Executive Order No. 510 Compliance Review for Consolidation of IT Systems within Executive Departments
January 28, 2013 · Read the full official report (PDF) ↗
source
“As a result, the implementation date for the project is now projected to occur in 2014.”
Read the plain-English breakdown
This is a State Auditor review of whether state executive agencies followed an order to combine and centralize their technology systems and operations.
“On February 19, 2009, the Governor issued Executive Order No. 510 (EO510)1 for the purposes of achieving greater efficiency and cost-effectiveness by centralizing the management and operation of information technology (IT) systems across the state’s Executive Department agencies (Secretariats).”
The audit checked whether agencies did what the executive order required for IT consolidation.
“The scope of our audit was to assess the extent to which Secretariats and their agencies complied with the requirements of EO510 to consolidate their IT services.”
The project was supposed to improve public-facing services, strengthen computer security, and lower technology costs.
“Included in the stated goals of EO510 are improved customer services, enhanced IT security, and reduced IT costs.”
For residents, the hoped-for benefit was more reliable, efficient, and secure technology behind state services.
“By implementing enterprise-based IT operations and management, EO510 provides an opportunity to achieve improved integrity, security, efficiency, and availability of IT services to support agency operations and services for the Commonwealth’s citizens.”
Some required steps were done on time, but the state missed the main deadline for substantially completing the IT consolidation.
“Based on our audit, we have concluded that, although a number of the objectives established by EO510 were completed according to schedule, Secretariats were not able to meet EO510’s December 30, 2010 deadline for substantially completing the consolidation of infrastructure services for the Executive Department at ITD.”
The auditor said the state should make sure the project has enough resources, keep managing it closely, and keep lawmakers and stakeholders updated.
“Secretariats, ITD, and the Commonwealth CIO should continue to monitor and manage the IT consolidation process and provide status updates to the state Legislature and other key stakeholders in order to effect proper implementation and provide the appropriate transparency relative to EO510 activities.”
The report matters because the state had many separate and overlapping IT systems, and combining them could make better use of public technology spending.
“The overall initiative to consolidate disparate and redundant IT services and resources can potentially enhance the value achieved by the Commonwealth’s investment in technology and related resources.”
“Infrastructure services” means basic shared technology services such as email, websites, helpdesks, desktop and network support, data centers, and networks.
“Infrastructure services include consolidated e-mail, websites, helpdesks, desktop and local area network (LAN) services, data center service, and networks.”
What the Auditor checked
- Partially Determine what progress, if any, had been made in meeting the implementation milestones established by Executive Order No. 510.
What the Auditor found
Why it matters: Delayed consolidation could reduce or postpone expected improvements in IT security, efficiency, availability, cost savings, and transparency.
Standard: Executive Order No. 510 required ITD to substantially complete consolidation of infrastructure services for the Executive Department by December 30, 2010. ( Chapter 11, Section 12, of the Massachusetts General Laws; Executive Order No. 510 )
4 recommendations
- The Commonwealth should ensure adequate resources are available to meet the new EO510 implementation deadline.agency: agreed
- Secretariats, ITD, and the Commonwealth CIO should continue monitoring and managing IT consolidation and provide status updates to the Legislature and key stakeholders.agency: agreed
- Secretariats and the Commonwealth CIO should develop more detailed performance metrics to assess value delivery.agency: agreed
- Enterprise risk management processes should be enhanced to manage IT risk during consolidation.agency: agreed
Agency response & Auditor reply
Agency: "ITD is in general agreement with the recommendations made by the SAO."
Verified dollar findings
Identified dollar findings that do not fall in a named band.