RD416 - Review of Information Technology Services in Virginia: Final Report


    Executive Summary:
    Senate Joint Resolution 129 and Item 29 #1c of the Appropriation Act from 2008 directed JLARC to examine services provided to State agencies by the Virginia Information Technologies Agency (VITA). Some of these services are provided through a contract with Northrop Grumman (NG).

    The transformation to NG's management of information technology (IT) services for the Commonwealth was not completed by the contract deadline of July 2009 and may still be incomplete by the new deadline of July 2010. NG's proposed amendments to the contract would increase its payments by $32 to $42 million above the $236 million cap.

    Meanwhile, State agencies continue to identify problems with IT services. Procurement delays and markups have impacted agency operations, and centralization of procurement appears not to have met all of its goals. Development of new enterprise applications has been delayed but is needed to replace the State's aging systems.

    VITA has not fulfilled key planning and oversight duties, and VITA's rates need to be revised.

    To resolve these and other issues, including the need for better IT planning and oversight, governance changes are needed which require the creation of a new IT agency.

    Recommendations:

    1. VITA should discontinue the use of Northrop Grumman for Procure-to-Pay orders, and then develop a formal policy that supports fulfillment of these orders either by VITA or by State agencies. As part of this policy, VITA should consider expanding the consumables list, and increase IT procurement training for State agencies as needed. VITA should also increase its use of eVA data to conduct post-procurement reviews of State agency orders as necessary

    2. VITA should develop a formal policy concerning the use of third party vendors for custom IT solutions (Request For Services). As a part of this policy, VITA should develop a formal, documented process for reviewing agencies’ requests to use third party vendors that includes analysis of the financial impact to the requesting agency and the Commonwealth, compliance with specific requirements of the Comprehensive Infrastructure Agreement, and conformity to specific State IT policies, standards, and guidelines. This analysis should be subject to external review by the Secretary of Technology

    3. VITA should analyze and approve all IT procurements subject to its review unless VITA has delegated procurement authority to an agency or exempted a good or service from review

    4. VITA should finalize, in conjunction with customer agencies, an enforceable MOU with defined service levels for procurements

    5. VITA should develop a plan for modernizing enterprise applications. The plan should include (a) goals & objectives, including benefits to the State; (b) the overall approach, including current & anticipated projects, data standardization efforts, research activities, funding models, and partnership models; (c) plans for coordinating projects & data standardization efforts and managing their dependencies (integration, communication, budget, schedule, resource, & risk management plans); and (d) a structure for managing, operating & maintaining new systems & data resources delivered through modernization

    6. The Virginia General Assembly may wish to consider establishing a Department of Technology Management, headed by a director appointed by the Governor, with responsibility for (1) setting State IT standards, policies, and guidelines; (2) providing external review of VITA’s procurements; and (3) conducting IT strategic planning for State government including development of the Recommended Technology Investment Projects report

    7. The General Assembly may wish to consider establishing infrastructure services and enterprise applications divisions within VITA and establishing deputy CIO positions, to be appointed by the CIO, with responsibility for managing each division

    8. The General Assembly may wish to consider expressly defining the statutory responsibilities of the Secretary of Technology to include coordinating the work of the Department of Technology Management and VITA; resolving any conflicts between the two IT agencies; developing a biennial Commonwealth IT strategic plan; having temporary responsibility for approval of all major IT contracts, projects, and budget requests; and conducting technology-related economic development

    9. The General Assembly may wish to consider establishing an Information Technology Investment Council chaired by the chief of staff and including each cabinet secretary, the directors of House Appropriations and Senate Finance staffs, and private sector experts, with responsibility to (1) develop and approve a plan for the oversight and management of applications by October 2010; (2) approve the development, maintenance, and replacement of applications; and (3) approve the Recommended Technology Investment Projects report

    10. The General Assembly may wish to consider establishing a Council on Technology Services (COTS) consisting of the directors of each central agency and at least one agency in each secretariat; the director of one independent agency; representatives of the Supreme Court, two local governments, and two public institutions of higher education; the director of the Division of Legislative Automated Systems; and private sector experts. The Council would (1) advise the Director of the Department of Technology Management on technology standards and policies, and the Recommended Technology Investment Projects report; and (2) advise the CIO on infrastructure and application services provided by VITA

    11. VITA should develop an annual IT plan assessing (a) the current condition of IT in the State, (b) factors impacting State IT, (c) the desired condition of State IT based on goals set forth by the Governor, the Council on Virginia Performs, & the Commonwealth Strategic Plan for IT, and (d) changes & investments needed to achieve the desired condition, including identification of the State’s most critical IT needs in the near- & long-term. This plan should incorporate information submitted by agencies in each of these categories as part of their annual IT strategic plans & evaluation of the State’s enterprise architecture. The plan should be submitted to the Governor and the General Assembly

    12. The Recommended Technology Investment Projects report should be revised to clearly indicate how project prioritizations were determined, including scores for each project & the objective criteria & point system used to arrive at those scores

    13. The Project Management Division should design electronic reports in its project portfolio that can be used to analyze project performance, including trends in cost, schedule, & scope change in completed & ongoing projects. Performance trend reports should be used by PMD to manage portfolio & regularly be made available to the Governor, General Assembly, JLARC, and Auditor of Public Accounts

    14. The General Assembly may wish to consider amending the statutory definition of a major IT project, as defined under § 2.2-2006 of the Code of Virginia, to conform to VITA’s new project oversight assessment methodology

    15. The General Assembly may wish to consider repealing §§ 2.2-2018 - 2.2-2019 of the Code of Virginia, which defines a specific project approval process

    16. The General Assembly may wish to consider amending the Code of Virginia to assign the CIO direct responsibility for the security of the State’s centralized IT infrastructure, and require the CIO to work in partnership with agencies to ensure overall security of IT systems and data, including both infrastructure and applications