The burden of governing.
We see in this economic crisis that the lack of responsibility has emptied the minority-party Republicans of a desire to contribute to meaningful public policy solutions just as the burden of governing has self censured the enthusiasm of majority Democrats.
The change we need in Olympia is not historically revolutionary and radical but systematic and genuine and tied to the core policy issues of our day. One of the problems we face is that it’s been decades since we’ve had the political courage to conduct a genuinely objective “zero based budget, or ZBB.” I don’t pretend to know whether a ZBB process would result in radical change in how we spend our $34 billion biennial budget (not including capital budget and transportation budget and federal dollars). But this I know: Efforts at major government reforms this year has been slimmed down to relatively modest pilot projects, studies, commissions or other safely contained initiatives with the support of both sides of the aisles.
On a narrower level my legislation, House Bill 3178, to change how we spend $2 billion a biennium on technology is moving along in the Senate (hearing is Monday) but faces the quiet, behind the scenes attack of the bureaucracy.
Here’s the irony:
The Governor’s office probably doesn’t object to the policy proposal itself. That’s of course not surprising since the bill has handed the authority and accountability to the Office of Financial Management (OFM, Department of Information Services (DIS), and the Information Services Board (ISB), the existing entities charged with oversight of the technology issues today. The problem is actually that they are more likely uncomfortable with the politics of accountability itself where they are changed with reducing technology spending this year by $30 million. Period. No excuses. No studies, commissions or task forces. Just reduce spending across the $1 billion technology spend. That means it can’t be done across the board, the traditional way out for making reductions. It must be done with a surgical approach, highly focused on excess projects and, yes, people where the value proposition is weak.
The Governor’s office and DIS don’t believe we can achieve the savings in one year. Of course, the dirty little secret is that if you DON’T hide behind process, task forces, committees and inputs then you CAN achieve the reductions by acting boldly through an enterprise wide approach. Simply, the legislation requires transparency so that every agency must report their full inventory of technology including equipment, infrastructure, people, software and more. There’s no place to hide once you have a master list and it’s verifiable. Once you have a master list, the question becomes one of authority to do something about it.
We have a decentralized model in technology where state agencies do nearly everything on their own. Payment systems, email, hosting, application development and nearly every other category remains safely secured in independent silos. Shared services–the buzz world from Olympia to D.C.–is still a generic idea rather than a systemic policy.
An example: I recently discovered a budget request from the Department of Transportation for $1.1 million for secure data lines to process credit cards for the ferry system. I’m willing to bet we have 50 of these same lines elsewhere in state government already but DOT wants their own and hides behind “security.” How many credit card processing systems do we have in state government across Department of Revenue, Parks, Health Authority, Social and Health Services, etc., etc., etc.? Who knows. But it’s a lot and yet we don’t coordinate or cooperate, we simply spend more money so everyone can go their own route. Much of the money comes from non general fund state sources (ie dedicated accounts). That’s why it’s so easy to spend. But taxpayers don’t care and they shouldn’t have to whether the money is from pot A or pot B. It’s all from the taxpayers and we should have a deeper appreciation for the source.
We can achieve $30 million in savings this year if we have the courage to act like an enterprise. Employment Security is embarking on a $52 million project to upgrade their system. It’s unemployment insurance dollars not general fund so the rationalization for the spending flew through the process. DSHS’s Provider One project is more than $100 million down the road (I haven’t followed it myself but others have) and it’s probably on the tipping point of being another disaster from a technical and implementation perspective. It’s primarily federal money but enough state dollars to make everyone nervous.
An enterprise wide approach requires a bold plan based upon sound technical decision making and a collaborative partnership with key stakeholders. But it requires action and change. I am not arguing for full consolidation of power with DIS–I am arguing for a systematic strategy of cooperation and coordination.
Most legislation is too weak in that it covers up accountability so everyone in the bureaucracy has plausible deniability. Ironically, I may have written my legislation too forcefully in the opposite direction such that the Governor’s office is uncomfortable with too much authority and direct accountability to manage their way though this challenge to get a handle on the $2 billion we spend.
We all know the truth: No matter what legislation we pass on any topic it is simply not logistically or operationally possible for the Legislature to manage our state’s way through the chaos of this budget deficit. Only the Governor can courageously tackle systems reform at the level required to deal with this financial crisis. In order for that to happen we need to find a way to wake up the institutional infrastructure of government to the depth of the crisis we face. It still slumbers. We have yet to genuinely and meaningfully and openly ask our 110,000 state employees for their own ideas to embrace new ways of doing business. In all of my committee meetings, I have yet to see one regular state employee be allowed to stand up directly to present a new idea about how to conduct business in state government. It’s simply not in our culture to allow front line employees access to the legislative table. And that’s just one of the symbols of our problem.
I readily acknowledge that my legislation to bring accountability to technology spending in merely a modest step forward. It is neither radical nor revolutionary. It is a small step in the larger picture of our budget. And yet it is strong and forceful enough to make the gears of the bureaucracy shake in discomfort. The whisper campaign against the legislation is in full force now that the bill has left the House of Representatives (on a 97-1 vote, by the way). The Senate Ways & Means Committee hears the bill on Monday.
If we were to design government from scratch today, what would it look like?
We are so much more than what we’ve become.
Your partner in service,
Reuven.
Excellent blog, again, but I do want to comment on one point with which I have personal experience.
In DOT’s request for asking for money for secure data lines for credit cards, it may be the only way to go. With the compliance issues surrounding PCI/DSS (The credit card industry standards) there are quite a few rules that must be followed, verified, and audited. Shared lines could probably be used if there was an umbrella agency, such as DIS, that provided not only verification of the rules, but a person responsible to not only the PCI/DSS auditors, but to the agencies for ensuring the rules are maintained. At present, DIS has nothing like that, though in the Strategic Plan published in 2006 or 2007 one major goal was to have a Credit Card Payment Clearinghouse so that they could offer a PCI compliant network segment to the agencies but it never materialized. Currently it is up to each agency to set up their own PCI compliant links because the state government backbone is not compliant. With the work it would take to get the DIS networks compliant and the fact there is no real impetus for DIS to develop PCI compliance and no in-house understanding of what PCI compliance entails, since they don’t accept credit cards, I fully understand agencies taking on these tasks on their own, it is the agencies who will be fined or denied service if they are found to be out of compliance. The same arguments can also be used for any other set of regulations out there, HIPAA, DHS, FBI, etc.
Until DIS provides reliable, customer-focused, and compliant networks, agencies will be forced to take on these projects on their own. I am sure that if DIS could provide formally documented guarantees of reliability, accountability, and usability (SLAs), just as any service provider would, customer agencies would prefer to use the shared service and would stop trying to complete it internally.
Senate Ways & Means just stripped the SoA/Managed Services/Cloud Computing pilot from your bill. Know why?
The proffered reason was to save money by avoiding the “expense” of a pilot.
Keep up the good fight. It seems pretty hopeless from here…
Nevermind. The amendment to remove the pilot project failed by one vote in committee.
The pilot is still in!
While trying to realize a certain savings (apparently 1.5% this biennium) in State-wide IT operational costs is a great starting point, I would also like to see some type of effort as to how IT can implement technology to realize a 1.5% reduction in the State’s operating budget which would be a much larger impact and have far greater “positive” implications rather that the constraining atmosphere of forced reductions in spending.
Apparently there is a Service Oriented Architecture pilot included in this (I have not been able to read through everything yet) which sounds great but in reality has me greatly concerned. Have we leveraged that type of knowledge base internally? Agencies have just recently started to recruit true IT Business Analysts. More than likely this will be another “hire a consultant to tell us how to do this” type situation which means it will not be embraced since we have no internal change agents. This has been the recent development in the private sector because “consultants” seemed to focus on SOA being a technology change (or at best Enterprise Architecture – and we have done such a stellar job there) rather than an all-encompassing view of change utilizing technology to facilitate “service based views” on operations etc.
So, what will happen is DIS will have SOA go down in a ball of flames – this is what will be remembered by executive level administrators in State Agencies. Then when some Agency decides they need to try and embrace SOA properly, it will go nowhere because they will not get the backing because that Agency’s administrators will have “flashbacks” to DIS’s proof of concept with SOA.
In a nutshell, that is how we have gotten to where we are today. The incompetence at the high levels of DIS (and others) have held everyone else in limbo because they seem more interested in empire building and turf wars instead of innovation. Agencies are left to try and take care of themselves since it seems no one else will and they do so through any creative means they can figure out. Then the tug-of-war starts again.
Everyone would jump at a shared-services model with DIS, if they thought DIS could actually deliver the service/operational level they want. Agency Directors (not Agency IT Directors) need to be able to hold DIS accountable. Legislation should include the governance, controls, accountability etc. on DIS – not just give them the whip (drive the boat however they feel like) and executioner’s axe (kill whatever they don’t feel like) etc.