Commonwealth of Massachusetts

 

Enterprise IT Strategy

 

 

 

FINAL REPORT

February 2003

IT logo



 

 

COMMONWEALTH OF MASSACHUSETTS

ENTERPRISE IT STRATEGY

 

Final Report

 

I.     Executive Summary ................................................................................................. 1

A.   Introduction. 3

B.   Approach. 6

C.  Key Observations and Recommendations. 8

1.   Governance  8

2.   IT Strategy  10

3.   Architecture and Standards  11

4.   IT Infrastructure  12

5.   Partnerships  13

D.  Implementation. 14

E.   Moving Forward:  The Enterprise IT Strategy is Just the Beginning. 15

II.   Introduction ............................................................................................................ 17

A.   Overview.. 19

B.   Background and Purpose. 20

C.  An Enterprise Perspective. 23

D.  Developing an Enterprise IT Strategy:  Why Now?. 24

E.   Asking the Right Questions. 25

F.   Guiding Principles. 26

III. “As Is” Assessment ................................................................................................. 29

A.   Approach. 31

B.   Governance: Guiding the Enterprise Forward. 33

1.   Current Governance Environment 34

2.   Key Observations  36

3.   Commission Considerations  42

C.  IT Strategy:   Setting the Direction for the Enterprise. 43

1.   Current Enterprise IT Strategy Environment 43

2.   Key Observations  43

3.   Commission Considerations  50

D.  Enterprise Architecture and Standards: Building the IT Foundation. 51

1.   Current Enterprise Architectural Environment 51

2.   Key Assessment and Observations  52

3.   Commission Considerations  54

E.   Enterprise Infrastructure:  Leveraging Common IT Resources. 55

1.   General Infrastructure  56

2.   Applications  58

3.   Data Center 65

4.   Key Observations  67

5.   Networks  71

6.   Commission Considerations  77

F.   Security (Omitted) 79

G.  Partnerships: Promoting Digital Readiness and Economic Development 80

1.   Overview   80

2.   Addressing “Digital Readiness”  80

3.   Promoting Economic Development 82

4.   Forming Strategic Alliances for the Delivery of Enterprise IT Services  84

5.   Commission Considerations  85

IV. Commission Recommendations ....................................................................... 87

A.   Introduction. 89

B.   Governance. 91

C.  IT Strategy. 113

D.  Architecture & Standards. 123

E.   IT Infrastructure. 131

F.   Security (Omitted) 147

G.  Partnerships. 149

V. Implementation Roadmap ............................................................................... 165

A.   Introduction. 167

B.   Prioritization of Recommendations. 169

C.  Multi-Generational Plan. 171

VI. Appendices ............................................................................................................... 173

A.   Charter. 175

B.   List of Interviewees. 179

C.  IT Commission Meeting Schedule. 183

D.  Data Center – Detailed Analysis. 185


 

 

Back to Top

Executive Summary



A.

    
Introduction

Enterprise IT: Raising the Bar in Massachusetts

Information Technology (IT) has become a powerful tool for almost everything we want to accomplish in government. IT’s utility, and how we manage it, can dramatically impact the efficiency, effectiveness, and citizen-centric focus of government services and programs.  Getting IT right is becoming more critical than ever for governments in meeting the demands of citizens, businesses, and employees who are expecting the same high level of service they are receiving in the private sector.   IT impacts directly on the future economic competitiveness of the Commonwealth.    

With the current budget crisis facing state governments, fewer funds are available and new accountability standards demand a clear economic payoff from any IT investment.   Financial uncertainty is coupled with a rapidly changing technology environment, requiring new thinking and innovative approaches.   An effective enterprise IT strategy requires the cooperation and collaboration of government business and IT leaders across government boundaries.

For Massachusetts to “raise the bar” in the delivery of government services, it must aggressively pursue reforming the way it governs, manages, and leverages the IT enterprise throughout the Commonwealth.  Citizens view the Commonwealth as “one government,” not a collection of agencies, departments, and authorities.  Creating that “single view of government,” with a seamless service interface, will come about only when IT-based reforms are implemented and can impact how government conducts it business.

Information Technology Commission:  Meeting the Enterprise Challenge

The IT Commission was established in response to Section 6 of IT Bond III,[1] which directed, “…a special commission to recommend an enterprise-wide strategy, including all 3 branches of government and the constitutional offices, for the commonwealth’s information technology infrastructure, system development and governance.”

 IT Commission members were appointed from among positions of leadership in both the public and private sectors.[2]  They viewed this legislation as a “Call to Action,” and experienced a sense of urgency in completing this report, which members regard as the beginning of a journey for the Commonwealth, rather than the completion of a task.  After the election of Governor Romney in November 2002, IT Commission co-chairs met with the transition team to discuss the Commission’s charter and membership.  The transition team endorsed both, and welcomed the Commission’s findings and recommendations as inputs to the transition team’s work.     

Commission members understand the high degree to which state government depends on technology for meeting its operational needs and achieving its policy objectives. The Commission recognizes that one of the Commonwealth’s primary challenges is to employ technology not only to deliver existing services faster and cheaper, but also to create new enterprise services and new roles for government that enhance social progress and foster prosperity.  This task is especially challenging, given the continuing escalation in the development of technology and the fact that government operates in an environment of constant economic, political, and social change.  Without an understanding of the changing political environment, and an insight into the direction technology is moving, wrong and wasteful investment decisions will be made.  Improving the effectiveness of IT investment is at the heart of what the Commission is seeking to address through enterprise IT reform in the Commonwealth. 

At the same time, it is important to note that IT is only the “enabler to change.”   Commission members were vocal about the need to avoid automating inefficient business processes.  Members knew instinctively that, “The two most common complaints in and about the public sector IT community are…the charge that money and technology are being thrown at fundamentally broken processes, and the complaint about the imposition on public organizations of foreign processes that have been automated around the structure and operational needs of private sector corporations.”[3]  Responsive, innovative, cost efficient, and customer-centric government will result only when agencies examine existing business processes, and re-engineer these processes, as necessary, to create value for the end-user. 

Massachusetts is at the forefront of state efforts nationally to develop an enterprise IT framework that spans all branches and levels of government.  The present day context for implementing this enterprise approach is as compelling as it is challenging.   This report addresses a number of opportunities to reshape and improve IT resources, practices, and potential in the Commonwealth, and discusses several of the key change drivers and challenges affecting its current business environment, specifically:

a)      the increased challenges and expectations by constituents for e-government services,

b)      the heightened emphasis surrounding homeland security post-September 11th,

c)      the current economic crisis, and

d)      the transition in political leadership.

Today, these change drivers are converging, offering unparalleled opportunity to strategically position the Commonwealth to address the overall management and delivery of IT services.

Enterprise Vision:   The Time is Now

The Commission’s enterprise vision for the Commonwealth is about more than just technology; it encompasses strategic direction, organization/people, technology, and processes.   Leadership is crucial in this complex environment.  The IT Commission adopted the following statement as representative of members’ views on the appropriate scope of the enterprise, and the necessity to work to transcend existing governmental barriers:

“Opportunities for taxpayer savings, expanded public services, and improved efficiency in the public sector, through IT reform, require us to go beyond traditional boundaries.   Enterprise IT reform in Massachusetts, to the extent appropriate, should encompass all three branches of state government, state agencies, state authorities, cities and towns, and the Commonwealth’s university and research community.”[4]

While no single individual has the ultimate authority for enterprise performance, the opportunity to hold the enterprise accountable for results rests most squarely with the Governor, who should lead the outreach efforts to the Legislature, the Judiciary, constitutional offices, the higher education community, and local governments in Massachusetts.

In the first meeting of the IT Commission, Peter Quinn, the Chief Information Officer (CIO) for the Commonwealth of Massachusetts, described the timing of this legislatively mandated Enterprise IT Strategy initiative as “the perfect storm” for addressing IT governance and management issues in Massachusetts.   As Mr. Quinn pointed out, the pending economic/budget crisis, the election of a new Administration, the need to expand e-government services, and the demand to address security concerns after September 11, 2001 are all converging, offering unparalleled opportunity to strategically position the Commonwealth to address the overall management and delivery of IT services.

The stage is set to build the business case for the Commonwealth to make bold and significant recommendations regarding an Enterprise IT Strategy for the Commonwealth.   The work of the IT Commission is not an end, but a beginning.


B.     Approach

The IT Commission engaged IBM Business Consulting Services (IBM) to provide a “high-level assessment of the Commonwealth of Massachusetts’ information technology infrastructure, systems development, and governance.”[5]  From these “as is” observations, the IBM team assisted the IT Commission in developing a high-level, strategic framework of recommendations, and a roadmap for implementing these recommendations.   In conducting the “As Is” Assessment, the IBM team interviewed more than 50 individuals representing all three branches of government,[6] including many representatives from Commonwealth agencies.

Additionally, the IBM team researched public and private sector best practices, utilizing information from leading market research firms (e.g., Gartner, Meta, IBM Endowment for the Business of Government), and industry organizations and periodicals (e.g., Center for Digital Government, IBM Institute for Business Value, National Association of State CIOs, IT Governance Institute, Information Systems Audit and Control Association, Massachusetts Technology Collaborative, Governing, Government Technology).   Members of the IT Commission, representing industry leaders such as AMS, Cisco Systems, DSD Labs, EDS, Harvard Pilgrim Health Care, Harvard University’s Kennedy School of Government, Sun Microsystems, and Verizon, participated actively by providing valuable insight into market trends, competitive landscape, and best practices in information technology governance and strategy.   As part of this engagement, the IBM team Web-enabled the Commonwealth’s existing application database, which was developed originally as a Y2K initiative, so agencies can update this information directly over the Internet.   

The IT Commission met six times from November 2002 through February 2003.[7]  IT Commission members’ recommendations were informed by IBM’s “as is” observations, by facilitated visioning sessions, and by volumes of best practice research.  The non-profit Center for Excellence in Government sponsored a daylong roundtable discussion with former government CIOs, to provide an opportunity for Commission members to dialogue directly with practitioners about governance structures and management practices that have worked successfully in state government environments, and about lessons learned.   These practitioners were unanimous in their praise of Massachusetts for the inclusive, enterprise IT framework being pursued by the Commonwealth, and for the active involvement of Commission members from all branches of government, as well as the private sector.  The Commission was diligent in looking beyond the performance of peer states, to leading industry practices in the private sector.   The Commission was mindful that all private sector best practices cannot be translated exactly into the public sector, largely because of dissimilarities in public sector organizational governance models.

The IT Commission adopted a set of values as guiding principles for developing its recommendations.   These values represent the Commission’s ideals for the future enterprise IT environment in Massachusetts.  As the Commonwealth moves forward in the development and deployment of an enterprise IT environment, the Commission recommends the continued adoption of these guiding principles as a framework within which to consider critical decisions affecting the Commonwealth’s future IT environment:

o       Single Face of Government;

o       Strategic Direction with a Common Vision;

o       Business Value;

o       Collaboration;

o       Pragmatism;

o       Discipline;

o       Agility;

o       Accountability;

o       Integrity;

o       Equity in Access;

o       Leveraging of What Works.


C.     Key Observations and Recommendations

The IBM team’s observations about the “as is” environment, and the IT Commission’s recommendations, are categorized into six areas:

o       Governance

o       IT Strategy

o       Architecture and Standards

o       IT Infrastructure

o       Partnerships

o       Security.

Due to the sensitive nature of the observations and recommendations related to Commonwealth security, this information has been removed from this report and published under separate cover.  These materials are not available for public distribution.

The following tables summarize the key observations and recommendations within each category, and present the Commission’s prioritization for each recommendation.   Members prioritized Commission recommendations according to two criteria:   criticality and implementation feasibility.  Using these criteria, members reached consensus on placing recommendations into one of four categories:

o       Pursue:             High criticality, high feasibility

o       Plan:                High criticality, low feasibility

o       Permit:             Low criticality, high feasibility

o       Postpone:         Low criticality, low feasibility 

(The prioritization process is described below, under “Implementation.”)  The rationale for each observation and recommendation is discussed in the body of the final report.

1.      Governance

The topic of governance permeated all IT Commission discussions.  IBM noted that the Commonwealth’s IT governance structure is “weak,” and many Commission recommendations are designed to broaden and strengthen IT governance and oversight.   These recommendations received the Commission’s highest prioritization for implementation.  The Commission is advocating for a federated approach to governing the enterprise, in recognition of the unique challenges posed by public sector jurisdictional barriers, both among branches and across levels of government.   The Commission recognizes that the Massachusetts Constitution limits the extent to which any branch of government or agency may exert control over, or set IT policy for, another branch of government.   Nevertheless, members believe that, consistent with the Constitution, considerable latitude exists for cooperation and coordination of IT services, practices, standards, and policies affecting all branches and levels of government within the Commonwealth.   The recommendations in this report concerning “enterprise-wide” IT are all subject to, and should not be implemented except in accordance with, these constitutional requirements.  Commission members hope that, to the extent, if any, that the Constitution may prohibit centralization of authority over enterprise-wide IT as envisioned by these recommendations, all branches of government will recognize the benefits of adopting the same practices, standards, and policies as recommended in this report, and that they voluntarily will work with each other to realize the goals of a secure and integrated IT environment as envisioned by this report.

 

 

Key Observations

 

 

§         IT governance structure is weak; CIO’s responsibilities extend beyond scope of authority.

§         No defined processes for enterprise IT oversight.

§         IT Bond Fund provides a focal point for strategic IT investments.

§         Legal framework, and funding and procurement mechanisms, do not work in concert to facilitate enterprise IT management.

 

 

Recommendations

Priority

G1

 

 

G2

 

 

G3

 

G4

 

G5

G6

 

G7

§         Elevate the role of the Office of the CIO for the Commonwealth, and expand its scope to better manage both IT policy and operations for the enterprise.

§         Establish an IT Advisory Board to support the Commonwealth CIO in setting enterprise policies and standards, and in providing oversight of major IT initiatives.

§         Establish formal reporting relationships between the Office of the CIO and agency CIOs.

§         Leverage “community of interest” concepts to deliver government services more effectively and efficiently.

§         Transform ITD to be a customer-centric central IT provider.

§         Enhance and refine fiduciary responsibility for IT funding and management within the Office of the CIO.

§         Adopt a “Total Cost of Ownership” approach and cost benefit analysis for the assessment, management, monitoring, and funding of major IT initiatives and processes across the enterprise.

Pursue

 

 

Pursue

 

 

Plan

 

Plan

 

Pursue

Pursue

 

Pursue

2.      IT Strategy

The Commonwealth would benefit greatly from an overall enterprise strategy for achieving the collective business objectives of its members.   An IT Strategy that is based on an overarching business strategy would help executive department agencies, constitutional offices, the Legislature and the judicial branch focus their energies and resources to improve value and cost-effective operations throughout government.   The Commission recognizes that the development of an enterprise business strategy appears to be outside the scope of an IT Commission or an IT Advisory Board.   However, such a strategy is essential to creating synergy and achieving alignment between the Commonwealth’s IT investments and its desired service outcomes for citizens and businesses.  The Commonwealth should devise a mechanism for agency leaders and IT leaders to partner together to develop an enterprise strategy that guides IT investments.  When successful, the resulting benefits to both communities will be mutual and exponential.

 

 

Key Observations

 

 

§         Commonwealth lacks a common enterprise vision for the business of government.

 

§         Cohesive enterprise IT strategy for achieving business objectives does not exist.

 

§         New and emerging technologies are being explored in an ad hoc manner.

 

§         24/7 government placing new pressures on old business processes.

 

§         Priorities, resource allocation, and trade-offs are being made in isolation.

 

§         Long-term planning incomplete for supporting rollout of enterprise initiatives.

 

§         Enterprise IT investment not being managed as a portfolio.

 

 

 

Recommendations

Priority

S1

 

S2

 

 

 

S3

 

S4

 

S5

 

 

S6

 

 

 

S7

§         Define the enterprise, articulate an enterprise vision, and create an enterprise strategic business plan.

§         Establish a formal process for creating and updating the enterprise IT strategic plan for managing and expanding information technology in the Commonwealth, in alignment with the business strategy.

§         Develop a comprehensive IT infrastructure plan for the enterprise.

 

§         Align the Commonwealth’s legal framework with enterprise strategy and IT plan, within Constitutional guidelines.

 

 

§         Align monies from the IT Bond with objectives set out in the enterprise strategic plan.

 

 

 

 

 

§         Establish and monitor enterprise service and performance metrics, using a balanced scorecard approach, to measure performance in order to drive accountability and ownership for enterprise success.

 

 

§         Drive change within the enterprise by taking a business process reengineering approach and leveraging IT for delivery improvements.

 

Pursue

 

Plan

 

 

 

Plan

 

Pursue

 

Pursue

 

 

Pursue

 

 

 

Pursue

3.      Architecture and Standards

Development of enterprise architecture standards is a critical, first step in changing the way technology is selected and deployed in the Commonwealth. A properly applied architecture methodology rationalizes IT investments, reduces risk, finds best ways to extend IT, and promotes flexibility and interoperability.   An enterprise architecture simplifies decision-making and, when supported by a strong governance process, ensures that individual business goals, as well as the Commonwealth’s enterprise goals, are met.

 

 

Key Observations

 

 

§         Enterprise architecture is not achieving its maximum benefit.

§         Need to establish a focal point to better set and communicate architecture and standards.

 

§         Confusion exists among users about enterprise standards.

 

§         Insufficient resources are allocated to defining and advancing enterprise standards.

 

§         Architecture and standards are not aligned to adequately support the needs of the business of government.

 

 

 

Recommendations

Priority

A1

A2

 

A3

 

A4

 

 

A5

§         Establish the position of Chief Technology Officer.

 

 

§         Update the existing architecture within an established framework.

 

 

§         Establish a governance process that obtains input from across the enterprise in establishing architecture standards.

 

 

§         Define objectives, incentives, and accountabilities that result in integration, implementation, and execution of common processes across “communities of interest”.

 

 

§         Leverage ownership of existing application assets by establishing an “open source” program within the Commonwealth.

 

 

Pursue

Permit

 

Pursue

 

Plan

 

 

Plan

4.      IT Infrastructure

Over time, as independent agencies have sought to meet their own infrastructure support needs, they have designed and built networks, data centers, and application suites.   This fragmentation and duplication has driven the cost of infrastructure support higher than it need be, and has increased the barriers to common operations among Commonwealth offices.  The Commonwealth should plan to consolidate its IT infrastructure to reduce costs, improve service levels, and increase operational flexibility across the enterprise.  The Commission recommends that the Commonwealth evaluate each aspect of its IT infrastructure carefully, to determine whether it is best delivered centrally or through individual business units.   An enterprise infrastructure approach need not be an “all or nothing” approach.   Properly implemented, shared infrastructure encourages collaboration, reuse of intellectual capital, and implementation of best practices across the enterprise.   These benefits, in turn, can help increase innovation, raise quality levels, and reduce cycle time.  Most importantly, shared infrastructure can help businesses control costs.  IT expenses – which were previously scattered and hidden in pockets throughout the organization – now become more visible and easier to manage, allowing the allocation of increasingly scarce resources to the highest priorities.

 

 

Key Observations

 

 

§         Infrastructure (networks/data centers) is fragmented and duplicative.

 

§         Insufficient resource allocation to disaster recovery and business continuity planning.

 

§         Management practices and operational procedures are inconsistent.

 

§         No agreement on ITD’s role in managing the enterprise infrastructure.

 

§         Infrastructure growth is not guided by a comprehensive enterprise plan that is tied to a business strategy.

 

§         Emerging centers of excellence are not being leveraged effectively.

 

§         Use of service level agreements and performance metrics is not institutionalized.

 

§         Ongoing maintenance and replacement requirements are not well funded; compete with new initiatives for funding.

 

 

 

Recommendations

Priority

I1

 

 

 

I2

 

I3

 

 

 

I4

I5

 

 

I6

§         Undertake consolidation and modernization of the IT infrastructure, in line with the strategic objectives and supported by an analysis of total cost vs. expected benefits.

 

 

 

 

§         Establish quality assurance and quality management practices.

 

 

§         Coordinate and prioritize business continuity planning of operations centrally, including both shared IT infrastructure and an enterprise approach to individual agency business applications.

 

 

§         Manage applications as a portfolio across the enterprise.

 

 

 

§         Establish central management of IT assets within the Commonwealth and establish plans to refresh technology and update skills.

 

§         Enhance ITD to provide common infrastructure and shared services for all agencies, and offering these and other services to the judicial and legislative branches of government.

 

Plan

 

 

 

Pursue

 

Pursue

 

 

 

Plan

Pursue

 

 

Pursue

5.      Partnerships

A smart and aggressive enterprise IT strategy moves beyond improving state agency operations to significantly influencing the future deployment of advanced, competitive communications services, and the proliferation of Internet-based applications, throughout the Commonwealth.  State government and taxpayers have a vital interest in the aggressive deployment of IT and Internet services that will address the State’s most difficult economic, social, and fiscal challenges.   To meet these challenges, the IT Commission recommends forming innovative partnerships with governments at the federal and local levels, and leveraging the private sector as an important way to extend and enhance cooperation and digital government services throughout the Commonwealth.

Technology will influence the way future government entities are organized, managed, and operated.   The Commonwealth can use enabling technology to become more entrepreneurial in its management, policy-making, service delivery, and willingness to partner with other governments and the private sector.   A more flexible and responsive Commonwealth government can use technology from an enterprise perspective to promote creativity, innovation, decentralized decision-making, and the elimination of fragmented and inefficient activities.

The effective and efficient use of information is a key success factor for Massachusetts in the new enterprise environment.  It involves processes and mechanisms for collecting, archiving, researching/retrieving, and sharing information across a myriad of public and private partners. 

 

 

Key Observations

 

 

§         Even with successes such as Berkshire Connect, access to high-speed connectivity in all regions of the Commonwealth remains a challenge.

§         MassConnect is a positive step forward in coordinating public and private resources towards economic development from an enterprise perspective.

§         Massachusetts has developed a comprehensive strategic framework for long-term economic prosperity that can serve as a national model.

§         To present a single face of government, the Commonwealth’s definition of enterprise must extend to include cities and towns.

§         Current legal framework and existing culture is a barrier to private sector partnerships.

 

 

Recommendations

Priority

P1

 

 

P2

 

 

P3

 

 

P4

§         Foster public-public (i.e., federal, local, cross-jurisdictional) and public-private partnerships to provide a seamless service interface in Massachusetts.

§         Strengthen partnerships to expand infrastructure, creating more ubiquitous access to technology throughout the Commonwealth.

§         Maximize investments to serve the needs of all levels of government, particularly cities and towns, by leveraging partnerships and common, standard solutions.

§         Maximize private sector expertise and service to efficiently and effectively deliver government services.

Plan

 

 

Plan

 

 

Plan

 

 

Pursue

D.    Implementation

Throughout its deliberations, the Commission’s objective was to develop practical, achievable recommendations to create and sustain enterprise IT management and transformational business change for the Commonwealth. 

As a final step, members prioritized Commission recommendations according to two criteria:   criticality and implementation feasibility.  Using these criteria, members reached consensus on placing recommendations into one of four categories:   Pursue, Plan, Permit, or Postpone.  (These categories are defined at the beginning of Section C, Key Observations and Recommendations.)  The results of this prioritization exercise are reflected in the categorized tables above.

The Commission is cognizant of the Commonwealth’s severe fiscal environment.  However, members believe strongly in the need to take bold steps immediately to preserve and increase the return to the Commonwealth from its investment in IT.  The current budget crisis may serve as a needed catalyst for change.

IBM facilitated a discussion with Commission members about using multi-generational planning as a tool for breaking down complex change into manageable steps.   The recommended phasing of action steps that implement Commission recommendations is presented in Chapter V of the Final Report.

The Commission notes that the new Office of the CIO will need additional resources, or time to reallocate among existing resources, to achieve the organizational readiness necessary to achieve its full potential, and to manage its new responsibilities effectively.

E.     Moving Forward:   The Enterprise IT Strategy is Just the Beginning

 

The time is now for government and private sector leaders in the Commonwealth to start the arduous task of taking the “as is” observations, best practices, and recommendations in this report and moving them forward.   Through careful review and public debate, the recommendations set forth in this report can serve as a catalyst to bring about better management of government through the effective and efficient use of technology.  Although it was beyond the scope of the IT Commission’s work to quantify the financial return to the Commonwealth from implementing these recommendations, Commission members are convinced that the Commonwealth will realize substantial productivity improvements and financial benefits from the consolidation, leveraging, and economies of scale that result from implementing an enterprise approach to IT management.

No one wants a report that gathers dust on the shelf.  The enterprise IT strategy advocated in this report provides a solid foundation and an action agenda for the Commonwealth to meet the impending challenges of operating government in a digital world.   Continued leadership, far-sighted vision, coordinated planning, and aggressive implementation are necessary if this collaborative effort is to improve and enhance the operations and services of government.  The assessment and strategic framework phase has come to a successful conclusion.  The momentum is in place to implement effective change throughout the enterprise.  The challenging but rewarding work of implementing these recommendations to create and sustain enterprise IT management and transformational business change for the Commonwealth now begins.


 


Back to Top

Introduction



A.

    
Overview

Undeniably, technology has changed the face of the world.   Perhaps most significantly, technology has dramatically accelerated the rate at which change occurs.  Today, change happens faster than ever before in the course of human history – to the point where revolutionary change and evolutionary change are almost indiscernible.  This unprecedented rapidity in the rate of change poses major challenges to government, business, and individual alike.

In Massachusetts, fast-paced change brought about by technology touches each and every citizen, business, and employee of the Commonwealth.  Indeed, one of the biggest issues facing the business of government in Massachusetts today is how to better understand and meet the evolving needs of its customers: businesses, agencies, staff, and the general public.  In its sweeping effects on society as we know it, technology has come to be one of the key enablers of business and government to provide product and service.

Information Technology (IT) plays a critical role in meeting the new demands placed upon modern government: services that are better, faster, cheaper, safer, and more available to greater numbers of people.  Massachusetts’s customers – those who demand information from and transact business with the Commonwealth – have developed extremely high expectations around government’s ability to effectively harness technology to render better service.  No doubt these expectations have been shaped in large part by recent e-commerce trends in the private sector.

IT plays a critical role in how business is accomplished in non-citizen facing systems that support e-government processes.  A very large portion of the Commonwealth’s citizens may not need to access information or transact business on a portal, but they depend on a wide variety of services covering health, safety, and education. Yet, every one of these services depends on technology to various degrees. In this broader view, e-government must extend far beyond the portal to reap benefits of electronic government transformation.  And the information requirements for integrity, availability, and security extend to all systems, citizen-facing as well as “back office” support functions.

Massachusetts requires a unilateral approach to governing and managing its information technology to effectively maintain its e-government portal efforts as well as to meet the growing needs of its customers while moving to the next stage of        e-government transformation.   Information Technology infrastructures and management practices that cannot reach across the government’s various branches and agencies are destined to enjoy only limited success in being able to satisfy customers.  Customers must be able to experience government in the Commonwealth as a single seamless entity, not merely as an aggregation of numerous independent agencies.   To this end, Massachusetts must embrace an enterprise-wide approach in the utilization of technology to deliver information and service that is cross-functional, collaborative, and without boundaries.

The Massachusetts Legislature recognized the benefits of an enterprise approach by directing a new special commission as part of IT Bond III, which was approved on June 26, 2002.   The purpose of the IT Commission is to, “…recommend an enterprise-wide strategy, including all 3 branches of government and the constitutional offices, for the commonwealth’s information technology infrastructure, system development and governance.” [8]

IT Commission members were appointed from among positions of leadership in both the public and private sectors.[9]  After the election of Governor Romney in November 2002, IT Commission co-chairs met with the transition team to discuss the Commission’s charter and membership.  The transition team endorsed the initiative, and welcomed the Commission’s findings and recommendations as inputs to the transition team’s work.

B.     Background and Purpose

The present day context of implementing an enterprise-wide approach to information technology is as compelling as it is challenging.  This report will address a number of the opportunities before the Commonwealth to reshape and improve its IT resources, practices, and potential; however, it is first important to acknowledge several of the key change drivers and challenges in the current business environment, specifically:

a)      the increased challenges and expectations by constituents for e-government services,

b)      the heightened emphasis surrounding homeland security post-September 11th,

c)      the current economic condition, and

d)      the present-day political climate.

While these four factors create a context that is already saturated with change, they also present forceful evidence as to why Massachusetts will require an enterprise framework to meet the changing climate and the new expectations for government.

The first significant factor is the increased challenges and expectations for the Commonwealth to expand current e-government services. While the Commonwealth has made significant progress in e-government through the Mass.Gov initiative, the Commonwealth will continue to face more demanding performance expectations from the public with businesses, citizens, and employees, and new business processes and procedures—all necessitating fast-paced and unsettling transformations.

E-government is the evolution of the technology from mainframe processing to a complex infrastructure of networked computing and communications. From an operational perspective, e-government applications hold the promise to replace the   8-to-5, over-the-counter, employee-intensive, clerical-oriented tasks with 24 hours a day, seven days a week (24 x 7), self-service operations featuring access to information and services, anytime and anywhere. As a result, the service benefits and operating economies made possible by e-government also require significant up-front monetary investments and cultural changes within government. Emerging technologies must be employed; more stringent security and reliability requirements must be met; old business models and processes must be redefined; and one-time investment and ongoing operating funds must be obtained and coordinated. Outmoded laws must be revamped and organizations must be restructured.

The aggregating of similar e-government transactions, supporting the full spectrum of e-government (citizen facing and back office transactions), from all agencies through common technical resources spreads the fixed costs of this infrastructure over high volumes to reduce unit costs. In addition, reusable technical components can be used in e-government applications to reduce redundancy and increase reliability of processing. An enterprise IT approach will be a requirement for the Commonwealth to keep pace with the e-government demands of the future.

The second factor in considering both the challenges and benefits of an enterprise IT approach is the elevated awareness around national and homeland security in the post September 11th world.  Political and economic factors such as changing administrations and budgeting problems are all set against the backdrop of this larger national issue – one which, with President Bush’s signing of the “Homeland Security Act of 2002”, has moved beyond mere national awareness to become a significant legislative factor.  All fifty states, along with their agencies, businesses, and individual citizens, are being called upon to think about and address how to better protect themselves from threats of all sorts.   Clearly, the availability of accurate, secure, reliable information and the ability to share that information quickly, unilaterally, and seamlessly across myriad dimensions of government, business, and the public are critical success factors in fulfilling the vision of homeland security in this country.  This complexity becomes a compelling case for the Commonwealth to aggressively move towards an enterprise IT approach – one that proactively promotes the aggregation and dissemination of first-rate information across numerous agency boundaries.  Furthermore, the specific threat of cyberterrorism is one of the vulnerabilities receiving particular focus in the homeland security effort.   Massachusetts needs an enterprise approach to protect itself and its IT assets from this specific threat.

The current economic situation in Massachusetts represents a third factor of considerable importance to the enterprise IT strategy effort.   With the Commonwealth facing a substantial budget shortfall, the year ahead promises a number of difficult decisions, particularly in the area of funding cuts, which make it harder for the Legislature to consider major strategic initiatives.  Still, increased pressures to cut costs and grow revenue in and around the Commonwealth present a key opportunity and sound business case for an enterprise IT framework in Massachusetts.  A framework is required for agencies to plan, acquire, develop, implement, use, and measure the operational value of technology to support agency missions and objectives with integrity, security, and availability of IT systems and information.   Also, a framework that promotes leveraged buying power, reduction of overlapping costs, and elimination of duplicate, non-value-added efforts poses great promise in an environment of growing financial pressure.

The fourth change consideration is one that has received considerable attention in recent months: the election of a new Governor and the imminent changes in the executive administration.   While the executive branch has not changed political party, the transition to the new administration of Governor Romney is a significant component of the current change environment in Massachusetts state government.  The work and recommendations of the IT Commission will undoubtedly be one of a host of issues vying for consideration on the Governor’s new agenda.  If the IT Commission is able to make recommendations around the adoption of an enterprise IT framework, which not only complement but enhance other critical initiatives on the Governor’s agenda, they create an enormous win potential for both the Commonwealth’s government and its constituents.

Economic pressures, changing political leadership, increasing expectations of government, and the need for heightened security all combine to create a challenging environment, defined by change. Still, these very same factors reinforce the need for an enterprise approach to managing IT in the Commonwealth.  The implementation of an enterprise IT framework offers an effective response to the Commonwealth’s needs in each of these areas, and has the potential to be the key enabler of the next generation of government services.


C.     An Enterprise Perspective

Information Technology (IT) has become a powerful tool for almost everything we want to accomplish in government.  How we maximize its utility, and manage it, can dramatically impact the efficiency, effectiveness, and citizen-centric focus of government services and programs.  Getting IT right is becoming more critical than ever for governments in meeting the demands of citizens, businesses, and employees who are expecting the same high level of service they are receiving in the private sector.

Text Box: In a recent article, Dr. Jerry Mechling, Professor at Harvard University’s Kennedy School of Government (and a member of the Massachusetts IT Commission), highlights that IT-based ways of working have recently become:
·	The best way for cost-cutting, with networked delivered self-service cutting 90% and more of the unit costs of many commercial and government offerings.
·	The best means for service improvement with 24/7 accessibility, integration, and customization that changes public expectations and standards.
·	A key tool for management improvement, with better information for decisions, better controls over fraud and abuse, and greater capacity for innovation and program evaluation.
·	A key tool for improving transparency and accountability, especially for large and often mistrusted institutions, public and private.
·	A key tool for economic development, as jobs can move to any place with good access to the global information infrastructure.
·	A key tool for security against terrorism and other threats, offering capabilities for homeland security and cyber security as well as military defense.

Source:  Jerry Mechling, “Why the Administration’s Success Depends on How We Manage Information Technology”, Draft Memo to the Governor’s Transition Team, 6 Nov 2002.
For Massachusetts to “raise the bar” in the delivery of government services, it must aggressively pursue reforming the way it governs, manages, and leverages the IT enterprise throughout the Commonwealth.  Citizens view the Commonwealth as “one government” not a collection of agencies, departments and authorities.   Creating that “single view of government” will come about only when IT-based reforms are implemented and can impact how government conducts it business.

At the same time, it is important to note that IT is only the “enabler to change.”   Responsive, innovative, cost efficient, and customer-centric government will result only when we examine existing processes.   The potential for technologies to dramatically change business practices is great.  Technology advances may either prompt an examination of business processes by enabling a new way to accomplish a task (such as the introduction of the fax machine or e-mail).   Or technology may be applied to an existing process, such as Web self-service.   In either case, technology remains only the enabler to re-engineer processes that create value for the end-user.


D.    Developing an Enterprise IT Strategy:  Why Now?

In the first meeting of the IT Commission, Peter Quinn, the newly arrived Chief Information Officer (CIO) for the Commonwealth of Massachusetts, described the timing of this legislatively mandated Enterprise IT Strategy initiative as “the perfect storm” for addressing IT governance and management issues in Massachusetts.   As Mr. Quinn pointed out, the pending economic/budget crisis, the election of a new administration, the need to expand e-government services, and the demand to address security concerns after September 11, 2001 are all converging, offering unparalleled opportunity to strategically position the Commonwealth to address the overall management and delivery of IT services.

Consider these factors:

o       Massachusetts is facing a budget deficit of $2 billion dollars.[10]

o       The Legislature approved IT Bond III in June 2002, which included $300M for IT investments and established an IT Commission to develop an enterprise strategy for the Commonwealth’s IT infrastructure, system development, and governance. 

o       The new Romney Administration will be looking at ways to consolidate government services, implement cost saving initiatives, and improve government delivery of services.

o       Peter Quinn, the CIO for the Commonwealth, has recently been tapped by the Romney Administration to continue leading IT policy and operations.

o       Mass.Gov has been tremendously successful in gaining momentum for          e-government services and in transforming constituent interaction with Commonwealth agencies while at the same time raising constituent expectations of government.

o       Post-September 11th security initiatives are underway throughout the Commonwealth, and need to be coordinated to maximize their overall effectiveness.

o       For the third year running, identity theft has been the most frequently cited reason why individuals contact consumer protection authorities.[11]  Within the Commonwealth, there is awareness that privacy, security, and the ethical and responsible use of IT are key issues.

The simultaneous impacts of these factors help set the stage and build the business case for the Massachusetts IT Commission to make bold and significant recommendations regarding an Enterprise IT Strategy for the Commonwealth.

E.   Asking the Right Questions

During the various interviews, more than one person stated that the key to developing an enterprise strategy rests in asking the right questions.   As one IT Commissioner remarked, “We need to think through what we want technology to do for government.”   He went on to say that often “you see what you look for and see what you know.”   He was firmly convinced that for this effort to succeed, the Commission must identify the right questions before crafting the answers.

There are four key drivers facing government leaders as they seek to manage IT in today’s government environment.  They include:

o       Managing the economic pressures of budget deficits;

o       Addressing change management issues;

o       Dealing with constituent expectations;

o       Proactively addressing security risk concerns.

All of these drivers are important, but each one offers its own unique challenges.   Collectively, they can present competing demands that need to be dealt with strategically and holistically.

 

Economic Pressures:

·         Does the Commonwealth know what it is spending on IT?

·         Is the Commonwealth doing all that it can to leverage its buying power?

·         Is the Commonwealth doing all it can to leverage strategic partnerships with its suppliers?

·         Can the Commonwealth evaluate and validate the extent to which IT infrastructure and systems that are duplicative in nature justify the investments?

·         Does the investment in IT improve the performance of the enterprise?

Managing Change:

·         Is there a mandate for change?

·         Who should lead and manage change in government?

·         Is ITD up to the challenge?

·         Are there incentives for agencies and other entities to cooperate in an enterprise approach?

·         How can the Commonwealth conduct meaningful multi-year planning for the IT enterprise?

·         Is the Commonwealth in a single business of government or in 170+ different businesses?

 


 

Meeting New Expectations:

·         How is IT going to deliver the functions of government more ubiquitously and efficiently?

·         Does the Commonwealth have the enterprise infrastructure to meet the growing citizen demand for e-government?

·         Do the IT systems in the Commonwealth adequately communicate with and provide services to its constituents?

·         If the Commonwealth “builds it,” can citizens “come” (i.e. the digital divide)?

Addressing Security and Risks:

·         Has legislation kept pace with new security expectations?

·         Is there a comprehensive security strategy in place to address performance, system and data integrity, and availability?

·         How can the Commonwealth insulate itself from the risks of the volatile technology marketplace?

·         How does the Commonwealth balance the need for public access to information with security requirements?

F.      Guiding Principles

Text Box: Values
·	Single Face of Government;
·	Strategic Direction with a Common Vision;
·	Business Value;
·	Collaboration;
·	Pragmatism;
·	Discipline;
·	Agility;
·	Accountability;
·	Integrity;
·	Equity in Access;
·	Leveraging of What Works.
The IT Commission adopted the following values as guiding principles for developing its recommendations.  These values represent the Commission’s ideals for the future enterprise IT environment in Massachusetts.  As the Commonwealth moves forward with this work, the Commission recommends the continued use of these guiding principles as a framework within which to consider critical decisions affecting the nature of the future IT environment.

Single Face of Government  

Achievement of a seamless service interface that provides citizens, businesses, and employees in Massachusetts with a simple, fast, convenient, and personal way to access information and receive services, from all levels of government.

Strategic Direction with a Common Vision

A well-crafted enterprise IT strategy, aligned with an enterprise business strategy, which has buy-in from executive-level stakeholders throughout the Commonwealth and encourages the enterprise perspective to become an influential factor in agency decision-making.

Business Value

IT investments that realize positive returns on investment, based on total cost of ownership and cost/benefit analyses, and enhance the business objectives of government agencies.

Collaborative, Pragmatic, and Disciplined Approach

An enterprise IT environment that promotes collaboration among all branches and levels of government; is realistic in terms of authority, technology, and funding requirements; and instills discipline through a management control framework that includes agreed-upon ownership responsibilities, accountable processes, and metrics for outcome evaluation.

Agility

An enterprise architecture and supporting management processes that can respond rapidly to ever-advancing technology, and succeed in balancing existing investments in IT infrastructure against opportunities presented by emerging technologies.   An enterprise infrastructure that fosters collaboration across traditional boundaries is key to enabling business agility.

Accountability

Accountability has three aspects: standards, assessments, and consequences.  Adoption of metrics, standardization of processes and procedures, portfolio management, service level agreement guidelines, and on-going project oversight reviews that ensure visibility into project progress as well as provide assurance mechanisms will more clearly define accountability for success.

Integrity

It is essential that all users know that the systems and the information collected can be relied upon. There are two aspects to integrity:

§         System integrity – An IT infrastructure that ensures that information that is captured, stored, and provided by technology is relevant and reliable, secure, and available when needed.

§         Personnel integrity – The ethical and responsible use of information collected by government is paramount to the success of e-government.  Assurance mechanisms and adequate controls are essential to making certain that information collected is used appropriately.

Equity in Access

Access to Web-enabled government services for citizens and businesses throughout Massachusetts through affordable, reliable, high-speed connectivity.  The communication infrastructure is key to the Commonwealth’s ability to attract, retain, and develop new businesses.   Connectivity is also an essential element in cultivating a well-trained workforce, which, in turn, will help keep the Massachusetts economy viable.

Leveraging of What Works

An expansion and leveraging of the Commonwealth’s IT successes:

§         There are pockets of collaboration within and between agencies that have resulted in the development and implementation of shared infrastructure [e.g., Commonwealth Information Warehouse, Human Resources and Compensation Management System (HR/CMS), MassMail] and the momentum for continued cooperation based on these successes.  Also, the CIO Council is a highly supported, well-received effort at improving communications and knowledge sharing among ITD’s executive team and agency CIOs.  The Enterprise Security Board fosters cross-agency collaboration on security policy issues and on training related to security technologies and standards.

§         The IT Bond Fund is lauded on a national basis for funding IT infrastructure investments as capital projects. 

§         Individual entities within the Commonwealth have developed areas of specialized expertise:   the Department of Revenue for security; UMass for delivering high-speed backbone capability; the Department of Public Health for business continuity planning and project management discipline; Berkshire Connect and MassConnect for furthering economic development and overcoming the digital divide; etc.

§         The Commonwealth’s EGov initiative was a highly collaborative effort that succeeded in developing a strategic plan that continues to be the blueprint for guiding EGov investments today.


Back to Top

“As Is” Assessment



A.     Approach

The Massachusetts Information Technology Division (ITD), acting on behalf of the IT Commission, enlisted IBM Business Consulting Services (IBM) to provide a “high-level assessment of the Commonwealth of Massachusetts’ information technology infrastructure, systems development, and governance.”[12]  The results of IBM’s “As Is” Assessment are documented in this section of the Commission’s Final Report.  Although Commonwealth security was assessed as part of this effort, IBM’s observations about the current environment have been removed from this document and provided to the IT Commission under separate cover.  Due to the sensitive nature of this information, these observations are not available for public distribution. 

From these “as is” observations, the IBM team assisted the IT Commission in developing a high-level, strategic framework of recommendations, and a roadmap for implementing these recommendations.  This information is provided in later sections of this report.  

IBM’s “As Is” Assessment was divided into two distinct areas:  Governance and IT Strategy.   Research in each area was conducted by specialists working in parallel teams according to IBM’s Ascendant™ IT Management Performance Improvement methodology (ITM-PI).  This methodology promotes a comprehensive view of enterprise IT by considering factors in each of five topic areas:

image ·      Strategy :   What business and IT strategies are in place, how effectively and economically do they support the business, and how does the business exercise control over IT?

·        Delivery:   How are resources organized, monitored, and managed to deliver existing IT services and to develop new ones?

·        Technology:   How are technology trends identified, how effective is the technology architecture, how adaptable is the architecture to emerging technologies, and how is technology deployed?

·        People:   How are human resources managed, what are the skills and attitudes of users and IT staff within the enterprise, and what is their readiness to embrace change?

·        Systems:   What functionality is provided by application systems, what deficiencies exist in the information provided by them, and what unsatisfied demands exist?

In conducting the “As Is” Assessment, the IBM team interviewed more than 50 individuals representing all three branches of government, including many representatives from Commonwealth agencies.[13]  IBM also facilitated several focus group sessions, including one with CIOs from various Commonwealth agencies, and one with ITD agency liaisons to discuss the IT Bond Fund allocation process.   Additionally, IBM’s technical specialists reviewed materials concerning the Commonwealth’s Managing for Results initiative, documentation from the                e-Government initiative, previous reports on the Commonwealth’s data center and networks, and the Commonwealth’s existing enterprise policies, architecture, and standards.

The IBM team conducted best practice research to support the “As Is” Assessment.   The team researched public and private sector best practices, utilizing information from leading market research firms (e.g., Gartner, Meta, IBM Endowment for the Business of Government), and industry organizations and periodicals (e.g., Center for Digital Government, IBM Institute for Business Value, National Association of State CIOs, IT Governance Institute, Information Systems Audit and Control Association, Massachusetts Technology Collaborative, Governing, Government Technology).   Members of the IT Commission, representing industry leaders such as AMS, Cisco Systems, DSD Labs, EDS, Harvard Pilgrim Health Care, Harvard University’s Kennedy School of Government, Sun Microsystems, and Verizon, participated actively by providing valuable insight into market trends, competitive landscape, and best practices in information technology governance and strategy.   As part of this engagement, the IBM team Web-enabled the Commonwealth’s existing application database, which was developed originally as a Y2K initiative, so agencies can update this information directly over the Internet.    

The IT Commission engaged the IBM team to perform a high-level assessment of the current environment, upon which to develop a high-level strategic framework of recommendations, and a roadmap for implementing these recommendations.   Due to the aggressive timeframe for completing the “As Is” Assessment, IBM did not conduct a comprehensive, in-depth assessment of the Commonwealth’s information technology resources, organization, operations, and results.  

B.     Governance: Guiding the Enterprise Forward

An enterprise must be well governed to be well managed.   An enterprise, by the breadth and complexity of its nature, requires a more innovative and flexible approach to governing than provided by more traditional models, which were developed to oversee the functions of an IT organization.  Enterprise governance depends on collaboration and stakeholder involvement to leverage IT infrastructure across governmental and geographical boundaries, in order to realize new opportunities for service delivery and operational economies of scale.   Governing in an enterprise environment requires leadership, business direction, an effective organizational structure, and oversight mechanisms.   Funding and procurement are key tactical elements of implementing an enterprise strategy successfully. 

Today, we are inundated with news about the new economy and its demands for innovation, rapid response, consumer options, vigorous competition, and dedication to customer service.   e-Government is entering a new phase, where business, citizen, and employee interactions with government will no longer be just transactions-based, but much more interactive – transforming the delivery of public services over the coming years.   The factors necessary for governments to be performance leaders in this environment are the same as for their private sector counterparts:

o       Leverage technology as an enabler;

o       Deliver timely, accurate, accessible services that are customer-centric;

o       Create effective use of enterprise assets and technology in line with strategic objectives;

o       Be cost efficient and create revenue growth opportunities; and

o       Develop an organization and people who can act and react in a market-leading way.

The need for individual governmental entities to act decisively and coordinate efforts in these areas can be met only through effective governance that guides the enterprise forward, leveraging collective strengths to achieve dramatic results.

Objectives of IT Governance include ensuring that IT strategy is aligned with overall business strategy to maximize benefit to the business, ensuring that IT resources are safeguarded and used in a responsible and ethical manner, and that IT-related risks are addressed through appropriate controls and managed to minimize risk and exposure.

This Governance section is organized into key topic areas:  enterprise direction, IT oversight, and funding and procurement.  It discusses the governance environment in Massachusetts today, key observations related to the current environment, and considerations for IT Commission members.

1.      Current Governance Environment

The Commonwealth’s Chief Information Officer (CIO) is the Director of the Information Technology Division (ITD) of the Executive Office for Administration and Finance, and has the title of Assistant Secretary for Information Technology.   The CIO is appointed by the Secretary of Administration and Finance.   The office of the CIO was established by statute in 1996 and strengthened in 1998 to include approval authority for information technology projects that are undertaken by agencies within the authority of the governor and exceed two hundred thousand dollars.  Massachusetts is one of 17 states in which the CIO manages an IT function that is a division or department, and is not adjunct to the Governor’s office.[14]  In Massachusetts, the CIO is responsible for both policy-making and for IT infrastructure and operations.  Massachusetts does not have an IT oversight board.

The Commonwealth has a highly decentralized organizational structure, with more than 170 agencies, independent authorities, and constitutional offices spanning three branches of government and a tradition of independence.  The Commonwealth’s annual operating budget is approximately $23 billion.   ITD reports IT expenditures by state government last year totaled $420 million.[15]  The magnitude of the total IT spending picture in Massachusetts – including state and local government – is even greater however, with the Center for Digital Government estimating Massachusetts IT spending in 2002 upwards of               $1 billion.[16]

Massachusetts is recognized nationally as a leader in IT, ranking first among states for high technology jobs[17] and embracing technology for economic development.  Massachusetts also ranks high in the areas of broadband telecommunications, educational attainment of its workforce, and access to venture capital.   Academic institutions in Massachusetts are world-class leaders in IT innovation and research.  The Commonwealth has a number of successful and innovative IT initiatives to leverage, including its IT Bond Fund, State portal (Mass.Gov), and other e-government initiatives.

Within Massachusetts, ITD serves as the central IT services bureau, managed by the CIO.   ITD offers the following services to Commonwealth secretariats, departments, agencies, boards, and commissions: 

§         Application development and support for enterprise systems (human resources, payroll, Internet services)

§         Application hosting and support, and database management through the Commonwealth’s data center

§         Help desk support (CommonHelp)

§         IT security management

§         Network management (MAGNET, wide area network)

§         Policy and planning

§         IT consulting support

§         Review and approval of IT investment briefs

§         Central mail processing

§         Electronic e-mail management (MassMail)

§         Managing Commonwealth Information Warehouse services

§         Managing the Human Resources and Compensation Management System (HR/CMS)

§         Coordinating and managing e-Government initiatives

§         Managing ITD chargebacks and billings.

ITD has approximately 240 staff whose annual salaries total $14M.   This central staffing level compares with an additional 1,260 IT staff in agencies statewide, whose combined annual salary requirements approximate $71M.[18]  Commonwealth agencies vary widely in the sophistication of their IT staff and operations.  For example, the Department of Revenue and the UMass system each operate their own data centers.

 The IT Commission has been mandated by the Legislature to develop an enterprise IT strategy for the Commonwealth.  The Legislature defined enterprise broadly to encompass all three branches of government.  Clearly, development of an effective governance structure will require collaboration and cooperation to achieve this enterprise vision.   Part of this challenge will be balancing the view of technical infrastructure as a utility, similar to telephones and plumbing, against the constitutional independence of the separate branches of government and control of their internal operations.

2.      Key Observations

This section describes the IBM team’s observations of the “as is” governance environment in Massachusetts, in the areas of enterprise direction, IT oversight, and funding and procurement.

Enterprise Direction

Enterprise direction establishes the top-level, strategic business objectives that the enterprise is aiming to achieve.  Without a strategy for operating as an enterprise, government continues to operate in silos and forfeits the opportunity to realize the tangible, operational benefits of implementing an enterprise approach.   An enterprise strategy sets the direction and priorities for IT investment and decision-making, and enables IT resources to effectively support the ultimate goals of the enterprise. 

a.      The Commonwealth does not have an enterprise direction that represents all stakeholder groups, or a mechanism for establishing one.

The Commonwealth of Massachusetts does not have a strategic direction for defining and achieving the business objectives of the enterprise, and for operating as an enterprise.   In the absence of such strategic business direction, ITD has used the Governor’s stated goals or legislative direction, much of which is documented in the annual budget development and appropriations processes, or ITD’s internal perspective on Commonwealth priorities, to direct IT investment.  This approach, while logical, is inadequate for ensuring that the business interests and priorities of all stakeholders in the enterprise are considered.  Massachusetts does not have an adequate forum for creating a coordinated effort to innovate the business of government through technology.  The Commonwealth CIO is not at the table, to listen or advise, when cabinet-level business leaders discuss the need, or opportunity, for cross-agency collaboration.  There is no consistent forum for determining how IT can deliver the functions of government more ubiquitously and efficiently, or for ensuring that IT investment improves the performance of the enterprise as a whole.  

b.      Massachusetts needs executive-level leadership to achieve collaboration and leverage IT investments across the enterprise.  

Recognition of the value of enterprise IT management is emerging among government leaders in the Commonwealth.  This recognition has emerged through leaders’ exposure to e-Government initiatives, through experiencing the challenges of undertaking large projects on their own, or through not being able to maximize the benefits of IT investments in systems due to the lack of enterprise planning.  

To succeed in presenting a “single face of government” to citizens, an IT enterprise requires collaboration among senior executives to dispel silos and leverage IT investments across agencies, branches of government, and levels of government.  The severe fiscal environment and increased security awareness make the need for executive leadership even more imperative. 

As noted above, the Commonwealth does not have a single forum, such as an IT Board or Commission, to facilitate these discussions.   The CIO Council is an effort by the Commonwealth CIO to foster the sense of an IT community among ITD’s executive team and agency CIOs.  While a very positive and well-received effort, it cannot substitute for executive-level leadership, which is critical to broadening the vision, setting the collaborative tone, and committing the organization.  Business innovation often leads to cultural change, and executive leadership is essential to effective change management.  

Senior executives are important as champions for the needs and benefits of the enterprise, whether it be in budget deliberations with the Legislature, addressing the public through the media, or facilitating partnerships with other organizations.   The gubernatorial transition, the formation of the IT Commission, and the beginning of a new legislative session provide an excellent opportunity for the Commonwealth to exercise executive-level leadership in IT.

IT Oversight

There are two elements to the provision of IT oversight:  governance, and control of IT.   Governance refers to the methods by which senior executives decide and oversee IT policies, services, and investments.  For Massachusetts, it includes both the role and authority of the CIO, as well as the CIO’s relationship to other executive-level stakeholders and authorizing entities.  It also involves the legal framework for managing IT.  Control of IT refers to the degree and effectiveness of senior management control over IT priorities, resources, expenditures, and processes to influence and evaluate IT success.   It includes the routine monitoring, control, and reporting against plans and budgets to senior executives.   Cost management, budget control, asset tracking, competitive bidding practices, and analysis of unsatisfied demand are all examples of practices that contribute to sound enterprise management and control of IT investment and performance.

c.       Massachusetts has a weak IT governance structure, including the role of the CIO.

The enterprise governance challenge transcends the boundaries of authority for all three branches of government.  In Massachusetts, the CIO is not a cabinet-level position, and the CIO’s responsibilities for service delivery extend beyond the scope of his authority.  Although the CIO is given statutory approval authority over IT investment projects under the Governor’s purview that exceed two hundred thousand dollars, Commonwealth CIOs have never exercised this power to stop a failing project once it has been initiated.  Massachusetts does not have a formal IT Board or Commission that is authorized to determine strategy, establish policy, prioritize investment, oversee projects, and evaluate IT success. There is no active, executive-level business representation in IT governance in Massachusetts.  (When we use the term “business” here and elsewhere in this report, we are referring to business management staff within government, and not to external participation by private sector business leaders.)

d.      Massachusetts does not have defined processes for enterprise IT oversight.

The Commonwealth does not have an enterprise IT project management oversight function in state government.  Once IT projects are approved for initiation, active monitoring of project progress or outcomes by the enterprise is not performed consistently.   There are no standards to guide project implementation by agencies, and no metrics to gauge accountability for results.  Decisions to initiate projects do not provide adequate insight into the total cost of ownership.   While there has been some progress in developing and implementing enterprise applications, ownership of the development process has been reactive, with ITD assuming a leadership role in the absence of strong business leader ownership.   To maximize the effectiveness of the enterprise, all three branches of government should conform to enterprise IT standards and processes.

e.       There may be legal barriers to implementing an enterprise approach to IT.

The Legislature charged the IT Commission with recommending, “…an enterprise-wide strategy, including all 3 branches of government and the constitutional offices, for the commonwealth’s information technology infrastructure, system development and governance.”[19]   It may be challenging to construct an IT governance authority that proves acceptable across these governmental boundaries.   For example, in 1974, the Massachusetts Supreme Judicial Court ruled that, “…the Judicial Branch does not have the freedom to relinquish to another branch responsibility for or control over facilities critical to the internal operation of the courts system.”[20]  The Commission may need to evaluate technology in a new perspective, perhaps viewing IT infrastructure like a utility, to negotiate common ground that proves acceptable to all members of the enterprise.   The enabling legislation for the Information Technology Division provides authority specific to, “…commonwealth secretariats, departments, agencies, boards and commissions….”[21] An IT enterprise governance structure will require new authorizing legislation that grants or allocates oversight authority across the enterprise.  Also, the Commission may encounter specific legal obstacles related to potential recommendations, in areas such as outsourcing, where we understand that the Pacheco Law effectively restricts privatization in Massachusetts.[22]  Similarly, the absence of authorizing legislation may prove to be a barrier in instances such as electronic signatures and a public records law that is conducive to electronic government.   Finally, it is difficult for legislation to keep pace with technology.   For example, legislative or regulatory direction on transaction fees and chargeback policies, and the timing of these decisions relative to the appropriations process, may act as a deterrent to agencies’ participation in
e-government initiatives due to the lack of lead time in agencies’ budgeting processes.

Funding and Procurement

Funding and procurement must facilitate an enterprise approach, or they can become barriers to its successful implementation.  There must be accountability for expenditures so that the Commonwealth knows how much money it is spending in the aggregate on IT investments and operations, and can make informed decisions on ways to improve efficiency and avoid duplication.  Procurement vehicles should enable the Commonwealth to leverage its buying power with suppliers, and respond rapidly to evolving requirements.  The Commonwealth should have an inventory of existing IT assets as a baseline for guiding future decision making about IT investments and joint purchasing/development opportunities.  The Commonwealth should identify opportunities for leveraging federal funds.   Funding should be used opportunistically to deliver ancillary benefits that advance the IT objectives of the enterprise as a whole, not just perform the stovepiped purpose for which the funding may have been appropriated originally.  For example, if the federal government provides funding to support homeland security initiatives, there may be an opportunity for the Commonwealth to broaden the positive impact on the State’s IT infrastructure if IT-related security investment decisions are not made in isolation.   The mirror image may be true for funds that are granted by the Commonwealth to local governments:  the Commonwealth should have visibility into whether or not it is funding multiple projects in a community, where each project may be using the same state infrastructure and could achieve their end results more efficiently through cooperation. 

Text Box: Flexible Solicitation
State and local agencies normally submit such detailed specifications for IT solutions that IT vendors end up simply replicating these specifications to qualify. This process precludes the possibility that other solutions may be better suited to tackle the original problem. State and local agencies are now creating simplified, outcome-based solicitations that allow vendors to apply their creativity in designing solutions. In reviewing these solutions, agencies take the following into account
·	Best value — Cost is often the overriding factor for state and local agencies partnering with private-sector vendors. However, as agencies increase their reliance on IT and become more sophisticated in procurement, factors such as vendor reliability and reputation, life cycle cost of equipment, and measurable improvement in service delivery afforded by the solution become greater factors.
·	Timeliness — With federal mandates, matching grants and block grants, projects typically must be completed by certain deadlines. Agencies must often weigh the time to implement a project with available funding mechanism and service delivery requirements.
·	Burden on the agency — Agencies have become aware that the implementation of a solution is only part of the cost. Ongoing maintenance, ability to integrate with other systems and scalability are also key cost components. Agencies now can review these criteria in addition to just the price tag.
Compliance with overall agency objectives —With the new e-government initiatives, proposed solutions would often have to comply with a much-broader vision for the jurisdiction.
Source: Gartner Dataquest, Trends in State and Local Governments, 19 Mar 2002, 21-3.

 

 

 

 

 

 

 

 

 

 

 

 

Finally, there is a need to balance the availability of funding between tactical spending (e.g., ongoing maintenance) and strategic investment, and to provide more visibility in decision making about total cost of ownership.  Agencies need more visibility upfront into the budget impacts from e-government initiatives (e.g., transaction costs), or increases in chargebacks and overhead rates.  These negative impacts would be less burdensome to agencies if costs could be planned for in the annual appropriations process.

f.        The IT Bond Fund provides an extraordinary opportunity for strengthening the Commonwealth’s IT infrastructure; however, Massachusetts would benefit from improved project management discipline and oversight in the allocation process.  

Massachusetts is lauded nationally for having the foresight to fund its IT infrastructure as a capital investment.  Even in this year’s severe budget environment, the Commonwealth approved a $300 million IT Bond III as a measure of its commitment to improving IT in Massachusetts.  We strongly support this mechanism as a means for furthering the Commonwealth’s IT goals.  However, the IT Bond allocation process could be strengthened to increase the effectiveness of these investment dollars through increased collaboration between and among ITD and agencies during the development of investment briefs, establishing criteria for what types of investments are funded appropriately as capital projects, restricting the use of bond funds for maintenance purposes, assisting agencies in establishing the business case for IT investments based on operating budget impact and total cost of ownership, developing project management and performance metrics, and instituting a process for more consistent project oversight following project initiation.   The Commonwealth’s development of an enterprise business direction would be highly beneficial in influencing investment decisions made with IT Bond funds.

g.      There are opportunities to improve procurement practices to better support enterprise IT management.

Massachusetts participates in a multi-state governmental statewide contract mechanism (with New Hampshire, Rhode Island, and Vermont) known as the ITS07 contract to procure IT services in a number of categories including technical specialists, contract personnel, solution providers, and software publishers.  The goal of this initiative is to provide the best value for agencies (and municipalities and non-profit organizations) seeking to procure IT-related services.   This contract vehicle could be improved to support the management of resulting vendor IT services by including standard IT-related terms and conditions in the ITS07 contract (such as warranties, for example) or requiring vendor compliance with ITD policies and standards as a condition of any resulting vendor contracts.  Also, contracts that are not flexible over time may put the Commonwealth at risk for high pricing and obsolete technology based on changes that occur in the marketplace. 

ITD, in conjunction with the Operational Services Division, manages an annual “Big Buy” program every spring to assist agencies in leveraging their purchasing power at fiscal year-end to procure desktop equipment and peripherals with available funding.   The Commonwealth should consider funding and expanding this effort so that this type of leveraged hardware purchase is available to agencies on a continual basis throughout the fiscal year, rather than relying on the expenditure of potential reversions at year-end as the only means to fund technology refreshment in some agencies.

Since the majority of the Commonwealth’s application development is outsourced to vendors, vendor management needs to become a core competency for state agencies.   Agencies that are more skilled in vendor management have greater success in implementing IT projects on schedule and within budget.

3.      Commission Considerations

As the Commission prepares to use the results of this “As Is” Assessment to develop a collective vision for the future governance and control of IT in the Commonwealth, the IBM team offers the following questions to assist Commission members in thinking about options for addressing these issues.

§         How broadly should the Commonwealth define its IT enterprise?

§         How much visible authority does the Commonwealth CIO need to effectively influence the management and direction of the IT enterprise?

§         What is the appropriate governing mechanism for senior executive involvement and leadership in the IT enterprise, one that will represent all jurisdictions?  What is the CIO’s relationship to this group?   How will control and responsibility for IT success be shared between the CIO/oversight authority and implementing agencies? 

§         What catalyst is needed to drive and sustain development of an enterprise direction?

§         How much ongoing project oversight is required?   Who should perform this function?  How will it be implemented across branches of government?

§         Would existing industry control models, such as the Control Objectives for Information Technology (CoBiT), be employed?

§         What philosophy should guide IT Bond investment decision making (i.e., should agencies compete individually for funds, should ITD sponsor shared infrastructure, etc.)?  What is the appropriate level of agency involvement in the process?

§         What is realistic in terms of removing legal and budgetary barriers to implementing an enterprise approach?

§         How can procurement practices be strengthened to improve the delivery of IT vendor services in the Commonwealth, and to leverage the Commonwealth’s collective buying power?


C.     IT Strategy:   Setting the Direction for the Enterprise

1.      Current Enterprise IT Strategy Environment

Just as the Commonwealth needs an overall strategy for operating as an enterprise to achieve the collective business objectives of its members, so too it needs an enterprise IT strategy for using technology more efficiently and effectively to deliver government services and programs. The IT strategy establishes the vision, tactical plans, and daily activities to deliver high quality, cost-effective management of IT services. An IT strategy will help executive department agencies, constitutional offices, the Legislature, and the judicial branch focus their energies and resources to bring value and cost-effective operations throughout government.

An enterprise IT strategy is important for the same reasons that a master city plan is important:   to provide a framework for sustainable growth and responsible development.  In the absence of an IT strategy, IT infrastructure, systems, and applications will be built in isolation and not shared across agency boundaries, proliferating “silos of information” that cannot be leveraged. From a citizen-centric perspective, it becomes impossible to promote a “single face” for all government services without an enterprise IT strategy that enables the sharing of information as freely as possible throughout government in a standardized manner.

2.      Key Observations

The IBM team offers the following observations about IT strategy in the Commonwealth:

a.      The Commonwealth of Massachusetts does not have a single, cohesive enterprise IT Strategy; therefore, individual agencies are building duplicative infrastructure and services to meet their own requirements.  

To meet their individual business needs, agencies are pursuing a “silo” approach and building their own infrastructure to satisfy mandated governmental responsibilities.   Interviews with agency IT staff showed, not only recognition of the benefits of a shared infrastructure, but a strong desire to use the shared infrastructure.   However, the following issues were mentioned frequently as barriers to collaboration:

§         Budgets:   Agencies have limited IT resources and object to charge-back as a method to pay for usage, since it effectively reduces the administrative budget available for other business objectives. 

§         Service:   Agencies do not dispute the need for central management of shared infrastructure.   However, feedback indicates that ITD operates in a monopolistic fashion and with poor service levels, leaving agencies with neither recourse nor alternatives.

§         Expertise:   Several agencies questioned the expertise levels of ITD resources, and whether ITD is best able to supply enterprise services.

b.      New and emerging technologies are not being explored in a coordinated and collaborative manner.

The interviews revealed that the State is facing many new and complex business challenges.   At the same time, technology continues to evolve, offering a wide array of alternative solutions.  Multiple agencies raised issues ranging from whether Voice over IP is a viable strategy, to replacing existing voice infrastructure, to employing wireless equipment for field workers as means for using new technology to improve their businesses.  These agencies were investigating the improved technology and considering its benefits in an ad hoc manner.

Agencies favor a more coordinated and collaborative approach to exploring and adopting new technologies.  They recommend ITD coordinate pilots and work in collaboration with agencies to establish strategic direction in analyzing and promoting strategic new technologies.  The University of Massachusetts, as well as other private colleges and universities, could provide valuable input, also, to this process.

A cohesive enterprise IT strategy would ensure that new technologies are explored and deployed to maximum benefit and incorporated into enterprise IT infrastructure planning.

c.       The impact of 24/7 electronic government on old business processes needs to be addressed.

Technology alone will not provide better government. Long-term and persistent benefits, in terms of superior levels of services and reduced costs, can be realized only from pervasive reengineering efforts that employ the greatest possible extent of common business models to support similar technical applications, such as licenses, permits, and registrations. Only the transactions-based and self-service delivery capabilities of e-government will satisfy the convenience and error-free desires of the public; therefore, restructuring program and business practices and procedures is essential for implementing new technologies effectively and successfully.  Ensuring that legislation keeps pace with evolving technology and its impact on traditional business processes is challenging.

As an example, accepting credit card payments on the State portal facilitates citizen self-service.  Citizens expect to be able to use credit cards for payment in state offices, as well.  However, the acceptance of credit cards is problematic for agencies because of the impact of accompanying fees on agency budgets.  Often, agencies’ fees are controlled by legislation, and the payment of credit card transaction fees to credit card companies reduces agency revenue.  Credit card companies require that agencies charge citizens “the same price for cash or credit,” and citizens balk at the imposition of convenience fees.  One agency went so far as to remove credit card processing equipment from its office locations as a cost saving measure!

As a second example, the statutory language governing the renewal process for teacher certifications is presenting the Department of Education with a looming problem.  License renewal for teacher certifications is based on a calendar cycle, not an individual cycle.   As a result, on a pre-determined date, all teacher certifications will have to be renewed by the same deadline.  In the past, when this renewal process was paper-based, temporary staffing might have been able to accommodate these requests in an acceptable timeframe.  However, Internet renewals change the equation.   Will the current system be able to handle the large influx of electronic requests?   The investment in a system upgrade to manage this peak workload means idle capacity the rest of the time.  The Department is proposing legislation to adjust the timing of renewals to smooth the curve so that the system can accommodate renewal requirements without significant additional investment.

The Department of Revenue has been proactive in streamlining its tax filing processes with employers and citizens.  One aspect, however, is beyond its control: meeting dates for inclusion into tax preparation software packages.  Many citizens use off-the-shelf software packages such as TurboTax to prepare their returns.   The Department of Revenue reported that the deadline to submit Massachusetts tax law information to Quicken is in October, while the legislative deadline is December.   Citizens perceive that the Department of Revenue is out of touch when, as a result of the misalignment of deadlines, they have to order a supplemental CD-ROM for their software package.

The Comptroller’s Office described the challenges in implementing online pay statements for employees.   Two major issues were 1) a legal mandate requiring printed pay stubs and 2) obtaining buy-in from each union.  Even with savings estimated around $50M, implementing the change to an electronic pay statement was not a simple task. Because of the legal requirement for a printed statement, the system was implemented on a voluntary basis. Success was achieved through strong, collaborative efforts among the Office of the State Treasurer, Office of the Comptroller, State Employees Credit Union, and the Human Resources Division (HRD).   The representative interviewed from the Comptroller’s Office volunteered that the effort would have happened in a faster, more coordinated manner with an enterprise IT strategy in place.  

 

A “single face” of government requires a new perspective toward traditional boundaries.   Interviewees reported one particularly frustrating area for citizens is the inability to pay for civil infractions (parking tickets) when renewing a vehicle registration or license at the Registry of Motor Vehicles.   The ability to collect fines and transfer funds has been simplified by technology, but the business process has yet to keep pace.

Other agencies may face the same or similar business process issues to the examples cited above.   An Enterprise IT Strategy would allow an opportunity to address these issues collectively, proactively, and uniformly.

d.      The impact of 24/7 electronic government on the existing legal framework needs to be addressed.

The paper-based legal framework employed for decades is being strained in the new, electronic age. For example, the Commonwealth of Massachusetts has taken a liberal stance on public records.  This stance is cause for concern related to the portal.   For example, the portal offers citizens the ability to send e-mail questions and inquiries to state staff.  Citizens, unaware of the public records issues, often share detailed, personal information in their questions.  Personalization is another aspect of concern. And, while the Mass.Gov portal does not yet offer personalization, citizens would not expect that their choices might become a public record and, potentially, made available to marketers.  

The move from paper-based records and signatures to electronic records and electronic signatures poses new challenges.  Since it was often easy to obtain a signature, sometimes agencies required the use of signatures in connection with agency transactions, not because of requirements by law or regulation, but because of agency custom.   Since obtaining an electronic signature is more difficult and costly, making the determination of when signatures are required by law is required to keep costs in check.

Fortunately, the Commonwealth does have a cross-jurisdictional forum for making recommendations on e-government legal issues.   The Cyberlaw        E-Government Advisory Roundtable (CLEAR) is a forum for identifying legal issues generated by e-government and for making specific recommendations for legislative, regulatory, and policy changes where necessary.  CLEAR also reviews enterprise policies.

e.       Priorities, resource allocation, and trade-off decisions are made in isolation by agencies.

Decisions, priorities, and tradeoffs of how to spend IT dollars are made at the agency level without review at the enterprise level.   An effective enterprise IT strategy is critical for the State to perform its fiduciary responsibility in managing the State’s mission critical infrastructure.

f.        Long-term planning is incomplete for supporting rollout of enterprise initiatives.

In the absence of an enterprise IT strategy, elements of shared infrastructure have been defined in an ad hoc manner.   For example, an imminent demise of e-mail impacted about one-third of agencies when Banyan discontinued support of its product.  ITD understood the strategic potential of this event and promoted an enterprise e-mail strategy.

This groundbreaking work of promoting and establishing enterprise infrastructure has been positive, but not without setbacks.  The agencies on MassMail give it mixed reviews.   Some are satisfied with the service, since it is such a huge improvement after experiencing the failure of local e-mail.  Others complain of disruptions to service and lack of service level agreements with financial recourse.  Those that have not migrated cite the monthly per-user, per-mailbox operations charge as the biggest obstacle.

The growing pains experienced by agencies as they transition from local to shared infrastructure need to be eased.  An enterprise IT strategy would facilitate decision making and dispute resolution surrounding such issues as defining what is shared infrastructure, when should it be deployed, how it should be paid for, and when its use is mandatory.

Long term planning, that considers the resource requirements and change management issues associated with rolling out shared infrastructure, would alleviate the growing pains that have been experienced to-date by agencies as they transition from project development to operations, and would increase agency support for participating in enterprise initiatives by mitigating agency risk.

g.      A few enterprise initiatives have been embraced by agencies, but more remains to be done to strengthen agency support for shared infrastructure. 

Agencies that were willing to be early adopters of shared infrastructure, or who agreed to cooperate with ITD in development projects in order to obtain project funding, have experienced mixed success with ITD’s ability to deliver the shared infrastructure on schedule and within budget. 

CommBridge is an example of an extremely successful initiative that has been adopted by agencies.   ITD took a leadership role in defining this enterprise infrastructure in response to a business need for cross-agency data sharing.    ITD leveraged an effort already underway at one agency by using the same contractor to custom build the CommBridge interface.  Not only has CommBridge been adopted as the enterprise infrastructure element to facilitate cross-agency data exchange, but some agencies have found it so useful and reliable that they have adopted it internally to exchange data within agencies.   ITD Bond funding paid for agency licenses, and on-going operational costs are not charged directly to agencies but are included in the overhead portion of the rates charged to agencies.

The EGov initiative is another example of a success in deploying enterprise infrastructure.   Mass.Gov was launched in response to a governor’s mandate.   Agencies embraced the State portal as a means to an end: a way to get funding.   However, there are strings attached to the funding, and agencies feel forced to go along with initiatives that leave them at risk.   The Educator Licensure and Recruitment System (ELAR) project, one of the first to use the e-payment shared service, experienced the risk first-hand.  A well-publicized failure left the agency CIO cautious about participating as an early adopter of future enterprise initiatives.   The Department of Environmental Protection (DEP) is experiencing set backs in its e-DEP initiative because of delays by ITD in providing the common authentication service.   DEP agreed to use the common authentication service to get funding.   Not having the shared service in a timely manner could impact their willingness to use enterprise services in the future due to delays and cost considerations.

Many enterprise initiatives fail to gain momentum and ownership by agencies due to the lack of collaboration by ITD and agency stakeholders.  For example, our interviews with agencies revealed that the eBusiness Central (business directory) initiative lacks agency support, and many agencies are questioning its overall business value.   More than one stakeholder agency mentioned that they believed eBusiness Central would not meet their needs.

When asked how enterprise initiatives are determined, agencies’ responses indicated that strategic initiatives result from ITD planning processes or through the vision of a CIO at a particular time.  Many of the resulting initiatives have been ‘right on target’, but even a few efforts that miss the mark leave a bad impression.

An Enterprise IT Strategy that identifies business drivers and establishes priorities, formed in collaboration with agencies, would ensure that resources are allocated to the strategic initiatives that serve Commonwealth agencies’ business interests most effectively, and would serve to strengthen agency support for participating in enterprise initiatives.

Of course, change management is difficult.   It requires a degree of willingness and cooperation unsustainable by sheer powers of personal persuasion.  It is clear from our interviews, and the result of the Managing for Results initiative, that Massachusetts has a strikingly large group of leaders interested in promoting creative solutions and collaborating for enterprise success.  Even so, the best way to achieve and sustain change over the long term is to change the reward system.   The availability of funds through ITD Bond Fund initiatives for MassMail migration and eGov portal projects demonstrates the power of positive incentives at fostering collaboration.

h.      The Commonwealth’s information technology investments need to be viewed as a portfolio.

The identification of the full range of the Commonwealth’s technology investments and assets, and their coordinated management as an enterprise portfolio, will assist the Commonwealth in prioritizing its investment of funding and human capital in those IT projects that best support an enterprise IT strategy, while furthering the business needs of individual agencies.

Massachusetts is living with the legacy of an infrastructure that has been built-up over time, as agencies made independent decisions regarding technology within the scope of their spheres of influence.  Taken in isolation, each decision may have seemed technically and fiscally sound.  However, in the aggregate, the resulting infrastructure will not support the Commonwealth’s need to function as an enterprise.

Razing the IT systems and infrastructure is not an option.  Changes need to be made over time and in a thoughtful way.  The Commonwealth should approach this issue as a remodeling analysis, identifying parts to keep, parts to extend, and parts to discard.   During our interviews, it became clear that no such analysis is being conducted today from an enterprise perspective.

One suggestion that was made by several interviewees is that, regardless of the source of project funds (grants, etc.), proposals should be reviewed in light of investments that have already been made by the Commonwealth.  This approach ensures that the evolution of the infrastructure over time has a plan, rather than simply ad hoc improvements.  This recommendation went so far as to suggest that the Commonwealth coordinate its grants to cities and towns to ensure that investments made to serve one constituency locally best serve the IT needs of the State.

An enterprise IT strategy that is supported by an IT portfolio management process can ensure a coordinated, holistic approach to the Commonwealth’s IT investments, one that furthers the business needs of the enterprise.

3.      Commission Considerations

As the Commission prepares to use the results of this “As Is” Assessment to develop a collective vision for an Enterprise IT Strategy for the Commonwealth, the IBM team offers the following questions to assist Commission members in thinking about issues related to the development of an effective IT strategy.

§         How can an enterprise IT strategy reduce fragmentation and duplication in the State’s infrastructure and services, and improve enterprise security?

§         How can the Commonwealth migrate from today’s infrastructure to its future enterprise IT environment most effectively, with minimum cost and operational disruption?

§         How can an enterprise IT strategy facilitate the investigation of the application of emerging technologies by Commonwealth agencies in a coordinated and collaborative manner?

§         Do incentives exist to facilitate agency cooperation in enterprise initiatives?  Are there disincentives that preclude cooperation?

§         How can agencies work collaboratively to reengineer traditional business processes and develop common business models that support the implementation of new technical applications (e.g., licensing applications, credit card payment)?

§         Does the enterprise support the CIO sufficiently, through executive sponsorship and commitment of sufficient staff and financial resources, to establish and manage an enterprise IT strategy, enterprise architecture, and IT infrastructure programs?

§         How can the Commonwealth heighten individual agency sponsorship of and commitment to enterprise initiatives?

§         How can the Commonwealth ensure that statutory requirements keep pace with technology and neither pose barriers nor perpetuate silos to implementation of enterprise infrastructure?

§         How can the Commonwealth lead cross-agency and cross-branch collaborative efforts that facilitate an enterprise-wide prioritization of investments, resource allocation, and trade-offs, and promote longer term planning that eases agencies’ transition from project development to operational implementation of shared infrastructure?

§         How can the Commonwealth better manage its IT assets as a portfolio of investments, based on total cost of ownership?


D.    Enterprise Architecture and Standards: Building the IT Foundation

1.      Current Enterprise Architectural Environment

Text Box: From the release of NASCIO’s Enterprise Architecture Tool-Kit v2.0 
“Enterprise architecture has gained national momentum fueled by federal mandates and a growing demand on the part of municipal, county and state leaders for timely, accurate information sharing horizontally between departments within the enterprise and vertically with agencies of different governmental levels.”
Source:  NASCIO Press Release: Lexington, KY, 18 Jul 2002.

As the IT Strategy forms a city master plan, the enterprise architecture forms the construction codes (building, electrical, plumbing) to ensure compliance to minimum regulations deemed necessary for health, safety, and quality.  The Commonwealth of Massachusetts published an Enterprise Architecture in August of 1999 with the most recent update occurring in October 2002.  The architecture covers a range of topics such as local area network (LAN), wide area network (WAN), cabling, video conferencing, servers, and databases. The Enterprise Architecture is a mixture of recommended configurations, industry standards, and suggested practices.

An effective enterprise architecture provides a single, common, and cohesive vision that directs the design, construction, purchase, deployment, and operation of IT across the enterprise.  Establishing an enterprise architecture is the first step in moving from viewing technology as isolated choices to one where advancing “the sum of the parts” is assumed.

A properly applied enterprise architecture methodology rationalizes IT investments and reduces risk.  For example, using relational databases instead of flat files improves data access through the ability to query.  Migration from one database vendor to another, while not simple, is more straightforward than migrating proprietary database formats.

Successful enterprise architectures focus on the elements that contribute to the best ways to extend IT, including acquisition of new applications and replacing older systems in a way that promotes flexibility and interoperability.

Although we commend the Commonwealth for publishing an enterprise architecture, this architecture is not realizing it maximum benefits for a variety of reasons, which are discussed in this section.

2.      Key Assessment and Observations

The IBM team noted the following observations about the Commonwealth’s enterprise architecture:

a.      The Enterprise Architecture is ineffective due to the lack of compliance and enforcement.

Agencies acknowledged the existence of the Enterprise Architecture, but indicated that circumventing any standard would be easy.  In accepting IT Bond funds, agencies sign an inter-agency agreement stipulating their agreement to conform to ITD standards.  In interviews with ITD and agency staff, there was universal acknowledgement regarding the lack of compliance and enforcement of agency conformance to ITD standards.  This lack of enforcement is analogous to establishing a building code, but never reviewing any building plans or construction projects for conformance.

To be effective, an enterprise architecture must go beyond documentation to include a process that is meaningful from inception to deployment of a technology project.  ITD staff understand this concept, but suffer from the lack of funding to staff an enterprise architecture process.

b.      No focal point for establishing, communicating, and maintaining enterprise standards exists.

While ITD has staff who perform policy and planning functions, it lacks a single focal point for enterprise architecture standards, such as might be performed by a chief technology officer or an enterprise architect.  Such a focal point must be capable of arbitrating disagreement among agencies concerning the adoption of technology standards, and must be accountable for establishing and communicating the “construction codes,” as well performing a leadership role in compliance.

c.       A great deal of confusion exists among users about enterprise standards.

The enterprise architecture web site contains a compilation of standards in a variety of component areas.  However, the enterprise architecture does not take a uniform approach to defining standards.  For example, sometimes the standards specify products, other times they state minimum configurations, and other times they specify general industry standards. The enterprise architecture also lists ITD solutions, such as MassMail, as emerging standards. In still other instances, ITD staff acknowledged that undocumented standards exist.

Sometimes, the enterprise architecture may state a requirement for general industry standards, but ITD, as an agency’s service provider, may mandate a stricter, product standard.  Agencies may not always realize that certain standards directed by ITD for its own data center operations, do not apply to other agencies’ data center operations. 

And, a further point of confusion arose during discussions about standards within ITD.  During development and deployment of an application, it is typical for an agency to work with various groups at ITD (network, security, etc.).  Experiences relayed to the IBM team identified situations where equipment was purchased while working with one ITD group only to be told by another group that the equipment was not supported, or that the standard had changed.

In summary, confusion exists among users about what enterprise architecture standards exist and when they must adhere to the enterprise standards, under what circumstances agencies have some autonomy, and who in the Commonwealth is responsible for setting standards.  

Agencies not only acknowledged the need for enterprise architecture, but believed that more enterprise architecture standards were needed and wanted to be included in the development process.

d.      An Enterprise Architecture could assist in establishing common integration strategies within the Commonwealth as well across government boundaries (municipalities, other states, and federal)

Electronic commerce is rapidly changing the way enterprises conduct business.  The ability to track package shipments online, to use e-mail and instant messaging for communication, and to supplement “bricks and mortar” with “clicks” have changed the way business is conducted for many businesses.  Widespread adoption of industry standard protocols, such as the Internet TCP/IP protocol, make connections beyond a single organization not only possible but practical.  A “single face” to constituents is an achievable goal; however, success depends on the quality of the underlying infrastructure and the seamlessness of the integration across traditional boundaries.  

ITD has taken a leadership role in defining an integration strategy to facilitate one aspect of data exchange between application systems with its CommBridge infrastructure.   And while this is used by a variety of agencies, the CommBridge infrastructure as an Enterprise Application Integration strategy could me more clearly articulated and employed to greater advantage.

In interviews several organizations, including one within ITD, used differing integration strategies.   Cost of deploying licenses for the underlying software was cited as the reason for selecting alternate strategies.  And, while it is unlikely that a single strategy will meet all the Commonwealth’s integration needs, the fragmentation of the current strategy appears to be the result of local decisions not being guided by an enterprise approach.

Defining common integration strategies will be a critical success factor in positioning the Commonwealth for the e-commerce era.  As such, the enterprise architecture and standards in this area are key. 

3.      Commission Considerations

As the Commission prepares to use the results of this “ As Is” Assessment to develop a collective vision for improving the enterprise architectural environment in Massachusetts, the IBM team offers the following questions to assist Commission members in thinking about effective enterprise architectures.

§         How can the Commonwealth align its Enterprise Architecture with an Enterprise IT Strategy so that investment and risk are rationalized, and the performance of the enterprise infrastructure as a whole is greater than the sum of its parts?

§         How can ITD function more effectively as a leader in the Commonwealth for promoting the effective use of emerging technologies across the enterprise, arbitrating disagreements among agencies about the adoption of specific technology standards, and enforcing compliance with enterprise standards?

§         What is the appropriate level of cross-agency and cross-branch collaboration in the development of an enterprise architecture?   When must agencies adhere to enterprise architectural standards, under what circumstances should agencies have some degree of autonomy, and who in the Commonwealth is responsible for setting these standards? 

§         What are effective compliance and enforcement mechanisms across branches and levels of government?


E.     Enterprise Infrastructure:   Leveraging Common IT Resources

Text Box: The ITD Mail Servicing Center remains a testament to the success of an enterprise approach. It provides mail processing services to state agencies as well as cities and towns of the Commonwealth. The state of the art equipment allowed for bar code sorting saving agencies up to 6.6 cents per piece of mail.*
There may have been much blood, sweat and tears shed in the process of drafting the enterprise policies and business rules that allowed for central mail sorting an processing, yet it enabled the Commonwealth to reduce its mailing rates and maximize its return on investment in the costly equipment.

* Source:  ITD Bulletin, vol. 4, no. 2, Spring ’98.
Shared enterprise infrastructure complements the architecture and the shared business needs of multiple agencies by reducing costs, decreasing development time, and increasing efficiencies.  

In the early days of computing, information was processed in the back office with each state agency hand generating its own reports, printing and mailing checks, and sharing data manually with other agencies following its own policies and business rules.   Centralized mainframes and “dumb terminals” posed an alternative to manual processes.   Information was controlled by a select group of employees and moving information across the enterprise of government was an impossible task.  Technology was viewed as a cost center, often taking valuable resources that could be used in other program areas.

However, the capital investment of the large mainframe systems required that processes be automated at the enterprise level so that the cost of the infrastructure could be amortized across the enterprise.  Automating processes across the enterprise required setting policies, priorities, and processes at the enterprise level, meaning that agencies had to give up some control and autonomy to achieve these cost savings.  The result was the creation of the first generation of communication networks and enterprise data centers.

Over time, enterprise thinking was abandoned as the cost of technology decreased to affordable levels for individual agencies.  The advent of the personal computer (PC) in the early 1980s became a relatively inexpensive way to bring information to a broad array of agency customers.  The ratio of the users of technology to computers went from a 30-1 ratio to a 2-1, or even a 1-1, ratio today.  Government’s ability to improve service delivery and conduct transactions was greatly enhanced by bringing technology to the desktop.[23] The development of the Internet and the movement of programs and transactions to the Web have created the need to provide 24x7 services to government constituents. 

Now, it is not the cost of individual systems driving the need for an enterprise approach, but that of service delivery. Sparked by innovations in the private sector, particularly in the financial and retail industries, citizens demand similar levels of services, accessibility, and value from government programs at all levels.   The Commonwealth’s ability to recapture “enterprise-level thinking” regarding common, shared infrastructure will be a critical success factor in accomplishing enterprise goals in building the next generation’s communications networks and data centers.  This is not to say that a return to a complete centralization of IT operations is the right solution, but the Commonwealth needs to embrace a more thoughtful and cooperative approach for determining the appropriate combination of centralized and decentralized functions.

According to the National Association of State CIOs (NASCIO), “On-line service delivery is a core competency for government…”.  Only by establishing enterprise shared infrastructure policies and practices will the Commonwealth achieve this competency.

 


The measures of “world class” online service are:

·         Cost Effective Service

·         Efficient Asset Utilization

·         Responsiveness and Customer Satisfaction

·         Service and Information Quality


The critical success factors for achieving these measures are:

·         Consistent, Enforced Standards

·         Common Management Practices

·         Appropriate Technologies

·         Skilled and Motivated Personnel


The key enablers for achieving these measures are:

·         Streamlined Business Processes

·         Integrated, Interoperable Systems

·         Enabling Legislation

·         Innovative, Continuous Investment


1.      General Infrastructure

Our assessment of the current enterprise environment in three key areas (Applications, Networks, and Data Centers) is that the Commonwealth of Massachusetts is not capable of delivering consistent, quality online services to its customers – internal and external.  While security plays a critical role in the enterprise environment, we have discussed it in a different section of this report in order to raise its importance and to keep confidential key observations that may be sensitive in nature and need to be discussed in a non-public setting.

a.      There is a major communications gap between ITD and the agencies it serves.

There is a breakdown in communication between agencies and ITD.   The interview process revealed many statements that began with “They don’t understand…” or “They attempt to dictate….”.   In interviews with other agencies, “they” were ITD; in interviews with ITD “they” were other agencies.  There is clearly a lack of communication between agencies and ITD.   The overall impression of some of the interviewees was that they were very negative about ITD, but very comfortable with the information infrastructure empire they had built within their own department.

One example of the lack of communication between agencies and ITD was the claim by ITD staff that no agencies were considering Voice over IP (VoIP) technology, and that consolidating data and voice networks through VoIP technology would not reduce networking costs.  Therefore, ITD did not have a strategic plan for implementing VoIP.

In fact, however, interviewees with three different agencies revealed plans or studies for VoIP, up to and including a small pilot implementation at one agency where the CIO claimed that the potential to reduce his $2 million per year in voice and data networking costs was driving the pilot.

In another example of poor communications between agencies and ITD, we referenced a 2001 multi-agency wide area network study during our interview with ITD staff.   While the ITD staff at the interview had provided data for the 2001 study, they had never seen the final report, which would have been a very valuable strategic planning and information tool for ITD in cooperation with other state agencies.   This serious lack of communication between and within state agencies raises a caution flag for efforts to improve enterprise communication, and indicates an opportunity for real improvement with minimal expenditure of funds.

ITD is accused of an “our way or the highway” approach to policy and standards, according to some agencies, while ITD accuses agencies of a “flavor of the month” method of selecting new technologies, with no real planning or long-term strategy.

This clear breakdown of communications between agencies and ITD is resulting in a lack of enterprise strategic planning and a lost opportunity to cooperate to standardize on a technology where industry standards are still developing, such that the risk and cost of failing to communicate and plan at the enterprise level is potentially very high.

Sometimes, the “they” in the accusatory statements are other agencies.  Nearly every agency laid some claim to being the biggest or most important agency based on some metric of budget, staff, or constituency, while claiming that they accomplished their mission better than those other agencies because of the unparalleled strength of their people, processes, or leadership.

The result is a parochial emphasis on internal successes, an unwillingness to consider the models of successes developed at other agencies, and a strong “Not Invented Here” (NIH) tendency.

While some of this lack of communication between agencies may be traced to heated historical animosities or fierce competition for dwindling tax revenues, it hampers the ability of the State to present a single customer face to the citizens of Massachusetts.   And, in fact, dwindling tax revenues make communication, cooperation, and shared successes even more critical than ever before.

2.      Applications

Current Environment

Of the three technical areas that the IBM team reviewed for the Commonwealth of Massachusetts, enterprise applications is the strongest area.

Even in the absence of an IT Strategy, the Commonwealth is making strides in defining enterprise applications in support of common business processes.   The Management Accounting and Reporting System (MMARS), Human Resources Compensation Management System (HR/CMS) and Commonwealth Information Warehouse are all examples of enterprise business applications that span all three branches of government.  MassMail and, more recently, the shared Mass.Gov portal services are examples of enterprise infrastructure.

In addition, agencies are collaborating among themselves to leverage synergies.  For example, the Department of Revenue and the Department of Employment and Training jointly developed a tax filing and wage reporting application for businesses.

A common thread of success throughout all of these projects was the establishment of project-specific steering committees to provide guidance and direction on how to develop and deploy these enterprise applications.

Key Assessments and Observations

The above examples provide specific case studies of enterprise application delivery/deployment in the Commonwealth. In addition to these successes, the following issues were mentioned consistently by interviewees or noted by the IBM team:

a.      Common management practices need to be adopted and institutionalized. 

Project success in the Commonwealth is highly dependent on the skills of key individuals assigned to a project, with the ever-present risk of personnel changes resulting in a successful project becoming a failure. In addition, lessons learned on projects have not been captured, so they are experienced on a recurring basis, which can be both time-consuming and costly.

Project management and quality assurance practices have not been institutionalized. A lack of organizational commitment to sound management practices results in project success being a matter of luck versus planning.

Text Box: Software Capability Maturity Model Overview – There are five levels of maturity:
Level 1 - Initial: At the initial level, the organization typically does not provide a stable environment for developing and maintaining software. Success in Level 1 organizations depends on the competence and heroics of people in the organization and cannot be repeated with any certainty.
Level 2 – Repeatable: At the repeatable level, policies for managing a software project and procedures to implement those policies are established. Planning and managing a new project are based on experience with similar projects. Projects in Level 2 organizations have established basic software management controls. Processes may differ between projects in a Level 2 organization.
Level 3 – Defined: At the defined level, a standard set of processes for developing and maintaining software is documented and used across the organization.
Level 4 – Managed: At the managed level, the organization sets quality goals based on measuring the amount of quality (i.e., quantitative). Productivity and quality are measured for important software process activities across all projects as part of an organization-wide program.
Level 5 – Optimizing: At the optimizing level, the entire organization is focused on continuous process improvement and has the means to identify weaknesses and strengths proactively. Data on the effectiveness of the software process are used to perform cost-benefit analyses of new technologies and proposed changes to the organization's software process.

Source:  Software Engineering Institute, Carnegie Mellon University.
However, the IBM team noted that there are several groups/projects in the Commonwealth that are adopting best practices, such as the use of the Rational Unified Process (RUP) as a software development life cycle (SDLC) methodology, and Earned Value Management (EVM) as a project monitoring and reporting mechanism.   The Department of Public Health is demonstrating excellence by documenting its processes and procedures related to project management and measurement.   Other state agencies would benefit from these best practice models if they were communicated and leveraged at the state level.

Until such practices are adopted across the enterprise, project success will continue to be “hit or miss”.  It is a tribute to the many smart and dedicated people working for the Commonwealth that they are able to collaborate on the successful enterprise applications delivery/ deployment projects in the absence of formalized project management methodologies.

The IBM team assessed applications delivery/deployment against the Software Engineering Institute’s (SEI) Capability Maturity Model (CMM)®.   The CMM is an information technology management process improvement model. The SEI defines the CMM as a description of the stages through which software organizations evolve as they define, implement, measure, control, and improve their software processes. The model provides a guide for selecting process improvement strategies by providing insight into current process capabilities and enabling the identification of issues critical to software quality and process improvement.  In short, the CMM is:

·        The application of process management and quality improvement concepts to software development and maintenance.

·        A framework that describes the key elements of an effective software process.

·        A guide for evolving toward a culture of engineering excellence.

·        A model for organizational improvement.

·        The underlying structure for reliable and consistent software process assessments and software capability evaluations.

In general, enterprise applications delivery and deployment at the Commonwealth of Massachusetts exhibit level 1 characteristics, although there are specific instances where levels 2, 3, 4 or even level 5 characteristics can be seen.

b.      Customer responsiveness and customer satisfaction need to be continually addressed by ITD.

ITD must establish and meet customer responsiveness and service level objectives in order for agencies to confidently relinquish control of enterprise infrastructure and share service application performance to ITD.  

One agency relayed that only recently are service outages being announced in advance by ITD.   This move was seen as positive.  However, the outages occur twice a month on a weekday during prime business usage hours (8AM to 10AM).  Scheduling an outage at the convenience of the provider, rather than the business it supports, illustrates the lack of partnership currently.

Another anecdote described a problem with the e-payment service.   The affected agency CIO relayed that finding anyone to “own” the problem at ITD proved impossible.  ITD never identified a single point of contact to work with the agency CIO.   Although the specific problem has been rectified, this CIO is still not sure who at ITD “owns” the shared e-payment engine.

In supporting enterprise applications, ITD needs to step-up to being a partner with agencies, rather than merely a service provider.

c.       Service quality for shared infrastructure and applications needs to be improved at ITD.

Shared infrastructure requires agencies to relinquish local control to ITD for the operation of shared enterprise applications, such as MassMail.  Agencies are often opposed to relinquishing this control because of the perception that a service culture has not been established at ITD.

Agencies have experienced outages for enterprise applications, such as MassMail.   While there is a central help desk (CommonHelp), and response is technically available on a 24 x 7 basis, the operations staff is paged rather than on-site to respond to off-peak emergencies.

Agencies highlighted their lack of recourse for ITD service failure.  Service descriptions are available for applications, such as e-mail.  However, there are no refunds for service outages or failures.   One agency pointed out that the service description stated that notification would be provided to agencies prior to charging for over quota mailboxes.   This notification did not occur, and the agency faced an unexpectedly large bill.   While the specific situation was rectified, it points to the need for meaningful service level agreements between ITD and agencies.

d.      Enterprise applications require business sponsorship.

Too often, it appears that ITD has become the de facto owner of certain enterprise applications, such as the Commonwealth Information Warehouse and the Human Resource and Compensation Management System (HR/CMS).

The Commonwealth Information Warehouse was a Bond I initiative, with initial deployment supporting the executive branch and independent offices.  Subsequently, the project was expanded to include the universities, the Legislature, and the judicial branch.   The project has a five-member board, consisting of representatives of the Human Resources Division, the Judiciary, the Fiscal Affairs Division, the Comptroller, and the ITD CIO to direct its future development.  ITD reported good response from the board when issues were brought for their decision, but indicated that more strategic direction and business input from the board would also be welcome.

The deployment of HR/CMS in the Summer of 2000 ushered in the first time that Commonwealth employees had one, integrated HR and payroll system to serve its employees. HR/CMS was the first Enterprise Resource Planning (ERP) implementation across all three branches of government. HR/CMS brings together human resource information, owned by the Human Resources Division, and payroll information, owned by the Comptroller’s Office.

During the implementation period, an HR/CMS executive committee met weekly to resolve issues.   Due to the personal impact that the resulting application would have on each employee (“Who doesn’t want to get paid?”), the project team managed to effect a highly collaborative approach to service delivery.   Even so, the HR/CMS executive committee structure was too collaborative, lacking a single business owner with the authority and confidence to make necessary decisions to resolve problems and implement changes that spanned the entire application and agency boundaries.   Instead, such decisions were reached through committee consensus.

Agencies interviewed believe that ITD lacks a business perspective and takes a technology-centric view to problems.  A specific example involves the ePayments shared service for credit card processing.  Business sponsorship in this example came after key business functionality decisions were made and software acquired.   A better model would be to gain the business sponsorship, define the business problems, research the options to resolve them (build or buy), evaluate the risks, costs, maintenance of each option, and then work together (business and technology) to select the appropriate solutions.

There is a lack of clarity and agreement on funding of enterprise applications.  ITD supports a variety of enterprise applications using various funding methods:

·        The Commonwealth Information Warehouse application is supported by ITD staff members in appropriated positions.   The operations charges for hardware upgrades, software licenses, etc., appear to be captured in ITD overhead rates. 

·        CommBridge used Bond I funds to purchase software licenses, requiring the agencies to take over the software maintenance charges.   ITD application development staff costs are built into ITD overhead rates.

·        MassMail ongoing operations are funded through monthly mailbox and usage charges. 

·        HR/CMS operations were supported through an appropriation until this past year when legislation suddenly eliminated the appropriation and directed ITD to recoup costs through a chargeback mechanism.

Agencies offered two recommendations for funding enterprise applications.  For large applications, such as HR/CMS, that agencies will be mandated to use and would never consider implementing alone, agencies preferred that these initiatives by funded with a direct appropriation.  However, for services for which an agency may or may not choose to use ITD as a service provider, agencies preferred to use agency IT funding to purchase these services, so that they have more leverage to negotiate metrics and service level agreements with ITD or other service providers to ensure quality service levels.

The issue of how best to fund enterprise applications while ensuring quality service levels for agencies needs attention.

e.       Enterprise applications must be treated as mission critical infrastructure.

ITD had the foresight to create an enterprise set of shared services for the deployment of the Mass.Gov portal.   The use of shared services is beneficial because code is developed, tested, and deployed once.  This reduces the risk of application failures.

However, the various shared services must be tested thoroughly before going into production, especially when becoming part of the portal’s mission critical infrastructure.   Agencies count on ITD operations to test applications prior to launch, and then be able to support operations on a 24/7 basis.

The Department of Education’s Educator Licensure and Recruitment System (ELAR) project, one of the first to use the ePayments shared service, experienced the risk of launching without 24/7 support first hand.  This well publicized failure left the agency CIO cautious about participating as an early adopter of future enterprise initiatives.

The Department of Environmental Protection is experiencing delays in launching one of its portal initiatives because of delays in bringing the common authentication service online.

f.        Efforts to streamline business processes are in early stages, but off to a good start.

The Commonwealth has successfully identified and deployed applications to support enterprise functions.   The HR/CMS and MMARS applications are examples of an enterprise approach to common business processes.   In a recent ranking of states, Governing magazine stated that, “…Massachusetts has done well in implementing a state-of-the-art human resources information system….  Now the state can boast HR technology far beyond the capacity of many other states.”[24]

Of particular note is the cross-departmental and cross-jurisdictional history of the Comptroller’s Office.   The Comptroller has promoted collaboration and cooperation by active outreach through the PARTNERS program with the network of chief financial officers in the Commonwealth.   With the inception of the first centralized Massachusetts Management Accounting and Reporting System (MMARS), which formed the foundation for an enterprise approach to Commonwealth financials, followed by the Billing and Accounts Receivable System (BARS) and NewMMARS, the benefits of an enterprise approach to common business processes has become clear.

Once common financial reporting and accounting systems were established, other benefits were leveraged from this enterprise approach.  For example, the Comptroller’s Office is authorized to contract for contingent fee debt collection of previously uncollectible non-tax debt.  They have authority to intercept payments and have collected $26M on behalf of 60 state agencies through the use of an automated process that matches eligible payments due individuals and organizations, including income tax refunds, against delinquent debt owed to the Commonwealth. Since this intercept functionality is a fully integrated component of the State’s accounts receivable system, agencies used to have to be part of the Comptroller’s accounts receivable system to benefit.  Recently, the Comptroller developed a Web application that enables other agencies (e.g., Higher Education institutions) to participate.   The Comptroller received legislative approval in FY03 to expand these intercept services to cities and towns to help them collect their uncollectible debt, which is estimated to be approximately $500M.

During interviews, it became clear that agencies are increasingly looking for opportunities to streamline business processes across governmental boundaries.   The Department of Revenue and the Department of Employment and Training jointly developed a wage and tax reporting application for business tax filing.   This project was very successful and benefited both agencies.   The Office of Consumer Affairs is undertaking a collaborative effort within the secretariat to obtain a common licensing system.   The Department of Environmental Protection is also participating in this initiative.

The climate for collaboration is very good.  Peter Quinn, the current CIO, is seen by those interviewed as fostering a new culture of listening and responding to their needs. During the CIO Council focus group, agencies mentioned their desire to participate in joint pilots, to offer expertise (e.g., geographical information systems, licensing systems), share lessons learned (e.g., vendor negotiations), and work toward enterprise goals.


3.      Data Center

Current Environment

In the data center area, the IBM team focused on the degree to which the current data center infrastructure and practices position the Commonwealth to leverage synergies and enterprise economies of scale.

The benefits of a centralized, shared data center, such as leveraging investments to acquire state-of-the art architectures, reduce overall operating costs, and utilize specialized expertise effectively, have not been fully realized.


imageThe rationale for data center consolidation, as stated by data center managers and customers of ITD’s data center, include:

·         Resource sharing

·         Applications too small for a separate data center

·         Only need “enterprise applications”

·         Not enough skilled employees internally

·         Prefer to let someone else have the headaches


Reasons for not consolidating, as stated by “independent” data center managers and their customers, include:

·         Control of assets

·         Better, more responsive customer service

·         More recourse for poor service

·         Unique applications, technologies, skills, etc.

·         Less expensive services than from ITD

·         Application not accepted by ITD


 

While the scope of assessment for this report was limited to a few major data centers, it is likely that the conditions and practices in the data centers that were analyzed are repeated throughout the Commonwealth.  There are probably dozens of data centers in the Commonwealth, but that number is only an estimate.   No one we interviewed was able to provide a list of all of the data centers.

In the continuum of providing service, the Commonwealth’s data centers range from Basic to Complex (see illustration on next page).  However, even those that are providing complex services are doing so inconsistently.

While individual data centers may differ, and some may excel in one or more management areas, on an overall basis the data centers that support the Commonwealth’s data processing and information functions leave much to be desired.



image

In summary:

§         Facilities are adequate, and day-to-day operations are within acceptable norms.  Nevertheless, space utilization in facilities appears inefficient and wasteful.

§         Some equipment and technology is state-of-the-art and some is quite old and requires intensive and expensive maintenance.

§         Capacity planning is either non-existent or cursory.

§         Some data centers have serious shortfalls in key areas.   In contrast, some have “world-class” practices in one or more key areas.

4.      Key Observations

a.      Data center management and operational policies, practices, processes, and technologies are inconsistent throughout the Commonwealth.

The Commonwealth data center environment can be characterized in a single word:   inconsistent.   Each data center determines its own policies, practices, processes, and technologies.   A great deal of variation in equipment, such as server platform, tape storage, and disk storage was evident while touring the data centers.  Common technical reference models either do not exist or are not employed.

Reducing complexity in the operating environment is a key area of focus for the Commonwealth in order to reduce data center costs.  Furthermore, advanced technologies, such as storage area networks, cannot be effectively deployed in an environment with so much inconsistency.

Until an IT architecture with common technical reference models is defined, it will be impossible for the Commonwealth to bring order to the chaos. 

b.      The propagation of servers and data centers is costly.

Text Box: “It’s interesting to talk to CIOs at some of the major financial institutions.  A couple of years ago they didn’t have a good handle on how many servers they had around the world, and when they started counting, they found literally thousands of servers they didn’t know they had.”
-- Gary Little, General Partner
Morgenthaler Ventures

Source:  Bob Brown, “VC Zeroes in on Data Center Consolidation”, Network World Fusion, 13 Jun 2002.
The Massachusetts Information Technology Data Center (MITC) is a shared facility that houses a number of agency data centers.   The benefits of the current arrangement are limited to savings from shared facility management.  The space within the building is divided by tenant and therefore offers little opportunity for dynamic allocation of floor space.  A tour of two of the data centers within the facility revealed a stark contrast in resource allocation. Parts of the ITD data center are cramped for space while DOR’s data center floor space in the same building is vastly underutilized. 

Establishing ITD as an organization to offer shared data center services in a facility like MITC, and allocating space for agency platforms, is a good concept.   However, the migration of agency servers to ITD is incomplete, as many agencies continue to host their own applications in local data centers.

Another area contributing to the cost of multiple data centers lies in building costs.   The MITC Data Center is a state-owned, but privately operated building.   The UMass Data Center is in a state-owned and operated building, as are several other agency data centers.   Space in leased buildings has been outfitted for other data centers. Only one agency CIO questioned the expenditures in outfitting leased facilities with environmental and security controls.   And, there appeared to be no plans to move data centers from leased space to owned space.

More disturbing than the lack of a plan for defining and outfitting data centers is the admission that many servers can be found in locations without environmental or security controls.  Mission critical servers need to be located in data centers.   Failure to do so places the Commonwealth at risk.

 

By its nature, a shared data center is a concentrated and complex component of the IT environment.   It is a good starting point for reducing complexity in the operating environment to lower costs and improve availability.  Data center consolidation is a primary approach for achieving these goals.

c.       There is a lack of clarity around how hosting decisions are made.

Agencies are aware of ITD’s data center and discussed their efforts to host their servers there.   Three major barriers emerged:  ITD was more costly, took too long, or did not have the technical skills to support the requested environment.

The cost argument was dispelled by one agency:  the Registry of Motor Vehicles (RMV) relayed that migration of their mainframe to ITD was made under duress.  RMV freely admits to making claims that ITD service would prove too costly compared to continuing their own in-house operations.  RMV found that remote management of their mainframe hosted by ITD to be cost-effective and now advocates using ITD as a mainframe hosting provider. The RMV realized cost reductions in two key areas: 1) the ability to share the cost of mainframe software licenses and 2) the ability to use shared rather than dedicated operations staff. 

RMV also hosts other servers at ITD that they manage remotely.   Over time, this has proven cost effective, eliminating space planning for a data center from their list of technology concerns.   RMV reported that it was not unusual to move locations every 5 years or so.   The cost of relocating a data center was an agency budget item.  The interview team found other agencies with data centers in leased space.   Without an enterprise plan, the Commonwealth will continue to pay for short-term data center space in leased facilities. The cost argument needs closer scrutiny, as it seems likely that agencies are not using fully burdened costs when making comparisons to ITD.

UMass is an alternate provider of data center services.   The cost and quality of service were mentioned as reasons for selecting the UMass data center over the ITD data center.   However, one agency mentioned that moving servers from UMass to the agency data center was under consideration as a cost saving measure.

The lack of clarity regarding hosting decisions extends to the use of external service providers.   The decision to host the Mass.Gov State portal at Genuity was made by ITD.   Outsourcing appears to be an exception, considered only when the application is either highly specialized or requires technologies or expertise not available internally.  Outsourcing experience has been mostly favorable.   Shortfalls have resulted primarily from lack of consistent standards and from contracting deficiencies. 

In summary, some data centers serve a single agency and a single customer base.   Others serve multiple customer sets within the same agency.  Still others serve multiple sets of customers for several agencies.  Because of this seemingly systemic inconsistency, there is significant, unplanned and unmanaged overlap and redundancy in services, technologies, and functions. This redundancy is no doubt the result of having no consistent policy to determine which customers/agencies will be supported by what data center. 

d.      Managing technical staff and keeping skills current is a challenge. 

Many agencies reported no issues with recruitment and retention.  They lauded the Technical Pay Law for its foresight and latitude in dealing with issues unique to technology staff.

We did find some evidence that employees and employee skills may not be managed consistently in the Commonwealth.   Budget cuts were cited as affecting the ability to maintain expertise levels, as training and conference spending has been all but eliminated.

In some instances agencies reported employees are hired for a particular skill set, and receive no further training – any skill improvement is at their own expense.   In other organizations, training on a particular technology or tool will be provided when a need is identified.   While in another organization, employees are given continuous professional development opportunities and needed skill sets are identified and managed.

When data center managers were asked whether their employees are appropriately skilled, most managers replied affirmatively.  Their customers often have a different perception, however.   And, each data center manager perceived that their employees are more highly skilled than those in other data centers. 

e.        Disaster recovery and business continuity planning ranges from haphazard to world-class.

Business continuity is a key area of statewide standardization that holds substantial potential benefit.  However, because ITD does not host all the data centers in the state government, it cannot contract for business continuity services statewide. 

Of the data centers evaluated for this report, only the Department of Transitional Assistance has redundant off-site processing capacity in place and successfully tested.  Department of Transitional Assistance (DTA) runs its own data center, and provides its own strategic plan and business continuity plan for its network and data center.  These plans include:

·        A SunGard contract for data center recovery in Philadelphia.

·        A full mesh frame relay WAN directly from Verizon for network redundancy.

·        Network connections provisioned to SunGard, ITD, and Comdisco (ITD’s data center business continuity provider).

Each of these components of a business continuity plan is both necessary and very expensive, and each could be leveraged at a higher level to realize substantial savings—if there were enforceable statewide standards, policies, and processes for communications networks and other IT infrastructure.

All data centers should have some form of backup and off-site storage of critical data.   Most off-site data storage is within the same metropolitan area as the data center.   This proximity poses the risk that both the original data center and the off-site location will be subject to the same catastrophe.

f.        Planning a second data center may be premature.

Disaster tolerance is the ability to maintain ongoing productive operations even in the face of a catastrophe.  A second data center would improve disaster tolerance because it allows operations to rapidly shift to the second, redundant data center.

Improving disaster tolerance is on the minds of data center managers.   And, the IBM team was provided with a series of studies regarding the possibility of a second data center.

These plans are necessary, but in one sense premature:  planning a second data center for fail-over requires knowing the current state.  It seems clear that the Commonwealth does not know whether the applications in their data center facility are the most critical.   It is also clear that the Commonwealth does not have a complete picture of what it has (where servers are located, their configuration, their connectivity requirements, and their mission criticality).

It is clear that several data centers exist:   MITC and UMass being the two largest.  Other agency data centers also form part of the data center infrastructure.  It may be possible to leverage this pool of resources, rather than designing a new, second data center.

g.      Responsiveness and customer service at ITD leave much to be desired.

The smaller data centers with smaller customer sets under control of a single agency satisfy their customers to a greater degree than large multi-agency supporting data centers.   Common complaints from ITD customers, for example, include, “ they don’t know anything about customer service” or “customers aren’t important to them.”   One such complaint came from a customer who was otherwise happy with ITD services.

There can be many reasons for low customer satisfaction, but it usually can be traced to poor customer service.  This is often due to a lack of customer-centric management and no customer-related performance measures.

5.      Networks

Current Environment

In the network arena, the IT Strategy team focused on the degree to which the current infrastructure’s functionality, security, and interoperability facilitate agencies’ ability to work together effectively to meet the needs of citizens, businesses, and other state agencies.

The Commonwealth of Massachusetts does not have a unified telecommunications infrastructure to provide voice and data network access for Commonwealth employees and citizens.   Rather, there is a loose federation of several vertical wide area networks run by ITD and other state agencies interconnected horizontally by a backbone network provided by the Information Technology Division (ITD).   There are reported to be between 13 and 20 of these agency networks.

Each agency provides and manages its own infrastructure hardware, support, and management, some working in cooperation with ITD, others working independently.   While some agencies are investigating and piloting projects, voice and data networks are not integrated.

Providing a fast, secure single face of government to the citizens of the Commonwealth will require more consistency in network hardware, policies and management from the client to data center, especially as applications, data access, and information security become more complex and enterprise critical.  The Commonwealth will need an enterprise network design that is planned for optimal performance, monitoring, information access, and information security.

Key Observations

a.      There is no unified planning for voice and data networks, either operationally or strategically.

While much of the focus of this report has been on the consolidation of data networks between state agencies into a common statewide data network, there are also unrealized opportunities for unified planning of voice and data networks within state government.

The separation begins with the procurement process.  The Commonwealth procures network services, including data networks and voice networks, through separate blanket work orders that it has prepared and signed with various vendors.   The separate work orders reflect the organizational structure within ITD:  there are separate voice and data network groups reporting to the Director of Communication Services.

Verizon, the primary supplier of voice and data circuits to the Commonwealth, reported that ITD plays a very limited role in voice networks, basically just establishing and managing the blanket work order for voice networks.  While Verizon offers strategic planning services to plan for the operational and strategic consolidation of voice and data networks, the Commonwealth has not taken advantage of these services.

This lack of planning is true across the Commonwealth.  Only one agency that we interviewed, the Department of Employment and Training (DET), had clearly identified the costs and lost business opportunities of separate voice and data networks, and had taken first steps toward a unified strategic plan for its voice and data networks.

b.      The Commonwealth needs to capitalize on the opportunities and models it already has to leverage network infrastructure.

While our review uncovered many problems in the areas of communication, infrastructure, architecture, and direction, resulting in lost opportunities, duplicated efforts, and wasted budget dollars, there are already models within Massachusetts state government that point to future opportunities for sharing network infrastructure across the enterprise.

Construction in April 1997 marked the start of The Massachusetts Information Turnpike Initiative (MITI) high-speed backbone.  The dark fiber installed along the Massachusetts Turnpike is available for shared use by the State (ITD) and the University of Massachusetts (UMass).  The university lights the fiber at OC-192, which provides 10 GB of bandwidth, serving as the backbone between UMass campuses and between community colleges in Massachusetts, and also provides video teleconferencing.   UMass won the community college services by competing and winning an open, competitive RFP to provide Internet access for community colleges, and provides “very stable” service.

UMass also provides Internet services to the Massachusetts Public Library consortium and limited state agency regional office connectivity.  With all these services already traveling on their backbone, UMass believes they have plenty of capacity to serve as a backbone statewide.

Another shared network infrastructure initiative was the Massachusetts Corporation for Educational Technology (MCET), a quasi-public authority that was chartered in August 1999 to implement a self-supporting statewide education network.   The goal of MCET was to aggregate network services for 1,800 school sites and provide network services at lower flat rates statewide.

Schools were not mandated to use MCET services, so MCET marketed against third-party service offerings and prices to connect 120 school sites by fall 2000, with 250 to 300 candidate schools in the pipeline.  However, when the telecom industry bubble burst, and the DSL company providing most of the WAN links went bankrupt in January 2001, MCET negotiated with Verizon to switch all schools in the MCET network to Verizon service by June 2001.

These partial successes serve as models that demonstrate the benefits of working together to consolidate networks, data centers, and services.   As one interviewee said, “Just because we can build our own silo doesn’t mean we should build our own silo.”   Agencies would benefit from shared experiences in areas where other agencies have successfully mastered a problem, policy, or process.

c.       There is duplication of people, policies, processes, and assets within the network infrastructure.

ITD provides the MAGNET wide area network, which serves as a backbone between the 13 to 20 different agency WANs.  ITD runs a data center providing floor and rack space, environmental controls, tape backup, system administration and monitoring, database administration, network and security, and backup and recovery.   Even though this sounds like the basis for a consolidated central information service, too often agency boundaries and requirements result in the duplication of people, policies, processes, and infrastructures.

For example, the Department of Revenue (DOR) has a complete parallel infrastructure to ITD:


·        Network

·        Data center

·        Security

·        Network monitoring


While state and federal law and regulatory mandates do not specifically require a separate network, DOR has built a separate network as its best effort to meet legal and mandatory requirements.  DOR meets its strict network and data security requirements on its own because it claims that ITD cannot.

However well this environment may appear to work for DOR (and even for ITD), it results in the misallocation of resources at the enterprise level.  At another agency, network support staff consists of nine network engineers (three in Boston, six in the field statewide) and four Help Desk staff in Boston.  Staff that is dedicated to one agency, its skills, tools, and regional field support, cannot be leveraged by other agencies.

As another example, one agency bought its own voice network switch in a building where ITD already owned a switch with sufficient capacity to serve both agencies, even after ITD had documented available capacity and over $30,000/year savings from sharing the existing switch.   While ITD documented the savings, their span of control did not extend to requiring that the other agency use the shared switch to realize the cost savings.

It is clear that some savings can be achieved through leveraging shared infrastructure and aggregating demand.

d.      Rigorous management processes exist and should be used.

The Department of Public Health (DPH) change management process provides an example of a duplicate process.  ITD would sometimes make network router changes on the fly during the day, which would occasionally cause DPH network-user downtime.   DPH developed and thoroughly documented an infrastructure change management process and implemented it as a simple Web application that all DPH network and key business staff can access to approve or disapprove network changes.

DPH required ITD to use the DPH Infrastructure Change Management system for changes to the DPH network.   ITD agreed, and uses the system for DPH network changes.  However, when DPH offered the system to ITD for use statewide, ITD declined.

e.       Service level agreements and enterprise monitoring tools are missing, resulting in “finger pointing”.

The difficulty of monitoring and troubleshooting communications network problems increases exponentially as the number of separate interconnecting networks increases.

This problem stood out very clearly in every interview with every agency.  It is a long-established axiom of networking that fingers point in both directions at every line of demarcation between networks.  The owner of each connecting network (whether state agency, ITD, Verizon, or other third-party) is certain that their network is optimally configured, administered, and supported so that it is providing optimal connectivity for its customers.  And each owner may well be right within the boundaries of his own network.

But networks interconnect, and since each network is optimally configured, administered, and supported, it only follows that troubleshooting network problems must begin with the other fellow’s network, not one’s own.  And, thus, the finger-pointing begins.

While this axiom still holds true when a third-party such as Verizon provides wide area network (WAN) connections between remote locations, the negative effects of finger pointing in this relationship are reduced by service level agreements, enterprise-level industry-standard monitoring tools and policies, and (usually) well-trained support staff specializing in WAN connectivity.

However, when the network interconnects are between agencies, or between agencies and ITD, these ameliorating effects are not always in place.   ITD does not provide service level agreements for its services or agency monitoring tools.   Their skills in deploying them vary widely, and often overworked and under-trained agency staff may not be WAN specialists capable of using the tools to quickly and accurately troubleshoot network problems, resulting in (of course) increased finger pointing.

f.        Despite its shortcomings, the network does work.

While the communications network architecture may not be planned or pretty, it works.   None of the interviewees mentioned that the performance or reliability of their network, from the client out to the enterprise out to the Internet, was an ongoing problem.  While our interviews uncovered many problems in the areas of communication, infrastructure, architecture, and direction, resulting in lost opportunities, duplicated efforts, and wasted budget dollars, the network users in the state government of Massachusetts are still getting good network connectivity.

This is not always the case in enterprises of this size, so this is a signal success.   No interviewee volunteered that user satisfaction with the network was a problem, and since users are never shy about voicing that complaint if it exists, this is a good indicator that network connectivity is not a major problem for the state agency network users.  And when directly questioned about user satisfaction with the network, interviewees said that technical problems with the networks were not the driving force behind this report.

This positive finding offers a solid platform of success to build on for the future.   However, it also raises a flag of caution for attempts to consolidate networks as a result of this study.  Some interviewees said that they would not be willing to give up their stand-alone network to participate in a consolidated statewide network precisely because their present network is so reliable.

g.      The state network architecture is a barrier, not a conduit, for data access.

The multiple agency networks (between 13 and 20 depending on who is counting) connecting to the ITD MAGNET wide area network means multiple firewalls are needed to protect both sides of most connections.  Besides being an expensive duplication of hardware, software, policy-making, configuration, support and monitoring, the multiple interconnects and firewalls make the network architecture a barrier to data access, not a conduit for data access.

It also makes implementing standard firewall policies difficult.  Since there is a lack of awareness and compliance with ITD policies, there is no standard firewall software, and there is no consistency in the staff that is implementing the policies.

h.      The cumulative cost of disjointed networks is substantial.

The interview process revealed several areas of hidden costs that Massachusetts pays by maintaining the MAGNET wide area network and the many different agency networks.   While we have discussed some of these costs elsewhere, it is instructive to list them in one place to see the cumulative impact of the hidden costs, and realize the potential for dollar savings and service improvements to be gained by addressing them:

·        Application vs. Network Accusations:   A variant on the finger pointing that occurs between networks, this makes troubleshooting problems of Web-based applications that depend on the network very difficult to trace to either the network or the application, leading to finger pointing between the network staff and the application developers.   This results in more application downtime, leading to unwanted cost.

·        Cost of Application Downtime:   When networks do not cooperate and network monitoring does not reach end to end, troubleshooting is difficult and slow, applications are not accessible, and there are costs associated with application downtime.

·        Non-Technical People in Agencies Making Technical Decisions:  Agency staff who want to focus on the business often have to focus on the technology that helps them transact their business.

·        Lack of Standards and Enforcement:   No one is in charge, and the rules are undocumented or unenforceable.

·        No Strategic Planning:   With no road map for moving forward strategically, it is easy to get lost in the day-to-day tactical changes.  Unplanned network hardware upgrades, security policy changes, and infrastructure configuration changes may break interconnected networks that used to work, and with no strategic roadmap, resolving the tactical disconnects to get back to where things worked may require more than just a single fix, and may prove to be impossible. 

·        “Flavor of the Month” Technology:   This greatly increases the potential for non-standard and incompatible hardware and software with no migration path.

·        Loss of Economy of Scale on Equipment and Services Purchase:  If everybody is buying their own hardware and services, the single unit costs to a single agency are higher than multi-unit costs shared across all departments.

i.        Limited ITD span of control results in the duplication of processes and tasks.

This duplication results in the inefficient use of resources as agencies build duplicate, parallel teams, processes and policies.   ITD staff expressed their frustration at being unable to extend their “sphere of influence” to achieve statewide standardization of the communications network.

Both ITD and other agencies talked about the need for a CIO with authority to enforce statewide standards, policies, and processes for communications networks and other IT infrastructure.

6.      Commission Considerations

§         What governance structure can be put in place in order for the Commonwealth to manage infrastructure growth that includes leveraging existing investments and striking the appropriate balance between centralized and decentralized operations of networks and data centers?

§         What changes are needed to ensure that procurements and contracts are consistent with enterprise goals and objectives?

§         How does the Commission define the IT enterprise and identify key stakeholders, recognizing that stakeholders are not just internal, but span disciplines, jurisdictions, and branches of government for policy and oversight?

§         How can “total cost of ownership” or other consistent methods be used to account for fully burdened IT costs to accurately compare shared services versus local implementation costs?

§         Should the Commonwealth establish enterprise project management and quality assurance methodologies?  What role should ITD have regarding monitoring project quality of agency applications?

§         How does the Commonwealth promote and synchronize collaboration across jurisdictions and levels of government on continuity of operations plans (COOP), business continuity plans (BCP), and disaster recovery plans?

§         How can the Commonwealth facilitate public-private relationships that will help identify the best solutions for secure data center operations and business continuity?

§         What incentives can be established to foster cross-agency collaboration and enterprise approaches?

§         Should service level metrics include the ability to withhold funding from one part of government to another?



F.      Security (Omitted)

This section has been removed; it is not available for public distribution.


G.    Partnerships: Promoting Digital Readiness and Economic Development

1.      Overview

The combination of an economic slowdown and the aftershock of September 11th have created historic budget shortfalls. At the same time, citizens, businesses and employees want their government to be as responsive, dependable, and efficient as other modern organizations. For the Commonwealth of Massachusetts to meet the demands of new service level requirements in a time of fiscal restraint requires new thinking and new approaches if it is going to provide more assistance to citizens at less cost. 

As both a provider and consumer of government services, the private sector offers a useful and unique perspective to managing IT and preparing government to meet its public-purpose mandates in the New Economy.  Whether it is assisting with the deployment of government services, providing infrastructure for economic development, or thought leadership, the private sector is a resource that should be leveraged.

This section focuses on three key areas where the IT Commission should explore enterprise opportunities through public / private partnerships:

§         Addressing “Digital Readiness”

§         Promoting Economic Development

§         Forming Strategic Alliances for the Delivery of Enterprise IT Services. 

2.      Addressing “Digital Readiness”

“Digital readiness” is becoming critically important as Mass.Gov gains momentum and more government services are moved to the Internet.  Access to technology is a must for citizens to log on to services and for private sector firms to compete in the new economy.   As both government and the commercial sector grapple with how to transform their economic and civic lives to the digital age, robust interaction between private and public sectors will be critical for the future.

a.      Even with successes such as Berkshire Connect, access to high-speed connectivity in all regions of the Commonwealth remains a challenge.

Economic growth and development relies increasingly upon access to technologically sophisticated and competitively priced telecommunications infrastructure. Every sector of the Massachusetts innovation economy now utilizes the World Wide Web, whether it is the computerization of traditional business practices or conducting e-commerce. Access to the Internet is essential to remain competitive on a local, national and, increasingly, a global scale. Nevertheless, some regions within Massachusetts suffer a competitive disadvantage in their ability to access the level of telecommunications infrastructure needed by technology-related industries that collectively represent the most significant growth opportunities in the Massachusetts’s economy.

High-speed “broad-band” access is viewed as not only important but essential to the successful utilization of the Internet.  Promoting the deployment of competitive, broadband services throughout Massachusetts, in order to support economic development throughout the State, has become a priority that has been gaining momentum.   A great deal of progress has been made in recent years, providing needed Internet services to residents of every community in Massachusetts, and creating a robust infrastructure and supportive business climate for the Massachusetts’s firms that develop and sell Internet-related products.

A couple of successful initiatives are underway to address connectivity in Massachusetts.  Berkshire County is home to roughly 135,000 people on the far-western edge of Massachusetts.   Known for its scenic beauty and cultural institutions, Berkshire County found its community facing the new economy with mediocre communication infrastructure and perceived itself as disadvantaged to be competitive.  Berkshire Connect launched a major initiative in 1997 focused on the “aggregation of demand,” to bring more affordable high-speed connectivity for small to medium-sized firms.   The effort has been a national model for connectivity initiatives for rural communities.[25]

MassBroadband, led by the Massachusetts Technology Collaborative (MTC), is building on the successes of Berkshire Connect to promote the deployment of competitive, broadband services throughout Massachusetts.  MTC played a leadership role in the formation of Berkshire Connect. With its success, MTC moved on to Franklin-Hampshire-Hampden counties and collaborations in other regions of the Commonwealth. Each project is designed to stimulate competitive deployment of advanced telecommunications services.[26] Started in partnership with the Massachusetts Software and Internet Council, the objective of the MassBroadband initiative is to promote connectivity in order to support economic development throughout the State, so that regions and communities within Massachusetts, that cannot obtain competitive broadband services, do not find themselves at a disadvantage, economically, socially, and educationally.

Just as state governments focus investments on transportation and other infrastructure improvements vital to economic development, the Commonwealth must effectively address the “digital divide” by facilitating improved access to affordable broadband options. This solution will require an aggressive partnership between both the public and private sectors.

3.      Promoting Economic Development

The Commonwealth, in general, is widely recognized as a global leader in technology and knowledge-based industries. Nevertheless, each of the seven economic development regions, as defined by the Department of Economic Development, has its unique challenges and opportunities.  In meeting its public purpose charter, creating a business-friendly environment in which to assist firms to start, relocate or expand their enterprises throughout the Commonwealth, appears to be a top priority.   This business-friendly environment can be accomplished in two ways.  First, by having a world-class technology infrastructure in place, which is critical to recruiting firms of all sizes. Second, by having government at all levels use technology effectively to improve the delivery of government services, which can be an effective tool in promoting and expanding jobs and new investments in the Commonwealth.

a.      Massachusetts has developed a comprehensive strategic framework for long-term economic prosperity in the Commonwealth.

The development of a strategic framework for long-term economic prosperity places the Commonwealth in a position of national leadership in addressing economic competitiveness in today’s economy.   The report, Toward a New Prosperity, assesses the profound economic transition the Massachusetts’s economy has experienced over the past ten years to a “New Economy.”[27]  The three-part report presents a strategic framework by highlighting competitive imperatives that must be addressed to promote a healthy debate around the Commonwealth’s economic future.

b.      MassConnect is a positive step forward in coordinating public and private resources towards economic development from an enterprise perspective.

Massachusetts has a wealth of economic development organizations, services, and information resources located throughout the Commonwealth, yet these resources are often difficult to identify, access, and navigate. The Massachusetts Technology Collaborative and the Department of Economic Development (DED) are working together to coordinate economic development resources using Web-enabled technology. The initiative, currently identified as MassConnect, will introduce a new Web platform that will enable citizens, companies, and organizations to access economic development resources more effectively within the Commonwealth.   Leveraging private sector resources, MassConnect will provide the business community with “one-stop access” to all of the tools needed to help businesses grow and prosper.  Through the sponsorship of the DED, this portal will serve as a gateway to the services, programs, data, and information related to Massachusetts’s economic development.

Through a customer-centric approach, MassConnect will bring together the breadth and depth of the Commonwealth’s resources in one place. Simple, cross-organizational navigation and a robust search function will make it easy to find the right resources, whatever the size or type of business. 

The MassConnect project is divided into three phases:

·        Significantly improve interim online services and presence by launching a customer-driven web site, adding intention-based functionality.

·        Full integration with Mass.Gov portal by providing an “Economic Development Channel” in order to maximize the economic development presence on Mass.Gov.

·        Develop private/public online economic development resources linking private and public resources, enhancing public/private partnerships through the Mass.Gov “Business Virtual Agency” and creating a shared Economic Development Network.

MassConnect has the potential to provide businesses in Massachusetts with access to Web-enabled tools that can help them succeed. This online information portal will provide a single point of entry to all of the State’s business-related services, programs, and information. This critical initiative will involve an ongoing dialogue between DED and its many constituents: the business community, the Legislature, other state agencies, the media, and the general public.

c.       To present a single face of government, the Commonwealth’s definition of enterprise must extend to include cities and towns.

In building public-public partnerships, state government must include local government in seeking to maximize efficiencies, capitalize on synergies, and leverage economies of scale.   The Commonwealth has already made several inroads in this area with regard to public-public partnerships:

·        Cities and towns can purchase goods and services using state procurement contracts.

·        The Comptroller’s Office offers services to municipal tax collectors and comptrollers.  For example, the Comptroller built a VendorWeb application to facilitate vendors’ ability to reconcile electronic fund transfer payments received from state agencies.  A similar front-end was developed for use by cities and towns.   The Comptroller’s MASSfinance homepage (http://www.massfinance.state.ma.us) has tailored its CommonCents section to include a Cities and Towns category.  Now, municipalities can view all Commonwealth payments made to every city and town in the Commonwealth, at transaction-level detail.   The line item detail provided now makes it practical for cities and towns to accept electronic funds transfers (EFT) rather than individual checks.   (It costs .05 cents per EFT rather than .50 cents per check to process.)   The improved presentation of information in these applications also assists state agency employees in answering questions from vendors and municipalities.

·        In 2003, the Comptroller plans to assist cities and towns in reducing their uncollected debt.

·        ITD’s Mass.Gov office is currently working with select communities within the I-495 corridor who will serve as demonstration sites for the creation of new online municipal services.   As part of this initiative, a Web-based application will be developed which will focus on municipal services pertaining to land use regulation and permitting, community development and growth management.

While this progress is noteworthy, there are still areas where a “single face” of government remains elusive.  Interviewees reported one particularly frustrating area for citizens is the inability to pay for civil infractions (parking tickets) when renewing a vehicle registration or license. 

4.      Forming Strategic Alliances for the Delivery of Enterprise IT Services

State and local governments around the country are increasing their partnership with the private sector to improve efficiency, acquire expertise, and ease the financial burden of increased responsibilities.  According to Gartner, “They (the private sector) are becoming more flexible in establishing strategic alliances for longer time periods to benefit from continuing technical and managerial assistance. The availability of this expertise often has value beyond original product and service specification.”[28]image

a.      Current legal framework and existing culture limits private sector outsourcing.

There is limited outsourcing of government IT services currently underway in the Commonwealth due to the existing legal framework and culture of ITD or agencies to “insource versus outsource” most enterprise IT services. Outsourcing of government services has been debated aggressively in recent years. Any type of sourcing with the private sector needs to take into account the total cost of the delivery of the services, service level agreements, and management oversight that protects the Commonwealth. The benefit of private sector outsourcing should be optimal when a particular service or function is determined not to be a core business competency, and the government organization has a low ability to execute the service or function successfully.

5.      Commission Considerations

The IBM team offers the following thoughts for the Commission’s consideration regarding public/private partnerships:

§         What role can the private sector play in promoting “digital readiness” throughout the Commonwealth?

§         How can the Commission benefit from private sector thought leadership in streamlining and improving government service?

§         How can the private sector assist the Commonwealth in bringing investments and jobs to Massachusetts?

§         What should the Commonwealth’s position be in utilizing private sector firms for the delivery of enterprise IT services?

 


Back to Top

Commission Recommendations



A.

    
Introduction

For the IT Commission to be effective, it is critical that the process of performing the “as is” assessment and best practice research culminate in a final report that prescribes solutions, not just describes problems.   The “as is” assessment process gave the IT Commission an understanding of the challenges facing the Commonwealth.   The best practices research brought forward a number of innovative ideas for consideration.   Both discovery processes served as a “level setting” for Commission members to make meaningful and realistic recommendations that can be implemented.   This section of the report sets forth those recommendations.

The IT Commission met six times from November 2002 through February 2003.[29]  IT Commission members’ recommendations were informed by IBM’s “as is” observations, by facilitated visioning sessions, and by volumes of best practice research.  The non-profit Center for Excellence in Government sponsored a daylong roundtable discussion with former government CIOs, to provide an opportunity for Commission members to dialogue directly with practitioners about governance structures and management practices that have worked successfully in state government environments, and about lessons learned.   These practitioners were unanimous in their praise of Massachusetts for the inclusive, enterprise IT framework being pursued by the Commonwealth, and for the active involvement of Commission members from all branches of government, as well as the private sector.  The Commission was diligent in looking beyond the performance of peer states, to leading industry practices in the private sector.   The Commission was mindful that all private sector best practices cannot be translated exactly into the public sector, largely because of dissimilarities in public sector organizational governance models.   IT Commission meeting presentation materials and minutes are available on the IT Commission’s web site:   www.mass.gov/itcommission.

The outcomes from the Commission’s deliberations are presented here as recommendations for achieving an enterprise IT environment across all branches and levels of government, to the extent permitted by the Massachusetts Constitution.   These recommendations are categorized to align with the IBM team’s “as is” observations.   The Commission’s recommendations on Commonwealth security have been removed from this document and provided to the Commonwealth under separate cover.   These recommendations are not available for public distribution.



B.     Governance

Massachusetts will require a truly collaborative, government-wide IT enterprise to realize the full capacity for IT investments to achieve high quality, seamless delivery of services for the Commonwealth’s citizens and businesses.   The IT Commission adopted the following statement as representative of members’ views on the appropriate scope of the enterprise, and the necessity to work to transcend existing governmental barriers:

“Opportunities for taxpayer savings, expanded public services, and improved efficiency in the public sector, through IT reform, require us to go beyond traditional boundaries.   Enterprise IT reform in Massachusetts, to the extent appropriate, should encompass all three branches of state government, state agencies, state authorities, cities and towns, and the Commonwealth’s university and research community.”[30]

In recent years, many states have begun to recognize that traditional models for administering and delivering IT services are inadequate for addressing the cross-jurisdictional nature of an effective IT enterprise.  Budget shortfalls; constituent demands for faster, better, cheaper services; and post 9-11 pressures to meet new   security standards have rendered traditional approaches to IT governance ineffective.   Additionally, the pressures to utilize technology to meet new and emerging priorities in government only heighten the need for IT governance reform.

Instead of debating centralized versus decentralized authority and services, today’s cross-jurisdictional IT enterprise demands a more federated approach to governance, one that has a unified strategy guiding:

o       Common investments in enterprise infrastructure and resources;

o       Enterprise policies, standards, architecture, and a management control framework that achieve interoperability, data and system integrity, security, and availability objectives; and

o       Shared services founded on innovations in common business processes. 

In a federated model, the utility functions of IT are managed centrally, but agencies continue to play a lead role in applying IT to improve business solutions through developing new business systems or reengineering business processes.   For the federated approach to work, it is critical that key decision makers contribute directly to the development of a unifying framework, which synergistically links strategy, policy, and operations across entities in the enterprise.   It is also important that the federated approach leverages existing assets, resources, and programs, and that it expands and replicates them as “centers of excellence” throughout the Commonwealth.

IT governance has a pervasive effect on the success of IT initiatives and operations throughout the enterprise.   During its deliberations, the Commission discovered that it could not single out a topic for discussion, whether it was infrastructure or economic development, without the conversation turning first to the subject of governance.  This discovery reinforces the “as is” observation that Massachusetts has a weak IT governance structure.   The Commission is committed to strengthening this structure, and empowering a newly created Office of the CIO with the authority necessary to succeed in managing the breadth of its responsibilities.   The Commission recommends an IT governance structure appropriate to the cross-jurisdictional nature of the enterprise, one that will enable technology to transcend traditional boundaries to transform the business of government, and facilitate collaboration and strategic direction setting among key stakeholder groups.

States that are in the forefront of implementing an enterprise IT framework have achieved varying degrees of success in extending IT governance authority beyond the executive branch.   Many are attempting to manage across boundaries through enterprise planning, enterprise architecture and policies, and budgetary and program management oversight of IT projects.  Most of these states are mandating cooperation within the executive branch, and offering to provide IT services and expertise to the Legislature, Judiciary, and local governments on a voluntary basis.   The Gartner Group confirms that, “…without some level of enterprise IT governance, governments operate agency technology ‘stovepipes’, with each department or agency implementing its own channels, Web pages, applications and supporting infrastructure – diverting resources away from agencies’ central missions.”[31]  Few states, if any, are as committed as Massachusetts to partnering with all branches and levels of government to establish a fully operational IT enterprise.

Text Box: “In the government of this commonwealth, the legislative department shall never exercise the executive and judicial powers, or either of them: the executive shall never exercise the legislative and judicial powers, or either of them: the judicial shall never exercise the legislative and executive powers, or either of them: to the end it may be a government of laws and not of men.”

Source:  Massachusetts Declaration of Rights, Article 30.
Still, the Commission recognizes that the Massachusetts Constitution, including its separation of powers provision, limits the extent to which any branch of government or agency may exert control over, or set IT policy for, another branch of government.   Nevertheless, members believe that, consistent with the Constitution, considerable latitude exists for cooperation and coordination of IT services, practices, standards and policies affecting all branches and levels of government within the Commonwealth.  For example, there would appear to be no constitutional impediment to any branch participating voluntarily in the sharing of data processing facilities and services offered or managed by another branch, or to any branch or agency functioning in a strictly service capacity for another branch.  The recommendations in this report concerning “enterprise-wide” IT are all subject to, and should not be implemented except in accordance with, these constitutional requirements.  Commission members hope that, to the extent, if any, that the Constitution may prohibit centralization of authority over enterprise-wide IT as envisioned by these recommendations, all branches of government will recognize the benefits of adopting the same practices, standards, and policies as recommended in this report, and that they voluntarily will work with each other to realize the goals of a secure and integrated IT environment as envisioned by this report.           

The evolution of technology has created two differentiating perspectives on the role of IT in state government operations:  IT services as a utility, and IT applications necessary and specific to managing internal business operations.  In the Commission’s opinion, it is the first category, the view of IT as a utility, which offers the greatest promise for cooperation and collaboration across branches and levels of government.   It is also the area of greater, more immediate potential cost savings for the Commonwealth.  Significant advantages accrue by implementing an enterprise approach to the second category of IT, also, although governance becomes a more challenging issue in a federated model that balances stakeholder needs across the enterprise.  Also, the Massachusetts Constitution limits the extent to which any branch of government or agency may exert control over, or set IT policy for, another branch of government.  However, an Office of the CIO that can establish an IT governance framework to successfully promulgate architecture and policies, share expertise in technology and program management, assist entities in developing common solutions, facilitate access to federal and state resources for local governments, and respond to customer feedback may convince stakeholders of the value of joining in a shared IT governance structure.  An IT governance structure, established in partnership with all branches and levels of government, would put Massachusetts at the forefront of state efforts nationally to achieve an enterprise IT framework, and create a seamless service interface for Massachusetts citizens and businesses who require access to government services.

The Commission recognizes that the traditional description of the state CIO as simply a manager of IT services is no longer apt.  To be effective, today’s government CIO must perform a political and policy role.  The growing complexities of operating in an enterprise environment require political leadership and personal skills that can transition comfortably between the business and technology worlds in government.   There seems to be a consensus building among experts about the changing nature of the CIO’s role.  According to Gartner, the key attributes of an ideal CIO are:

o       Understanding the business issues of the enterprise;

o       Translating between the business needs and technology solutions; and

o       Offering strong leadership in the areas of business and technology.[32]

Government Technology magazine notes that governors are increasingly seeking “…CIOs who bring executive leadership, a future orientation and political acumen to the act of governing through technology,” and suggest that the CIO is a “catalyst and collaborator in chief.”[33]

Ultimately, “…the success of the CIO depends less on talent than on the parameters of the position and the level of authority that is granted.”[34]  States are reconsidering the most appropriate role for CIOs to perform, and experts disagree on whether or not that role should include both operations and policy.   For example, Georgia, Virginia, and Washington have combined responsibility for both “thinking and doing” in their CIO positions, while California and Arizona restrict their CIOs to strategy and oversight functions only.  The 2001 survey of states by the Center for Digital Government produced the following information about state CIOs:

o       54% have cabinet level authority;

o       74% have responsibility for infrastructure and operations;

o       68% have responsibility for project management; and

o       84% have policy-setting authority, with 72% of them working in conjunction with a board or commission.[35]

The National Association of State CIOs (NASCIO) reports that 38% of state CIOs have enterprise IT budget approval authority, and 72% have some level of IT procurement approval across state agencies.[36]

The IT Commission believes strongly that the Commonwealth CIO should be responsible for both IT operations and strategy, for the following reasons:

o       Strengthens the implementation and enforcement of IT strategies and policies;

o       Improves the development of pragmatic, implementable policies;

o       Fosters continuous improvement through feedback on the practical application of IT policies;

o       Identifies operational needs for additional policy and direction; and

o       Encourages comprehensive legislative consideration and decision-making on IT strategy and operations.

Today, every state has a CIO position, and the trend among states has been that the CIO is a commissioner, a secretary, or a cabinet official.[37]  “The turnover rate among state CIOs during the past four years has been high – more than 40 per cent a year.”[38]   2003 will be no exception as new governors force the departures of some CIOs.  These departing CIOs are, “…vacating key positions that would otherwise set the long-term strategic focus of technology implementation and foster cooperation across the enterprise.”[39]  Gartner believes that, “…the lack of continuity in the chief strategic technology leader may hamper the momentum and focus on critical issues such as effective governance, enterprise architecture and business process coordination.”[40]  Of course, effective governance, enterprise architecture, and business process coordination are key to the success of enterprise IT management.  The Commonwealth can insulate itself from the impact of turnover in the CIO position by developing and adhering to technology strategies, equipping organizations with the tools and governance frameworks needed to resolve critical issues over the long term, and creating incentives for greater intergovernmental cooperation in technology planning.[41] 

According to the Center for Digital Government, the more of the following elements that are incorporated into a state CIO’s role, the stronger the state’s IT governance structure will be:

o       Works with a state IT Board;

o       Has policy setting authority;

o       Has cabinet-level authority;

o       Is responsible for operations; and

o       Is responsible for enterprise IT project management.

Thirty percent of state CIO positions include all five characteristics, and an additional 30% have four of the five factors.  A strong CIO position, as defined by these elements, seems to correlate with states’ top rankings nationally in various performance surveys.[42]   Increasingly, states are recognizing the importance of IT support functions, such as fiduciary responsibility, procurement approval, project management oversight, technical assistance, and training to achieving the business goals of the enterprise, and are giving CIOs more direct authority in these areas.  However, it is critical that the Commonwealth establish clear accountability among the Office of the CIO, central control agencies, and line agencies for the performance of these support functions.   For functions that continue to reside at the agency level, the Office of the CIO can assist in developing effective management control practices.

Recommendations

The Commission, after considering the results of the “As Is” Assessment, examining best practices, consulting with practitioners, and subject to any constitutional constraints, recommends that the Commonwealth implement the following seven actions for strengthening IT governance in Massachusetts.

a.       Elevate the role of the Office of CIO for the Commonwealth and expand its scope to better manage both IT policy and operations for the enterprise.

The Commission recommends that the Commonwealth establish a new Office of the CIO, which will be broader in scope than the current Information Technology Division (ITD).   The role of the CIO should be elevated to ensure that the CIO has the visible authority and support necessary to be successful in managing the full scope of the position’s responsibilities because, as Gartner cautions, “public sector organizations in which the CIO does not fully participate in setting the policy/business agenda of the enterprise will waste technology resources because they are not aligned with the policy agenda of the enterprise.[43]  The Commission recognizes that the Office of the CIO will require additional resources, or time to reallocate among existing resources, to achieve the organizational readiness necessary for realizing the Commission’s vision for this new Office of the CIO, as discussed below and throughout the report’s recommendations. 

Currently, the CIO is the Assistant Secretary for Information Technology within the Executive Office for Administration and Finance, and reports to the Secretary.   The Commission recommends formalizing this title as “Commonwealth Chief Information Officer.”   The Commission understands that it is the intent of the Romney Administration to maintain the CIO position subordinate to the Secretary of Administration and Finance, but with increased visibility among cabinet members.  The Commission recommends monitoring this placement for success and effectiveness so that, in the long term, consideration may be given to elevating the position of Commonwealth CIO to a cabinet-level position.   Elevating this position will ensure that IT governance will have a permanence and prominence in state government that will last beyond the tenure of the current Administration.  The IT Governance Institute advises that, “…the CIO should have the clout or influence to make these steps happen, wielding a position of authority in the organization and holding the power to say ‘no’.   While currently only one in five CIOs report to the CEO, that situation is gradually changing.”[44]

Information is an important asset for the Commonwealth, and a state resource.  The CIO is as important to the management of government operations as any other asset manager (e.g., the chief financial officer).  No business today can function without its information systems, for which IT investment, service demands, and risk levels are significant, and merit leadership attention.  All government leaders require information to manage their businesses, and the information that is captured, stored, and provided by technology must be relevant and reliable, secure, and available when needed.   The CIO is most valuable to these colleagues when he or she is a participant in discussions surrounding enterprise business decisions.   If the CIO does not participate, he or she is relegated to the role of technologist.  IT must be considered a partner with the business, instead of a service supplier, for an organization to achieve strategy integration.[45]  Synergies develop among an organization’s management team when business discussions occur in a collaborative manner, at a co-equal level.

The Commonwealth’s Office of the Comptroller may provide an instructive model for elevating the role of the Commonwealth CIO while achieving an apolitical and cross-jurisdictional governance environment.  In Massachusetts, the Comptroller is appointed by the Governor for a term concurrent with the Governor’s term, and “…selected without regard to political affiliation and solely on the basis of integrity and demonstrated ability….” and may be removed for “….neglect of duty, misconduct, or conviction of a crime.”[46]  The Comptroller is supported by an Advisory Board consisting of, “…the attorney general, the treasurer, the commissioner of administration who shall be the chairman, the auditor, the chief administrative justice of the trial court, and two persons who have experience in accounting, management, or public finance who shall be appointed by the governor….” and the Board “…shall be responsible for reviewing any rules or regulations promulgated by the comptroller prior to their implementation.”[47]

To be effective, the Commonwealth CIO must develop a cooperative framework that balances the interests of individual agencies and the enterprise, implements standards and centralization of specified services, and translates technology benefits into business benefits.[48]

The Commission recommends that the Commonwealth CIO continue to be responsible for both IT policy and operations.  The new Office of the CIO will perform a central service provider role, and should be strengthened and expanded to include functions that were excluded previously or had insufficient resources dedicated to them.   Government Technology magazine states that the trend is to include Chief Security Officers and Chief Technology Officers within the Office of the CIO.[49]

As a minimum, the Office of the CIO should have management responsibility for the following areas:

·        Policy, including

o       Architecture/Standards

o       Strategic Planning

o       Policy Development, including

§         Security/Privacy

§         Risk Assessment and Risk Management

§         System Development

§         Business Continuity Planning

·        Operations

o       IT Service Delivery

o       Portal Management (Mass.Gov)

o       Enterprise Applications

o       Help Desk

o       Security

o       Change Control

·        Program Management

o       Procurement

o       Budgeting

o       Project Oversight

o       Portfolio Management

o       Quality Assurance and Quality Management

o       Performance Measurement

Within an enterprise, there is a natural tension over which assets or functions should be placed under the authority of the CIO, and which ones should be left under the control of the user agency.  Gartner recommends that, “…Generally, assets and functions that are not unique to the mission-critical functions of the agency should be part of an enterprise strategy and ‘owned’ at the enterprise level.”   These enterprise assets and functions will almost invariably include:

·        Enterprise architecture 

·        All IT resources (mainframes, servers, desktop devices, and peripherals)

·        Networks

·        Enterprise-wide applications

·        Maintenance and help desk functions for common hardware and applications

·        Standards for other IT resources, such as computing devices, operating systems, common applications, and software.[50]

Several states are creating project management offices to assist agencies in managing major IT initiatives.   The Georgia Technology Authority Acquisition Management Office oversees projects that exceed $1 million, and Washington’s Department of Information Services has a Management and Oversight of Strategic Technologies Division that includes senior technology management consultants to advise and assist agencies.

Most states are grappling with IT procurement reform so that technology may be acquired more rapidly and with the improved cost effectiveness that results from increased standardization and volume purchasing.  Gartner cautions that, “Acquiring, building and managing IT solutions will be more difficult if processes related to procurement, funding and staffing are too inflexible.”[51]  Procurement is a significant controlling force in government.   The current trend is to assign responsibility for IT procurement to the state CIO.   In Washington, although the statutory authority for acquiring and managing IT resources rests with agency heads, the Information Services Board establishes policies that guide agency procurements, according to project complexity and risk.   Gartner advises that, “…the CIO should take ownership of master contracts that are available for use by agencies for various systems…. Agencies should continue to be responsible for applications, solutions, and data modeling that are unique to their mission-critical programs, as long as this uniqueness is a function of the types of services rendered by the agency….”[52]

b.      Establish an IT Advisory Board to support the Commonwealth CIO in setting enterprise policies and standards, and in providing oversight of major IT initiatives.

The Commonwealth should establish, through legislation, an IT Advisory Board to support the CIO in establishing enterprise policies and standards and in overseeing major IT investments.   The Board’s membership should include a combination of permanent and rotating members, and representation from Commonwealth agencies, higher education, constitutional offices, the legislative and judicial branches, local governments, and the private sector.  The organizational structure of the Board should include councils, committees, or working groups in key areas, such as strategy, technology, architecture, business, IT investment, and security.  The legislation should include a sunset provision, to provide an opportunity to evaluate the effectiveness of the Board after a two-year period.

Boards are an essential element to effective enterprise IT strategy and oversight.   Innovation, “… is increasingly dependent on effective governance boards that lay the foundation for enterprise communication, prioritize key initiatives, and support interagency development….Effective governance boards will consist of members that can deliver true decision-making authority and….tap into the expertise of private sector firms for help in understanding the complexities of strategic technology decisions.”[53]  In addition, IT Boards provide an essential forum for government organizations to share data and systems.[54]

The IT Governance Institute, aware that IT has traditionally been treated as an entity separate from the business, stresses the importance of responsibility for IT oversight among corporate boards of directors:

“…enterprises rely on IT for their competitive advantage and cannot afford to apply to IT anything less than the same level of commitment they devote to financial supervision and overall enterprise governance.  Now is the time for boards of directors to provide necessary oversight and form dedicated IT committees….IT governance calls for sound decision making, clear process and leadership….”[55]

The Institute believes that the top issues for IT management have transitioned from technology to management-related issues that clearly map to the following IT governance responsibilities:

·        Strategic Alignment

·        Value Delivery

·        IT Asset Management

·        Risk Management

·        Performance Measurement.[56]

As noted among the “as is” observations in this report, Massachusetts does not have an enterprise direction that represents all stakeholder groups, or a mechanism for developing one.  In addition, the Commonwealth needs executive-level leadership to achieve collaboration and leverage IT investments across the enterprise.  An IT Advisory Board, with broad representation and strong participation from state government leadership, can be effective in broadening the vision, setting the collaborative tone, and committing organizations to an enterprise business strategy that can be advanced through alignment with an enabling IT strategy.  To facilitate this communication, the legislative and judicial branches should designate IT leaders (i.e., CIO-equivalents) to represent the interests of those branches to the Commonwealth CIO and the IT Advisory Board.

IT Board membership, scope, authority, and structure vary significantly among states, as does the degree to which states involve the legislative and judicial branches, higher education, or local governments in IT oversight.  The Gartner Group highlights North Carolina’s Information Resource Management Council (IRMC) as a model for a governing council:

“To enable e-government transformation, governments need to develop new governance models with the power and influence to set and enforce standards and policies across the enterprise.   The North Carolina IRMC is a model for a governing council that has broad representation from all branches and levels of government in the state, a legislative mandate, and a highly qualified, independent staff.  Other governments should seek to develop similar structures to lead and manage their IT efforts.“[57]

North Carolina’s IRMC meets monthly, and the state CIO is a member of the Commission.   Other members include:[58]

·        Four Council of State members (elected officials, appointed to the IRMC by the governor), one of whom is elected to chair the IRMC;

·        Secretary of State;

·        Secretary of the Department of Administration;

·        State Budget Officer;

·        Two members of the Governor’s cabinet;

·        Two citizens appointed by the Senate;

·        Two citizens appointed by the House;

·        Chair of the IT Management Advisory Council;

·        Chair of the Criminal Justice Information Network Governing Board;

·        State Comptroller;

·        Director of the Administrative Office of the Courts (or designee);

·        President of the University of North Carolina (or designee);

·        President of the Community College System (or designee);

·        Executive Director of the League of Municipalities (or designee);

·        Executive Director of the NC Association of County Commissioners (or designee);

·        State CIO;

·        Executive Director of the Rural Internet Access Authority (advisory member only). 

The IRMC has three committees (Technical Architecture and Project Certification, e-Government, and Information Privacy and Protection), and is assisted by two other councils:   the legislatively mandated IT Management Advisory Council (composed of senior agency program/business managers), and the CIO Council (an advisory council of agency CIOs).   These two councils provide both a business and technology perspective from the agencies.

The IRMC has been highly successful in approving IT plans and statewide technology initiatives, and in establishing oversight processes, including architecture governance, project management, IT procurement, and third-party quality assurance.   The IRMC reviews and certifies IT projects that exceed $500,000, have statewide impact, or are specifically designated by the IRMC.   The Commission receives support from NC’s Office of Information Technology Services, but also has a small, independent staff to ensure that the IRMC is not overly influenced by the central IT organization.

The following paragraphs highlight several other states’ approaches to establishing IT Boards.   The Commission is presenting these models as representative of leading practices among state governments, which the Commonwealth may use as input into developing the most appropriate IT governance structure for Massachusetts:

§         Virginia’s Council on Technology Services (COTS) is an advisory board that has 23 members and is chaired by the CIO (i.e., Secretary of Technology).  The Council includes representatives from each Secretariat, five institutions of higher education, three local governments, and the legislative and judicial branches.   The Council’s working groups include subject matter experts as well as Board members, and their areas of focus have varied over time as the Commonwealth’s needs have changed.  Currently, one working group is dedicated to change management support.  In addition to COTS, the CIO receives private sector input through a CIO Advisory Board, composed of 12 executives from Virginia’s major employers.  The Virginia Research and Technology Advisory Commission advises the Governor on research and technology strategies to enhance the state’s competitiveness.[59]

§         Washington’s Information Services Board (ISB) has IT acquisition, policy development, planning, and oversight authority for executive branch agencies, and is encouraged to seek input from the Legislature, Judiciary, and local governments.  The ISB has 15 members, including the CIO and representatives from the Legislature, the judicial branch, higher education, public instruction, constitutional offices, and the private sector.   The Board is staffed by the Department of Information Services’ Management and Oversight of Strategic Technologies Division.   In addition to the ISB, a Customer Advisory Board advises the CIO on service-related issues, and an Enterprise Management Group provides executive-level agency leadership for strategic digital government initiatives.[60]

§         Arizona’s IT Authorization Committee (ITAC) provides advice and counsel on major technology issues, and has jurisdiction to approve or reject IT projects with development costs that exceed $1 million, for all three branches of government.   ITAC’s nine voting members include two agency directors, the Administrator of the Courts, four private sector individuals who are knowledgeable in IT, and two additional members from the private sector or state agencies.  In addition, there are four advisory representatives from the Legislature (2), local government, and the federal government.   The state CIO chairs the ITAC, but is an advisor to the Committee.   The Committee receives support from the staff of the Government Information Technology Agency.   In addition to the ITAC, the CIO Council is a technical advisory committee that provides advice and support to the CIO on statewide information technology issues, and on developing statewide policies, standards, and procedures.   The Arizona Portal Advisory Committee advises the state CIO on the development, implementation, operation, and growth of the state portal.[61]

§         In Utah, the CIO is responsible for vision, strategy, direction, guidelines, policies, planning, coordination, and oversight of information technology for executive branch agencies.  The CIO reports to the Governor, is a member of the Governor’s cabinet, and chairs the state’s Information and Technology Policy and Strategy Committee.[62]  Recently, Utah’s governor instituted a highly collaborative approach to funding IT projects by establishing an E-Government Council, chaired by the Governor and composed of 17 executive and deputy directors.  This council meets monthly, “…to evaluate and set priorities for large IT projects that cross agency boundaries and compete for resources.”  Members of the              E-Government Council are asked to agree on what to fund and how, to build the project(s) together, and sometimes to defer an agency priority for the purpose of the enterprise.   The Governor believes that, “The only way those judgments can be made are at the executive-level.”  Ultimately, council approval results in a project charter that defines agencies’ commitments of financing, personnel, and space, and the assignment of a project director.  The charter also outlines which business processes the agencies will need to change in order to be a part of the project.[63]

§         The Georgia Technology Authority (GTA) is guided by a 12-member Board of Directors.  Each member must be employed in the private sector and have high-level experience in managing large IT enterprises (and may not have any conflicts of interest with state IT procurements).   The Governor appoints seven members, and the Lieutenant Governor and Speaker of the House each appoint two members.  In addition, the Board includes one non-voting member appointed by the Judiciary.  GTA’s Board of Directors establishes enterprise policies that apply to all executive branch agencies, except those under the direction of constitutional officers.   The Board has a voluntary relationship with the legislative and judicial branches, and local governments:  these governmental entities can opt to adopt, modify, or ignore GTA policies.  The Board is authorized to have a standing committee of agency representatives.  Georgia also has an IT Policy Council, composed of representatives from state agencies, local government, and the private sector, to advise on strategic planning and direction.[64]

Gartner recommends that the executive branch, “Include the Legislature in the process and recommend legislation that gives it [the Legislature] a significant role in appointing the members of the governing council.  Ensure that independently elected officials have a significant role on the governing council and that they understand the benefits of developing a common infrastructure.”[65]  A number of states have seen multi-jurisdictional collaboration between legislative technology oversight committees and the Office of CIO regarding governance and infrastructure issues.   In North Carolina, legislative leadership in both chambers worked closely with the executive branch to draft Senate Bill 222 (2000 Session), a major bill that strengthened the governance role of the CIO and the NC IRMC. 

California’s CIO, Clark Kelso, is operating under Executive Order, but recognizes the need “…to re-establish a legislatively supported governance structure….” in order to develop, “…a coherent statewide vision for how IT could be used in support of government operations.  It’s a vision that says that the state needs to manage, deploy, and develop its IT resources to support responsive and cost effective state operations, and to establish timely and convenient delivery of state services, benefits, and information.”  Mr. Kelso speaks about relying much more now on collaboration and communication than on attempted command and control to reach out across branches and levels of government.[66]

As discussed in the introduction to this section, turnover rate is high among state CIOs.   However, the establishment of an IT Advisory Board, with broad representation from among enterprise stakeholders, will create an effective governance structure that will insulate the Commonwealth from the risk of disruptive changes in individual IT leadership by institutionalizing enterprise policies, standards, architecture, and a management control framework that will transcend a change in leadership in the Commonwealth CIO position.

c.       Establish formal reporting relationships between the Office of the CIO and agency CIOs.

The Commission believes that the Commonwealth will benefit from a more specific reporting relationship between the Commonwealth CIO and the CIOs within executive branch agencies.   Collectively, the Commonwealth CIO and agency CIOs provide the technology leadership for the Commonwealth, and the Commonwealth CIO must be able to focus and coordinate the management of agencies’ IT resources to advance the strategic objectives of the enterprise.  This focus and coordination includes identifying resource sharing and investment opportunities, driving development of common IT solutions and business processes, and enforcing agency compliance with enterprise strategy, planning, architecture standards, and management processes.  Other states have changed the CIO reporting structure to provide more focus on IT.  Virginia completed its strategic IT plan recently, and is requesting legislative approval to consolidate all 91 executive branch agencies’ IT resources (staff and budget) under the management of a new, consolidated cabinet-level agency, named the Virginia Information Technologies Agency (VITA).   In this new organization, the Commonwealth’s 2,200 IT staff will report directly to VITA management but will remain on-site at large and mid-size agencies.   Customer feedback and satisfaction will be key performance indicators for VITA employees.

Based on lessons learned in other states, the Commission recognizes that care must be taken in establishing a new reporting structure.   It is premature for the Commission to define the exact nature of these reporting relationships, in advance of Governor Romney’s announcement of his reorganization plan for state government.   This reorganization plan is prerequisite to determining the most appropriate reporting structure between the Commonwealth CIO and agency CIOs.  However, the Commission recommends that agency CIOs continue to represent agencies’ end-user business perspective to the enterprise IT community.  In addition to these IT management functions, Gartner suggests that these agency CIOs carry the responsibility for creating awareness of the value of technology, educating key political and business unit officials on the possibilities of innovation, and participating in the development of effective governing and advisory committees.[67]  The Commission recommends that agency CIOs continue to work on-site at the business agencies, with the goal of advising agency leaders on the most effective ways for technology to facilitate their businesses and advance their strategic objectives.  Or, as California’s CIO puts it, advising on “…creative, practical options that agency directors can consider, as they respond to budget changes affecting their programs….”[68]   In these ways, agency CIOs will remain a critical link between the IT community and the agencies’ business users.  

Information-sharing among the agency CIOs has begun already, and must continue.   Monthly CIO Council meetings, which are chaired by the Commonwealth CIO and attended by agency CIOs, provide an excellent forum for the IT community to improve communications and information-sharing among agencies, develop a shared understanding of technology strategies, and foster an attitude of ownership and accountability among agency CIOs for enterprise IT success.

d.      Leverage “community of interest” concepts to deliver government services more effectively and efficiently.

The Commission recommends that the Commonwealth develop communities of interest to facilitate integrated planning and development of common business processes across governmental silos, processes that can be enabled through technology.  These communities of interest may be effective in overcoming the structural barriers to decision making and service delivery that exist within the larger enterprise in the form of agency boundaries, legislative committee structures, funding streams, geographical borders, etc.   The Romney Administration has provided examples of potential communities of interest through the creation of two new cabinet-level positions:  the Chief of Commonwealth Development, and the Chief of Labor and Commerce.  Alternatively, a community of interest might develop around education needs across agencies (e.g., preschool, early intervention, K-12, higher education, residential schools for children with disabilities, justice system education programs, etc.)

Communities of interest may develop specialized portals that expand and simplify access to resources for community members.  Similarly, these communities may emerge as centers of excellence to address needs outside the immediate community.  For example, rural communities may look to an education community of interest to establish or enhance long distance learning opportunities in their regions.   The ultimate objective of these communities of interest is to use technology to achieve cross-boundary, seamless service delivery to citizens and businesses in Massachusetts.   Ultimately, these communities of interest may evolve to develop integrated systems that span jurisdictional boundaries.  

Many communities of interest are likely to be ad hoc or topical in nature, created to address pressing, but not permanent, issues.  However, some mature communities of interest may require a dedicated manager (i.e., a Chief Liaison Officer) who would report to the Commonwealth CIO or CTO to ensure that cross-agency efforts are consistent with the enterprise policies, standards, and architecture promulgated by the IT Advisory Board.  In some communities of interest (e.g., Education, Health and Human Services, Public Safety), these liaison positions may coincide with Secretariat CIOs.  However, it is imperative that the work of these communities of interest crosses the traditional boundaries of the Secretariat in order to be effective.   

It is important that overall efficiencies, which are possible from expanded scope and greatly expanded scale efficiency, not be sacrificed due to the lack of authorized governance strategies supporting them.  

e.       Transform ITD to be a customer-centric, central IT provider.

The Commission recommends that the Office of the CIO foster an organizational culture that is customer-centric.  This central IT organization is a service provider whose mission is to deliver quality, reliable, secure, cost competitive IT services that promote the achievement of agencies’ business objectives and improve business results.  This mission requires a more external focus on the customer than has been the traditional orientation of many IT organizations, who have been more likely to focus internally on creating cost efficiencies than externally on delivering increased business value to end users.   A customer-driven IT service delivery strategy aligns with agencies’ business goals, and defines IT services and service levels in terms of what customers in agencies want to buy and use (e.g., “24-hour coverage, seven days a week” versus “high speed network”).  The Commonwealth’s central IT organization should be evaluated on performance and customer satisfaction metrics, as documented in service level agreements and memoranda of understanding.  Policies, standards, and procedures affecting IT assets and services should be developed through a participative governance process, such as an IT Advisory Board.  The central IT provider should invest in relationship management with agencies to maintain open communications with users and to manage their expectations.    

To be effective, the Office of the CIO, as a central IT service provider, must have credibility with the agencies.   The Commission recognizes that some agency stakeholders lack confidence in the ability of today’s central IT organization to deliver enterprise IT services effectively and efficiently:

“How an enterprise views its IS organization is critical to its ability to leverage IT as key means of achieving strategic business goals.   A credible IS organization is seen by business units and senior executives as believable, reliable, and able to provide wise IT counsel and tools to help propel business growth.”[69]

Gartner recommends that IT organizations build and enhance their credibility by addressing five drivers that can improve enterprise perceptions:

a)      Alignment and Vision

b)      Customer Satisfaction

c)      Pricing and Service Levels

d)      People, Sourcing, and Relationships

e)      Business Behaviors[70]

In IT organizations that command the greatest degree of customer respect and satisfaction, enterprise business leaders actively seek the advice, counsel, and innovation of the central IT organization.   These IT organizations have learned to establish relationship managers with users, and involve stakeholders in evaluating and ranking project priorities.   They have identified core competencies and are managing them across the enterprise, and have defined effective processes for planning, IT architecture, project management, funding, sourcing, and competency development.   They are measuring business value.[71]  When poor perceptions of credibility define an IT organization, IT users and other stakeholders (such as enterprise executives) question whether IT investments are actually delivering promised business value.[72]

f.        Enhance and refine fiduciary responsibility for IT funding and management within the Office of the CIO.

The Commission recommends that the Office of the CIO have increased fiduciary responsibility for overseeing IT budgets and expenditures.  The CIO should have review and comment opportunity on agencies’ IT budgets prior to submission to the Legislature for appropriation, and on supplementary and deficiency appropriation requests as well as planned IT expenditures from other funding sources.   Once budgets are approved, the CIO should have oversight and approval authority for agencies’ execution of these budgets, to ensure agency compliance with enterprise architecture and standards, to assess opportunities for development of shared services, and to evaluate agencies’ performance against established cost and schedule baselines.   

Today, the Commonwealth CIO has the authority to approve, monitor, and halt executive branch agencies’ IT projects that exceed $200,000.   To date, the Commonwealth’s CIOs have never exercised this enforcement authority by halting unsuccessful projects. In addition, ITD is prohibited under the separation of powers provision of the Commonwealth’s Constitution, from reviewing, approving or halting, as a matter of right, IT projects funded by bond funds set aside by the Legislature for the Legislature or Judiciary. For this reason, ITD has been reluctant to attempt to assert authority over IT projects funded by bond funds set aside by the Legislature for itself or the Judiciary.

Many state legislatures have granted CIOs financial oversight and approval authority.  

§         In Georgia, the Georgia Technology Authority (GTA) reviews agency IT budgets and approves all IT system development, enhancement, or modification prior to initiation.  The GTA conducts procurements for agency projects that exceed $100,000, and its Acquisition Management Office monitors all projects whose projected costs exceed $1 million. 

§         In Arizona, the project threshold for CIO approval is $25,000.  

§         Recently, Virginia granted the Secretary of Technology approval authority for IT projects that exceed $1 million or have statewide significance.   Although Virginia’s CIO is pleased with this new authority, he is much more interested in becoming involved earlier in the process, in helping the business in, “…the development of the business strategy to change the way a business operates.”   He believes that, “…technology is a support and help in business processes and business process changes.  It is not necessarily the end in itself….”[73] 

In considering this recommendation, the Commission concluded that, whatever approval threshold is chosen, the key is to implement a pragmatic oversight approach that adds value to the enterprise, not simply one that creates another bureaucratic approval process.   Former West Virginia CIO, Keith Comstock, spoke to the IT Commission about his state’s success in managing by exception, based on agencies’ deviations from planned performance.    Washington manages its IT oversight through a combination of delegated authority to agencies, and risk and severity matrices for IT project oversight. 

In some states, financial systems are not designed to capture project-level costs for meaningful reporting.   In Georgia, the Georgia Technology Authority, with the Budget Director and Auditor, is charged with developing a system of budgeting and accounting for expenditures for technology resources that integrates seamlessly with the technology portfolio management system.[74]

Many states involve their IT Boards in the oversight of the CIO’s fiduciary responsibility.  

§         Utah’s E-Government Council prioritizes project proposals for implementation, and charters approved projects.  

§         Georgia has a steering committee to advise its CIO about expenditures from the Technology Empowerment Fund. 

§         North Carolina’s Information Resource Management Commission certifies all IT projects within the executive branch that exceed $500,000 in cumulative expenditures, have major or statewide strategic significance, or are designated by the Commission as requiring certification.

§         Virginia’s Secretary of Technology works in concert with a Technology Investment Board, which reviews, prioritizes, and authorizes all enterprise IT investments over $1 million, and apportions costs for enterprise IT projects. 

§         In Arizona, the IT Authorization Committee has planning and oversight responsibility for projects that exceed $1 million, in all three branches of government.    

The Commission also recommends strengthening oversight of IT Bond Fund projects by the Office of the CIO.   The CIO should institute a more collaborative approach to IT investments by involving the IT Advisory Board in prioritization and decision-making, and in IT project reporting and oversight.  As discussed in the “As Is” Assessment, the IT Bond allocation process could be improved by increased collaboration between and among ITD and agencies during the development of investment briefs, establishing criteria for what types of investments are funded appropriately as capital projects, restricting the use of bond funds for maintenance purposes, assisting agencies in establishing the business case for IT investments based on operating budget impact and total cost of ownership, developing project management and performance metrics, and instituting a process for more consistent project oversight following project initiation.   As discussed later in this report, the Commonwealth’s development of enterprise business and IT strategies would be highly beneficial in guiding investment decisions made with IT Bond funds.

g.      Adopt a “Total Cost of Ownership” approach and cost/benefit analysis for the assessment, management, monitoring, and funding of major IT initiatives and processes across the enterprise.

The Commonwealth should adopt a total cost of ownership approach and cost/benefit analysis for selecting projects for IT investment, and for managing and monitoring these investments throughout their life cycles.  A TCO approach is beneficial to an organization because it requires a more comprehensive, upfront planning process, which improves the organization’s decision making.  A cost/benefit analysis ensures that decision makers consider opportunities to realize increased revenues and other benefits from an IT investment, and do not focus solely on the cost of the investment.   TCO and cost/benefit calculations should include fully burdened costs and, depending on the timing of decisions being made (e.g., initial development versus retirement of more mature systems), may include procurement, operations, maintenance, security, and/or disposal costs, as well as offsetting revenue generation and other benefits, some of which may be qualitative in nature.   For example, the TCO planning horizon for an initial application development decision may be based on total development/deployment costs plus the first two years of maintenance, where the decision to retire an existing system would focus more appropriately on ongoing operational and maintenance costs.   Of course, employee cost assumptions should include all of the Commonwealth’s costs associated with these employees, including salaries, benefits, management structure, administration, and facilities.


C.     IT Strategy

As was stated in the “As Is” Assessment, the Commonwealth should have an overall enterprise strategy for achieving the collective business objectives of its members. An enterprise strategy should foster rationalization of business processes to improve government services. Building off that enterprise strategy, the IT strategy will help executive department agencies, constitutional offices, the Legislature and the judicial branch focus their energies and resources to bring value and cost-effective operations throughout government. The IT strategy establishes the vision, tactical plans, and daily activities to deliver high quality, cost-effective management of IT services.

The IT strategy for the Commonwealth should clearly articulate the philosophy and project the direction of enterprise IT into the future. It must consider the enterprise’s environment – the challenges, forces and changes that are ahead – and what strategic direction to pursue regarding IT. This strategy should be the result of a collaborative effort between the Commonwealth’s central and agency IT organizations and government business management leaders.  An enterprise IT strategy provides the framework for sustainable growth and responsible development. From a citizen-centric perspective, it becomes impossible to promote a “single face” for all government services without an enterprise IT strategy that enables the sharing of information as freely as possible throughout government in a standardized manner.

With the current budget crisis facing state governments, fewer funds are generally available and new accountability standards demand a clear economic payoff from any IT investment.   Financial uncertainty is coupled with a rapidly changing technology environment.   Gartner recommends “…that enterprises respect this rapidly changing business climate by engaging in IT planning that both benefits from the merits of traditional strategic planning but also adapts it in new ways to accommodate the new more uncertain business and technical environment.”[75]

For the Commonwealth of Massachusetts to develop an effective IT strategy, it will require the cooperation and collaboration of business and IT management to develop a common understanding of enterprise business goals and the allocation of IT resources to support those goals. According to Gartner, there are three perspectives that need to be considered in developing an IT strategy:[76]

o       Establish the agreed-upon role for IT to play — especially with regard to how aggressively the enterprise wants to benefit from IT.   This may also set the technology framework for the future, including the infrastructure, and the agreed upon business and IT management’s philosophy and directions.

o       Allocation of the available IT resources. Allocating resources, especially funding, to enterprise projects that will have the very best results for the Commonwealth as a whole. Developing a prioritization process that must include an enterprise evaluation based upon defined criteria and weighting of relevant factors.[77]

o       Selection of technology guidelines to be used as projects proceed towards funding and implementation. This perspective must incorporate standards in both components and in design style – to achieve benefits of interoperability and lower costs through design consistency.

IT Strategic Planning Process Framework

imageSource:   Gartner, IT Planning: A New Perspective, September 26, 2001.


Recommendations

The Commission, after considering the results of the “As Is” Assessment, examining best practices, and consulting with practitioners, recommends that the Commonwealth implement the following seven actions for improving IT strategy in Massachusetts.

a.      Define the enterprise, articulate an enterprise vision, and create an enterprise strategic business plan.

At the very first meeting of the IT Commission, the question arose as to what exactly constituted the Massachusetts “enterprise”, and in the context of an entity as complex as government, this is indeed not nearly as simple a question as it sounds.  While most private sector companies, non-profit organizations, and other institutions can strategize around one or a few segments of the population – for example, “the consumer” or “the worker” – definition of the government enterprise and of its vision and strategic plan is something of a more complex undertaking.

The Commonwealth must begin by deciding what will constitute the scope of the enterprise and how will that scope be allowed to grow.   The enterprise is an evolving concept – one that must begin more simply than what it is eventually envisioned to become.   To define the enterprise initially to be inclusive of every agency in each branch of all levels of government is not practical, even though collaborative and integrated government may be the ultimate aspiration of what the enterprise will embody.  A commonly used analogy is that of world hunger:   an impossible problem against which to take action unless its scope is initially defined more narrowly than the whole world (i.e., maybe a single community, then a group of communities, followed by a state, etc.)

imageOnce defined, the enterprise then requires a vision around what it is supposed to be.   Put another way, with the question of “Who is the enterprise?” answered, the Commonwealth can then begin to ask (and answer) “What is the enterprise about?”.   A clear and concise vision statement describing what the enterprise seeks to embody and the values it ascribes to itself creates a uniform sense of purpose from which a sound and meaningful strategy can be built.

In defining the overall enterprise, the Commonwealth should incorporate economic development and homeland security into their comprehensive definition.  Defining the boundaries of the networked enterprise further enables universal access by citizens, end-users, and partners to all governmental services of agencies, authorities, and municipalities of the Commonwealth.  By broadening the definition, enterprise IT improvements and modernization will enable education, enhance public safety, and foster numerous other groups to pursue a variety of communities of interests.   Each such interest community should become an authorized user group of, and contributor/partner to, the integrated network resources of the enterprise.[78]

With the enterprise defined and its vision articulated, the Commonwealth is then well positioned to articulate the enterprise’s strategic plan.   The strategic plan clearly sets out the goals for the enterprise, providing insight and direction into how exactly the vision is to be achieved.  It sets the top-level priorities from which agencies’ missions, business objectives, business processes, and overall strategic plans can then be built. This strategic direction is absolutely critical to ensuring that other planning processes at deeper levels of the enterprise – for example, the agencies or the Office of the CIO – all tie back to a master plan that says how the Commonwealth prioritizes the delivery of services to its citizens, businesses, and/or employees.  Without this overarching plan, strategic planning at the department, division, or agency level is likely to be compartmentalized, misaligned with the needs of the public, confined to the boundaries of a silo (or silos) of the organization.

In the report Six Building Blocks for Creating Real IT Strategies (Gartner:   11 Dec 2002), authors Robert Mack and Ned Frey discuss the strengths and weaknesses of IT strategies and prescribe a nine-step process for creating effective IT strategies.  The first step they cite in their methodology is, in fact, “Understand the Business Strategy”.  This starting point is clearly a starting point that the Commonwealth would be wise to adopt in endeavoring to produce an IT strategy that is both meaningful and effective.

From the “As Is” Assessment, it is clear that Massachusetts already has the makings of an enterprise vision, with terms such as single face of government, collaborative approach, and citizen-centric government already resonating as key themes in numerous areas throughout the Commonwealth’s government.  To solidify this vision and build consensus around a strategic plan, involvement must come from the highest levels of agencies with key customer-facing functions as well as agencies performing support functions.   Leadership commitment and participation is an undeniably critical success factor in setting the enterprise direction, as is the participation of as many of the Commonwealth’s agencies and departments as is possible and manageable.

At this moment, however, the practical reality is that there is no enterprise-wide business plan and the CIO cannot continue to wait for that plan to be developed.  Therefore, the Commission recommends that the CIO commence immediately on the drafting of an IT Strategic plan based upon available documentation regarding Administration priorities, in consultation with the other branches, in order to define the business priorities of the enterprise.  That plan, once readied for review, will be provided to the other branches for comment and approval.   The objective of that comment and approval process is to ensure that the plan as drafted will support ongoing and known new operations as well as provide the other branches the opportunity to provide insight into planned operational changes in the absence of the comprehensive business strategy.  Those comments and inputs will form the basis for creation of an overall enterprise business strategy.

b.      Establish a formal process for creating and updating the enterprise IT strategic plan for managing and expanding information technology in the Commonwealth, in alignment with the business strategy.

Because information technology is evolving and changing so rapidly, the Commonwealth needs a process by which it regularly revisits its IT strategic plan.  With the effects of Moore’s Law constantly reshaping IT, a static IT strategy will quickly lose meaning and impact if it is not regularly assessed against the following criteria:

·        Does the IT strategy still align with the overall strategic plan for the enterprise?

·        Is the IT strategy still appropriate to the context of the present-day information technology industry?

·        Does the IT strategy sufficiently embrace emerging technologies?

·        Is the IT strategy effectively protecting the Commonwealth against volatilities in the IT industry?

·        Does the IT strategy align with performance standards of those business functions that are enabled by IT?

In the public sector, the City of Minneapolis, MN is often cited as a best practice in this area.  In February, 2000, Governing magazine gave Minneapolis a grade of A- in information technology, saying “strategic IT planning is about as good here as anywhere in the country.”  Minneapolis revisits its IT strategic plan every two years, evaluating it against a series of meaningful questions such as the ones that appear above.  As a result, Minneapolis has enjoyed tremendous success in establishing and deploying a consistent set of IT standards, in operating a highly effective data warehouse, and in proactively identifying areas for further improvement.

c.       Develop a comprehensive IT infrastructure plan for the enterprise.

The “As Is” Assessment identified that the infrastructure in the Commonwealth is fragmented and duplicative.  This fragmentation and duplication has driven the cost of support of the infrastructure higher than it could otherwise be, and has increased the barriers to common operations of Commonwealth offices. In order to attack this fragmentation, there should be a comprehensive enterprise IT infrastructure plan for the Commonwealth.  The Office of the CIO should be responsible for this plan.

There is a larger discussion of the infrastructure later in this chapter (see
Part E).   A few areas that are most germane to the development of a comprehensive strategy are highlighted here.

In the Applications arena, the Commonwealth has already identified a few enterprise applications that are centrally managed and provided, including MMARS, HR/CMS, MassMail and the Mass.Gov Portal and its shared services.  However, business applications that may have cross-agency use, or that may meet the requirements of multiple agencies, are not being identified.

The “As Is” Assessment, based on a survey of a few key data centers, indicates that the Commonwealth’s data centers are generally adequate, but that there are inconsistencies in operations practices, space utilization, and capacity planning.   In fact, the report highlighted the single word “inconsistent” as the major characterization of the centers

The Commonwealth networks are also fragmented and disjointed.  There is no unified planning for either voice or data networks, either operationally or strategically. There are as many as 13 to 20 independent networks currently in place in the Commonwealth. These networks do not share architecture, technology, security or monitoring philosophy, and are only interacting with one another with significant investment of resources in making that happen. Finally, the cost of these disjointed networks is significantly higher than it needs to be.  

All of these disjointed situations are the result of a lack of a central enterprise infrastructure plan. Each individual agency has proceeded without central guidance, resulting in the balkanization of the infrastructure.  The Commonwealth should immediately charter the Office of the CIO to create an enterprise-wide infrastructure plan and, once agreed by all participants, that plan should guide all future infrastructure decisions.

d.      Align the Commonwealth’s legal framework with the enterprise strategy and IT plan, within Constitutional guidelines.

The separation of powers within the government has created a natural barrier to sharing of IT facilities, resources, and infrastructure. The requirement that the three branches of government be independent meant that each developed technology to support itself, resulting in duplication and incompatibility.  Even within branches, until recently, the exchange of data between agencies was hampered by the incompatibility of the systems, or by legal and regulatory requirements that governed how data is to be handled.

In the wake of September 11th, however, the barriers to sharing data between government branches and agencies are being challenged. While data sharing gives rise to significant public policy issues and concerns, the technology does exist to support common data sources, and the need for increased data sharing has created a new demand for interoperability.  At the same time, the current fiscal crisis has also demanded that the agencies and branches seek new ways to provide better services, faster than before, and for lower costs.

In order to take advantage of the abilities that new technology can provide, and to find those security-enhancing, but cost-saving interoperabilities, the legal and regulatory barriers to data sharing and infrastructure sharing must be addressed within a sound, public policy context.

As a part of the strategic plan, the Office of the CIO should identify those barriers to efficiency and effectiveness resulting from a legal framework that may have been appropriate in the past, but which have created major inhibitors to progress today. The Legislature should then address the barriers with changes to the statutes of the Commonwealth.

Clearly, where separation of powers would prohibit it, collaboration and cooperation between branches may remain impossible. However, it is likely that over time practices and processes have been built into both the canon of law and regulations that are neither constitutionally required nor good business.  It is these barriers that should be removed.

e.       Align monies from the IT Bond Fund with objectives set out in the enterprise strategic plan.

As discussed in IT Strategy recommendation “a” (see page 115), the Commonwealth must establish an enterprise strategic plan to establish unilateral objectives and set a particular direction for the delivery of government services in Massachusetts.  Faced with a tightening economy that is shrinking revenue and forcing reduced budgets, governments at all levels must learn to do more with less. The Commonwealth must use collaborative technologies to work together and allow agencies and departments to share appropriate information across governmental boundaries. The Commonwealth must align the disbursements from such funding mechanisms as the IT Bond Funds to create incentive and accountability for agencies to execute and leverage resources according to the enterprise strategy.

The IT Bond Fund application and allocation process already involves the articulation of a business case by an agency for a particular investment.  While this is a good start, the review and selection process for project funding needs to better draw its direction from a higher-level enterprise strategy.  While the CIO should continue to provide directives and input into the disbursement of how and to whom IT Bond Fund monies will be disbursed, the CIO should be clearly able to derive a disbursement protocol from a set of higher level strategic objectives.   Furthermore, the guidelines and procedures for allocating IT Bond Fund grants should be revisited as often as the enterprise and IT strategies are revisited (see IT Strategy recommendation “b”, page 117) to ensure that funding mechanisms are kept in line with the Commonwealth’s strategic direction and objectives as they evolve.

f.        Establish and monitor enterprise service and performance metrics, using a balanced scorecard approach, to measure performance in order to drive accountability and ownership for enterprise success.

Accountability only comes with measurement; one can only “expect” what one is able and willing to “inspect.” Therefore, in seeking to create and operationalize collaborative, enterprise behaviors, the Commonwealth must establish a fresh set of outcome-based performance metrics to get agencies out of the silo mentality and into a quality of service mentality.

The importance of establishing accountability was strongly urged by Wendy Rayner, former CIO of the State of New Jersey, who indicated that business metrics were required to measure agencies in that state, and recommended that the IT Commission demand both service delivery metrics from agencies as well as IT performance metrics from ITD.

In measuring agency performance, metrics must be customer-focused and be set in terms that are meaningful to the customer, not the provider.  Creating these metrics should include both provider and customer inputs, and measurements should be taken frequently and consistently.   One of the difficult lessons learned in service provision is that if the customer thinks it is a problem, then it is a problem.

Evaluation of any portion of Commonwealth government – or of Commonwealth government as a whole – becomes greatly simplified and objectified.  An agency’s success is measured in its ability to satisfy the requirements of its customers.   The success then of enabling infrastructure – such as ITD and/or the Office of the CIO – is measured in its ability to help agencies achieve improvements against their own metrics and goals.  For example, consider a customer of a government service who is dissatisfied because s/he feels that a process that currently takes several days should be able to be completed in hours.  If the CIO and/or ITD were able to provide a technology solution that consistently cuts cycle time down to fewer than eight hours, they would be credited with contributing to that success.   Providing solutions however that only took a few hours off of the process, or that could not consistently improve its performance, might not be considered successes.

In the context of the IT Commission, these service and performance metrics will measure the quality of the services provided by the central service provider. The Commission strongly recommends that all Commonwealth agencies in all branches of government examine their own service providing organizations to establish and monitor their own provision of services.

g.      Drive change within the enterprise by taking a business process reengineering approach and leveraging IT for delivery improvements.

Too often, technology is seen as a panacea to problems caused by poor business practices and processes. These processes typically have developed over time, first as ad-hoc steps to accomplishing critical tasks, then later becoming institutionalized as “the way to do things.”  When those processes begin to bog down and customer service begins to fail, it is easy to blame the technology and difficult to fault the process, so agencies look for newer, faster, better technology.   As the new technology is put into operation, and the leadership anticipates payoff from the investment, the payoff does not materialize because adding a high-technology solution to a bad business process can only create a high-technology bad result.

As an example of this phenomenon, in one Department of Motor Vehicles (not in the Commonwealth), the process for renewal of a driver’s license included sending a notice of expiration to the driver.   However, the driver was not advised in advance of any outstanding traffic or parking tickets that would prevent license ren