IT Governance Arrangement

Federated/Hybrid

Central IT Office

The state of California has two central IT offices, each of which focuses separately on one of the two main functions of central IT offices: IT service and IT policy and strategic planning.

Office of the State CIO

Following the sunset of the original legislation, the Office of the State CIO was recreated by Senate Bill 834 in 2006. In August 2007 the Legislature appropriated funds to establish the Office of the State CIO as the first cabinet-level agency with statutory authority over strategic vision and planning, enterprise architecture, IT policy, and project approval and oversight. As of July 2007, it also fulfills two roles that previously resided with the Department of Finance:

• Investment Review Program, which ensures that IT projects submitted by departments represent a sound business investment and an appropriate solution, as well as follow state IT policies and directions, when determining recommendations for funding of these efforts.
• Project Oversight Program, which has developed state minimum requirements for project management and project oversight activities, and oversees the implementation of these requirements at the department and Agency levels to ensure successful IT projects.

Department of Technology Services (DTS)

DTS provides enterprise-wide IT services to the executive branch of the government. It operates the State Data Center, manages 24-hour, seven days/week operations for departmental IT systems and solutions, and is accountable for running cost-effective, secure technical environments and infrastructure providing services to most state departments and some county services. It is independent of the State CIO and is governed by the Technology Services Board.

State CIO

State CIO

The State CIO is a member of the Governor’s cabinet and directly appointed by the Governor. The overall role of the State CIO is to provide leadership on statewide IT initiatives and needs, provide strategic vision for the state's technology, and coordinate with the control agencies and departments. The following is a more detailed list of State CIO roles and responsibilities:

• Advise the Governor on the strategic management and direction of the state's information technology resources.
• Minimize overlap, redundancy, and cost in state operations by promoting the efficient and effective use of information technology.
• Coordinate activities of Agency Information Officers, agency CIOs, and the Director of the Department of Technology Services for purposes of integrating statewide technology initiatives, ensuring compliance with information technology policies and standards, and promoting alignment of information technology resources and effective management of information technology portfolios.
• Work to improve organizational maturity and capacity in the effective management of information technology.
• Establish performance management and improvement processes to ensure state information technology systems and services are efficient and effective.

Roles of other agencies in state IT management

Decision-making processes in the executive branch for enterprise information technology issues are in the hands of several agencies exercising discretion pursuant to existing delegations of authority.

Department of Finance (DOF)
DOF approves project funding and is responsible for project approval, developing and managing an IT security program, and assisting the State CIO in identifying and addressing key statewide strategic and operational needs for IT management. It includes the following entities:

• Security Program, which identifies, mitigates, and manages statewide security and operational recovery risk. The program accomplishes this through policy, education, awareness, and communications with the departmental Information Security Officers (ISOs).
• Overview of High Profile/High Cost Projects - Major projects often require the attention of the Administration, the State CIO, Finance, and the agencies.

Department of General Services (DGS)
DGS is responsible for IT acquisition processes and procedures, including legal counsel. In addition, through its acquisition quality assurance program, DGS is responsible for oversight of all IT procurements conducted by other state agencies.

Cabinet-level Agencies
The agencies provide leadership, coordination, and oversight of IT, activities, and procurements within its jurisdiction. Agencies have assumed a larger role for oversight of projects and advising DOFand the State CIO on IT leadership issues through its agency information officer (AIO).

Departments
The departments are responsible for effectively managing their IT development and operations, including providing ethical guidelines for IT procurements; creating direct lines of reporting between directors and the department's CIO and information security officer; providing independent oversight of projects; and implementing basic security measures.

Coordination Mechanisms

IT Council Executive Committee

The Executive Committee was established in September 2008 to provide oversight and leadership to the Information Technology Council. It consists of eight AIOs, eight CIOs, the State CIO, and three representatives from the OCIO. It has the following roles and responsibilities:

• Provide oversight and leadership for the California IT Council
• Provide general advice and guidance to the State CIO
• Provide a framework for statewide IT governance
• Provide feedback to proposed IT policy
• Respond to requests from the State CIO

Information Technology Council (IT Council)
The IT Council advises the State CIO on all matters related to information technology in the executive branch, including the development of statewide IT strategic plans and the adoption of enterprise-wide IT standards and policies. The IT Council's membership is broadly representative of major stakeholders in the executive branch's IT program, including members from several constitutional offices, the state's support agencies (Departments of Finance, General Services, Personnel Administration and Technology Services), AIOs, departmental CIOs, the judiciary, and local and federal governments. It was chartered by the State CIO in 2004.

Technology Services Board (TSB)
TSB governs the Department of Technology Services established on July 9, 2005 by the Governor’s Reorganization Plan Number 2 and sets policy on enterprise services provided by the Department of Technology Services (DTS). DTS is the sole enterprise-wide source for technology and telecommunications services. The goal of consolidation and realignment is to substantially improve the performance of the executive branch in managing its information technology infrastructure.

Enterprise Leadership Council (ELC)
The ELC provides statewide support and guidance for all state enterprise-wide system projects. The ELC’s mission includes providing a forum for project stakeholders to review, resolve, and provide direction on issues that have a statewide impact and cannot be resolved at a project level. The ELC’s membership includes members of the Governor’s Cabinet, the Controller, the Treasurer, and the executive director of the Board of Equalization.

Planning document

California State Information Technology Strategic Plan is updated annually and guides the acquisition, management, and use of technology within the executive branch for a five year period. As of March 10, 2009, a new reorganization plan had been put in front of the legislature that would further consolidate IT in the state of California. The plan went into effect on May 10, 2009, with full enactment expected by mid 2010. Under the reorganization plan, both the service and the policy and planning functions are subsumed under the OCIO.

IT Governance Arrangement

Federated/Hybrid

Central IT Office

Agency for Enterprise Information Technology (AEIT)
The Agency for Enterprise Information Technology was created within the Executive Office of the Governor in July 2007 with the Governor and Cabinet intended as the head of the agency.

AEIT has the following duties and responsibilities:

• Develop and implement strategies for the design, delivery, and management of the enterprise information technology services established in law.
• Monitor the delivery and management of the enterprise information technology services as established in law.
• Make recommendations to the agency head and the legislature concerning other information technology services that should be designed, delivered, and managed at the enterprise level as defined in s. 282.0041(8).
• Plan and establish policies for managing proposed statutorily authorized enterprise information technology services, which includes developing business cases that, when applicable, include the components identified in s. 287.0574; establishing and coordinating project-management teams; establishing formal risk-assessment and mitigation processes; and providing for independent monitoring of projects for recommended corrective actions.
• Not earlier than July 1, 2008, define the architecture standards for enterprise information technology and develop implementation approaches for statewide migration to those standards.
• Develop and publish a strategic enterprise information technology plan that identifies and recommends strategies for how enterprise information technology will deliver effective and efficient government services to state residents and improve the operations of state agencies.

In the course of its duties, AEIT is required to ensure participation and representation of state agencies and the Agency Chief Information Officers Council established in s. 282.315.

Office of Information Security (OIS)
Part of AEIT, OIS is responsible, in consultation with each agency head, for coordinating, assessing, and recommending minimum operating procedures to ensure an adequate level of security for data and information technology resources.

State CIO

State CIO
Re-established in 2008, the State CIO reports to the Governor and the Cabinet. The State CIO also acts as the executive director for AEIT.

Roles of other agencies in state IT management

State Agencies
State agencies propose their own technology budgets to the Governor as part of their overall annual operating budgets. The bill seeking to abolish the central IT office (SB1494), which was ultimately vetoed by the Governor, would have required "each affected agency to develop an internal technology control process to discipline the execution of its technology investment. The process of governance and accountability applies to agency technology activities and is based upon increasing state budgetary investment. This bill provides legislative intent of the importance of establishing a management control process that aligns state agency information technology needs with their individual jurisdictional requirements.” Each individual agency is also responsible for procurement of its own IT. Today the state agencies continue to control their own IT management, although efforts are underway to provide more enterprise-wide standards and support.

Governor and legislature
As in most states, the Governor has the power to make budget recommendations to the legislature, but the legislature makes the funding decisions. The Florida legislature also has a Technology Review Workgroup to provide recommendations about the IT portions of agencies’ annual budgets and plans.

Coordination Mechanisms

CIO Council
The Council is structured to enhance communication among the agency CIOs by identifying and recommending efficient best practices among state agencies; it operates independently of AEIT, although the State CIO is a participating member. The Council serves as an educational forum for enterprise information technology planning and management issues and builds consensus using workgroups and committees that develop policies and resolve planning and management deficiencies. Its key principles are cooperative planning between state government entities and maximizing information sharing for the public access.

The Council includes the CIOs of all state agencies and the CIO of the State of Florida. It also includes a CIO selected from each of the legislative branches, the State University System, the Florida Community Colleges System, the Supreme Court for the judicial branch, the Public Defender’s Office, and the State Attorney’s Office.

The Council is led by a Steering Committee that is responsible for setting the meeting agenda, establishing the annual goals, listing the expected deliverables, and reporting on their outcome for the following year. The members of the committee are the CIO Council chair, vice-chair, Department of Management Services Deputy Secretary for Technology, and six members of the Council appointed by the chair.

Technology Review Workgroup
The 1997 Legislature created the Technology Review Workgroup (TRW) in s. 216.0446, F.S., to provide analysis and recommendations regarding agency funding requests for information technology projects. The TRW also provides legislative oversight of strategic information technology projects that have been specifically identified in the General Appropriations Act. The TRW reports its findings and recommendations to the Legislative Budget Commission.

The Workgroup has a dedicated staff of research, legislative, and administrative analysts, who are supervised by the staff director.

Planning Document

Agency for Enterprise Information Technology, Operational Work Plan 2008-2009
As part of its incremental approach to redeveloping a central IT organization, the Florida Legislature requires AEIT to provide an annual operational work plan. This work plan outlines the agency’s progress in meeting its goals and tasks, which are statutorily defined by the legislature. Although it does not provide guidance for statewide IT policy, it does outline the roadmap for Florida’s emerging development of enterprise IT governance strategies.

IT Governance Arrangement

Federated/Hybrid

Central IT Office

Georgia Technology Authority (GTA)
The GTA was created through legislation in July 2000 to replace the GeorgiaNet Authority. The GTA's powers and duties extend to all agencies except those under the authority, direction, or control of the General Assembly or statewide elected officials other than the Governor. For administrative purposes, GTA is assigned to the Department of Administrative Services (DOAS).

The GTA provides for the procurement, management, and coordination of technology resources, as well as the centralized marketing, provision, sale, and leasing of certain public information maintained in an electronic format to the public.

More specifically, GTA as four main tasks:

• Manage the state’s IT infrastructure — data center, network and telecommunications services and security
• Establish policies, standards, and guidelines for state IT
• Promote an enterprise approach to state IT
• Develop and manage the state portal, georgia.gov

GTA's statutory responsibilities also encompass the following:

• Technology enterprise management — methods for managing technology resources for state agencies; resources include data centers, servers, mainframes, PCs and laptops, wide and local area networks, telecommunications and technology personnel
• Technology portfolio management — approaches for analyzing and ranking the state’s technology investments

The GTA has five offices led by a designated officer:

• Administrative
• Technology
• Enterprise Governance and Planning
• Marketing
• Operations

State CIO

State CIO
The State CIO serves as the executive director of GTA and is both appointed and removed by a vote of a majority of the full membership of the GTA board.

The GTA established and directs a technology empowerment fund in which the CIO is authorized to identify and select individual projects, initiatives, and systems to be funded through the technology empowerment fund.

Roles of other agencies in state IT management

State Agencies
State agencies must submit an Agency Project Request (APR) through an automated system. GTA account managers continue to work with agencies to gather any additional information needed to complete APR reviews. GTA partners with the Office of Planning and Budget and state agencies to ensure only necessary information is collected. All agencies must contract through GTA for any technology resource purchase of such agency exceeding $100,000.

Office of Planning and Budgeting (OPB)
The OPB and the state auditor are responsible for jointly developing a system for budgeting and accounting of expenditures for technology resources.

Coordination Mechanisms

GTA Board of Directors
GTA is guided by a twelve member Board of Directors, including seven members appointed by the Governor, two appointed by the Lieutenant Governor, two appointed by the Speaker of the House of Representatives, and one non-voting member appointed by the Chief Justice of the Georgia Supreme Court. 

The GTA’s Board of Directors is responsible for enterprise IT policies. In September 2008, the Board established the IT Infrastructure Library (ITIL) as the official basis for IT infrastructure management, service delivery, and support in Georgia.

Technology Empowerment Fund Steering Committee
The Committee is composed of the chairperson of the House Appropriations Committee, the chairperson of the Senate Appropriations Committee, the director of the Office of Planning and Budgeting (OPB), the legislative budget analyst, the state auditor, and a representative from the Governor's office. Their role is to advise and consult with the CIO regarding initiatives to receive funding from the technology empowerment fund.

Critical Projects Review Panel
The Review Panel, comprised of the state chief operating officer (COO), state chief financial officer (CFO), Office of Planning and Budgeting (OPB) director, and the State CIO, meets regularly to oversee IT projects with a significant impact on state operations.

PeopleSoft Program Governance Council
The Council was established to create and enforce policies for the state’s enterprise resource planning system. PeopleSoft is used by more than 80 state agencies and organizations, and the council is charged with setting business processes and deciding on system changes and upgrades. Like the Critical Projects Review Panel, the Council is also comprised of representatives from state agencies and key members of the Governor’s staff.

CIO Council
The Council is an advisory group of 37 agency CIOs formed to establish technology standards for state government. The Chief Technology Officer from GTA leads the Council.

Planning document

In late 2007, the Governor directed GTA to proceed with a plan to transform state government’s IT operations. Called GAIT 2010 (Georgia Infrastructure Transformation), the plan called for consolidating IT infrastructure and moving both infrastructure and telecommunications delivery to external service providers.

At the end of restructuring GTA, GTA will have 150 FTEs and a $45 million budget. The 5-7 year contracts will be awarded by competitive bid and are expected to total $1.1-$1.6 billion. Selected service providers will likely commit approximately $40 million to:

• A second data center
• Enterprise disaster recovery capability
• Server consolidation
• Technology tools needed to manage and diagnose
• Best practice operational management

IT Governance Arrangement

Federated/hybrid

Central IT Office

Kansas Information Technology Office (KITO)

Positioned within the Department of Administration, KITO supports the statutory responsibilities of the executive, judicial, and legislative branch Chief Information Technology Officers (CITOs) and the Chief Information Technology Architect (CITA).

The Enterprise Project Management Office (EPMO) is part of KITO. It has been in existence since the late 1990’s, providing oversight to information technology. The EPMO reviews and makes recommendations for policies, guidelines, and best practices for information technology projects throughout Kansas state government. It provides consultation on major IT projects throughout Kansas government in the areas of project plan development; specification development, review, and approvals; project reporting; and project close-out. The EPMO manages the Project Management Training program, which includes the state of Kansas certification program for project management methodology. The EPMO provides the executive branch CITO support for the Information Technology Advisory Board meetings and a number of other official and ad hoc committees.

State CIO

Each governmental branch has its own appointed Chief Information Technology Officer (CITO).

Executive Branch Chief Information Technology Officer (Executive CITO)
The Executive CITO is appointed by the Secretary of the Department of Administration upon approval from Governor. The Executive CITO is a member of the Governor’s cabinet and reports to both the Secretary of Administration and the Governor. He or she reviews and consults with each executive agency regarding information technology plans, monitors compliance with all information technology policies, and coordinates implementation of new information technology. The Executive CITO also informs CITA of all deviations from the state information architecture, which the executive agencies report to him or her.

Specific responsibilities:

• Project approvals for projects above $250,000.
• Bid specification approvals for bids above $250,000.
• Reviews updates to agency three-year IT plans and submits his or her recommendations to the Division of the Budget as to the technical and management merit of information technology project estimates and information technology project changes and overruns submitted by executive agencies. He or she submits the same information to the legislative Joint Committee on Information Technology.
• Project management training.
• Project reporting.

Chief Information Technology Architect (CITA)
The CITA heads the Office of the CITA and is appointed by the Secretary of Administration, which is subject to approval by the Governor. Chief responsibilities include proposing to the Information Technology Executive Council: (1) IT resource policies and procedures and project management methodologies for all state agencies; (2) an IT architecture, including telecommunications systems, networks, and equipment, which covers all state agencies; (3) standards for data management for all state agencies; and (4) a strategic IT management plan for the state. The CITA also serves as secretary to the Information Technology Executive Council.

Roles of other agencies in state IT management

Joint Committee on Information Technology
The Joint Committee is a legislative body consisting of ten members, including five senators and five representatives. It is responsible for developing specific procedures on projects’ approval and review. These project reviews are done on a regular basis and are in accord with specific review guidelines that assist its members with determining the project’s status and possible need for change or termination.

Legislative Chief Information Technology Officer
The Legislative CITO, under the direction of the joint committee, monitors state agency execution of information technology projects and reports progress regarding the implementation of such projects and all proposed expenditures, including all revisions for the current fiscal year and for ensuing fiscal years. The Legislative CITO also reports to the CITA all deviations from the state information architecture, which the legislative agencies report to him or her.

Department of Administration
The Division of Purchases handles IT procurement for Kansas.

State Agencies
State agencies prepare and submit their three-year IT plans to the appropriate branch’s CITO for review and recommendation. After projects are funded, they are responsible for project management and periodic review. Projects over $250,000 are reported on every two months.

Governor and Legislature
As in most states, the Governor has the power to make budget recommendations to the legislature, but the legislature makes the funding decisions.

Coordination Mechanisms

Information Technology Executive Council (ITEC)
The seventeen member Council is responsible for approval and maintenance of the following: IT resource policies and procedures and project management methodologies for all state agencies; an IT architecture, including telecommunications systems, networks and equipment, which covers all state agencies; standards for data management for all state agencies; and a strategic IT management plan for the state. It provides direction and coordination for the application of the state's IT resources, and designates the ownership of information resource processes and the lead agency for implementation of new technologies and networks shared by multiple agencies in different branches of state government. The Council's members are chosen as follows: the Secretary of Administration; two cabinet and one non-cabinet agency head appointed by the Governor; the director of the Budget; the executive CITO; the legislative CITO; the judicial CITO and the judicial administrator of the Kansas Supreme Court; the executive director of the Kansas Board of Regents; the commissioner of Education; one representative of cities; one representative of counties; the network manager of the Information Network of Kansas (INK) ; and three representatives from the private sector who are chief executive officers or chief information technology officers.

The ITEC Security Council
The Security Council is a sub-council of and advisory to ITEC. It recommends and reviews policies, guidelines, and best practices for the overall security of IT systems, infrastructure, and data within Kansas state government.

Information Technology Advisory Board (ITAB)
ITAB functions as a technical resource to the Executive CITO. ITAB is made up of senior managers of state information technology organizations, along with representatives of private industry and local units of government.

Kansas GIS Policy Board
The Board is responsible for the development of standards, strategies, and policies that emphasize cooperation and coordination among agencies, organizations, and government entities in order to maximize the cost effectiveness of GIS by creating public and private partnerships throughout Kansas. The board, consisting of 37 members appointed by the Governor from state and local government agencies as well as public, private, and academic interests, provides review, coordination, and recommendations for GIS programs and investments.

Information Network of Kansas Board
The Board has ten members who are appointed by the Governor, including the Kansas Secretaries of State, Transportation, and Revenue, the president of Kansas, Inc., a representative from the Kansas Association of Libraries, and private Kansas citizens to ensure information in the public domain is administered for the public good. It oversees the Information Network of Kansas, which was created by an act of the Kansas State Legislature in 1990 to provide equal electronic access to state, county, local, and other public information via the Internet.

IT Governance Arrangement

Federated/hybrid

Central IT Office

Commonwealth Office of Technology
The Commonwealth Office of Technology (COT) is based in the Finance and Administration Cabinet. Under the 2005 Reorganization Executive Order, all IT personnel and organizations were aligned to report to the executive director of COT. All IT contracts and purchases were transferred to COT and are subject to COT review and approval. COT has the following general responsibilities:

• Overseeing shared IT infrastructure resources and services;
• Developing and implementing statewide IT applications;
• Establishing IT policy and standards;
• Strategic and tactical IT planning;
• Assessing, recommending and implementing IT governance and organization design; and
• Establishing partnerships and alliances for effective implementation of IT projects.

The offices under COT provide services throughout the state government and coordinate the IT work of all state agencies. COT is organized into three sub-offices:>

• Office of Infrastructure Services is responsible for day-to-day technical support and operation of executive branch IT resources, including overseeing shared IT infrastructure resources and services, such as large-scale computing, server hosting, IT security, data and voice communication networks, and phone systems.
• Office of Enterprise Policy and Project Management is responsible for long-term capital IT planning and project management of IT work within the executive branch.
• Office of Application Development is responsible for IT project management, consulting, and development for executive branch applications.

State CIO

State CIO and Commonwealth Commissioner of Technology
The State CIO is appointed by the Secretary of the Finance and Administration Cabinet and reports directly to the Secretary and the Governor. The State CIO also acts as the commissioner of COT. As part of his or her duties, the State CIO is responsible for ensuring that all major IT efforts are consistent with the strategic direction for IT and the Enterprise Project Management Framework. The State CIO is authorized to approve a project, recommend that remedial action be taken to ensure a project is structured for success, or may recommend that a project be deferred due to potential risks or limited availability of resources and notifies the requesting agency, the Office of the state Budget Director, and the Finance and Administration Material and Procurement Services in writing. In addition, the State CIO has final approval authority for all actions, modifications and exceptions to the state enterprise standards.

Roles of other agencies in state IT management

State Agencies
State agencies are responsible for the effective deployment and management of all IT to meet cabinet business needs and must comply with enterprise-wide IT strategies, standards, and management practices.

Participation in the IT Governance Model for the Commonwealth
Agencies create their own project proposals; however, these proposals are under the purview of the Finance and Administration Cabinet. Any IT project proposal has to be approved by the agency CIO; upon his or her approval, the proposal is forwarded to the Cabinet, where it is reviewed by the State CIO as part of an internal process. After a project is approved, the agency must submit quarterly Enterprise Project Status Reports to the State CIO.

Finance and Administration Cabinet
The Cabinet approves all IT hardware purchases above $1,000 and any software and maintenance purchases above $50,000. The Cabinet’s Office of Material and Procurement Services handles requests for procurement to determine appropriate method. COT receives and reviews agency requests internally as part of the Cabinet; requests are not submitted to them separately.

Coordination Mechanisms

Commonwealth Technology Council
The Council was formed from cabinet and agency information technology officers (ITOs) and assists the State CIO in targeting and delivering IT resources for maximum business value for the Commonwealth. It provides comments and recommendations on policy, direction, planning and legislation; works to identify opportunities and conduct joint planning for shared services implementation, sourcing, investments, and cost recovery; and provides stewardship for other state IT programs and projects. 

Enterprise Architecture and Standards Committee (EAS)
The EAS Committee is composed of multiple agency representatives who are supported in their work by several domain technical workgroups that present recommendations to the Committee for consideration. It is chaired by the State CIO, supports the enterprise perspective for governance, and defines architectural direction, maintains IT standards, recommends revisions or new standards to the State CIO, and reviews business case exceptions from agencies. The EAS supports the technology vision and principles of the Commonwealth's Strategic Information Technology Plan and promotes migration to enterprise solutions for reduced complexity and increased support.

Kentucky Wireless Interoperability Executive Committee
The Executive Committee was created to address communications interoperability, a homeland security issue that is critical to the ability of public safety first responders to communicate with each other by radio. The Executive Committee advises and makes recommendations regarding strategic wireless initiatives to achieve public safety voice and data communications interoperability.

Kentucky Geospatial Board
The Board advises the State CIO on issues relating to geographic information. It establishes policies and procedures to assist state and local jurisdictions in leveraging geographic information technology for improving public administration. Its knowledgeable membership promotes awareness, training, and education, as well as working to create partnerships for the purpose of data sharing.

Information Technology Advisory Council (ITAC)
TAC advises the State CIO on approaches to coordinating information technology solutions among libraries, schools, local governments, and other public entities. Members come from local government, education, the legislature, and include citizens and private sector representatives. It provides a forum for discussion of emerging technologies that enhance electronic accessibility to publicly funded sources of information and services. 

Enterprise emphasis

In all publications on the COT Web site, the state of Kentucky puts strong emphasis on the need for an enterprise approach to IT on a statewide level in order to take advantage of consolidation. Kentucky seeks to make technology investment decisions from an enterprise perspective and not that of a single cabinet or agency. This enterprise focus is supported through statute and the organizational structures in state government. The Commonwealth has the foundation for an enterprise approach to IT with a relatively strong shared infrastructure (e.g., enterprise architecture and standards, Kentucky Information Highway, consolidated data center, enterprise electronic mail, virus protection), but policy, planning, and budgeting issues must be resolved to address cost-effective and non-duplicating investments in IT.

IT Governance Arrangement

Centralized

Central IT Office

Office of Information Technology (OIT)
OIT is within the Department of Administrative and Financial Services and was established in 2005 by an executive order from the Governor. It consists of three main departments:

• Agency Service Center - There are nine agency IT directors (AITD) who provide management and business interfaces to one or more agencies. AITDs are responsible for building a strong partnership between OIT and the agency, and provide IT leadership within the agencies. Core enterprise services will be delivered via the OIT Core Technology Services group, allowing the AITDs the critically needed time to focus on building a strategic IT plan that maps to the agencies’ key business initiatives.
• OIT Core Technology Services - Many of the services previously provided or managed at the individual agency level are now managed centrally as part of an enterprise delivery structure. The department provides all enterprise type services, managed centrally, including Client Technologies Services, Application Services, Operations Services, Network Services, and Radio Services.
• OIT Administrative Center – The Administrative Center provides policy level services, administration, performance management, project management services, and e-government.

State CIO

State CIO

Under the 2005 executive order, all IT personnel were transferred to the central IT office under the purview of the State CIO. The State CIO is appointed by the commissioner of the Department of Administrative and Financial Services. The State CIO’s main responsibilities are to direct, coordinate, and oversee IT policy making, planning, architecture, and standardization. In addition, the State CIO is charged and empowered with the responsibility to evaluate opportunities for unified, enterprise IT initiatives and to recommend and implement such initiatives on behalf of the administration. Similarly, he or she is charged with exploring opportunities for consolidation of IT infrastructure and services and aggregation of resources among departments. The State CIO also approves hiring of all IT positions within the executive branch of the government. In addition, he or she is responsible for producing an annual report detailing the state of IT in the state of Maine.

Roles of other agencies in state IT management

State Agencies
State agencies prepare IT budgets with extensive assistance from the OIT. These budgets are then submitted to the Governor, who makes changes as needed with the help of the state budget officer. Upon the Governor’s approval, the state budget officer prepares a budget that is then submitted to the legislature.

Department of Administrative and Financial Services
The Division of Purchases within the Department of Administrative and Financial Services handles all procurement of IT.

Office of Program Evaluation and Government Accountability
The Office conducts reviews and audits at the request of the legislature’s Oversight Committee. However, there is not one legislative body with responsibility for overseeing the planning and management of the IT enterprise.

Coordination Mechanisms

CIO Council
The CIO Council was established in 2005 by the same executive order that established the Office of Information Technology. It is chaired by the State CIO, who maintains a charter for the Council that defines the duties, structure, governance, and process of the work to be performed. Members are identified and appointed by the State CIO, including representatives of both large and small executive branch agencies, a representative from a constitutional office, and any other entities identified by the State CIO. The council’s role is to facilitate communication and advise the State CIO.

The Executive Steering Committee
The Committee is a group of high level state government leaders responsible for providing strategic direction by way of aligning IT operations with state governmental business needs.

InforME Board
The Board reviews and approves all Service Level Agreements with state and municipal agencies. The Board also develops each of InforME's two-year strategic plans and provides input about InforME's priorities and policies. There are seventeen members, consisting of the Secretary of State; chief executive officers from several state agencies; the State CIO, chair; the State Librarian; a representative from both the House and Senate; a representative from the judicial branch; and eight representatives from various organizations outside of state government.

Current IT Governance framework

The 2005 restructuring was meant to “transform planning and management of IT from fragmented, agency-specific operations to integrated enterprise operations. The administration had four goals that motivated the overhaul:

• Enterprise philosophy for delivering services
• Improved effectiveness and efficiency
• IT budget savings required
• Internal assessment:

"The pace of the consolidation has been slow, steady, and with some bumps in the road. Agency Managers perceive lost ‘flexibility’ in staff assignment and in managing IT expenditures. The ability to direct immediate attention and finances to specific needs and priorities is now considered to be more cumbersome. No longer can necessary IT expenditures be deferred to accomplish other priorities, particularly if infrastructure is placed at risk. These decisions now rest with OIT. The culture changes on staff and government as a whole have challenged the new management team.”

2006 Annual Report

IT Governance Arrangement

Centralized

As of 2002, all IT functions and services were transferred to the central IT office.

Central IT Office

The Department of Information Technology (DIT)

DIT was created in 2001 by an executive order to achieve a unified and more cost-effective approach for managing information technology among all executive branch agencies. DIT provides technical and management support services to all Michigan state agencies. It is organized into the following five subdivisions:

• Bureau of Agency Services - Liaison between DIT and the individual agencies. Their role is to work with the agencies to achieve agency goals. They are responsible for ensuring delivery of agreed upon services. They work with the two other branches to make certain that agencies receive excellent customer service and that the technology solutions chosen are the best option. They also work across all agencies to identify common technology needs in order to leverage resources.
• Office of Employee and Financial Services- Responsible for the oversight of the department's human resource functions, facilities management, and budget and financial management. 
• Bureau of Infrastructure Services - Responsible for maintaining and supporting the state's information technology infrastructure. They are accountable for desktop services, field services, data center services, telecom & network management, and technical services.
• Office of Security - Responsible for identifying, managing, and mitigating security risks and vulnerabilities within Michigan state government computing resources. OES is charged with disaster recovery planning, risk management, security awareness and training, working with state agencies to assist with their security issues, and enforcement of state security policies and procedures.
• Office of Strategic Policy - Its role is to assure, through policies, standards, and research, the consistent, efficient, and effective delivery of information technology services.

DIT assists the State Budget Office with the development of IT budgets for the executive branch.

State CIO

State CIO and Director of Department of Information Technology

The State CIO is appointed by the Governor to be in charge of DIT and sits on the Governor’s cabinet.

Roles of other agencies in state IT management

State Agencies
State agencies create an IT budget request that is submitted to DIT and the State Budget Office.

The State Budget Office
With assistance from DIT, the Budget Office creates IT budgets for the executive branch. The review is designed to ensure that the budgets only include those proposals that fit into the overall strategic information technology management plan of the state and provide a reasonable return on investment are included.

Governor and legislature
The Governor submits his budget to the legislature for approval.

Coordination Mechanisms

Given the centralized nature of Michigan’s IT, the majority of the coordination mechanisms in place are internal to DIT.

Internal coordination mechanisms:
Strategic Management Team (SMT)
This team consists of IT leaders in nineteen agencies and the IT functional leaders for infrastructure, desktops, helpdesk, field services, administrative areas, cross boundary initiatives, finance and human resources. The SMT uses the Enterprise IT Portfolio Governance and Management Model to align, review, and prioritize projects across the state enterprise. Their goals are to deliver better balance between different types of investments, ensure flexibility and agility to keep up with new or changing political priorities, and to gain consensus among a broad group of IT stakeholders.

The Core Enterprise Service Team (EST Core)
The EST Core is tasked with the tactical implementation of the plan that Strategic Management Team develops. The division leaders that report to the SMT executives make up the EST-Core. This team works together to ensure cross-agency functions and to assign specific resources and timelines to each deliverable of the Strategic Plan. The Enterprise Services Team (EST-Extended) then makes the strategic plan operational. These two teams work together to achieve several goals:

• Evaluate the progress made on previous plan commitments.
• Develop vision and mission statements for the agency.
• Complete SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis and review input from all other MDIT teams.
• Determine top agency business drivers.
• Take oversight responsibility for defined sections of the plan.
• Develop initiatives and targets for each IT plan goal.
• Measure the progress on key initiatives throughout the life of the plan.

Enterprise Architecture Core Team (EA Core)
The Office of Enterprise Architecture facilitates this cross-departmental team of MDIT technical leaders and specialists. The team includes appointed staff from all facets of the DIT organization: Contracts and Procurement, Enterprise Security, Office Automation Services, Telecommunications, Data Center Services and each software development group serving the state agencies. It has the authority to oversee the assessment, adoption, and use of technology in the state. They establish and utilize processes and procedures to assess technology needs across the four enterprise architecture framework areas. Decisions of the EA Core team are binding for the DIT organization, but are subject to review and approval by DIT executive management. The architects that make up the EA Core Team have several roles:

• Oversee and advise DIT architecture workgroups and standards development teams.
• Work with DIT Contract Office to establish the criteria for technology bids.
• Develop processes information dissemination and communication.
• Maintain and oversee the processes to select, review, evaluate, approve or deny, and prioritize EA, to include IT standards, policies, strategies, architectures, and guidelines.
• Conduct technical process engineering.
• Perform EA portfolio analysis.
• Oversee technology exception reviews.
• Review and evaluate vendor proposals.

Coordination Mechanisms

External coordination mechanisms:
Michigan Information Technology Executive Council (MITEC)
MITEC was established by the State CIO as an advisory body on current business, service, and technology support needs and to assist with development of longer-term IT goals. It is chaired by the State CIO and the membership consists of departmental deputy directors, administrative officers, or comparable level executives or administrators from each department; three representatives from the legislative branch; and one representative from the judicial branch.

Horizon and Spotlight Programs
The Horizon program provides the vendor community access to executive leadership on a monthly basis. Suppliers whose products match state priorities may provide brief presentations to the leadership team. The Spotlight Program provides an opportunity for suppliers to provide in-depth demonstrations to executives and subject matter experts.

Enterprise portfolio framework

Michigan Portfolio Assessment Framework
The Strategic Management Team (SMT) “uses the signature Michigan Portfolio Assessment Framework to create process and traceability, and to provide transparency into the IT investment decision making that builds the enterprise portfolio. This framework evaluates possible projects or investments using “Value” and “Risk” measures. A key tenet it that it is not focused on trying to define an absolute correct investment, but is designed to reflect an agreed consensus of the priorities of the SMT.

“A unique underpinning of the Michigan Portfolio Assessment Framework is that since public sector projects are often attached to policy positions or legal mandates that cannot be undone; the Risk profiles are a guide to which risk mitigation techniques must be applied, as opposed to which projects should be avoided. So the framework qualitatively measures the risk profile of each project to ensure the proper oversight levels from the portfolio monitoring that the SMT performs, as well as the project specific management and monitoring that Michigan’s Project Governance and Control Office model will provide.

“These Value and Risk scores provide enterprise priority to projects and are used by the Strategic Management Team to build their IT portfolio.

“The broad portfolio view better balances internal and customer directed investments, diversifies the risks while at the same time broadening the impact of successful emerging technologies, and enabling the identification of innovative cross boundary opportunities.”

Michigan submission to NASCIO 2007 Recognition Awards Category

IT Governance Arrangement

Federated/hybrid

Central IT Office

Office of Enterprise Technology (OET)
OET was established in 2005 as part of an overall project of reforming government services and processes in the state. It is led by the State CIO and, within the founding statute, its roles and responsibilities are defined as follows: “provide oversight, leadership, and direction for information and telecommunications technology policy and the management, delivery, and security of information and telecommunications technology systems and services in Minnesota.”

It provides the state enterprise services in three critical areas: technical services, oversight services and planning services.

• Technical services consist of IT infrastructure and applications that are "shared services" (available to and used by more than one agency), or "utility services" (common to and used by all agencies). Examples include the state's primary data centers, telecommunications networks, and security services.
• Oversight services focus on those functions that assist the State CIO in prudently and effectively managing all of the state's IT assets and include such activities as enterprise architecture, agency planning and budget reviews, program and portfolio management. Other support functions such as measurement, financial management, and reporting are part of this functional area.
• Planning services include statewide strategic information master planning, development and dissemination state information policies on a variety of issues, and management of IT asset standards and processes.

OET reviews and approves state agency and intergovernmental IT efforts and provides information to the legislature regarding projects reviewed and recommend projects for inclusion in the Governor's budget. OET also ensures cooperation and collaboration among state and local governments in developing intergovernmental IT systems and services; defines the structure and responsibilities of a representative IT governance structure: and identifies, sponsors, develops, executes, and maintains shared IT projects.

State CIO

State CIO
The State CIO is appointed by the Governor to a commissioner-level role and reports directly to the Governor. The CIO is responsible for the following tasks:

• management of enterprise and shared services operations,
• obtaining feedback from a broad array of governmental entities to ensure enterprise-wide collaboration and consideration of broader needs in devising statewide strategies, and
• leading a collaborative IT planning and strategy process with agency CIOs.

The State CIO has the power to determine when the use of shared IT systems is desirable and to require state agencies to use such systems. He or she also coordinates, reviews, and approves all IT projects over $1,000,000 and oversees the state's IT systems and services, as well as establishing and enforcing compliance with standards for IT systems and services. The State CIO submits to the legislature an explanation of any IT project included in the Governor’s budget that involves collaboration between state agencies and an explanation of how the budget requests of the several agencies collaborating on the project relate to each other. The State CIO also prepares a biannual state inventory of IT, including information on how the technology fits into the state's IT architecture. For any project approval, the State CIO must ensure the following: the project is compatible with the state information architecture; the agency is able to accomplish the goals of the phase of the project with the funds appropriated; and the project supports the enterprise information technology strategy.

Roles of other agencies in state IT management

State Agencies
State agencies have budget execution authority for approved agency-specific IT initiatives and are accountable for execution of projects within the enterprise IT strategy. Certain agencies will be in charge of creating and maintaining “shared” services and any projects over $1,000,000 must be divided into distinct phases, which are subject to individual review by OET; unless OET issues an approval of each phase, the project will not receive further funding.

Department of Finance
The Department appropriates funding for individual IT projects. When notified by the State CIO that a project has not been approved, the commissioner of Finance must cancel the unencumbered balance of any appropriation allocated for the project.

Coordination Mechanisms

Commissioners Technology Advisory Board (CTAB)
CTAB is an advisory body of cabinet-level commissioners, including seven rotating members to ensure continuity and congruence of IT strategies with the Governor's vision, along with agency business perspectives. CTAB is chaired by the State CIO and it provides review, consultation, and feedback to the State CIO about enterprise IT strategies and policies. It also reviews the budget and performance metrics of enterprise and OET systems.

Technology Business Advisory Council The Council is made up of private sector CEOs, CIOs, COOs, and senior executives from innovative companies in industries such as IT, banking, insurance, health care, manufacturing, and venture capital management. They advise the State CIO on technology and information management strategies and suggest areas of emphasis and process improvement for state agency processes impacting the business community. The members are appointed by the State CIO.

Agency CIO Advisory Council
The Council is constituted by seven state agency CIOs appointed by the State CIO with the State CIO acting as chair. It provides advice to the State CIO on issues of IT policy and practices and it can sponsor ad hoc subcommittees and subject matter expert teams to address special interest topics. In addition to the small CIO advisory council, the State CIO also conducts quarterly meetings with the entire group of CIOs or equivalents from all agencies and boards comprising state government.

Information Security Council (ISC)
ISC is comprised of appointed representatives from state agencies who are responsible for recommending enterprise security policies, procedures, and standards. They monitor enterprise security policies, procedures, and standards for continued applicability and appropriateness. They also discuss and recommend for approval or disapproval exceptions to enterprise security policies, procedures, and standards. ISC is chaired by the Enterprise Chief Information Security Officer.

Enterprise IT Governance Components

In its planning document, Minnesota identified three types of IT functions in the state system:

• Utility services are the responsibility of the central IT office, including information management common to the entire enterprise, such as establishing the state architecture and technology standards, information management policies, setting of enterprise strategies and priorities, and operation of state enterprise common functions like data centers, networks, security, and planning.
• Shared services are created and maintained by one agency, usually an existing center of excellence, to service multiple agencies with similar functions to facilitate sharing of applications and data, based on the enterprise foundation of architecture, policies, and programs. This permits leveraging of investments, supports efficient operation of systems, reduces the administrative burden on citizens, and promotes interchange of data.
• Agency-specific processes and systems meet the unique needs of agencies for customized programs to support their missions. While these applications must adhere to the state architecture, policies, standards, and best practices, their functionality is so individual in nature that sharing is unlikely to add value.

Minnesota’s governance strategy has six key components:

IT Governance Arrangement

Federated/hybrid

Central IT Office

Chief Information Officer/Office for Technology

CIO/OFT provides centralized technology policies and services. OFT was established in 1997 by a New York state technology law. In 2002, Executive Order 117 was issued, which established the position of the State CIO. In 2008, the two agencies merged together under the direction of the State CIO, without an explicit legislative or executive mandate.

State CIO

State CIO
The State CIO is appointed directly by the Governor, but is not part of the Governor’s cabinet. The CIO reports to the Deputy Secretary for Technology, Operations, and Gaming. The primary roles and responsibilities of this position are (1) overseeing management of the CIO/OFT; (2) overseeing, directing, and coordinating the establishment of information technology policies, protocols, and standards; (3) overseeing and coordinating the development, acquisition, deployment and management of IT resources; and (4) coordinating and facilitating information sharing among state government, local government, other states, the federal government and institutions of higher learning to promote the use and deployment of IT that will improve the delivery of government services.

The State CIO also reviews and approves agencies’ Plans to Procure for consistency with statewide policies and to evaluate the potential for collaboration with other agencies. CIO/OFT reports quarterly to the Division of Budget on approved procurement requests and the associated expenditures anticipated by fiscal year. Additionally, CIO/OFT provides agencies with feedback related to their review, allowing the opportunity for each project to be modified to achieve an approval. The State CIO also reviews agencies’ annual technology plans.

The State CIO also serves as the chair of the CIO Council.

Roles of other agencies in state IT management

State Agencies

State agencies must notify CIO/OFT of any purchases of technology and technology-related products or services meeting the following guidelines:

• any technology goods or services equal to or greater than $50,000;
• any aggregate commodity contract or any enterprise/universal licensing contract purchase regardless of dollar amount; or
• any exception to an aggregate or enterprise contract regardless of dollar amount.

Agencies also participate in a statewide IT planning process through the development of their Annual Technology Plans that are submitted to CIO/OFT to facilitate dialogue among operating agencies, the Division of the Budget (DOB), and CIO/OFT.

Division of the Budget (DOB)
DOB reviews agencies’ Plans to Procure and approves IT expenditures for agencies that are more than $1 million. IT expenditures that do not reach this threshold do not need DOB approval; however, a certificate of allocation approved by DOB is required to verify available funding before an agency may proceed to the final stages of procurement.

Office of General Services (OGS)
OGS is responsible for IT procurement for all state agencies and reviews agencies’ Plans to Procure in conjunction with CIO/OFT and DOB.

Office of the State Comptroller (OSC)
OSC approves all requests for technology purchases. OSC will not approve any requests for technology purchases that are not accompanied by the required authorizations from DOB or by a project approval from CIO/OFT.

Coordination Mechanisms

CIO Council

The CIO Council was established in 2002 to provide a venue for information sharing and promotion of interagency collaboration. It is also a mechanism for facilitating communication between CIO/OFT and other state agencies and authorities. The membership consists of state agencies and authorities, as well as representatives from local governments.

Integrated Justice Advisory Board (IJAB)
The main objective of IJAB is to facilitate integration of criminal justice information from all member agencies and to ensure that information needed to support criminal justice is available through a single portal. IJAB is comprised of the CIOs from the Department of Correctional Services DOCS, the State Police, the Division of Parole, the Division of Probation and Correctional Alternatives, the Division of Criminal Justice Services (DCJS), and the Office of Homeland Security. Since DCJS provides technology support services for the Division of Probation and Correctional Alternatives, the Office for the Prevention of Domestic Violence, the Board of Examiners of Sex Offenders and the Crime Victims Board, these agencies are also represented in IJAB. The Governor’s Assistant Secretary for Criminal Justice oversees IJAB.

IT Governance Arrangement

Federated/hybrid

Central IT Office

Office of Information Technology Services (ITS)

ITS is nested within the Department of Administration and headed by the State CIO. It provides much of the IT used by state agencies, local governments, and educational institutions including hosting, network and video services, telecommunications, and enterprise services.

It is divided into three subdivisions:

• The Office of the State CIO
  This office supports the State CIO and has broad authority in planning and budgeting, purchasing, project approval and oversight, and security. It includes the following sub-offices:
  • Enterprise Security and Risk Management Services, which supports the State CIO in the performance of duties and responsibilities associated with IT risk management and information security
  • Enterprise Project Management Office
  • Financial Services, which provides services in the areas of budgeting, financial reporting, accounting, and purchasing to ITS divisions, state agencies, vendors, and all ITS customers.
  • Personnel Services
  • Statewide IT Procurement Office, which has responsibility for procurement of IT products and services in order to maximize the state's IT purchasing power.
  • IT Policy and Program, which assists the State CIO in statewide projects and the development of strategic planning documents.
• Office of the Enterprise
  • Consolidation Initiatives
  • IT Alignment with Business Strategies
  • Operational Excellence Program
  • Statewide Technical Architecture/Engineering
• Office of Operations
  • IT Support Services
  • ITS PMO/Service Transition
  • Service Delivery
  • Client Services
  • Service Level Management

State CIO

State CIO

The State CIO is appointed by Governor and by statute is responsible for leading the Office of Information Technology Services and has broad authority in planning and budgeting, purchasing, project approval and oversight, and security. The State CIO develops the State Information Technology Plan and has authority (session Law 2004-129) to review and approve all state IT projects that cost $500,000 or more; projects that are denied have a dispute resolution process, including a review process with the State Comptroller, the Office of State Budget and Management, and the Secretary of Administration. The State CIO is advised by the Information Technology Advisory Board and other IT boards and commissions

Roles of other agencies in state IT management

State agencies

Each state agency creates and submits an agency IT plan to the Information Technology Advisory Board for review. After the plan is reviewed it is forwarded to the State CIO for approval and recommendation for inclusion in the state budget (all IT projects above $500,000 must have an approval from the State CIO). Agencies manage their own IT projects; however, they must identify an IT project manager who meets specific state qualifications and who is subject to review and approval by the State CIO. The project manager must submit periodic reports to the Office of the State CIO.

State Legislature
The Joint Legislative Oversight Committee on Information Technology is part of the General Assembly and its role is to review current IT issues that impact public policy. The goals and objectives of the Committee are to coordinate the use of IT by state agencies in a manner that assures that the citizens of the State receive quality services from all state agencies and that the needs of the citizens are met in an efficient and effective manner. The Committee makes recommendations to the General Assembly on ways to improve the effectiveness, efficiency, and quality of state government IT.

Coordination Mechanisms

Information Technology Advisory Board (ITAB)

ITAB is located within the Office of Information Technology Services (ITS) for organizational, budgetary, and administrative purposes. They review and comment on the state IT plan, the IT plans of the executive agencies, and statewide technology initiatives. They work in conjunction with the Office of State Budget and Management, the State CIO, and the State Controller to develop a plan to consolidate information technology infrastructure, staffing, and expenditures where a statewide approach would be more economical. The board consists of nine members appointed by the Governor (2), the President Pro Tempore of the Senate (2), by the Speaker of the House of Representatives (2), by the Chair who is selected by the Governor (2), and of the State Controller, ex officio.

NC 911 Board

• State CIO is a member of this group
• Monitors proceeds from 911 service charge

Other user groups: There are several other user groups such as:

• DB2 User Group
• Middleware User Group
• Tech Share Group

IT Governance Process

IT Governance Arrangement

Federated/Hybrid

Central IT Office

Office for Information Technology (OA/OIT)

OA/OIT is nested under the Office of Administration and is headed by Deputy Secretary for Information Technology (equivalent to a State CIO). OA/OIT is the executive agency responsible for leading and coordinating IT services in the Commonwealth in accordance with policy, planning, and budget directives adopted by the Enterprise Information Technology Governance Board. They lead cross-agency prioritization of IT investments through a collaborative approach to ensure that the Commonwealth is leveraging existing solutions to maximize investments and encourage common service and resource utilization across the enterprise, and to ensure that the business side of government is the driver behind technology.

Office of Executive Deputy Chief Information Officer
They are responsible for coordinating Communities of Practice (CoP) through the Deputy Chief Information Officers assigned to each of the four CoPs: Health and Human Services (HHS), Public Safety (PS), Environment (ENV), and General Government Operations (GGO). The Deputy CIO for a Community of Practice is responsible for reviewing, approving, and recommending to the Deputy Secretary for Information Technology all agency and central IT senior management appointments and supervising and conducting performance reviews of agency CIOs within the respective CoP.

• Bureau of Infrastructure and Operations
• Bureau of IT Services and Solutions
• Bureau of Integrated Enterprise Systems
• Bureau of Enterprise Architecture

The Office reviews and approves all agency IT projects over $100,000. They establish, through the CoP process, a Commonwealth-wide IT strategic plan, IT strategic plans for each CoP, and individual agency IT strategic plans that ensure IT projects funded in the Governor's budget are the most critical, are aligned with enterprise goals, and are delivered in a collaborative, non-redundant manner.

State CIO

Deputy Secretary for Information Technology

The Deputy Secretary for IT is appointed by the Governor.

Roles of other agencies in state IT management

State Agencies
Each agency has a central IT organization within their agency to manage IT processes and to submit an annual strategic plan to OA/OIT. The plan must comply with enterprise hardware, security, and with the creation of a single IT budget for their agency. The budget creation process is as follows: each agency’s secretary must approve and “rank” his or her agency’s technology projects (by ROI, risk, and with strategic business priorities and collaboration across agencies); these ranked projects go to the appropriate Community of Practice where they are discussed and prioritized. Once the CoPs rank the IT projects falling into their domain, the Enterprise IT Governance Board reviews the projects and makes funding decisions for the Governor’s budget.

Office of Administration
The Office reviews, approves, and negotiates all IT contracts. Its IT Contracts Office manages all IT procurements for agencies under the jurisdiction of the Governor and implements the IT consolidation effort in order to maximize the deployment of cost-effective quality IT services.

Governor and Legislature
As in most states, the Governor presents his final budget proposal to the legislature for final funding decisions.

Coordination Mechanisms

Enterprise Information Technology Governance Board
The Board was established in 2004 and consists of the Secretaries of Administration, Budget, and General Services; the Governor’s Chief of Staff; and the Deputy Secretary of IT. Their role is to oversee IT governance for the state and to counsel the Governor on the development, operation, and management of IT investments, resources, and systems. They have the authority to resolve interagency disputes, make and implement recommendations on staffing and operational issues, monitor project performance, and perform all other such duties as assigned by the Governor. They also review CoPs’ projects and make funding decisions for Governor’s budget.

Communities of Practice (CoP)
There are four Communities of Practice: Health and Human Services; Public Safety, Environment, and Government Operations.

The CoPs are crucial to Pennsylvania’s IT and business integration strategy because they cluster agencies with similar missions and needs to promote integrated technology solutions across these agencies. The CoPs are encouraged to create projects together and are required to prioritize projects for all agencies within their domain based on several factors: return on investment, risk, alignment with strategic business priorities, and collaboration across agencies. Although most states do have community of practice groups, usually centered around GIS or public safety, Pennsylvania is the only one to formalize this concept and involve all executive agencies in this process. The CoPs were purposely created in order to bring the business side of the individual agencies into the IT planning process as the assumption is that it is the business that should be the driving agent behind IT applications.

As explained above, the CoPs are managed through deputy CIOs within the central IT office. Each are responsible for one of the four areas to oversee the execution of the plan within each CoP. The deputy CIOs help resolve issues, approve projects, coordinate budgeting and funding, and work to define common business processes and functions across all agencies to increase business effectiveness.

Enterprise IT Governance Committee (EGC)
The EGC provides strategic leadership and direction for IT investments and standards implementations. Its purpose is to provide direction to the IT Governance Board and OIT regarding overall technology governance within Pennsylvania. The EGC is comprised of senior agency directors and CIOs and represents agency IT issues and needs. The EGC directs the analysis, creation, delivery, and management of shared services.

Enterprise Architecture Standards Committee (EASC)
The EASC supports the gathering, review, and analysis of Commonwealth business requirements and makes recommendations on technology solutions based on research and analysis performed by various domain teams established around a specific topic, such as access, application and others. They guide the development of IT standards and policies on behalf of the enterprise. Membership for the EASC is comprised of agency CIOs, IT Managers, Chief Technology Officers, IT Strategic Planning Managers, OIT Community of Practice, and Enterprise Project and Strategic Planning Managers.

Office of Geospatial Technology
This office is responsible for researching the needs of Commonwealth agencies requiring geospatial information systems and solutions. It has established governance structures to coordinate research and resources across the CoPs, Commonwealth agencies, and local government organizations.

All four OIT CoPs are involved in the use and adoption of geospatial technologies to concentrate on common geospatial needs that can be met as a shared service and identify common business problems across each community.

IT Governance processes – past and present

“In 2002, Pennsylvania had a federated IT model with over 43 IT agencies under the Governor’s control. The role of the Central IT agency was to provide application services and infrastructure services and establish technology policy. Since 1995, when the OA/OIT was formed, it mainly focused on coordinating infrastructure services. Each agency designed and built its own applications, networks and data centers. Investment decisions were made by individual agencies for specific projects resulting in redundant infrastructures and non-standard technology solutions. In 2004, a new model was launched, to a centrally controlled and locally delivered model where the model is centralizing infrastructure, strategic planning and procurement, while allowing technology organizations to focus on business solutions delivery. The Keystone Plan was implemented via Executive Order 2004-8, which was amended at the end of 2005, and titled Enterprise Information Technology Governance Board. The Executive Order directed interagency IT coordination through an IT Governance Board chaired by the State CIO. The Communities of Practice structure was established with work flow processes, to develop strategic plans that review IT expenditures, and set Architecture standards. The keystone of this model was the principle that IT management must be closely aligned with business management. The acquisition, development and deployment of IT solutions must be sponsored by, and within the line of business management. Expensive technology projects with long lead times under a “build it and they will come” justification are no longer acceptable. Instead, IT must now justify technology investment in business terms and within time frames visible by management. The establishment of the Communities of Practice and Shared Services were the primary initiatives to refocus the Commonwealth’s IT culture from technology to business and from agency/project centric to enterprise centric with vertical alignment to business functions.”

The Commonwealth of Pennsylvania’s Keystone Plan (2006-2009):
The Evolution of Citizen Centric Government Services

IT Governance Arrangement

Federated/hybrid

Central IT Office

Department of Information Resources (DIR)
DIR functions as a central resource for policy direction and the efficient implementation, procurement, and management of information technology (IT) within Texas government. DIR is an executive agency governed by a ten-member Board of Directors.

The agency operates under five divisions with the following core functions:

• Strategic Initiatives Division – Statewide Standards, Enterprise Application Planning, Policy and Reporting, State Project Delivery, and Technology Innovation
• IT Security Division – Security Policy and Statewide Security Initiatives
• Telecommunications Division – Enterprise WAN and Internet Operations, Enterprise Services, and Enterprise Support
• Statewide Technology Operation Division – Messaging and Collaboration, Operations Integrity, and Operations Logistics
• Service Delivery Division – Contract Management, Customer Services, Information Resources Management and Information Technology Services, Accounting, and Human Resources

State CIO

State CIO
The executive director of the agency serves as the state’s Chief Technology Officer (CTO). In addition to the state’s CTO, the Executive Office includes an executive assistant, director of Special Projects, the agency’s legislative liaison, general counsel, chief financial officer, and five financial and budget analyst positions. The Executive Office provides overall leadership and direction to the agency and coordination of key agency initiatives.

The executive director has authority for all aspects of information technology for state agencies, including:

Roles of other agencies in state IT management

State Agencies
Individual agencies are responsible for developing their IT project plans and budget on an annual basis, but may request and receive assistance from DIR. Every two years, each Texas state agency and institution of higher education is required by Texas Government Code 2054.097 to develop an information resources strategic plan (IRSP).

There are three critical roles within the agencies for every major IT project:

• Agency Head: the top-most senior manager with operational accountability for an agency who approves each phase of the project.
• Executive Sponsor: a non-IT senior-level manager who oversees the project from a business perspective.
• Technology Sponsor: a senior-level IT manager, usually the agency information resource manager, who oversees the project from a technical perspective.

Legislature
The legislature has an active role in state IT management via their involvement in the Quality Assurance Team, which is described in greater detail in the Coordination Mechanisms section below. In addition, the Legislative Budget Board also approves projects in the agency’s Biennial Operating Plan after budget appropriations are complete.

Coordination Mechanisms

DIR Board of Directors
DIR is governed by a ten member board composed of seven voting members appointed by the Governor, with the advice and consent of the senate. One member must be employed by an institution of higher education.

Voting members of the Board serve for staggered six-year terms. Two groups, each composed of three ex-officio members, serve on the board on a rotating basis. The ex-officio members serve as nonvoting members of the Board. Ex-officio members serve for two-year terms and only one of the following groups serves at a time:

• Group 1: the commissioner of insurance, the executive commissioner of the Health and Human Services Commission, and the executive director of the Texas Department of Transportation.
• Group 2: the commissioner of Education, the executive director of the Texas Department of Criminal Justice, and the executive director of the Parks and Wildlife Department.

To be eligible to take office or serve as a voting or nonvoting member of the Board, a person appointed to or scheduled to serve as an ex-officio member must complete at least one course of a training program that provides information regarding the Board’s history and function.

The Board is responsible for reviewing DIR’s strategies and performance. Specifically, they review and approve the state IT strategic plan that DIR develops to ensure it aligns with state strategic priorities. In its founding legislation, the Board is also tasked to develop and implement policies that clearly separate the policymaking responsibilities of the Board and the management responsibilities of the executive director and the staff of the department.

Texas Building and Procurement Commission (TBPC) Contract Advisory Team
The TBPC is a group made up of the CTO, representation from the Office of the Attorney General, Comptroller of Public Accounts, and Office of the Governor to review and approve state agency technology solicitation plans.

Telecommunications Planning and Oversight Council (TPOC)
TPOC’s responsibilities include establishing policies for the system of telecommunications services managed and operated by DIR; reviewing financial information; overseeing strategic and operational planning for the state’s telecommunications network; evaluating TEX-AN usage; developing service objectives and performance measures for CCTS and TEX-AN; and reviewing the performance of services provided by DIR to CCTS and TEX-AN customers.

Members represents each of the following entities:

• The Texas Public, Telecommunications Expertise (2)
• Local Government (1)
• Higher Education (1)
• The University of Texas System (1)
• State Comptroller's Office (1)
• Texas A&M University System (1)
• Public Education, K–12 (1)
• Small State Agencies (1)
• Health and Human Services Commission (1)
• Department of Information Resources (1)

Coordination Mechanisms (Continued)

Quality Assurance Team (QAT)
The QAT is a state-level entity with a primary purpose of reviewing the status of major information resources projects and making recommendations to the legislature to reduce the risk of project overruns and failures. The QAT fulfills its purpose primarily by executing the following strategies:

• implementing a standard, repeatable, predictable, and transparent quality assurance process;
• reviewing deliverables produced by projects, including proactive monitoring of project outcomes;
• requiring development of a corrective action plan for projects based on identification of project risks;
• reporting to stakeholders (state leadership, agency leadership, agency project team) the QAT assessment of the health and overall status of projects; and
• elevating significant issues to state leadership and advise on alternative methods for correction.

QAT membership consists of one representative each from the following organizations: the Legislative Budget Board (LBB), the State Auditor’s Office (SAO), and the Department of Information Resources (DIR). Appointment of that member is left to the discretion of the individual organizations. One member of the QAT serves as a facilitator to help ensure a continual focus on fulfilling QAT responsibilities.

Peer Review Opportunities
DIR actively seeks input from agencies, experts in information technology, and outside stakeholders who might have ideas that will enhance DIR's work products. Many of DIR's reports, guidelines, and work products are examined by peer review. DIR solicits input from other government agencies, the private sector, and the public. On completion of a peer review, DIR reviews comments and makes revisions as appropriate. There are three main avenues for external peer review of DIR work products: formal workgroups, focus groups, and the posted for review process.

• Formal Workgroups are convened by DIR to address a specific initiative. These workgroups meet regularly for an established period of time to assist in the development of products that may be adopted by DIR. Products from these workgroups are subject to a pre-posted for review process to enable the workgroup to provide comments on draft documents that they helped develop. DIR will reconcile and coordinate feedback from the workgroup and others and finalize and publish the products.
• Focus Groups enable DIR to obtain feedback on draft documents from a selected group of experts. When DIR convenes a focus group to provide input on a specific topic, an announcement is made on the DIR policy announcements listserv. Interested individuals can register to participate in a focus group specific to their area of expertise. To ensure that focus group participants can provide expert input on a certain topic, DIR will consider the skill set of the individual before confirming his or her participation in the focus group.
• Posted for Review Process occurs when documents are placed in the posted for review section of the DIR Document Library, which are available for review and comment for a set period – usually 30 days. Visitors to the DIR Web site will have the opportunity to comment on draft DIR documents through an online comment form. Anyone can submit comments or concerns about a specific document for DIR consideration.

IT Governance processes – past and present

“Almost forty years ago, the Texas Legislature began to address the challenges associated with agency management of information resources. Responsibility for the review of information resources expenditures has been assigned to various regulatory agencies through the years. In 1989, the Legislature enacted Chapter 2054, Texas Government Code (the Information Resources Management Act) which comprehensively addressed major aspects of information technology (IT) management. This legislation established DIR to coordinate and direct the use of information resources technologies by state agencies and provide the most cost-effective and useful retrieval and exchange of information within and among state agencies, and to Texas residents and their elected representatives.

The oversight of information resources management has evolved from individual procurement reviews to a more strategic process focusing on shared success and shared responsibilities for state information resources. The alignment of agency business operations and technology management is critical to accurate and efficient state operations. An emphasis on cooperative projects in state government has resulted in increased facilitation activities for DIR, including the development of a statewide approach to project delivery, enterprise architecture, IT security management, and messaging.

DIR’s responsibilities and authority have evolved since its creation. Most recently, the 79th Texas Legislature signaled a clear mandate for the state to restructure the roles and responsibilities for its investment in information and communications technology. DIR responded to this mandate in its 2005 State Strategic Plan for Information Resources Management. The 79th Texas Legislature enacted a series of technology bills that support the continued implementation of a shared statewide technology infrastructure.”

DIR Overview of Agency Scope and Functions
http://www.dir.state.tx.us/dir_overview/index.htm

IT Governance Arrangement

Federated/hybrid

Central IT Office

Virginia Information Technology Agency (VITA)
VITA is the Commonwealth's consolidated, centralized information technology organization. Its responsibilities fall into three primary categories:

• Operation of the IT infrastructure, including all related personnel, for the executive branch agencies declared by the legislature to be "in-scope" to VITA;
• Governance of IT investments, in support of the duties and responsibilities of the Information Technology Investment Board and the State CIO of the Commonwealth;
• Procurement of technology for VITA and on behalf of other state agencies, including institutions of higher education. It develops policies, standards, and guidelines for the procurement of IT and telecommunications goods and services

VITA oversees the pre-selection, selection, control, and evaluation of strategic and designated IT projects and procurements to support executive branch agency business objectives. All agency projects must be submitted to VITA for review and recommendation of its approval or rejection to the State CIO. VITA has the following sub-offices:

• Service Management
  The Agency Performance Managers (APMs) serve as advocates for agencies and provide a conduit into the VITA IT Infrastructure Partnership. Aligned by Secretariat(s), APMs handle tactical and operational issues for the agencies.
• Commonwealth Security and Risk Management
  Provides IT security support to the state via liaisons with all levels of government entities, as well as the private sector .
• Customer Account Management
  Responsible for understanding agencies’ business needs and helping to align technology with business strategies.
• IT Investment and Enterprise Solutions
  Provides services in three ways: supporting statewide IT governance and oversight activities; providing or assisting in developing enterprise technology solutions; and developing and supporting VITA's internal technology applications.
• Finance and Administration
  Handles all financial and procurement aspects of VITA.

State CIO

Secretary of Technology
The Secretary of Technology is appointed by the Governor and is a member of the Governor’s cabinet. He or she sits on the Information Technology Investment Board and oversee Virginia's Center for Innovative Technology (CIT) and the Virginia Information Technologies Agency (VITA). He or she functions as an adviser to the Governor and focuses on operational policy for government and promoting economic development relative to the technology industry.

State CIO
The State CIO is appointed by the Information Technology Investment Board (ITIB) and serves as chief administrative officer of VITA. He or she is responsible for developing a statewide four-year strategic plan for IT. The Council on Technology Services advises the State CIO on development of this plan, which is updated annually and submitted to ITIB for approval. The State CIO also reviews budget requests over $100,000 for IT from state agencies and recommends budget priorities to ITIB.

The State CIO directs the development of any statewide or multiagency enterprise project. He or she can disapprove projects between $100,000 and $1 million that do not conform to the statewide information plan or to the individual plans of state agencies. He or she also reviews and approves all procurement solicitations involving major IT projects. The State CIO has the authority to direct the modification or suspension of any major IT project that has not met the performance measures agreed to by the State CIO and the sponsoring agency, as well as to recommend that ITIB terminate any such project. The State CIO has the final authority to approve proposed contracts for the award of the project.

Chief Application Officer (CAO)
The CAO is a fairly new position established in January 2008 in response to a December 2007 audit, which showed that although progress has been made in establishing enterprise IT governance, the state lacked an enterprise governance and investment management program over total IT spend, with control being fragmented among VITA, individual agencies, and ITIB.

The CAO has the following responsibilities:

• develop an application governance model,
• improve standardization of data across our administrative systems by developing key data standards,
• extend the Commonwealth’s portfolio to include current applications used to conduct state business,
• provide funding recommendations, to include support for statewide initiatives,
• develop support strategies to assist agencies where beneficial to government and the citizen, and
• leverage the Virginia Enterprise Applications Program to continue identification and exploitation of enterprise solutions that span agency boundaries.

Roles of other agencies in state IT management

State Agencies
State agencies prepare annual IT project proposals and budgets that are reviewed by the State CIO and then forwarded to ITIB for approval. Agencies retain control over IT budgets for maintenance of existing systems and control the maintenance and operations of legacy systems.

Governor
The Governor controls the budget process, which is biennial, rather than long-term.

IT Infrastructure Partnership
Virginia has partnered with a private contractor to provide IT services to Virginia state government. Northrop Grumman is responsible for the service delivery of the Commonwealth's IT infrastructure needs, with oversight from VITA

Coordination Mechanisms

Information Technology Investment Board (ITIB)
ITIB provides oversight for state government IT reform and reviews and prioritizes enterprise-wide technology investments across state government. The ten member board is appointed by the Governor and the General Assembly. It consists of eight citizen members and two ex-officio members, the Secretary of Technology, and the Auditor of Public Accounts. The Board appoints the State CIO and provides strategic direction for the use of technology resources.

Council on Technology Services (COTS) COTS was established in 1998 to assist in the development of a blueprint for state government IT planning and decision-making. COTS is a stakeholder-driven body, representing the interests and needs of the enterprise as a whole, including the executive, legislative and judicial branches of state government. The Council includes technology and business leaders from state government, higher education and local government. The purpose of the Council is to advise the State CIO on the services provided by VITA and the development and use of applications in state agencies and public institutions of higher education.

Center for Innovative Technology (CIT)
CIT was established in 1985 as a non-profit organization whose intent was to create technology-based companies and strategies for innovation. From its original mission to enhance the research and technology transfer activities of Virginia universities, CIT has moved its focus toward new technologies, entrepreneurs, and technology companies that foster innovation. It currently has a sixteen member board of directors that is appointed by the Governor and overseen by the Secretary for Technology.

Internal review

“Everyone controls a small piece with no one determining direction or overseeing spending. IT operations are complex and management and oversight responsibilities for these operations are fragmented and diffused. The consolidation of IT involved consolidating infrastructure but not system applications and security. No one determines if agency spending on maintenance and operations of legacy systems constitutes efficient use of resources and minimizes the use of funds for duplicative systems. Individual agency needs and not the state priorities receive funding and there is no incentive to cooperate and share resources among state agencies.”

Information Technology Governance, December 2007, Auditor of Public Accounts, Commonwealth of Virginia

Going forward

The Operational Plan to Address IT Governance presentation posted by the State CIO and the State CAO in April 2008 laid out a two-phase implementation to change IT governance in the Commonwealth starting in April 2008 through July 2009 and beyond. The State CIO and the State CAO were asked to work together to create an IT governance model that would govern the investment and management of total IT spending. The Commonwealth used Gartner’s supply governance and demand governance models as a picture of where they wanted to go. Demand governance asks, “What should the IT organization work on? Supply governance asks, “How should the IT organization do what it does?” Demand governance will be the business or agencies primary responsibilities and the supply governance will be the primary responsibility of the State CIO. It is not clear if this is operational yet from a final review of their Web site prior to publication in May 2009.

Click for larger image

Click for larger image