PERFORMANCE AUDIT
DEPARTMENT OF ADMINISTRATION
INFORMATION SERVICES DIVISION
Report to the Arizona Legislature
I By the Auditor General
i November I995
Report # 95- 9
Table of Contents
Introduction and Background ........................................................
Finding I: The State Needs a
Chief Information Officer ...........................................................
DOA an Inappropriate Organization
for an Effective CIO ...........................................................................................
Technology Poorly Managed ............................................................................
The Legislature Should Consider
Strengthening Technology Resources
Management with a Strong CIO ....................................................................... 12
Recommendations .............................................................................................. 15
Finding II: Arizona Should Change Its
Process for Funding Technology .............................................. 17
Financing Methods Undermine
Central Coordination ......................................................................................... 17
Arizona Should Coordinate Information
Technology and Planning .................................................................................. 19
Recommendations .............................................................................................. 21
Finding Ill: ISD Fails to Adapt to
the Modern Computing Needs
of Its Customers ......................................................................... 23
Modern Computing
Environment Is Changing ................................................................................. 23
Table of Contents
Paqe
Finding Ill: ( con't)
ISD's Distributive Computer Efforts
Limited and of Uncertain Quality .................................................................... 23
Reliance on Mainframe
Revenues Prevents Change ............................................................................... 25
Poor Planning and a Lack of Customer
Focus Hinder Service Quality ........................................................................... 26
ISD Must Alter Its Practices
to Meet Industry Changes ................................................................................. 28
Recommendations .............................................................................................. 30
Agency Response
INTRODUCTION AND BACKGROUND
The Office of the Auditor General has conducted a performance audit of the Department
of Administration ( DOA), Information Services Division, pursuant to a May 5,1993, reso-lution
of the Joint Legislative Audit Committee. This audit represents the last of six audits
scheduled for the Department and was conducted as part of the sunset review set forth in
A. R. S. 5541- 2951 through 41- 2957.
DOA Mandated to Coordinate
and Provide Information
Technology Resources
In 1972, the Legislature statutorily charged DOA with statewide coordination of technol-ogy
resources and the provision of information technology services to state agencies by
enacting A. R. S. 541- 712. According to the statute, " DOA shall provide for an efficient and
coordinated utilization of automation equipment, techniques and personnel to achieve
optimum effectiveness, economy and productivity." Moreover, the statute mandates DOA
to " develop, implement and maintain a coordinated statewide plan for automation and
data communication systems, including the establishment of operations centers."
DOA attempts to meet this mandate through its Information Services Division ( ISD). For
example, ISD tries to monitor the State's acquisition of resources by reviewing and ap-proving
agency purchases. In addition, it attempts to coordinate statewide resources by
collecting information from agencies regarding their current and planned use of technol-ogy.
However, ISD has had limited success in controlling the State's technology resources,
as many agencies circumvent its efforts to coordinate statewide resources.
Organization and Staffing
Under the direction of an Assistant Director, with approximately 265 Full- Time Equiva-lent
staff ( FTEs), ISD provides three general services: computer services, telecommunica-tions
services, and statewide information technology planning and development.
Computer services - Approximately 138 FTEs are responsible for operating the DOA
Data Center, which provides technical support and data processing and storage for 60
state agencies. Specifically, technical specialists provide support in the operation of
computers, communication systems between computers, and the application of com-puter
programs.
Telecommunica~ onss ervices - Approximately 52 FTEs provide 94 agencies with
telecommunications services involving both voice and data transmissions. Specifically,
the Division provides voice communication services by essentially operating as a tele-phone
company for state agencies. Through its data communications services, ISD
connects agencies' data communications devices together into systems referred to as
networks. The Division also provides technical support for some of these networks.
Technology planning and development - Approximately 75 FTEs support agen-cies'
technology needs and develop computer program applications for agencies' use.
For example, ISD account executives serve as points of contact for agency support and
to help agencies develop automation plans, system designs, and technology- related
cost estimates. Additionally, ISD's application development personnel set up systems
for smaller agencies that cannot develop systems for themselves. They also operate
statewide computer systems, such as financial and human resource systems.
Funding
The bulk of ISD's funding comes from two separate funds ( Automation Fund and Tele-communications
Revolving Fund) that derive revenues from charges to state agencies for
computer and telecommunications services. In fiscal year 1995, both funds generated ap-proximately
$ 27 million in revenues for ISD. While each fund generated virtually equal
amounts of revenue, most of ISD's staff is funded with Automation Fund monies. This
occurs because the Telecommunications Revolving Fund pays more for vendor- supplied
services versus the Automation Fund, which pays more for services directly provided by
ISD.
In addition, the Legislature appropriated approximately $ 2.4 million from the General
Fund to operate the State's financial information and human resources systems. Finally,
the Division is responsible for the Emergency Telecommunications Revolving Fund, which
accounts for receipts from the telecommunications services excise tax levied against
monthly telephone bills and remitted by the telephone companies. These monies are then
passed through to political subdivisions of the State based on funding needs for equip-ment,
ongoing maintenance, and the telephone circuits used to implement and operate
emergency telecommunication services ( i. e., 911). In accordance with A. R. S. 541- 702.01,
ISD retained an estimated $ 160,700 from the Fund in fiscal year 1994- 95 to pay for two
FTEs and other operating expenses.
Audit Scope and Methodology
This audit focused primarily on ISD's ability to facilitate and coordinate statewide infor-mation
technology planning as well as its ability to provide reliable, competitive com-puter
services to state agencies. To determine the adequacy of statewide information tech-nology
planning and coordination, several meetings of a council of chief technology man-
agers of major state agencies were observed as they discussed statewide technology is-sues.
In addition, we conducted focus groups of major technology managers from large
public and private organizations to discuss topics relative to information resource man-agement.
Further, we reviewed previous studies conducted by the Joint Legislative Bud-get
Committee ( JLBC) staff and the Governor's Office for Excellence relating to statewide
information resource management issues. Finally, states noted for groundbreaking inno-vations
in government information technology planning and implementation were con-tacted.
To assess customer satisfaction with ISD's computer and telecommunications services,
we surveyed the largest users of ISD's services, comprising 98 percent of the combined
Automation Fund and the Telecommunications Revolving Fund. In addition, we com-pared
ISD's service planning and structure to other local entities as well as other states.
Based on our agency survey, we found that ISD was doing relatively well in its provision
of voice telecommunication services ( i. e., telephone), receiving high marks for quality,
value, and timeliness.
During the course of our audit, it became apparent that DOA has historically struggled to
fulfill its statutory role of statewide coordination and provision of information technol-ogy.
In fact, our 1981 audits of the Department uncovered some of the same problems that
exist today. For example, at that time, DOA had not effectively coordinated statewide
resources or provided effective guidance for the acquisition of new resources. Further,
data center services were provided without regard to efficient use of resources and the
planning process was plagued by insufficient coordination with user agencies. Our cur-rent
audit also found fundamental deficiencies in ISD's coordination of technical resources
and provision of technical services. Therefore, findings and recommendations were de-veloped
in three areas.
The need for a strong chief information officer to better coordinate the State's informa-tion
technology resources,
The need to examine funding mechanisms that would enhance the State's manage-ment
of information technology resources, and,
The need to better adapt ISD's computer services to the modern computing needs of
its customers.
This audit was conducted in accordance with government auditing standards.
The Auditor General and staff express appreciation to the Director of the Department of
Administration and the staff of the Information Services Division for their cooperation
and assistance throughout the audit.
FINDING I
THESTATENEEDSA
CHIEF INFORMATION OFFICER
Arizona needs an effective chief information officer ( CIO) to establish statewide direction
and coordination over its annual information technology expenditure of approximately
$ 200 million. Although statutorily mandated to coordinate the State's use of technology,
the Department of Administration ( DOA) is poorly structured to perform the function
effectively. As a result, the State inadequately manages its investment in technology, of-ten
acquiring overpriced and underutilized resources. Therefore, Arizona should remove
statewide information technology coordination from the DOA and establish a chief infor-mation
officer position in a new agency specifically dedicated to this function.
The State spends approximately $ 200 million each year on information technology re-sources.
Arizona's information technology- related expenses include data processing equip-ment,
software, personnel, consultant fees, and operating expenses. The State uses these
resources to develop and maintain systems that process, store, secure, and transmit infor-mation.
The type of equipment the State deploys ranges from large computers found in
data centers, to personal computers and telephones found on thousands of employees'
desks.
DOA an Inappropriate
Organization for an Effective CIO
DOA's structure inhibits its ability to serve as the central authority over the State's $ 200
million annual information technology investment. Arizona statutes mandate DOA to
function as the State's coordinator and central service provider for information technol-ogy.
However, the coordination role lacks oversight authority. Furthermore, DOA's ser-vice
provider role detracts from its oversight role. By contrast, states that manage infor-mation
technology well use a chief information officer ( CIO) to direct their technology
resources separately from the provision of such services. Furthermore, recent studies and
proposed legislation have recognized the weakness of DOA's structure and recommended
stronger central direction over the State's technology resources.
DOA irzalzdated to coordinate resources and provide central services - DOA is statuto-rily
mandated to coordinate the State's information technology resources. To fulfill this
mandate, the Assistant Director of DOA's Information Services Division ( ISD) requires
state agencies to submit three- year automation plans that explain agencies' current and
planned uses for information technology. Also, before agencies purchase any informa-tion
technology goods or services, they must first gain approval from the Assistant Direc-
tor. Furthermore, the Assistant Director may reject the agencies' planned use and acquisi-tion
of information technology resources if they do not match statewide plans for auto-mation,
or previously approved agency plans. In addition to its coordination role, stat-utes
also mandate ISD to establish operating centers that serve state agencies. As a result,
ISD operates an information processing center that computes and stores data for agen-cies,
and the equivalent of a phone company to provide telecommunications services to
agencies. ISD charges agencies for its services, which generates the bulk of ISD's funding.
Oversigltt role lacks authority - Despite the ISD Assistant Director's official authority,
we feel that any individual ( past, present, or future) would not effectively be able to
enforce either the automation plans, or the request for approval requirements, due to the
current placement of the position within DOA. Historically, agency directors have suc-cessfully
challenged the position's authority when ISD has decided the agencies' pre-ferred
information systems are not in the State's best interest. A common reason attrib-uted
to the Assistant Director's inability to assert his or her authority is the position's lack
of political and organizational status ( two levels below an agency director). According to
Phoenix- area CIOs contacted from both public and private organizations, political sup-port
of a CIO is critical to the position's effectiveness.(') Furthermore, these CIOs agreed
that the ISD Assistant Director position in the State's organizational structure lacks the
necessary high- level input and support.
Failing to direct agency compliance, recent assistant directors have unsuccessfully turned
to cooperative efforts to coordinate statewide resources. For example, in 1993, both DOA
and more than 13 other state agencies acknowledged the State's technology management
problems and committed to a 5- year strategic plan to improve the situation. Provisions of
the plan included, among other things, establishing statewide standards to allow agen-cies
to share resources, and improving the process for procuring resources. ISD antici-pates
the plan will result in a total five- year savings or cost avoidance of $ 39.2 million.
However, agencies' information technology managers working with ISD to carry out the
provisions complained that there was no commitment or direction from agency directors
or the Governor's Office to implement the measures. Currently, ISD and the agencies
have failed to carry out any of the plan's provisions.
Se~ vicero le rletrnctsfio~ izo versiglrt role - Furthermore, ISD's service provision respon-sibilities
create a conflicting set of priorities. For instance, ISD views agencies as custom-ers
in that it provides them services for which they are charged. As a result, ISD rightly
feels some obligation to meet customer demands. However, this can inhibit ISD's coordi-nation
of statewide resources, which often requires sacrificing agency preferences to achieve
a more efficient and effective statewide deployment of resources. Furthermore, as dis-cussed
in Finding I11 ( see pages 23 through 30), it appears to be in the State's best interests
(') To gain an outside perspective on the viability of the State's information management structure we
discussed the assistant director's position with a panel of current and former CIO's from the City of
Phoenix, Maricopa County, Salt River Project, Kraft Foods, Arizona Public Service, MicroAge, and a
professor of Management Information Systems at Arizona State University.
to move toward personal computer- based technology, but ISD is heavily dependent on
the revenues it obtains from providing mainframe services to other agencies. As a result,
the need for this revenue may influence ISD's actions when it comes to decisions regard-ing
statewide information technology.
Otlter states use CIOs - To compare ISD's structure against leading states, we reviewed
the management practices of six states known for managing their technology resources
effectively.(') Each of these states uses a high- profile CIO to set their state's information
technology policy ( including developing information technology vision and direction,
advocating strategic technology application, and facilitating resource sharing across agency
lines) through direct interaction and cooperation with the governor and top state agency
directors. This interaction ensures information technology policies conform to statewide
business priorities and are backed by the highest level of executive decision makers. For
example, Florida's CIO directs a staff that reports to the State's information resource com-mission
consisting of the governor and members of Florida's cabinet. The State created
the commission in 1984 to address ineffective technology planning, regulation, account-ability,
and standards. Today, Florida is recognized as a leader among states in technol-ogy
planning.
In recent years, many states have recognized the need for stronger management control
of information technology. In fact, in a 1994 National Association of State Information
Resource Executives survey, 23 states reported having a CIO with authority extending
beyond the executive branch. Furthermore, in leading states, this management control is
usually separated organizationally from the provision of technology services. For instance,
Utah's statewide coordinator operates in the Governor's Office, while central services is a
function of the State's Department of Administration. This division allows the coordina-tor
to develop statewide policies, and the service function to implement information tech-nology
through providing service to its customers.
Criticis~ o~ ft D OA strrlctilre not new - Recommended changes to DOA's ineffective struc-ture
have been presented on at least four occasions in the past four years. Specifically:
A letter from the Auditor General, November 1991, to the President of the Senate and
the Speaker of the House described the need for Arizona state government to better
manage information technology so that its full potential can be realized. The letter
noted that during the course of our audits, we have observed an alarming number of
instances where state agencies failed to achieve effective gains in productivity after
having invested huge sums of money in information systems. For example, agencies
seemed to follow a pattern of purchasing a major system, experiencing problems, and
then acquiring a new system to resolve the problems. In other instances, projects by-
( ) We selected these states based on their identification in industry publications as well- established
programs, or programs with highly respected information technology planning. The six states are
Florida, Kentucky, Minnesota, North Carolina, Utah, and Washington.
passed the scrutiny of the budget process because they were acquired with federal
funds. Finally, the letter states that there was no requirement for a central review of
technology projects and that lessons learned from one effort are not applied to other
agencies. The need to improve in all of these areas continues even today.
Project SLIM conducted a 1992 study, which recognized the State's need to improve
utilization and control over the development and application of technology. To achieve
this end, the report proposed creating a CIO- led staff directed by a committee of agency
directors advised by a committee of technical experts. The recommended organiza-tion
would have evaluated new technology products, created and reviewed state stan-dards,
and reviewed agency compliance with the standards. Agencies would have
been responsible for providing their own operational support, and monitoring their
agency's automation practices as directed by the committee of directors.
Integrated Systems Solutions Corporation ( ISSC) conducted a 1993 efficiency study
of the State's large agency information processing centers. This study recommended
creating a state CIO position, with an organization to develop common data commu-nication,
technical support, and administration over all these centers. According to
the study this would eliminate duplicated work, reduce costs, and improve the cen-ters'
effectiveness.
H. B. 2470 developed by the Joint Legislative Budget Committee ( JLBC) staff during
the 1995 legislative session, recognized the need for statewide oversight and planning
to increase sharing of information across the State's organizational lines. However,
because the ISD Assistant Director position lacks this authority, H. B. 2470 proposed
establishing a CIO position at the agency director level. According to the bill, the CIO
would head an agency responsible for establishing agency compliance with statewide
standards, studying new technology, and approving agencies' technology plans and
major projects. Furthermore, the bill proposed a committee of agency directors, legis-lators,
and private sector representatives to review technology standards, propose
needed legislation, and approve major technology projects. This proposed bill was
assigned to a legislative committee, but was never heard during the legislative ses-sion.
Until recently, efforts to adopt any of these proposals have been stalled. In 1993, appar-ently
in response to DOA's appointment of an assistant director of ISD and the develop-ment
of a five- year strategic plan, an Office of Excellence in Government ( OEG) report
concluded that the State was poised to manage its information technology well. The re-port
further stated that the need for changing organizational lines was not as important as
it may have been in the past. Despite these claims, the strategic plan, lacking high- level
support, was never implemented. Further, the Assistant Director position remained va-cant
for 14 months. However, more recently, the OEG and the DOA have been actively
working together to strengthen the CIO function as it currently exists within the DOA.
DOA just recently filled the Assistant Director position in October 1995 and upgraded the
position to a Deputy Director position focused on statewide planning. An ISD Deputy
Assistant Director position has also been created and filled to function as the day- to- day
operations manager over ISD's technology services. Furthermore, the statewide strategic
plan is currently being updated. Finally, the Office of Excellence in Government, the Of-fice
of Strategic Planning and Budget, and the DOA believe that eventually the CIO could
function outside the DOA.
Technology Poorly
Managed
Lacking a strong commitment to statewide oversight and coordination, Arizona has inad-equately
managed its technology resources. Specifically, the State focuses its information
technology planning and funding on agency- specific issues instead of the statewide ap-plication
of technology resources. Additionally, there is insufficient central evaluation
and oversight of agencies' major information technology projects. As a result, the State
suffers from duplicated resources and the purchase of underutilized and overly costly
resources.
Planning and financing overly foczrsed on agencies - Without a high- level commitment
to establishing a statewide direction, Arizona's technology planning is fragmented and
disjointed, leading to an agency focus rather than a statewide focus. As a result, agencies
create independent systems, which are incompatible with other agency systems, there-fore
inhibiting resource sharing. Not surprisingly, this type of decentralized approach is
very expensive. According to one well- respected research and consulting firm, organiza-tions
with a centralized approach pay 30 to 60 percent less for information technology
support and management.
An effective method of establishing statewide coordination of technology resources is to
incorporate agency management into statewide policy direction and application. For ex-ample,
Minnesota's Information Policy Council, consisting mainly of agency executives,
advises the State's CIO on information management issues. The Council has established
information management principles and actively promotes their application. These prin-ciples
include: 1) agencies must manage information resources as a core executive re-sponsibility,
2) agencies should share data across organizational lines, and 3) the State
must standardize its information resources as necessary to link state agencies and other
levels of government.
Further, to ensure agencies comply with statewide direction, some states require CIOs to
review agencies' technology plans and major projects before the State releases technol-ogy-
related funding to the agencies. This is done in several leading states, such as Wash-ington,
Minnesota, and Florida. In addition, technology managers from Arizona agencies
said that tying statewide technology planning to the State's budget process was critical
for getting agency directors' commitment to technology planning. ( See Finding 11, pages
17 through 21 for further details on needed strategic funding practices.)
Insufiicient eva Iuation and oversight of information teclznology projects - Arizona's
management of technology resources is further plagued by ISD's subjective evaluations
and insufficient oversight of agencies' technology projects. A common CIO duty is to
establish clear standards to evaluate major projects' potential success. For example, in
states like Minnesota, the CIO requires technical expertise and established planning be-fore
it recommends projects for funding. By contrast, while the Assistant Director of ISD
reviews project proposals, there are no defined standards to realistically estimate projects'
scope, cost, benefit, and timeliness. As a result, project evaluations are subjective and risk
approval without reasonable and unbiased expectation that agencies will complete them
as originally envisioned.
Further, other states use their CIOs to oversee large projects to ensure they stay on track.
For example, Washington's CIO must approve a major project's progress and direction
through specific phases before the State releases funding for the next phase. Washington
set up this practice to address its experience with major projects overrunning their budget
and time frames. Meanwhile, the ISD Assistant Director provides limited project over-sight,
predominantly as a by- product of helping agencies to manage specific projects.
However, few agencies want this oversight, and ISD has not always had the resources to
provide project management as a service. The following examples display ISD's poor
evaluation and oversight of projects:
W Example One - The Arizona Department of Transportation's ( ADOT) project to de-velop
a combined driver's license and title and registration system received legisla-tive
approval in 1989 for approximately $ 8.8 million over a four- year period. In 1992,
after two years of project planning and development, ADOT produced an " Imple-mentation
Alternatives Report," proposing a change to technology format for the project
and estimating its completion in 1995 at a cost of $ 26 million. Since that time, ADOT
has adjusted the scope of the project and now anticipates a July 1996 completion and a
final estimated cost of approximately $ 30 million. However, despite the project's size
and scope, ISD has not been actively involved in project oversight, according to one
ISD manager. In fact, due to ISD's lack of guidance, the Agency's 1994 automation
plan provides very little information regarding the project's progress, estimated costs,
scope, or timeliness.
Through much of its history, project oversight within ADOT lacked stability, impact-ing
upper management's ability to direct the project with sufficient input from skilled
and impartial parties able to evaluate it from a statewide perspective. Moreover, inter-nal
project management and control mechanisms for the project have been inadequate.
For example, as noted above, in 1992 ( three years into the project), the Agency de-parted
dramatically from its originally proposed technology. While both the Joint
Legislative Budget Committee and the Governor's Office for Strategic Planning and
Budget were informed of the change and approved additional funding, ISD did not
review or evaluate the feasibility and appropriateness of the new direction. In addi-tion,
despite involving one of ADOT's most critical processes ( i. e., driver's licensing),
this change to a newer, perhaps riskier, technology was done without knowing the
full ramifications of the different technology. In fact, when a risk assessment was sub-sequently
completed in 1994 ( five years after the project was initiated, and two years
after the decision to change technology), it revealed substantial problems. For example,
the assessment revealed ADOT's inability to ensure that changes to the system were
adequately assessed prior to their application. Perhaps as a result, the project's fin-ished
product will be later, smaller, and more expensive than anticipated.
Example Two - The Arizona State Retirement System started its $ 4.1 million effort to
automate several agency functions, without a business plan, project steering commit-tee,
project manager, experienced programmers, or involvement from the intended
system users. ISD's Assistant Director was aware of these significant problems, but
according to current ISD managers, the Assistant Director lacked the political clout to
stop the project. Not surprisingly, the Agency was two years into project implementa-tion,
and spent $ 2.9 million, before suspending the project because of funding con-cerns,
missed deadlines, and inadequate project development. Planned as a two- to-three-
year project in 1991, it is now scheduled for completion in 1998, nearly seven
years after its inception.
Had these projects been subjected to Minnesota's and Washington's processes, the CIO
could have required stronger evidence that the projects would be successful before ap-proving
them. Further, when the projects strayed from their original course, the CIO could
have stopped funding for them until the agencies proved they had established acceptable
progress and direction.
Resorrrces drrylicated, too costly, nlzd zr~ zderrrtilized - Left to their own accord, state
agencies have a track record of purchasing the same equipment, at higher rates and less
usefulness than could be achieved with a coordinated approach. For instance, the State
misapplies its money by acquiring the same resource several times, instead of sharing
resources between agencies. The State also buys resources at a higher per- item price, in-stead
of purchasing in bulk.(') Finally, the State's practice of not acquiring resources spe-cifically
designed to operate together hinders the utility of the resources. The following
examples illustrate these problems:
Example One - Six of the State's largest agencies operate their own data centers to
maintain and process essential management information. These data centers basically
depend on the same software to run their largest and most powerful computers. Had
the State contracted for the software as a single entity, instead of separately by agency,
While the State does utilize statewide contracts to allow agencies to purchase a wide variety of infor-mation
technology hardware and software, DOA officials agree more needs to be done in the area to
reduce purchasing costs.
it could have saved between $ 640,000 and $ 1.6 million annually, according to a 1992
study by Project SLIM.(') Furthermore, the agencies contracted for different versions
of the software, which has had negative impacts on the interaction and sharing of
resources and data between the centers. This costs the State an additional $ 500,000 to
$ 1 million annually, according to the study. Also, if the State had purchased compat-ible
software for the data centers it could more easily standardize the data networks
( telecommunication lines and devices that move data over phone lines) which connect
the data centers to other computers. This would save Arizona untold additional dol-lars
through increased efficiency and the ability to buy more resources in bulk. By
contrast, states with strong CIOs establish compatibility standards for information
technology hardware and software and guide agencies to purchase items that meet
those standards. Moreover, some states have successfully reduced their technology
costs and helped standardize their information technology resources by buying them
in bulk. For example, Texas developed statewide contracts, through which agencies
purchase discounted equipment that complies with statewide standards.
Example Two - Besides running their own data centers, Arizona agencies have es-tablished
at least 8 separate data networks to provide electronic communications to
locations throughout the State via more than 3,000 telecommunications lines.(=) T he
1992 Project SLIM study estimated that the State could save approximately $ 4 million
annually by consolidating multiple, redundant statewide voice and data networks.
As with the data centers, the State has not standardized its data networks, which ham-pers
interaction and shared resources between agencies. Conversely, Utah's CIO helped
create a unified statewide data network, credited with reducing Utah's telecommuni-cations
costs and enhancing its provision of services.
The Legislature Should Consider
Strengthening Technology Resources
Management with a Strong CIO
To manage the State's technology resources effectively, the Legislature should consider
establishing a new information technology management agency, headed by a CIO. This
agency should develop statewide direction for information technology and ensure that
state agencies follow that direction. In addition, based on models used in other states
with highly regarded information technology management programs, the Legislature
should also consider establishing an agency- represented information policy body and a
technical advisory council.
The Project SLIM study was conducted when there were five data centers; since that time, the De-partment
of Health Services has developed its own.
(*) A data network is commonly defined as a configuration of data processing devices and software
connected for information interchange.
CIO to head a new agenaj - Given ISD's structural weaknesses and history of ineffec-tiveness,
the Legislature should consider establishing a CIO to head a new agency to
manage statewide technology planning and coordination. This agency should be sepa-rate
from the provision of information technology services currently provided by ISD.
Therefore, the Legislature should consider repealing A. R. S. 541- 712 which requires the
DOA to coordinate statewide technology resources, and transfer that responsibility to the
newly created agency.
Based on the responsibilities of information technology management agencies in other
states, the new agency should be expected to fulfill the following responsibilities:
H Establish information technology vision - through advocating strategic technology
application, facilitating shared resources and interoperability across agency lines, and
studying new technology.
Establish information technology direction - through developing uniform policies,
procedures, and standards for statewide planning and project implementation.
Establish agency compliance - through reviewing and approving agencies' infor-mation
technology plans, and major projects.
Agencies involved in setting policy and tecltnical advice - During the course of our
audit we discovered that states with strong information technology management have
each recognized the importance of agency input. This input is typically achieved through
a commission of agency directors or a commission with representatives from various
government branches and levels, as well as private sector business and media representa-tives.
Although each leading state has different commission structures and duties, each
state's information technology management agency focuses on the development and imple-mentation
of policies and procedures. For example:
Florida - as noted earlier, Florida's CIO directs a staff that reports to the State's infor-mation
resource commission comprised of the Governor and members of Florida's
cabinet. The commission has information technology responsibilities including policy,
planning, standards, procedures, agency plan reviews, and assessment of multi- agency
use opportunities. The high level of the commission provides the ability to coordinate
planning with the Governor and the cabinet members and ensures a common state-wide
direction. It also provides the opportunity to create a broad composite of agency
input.
Kentucky - Kentucky's CIO directs the State's central information technology ser-vice
agency, but is advised on technology management issues by an independent pub-
lic/ private commission. The commission is represented by cabinet- level agency heads,
the private sector, the judicial branch, and regents officials, and recommends legisla-tion,
coordinates planning, approves agencies' plans, and promulgates administra-tive
regulations. The commission also oversees the activities of the central information
technology services agency. This structure allows statewide planning and policy to be
concentrated outside of agency lines, which allows the commission to be aware of
activities and opportunities in all agencies. Further, the structure insulates the com-mission
from some political influences.
Minnesota - Minnesota's information technology policy organization and central
service organization are both housed in the State's administrative department, but as
separate entities. The CIO's policy organization develops policies regarding the struc-ture
of statewide systems and the process used to manage information. The organiza-tion
also reviews budget requests and makes funding recommendations. A committee
of agency executives advises the CIO on information management issues. By setting
information policy from a central department, the State can effectively address multi-departmental
issues and aid in developing common technology standards and pro-moting
greater efficiency and effectiveness.
If the Legislature establishes a new information technology agency, a governing structure
similar to the models used in other states should be provided. Currently, Arizona has the
Governor's Automation Advisory Council whose membership includes both agency di-rectors
and information technology experts from the private sector. However, the Coun-cil
has negligible authority and is lightly regarded in terms of its influence over statewide
information technology. Therefore, if the Council is to be expected to provide statewide
business direction, its authority as outlined by A. R. S. 541- 714 would need to be increased.
Specifically, such a group should be responsible for establishing the statewide informa-tion
policies to be implemented by the new agency. Such direction is necessary to ensure
information technology policies reflect statewide business priorities and are supported
by the highest level of executive decision makers. This group would also be responsible
for directing the planning and implementation of technology as it pertains to high- level,
management issues, such as information needs identification, data sharing, privacy, and
security.
To support its policy- setting body, the Legislature should consider establishing an advi-sory
group that provides a technical perspective to information technology policies the
State implements. Other states, such as Minnesota and Utah, have established committees
to provide technical input. Currently, Arizona has a council of agencies' technology man-agers,
referred to as the CIO Council. However, the Council does not formally report to
anyone, and has no clear duties or direction. As such, Arizona should formalize the du-ties
of the CIO Council and specify to whom it is responsible.
RECOMMENDATIONS
1. The Legislature should consider establishing a new state agency to develop statewide
direction for information technology and ensure that state agencies follow that direc-tion.
This will require legislation to create the agency and to transfer relevant author-ity
and responsibility currently assigned to the Department of Administration to the
director of the new agency.
2. To ensure information technology policies reflect statewide priorities and are sup-ported
by high- level executive decision makers, the Legislature should consider es-tablishing
a formal information technology policy board comprised of state agency
directors. If the Legislature desired to utilize the currently existing Governor's Auto-mation
Advisory Council to achieve this end, A. R. S. 541- 714 would need to be revised
to increase the Council's authority over statewide information technology issues.
3. To advise the policy board and the CIO on the technical application of statewide poli-cies
and standards, the Legislature should also consider establishing a technical advi-sory
council comprised of agency technology experts. If the existing CIO Council were
to be used to fill this role, its reporting structure and duties should be formally de-fined.
FINDING II
ARIZONA SHOULD CHANGE ITS
PROCESS FOR FUNDING TECHNOLOGY
Arizona needs to apply a strategic focus to its technology funding. Current Arizona prac-tices
for funding information technology are narrowly focused and undermine the State's
control over information technology expenditures. To improve its statewide coordina-tion,
Arizona should integrate its information technology planning and funding.
Financing Methods Undermine
Central Coordination
Arizona's information technology funding inhibits effective statewide planning and co-ordination.
Arizona allocates its funding to benefit agencies specifically, rather than con-centrating
its funding on a common set of priorities. Also, the State fails to look past
technology resources' immediate costs to fund their longer- term operational maintenance
and eventual replacement costs.
Central coordi~ zatio~ z~ r~ zdevrnitze- d Not tying the budget process to central oversight
and statewide planning weakens Arizona's control over information technology expen-ditures.
For example, as mentioned in Finding I ( see pages 5 through 15), ISD requires
( although there is widespread noncompliance) agencies to develop automation plans that
explain the agencies' current and planned use of information technology. Furthermore,
agencies are to submit these plans to the ISD Assistant Director for approval each year.
However, this process is not coordinated with the budget process to ensure that the State
funds information technology from a statewide perspective.
Furthermore, ISD does not interact with either of the State's budget agencies to compre-hensively
assess state agencies' information technology budget proposals. Close interac-tion
might be expected, given that the Governor's Office of Strategic Planning and Bud-geting
( OSPB) and the Joint Legislative Budget Committee ( JLBC) staff generally review
and recommend approval for these proposals. Furthermore, given that neither budget
office has extensive in- house technical expertise or knowledge of the State's information
technology expenditures, other than on an agency- by- agency basis, frequent interaction
between the budget offices and ISD should be considered essential. Yet, the OSPB direc-tor
noted that some agencies bypass executive branch oversight altogether by approach-ing
the Legislature directly for support and approval of their technology expenditures.
By contrast, leading states, such as Washington, Minnesota, and Florida, closely tie their
technology planning process with their state budget process. In these states, information
technology- related funding recommendations are made based on the acceptability of the
agencies' technology plans and the feasibility of major projects. For example, in Washing-ton,
statutes require the State's information technology policy office and the State's finan-cial
management office to establish budget evaluation criteria for information technol-ogy.
The goal of these statutes is to justify funding requests and identify specific funding
required to carry out the State's overall implementation plan.
Funding too focused on specific agencies - Reflecting the State's weak central oversight,
Arizona continues to fund its technology investments, as it has for decades, through agency-by-
agency appropriation or budget approval. As indicated in Finding I ( see pages 5 through
15), this decentralized approach is very expensive. Meanwhile, other states have set up
collective funding to manage their technology investments from a statewide perspective.
For example, Massachusetts funds its major technology initiatives through a centralized
bond fund. Through the process, agencies submit proposals to the State's central informa-tion
resource management ( IRM) policy- setting committee. The committee decides which
projects best fit the State's overall IRM goals. In 1994, the State emphasized technology
funding for projects that provided positive return on investment within 18 months; or
involved a program that was a Governor's administration priority; or addressed large,
budget- sensitive programs. Although the funding source was collective, resulting projects
benefited both the whole State, and specific agencies as well. Sample projects include
consolidating data centers, automating a statewide accounting function, and automating
three agency- specific case management systems. According to the State's chief informa-tion
officer, the fund has afforded Massachusetts the opportunity to set priorities for ini-tiatives
and establish much greater statewide coordination.
Furthermore, although today's technology offers broad benefits to the State, agencies typi-cally
use their appropriated or otherwise dedicated funding to acquire resources for their
own agency- specific benefit. For example, large agencies, with their own goals in mind,
have received their own funding to develop eight separate statewide networks. As men-tioned
in Finding I, duplication among these eight networks, as estimated by Project SLIM,
costs the State approximately $ 4 million annually. In contrast, other states have funded
consolidated statewide networks to provide effective and efficient telecommunications
throughout their states. For example, Utah has made a major commitment to its statewide
telecommunications, connecting nearly all departments at sites throughout the State. Utah
anticipates the system will improve its productivity and decision making while reducing
its communications and travel expenses.
Other states have also employed financial methods that support shared data and resources.
For example, the New York State Legislature appropriates money to a university- run
technology center for technology research and development. The center also receives in-kind
support from participating agencies and the private sector. The center tests technol-ogy
proposals for agencies and shares the results with the public sector at large. For ex-
ample, the State's motor vehicle department partnered with the center to test a proposed
imaging system. Though the motor vehicle department was the primary beneficiary of
the project, the research center shared the project's results with 35 other agencies through
demonstrations and presentations.
Long- term costs not considered - Not only is the State's funding for technology invest-ments
too narrowly focused on agency- specific issues, the consideration of the long- term
costs associated with these systems is also neglected. Specifically, Arizona has not set up
a process to consider the multi- year costs of developing, using, and eventually replacing
the systems over time. Rather, state agencies essentially justify their systems as if they
were one- time, immediate solutions for agency problems. This short- term view can ulti-mately
result in higher costs and delays in information processing.
In contrast, other states have addressed the costs of maintaining and eventually replacing
technology systems. For example, since 1990, Minnesota agencies have analyzed infor-mation
system life cycle costs as a budget guideline for evaluating the costs of proposed
projects. This analysis examines a technology system's entire useful period, paying atten-tion
to the various activities that an organization must fund and manage over the life of
the system. While Arizona statutes require life cycle costing for technology purchases, the
requirements are tied to the procurement process instead of project planning and are seen
by DOA representatives as insufficient.
In addition, Kansas partially funds the replacement of its technology resources by calcu-lating
depreciation of its resources and charging this value to agencies that are customers
of its central technology service. Payments for depreciation are then transferred to a re-volving
fund that Kansas uses strictly to reinvest in its technology resources. While ISD
includes depreciation in its service charges, it does not set money aside in a separate fund
to replenish its resources.
Arizona Should Coordinate Information
Technology and Planning
To support statewide information technology coordination, Arizona's information tech-nology
planning and funding should be integrated. The State's information technology
policy development should be formally integrated with the State's budget process. Fur-ther,
the State should consider specific funding mechanisms that could enhance broader,
more strategic application of information technology.
State slzon2d integrate irlformation teclznolopj polinj with funding - Arizona should
coordinate statewide technology planning and budgeting. This should include tying the
review and approval of agencies' information technology plans and major projects with
agencies' requests for funding. This will require the cooperation of the State's budget
offices and a central agency to set information technology guidelines. As is done in other
states, a review of agencies' plans and projects and the recommendations for their fund-ing
should be statutorily required, before agencies receive funding for information tech-nology
related expenditures. This review could be enhanced by:
W Establishing evaluation criteria - The State should require the new agency to de-velop
standardized, specific criteria for evaluating agencies' plans and projects. Ex-ample
criteria for agency plans could include identifying how the agency plans to use
its information technology to make its data easier to access for the public and ex-changeable
with other state agencies. Major projects could be evaluated on such fac-tors
as cost, risks, need for, and ability to meet deadlines.
Focusing on major projects - Many states focus their oversight on major pro~ ectsa, s
defined by their cost, need, or risk. For example, in Washington only projects that
exceed $ 3 million or 4 percent of an agency's budget must be reviewed.
W Funding information technology projects by phases - Some states fund technology
projects in phases to ensure sufficient oversight throughout a project. Washington, for
instance, funds its major projects incrementally. Project funding across the State's two-year
budget cycles is continued as long as the State's information technology policy
organization approves the project's progress. This helps accelerate the funding pro-cess
for major projects and reduces the risk involved.
State sliould cosisider otlrer frrrrdisrg - In addition to changing the process by which
agencies' information technology funding requests are approved, Arizona should also
consider changing the mechanism by which the State funds information technology. For
example:
W Collective Funding - Arizona could fund all of its major technology initiatives through
a common mechanism. Both OSPB and JLBC staff suggest that a method such as the
one used to fund the State's capital building renewal process would be a workable
concept for information technology funding. Such a system allows agencies to de-velop
plans, identify needed expenditures, and make funding requests to a central
agency. The central agency is then able to prioritize requests and identify the total
funding needed for priority projects. Once this process is completed, the complete
funding package is forwarded to the budget offices, which make funding recommen-dations
to the Legislature. Similarly, Minnesota uses a process in which its financial
division sets a target amount for investing in information technology, and its informa-tion
technology policy organization recommends priority projects to be funded within
that amount.
Incentive Funding - Arizona could adopt incentive funding, which is used by other
states, to encourage agencies to carry out statewide priorities. For example, Florida
has set up a fund to encourage agencies to carry out new technology that better deliv-ers
services and saves money for the State. The State's Legislature appropriates money
for the fund ($ 4 million in fiscal year 1994- 95). The State's management services de-partment
administers the fund and the State competitively grants ($ 3 million) or loans
($ 1 million, interest free) money to agencies. Agencies are encouraged to submit pro-posals,
large or small, that will result in measurable savings, cost avoidance, or in-creased
productivity. In fiscal year 1994- 95, sample innovations included a $ 300,000
proposal to use computerized scientific instruments to provide DNA analysis more
efficiently and effectively. The proposal is to net the State approximately $ 1.2 million
in benefits.
RECOMMENDATIONS
1. To improve statewide coordination of major information technology projects, the Leg-islature
should consider requiring the State's CIO to:
Work in conjunction with JLBC staff and OSPB to define specific criteria for evalu-ating
state agencies' strategic plans and major technology projects to be reviewed
and approved before recommending appropriation of monies for such projects.
Provide JLBC staff and OSPB reviews and recommendations regarding all appro-priation
requests for projects meeting the predetermined criteria prior to these or-ganizations'
budget approval recommendations.
2. To streamline the funding and ensure continued justification for major technology
investments, the Legislature should consider appropriating monies for such projects
in phases.
3. The Legislature should consider adopting additional funding mechanisms to enhance
broader, more strategic application of information technology, such as:
Collective funding to facilitate central consideration of statewide priorities for tech-nology;
as well as application of technology resources, and research and develop-ment
that benefits multiple agencies
Considering the long- term demands on the technology resources and budgeting
accordingly
FINDING Ill
ISD FAILS TO ADAPT TO THE MODERN
COMPUTING NEEDS OF ITS CUSTOMERS
Regardless of changes made in its statewide planning duties, the Information Services
Division ( ISD) needs to improve the direct services it provides to agencies. DOA should
particularly focus on bringing distributive technology to agencies. Despite significant
movements in computer technology in recent years, ISD has made limited efforts in the
area, largely ignoring the needs of its customers. Movement toward newer technology
has been thwarted by ISD's dependence on mainframe computer revenue while service
quality has been hampered by poor planning and a lack of customer focus. To establish
itself as a competitive and reliable " vendor," ISD must reexamine its services and adopt
better business planning methods.
Modern Computing
Environment Is Changing
The rapid growth of personal computers ( PCs) is shifting data processing away from the
mainframe computer. The mainframe is a centrally located computer system that stores
shared information and manipulates a vast quantity of data for the many users connected
to it. Although there will always be a need for mainframe computers, PCs are now per-forming
many traditional mainframe functions. PCs allow users to customize their pro-cesses
at their desktop to achieve greater flexibility. Moreover, when PCs are linked to-gether
they form networks that can combine the ability to share information with a PC's
flexibility. This kind of technology is often called " distributive" because the computing
activity is spread throughout the computer network.
ISD's Distributive Computer Efforts
Limited and of Uncertain Quality
While ISD has made limited efforts to adopt modern distributive computing technolo-gies,
these endeavors have been poorly received. ISD currently does not provide many
important distributive services. Moreover, when ISD does provide these services, agen-cies
suggest they are often of mediocre quality.
ISD rleglects distribrrtive rreeds of state agerzcies - Despite increased demand by state
agencies for distributive services, ISD has done little to meet agency needs. For example,
as of August 1993, there were an estimated 85 computer networks and over 8,000 PCs
operating in the executive branch of state government.(') However, ISD provides techni-cal
support for only 2 of these 85 networks ( the DOA and the Governor's Office), and
provides no personal computer support beyond assigning one technician to react to emer-gency
calls. Furthermore, only 11 of the 44 ISD staff members assigned to developing
computer systems and software are considered by ISD management to be skilled in the
planning, design, and construction of modern distributive systems.
Agencies give mixed reviews of existing semices - Of those newer technology services
ISD does provide, certain services particularly drew criticism from agencies. We distrib-uted
a survey to 57 of the largest users of ISD services to determine customer needs and
satisfaction regarding the timeliness, quality, and value of ISD's services.( 2) D istributive
services such as the statewide communications network, program design, and project
management were clearly identified by respondents as important to their agency's opera-tions.
However, the managers also said that as important as these services are, their qual-ity,
value, and timeliness need improvement.
For example, ISD's Multi- Governmental Network, or MAGNET, links 25 state agencies
and their networks together to form a statewide data communication ~ ystem.(~) Staatgee ncy
representatives ranked MAGNET as very important ( 8.44 on a scale of 1 to lo), but their
written comments suggested that the network needed improvement in quality, timeli-ness,
and value. In addition, of the 16 responding agency representatives who used MAG-NET,
11 complained of poor service quality or excessive downtime. c4)
ISD was also criticized for its performance in developing computer programs and help-ing
manage automation projects for its customers. Again, representatives rated highly
both the importance of ISD's project management ( 8.14) and program development ser-vices
( 9.63).( 5) Yet, the quality, value, and timeliness of these services scored two to three
points lower than the services' importance. Moreover, of the 10 agencies' representatives
Based on the Joint Legislative Budget Committee's 1995 Staff Report on Government Information
Technology. Figures do not include the universities.
(') The survey was sent to 57 of the largest users of ISD's telecommunications services, representing
over 9s percent of ISD's combined telecommunications and automation revenues for fiscal year 1993-
94. A total of 45 agencies responded.
( 3) In addition to the 25 state agencies linked to MAGNET, 7 city or county organizations have access to
the MAGNET network but were not included in the survey.
( 4) While some agencies noted concerns in our survey, the DOA officials contend that the MAGNET has
minimal downtime, operating 99.5 percent of the time.
( 5) In our survey, 8 agencies reported using ISD's program design services and 7 used its project man-agement
assistance in fiscal year 1993- 94.
that indicated they had used either or both of ISD's project management or computer
program development services, one half complained of the poor quality of these services.
Examples of the impact of poor and untimely service from ISD include:
A state licensing board requested ISD's assistance with the development of an auto-mated
telephone system to verify the status of licensees, a system similar to ones used
by several other states. Currently, the board dedicates two full- time employees to
answer the approximately 750 to 1,000 calls received daily requesting information on
the status of licensees. ISD officials agreed to help determine equipment needs, but at
the end of 15 months there was no progress in the requested system. As a result, the
licensing board officials turned to a vendor to provide this expertise. When contacted,
ISD officials stated that they lacked sufficient expertise to meet the agency's needs.
Currently, the Departments of Transportation and Economic Security use separate
lines to carry both voice and data telecommunications to Yuma through private sup-pliers.
To address this inefficiency, in February 1995 a committee primarily composed
of information technology officials from several state agencies discussed a pilot project
to centralize these duplicate telecommunications lines and possibly attract other state
agencies with this new system. However, when it appeared ISD would be responsible
for administering the data telecommunications line, the participating agencies' resis-tance
to the project effectively ended the effort. According to the committee's report,
concerns over ISD's involvement primarily included a lack of trust in ISD's abilities
compared to vendors, coupled with a history of poor communications by ISD officials
and agency personnel.
A small state agency contracted with ISD to work with a commonly used software
program for its network of personal computers. While ISD initially estimated the project
would be finished in " a few months," it wasn't completed until approximately two
years later. Among the many reasons given for the delay, ISD informed the agency
that the programmer ISD assigned to the project needed to complete a training pro-gram
to familiarize himself with the agency's PC network; a network used by many
agencies.
Reliance on Mainframe
Revenues Prevents Change
ISD's distributive efforts are limited by its emphasis and dependency on older main-frame
technology. ISD relies on profits from many of its mainframe services to fund its
operations. ISD then uses these profits to subsidize services that do not pay for them-selves.
ISD reaps profit from Inany lnainfvalne seruices - ISD relies on mainframe revenues to
support its division- wide operations. In fact, mainframe computer processing accounts
for approximately 79 percent of ISD's total automation revenues. Much of this revenue is
profit. For example, ISD generated over $ 8.6 million from its largest mainframe computer
processing service in the 1993- 94 fiscal year. At the same time, ISD's documented costs for
this service were $ 5 million, approximately 42 percent less than the costs charged to the
mainframe customers. As a result, agencies who are large users of mainframe services
contribute a great deal toward ISD's other operations. For example, in fiscal year 1993- 94,
the Arizona Health Care Cost Containment System ( AHCCCS), ISD's single largest cus-tomer,
paid an estimated $ 1.8 million beyond the calculated costs of the services it re-ceived.
This dependency on mainframe computing revenues hampers ISD's ability to provide
modern computing services. Since mainframe and distributive systems can perform simi-lar
functions, any shift of services toward supporting distributive computing can nega-tively
impact the mainframe revenue source that ISD depends on for a large portion of its
revenue. Therefore, this process works as a disincentive for ISD to provide or support
distributive computing services to state agencies.
Profits used to szibsidize seruices - ISD's dependence on mainframe revenues is intensi-fied
when it uses the excess revenues generated from older technologies to support ser-vices
that fail to pay for themselves. For example, in fiscal year 1993- 94 those agencies
using ISD's mini computer services paid only $ 331,000 ( or 52 percent) of the estimated
$ 632,000 it cost ISD to establish and maintain the system.(') The remaining balance was
reallocated from surplus revenues generated by ISD's other customers.
Poor Planning and a Lack of Customer
Focus Hinder Service Quality
While ISD's dependency on mainframe revenues prevents decisive movement to newer
technology services, ISD's record of poor planning and customer focus hamper its ability
to provide quality services. ISD's capacity to provide efficient, quality service is impeded
by its poor efforts at business planning and inability to coherently address customer con-cerns.
Historically, ISD has not created a business plan before undertaking a new technol-ogy
project, resulting in the development of services that fail to recover their costs. Addi-tionally,
ISD's fragmented customer service organization makes it difficult to focus on the
needs of its customers.
These figures are based on ISD's fiscal year 1993- 94 Rate Development Schedule. This schedule fig-ures
the costs per unit for each service by dividing the budget for the entire service by the number of
units it expects to sell.
ISD's business planning inadequate - ISD's efforts to provide efficient, quality distribu-tive
services are hindered by its failure to undertake appropriate business planning prior
to establishing a new technology service. Specifically, ISD often plans for new services
and invests in new equipment without measuring customer preferences and developing
a plan to recover its costs. For example:
ISD's major telecommunications network project, MAGNET, was initiated more than
seven years ago without any type of business plan. Consequently rudimentary busi-ness
planning items such as an analysis of customer needs, pricing strategy, and cost
recovery were not carried out until five years after the project began. As a result, in
1995 MAGNET'S losses threatened to bankrupt the Telecommunications Revolving
Fund. ISD avoided this largely through reducing services and delaying hiring a com-plete
MAGNET support staff. Nevertheless, MAGNET experienced a loss of approxi-mately
$ 996,000 in fiscal year 1994- 95 and ISD estimates it will lose another $ 900,000
in fiscal years 1995- 96.(')
ISD replaced its old IBM minicomputer system with IBM's newest model without first
conducting a business plan. Only later did ISD's analysis reveal that its rates would
not cover the higher costs of the new system. A fear of losing customers prevented
ISD from charging a rate sufficient to fully recover the costs of the new system. As a
result, the minicomputer system lost approximately $ 300,000 in fiscal year 1994 alone. c2)
ISD recovered this deficit by reallocating surplus revenue generated from its main-frame
customers.
ISD's iiitcoovdi~ tatedc risto~~ tseerv vice stuiichrre nflects sewice qriality - While ISD's
inadequate planning allows for the development of services that are unable to pay for
themselves, ISD's fragmented customer service structure fails to provide coordinated,
quality customer support for its services. For example, to deal with strategic customer
service issues, ISD maintains two separate customer service contacts for agencies - one
for telecommunications and one for automation issues. Moreover, for automation issues,
agencies' first contact with ISD is its " HELP desk," which is not combined into a single
organizational unit. Instead, it is a collection of separate help desks divided by type of
technology. For example, some ISD staff provide telephone assistance regarding the State's
payroll and accounting computer system, while a separate group is dedicated to answer-ing
questions regarding mainframe issues. Instead of reporting to ISD's client services
section, these varied groups work with the managers of each technology section, hinder-ing
a coordinated response to agency needs and concerns.
Based on 1995 preliminary budgets.
( 2) Based on ISD's fiscal year 1993- 94 rate development calculations and revenue reports.
Survey results for ISD's technical support services resemble the MAGNET situation de-scribed
earlier. Agency representatives felt that the HELP desk was very important to
their operations ( 8.73) yet gave mediocre ratings on items such as service quality ( 6.77)
and timeliness ( 6.31). Over one- third of the responding HELP desk users commented on
service issues such as lack of staff knowledge and slow response times. Other criticisms
highlighted ISD's lack of a cohesive approach to the customer. For example:
One large user of ISD's services commented - " There is no effective communication
among internal ISD areas. Each interacts with their customers independently. When
issues or problems occur in one ISD area, the customer is responsible for coordinating
related activities with other DOA areas."
A smaller user described their customer service contacts - " When ISD set up their
system of account representatives, it became very hard to directly talk to the person
who could solve your problem and involved more time on our part."
A third agency described their experiences with ISD's computer support telephone
hotline - " Very slow. Not inclined to want to help. ' Not my problem' syndrome.
They've often said to call someone else."
ISD Must Alter Its Practices
to Meet Industry Changes
Regardless of the placement of statewide planning duties as discussed in Finding I, ISD
must focus on its role as a service provider. To offer competitive services and improve its
capacity to develop contemporary, marketable services, ISD must do two things. First,
ISD needs to reexamine its service provision and pricing system to stop depending on the
mainframe to support inefficient services. In addition, ISD needs to incorporate better
business planning that includes customer participation into its future service provision
decisions.
Reexmrri~ res ervices - ISD needs to reexamine the spectrum of services it currently pro-vides
and determine which services are economically viable. Services that cannot support
themselves must be improved or considered candidates for outsourcing. Some organiza-tions
are making such decisions by examining their service composition in order to de-velop
a more modern service emphasis. For example, Salt River Project is using a highly
regarded consulting service to identify and measure the quality of its computing services.
This information will help determine which services can be left to vendors and which
should be retained. In addition, the City of Phoenix decided to turn over its mainframe
operations to a private vendor, allowing its information processing agency to concentrate
on the distributive role of information processing.
Once ISD has decided which services to provide, its charges need to be based on the
actual costs of providing the services rather than artificially low rates. While ISD plans to
alter future rates to bring some services closer to their estimated costs, current practices
continue to depend on mainframe processing to subsidize services that operate at a loss.
In contrast, Kansas and Washington avoid this kind of subsidy by requiring each service
to come as close as possible to paying for itself. To do this, they conform to a rigid cost
accounting system that prevents the redistribution of overhead costs.
Better business planning - ISD also needs to develop a sound business process that com-bines
better financial planning with strong customer feedback into planning and carrying
out new services. An accurate, realistic system for cost recovery must be developed dur-ing
the planning process to assess the validity of the project. Moreover, customer demand
and preferences for new services must be taken into account in any new service direction.
ISD has improved in this area through several recent efforts such as surveying customer
preferences for network support services. Also, ISD formally reviewed its voice telecom-munications
and LAN services in March of 1995 and expects newly created business plans
for these services in October of 1995. However, ISD's other existing services need to be
examined. This was done in Minnesota with a major refocusing effort to develop a busi-ness
plan that would meet current and future customer needs. Minnesota used a compre-hensive
survey of customers and employees to determine the viability of existing services
and on a continual basis obtains customer feedback, and monitors customer preferences
and their changing computer needs.
To enable ISD to better solicit customer preferences, it should provide its customers with
a single, convenient organization for analyzing customer preferences. As noted earlier,
the current ISD structure provides agencies with many separate customer contacts orga-nized
around services rather than customers.( l) Other organizations have responded to
this problem by elevating contacts to a level where representatives have the authority to
effectively address agency needs. For example, North Carolina has combined many of its
customer service sections with a new unit designed to focus on agency needs. Moreover,
Minnesota and the City of Phoenix assign high- level agency managers the responsibility
With the Deputy Director and Assistant Director positions now in place and filled, DOA has recently
begun to review the adequacy of its current customer service structure.
29
for relationships with its key customers. This is not only a powerful communication tool,
but it provides customers with an effective advocate within the information resource
agency's management.
RECOMMENDATIONS
1. ISD should reexamine the services it currently provides based on customer demand
and economic viability. Services that fail to meet these standards should be improved
or considered candidates for outsourcing.
2. ISD needs to position itself to take greater advantage of emerging new technologies
by:
I Reducing ISD's dependency on mainframe revenues by adopting rates based on
the actual costs to provide services.
I Consolidating its decentralized customer service functions to both improve cur-rent
service quality and better respond to the changing needs of ISD's customers.
3. ISD needs to develop a strong business planning approach in designing new services.
ISD should examine economic viability and customer preferences before it under-takes
any new project.
Agency Response
Governor
RUDY SERINO
Director
ARIZONA DEPARTMENT OF ADMINISTRATION
OFFICE OF THE DIRECTOR
1700 WEST WASHINGTON ROOM 601
PHOENIX, ARIZONA 85007
October 30, 1995
Mr. Douglas Norton
Auditor General
2910 N. 44th Street, Suite 410
Phoenix, Arizona 85018
Dear Mr. Norton:
Per our discussion last week, the Department of Administration's
written response to the performance audit of the Information
Services Division is attached for your review.
Although we may not agree with all of the recommendations, the
performance audit has been extremely helpful in reassessing
and validating key issues and improvement opportunities.
Rudy Serino
Director
cc: John McDowell
Deputy Director
IRM Group
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
Audit Finding I.
The State Needs A Chief Information OfSicer
Audit Recommendation 1
The Legislature should consider establishing a new state agency to
develop statewide direction for information technology and ensure
that state agencies follow that direction. This will require legislation to
create the agency and to transfer relevant authority and responsibility
currently assigned to the Department of Administration to the director
of the new agency.
Response:
The Department disagrees that a new agency is required at this time.
The Department has recently filled the State Chief Information Officer
( CIO) position and elevated it to Deputy Director, creating a strong
CIO position within ADOA. This is a leadership issue, rather than a
structural or statutory issue, and the existing statutes are more than
adequate.
The State CIO is in the process of developing a significantly improved
planning and oversight process, and there is no reason to delay or to
incur additional costs for a new agency.
Effective leadership, with a closer working relationship to the
Governors' Office, and removing the Chief Information Officer from
most service and operational issues, will accomplish the same goals
and objectives without creating additional bureaucracy.
Audit Recotnmendation 2
To ensure information technology policies reflect statewide priorities
and are supported by high- level executive decision makers, the
Legislature shozild consider establishing a formal information
technology policy board comprised of state agency directors. If the
Legislature desired to utilize the currently existing Governors'
Az~ tornation Advisory Council to achieve this end, A. R. S. g41- 714
zuozild need to be to increase the Council's authority over statewide
information technology issues.
Ocfober 26, 2995 - 1-
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
I. Chief Information Officer
2. Establish A Policy Board Of Agency Directors ( Continued)
Response:
The Department disagrees that new statutes are required, but agrees
that minor revisions may be appropriate and that statewide direction
and policy- setting processes needs to be significantly improved.
The Governor's Office has the authority, within existing statutes, to
revise or strengthen the role of the Governors' Automation Oversight
Committee or to establish another review board to better address
statewide directions and policies. This process could also include more
formal analysis, plans, oversight, and periodic briefings with the
Cabinet and budget offices.
It is agreed that an improved ( and more formal) statewide direction
and policy review process is needed, and a proposal is being developed
at this time. This will require additional resources. However, the
issue is one of effective leadership, rather than structure or statutes.
Atidit Recommendation 3
To advise the policy board and the CIO on the technical application of
statewide policies and standards, the Legislature should also consider
establishing a technical advisory council comprised of agency
technology experts. I f the existing CIO Council were to be used to fill
this role, its reporting structure and duties should be formally defined.
Response:
The Department agrees that more formal roles and duties should be
established for the CIO Council, which has informally functioned in a
statewide technical advisory role for several years. The Council's role,
mission, and membership have evolved over time, and this is
currently being reevaluated. However, it should be recognized that
additional resources will be required to develop and implement a
quality statewide planning and oversight function.
October 26, 1995 - 2 -
Department Of Adminis fration, Information Services Division
Response to the'
Auditor Generals' Performance Audit
I. Chief Information Officer
3. Establish Technical Advisory Board
Response ( Continued)
A formal charter for the CIO Council, with defined roles and
responsibilities, will be developed and implemented within three
months.
Audit Finding II.
Arizona Should Change Its Process For Funding Technology
Audit Recommendation 1
To improve coordination of major information technology projects,
the Legislature should consider requiring the State's CIO to:
Work in conjunction with JLBC staff and OSPB to define
specific criteria for evaluating state agencies ' strategic plans and
major technology projects to be reviewed and approved before
recommending appropriation of monies for such projects.
Provide JLBC staff and OSPB reviews and recommendations
regarding all appropriation requests for projects meeting the
predetermined criteria prior to these organizational budget
approval recommendations
Response:
The Department agrees, and the State CIO is actively developing a
process to address these issues.
Working with the OSPB and the JLBC, the State CIO ( and staff) are
developing a " Project and Information Technology Investment
Justification" process. These processes, standards, and procedures will
significantly improve agency and statewide analysis, planning, and
oversight.
The agencies will be required to assess the project or investments from
a business, financial, and technical perspective, and provide
October 26, 1995 - 3 -
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
II. Change Process For Funding Technology
1. Improve Coordination Of Major Projects
Response ( Continued)
measurement criteria. This will include life cycle cost information,
risk assessments, cost/ benefits analysis, periodic monitoring and
variance reporting, and it will accommodate multiple year projects.
Subject to the review and approval of both budget offices, with
additional resources ( which will be requested), a pilot project could be
introduced within three months.
Audit Recommendation 2
To streamline the funding and ensure continued justification for
major technology investments, the Legislature should consider
appropriating monies for such projects in phases.
Response:
The Department agrees, and the State CIO is actively developing a
process that will address this issue. However, the proposed process,
and related standards and procedures, will require additional resources
before it can be effectively deployed statewide. ( Refer to the above
response, 11. 1).
Audit Recommendation 3
The Legislature should consider adopting additional funding
mechanisms to enhance broader, more strategic application of
information technology, such as:
* Collective funding to facilitate central consideration of
statewide priorities for technology as well as application of
technology resources, and research and development that
benefits multiple agencies.
* Considering the long- term demands on the technology
resources and budgeting accordingly.
Setting aside monies for reinvestment in technology assets
based on calculated depreciation amounts.
October 26, 1995 - 4 -
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
II. Change Process For Funding Technology
2. Streamline Funding, Consider Appropriating In Phases ( Continued)
. Incentive funding that encourages measurable savings, cost
avoidance, and increased productivity through the
application of technology resources.
Response:
The Department agrees that the current funding mechanism for some
statewide and strategic information technology investments needs to
be revisited. This is a particular'concern in regard to multiple funding
sources and common infrastructure needs.
An important and complex issue, the Department will request
assistance from both budget offices to identify alternatives and
develop a recommendation. The State CIO will initiate discussions
with the budget offices within a few weeks and ( assuming consensus)
will implement new funding mechanism as soon as it is feasible.
Audit Finding III.
ISD Fails To Adapt To The Modern Computing Needs Of Its
Customers
The Department disagrees with this finding. ISD is a modern service
provider and has generally not failed to meet the needs of its customers. The
specific type of technology is secondary to how it is applied, with appropriate
management practices, to address customer- driven needs.
First, although we certainly can improve, we have not failed to meet our
customer's needs. We provide quality services at a competitive cost for many
agencies, such as AHCCCS, DOC, Water Resources, and dozens of other
agencies ( and have done so for many years). We provide connectivity to all
agencies, exchange data with the six major data centers and vendors daily,
directly support thousands of state employees, and we provide crucial
statewide systems and services in a highly reliable and cost effective manner.
October 26, 1995 - 5-
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
III. ISD And Needs Of Its Customers ( Continued)
Secondly, our services are modern, and we are continuing to move into new
areas. We have, for example, recently developed a state- of- art Local Area
Network that supports over seven- hundred employees.
Thirdly, meeting customer needs is not so much about a technology as it is to
responding to their needs in a cost effective and pragmatic matter. The
mainframe will continue to be a valuable, and cost effective, platform for
some applications for many years. Although the Department continues to
train staff and to acquire, and deploy, PC, LAN and client/ server- oriented
technologies, there are times when a mainframe solution is more
appropriate.
Audit Recommendation 1
ISD should reexamine services it currently provides based on
customer demand and economic viability. Services that fail to meet
these standards should be considered as candidates for outsourcing.
Response:
The Department agrees, and this is being actively addressed.
ISD, with new leadership and management, is currently in the process
of reexamining all of its service offerings. The audit discussion has
correctly identified many of the shortcomings with past management
practices, such as weak business planning and inadequate service
response to customer- driven needs. However, this issue is not so
much related to a specific type of technology, as it is to the need to
deploy professional management practices that are based upon
customer- driven needs.
This is an ongoing improvement process, but some positive results
have already been achieved. For example, several non value- added
activities have already been discontinued, new customer- driven
service offerings have been identified, action plans are being prepared,
and no new projects or investments will be incurred without a
business, financial, and technical assessment and plan.
In summary, the Department agrees with the statement that " to
establish itself as a competitive and reliable ' vendor', ISD must
reexamine its services and adopt better business planing methods"
October 26, 135
- - 6 -
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
III. ISD And Needs Of Its Customers
1. Need To Reexamine Services
Response ( Continued)
( per page 23). Several steps have already been taken, and more are
planned that will significantly improve customer services, and those
services that are not based upon a customer demand or are not
economically viable will be either discontinued or outsourced.
Audit Recommendation 2
ISD needs to position itsey to take greater advantage of emerging new
technologies by:
. Reducing ISD's dependency on mainframe revenues by
adopting rates based on the actual costs to provide services.
. Consolidating its decentralized customer service functions to
both improve current service quality and better respond to
the changing needs of ISD's customers.
Response
The Department agrees to some of the components of this
recommendation, and disagrees with others.
The Department agrees that value- added customer services need to be
improved, that fragmented service functions need to be consolidated,
and that emerging technologies need to be deployed to address
customer needs ( as appropriate). However, the Department disagrees
that this is a technology- driven issue, and disagrees that existing
mainframe operations or revenues are pertinent to this issue.
ISD's only focus should be to provide value- added, quality and cost
competitive customer services. If these value- added services require
new technologies, then new technologies will be deployed ( based upon
a business, financial and technology assessment). The priority is for
ISD to position itself to meet customer expectations, not necessarily a
set of technologies. The issue is not so much about improving
technology as it is about the need to improve customer responsiveness,
planning execution, and management effectiveness. As noted above,
ISD's new management team is making progress in these areas.
October 26, 1995 - 7-
Department Of Administration, Information Services Division
Response to the
Auditor Generals' Performance Audit
III. ISD And Needs Of Its Customers
2. Take Advantage Of Emerging Technologies
Response ( Continued)
Mainframe operations and revenues are unrelated to providing
improved customer services to agencies on a fee- for- service basis. This
is a different sub- program. The Department disagrees with this
recommendation as these revenues allow for growth and the pursuit
of new technologies.
It is agreed that various customer support functions have been
fragmented and poorly coordinated in the past. Several of these
functions have now been consolidated and, with new managers, are
better coordinating resources and customer services.
Audit Recommendation 3
ISD needs to develop a strong business planning approach in designing
new services. ISD should examine economic viability and customer
preferences before it undertakes any new project.
Response:
The Department agrees with this recommendation.
In the past, there has been a weakness in business planning, customer
responsiveness, and some management practices. It is recognized that
significant improvements are required, and this a priority.
ISD is under new management that are well qualified, and committed,
to making the needed changes. Some corrective steps have already
been made, and others are in progress or planned. For example, ISD
has now adopted a policy that requires a business planning approach
( and assessment) prior to any new investment or project, a formal
planning activity has been initiated ( that is customer based), and
professional management practices are being introduced. This is a
departure from the past practice of investing in technology products
with no clearly defined user- driven business objectives.
In summary, the Department strongly agrees that a strong business
planning approach is needed ( with other improved management
practices), and that this is a priority.
October 26, 1995 - 8 -
