Procurement Office’s was involved in the CA contract process. For instance, evidence shows a meeting was held on March 1, 2000, weeks before the Computer 3 Associates contract was signed. At that meeting, a comprehensive discussion took place on the relative roles of GITA and SPO in statewide procurement matters and the status and plans for about a dozen pending contracts, including the Computer Associates contract. Participating in this discussion was the person serving as both Legal Counsel for the Department of Administration and Acting State Procurement Administrator, as well as the SPO IT Unit Manager, the GITA Director and others. GITA has been and will continue to work with SPO to clarify the role of each party in regard to statewide IT contracts. GITA has previously provided the auditors with copies of a draft Interagency Service Agreement between GITA and SPO for this purpose. Funding Needs Were Presented -- The Finding states there was a failure to determine if funding was available for the CA contract. In fact, evidence shows that a financial plan was presented to the budget offices and the using agencies for their review before the Computer Associates contract was signed. Finally, the auditors’ own recommendations state GITA’s role should be purely advisory in nature. An advisory role, which GITA believes to be its correct role, would conflict with the auditors’ contention that GITA should have been more active in determining funds availability and allocating costs among agencies. These duties, as suggested in the report, are the statutory responsibilities of the State’s budget offices and the using agencies. In addition to the key points discussed above, GITA also disagrees with many other points in Finding I, including: Competition -- It is the responsibility of the State Procurement Office (SPO) to determine the method of procurement and to document the reason for such decision. It was the responsibility of the Department of Administration, who signed the CA contract and was a primary user of CA products, to request the “sole source” or “not practical to compete” designation for the CA contract. Attorney General Approval -- The auditors acknowledge that Attorney General review was not required, but was nevertheless sought. This is an example of the measures taken to ensure the contract was in the State’s best interest. Contract Administration -- Administration of all statewide IT contracts is the responsibility of the State Procurement Office. As the auditors note many times in the report, GITA does not have general procurement authority. Migration Strategy -- The findings state that GITA should work with State agencies to develop a strategy for replacing Computer Associates products. This seems to imply CA products are defective or deficient. In fact, they are some of the most widely used mainframe products in the world. The Finding correctly notes that replacing mainframe products can be both time consuming and costly. 4 GITA Responses to Recommendations Finding 1: Recommendation 1 – This recommendation is directed to SPO. Recommendation 2 – The finding of the Auditor General is agreed to and a different method of dealing with the finding will be implemented. GITA’s statutory role is to review and approve agency annual Information Technology plans (including migration plans) and Project Investment Justifications and to define technical standards known as the State’s IT Enterprise Architecture (EA). The EA provides the framework for future technology investments for the State. The agencies are responsible for developing specific migration plans for obsolete technology. Recommendation 3 – The audit recommendation is agreed to and the audit recommendation will be implemented. Furthe r, this is GITA’s current policy. Recommendation 4 – The first sentence of the finding is agreed to and the audit recommendation will be implemented by GITA. GITA has previously provided the auditors with copies of a draft Interagency Service Agreement between GITA and SPO for this purpose. The rest of the finding of the Auditor General is not agreed to and the recommendation will not be implemented. GITA believes that written justifications for all high dollar contracts, regardless of whether technology is involved, would serve the interests of the State. However, GITA believes that this responsibility should rest with the requesting agencies and SPO. Requiring GITA to prepare written justifications for technology contracts on behalf of or in concert with various State agencies could compromise GITA’s independence. (See Finding 2) Recommendation 5 – This recommendation is directed to the Arizona Legislature. Recommendation 6 – This recommendation is directed to the Arizona Legislature. Recommendation 7 – This recommendation is directed to SPO. Finding 2: Recommendation 1 – The audit recommendation is agreed to and the audit recommendation will be implemented. This is current GITA practice. A draft updated policy consistent with this practice is being prepared for circulation and comment. Finding 3: Recommendation 1 – This recommendation is directed to the Arizona Legislature. 5950 Canoga Avenue, Suite 600 Woodland Hills, CA 91367 213-999-7485 December 11, 2002 Jeff Hessenius Chief Financial Officer State of Arizona Government Information Technology Agency 100 North 15th Avenue, Suite 440 Phoenix, AZ 85007 Dear Jeff, Gartner was requested by The State of Arizona, Government Information Technology Agency to provide a value analysis, focused on the terms and pricing of the State of Arizona Computer Associates contract, dated March 2001, as compared to those of other public entities in force at that time. Gartner is the oldest and largest information technology research and advisory firm with more than 11,000 clients in over 90 countries. Our review of the State’s CA contract was performed by Gartner analyst Frank DeSalvo, Research Director for Software Asset Management. We appreciate the opportunity to provide Gartner’s expert opinion relative to this issue. If you have any questions regarding this assessment, please contact me at 213-999-7485 or Jeffrey.Heath@gartner.com. Kindest regards, Jeff Heath Sr. Account Executive, Public Sector Gartner Prepared for: The State of Arizona Government Information Technology Agency 2 Objective of the Report The State of Arizona entered into a set of statewide enterprise agreements with Computer Associates (CA) in 2000. The Government Information Technology Agency (GITA) has asked the Gartner to provide a high-level assessment comparing the State of Arizona agreements with other governmental clients that signed CA agreements during that time period. Computer Associates CA is the second largest software manufacturer in the world, and is the leading provider of mainframe software to corporations and governments in the United States. Computer Associates has been in existence for 26 years, and currently has a market capitalization valued at $8.74B. Most major Fortune 1000 companies in the United States have agreements with Computer Associates and many have enterprise agreements. It was typical for 5-year CA agreements to be renegotiated at customer initiation within two (2) to three (3) years because of changes in circumstances and needs. Most governmental entities also have agreements with Computer Associates; however, despite the clear advantages, few state governments have followed corporate America’s lead in pursuing enterprise contracting arrangements with Computer Associates. The enterprise-wide deals usually provide pricing and cost protection advantages not available from separate agreements negotiated separately by individual agencies. CA has an aggressive sales and licensing organization, known for being tough negotiators. Their goal in negotiating agreements is to get the maximum amount possible. This is achieved, partly, through keeping as much ambiguity in the agreement as possible, thus allowing different interpretations over time that can justify incremental costs. Pricing on CA agreements varies widely from client to client, with discounts ranging from 95% below list pricing to 40% over. Further, the pricing variation does not have a direct correlation to the size of the organization involved or the length of relationship with CA, but rather to the negotiation experience and persistence of the persons involved in the CA negotiations. The majority of organizations of a similar size in the private sector feel the importance of the CA relationship and the size of the deals warrants at least one dedicated in-house expert to manage the relationship/contract on a full-time basis and to inform/educate customers regarding the underlying agreements. Prepared for: The State of Arizona Government Information Technology Agency 3 Gartner Analyst Qualifications, Frank DeSalvo Frank DeSalvo, Research Director for Software Asset Management has over 20 years experience analyzing software contracts and license programs from companies such as Computer Associates, IBM and other mainframe software vendors. Annually, he reviews about 1,000 client software license agreements from the major vendors. In 1991, Mr. DeSalvo negotiated, on behalf of the 10th largest bank in the U.S., the first enterprise wide license agreement signed by Computer Associates. In the last 36 months he has reviewed over 500 CA agreements, of which approximately 150 were from governmental entities, including state governments, state agencies, cities, counties, and Federal government agencies. Before joining Gartner, Mr. De Salvo was Chief Financial Officer/Chief Information Officer with more than 30 years of financial and IT experience, including participation in numerous mergers and acquisitions. He was a founding member of the Software Asset Management Interest Group (SWAMI). Well-known for his innovative approach to software contracting, he initiated various licensing models that are now industry standards. As a consultant, he has been advising Fortune 1000 professionals in the art of asset management since 1994. Mr. DeSalvo is also a Certified Public Accountant. Assessment of State of Arizona CA Agreements We completed a detailed review of the Computer Associates license agreements with the State of Arizona dated March 31, 2000 (“Original Agreements”), as amended as of June 29, 2001 (“Re -negotiated Agreements”), and we then prepared this high-level assessment. This assessment compares the State of Arizona agreements with other CA agreements signed during the same time period and rates them. The rating scale is 1 to 10, with a rating of 5 indicating contractual results substantially consistent with all other customers analyzed. Arizona’s performance ratings are as follows: · Terms and conditions Rating = 8 · Pricing (based on MIPS, net of included taxes) Original Agreements Rating = 7 Re-negotiated Agreements = 8 · Overall assessment Original Agreements Rating = 7.5 Re-negotiated Agreements = 8 Prepared for: The State of Arizona Government Information Technology Agency 4 In summary, it is the expert opinion of Frank DeSalvo, Software Asset Management Research Director for Gartner, that the State of Arizona CA agreements were above average (7.5 to 8 Rating) when compared to other CA contracts established by other organizations in the public sector during the periods in question. Furthermore, in comparing the pricing of the State of Arizona statewide enterprise agreement with a similar enterprise-wide agreement negotiated by a much larger state during the same time period, we find the pricing very similar. However, we find the terms and conditions of the Arizona agreements far superior to that negotiated by the other state. (Note: The other state’s agreement has since been re-negotiated as well.) Finally, statewide enterprise-wide agreements, such as the original CA agreement, were considered innovative at the time that the contract was established. Even through 2002, very few states (less than 5) have negotiated a statewide enterprise-wide license. Because the enterprise license in a governmental environment is such a unique instrument, from which there is very little to model, attaining an overall 5 rating for an initial enterprise contract would be considered a difficult task. The State of Arizona’s 7.5 overall rating on the original CA contract would be considered a very good. Arizona’s Performance Rating Detailed Analysis by Attribute Highlights of Favorable, Extraordinary Provisions Seven (7) out of ten (10) deals with Computer Associates reviewed by Gartner contain no extraordinary provisions. The inclusion of a significant number of extraordinary clauses in the State of Arizona contracts has potential to dramatically reduce overall software costs and provide strong contract protections to the State. Further, these provisions may be critical to limit future vendor interpretations that could have otherwise generated significant additional expenditures and risks. 1. The defi nition used for “Licensee Sites” makes the contract non-data site specific and is a concession not typically granted by Computer Associates. This concession enables the State and its affiliates to change its business as necessary without incurring additional costs. 2. The allowance for data centers “owned, operated or controlled” by Licensee in the definition of “Licensee Sites” is also a favorable concession. The word “controlled” expands the right to use beyond most other agreements analyzed. Prepared for: The State of Arizona Government Information Technology Agency 5 3. The inclusion of “future data center sites” allows for future planned or unplanned data center changes. This also eliminates creative interpretation by CA of what constitutes a data center and paves the way for data center consolidation and other positive business/IT changes. 4. The agreements contain no ties to particular kinds of machines or CPU sizes and no additional charges for processor, operating system or machine changes or upgrades. Most CA agreements contain some of these restrictions. 5. There are no bump charges, upgrade fees, transfer or replacement fees, reinstatement charges, late payment charges or fees under the agreements. Most CA agreements permit many of these additional charges. 6. The right to process data for organizations other than those controlled by the licensee usually requires a separate license for that instance. In the State of Arizona agreements, all members of the State’s buying cooperative regardless of ownership or control by the State are included in a single license. 7. In addition, the right to process data for another state, the State of Hawaii as defined and the ability to expand this two (2) more times is extremely unusual. 8. The ability to use 200 MIPS of additional capacity each year without being out of compliance and without generating supplemental license fees is not generally granted. 9. The ability to continue to use the Software for the licensed final capacity plus 200 MIPS at no additional fees except maintenance fees provides for a type of perpetuity that is highly favorable to the State (subject to CA’s interpretation of the MPR). 10. Capping maintenance at 600 MIPs even after contract termination is a highly favorable concession negotiated by a select handful of customers during a limited time period. Now customers trying to negotiate contracts with CA are no longer able to get this concession. 11. Eliminating CA’s ability to accelerate all current and future payments in the event of a missed payment and enabling the State’s ability to fund out in the event of a future non-appropriation of funds, places the State in a much stronger bargaining position during times of fiscal crisis. Prepared for: The State of Arizona Government Information Technology Agency 6 12. The incorporation of an annual audit snapshot view eliminates the need for continuous tracking of all hardware and protects against any unplanned spikes in capacity between audit dates. 13. The addition of software product protection in the form of expanded product warranties and the ability to receive source code for any unsupported products provides the State with stronger ability to insure it can run its business properly using CA products. Typically, CA offers very limited warranties and access to source code only in cases where it has been finally adjudicated as bankrupt. 14. The inclusion of the State of Arizona’s protective “Uniform Terms and Conditions” provides for the inclusion of several terms typically not delineated in comparative agreements and affords the State additional protections. Examples include termination for convenience, indemnification of the State, Arizona procurement code protections, right to offset, etc. 15. The insertion of the “Special Terms and Conditions” clearly established the intended users, which is often not addressed. The inclusion of a service-level agreement for performance monitoring is also not often included. Terms and Conditions The terms and conditions negotiated for the State of Arizona agreements are generally consistent with other CA agreements negotiated by our clients in many respects, however the State of Arizona has been able to establish unique concessions and interpretations, some of which are highlighted above that provide for expansion and control of the data processing environments. Since the primary change in the Re-negotiated Agreements was the pricing, we have given the Terms and Conditions the same rating for the Original Agreements and Re-negotiated Agreements. Terms and Conditions Rating = 8 Pricing For the purposes of calculating the pricing, we have compared the product list to CA list pricing at that time and applied various factors based on deals other state, local governments, and agencies closed during that period. Prepared for: The State of Arizona Government Information Technology Agency 7 Original Agreements: Based on the information provided, the net pricing negotiated falls in the normal range of our clients. The special consideration of expanded use and other extraordinary financial provisions were factored in as cost avoidance measures that create additional value and result in an above - average pricing rating. Pricing Rating (Original Agreement) = 7 Re-negotiated Agreements: Based o n the information provided, the net pricing negotiated falls above the normal range of our clients. The special consideration of expanded use and other extraordinary financial provisions were factored in as cost avoidance measures that create additional value and result in an above - average pricing rating. Pricing Rating (Re-negotiated Agreements) = 8 Overall Assessment Original Agreements: For the original agreements, based on a baseline of 5, we have weighted Terms and Conditions as 8 and Pricing as 7, and give the agreements an overall assessment of 7.5. Overall Assessment Rating: Original Agreements = 7.5 Re-negotiated Agreements: For the re-negotiated agreements, based on a baseline of 5, we have weighted Terms and Conditions as 8 and Pricing as 8, and give the contract an overall assessment of 8. Overall Assessment Rating: Re-negotiated Agreements = 8 PLEASE NOTE: The Contract Development consulting provided by Gartner is being provided as business advice. Gartner is not a law firm. No information provided by Gartner in connection with this communication should be construed as legal advice. Gartner recommends that the Client seek legal advice from its own attorneys in connection with any legal issues, terms and conditions. Jane Dee Hull Governor J. Elliott Hibbs Director ARIZONA DEPARTMENT OF ADMINISTRATION OFFICE OF THE DIRECTOR 100 NORTH FIFTEENTH AVENUE, SUITE 401 PHOENIX, ARIZONA 85007 Telephone: (602) 542-1500 w Fax: (602)542-2199 January 3, 2003 Ms. Debra K. Davenport, CPA Auditor General 2910 North 44th Street Suite 410 Phoenix, Arizona 85018 Dear Ms. Davenport: Thank you for providing the Department of Administration the opportunity to review the findings and recommendations contained in the revised draft Auditor General Report on the Statewide Technology License Agreement Account that impact the State Procurement Office. As I stated in my December 17, 2002 comments, the Department appreciates the hard work of the Auditor General’s staff in reviewing this account and making constructive suggestions for improving State processes and procedures relative to the procurement of Information Technology Software. In accordance with the Joint Legislative Audit Committee’s procedures, the ADOA official responses to each of the recommendations are shown below: Recommendation 1: The State Procurement Office should investigate renegotiating the Computer Associates contract to increase the mainframe growth allowance for the 2 years added onto the contract and to obtain a better product mix and seek concessions for other Computer Associates products the State may need in the future. The finding of the Auditor General is agreed to and the audit recommendation reflects actions already being implemented. The ADOA Information Services Division and the State Procurement Office have held two meetings with representatives from Computer Associates as part of the renegotiation process. The third meeting is scheduled for January 9, 2003. Additionally, ADOA has sought, and will continue to seek, input from all other mainframe user agencies using CA products throughout the renegotiation. Recommendation 7: The State Procurement Office should develop policies and procedures on how state-wide information technology contracts should be handled, including ensuring that affected stakeholders are involved in the procurement process, proper analyses have been conducted, and ITAC and JLBC approval has been obtained. The finding of the Auditor General is agreed to and the audit recommendation will be implemented. Ms. Debra K. Davenport, CPA January 3, 2003 Page Two While ADOA agrees with the two findings, we have the following comments regarding three specific areas: “State Procurement Office did not have active role” The Department agrees with the finding that the contract was not competitively bid and that a written determination that competition was impracticable was not made. However, the Government Information Technology Agency (GITA) was negotiating for replacement of an existing CA contract for products which, as the audit report indicates, could not reasonably be replaced. Bidding of the CA contract would not have resulted in any reasonable competition. Therefore, even though a written determination was not made, competitive bidding was impracticable. “Renegotiation solved some problems but others remain” The Department agrees that a replacement strategy for CA products should be investigated. However, ADOA staff believe any investigation should include a comprehensive analysis of all mainframe software contracts and should involve the Arizona Department of Administration and all other mainframe user agencies. “Renegotiated contract” The Department notes that by extending the CA contract by two years, the State benefited from a net cost avoidance of $12 million for the two additional contract years, as well as an average annual payment reduction of $1.5 million. Thank you again for the opportunity to comment on the report. Should you have any questions regarding this response, please feel free to contact Tara Roesler, Finance and Planning Manager for the Information Services Division, at 542-2016 or John Adler, State Procurement Officer, at 542-5511. Sincerely, J. Elliott Hibbs Director 01-23 Department of Building and Fire Safety 01-24 Arizona Veterans’ Service Advisory Commission 01-25 Department of Corrections— Arizona Correctional Industries 01-26 Department of Corrections— Sunset Factors 01-27 Board of Regents 01-28 Department of Public Safety— Criminal Information Services Bureau, Access Integrity Unit, and Fingerprint Identification Bureau 01-29 Department of Public Safety— Sunset Factors 01-30 Family Builders Program 01-31 Perinatal Substance Abuse Pilot Program 01-32 Homeless Youth Intervention Program 01-33 Department of Health Services—Behavioral Health Services Reporting Requirements 02-01 Arizona Works 02-02 Arizona State Lottery Commission 02-03 Department of Economic Security—Kinship Foster Care and Kinship Care Pilot Program 02-04 State Parks Board— Heritage Fund 02-05 Arizona Health Care Cost Containment System— Member Services Division 02-06 Arizona Health Care Cost Containment System—Rate Setting Processes 02-07 Arizona Health Care Cost Containment System—Medical Services Contracting 02-08 Arizona Health Care Cost Containment System— Quality of Care 02-09 Arizona Health Care Cost Containment System— Sunset Factors 02-10 Department of Economic Security—Division of Children, Youth and Families, Child Protective Services 02-11 Department of Health Services—Health Start Program 02-12 HB2003 Children’s Behavioral Health Services Monies 02-13 Department of Health Services—Office of Long Term Care Performance Audit Division reports issued within the last 12 months Future Performance Audit Division reports Department of Commerce Registrar of Contractors Water Infrastructure Finance Authority

you wish to report:

Your comment:

Your Name:

Submit

Cancel

...

Find results with:

Searching collections:

Home Performance audit, Government Information Technology Agency, state-wide technology contracting...

Performance audit, Government Information Technology Agency, state-wide technology contracting issues

Object Description

Description

Performance audit, Government Information Technology...

Performance audit, Government Information Technology...

	All
	Pages Enter page numbers or page ranges separated by commas. For example: 1,3,5-12