It's been six months since J. Clark Kelso became both California's CIO and the governor's special adviser on IT, and he's had plenty to keep him busy.
He's begun laying the groundwork for a new IT governance structure in the state, attempting to fill the void left by last summer's closure of California's Department of Information Technology (DOIT). That, in part, has made it possible to formulate and implement new IT oversight and security policies. Kelso also is leading a push to retool California's approach to procurement and IT funding, although budget uncertainty has forced the state to hold off on wholesale changes.
Kelso -- a full-time, tenured law professor who teaches two classes during the spring 2003 semester at a Sacramento, Calif., law school -- may not be an obvious choice for one of the nation's most challenging public-sector IT positions. But his nomination is intriguing.
Kelso's no stranger to technology or government, having spent a number of years examining IT integration in the courts. He's also earned a reputation for fixing things that are broken.
California Attorney General Bill Lockyer and Gov. Gray Davis asked Kelso to oversee the California Department of Insurance on an interim basis several years ago, in the wake of a scandal that prompted the resignation of then-Insurance Commissioner Chuck Quackenbush.
Kelso was then selected by Davis to chair the California Earthquake Authority, which was investigated by the Bureau of State Audits in the aftermath of the Department of Insurance scandal.
Going About Governance
Perhaps the biggest challenge Kelso now faces is how to create an IT governance structure in a state that's seen its fair share of spectacularly publicized IT disasters. Partly because of those fiascos -- last year's Oracle enterprise software license scandal is most notable -- the words "technology oversight" have become almost a running joke in California.
Despite possessing no clear-cut statutory authority, Kelso managed to get the ball rolling, at the very least, and legislation codifying the reach of the state's CIO and IT oversight in general may be introduced during this year's legislative session.
"In the last four or five months, we've really begun to establish a smooth-functioning and practical IT governance structure, even though we haven't had a statute," he said. "We're very near the point now where we'll be able to talk to the Legislature about what we've accomplished, whether we think it works, and what governance structure should replace the Department of Information Technology."
Kelso said he's been busy establishing good working relationships between key parts of California's IT machinery, such as state agency CIOs, data centers, and the Department of Finance's Technology Investment Review Unit (TIRU) and Technology Oversight and Security Unit (TOSU). One payoff is a set of new policies and procedures dealing with oversight and security. Several working groups also have been created to deal expressly with particular topics, such as a security advisory group that Kelso said is helping him prepare new policies to tighten up some state security processes.
The TIRU and TOSU will play a key role in California's new IT governance structure, Kelso said.
This approach suggests the state has learned something from its experiment with DOIT. That agency's oversight responsibility was never crystal clear, and some of its oversight duties overlapped those of the Department of Finance. Clearing up that confusion is absolutely critical if "technology oversight" is to have any real credence with the Legislature, Kelso said.
"We're still going to be implementing what we're calling a 'graduated oversight program,' where, for some things, oversight is performed at the department level; for others, at the agency level; and some by the Department of Finance," he said. "The one thing that's consistent across all of those is that oversight