End of the Line

How politics, scandal and bureaucracy combined to derail California's central IT organization.

by / September 24, 2002
Editor's Note: At the close of business on Friday, June 28, a rare thing happened in California government: A state agency permanently shut its doors due to a sunset clause in the legislation that created it.

That agency was the Department of Information Technology (DOIT) - and the biggest state in the nation has been without a central IT agency ever since. Much like poking through the ruins of a failed romance, finding one clear and compelling reason that explains the end is impossible.

DOIT appears to have fallen prey to three powerful forces - politics, performance and perception - that, over time, exerted sufficient pressure to snuff out the agency's life. The quirks of California politics may have played a significant role in DOIT's demise, but what happened to the agency offers a lesson for any jurisdiction on what not to do when creating a strong, centralized IT department.

California's Department of Information Technology went out with a bang.

The final straw was a visible and highly controversial contract between the state of California and Oracle Corp. for database software licenses. The deal generated plenty of heat for DOIT, and the state's Joint Legislative Audit Committee conducted a public inquiry into the huge enterprise licensing agreement.

The contract's seemingly hasty approval by several key state government officials sparked suspicion in the California Legislature, triggering the audit committee investigation. As a result of the probe, several key players in Gov. Gray Davis' administration were forced to resign or were fired, depending on one's point of view, including: Arun Baheti, Davis' director of electronic government; Barry Keene, director of the Department of General Services; and California CIO Elias Cortez.

Though it's tempting to blame the Oracle contract for DOIT's death, it's not a simple cause-and-effect scenario.

"Oracle killed DOIT, but it was on life support when Oracle happened," said state Sen. Debra Bowen, who has been heavily involved in California technology issues. "I think it was already doomed, and Oracle took away desire that anybody had to try to save it. People figured we would just be better off starting over."

To understand how DOIT reached this precarious position, it's necessary to take a trip back in time.

Creating DOIT
Ironically, DOIT was created to stop technology disasters such as the Oracle contract.
In the 1990s, California was smarting over a string of high-profile IT fiascos - a botched State Lottery technology contract in 1992 that cost the state $52 million; a 1994 DMV database debacle where California paid $51 million for a system that was never used because it couldn't do what it was supposed to; and the failure in 1997 of a Statewide Automated Child Support System (SACSS) that cost taxpayers a whopping $111 million.

One factor in this series of failures was the lack of a central oversight organization to approve state IT project proposals. Instead, California employed a cumbersome approval process that scattered responsibility across a handful of separate agencies.

The Office of Information Technology (OIT), part of California's Department of Finance, had limited responsibility for IT projects. If a state agency had an itch to implement an IT project, that agency had to secure OIT's blessing before it could begin.

The next stop was the Department of General Services (DGS), which oversaw procurement in the state. DGS would review the agency's purchase request for compliance with the applicable policies. Finally, the Department of Finance signed off on the agency's proposal, allowing the agency to spend part of its budget on the IT project.

However, none of these agencies had the power to pull the plug on approved projects if they began to turn sour.

Former Gov. Pete Wilson was unlucky enough to hold office when the DMV fiasco forced California to take a hard look at the way it managed and procured information technology. Wilson took several steps in response to the disaster, including the creation of a task force on "Government Technology Policy and Procurement" to examine the problems facing IT implementations in the state.

Then, in 1994, Sen. Al Alquist, a Democrat, introduced SB 1, which proposed several recommendations from the task force, including creating a cabinet-level "Information Services Agency" to be administered by the Secretary of Information Services.

The bill proposed sweeping and prescient changes in technology oversight. Had it passed in its original form, California would have been among the first states with a cabinet-level IT agency headed by CIO with statewide power and authority. By way of comparison, Virginia created its Secretary of Technology in 1998 and Colorado did the same a year later.

In its original version, SB 1 would have dissolved the state Office of Information Technology and transferred all personnel to the proposed Information Services Agency - along with all staff from the Department of General Services involved in IT and telecommunications equipment acquisition.

It seemed like a straightforward solution to California's IT woes: Create a central agency that was responsible for ensuring the state didn't suffer more embarrassment.

But few things are that simple in California.

Politics and SB 1
SB 1's proposed technology management changes and the creation of a cabinet-level Information Services Agency didn't go over well with some agencies that stood to lose power and influence under the new arrangement.

As John Eger wrote in a recent opinion piece for the San Diego Union-Tribune, "It was clear at the outset that those agencies of the government, with their own sizable and influential data centers and IT departments, including the General Services Administration, were not keen to see a new player on the block."

Eger, a professor of communications policy at San Diego State University, was a member of Wilson's task force on Government Technology Policy and Procurement, which released a series of IT management recommendations for the state in early 1994.

"We thought we could create this new infrastructure; we thought we could create a powerful CIO; but there were people lying in the tall grass," Eger said. "There were people who knew the stakes were very high. No sooner than we had come out with our initial report on technology policy and procurement, the lobbying had already begun to cripple whatever it was we created."

The task force's report argued that IT policy and IT operations had to merge, which meant consolidating all data centers throughout the state and developing a statewide IT infrastructure, Eger said. The task force also said metrics and standards should be established to help agency heads and the governor's office evaluate IT projects and procurements.

The proposal for a strong, centralized IT agency was gradually diluted through compromise, and the politics behind those compromises shaped DOIT's existence even before it was officially given life.

"DOIT was born after a great deal of backroom negotiations," Eger said. "Obviously, it did not have operational responsibility. It was not successful taking on the data center consolidation."

Existing state data centers vigorously fought the consolidation plan, Eger said, even though the plan did not include physical consolidation of those facilities. Instead, it proposed administrative consolidation to control acquisitions, procurements and operations, he said.

Given the stiff resistance to the proposed structure of DOIT, it's little wonder the legislation creating the IT agency was weakened to the point that the organization ultimately began life as a paper tiger.

"SB 1 started off with a lot of random ideas, all of which were possibly viable," said one source. "It was a standard, hodge-podge, sausage-grinder sort of bill. Then, as everyone started picking it apart, it ended up being a compromise vehicle that didn't really do anything. The state never answered the fundamental question, 'What is it that we want this department to do?'

"No real authority was ever put into the bill, and since so many conflicting visions were in there, even if DOIT had the authority, anyone who took the job of CIO would fail," the source said. "If you actually do what the legislation says, you will fail; there's too much there, and it's too conflicting."

Nonetheless, SB 1 passed in October of 1995, paving the way for DOIT's creation the following year.

A "Hamstrung" DOIT
What emerged was an agency with broad - if vaguely defined - responsibilities, but no specific means to carry them out, several sources said.

"I remember being very concerned at the time about the many places where the lines of authority in SB 1 were weakened," said Bowen, who co-authored the bill. "I was concerned that all we would end up doing was moving the boxes on the organizational chart without really solving the problem.

"What happened with SB 1 was the line departments and agencies were reluctant to give up any authority, and the Wilson [administration's] Department of Finance didn't want to give up authority," Bowen said. "The key positions slated to be in DOIT were, instead, retained at the Department of Finance."

That dilution of power meant DOIT never had a chance to succeed, said one former legislative staffer who was close to the situation but wished to remain anonymous.

"They were hamstrung from day one, there's no doubt about that," the staffer said. "I don't think DOIT ever really had a chance. DOIT never rose to the level of power to do anything other than their role in the budget process. When DOIT got real power was the day that the Department of Finance said, 'We will not approve a budget-change proposal unless it has an approved feasibility study report,' and that was only about three years ago."

The original idea behind SB 1 was to create a technology agency headed by someone occupying the same rank as the director of the Department of Finance, who reported directly to the governor, said another former legislative staffer, who also asked to remain anonymous.

"We were pushing for this technology czar who would have a lot of power," the staffer said, noting that the CIO would have been responsible for coordinating IT policies and procedures across state government and serving as a watchdog of sorts.

"Obviously, the [Wilson] administration was not as interested in that," the staffer added. "They could get the coordination piece, but the oversight piece, they were less keen on. There were also very strong bureaucracies in the Department of General Services and the Department of Finance who didn't want to have their oversight altered. In conversations I've had with both people who held [the CIO's] office, [what], I think, in the end, hamstrung their ability was that many of the requirements of what they needed to do were left in the bill, and a lot of the authority was negotiated out."

Several attempts to reach Wilson for comment were unsuccessful.

Though political deal-making did have an enormous impact on the shaping of the DOIT, several sources also said DOIT's performance was another factor leading to the agency's demise.

Performance Issues
Performance always is important, but for DOIT - a high-profile agency under a powerful microscope - it was absolutely critical. Yet, there was a perception throughout the state that DOIT wasn't up to the task of guiding California's technology policies.

A contributing factor may have been that DOIT, as created by SB 1, never actually delivered real IT-related services. By contrast, technology agencies in Georgia, Iowa, Washington and other states deliver telecommunications, computing capabilities and other services to state agencies.

Without controlling data centers or California's telecommunications network, DOIT simply had no juice, some sources argued. Because DOIT didn't add value to other state agencies, it couldn't exert any leverage on those agencies. DOIT could present ideas, but it couldn't make any real contribution to making those ideas happen. In other words, with the Department of Finance controlling IT budget processes, the Department of General Services controlling IT procurement and the state data centers handling computing needs, what was the DOI's responsibility?

The agency's role was difficult to decipher, said Anna Brannen, principal fiscal and policy analyst of the state Legislative Analyst's Office (LAO).

"We went through the enabling legislation and tried to figure out what it was the Legislature wanted DOIT to do and how well have they done it," she said. "As I was going through the legislation, I found a number of areas where I wasn't really sure what the Legislature meant."

For example, she cited a portion of the legislation that required DOIT to identify available IT resources from the public and private sectors.

"That could have meant that they were responsible for going and recruiting IT staff for the state," she said. "Or, it could have meant that they were responsible for putting together a master service agreement of all the IT vendors that could be good partners with the state. I don't know, and probably everybody who reads that could have a different interpretation of it."

In its analysis of the 2002-2003 budget, the LAO argued for extending DOIT's sunset date, while simultaneously stating that DOIT's performance was only moderately successful because some of its statutory duties and responsibilities overlapped with other agencies.

"The Legislature can strengthen DOIT's role by clarifying specifically what DOIT is expected to perform in its role, thereby reducing overlap and confusion between departments," the LAO's analysis said. "The Legislature should also direct other departments to work with DOIT in meeting its mandates and set specific timeframes in which these tasks must be accomplished. The Legislature should clarify DOIT's mandates so there is no ambiguity about legislative intent. Finally, the Legislature should establish clear priorities, requirements and timeframes in which DOIT must meet its mandated activities."

However, a strong argument can be made that DOIT would have survived - regardless of its unclear responsibilities or statutory requirements - had state officials perceived the agency as valuable to the state.

"Look at what happened with Y2K," said Bowen. "What happened was that the governor's office hired a bunch of outside contractors to get the state through."

Bad Perception
According to several sources, DOIT battled a long-running and serious image problem. If an agency is perceived as incapable, it's difficult to imagine it earning the respect of other agencies. For DOIT, with its power limited from the start, earning that respect was critical to building any sort of influence or success.

Other sources said DOIT also suffered from a lack of respect from the governor's office. The state's first CIO, John Thomas Flynn, wasn't permitted to sit at the table at Cabinet meetings, according to two sources. Yet another source said that, during the state's Y2K conversion efforts, Flynn attempted to deny a state agency's request for four IT projects that were unrelated to Y2K remediation - a request that was made despite an executive order forbidding new IT projects until agencies demonstrated Y2K compliance.

The agency did an end-around and appealed to Wilson's office directly, the source said, and the governor ultimately approved the projects. Flynn disputed that story, however, saying he never felt that he lacked the governor's respect and that he couldn't recall the four projects in question.

Still, Flynn, who served as CIO of Massachusetts before coming west in 1995, said he assumed the California post without as much power as he would have liked.

"By the time I got to California, DOIT had been emasculated in some sense," Flynn said. "It was emasculated in terms of operations. They took all the operational side away, and they gave me all the policy. I was in charge of IT procurement policy. I was in charge of IT telecommunications policy. I had sole budget authority for IT projects, and I had oversight. I didn't have the operational side, and what that does is just make things a little harder."

Flynn echoed the sentiment of other sources - that the CIO, to be successful, needs both operations and policy in his or her job description.

"I had all kinds of authority, but the problem was that everything I wanted to do was a battle because I didn't control the resources themselves," he said. "If it's my department and I want to consolidate it, I'm going to get internal battles - but I can handle them. If I'm telling another Cabinet secretary that they have to get rid of their data center, I've got a fight on my hands because they've already been captured by the bureaucracy."

More recently, Gov. Davis' executive order creating a separate "Director of eGovernment" could have been seen as a lack of support for state CIO Elias Cortez, as more than one source observed.

If DOIT was supposed to be the state agency to set IT policy, some questioned why Davis created the Director of eGovernment post, which he appointed Arun Baheti to fill. Critics argued that Baheti's appointment severely undermined DOIT's influence on California IT policy and was a slap in DOIT's face because the governor didn't have faith in its performance.

"That's a theory; but that doesn't sound plausible in reality," said Steve Maviglio, Davis' press secretary.

Baheti and Cortez did not have overlapping tasks, Maviglio said. Instead, Davis simply did what many other governors routinely have done - appoint someone close to them to serve as a technology adviser.

"They had two different jobs with two different sets of responsibilities, so I don't know how one would undermine another," he said. "Arun's was more policy oriented and working on our [Web] portal, and Eli led a department who's mission was quite different than that."

Furthermore, California's massive size justifies multiple IT-related positions, Maviglio said. "We can certainly have more than two people with a title with different responsibilities in the same area."

Cortez, California's CIO and head of DOIT when the agency was shuttered, refused comment when contacted, noting that his resignation letter is on Davis' Web site.

"I cannot find it in me to be an active participant, nor would I advise you or this administration to dismantle such a pertinent program," Cortez said in his letter, dated June 10. "I believe that not having some oversight program in place would result in the high risk of potential major IT failures. I am hopeful that the information-technology-governance issues this state still encounters will be holistically and strategically solved by your administration and the legislature."

Sources said DOIT could have helped itself greatly by making friends with key legislators, which may have mitigated some effects of the Oracle scandal. Between 1999 and 2001, three bills took various approaches to extending DOIT's life through reforms to the agency.

Each bill cleared the Assembly with little difficulty, but ran into stiffer opposition in the Senate. Bowen said Cortez, who became California's second state CIO in 1999, shoulders at least part of the blame for failed legislation.

"I had these bizarre conversations with Eli Cortez, and I would tell him, 'I'm trying to strengthen your agency,' and he'd agree to work with the Legislature," Bowen said. "Then I'd see another straight sunset extension pop up somewhere else."

While working with Bowen, Cortez approached other legislators and convinced them to introduce bills that extended DOIT's sunset date without addressing what some lawmakers felt were the underlying performance problems, Bowen said.

"He set up his own undoing in the Legislature by not understanding how important it is to be straightforward with legislators and to keep promises," she said.

The first bill, AB 1686, introduced by the Assembly's Committee on Information Technology in 1999, ultimately won DOIT two more years of life, but forced the agency to work with the Legislature to address changes in the agency's role and purpose, said Evan Goldberg, Bowen's chief of staff.

The second bill, AB 2936, introduced by the Assembly's Committee on Information Technology in 2000, died a quiet death in the Senate Appropriations Committee.

The third bill, AB 1559, introduced by Assemblyman Manolo Diaz in 2002, ultimately had language extending DOIT's life stripped out of it.

Closing the Doors
As DOIT's sunset date neared, the agency found itself up against a wall, Bowen said, adding that it needed a two-thirds vote on legislation to keep DOIT alive. That requirement, combined with fallout from the Oracle scandal, gave DOIT's critics ample power to stop efforts to extend the sunset deadline.

In the end, DOIT's closing was a culmination of what one source called "a cascade of events," and the responsibility - if that's even the proper word - can be spread among many sources: the Legislature; DOIT; the two administrations under which DOIT served; the CIOs that served as heads of DOIT; and the state agencies that fought DOIT's creation.

Maviglio said the Davis administration wasn't surprised that DOIT was allowed to disappear.

"It had been in the tea leaves for a long time, regardless of this [Oracle] controversy," he said. "It is just not DOIT; DOIT's forerunners also had troubled lives, and there are a lot of factors for that. When the Legislature created DOIT, almost immediately - within a year - it already had come under fire. There's a long history in California about procurement and other IT issues."

Hindsight being 20-20, it's possible that California can learn from DOIT's demise and create an IT agency that won't encounter the same obstacles. It's just as possible the state won't create such an agency. More than one source said a strong DOIT and CIO could never work in California. An equal number of sources said such a situation could work just fine.

The truth may lie somewhere in the middle, and California will have to work hard to find that perfect balance.