While enterprise IT governance in New York State is not new, it is evolving. Over the past ten years New York, like many other states, initiated its governance structure from a policy perspective to guide information technology decisions. This chapter provides an overview of the evolution of New York’s enterprise IT governance to its current state, where it is continuing to evolve (See Table 3 for a list of the current IT governance components).

In 1996, Governor Pataki created the state’s first body with responsibility to develop policy to guide information technology decisions across state government: the Governor’s Task Force on Information Resource Management (IRM). ²¹ The Task Force was established to facilitate a more streamlined process for doing business with and within New York State. The policies generated during the early years of this task force focused on the development of an IT strategic plan, setting standards, and identifying critical initiatives that would move the state forward in terms of information use. Another responsibility of the Governor’s Task Force on IRM was to coordinate acquisitions among agencies to ensure compatibility and the best value. Members of the Task Force were also asked to recommend initiatives that would take full advantage of the technological opportunities available at the time and result in streamlining services and reducing costs.

In 1997, the Governor’s Task Force on IRM became the Office for Technology (OFT) through Technology Law §101 – §107.²² In section §104 of that statute, the New York State Legislature called for an Advisory Council for Technology to guide the director of OFT. The purpose of this body, as defined in the law, was to review and comment on all rules and regulations created by OFT; provide guidance and support to the director of OFT in the development of any statewide plan for further development and improvement of the state's technology acquisitions; and recommend surveys and reports to be completed by the director to carry out all of the objectives and purposes of the article. To date, this Advisory Council has never been convened.

Table 3 Components of IT Governance in New York State
Law	Body	Text from Law or Document
Technology Policy 96-1	Governor’s Task Force on Information Resource Management.	The Governor's Task Force on Information Resource Management (IRM) has been convened. Membership includes executives from the Departments of Social Services, Motor Vehicles, Environmental Conservation, Correctional Services, Health, Labor, Taxation and Finance, the Office of Mental Retardation and Developmental Disabilities and the Division of Criminal Justice Services. Ex-officio members from the Department of Law, Office of the State Comptroller, Division of Budget and Office of General Services are also represented. James G. Natoli chairs the Task Force. Goals The goal of the Task Force is to design and implement a statewide policy for the management of information which makes doing business with and within the State easier, faster and less costly. Specifically, the Task Force will: Develop a strategic plan which outlines where the State's IRM capabilities should be in several years, and set the standards and identify the critical initiatives for getting there; Establish statewide policies and practices for all new enabling technologies and to secure major cross-agency linkages; Coordinate IRM acquisitions among agencies to ensure government-wide compatibility and to leverage the best value in the market; Recommend savings initiatives that take full advantage of technological opportunities to streamline services and make them more user-friendly. Improve the Request for Proposal process to guarantee projects come in on time and on budget, make full use of performance contracts, and reflect creative cost-sharing and funding vehicles; Review/Discuss potential government applications with leading public and private experts, and test new systems development projects on a prototype basis; and, Address a host of related issues such as developing a statewide inventory of surplus equipment, identifying best practices among agencies for possible statewide application, and designing new ways to secure and protect information.
Technology Law 102	Office of Technology	The Office for Technology is hereby created within the executive department to have and exercise the functions, powers and duties provided by the provisions of this article and any other provision of law. The head of the office shall be the director of the office, who shall serve as the chief technology officer for the state of New York and shall be designated as management confidential in the noncompetitive class in accordance with the civil service law. The director shall be the chief executive officer of and in sole charge of the administration of the office. The director shall be entitled to receive reimbursement for expenses actually and necessarily incurred by him or her in the performance of his or her duties.
Technology Law 104	Advisory Council for Technology	There shall be within the office, an advisory council for technology. The director of the office shall serve as chair of the council. The council shall be composed of a minimum of nine information resource management directors or their equivalent appointed by the governor. The governor's appointments shall be selected from state agencies. In addition, one shall be appointed upon recommendation of the temporary president of the senate and one shall be appointed upon the recommendation of the speaker of the assembly. The members of the council shall receive no compensation for their services, but shall be allowed their actual and necessary expenses incurred in the performance of their duties
Executive Order 117	Office of the CIO	Establishment of the Office of the Chief Information Officer of the state of NY, whose responsibilities include: Overseeing and supervising the management and operations of Office for Technology Overseeing, directing, and coordinating the establishment of information technology policies, protocols, and standards for State Government, including hardware, software, security and business re-engineering; Overseeing and coordinating the development, acquisition, deployment and management of information technology resources for State government; Developing strategies to improve the State workforce’s ability to employ needed information technologies, and overseeing and coordinating the implementation of such strategies; Coordinating and facilitating information sharing between and among state government, local government, other states, the federal government and institutions of higher learning to promote the use and deployment of information technology that will improve the delivery of government services; and Working with State government, local governments, the federal government, institutions of higher learning and private enterprises to further the State Technology Strategic.
CIO/OFT Roadmap 2010		Establish an Executive IT Strategic Council to provide strategic oversight for effective plan execution

In 2002, Governor Pataki appointed the first chief information officer for New York State and created the Office of the CIO (OCIO) through Executive Order #117.²³ The executive order establishes the office and established the authority of the CIO drawing on Technology Law §101 – §107. In November of 2002, the state’s first CIO convened the first New York State CIO Council. The CIO Council was created to provide a framework for IT governance for NYS as described in Gartner’s first person case study, Enterprise IT Governance: The New York State Approach.²⁴ The charge of the CIO Council was to “establish and maintain a new information culture of enterprise collaboration.”²⁵ The CIO Council was comprised of representatives from 85 executive branch agencies and authorities and seven local governments. Each executive branch agency was invited to identify a representative to the CIO Council. The Council included seven standing committees: Leadership, Technology, Security, Human Resources, Fiscal/Procurement, Strategic Planning, and Intergovernmental Communications. All committee membership was voluntary, with the exception of the Leadership Committee, and each standing committee had two chairs, chosen by the OCIO. The Gartner case study articulated eight Critical Success Factors to guide the Council in meeting their charge. These eight success factors outline an approach that seems to reflect an understanding of the importance of engaging executives and control agencies in the strategic planning process, engaging members of the CIO Council in the policy making process, and providing oversight of complex enterprise initiatives as needed.

Eight Success Factors to Guide the First CIO Council

These success factors framed the state’s initial thinking about enterprise IT Governance and the various entities who would be involved. The State CIO’s 2004 New York State Information Technology Strategic Plan outlined the creation of an Information Technology Investment Board that would have as members the State CIO, representatives from the Division of Budget, the Office for Technology, the Office of General Services, the Department of Civil Service, and the Office of Cyber Security and Critical Infrastructure Coordination. This Board was charged with reviewing strategic IT procurements and related resource allocations from an enterprise perspective to ensure consistency with the state’s strategic plan. The Board was to identify collaborative opportunities and assist agencies in using their resources in the most efficient manner. The Board, as it is described in the 2004 CIO/OFT Strategic Plan, “would have the authority to halt IT procurements or practices that [were] not consistent with the New York State Information Technology Strategic Plan.”²⁶ However, despite the 2004 announcement of the Board, our research produced no evidence that this body ever formally convened or became operational.

In 2007, the State CIO combined the Office of the CIO and the Office for Technology into a single organization with the State CIO also acting as the director of OFT. This merger was accomplished through Policy Bulletin #NYS-P08-002.²⁷ The combined office, now referred to as the New York State Office of the Chief Information Officer and the New York State Office for Technology (CIO/OFT), continues to pursue the original missions of OFT and OCIO.

In addition, the new State CIO made changes to the organization of the CIO Council: the title, scope, and membership of the standing committees all changed. The standing committees are now referred to as Action Teams. The original seven standing committee names have been changed to Enterprise Architecture and Technical Standards; Enterprise Strategic Planning and Implementation; Process Improvements and Performance Management; Procurement, Sourcing and Vendor Relationship; Security and Risk Management; Strategic Alliances; and Workforce Development. The current management structure of the CIO Council changed from a separate subcommittee to a group made up of the Deputy CIO for Enterprise Strategy and Governance Services for CIO/OFT and the Action Team Co-Chairs. The content areas of the Action Teams are very similar to the past standing committees, but the purpose and autonomy of the teams differ from that of the previous committees. While the standing committees had acted as advisory groups for the OCIO, the Action Teams have become more task-oriented bodies. Each Action Team still has two co-chairs assigned by the State CIO, but an OFT staff member is also assigned to each Action Team to act as a liaison with CIO/OFT.

In 2008, Plan 2010 - Going From Good To Great: CIO/OFT Strategic Roadmap outlined the creation of an Executive IT Strategic Council as way to provide strategic oversight for effective plan execution.²⁸ This Council was to be made up of agency executives in order to gather input about the agencies’ business needs in terms of IT. To date this Council has not been convened.

As of July 2009, membership of the CIO Council is very similar to the Council created in 2002. The current CIO Council convenes quarterly and has 88 CIOs as members, with 77 CIOs from state agencies and authorities and 11 local government CIOs. According to its members, the overall scope of the Council has shifted slightly to serve more as an information sharing platform for CIO/OFT, rather than as a forum for state and local CIOs to act as advisory partners to the State CIO.

New York State’s enterprise IT governance arrangements have evolved from the initial Governor’s Task Force for IRM to the current structure. Communication of basic information and sharing of resources has progressed from an agency-centric focus to a more enterprise, service-oriented focus. For example, CIO/OFT provides several enterprise-wide services through the CIO/OFT Data Center and through the CIO/OFT Training Academy. Outside CIO/OFT and the current CIO Council, there are no enterprise IT entities that provide the kind of oversight, advisory, or information sharing capabilities seen in other states.

While this limited scope of formal oversight bodies for IT governance results in challenges for New York State government in developing the kind of collaborative advisory relationships participants in the project perceived as ideal, many participants in the project noted examples of agency and domain-level enterprise governance structures currently providing high value to the state. For example, several agencies interested in building effective collaborations with other agencies have published their IT governance policies and procedures. The Workers’ Compensation Board and the Department of Environmental Conservation are two such agencies. Each is using their IT governance structure internally to ensure IT investments are aligned with desired business outcomes and to support coordinated action with other agencies.

In addition to agency-level governance initiatives, there are two functioning domain-specific enterprise governance structures functioning in New York State. The first, the Integrated Justice Advisory Board, was created in 2004 by the state’s Director of Criminal Justice. The objective was to bring together CIOs from the five executive branch agencies related public safety so that they could look at criminal justice from an enterprise approach. The second domain specific governance structure was instituted in 2005-2006 to oversee the development of a new Financial Management System (FMS) for the State of New York. The overall FMS project plan called for an Executive Board to be created along with a Joint Governance Board and a Joint Coordinating Committee. This governance structure is unique in that it brings together three organizations that have two separately elected constitutional officers overseeing them. The Department of Budget and the Office for Technology report directly to the Governor, while the Office of the State Comptroller reports to the Comptroller, a separately elected constitutional officer.

NYS Workers’ Compensation Board
The purpose of the Workers’ Compensation Board (WCB) Governance Process is to provide a framework to ensure that investments have economic value and that the WCB’s technology environment is rational, sound, and continuously aligned with achieving desired business outcomes. Through the adoption of a formal selection and prioritization process, the WCB will be able to effectively apply its resources to initiatives that are most closely aligned with its strategic vision. This will streamline the annual planning process and provide direct input into the budget cycle.

Informal additions to IT governance are emerging as well. In 2007 an ad hoc governance structure, the Economic Securities and Human Services Advisory Board (ESHSAB), was created by a group of agency CIOs who were interested in fostering a collaborative environment for the creation of computer applications that supported like business processes. This ad hoc governance structure outlined its scope, roles, and responsibilities and delineated how decisions would be made within the group. This group currently consists of CIOs from seven state agencies.

NYS Financial Management System
The 2005-06 Executive Budget announced “a long-term project to transform the State’s financial management practices and implement a statewide FMS. This new system, to be integrated across all agencies concurrently with business process and organizational reforms, will enhance program and financial accountability and improve the State’s analytical, performance evaluation and reporting capabilities.”

Source: http://www.nyfms.state.ny.us/KeyInformation/key_information.htm

Throughout the project, participants were asked to identify the challenges to producing value for the state through the current enterprise IT governance structure and to describe the value that the current structure creates. Participants described a wide range of challenges to value creation related to clarity of governance roles and responsibilities, collaboration, and coordination, among others. We first present the challenges noted by the project participants and then the value they saw in the current IT governance structure. These observations helped inform the recommendations.

Lack of clarity of roles and responsibilities. Participants identified a range of concerns related to, and in some cases created by, a lack of role clarity. These concerns ranged from the lack of a formal statement of authority to a lack of confidence that advice and recommendations sought by CIO/OFT are actually considered in the decision making process. Participants also expressed frustration about the lack of clarity about who is responsible for determining the appropriate venue for resolving issues: the enterprise level, domain level, or agency level. This general lack of clarity makes it difficult to resolve issues of enterprise boundaries and responsibility for sorting issues and strategy questions to the appropriate venue.

CIO Council coordination challenges. Participants voiced concerns about the coordination of the CIO Council itself, noting the lack of clear communication channels between members and CIO/OFT. As a result, the Council has limited ability to set goals for its own activities and effectively advocate on behalf of the CIOs. The relationship between the Council and CIO/OFT, idealized as a partnership, is less so in practice due to what the participants describe as one-way communication from CIO/OFT to Council members. Current characteristics of the CIO Council contribute to these communication problems, such as the group size of 88 CIOs, which makes the Council meetings unsuitable as effective forums for deliberation and decision making. One participant noted that the meetings do not provide a forum for collaborative decision making, but are rather a “mailing list.”

Action Team Structure. Participants observed that the CIO Council Action Teams (ATs) were initially formed to be discussion forums for a specific topic. They were intended to provide a venue for the kind of engagement with issues not possible during full CIO Council meetings. However, the ATs have become less of a discussion body for making recommendations to CIO/OFT regarding IT policy and operations and more of a “staff model” for CIO/OFT. The original intent of the CIO Council was to provide in-depth comment and advice on strategic direction and policy proposals. It was also intended to develop collaborations and coordination of investment decisions, not as a research arm of the CIO/OFT. A review of the current charters of the ATs lays out agendas that are generally task oriented, rather than discussion oriented. The task responsibilities for the ATs have caused a strain on members who are attempting to design and develop programs without access to staff to carry out the related tasks. A further consequence of this structure is that AT members have limited time to devote to engaging in discussions on enterprise strategic direction and policy development due to their focus on task completion.

Lack of an opportunity for real and consistent local government participation. Local governments, participants noted, are not always involved early enough in policy and investment discussions that affect them directly. They feel that their voice is not always heard and therefore they have to address unintended consequences that result from decisions being made from a purely state-level perspective.

Missed opportunity for information sharing as a trigger for coordinated action. Participants expressed concerns about missed opportunities for coordinated action across agency-level initiatives due to a lack of information regarding those proposed initiatives. In particular they expressed frustration about the lack of access to the Annual Technology Planning (ATP) data sent to the CIO/OFT from the agencies. Ideally, ATP data should support the enterprise planning priorities of both CIO/OFT and the agencies.

Lack of clear and consistent engagement in policy setting and IT investment decision making. Participants throughout the project noted frustration in terms of the level of openness and engagement related to state-level policy setting and IT investment decision making.

Lack of opportunity to openly and consistently address issues concerning the meaning and use of the term enterprise. There is a lack of clarity and agreement about the differences between various meanings of this term. Enterprise has been used inconsistently as a noun referring to the state government as a whole, an individual department, or a collection of related agencies. Enterprise is also used as an adjective to characterize various policies or investments relevant to or affecting the state as a whole. It is often used as an adjective without clear understanding of what characteristics make a policy or investment an enterprise decision. Throughout the project, stakeholders expressed frustration about this lack of clarity. They noted little consistent use of any process or guidance from any policy documents about the conditions under which something might be considered an enterprise effort and what the consequence of such a designation might be.

Networking. The one value that resonated throughout discussions with the project participants was the value of social networking opportunities that the CIO Council provided agency CIOs. New York Participants noted that the current CIO Council provides a forum for networking and information sharing opportunities. Several CIOs told stories about how the meeting had allowed them to meet colleagues, explore common interests, and explore opportunities for collaboration. Participants noted that the meetings provide an environment for ad-hoc groups to form around areas of common interest, such as the Economic Securities and Human Services Advisory Board. Although the CIO Council is not the catalyst for initiatives such as this, it does provide a venue for agency CIOs to build the social capital necessary for sharing of such ideas. CIO Council meetings are also a forum for general announcements and briefings from CIO/OFT. Participants described two particular benefits of Council meetings: networking opportunities and resulting coordinated efforts.

Creating an organized voice. Participants recognized the value of using the CIO Council to collectively respond to challenges in the environment. The organized effort to address workforce issues and the negotiation of aggregate personal computer (PC) purchases are two examples. A professional organization that can act as an acknowledged voice for CIOs was recognized as unique in the state government.

Enhancing training opportunities. Participants noted the particular value of the CIO Council as a vehicle for creating economies of scale through training opportunities for multiple stakeholders. The CIO Council Workforce Action Team was able to recommend specific training to the CIO/OFT Training Academy, which then enhanced the value of that training.