PDF
29 pages, 1.2 MB


Contents

  1. Introduction
  2. Background
  3. Case Studies
  4. Recommendations
  5. Appendix

Introduction

It is the juxtaposition that has confounded public officials and taxpayers alike for decades now: How can California be home to the most innovative and successful technology companies in the world, and yet the state government seems incapable of maintaining halfway up-to-date information technology (IT) infrastructure or making new IT programs and updates work properly, much less be completed on time and under budget?

“We live in the tech capital of the world, yet we don’t have anybody driving the modernization of how we as government operate and provide services to the people we represent,” California Assembly Majority Leader Ian Calderon (D−Whittier), who also serves as co-chair for the Legislature’s technology caucus, said last year.

From Apple and Hewlett-Packard to Yahoo, Intel, Cisco Systems, Oracle, Facebook, eBay, and Google (Alphabet Inc.), the greatest minds in technology are a mere two-to-three-hour drive in decent traffic from the state Capitol. Yet, taxpayers and lawmakers alike continue to be baffled by the inability to modernize the state’s IT systems.

From numerous IT project failures at the Department of Motor Vehicles, going back to the 1980s, to the copious issues with today’s Financial Information System for California (FI$Cal) budgeting, accounting, cash management, and procurement system—a more than $1 billion project that has been in the works for 15 years and still is not ready for prime time—California state government has repeatedly doomed itself to greater inefficiency and years of project delays while saddling taxpayers with enormous costs for technology that does not work—and sometimes is so woefully inept that it must be scrapped altogether.

For these continual failings, the Independent Institute awards its tenth California Golden Fleece® Award—a dishonor given quarterly to California state or local agencies or government projects that swindle taxpayers or break the public trust—to the agencies responsible for overseeing and administering the state’s various failed IT projects. These agencies include the California Department of Technology, Department of General Services, Department of Finance, State Controller’s Office, State Treasurer’s Office, Judicial Council of California, Administrative Office of the Courts, Department of Motor Vehicles, and Department of Consumer Affairs.

Background

California is hardly the only state or local government to suffer costly IT project failures, but it seems to struggle more than most, and the fact that it is the most populous state in the nation means that the size of its failures is also all the more massive.

“[B]etween 1994 and 2013, the state terminated or suspended seven IT projects after spending almost $1 billion,” the State Auditor’s Office reported in 2015. “In addition, during that time, the state paid $1 billion more in federal penalties for its delay in implementing the California Department of Social Services’ Child Support Automation System.”

As a result, the state auditor has repeatedly designated California’s IT projects as one of the “high-risk” issues facing the state. “The high costs of certain projects and the failure of others continues to make the state’s oversight of information technology projects an area of high risk,” it concluded in 2013. The state auditor also found that the California Department of Technology (CDT, also referred to as CalTech by the state auditor) did little to verify state agencies’ compliance with the State Administrative Manual and described its strategic planning efforts as “insufficient.”

Two years later, things were not appreciably better, and then state auditor Elaine M. Howle detailed a number of CDT’s oversight deficiencies:

CalTech’s independent project oversight (IPO) analysts are unclear when to recommend corrective actions to their managers, or when CalTech management should suspend or terminate a project. Furthermore, CalTech does not formally set expectations with agencies that are implementing IT projects. On a broader level, there is a potential conflict between IPO analysts’ role to oversee IT projects and their role to provide advice to agencies. Finally, high turnover, an insufficient state job classification, constrained resources, and inconsistent training of staff impacts CalTech’s ability to oversee state IT projects.

The Rise of Ransomware and Other Cybersecurity Threats

Poor technology practices heighten other risks as well. Ransomware attacks, malware, and other cybersecurity incidents targeted at federal, state, and local governments, as well as universities, have been on the rise in recent years. These can lead to data loss, systems failure (including, for example, the shutdown of 911 call centers or the inability to pay utility bills, property taxes, or fines), the theft of residents’ personal information, and expensive and time-consuming remediation efforts to remove malicious code, recover data, and restore functionality.

In 2016, a single hacker known as Rasputin was blamed for breaching the systems at more than 60 federal, state, and local government agencies and prominent universities in the United States and United Kingdom. These included the U.S. Department of Housing and Urban Development; Child Welfare Information Gateway (maintained by the U.S. Department of Health and Human Services); Postal Regulatory Commission; State of Oklahoma; Rhode Island Department of Education; South Carolina Public Employee Benefit Authority; District of Columbia Office of Contracting and Procurement; City of Pittsburgh; Cornell University; University of Washington; University of California, Los Angeles; University of Cambridge; and University of Oxford. Rasputin stole data from these systems and then attempted to sell it on the dark web.

Ransomware attacks, in particular, have led to some high-profile cybersecurity incidents. In these kinds of attacks, hackers infiltrate the target’s systems, encrypt them so they can no longer be accessed by the target entity, and demand a ransom—typically denominated in a cryptocurrency like bitcoin that is difficult to trace—in exchange for the digital keys to unlock the system. According to StateScoop, which maintains an interactive map of public-sector ransomware attacks, there have been 361 such incidents—including 23 attacks in California—documented since January 2013.

While targets are oftentimes smaller local governments—like the 23 Texas cities hit during a coordinated attack in 2019—because these are more likely to have limited budgets and less sophisticated technological defenses, large cities like Atlanta and Baltimore have also been victimized.

For those governments and institutions that are not adequately protected and find themselves victims of a ransomware attack, the decision whether to pay the extortionists is difficult and painful. Atlanta chose not to pay approximately $52,000 in ransom in March 2018 after an attack disrupted its Police Department records system, judicial system, and infrastructure maintenance requests, and prevented residents from paying their water bills for several days. The damage ultimately took weeks to fix and cost the city more than $2.6 million.

Baltimore similarly rejected ransom demands of roughly $76,000 following a May 2019 attack—the second such attack in a little more than a year—but ended up paying much more to fix things. According to the Baltimore Sun, “The attack left city employees without access to their email, halted real estate sales in the city, and held up water billing for months.” In all, it cost the city more than $18.2 million in direct costs and lost or delayed revenue. After the incident, Mayor Bernard Young placed a nonbinding resolution before the United States Conference of Mayors, which was adopted unanimously, opposing the payment of ransomware attackers by local governments.

Federal law enforcement agencies such as the FBI and Secret Service generally counsel against paying such ransom, under the theory that it encourages more attacks. Moreover, as Mayor Young noted, paying ransom does not guarantee that the attackers will live up to their end of the bargain and fully unlock systems, and there is always the chance that they leave behind other malware that will allow them to make additional demands in the future. Others may simply refuse to reward criminal behavior, even if sticking to this principle costs them more in the long run.

But it is difficult to fault a desperate government or institution from making a simple cost-benefit decision to pay the ransom in hopes of recovering their systems and data. The Los Angeles Community College District elected to pay a $28,000 ransom in bitcoin after hackers took control of a Los Angeles Valley College email and computer network in December 2016, only days before the start of the school’s winter session. And in June 2020, the University of California, San Francisco, paid more than $1 million in ransom after an attack made servers inaccessible at its School of Medicine, noting, “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good.” Regardless of whether the larger trend is to pay the ransom or decide to deal with losses and try to fix things on one’s own, circumstances differ for various government agencies, institutions of higher learning, and private companies, and the threat of cyberattacks will not be going away anytime soon.

California IT Projects and Administration

CDT’s IT Project Tracking website lists 22 projects currently underway, with a total estimated cost of nearly $2.7 billion. Of these, under CDT’s color-coded system, four projects have been rated red—demanding immediate corrective action due to a significant risk to the health of the project—by independent project oversight reports, eight are rated yellow, indicating caution due to risks and issues identified, nine were rated green/satisfactory, and one has not been rated because there are not yet any reports available.

Among the big-ticket items rated red are the Department of Finance’s nearly $1.1 billion Financial Information System for California (FI$Cal), discussed in this report, and the Department of Corrections and Rehabilitation’s Statewide Correctional Video Surveillance Project ($386 million). The Secretary for California Health and Human Services Agency’s $421 million Child Welfare Services–California Automated Response and Engagement System (CWS-CARES) project (formerly known as the Child Welfare Services–New System) was recently upgraded from red to yellow.

California has tried a number of ways to oversee and implement its IT projects over the years. A single agency, which became the California Department of Information Technology, was responsible for IT project oversight from 1983 to 2002. It was determined that the agency was not successful, however, so its authorizing legislation was allowed to sunset and the oversight role was divided between the Department of Finance and the Department of General Services. The Office of the State Chief Information Officer (State CIO) was established in 2006, and IT project approval and oversight duties were transferred to the agency the following year.

Under the Arnold Schwarzenegger administration’s reorganization plan in 2009, the Department of Technology Services, Office of Information Security and Privacy Protection, and Telecommunications Division of the Department of General Services were merged into the California Technology Agency. During another reorganization in 2012 under the Jerry Brown administration, the California Technology Agency was renamed the California Department of Technology, which was under the direction of the State CIO, and the State CIO was removed from the governor’s cabinet (see Figure 1).

The latest development is California Gov. Gavin Newsom’s establishment of a new technology agency, the Office of Digital Innovation, with an initial budget of more than $40 million. (An agency within the CDT with the same name, which is devoted to developing technology solutions across state government, was subsequently rebranded as the Office of Enterprise Technology.) The new agency, which is charged with improving service delivery to members of the public using modern technology, will be exempt from many government procedures, and this added flexibility could prove to be a good thing if it can maintain transparency and accountability. Newsom does genuinely seem to be motivated to reform the state’s technology practices, and he has some expertise in this area. He coauthored the 2013 book Citizenville: How to Take the Town Square Digital and Reinvent Government. And he seems to grasp the scope of the problem, asserting in a Google interview that “California . . . when it comes to technology and governing, is on the leading and cutting edge of 1973.”

In yet another example of typical bureaucratic government inertia, however, Newsom’s tech agency will function in addition to—rather than replacing—the Schwarzenegger-era Office of Technology Services (formerly the Department of Technology Services), which operates with the same objective.

It is too soon to determine if the new Office of Digital Innovation will succeed in modernizing the state’s technology and improving government services, but if the many failed efforts of the past are any indication, residents and taxpayers are right to be skeptical.

Public-Sector vs. Private-Sector IT Management

Despite the state government’s IT project troubles, it would be unreasonable to expect all projects to go perfectly smoothly. With complex data projects serving hundreds of thousands of state workers or millions of citizens, there are no off-the-shelf products that will be able to handle that kind of scope or the unique demands of state agencies. Some trial and error—and, yes, even failure—is to be expected.

Though estimates vary widely, even in the private sector, large IT projects fail anywhere from about half the time to as much as 85 percent of cases (see, for example, related articles from CIO.com and Digital Journal and this study on IT project success and failure factors). The 2019 version of the Standish Group’s annual CHAOS report found that only about 16 percent of projects were deemed successful, defined as being completed on time, on budget, and with all the promised functionality. The majority (53 percent) were over cost, delayed, or did not deliver on all of the promised features, while 31 percent were total failures and had to be canceled or abandoned.

The private sector has some big advantages over the public sector, however—from the taxpayer’s or economist’s view, anyway. First, private firms are much more constrained by cost considerations. As with their other costs, IT spending will be limited based on the company’s profitability and lenders’ willingness to extend credit (with the expectation of being repaid with interest). They cannot simply rely on the faceless taxpayer or the strength of their lobbying to shoulder other government agencies out of the way for larger budgets. As a result, failing projects are more likely to be jettisoned sooner, and new solutions sought. Moreover, private companies’ and employees’ incentives to succeed are much stronger. A successful big data project may make a huge difference in a company’s bottom line—or even the difference between the business surviving or failing—and those responsible for the projects that fail are much more likely to find themselves out of a job. In the public sector, by contrast, financial decisions are based on politics instead of economic realities, taxes can always be raised, money can be shuffled from other places, the money is not yours but someone else’s, and employees enjoy such job protections that they rarely fear losing their jobs for poor performance.

Finally, contracting with a private company makes it easier to cut losses when things do not turn out well. Failed projects are not always the government’s fault. The private contractors responsible for creating and implementing the state’s IT systems often bear a share of the blame. Contractors may be negligent, disingenuously make low-ball bids, or be well-intentioned but find out that they have bitten off more than they can chew, or fail to live up to the contract due to unforeseen losses in key personnel or other factors beyond their control. Regardless of the reason, however, it is much easier to get rid of a bad contractor (and then find a good one to do the job right) than to put an end to an in-house project run by a monopolistic government bureaucracy.

As numerous independent oversight and audit reports have concluded over the years, taxpayers have had to endure more than their fair share of failed state IT projects, and there are a number of persistent problems with project planning, contracting, transparency, oversight, accountability, and execution that must be addressed in order to prevent future IT project boondoggles.

Case Studies

In telling the story of California’s string of IT project failures, there is no small list of projects from which to choose. A number of these problematic projects are described in Appendix A. In this section, I will begin with a few brief examples and then delve into some more in-depth case studies.

Department of Social Services – Statewide Automated Child Support System

One of the state’s early IT failures was the Statewide Automated Child Support System, a project of the Department of Social Services. The project was terminated in 1997 after five years and $111 million spent. In addition, the state was forced to pay $1 billion in fines to the federal government because of the delays in implementing the system.

Employment Development Department – Unemployment Insurance Modernization

The Employment Development Department (EDD) has received sharp criticism from California residents and lawmakers for its inability to process unemployment claims during the current coronavirus outbreak in a timely manner or respond to beneficiaries’ requests for help—that is, assuming one can get through to an EDD employee in the first place. It is taking the department four to six weeks just to call someone back, EDD Director Sharon Hilliard revealed during an Assembly budget subcommittee hearing in early August.

The EDD’s outdated technology is to blame for much of the delays, which have prevented Californians from receiving their much-needed unemployment checks for weeks or even months. The uproar from frustrated Californians has prompted Assemblyman Jim Patterson (R−Fresno) to call for an audit of the EDD. At the subcommittee hearing, which the Sacramento Bee described as “testy,” Hilliard labeled the department’s unemployment processing IT system as “antiquated,” and acknowledged that its computer system has long been a problem.

Gov. Newsom had a similar assessment of the EDD’s aging IT system. “Unprecedented demand due to job loss during this pandemic paired with an antiquated system have created an unacceptable backlog of claims,” Newsom said in a statement, in which he also announced the creation of a “strike team” to devise a plan to improve operations at the EDD, including a “reimagining” of its IT systems.

Five months after the coronavirus outbreak prompted state and local government officials to mandate closures and severe restrictions of private businesses, schools, and other government institutions, throwing millions of people out of work, the EDD still has a backlog of nearly 1 million unemployment claims, which will take another two months to clear, according to Gov. Newsom. And still more delays are on the horizon. Supplemental unemployment benefits of $600 per week, paid for by the federal government, expired on July 31, 2020. Additional benefits are expected, but, as of this writing, Congress has not yet come to an agreement on how much those extra benefits will be or how long they will be available. Because of the difficulties in making changes to the EDD’s ancient computer system, Director Hilliard warned that it could take the state as long as 20 weeks to process any additional federal unemployment benefits.

It is not surprising that the EDD has struggled with the substantial surge in unemployment claims during the coronavirus pandemic. During the first five months of lockdowns and restrictions due to the COVID-19 outbreak, the EDD has processed 9.3 million claims, more than double the 3.8 million claims filed during the worst year of the Great Recession in 2010 (which actually occurred after the official end of the recession). But such surges should not come as a surprise to a department that knows it is most needed during economic downturns that typically occur every three to 10 years. It should, thus, be prepared to handle periodic rapid increases in the number of claims filed. Yet, as the Sacramento Bee reported in April 2020, the EDD “has known for years it was unprepared for widespread job losses.”

The EDD has tried to upgrade its IT systems before, but these efforts were clearly insufficient. The department embarked on its Unemployment Insurance Modernization (UI Mod) project in 2003 to upgrade its call center and do a redesign of its continued claims system. The cost was initially estimated at $96 million but ballooned to $246 million due to numerous schedule delays and scope changes. The call center upgrade was completed in 2011, but problems implementing the first part of the continued claims redesign led to significant backlogs and payment delays affecting hundreds of thousands of beneficiaries in the fall of 2013. The remainder of the continued claims redesign, originally scheduled to be finished by June 2008, was finally completed in 2015.

The upgrades were not completed in time to allow the EDD to properly handle unemployment claims during the Great Recession of 2007–2009, however, and the system quickly became overloaded, leading to delays processing claims and severe difficulties for people trying to get through clogged phone lines for assistance. Now, even after the UI Mod upgrades were made, we are seeing a similar situation play out during the current coronavirus pandemic.

Another $30 million IT upgrade project has been in the works since shortly after the UI Mod project was completed but it remains mired in the planning stages after four years. It is expected to finally begin later this year and take four years to complete, if all goes well.

Department of Consumer Affairs – BreEZe Occupational Licensing System

The Department of Consumer Affairs launched its BreEZe occupational licensing processing system in 2009 with an estimated $28 million cost. By 2015, costs had more than tripled to $96 million and only 10 of the 37 boards and commissions to be included had transitioned to the system, leading to the project’s termination. Moreover, the State Auditor’s office chastised the Department of General Services and the Department of Consumer Affairs for agreeing to contract modifications that shifted significant risk to the state by, for example, limiting its ability to terminate contracts and eliminating protections it would have had in the event of intellectual property rights violations. Some of the remaining boards and bureaus are scheduled to receive IT upgrades over the next several years, and the Legislature provided $5.5 million for IT system improvements at six of these entities in the fiscal year 2019–20 budget, though full project costs have not yet been determined.

Department of Motor Vehicles – Multiple Projects

The Department of Motor Vehicles (DMV) has suffered from a number of IT failures over the years, from repeated computer outages to aborted attempts to modernize its IT systems to failed rollouts of the “motor voter” registration program and the issuance of Real IDs. Last year, Governor Newsom famously chided the DMV for its antiquated and “byzantine” technology and its inability to accept credit cards at its field offices. The California DMV received a California Golden Fleece® Award for these, and many other, failures.

The DMV’s Info/California, or Database Redevelopment Project, an attempt to update its 1960s technology, was scrapped after seven years in 1994 after costs had risen from $28.5 million to $49.4 million. It made another attempt to update its driver’s license and vehicle registration systems in 2006 with its IT Modernization Project, but the half-finished project was terminated in 2013 after spending $136 million and completing only the driver’s license system portion.

If this was not bad enough, the DMV has some serious issues with data privacy. The department announced in November 2019 that it had inappropriately shared thousands of customers’ personal information—including Social Security numbers, in some cases—with federal, state, and local government agencies such as the San Diego County and Santa Clara County district attorney offices, the Internal Revenue Service, the Department of Homeland Security, and the California Department of Health and Human Services. Furthermore, an investigative report from Motherboard discovered that the DMV is generating more than $50 million a year by selling drivers’ personal information.

In addition to the aforementioned projects, there are a few state IT projects which stand out due to the size of their scope and costs—and the equally grand scale of their failures. These case studies will take a look at what went wrong with the statewide financial management system project, known as FI$Cal, the State Controller’s 21st Century Payroll Project, and the case management system for the state’s superior courts.

1. FI$Cal

The Financial Information System for California, commonly known as FI$Cal, is the largest and most expensive IT project in the state’s history. You will notice that the project’s creators cleverly replaced the “S” in the acronym with a dollar sign, perhaps to indicate all of the taxpayer dollars to be wasted on a project beset with numerous delays and cost increases.

The project, which has been ongoing for 15 years, seeks to integrate the state’s accounting, budgeting, cash management, and procurement processes. This is an ambitious yet worthy goal, given the existing patchwork of hundreds of individual agency IT systems, many of which rely on decades-old technology. The execution of the project has been nearly as much of a mess as all those aging, stand-alone IT systems, however, with drastic changes to the project’s scope, goals, and deliverables contributing to significant delays and cost adjustments.

FI$Cal originally had much more modest plans, focusing on improving the Department of Finance’s budget development and administrative tasks. Put forth in 2005, it had a six-year deadline and a projected cost of $138 million. Just a year and a half later, the Schwarzenegger administration decided to use the opportunity to make the project into a broad replacement of the state’s entire financial management infrastructure, bumping the price tag to nearly 10 times the original amount ($1.3 billion) and extending the deadline to 2015. An updated project plan the following year upped the cost to more than $1.6 billion and pushed the completion date back to 2017. In 2012, a shift to a phased implementation approach helped reduce cost estimates to $617 million and moved the deadline up one year to 2016. Several other special project reports (SPRs) filed in 2014, 2016, 2018, and August 2019 (SPR 8) incrementally pushed up project costs and pushed back the final implementation date. The project is currently estimated at nearly $1.1 billion, with a scheduled completion date of July 2020, though the administration and watchdog agencies considered this to be overoptimistic (see Figure 2). In fact, the project was not able to complete the entire scope detailed in SPR 8 and is currently in the process of submitting an updated report to address the remaining functions. It did complete an interim solution to implementing accounting and cash management processes for the State Controller’s Office and State Treasurer’s Office, designed to provide additional time to develop and test the functions before they are fully implemented, but whether the solution will ultimately work remains to be seen.

Figure 2. Evolution of the FI$Cal Project Cost, Schedule, and Scope
Project Plan Total Estimated Project Cost (in Millions) Final Implemen-tation Date Estimate Summary of Project Plan
Feasibility Study Report
July 2005
$138 July 2011 The initial IT project was much more modest in scope than the current project. The Budget Information System, as the project was then known, was envisioned to better meet the Department of Finance’s budget development and administrative needs.
Special Project Report (SPR) 1
December 2006
$1,334 June 2015 The Schwarzenegger administration realized there was a need to modernize and replace the state’s entire financial management infrastructure. SPR 1 proposed increasing the scope of the project to include developing a single integrated financial information system for the state. The project would integrate the budgeting, accounting, cash management, and procurement functions of the state. Four partner agencies were identified—the Department of Finance, State Controller’s Office, State Treasurer’s Office, and Department of General Services—and the project was renamed FI$Cal. The SPR extended the schedule by four years and increased the cost by nearly $1.2 billion.
SPR 2
December 2007
$1,620 June 2017 SPR 2 analyzed advantages and disadvantages of various FI$Cal alternatives but proposed maintaining the project’s expanded scope to integrate the state’s financial management processes. The SPR extended the schedule by two years and increased the cost by nearly $300 million.
SPR 3
November 2009
Unspecified Unspecified SPR 3 established the use of a multistage procurement approach. The multistage procurement strategy would assist the project in eliciting more qualified system integrators and more responsive proposals for building the FI$Cal system. The total cost and schedule for the project was left unspecified. At the conclusion of the procurement, when the software application and vendor would be selected, the project would submit SPR 4.
SPR 4
March 2012
$617 July 2016 SPR 4 updated the project cost and schedule based on the contract with the selected vendor. The total project cost for the FI$Cal system was estimated at about $620 million, about $1 billion less than estimated in SPR 2. The cost reduction is attributed to (1) updated estimates and (2) the move to a more phased implementation approach that resulted in lower overall project costs through reduced risk to the vendor and lower state staffing costs. The system would be completely implemented in July 2016.
SPR 5
January 2014
$673 July 2017 SPR 5 made various changes to the project’s implementation approach to reflect lessons learned over the two years since the vendor was selected and the development of the system began. The SPR resulted in a one-year schedule extension and increased the total project cost by $56 million.
SPR 6
February 2016
$910 July 2019 SPR 6 made various changes to the project’s implementation approach to reflect lessons learned since SPR 5. SPR 6 resulted in a two-year schedule extension and increased the total project cost by $237 million.
SPR 7
February 2018
$918 July 2019 SPR 7 made various changes to the project’s implementation approach, the largest of which was an alternative approach to implementing the State Controller’s Office and State Treasurer’s Office’s accounting and cash management functions in FI$Cal, called the “Integrated Solution.” SPR 7 did not extend the schedule for project completion, and increased the total project cost by $8 million.
SPR 8
August 2019
$1,063 July 2020 SPR 8 introduced a new definition of project completion for FI$Cal—the minimum viable product (MVP) for the Integrated Solution—that removed a number of planned activities and system functions from the project scope, while adding additional hours to complete what project scope remains to achieve the MVP. SPR 8 extended the schedule for project completion by one year and increased the total project cost by $145 million.

If you are the most populous state in the nation and your agencies must process an extraordinarily large number of transactions, you are not likely to find off-the-shelf software ready to go. Furthermore, certain customizations may help to increase efficiency to speed the processing of transactions or reduce the need for human data entry, which can also lead to greater data entry errors.

But it defeats the whole purpose if the new IT systems do not work as intended and you end up having to use even more staff—some to manage the new systems and others to operate the legacy systems that must still be relied on because the new systems are unable to replace them. And that is exactly what has happened in California with FI$Cal.

A number of agencies using FI$Cal continue to use their legacy financial IT systems, due either to reliability issues or the fact that their legacy systems offer needed functions that FI$Cal does not. It is unclear whether the state will be able to force these agencies to decommission their legacy systems, but one thing is clear: the need to operate multiple systems simultaneously is likely to lead to significant waste and inefficiency.

When the project continually exceeded its budget, missed its deadlines, and failed to perform as advertised, the state merely changed the definition of success and lowered the bar for project benchmarks.

When significant cost, scope, or other changes are to be made to a project, a special project report (SPR) is required to lay out the new project plan. The most recent FI$Cal SPR, published in August 2019 (and the eighth such SPR in the project’s long history, as indicated in Figure 2), introduced the concept of the “minimal viable product” (MVP). This is the condition in which the IT system has just enough features for users to determine whether or not it should continue to go forward and, if so, to provide suggestions to improve the project in future versions.

FI$Cal consists of six project “milestones.” Under SPR 8, some of Milestone 5, implementing functions that the State Controller’s Office needs for statewide financial reporting, and all of Milestone 6, finishing all remaining functions, including decommissioning the controller’s legacy system and making FI$Cal the state’s book of record, would be shifted until after the project was officially determined to be completed. These are some rather critical steps to be made an afterthought, with a weaker guarantee of ever being implemented. The state’s independent Legislative Analyst’s Office (LAO) noted that this means a substantial 37,500 hours of work would be required to complete the project after the project technically ends. The LAO also found that the $145 million increase in the project’s price tag does not include nearly $26 million in implementation costs for the State Controller’s Office, nor costs for state agencies to hire and train staff or change their business processes to accommodate the new system, for which the Legislature made an additional $64 million appropriation last year.

So, as the state auditor has noted, the system’s accounting function may now be considered “implemented” for a state agency even if the agency has not transitioned from its legacy system to FI$Cal and is unable to produce financial statements on the new system.

The LAO was similarly boggled by SPR 8’s linguistic gymnastics and attempt to move the goal posts to redefine the metrics and success of the project:

The project would end on this date even though some planned system functions will not be implemented, some departments will not be using the system, and some legacy financial IT systems will not be decommissioned. As a consequence, the project will not deliver what the Legislature expected when it authorized FI$Cal, and the Legislature will receive budget requests in future fiscal years to complete unfinished work that was originally within the project scope. Why the administration is defining the end date of the project in this way, when its common practice has been to move the end date further out, if needed, to get all of the planned activities done, is unclear.

It should go without saying that all of the project functions should be included in the project scope, and FI$Cal should not be considered complete until all of those functions are fully implemented, tested, and verified.

In addition to the increases in the cost of implementing FI$Cal, the project could end up imposing other substantial costs after it is complete. The state auditor has warned that the current FI$Cal plan could leave the state controller unable to produce accurate monthly financial reports for state agencies or the state’s all-important comprehensive annual financial report (CAFR), which is used to determine the state’s credit risk and credit rating.

A 2019 project status letter cautioned that “the state is at risk for delayed and incomplete or inaccurate financial reporting, which may have serious statewide consequences.” Should creditors lose confidence in the timeliness or accuracy of the state’s CAFRs, California’s credit rating would likely fall and creditors would demand higher yields on the bonds sold by the state to finance its spending. “[A] CAFR that is published late or with a modified audit opinion could erode stakeholder and investor confidence in the state’s financial condition and potentially affect the state’s borrowing costs,” the state auditor noted.

Concerns over FI$Cal’s cost and full implementation date are bad enough, but there are also serious questions about whether it will actually work as intended. Of the 152 agencies using FI$Cal, only 77—representing about half the agencies and a mere 12 percent of total agency budgets included—were able to close their financial statements by October 2019. As of November, sizable agencies like the Department of Education (with a nearly $82 billion budget), Employment Development Department ($14.9 billion), and California Community Colleges Chancellor’s Office ($10 billion) still had not submitted their fiscal year 2018-19 year-end financial statements. In addition, nine agencies—including large departments such as the Department of Corrections and Rehabilitation, Department of Transportation, and Department of Motor Vehicles—are deferred from the FI$Cal system, meaning they will be incorporated into the system at a later date, and 10 others are exempt and will not be included at all.

2. 21st Century Project / MyCalPays

Similar to the FI$Cal project, the 21st Century Project of the State Controller’s Office has been going on for many, many years—21, to be precise—and still is far from coming to fruition. It has the dubious distinction of being terminated not once, but twice.

The 21st Century Project’s payroll and human resources system is intended to replace a legacy system that the Sacramento Bee described as an “error-prone system, instituted in the Vietnam War era when the state had 40 percent fewer employees and wasn’t engaged in collective bargaining.” It would handle payroll for the state’s 250,000 civil service employees, as well as University of California workers who are paid through the system, and would be the largest payroll modernization effort in the nation.

The effort began way back in 1999 with a $1 million appropriation from the Legislature. In fact, the project has been flailing so long that the 21st Century Project name has become outdated, and thus it was rechristened the MyCalPays system.

The full project was approved at a cost of $132 million in 2004. Multiple delays pushed the project’s cost up to $373 million—nearly three times the initial estimate—and the state controller ended up terminating the project with contractor BearingPoint Consulting Inc. in January 2009.

The controller’s office made a second effort the following year, signing a contract with SAP Public Services Inc. Within the first year-to-year-and-a-half, however, the CDT raised concerns over data conversion delays. SAP hired a subcontractor to address the issue, but problems remained.

A pilot test of 1,300 state controller employees in June 2012 turned out to be a disaster. As a September 2013 state auditor’s report explained, summarizing information on the state controller’s website, “eight months of payroll testing of the new system failed to produce one pay cycle without material errors. . . . As a result, state employees were paid too much, paid too little, or they and their family members were denied medical coverage to which they were entitled.”

This led to the project being canceled for a second time in February 2013. Thus, the state auditor noted in a March 2015 report that “the state continues to use its aging legacy payroll system after spending $262 million to unsuccessfully develop the project.” A 2016 legal settlement did result in SAP refunding $59 million of its $90 million contract, at least.

The state auditor criticized CDT for being far too slow to react when problems arose, despite months of warnings through independent project oversight reports. In addition, it chastised CDT for not heeding repeated oversight reports warning that state controller staff were not attending the contractor’s training sessions and that the controller was not formally monitoring this knowledge transfer (or lack thereof), which could force the agency to hire—at significant cost—a contractor to maintain the MyCalPays system after its implementation.

The existing system’s age and inflexibility appear to be taking a toll—and the state’s own employees are the victims. Some 19,000 state workers have been forced to wait months for their approved pay increases to be processed. “The raises require CalHR to prepare specific technical instructions that the State Controller’s Office has to program into its 1970s-era payroll system,” a February 2020 Sacramento Bee article explained.

The California Attorneys, Administrative Law Judges, and Hearing Officers in State Employment union, which represents more than 3,800 legal professionals in the state, announced in December 2019 that it was considering filing a lawsuit against the state over delays in previously approved pay increases. And the local unit of the International Union of Operating Engineers (IUOE), which represents 900 workers who operate state machinery and water plants, sent a letter to CalHR Director Eraina Ortega in late November 2019 urging the department to finish processing its raises, which include special salary increases of up to 25 percent for workers who have been on the job for at least seven years, hold special certifications, and/or live in remote or high-cost areas.

“There is no rational reason it should take more than three months to process [the workers’] increases, or, at a minimum, to have a time frame in which employees can expect their increases,” Steve Crouch, the IUOE’s Unit 12 coordinator and director of public employees, Local 39, stated in the letter. “Furthermore, employees are concerned about any tax implications they may endure if they received their increases after the new year.”

After two more months without a resolution, the engineers’ union filed a grievance with CalHR in late January 2020 over the delay.

California Highway Patrol officers and the California Statewide Law Enforcement Association’s 7,300 workers, who include dispatchers, security officers, and park rangers, were also affected by the delay.

Payroll problems are not the only technology issues plaguing the State Controller’s Office. Its aging computer system also threatens the transparency of the state’s finances.

According to watchdog group Open the Books, California is the only state in the nation to refuse to make public its line-by-line spending information. After six years of trying—and failing—to get the information from the State Controller’s Office, Open the Books announced in January 2020 that it had filed a lawsuit against the state under Article I, Section 3, of the California Constitution and the California Public Records Act to force the state controller to turn over the various records regarding state expenditures, including line-by-line records of vendor payments.

“The alleged inability of the Controller to produce the public records sought by Plaintiffs beggars belief,” the organization said in a statement. Open the Books added:

If the Controller cannot effectively manage records of state vendor payments, and maintain those records in a searchable database such that it can provide some minimal level of transparency into its core operations, then it seems it should be impossible for the Controller to meet its other obligations, such as providing auditing services and financial oversight for the entire state apparatus of the fifth largest economy in the world. If the Controller truly cannot track its own use of government monies, then it cannot effectively stop waste, fraud, corruption, and taxpayer abuse.

Despite all its troubles, current California state controller Betty Yee has not given up on MyCalPays.

“It’s a priority of my second term,” Yee told the Sacramento Bee in February 2019. “I want the damn thing started.”

It is probably not going to happen before her successor takes office in 2023, though, she added.

3. Court Case Management System

Even the judicial branch of government has not been immune to IT project challenges. An effort to provide a unified case management system for the state’s courts languished for a decade before the state was finally forced to pull the plug in 2012 after only partial implementation in a small number of superior courts—but not before spending more than $500 million on the failed project.

The state’s trial courts used to be funded by county governments. In an attempt to improve efficiency and financial planning and provide more financial stability to courts in some struggling counties, the legislature passed Assembly Bill 233, the Lockyer-Isenberg Trial Court Funding Act of 1997, which shifted funding responsibility from the counties to the state. In the June 1998 election, California voters overwhelmingly approved Proposition 220, the Superior and Municipal Court Consolidation Amendment, a constitutional amendment that effectively allowed the municipal courts to merge with the superior courts and was intended to streamline operations.

In an attempt to replace some 70 disparate IT systems for the state’s 58 county courts, many of which are unable to interface with one another, the state embarked on the California Court Case Management System (CCMS). The statewide system was to offer coordinated scheduling, interagency interfacing, and statewide reporting; provide judges and members of law enforcement access to real-time court information; and allow citizens to electronically file documents, access information, and make payments online. Proponents claimed the CCMS would “improve the access, quality, and timeliness of justice; promote public safety; and enable court accountability.” Like many of the other examples detailed in these pages, these are noble goals. Unfortunately, the planning and execution fell far short.

In 2004, the cost of the CCMS was estimated at $260 million and the system was expected to be fully deployed in fiscal year 2008-09. By 2010, the timeline had been pushed back seven years, to fiscal year 2015-16, and expected costs had ballooned to nearly $1.9 billion—and this did not even include an additional $1 billion estimate to install the system nor another $391 million to manage it over the ensuing four years.

One of the major factors behind the substantial price tag increase was the large number of contract amendments, or change orders, demanded by the Administrative Office of the Courts (AOC). A contract with Deloitte Consulting LLP to assist in developing the system, for example, saw 102 change orders over a seven-year period, which raised the contract’s cost from $33 million to $310 million. Moreover, the AOC failed to structure the contract, which also covered the development and deployment of the courts’ separate criminal system and civil system, to ensure that superior courts could test the civil system in a live operational environment before the warranty expired. After being burned by this when thousands of civil system defects cropped up after the expiration of the warranty, the AOC negotiated with the contractor to ensure that the same thing did not happen with the CCMS itself.

To make matters worse, money was being wasted on the doomed project at the same time that the courts were suffering budgetary strife and were forced to close courtrooms and courthouses, resulting in case backlogs and delayed justice.

“We are closing courtrooms, we are laying off people we need to run the courts, and at the same time here they were spending this money,” said Kern County Superior Court Judge David Lampe, head of the Alliance of California Judges, a “dissident” group of hundreds of judges that advocates for fiscal responsibility in the state’s court system.

The State Auditor’s Office issued a damning report on the CCMS in February 2011. In an introductory letter to the governor and legislative leaders, State Auditor Elaine M. Howle summarized the project’s failings:

This report concludes that the AOC has not adequately planned the statewide case management project since 2003 when the Judicial Council of California directed the AOC to continue its development. Further, the AOC has not analyzed whether the project would be a cost-beneficial solution to the superior courts’ technology needs and it is unclear on what information the AOC made critical decisions during the project’s planning and development. In addition, the AOC did not structure its contract with the development vendor to adequately control contract costs. ... Further, although the AOC fulfilled its reporting requirements to the Legislature, the four annual reports it submitted between 2005 and 2009 did not include comprehensive cost estimates for the project, and the AOC’s 2010 report failed to present the project’s cost in an aggregate manner. Moreover, the AOC has consistently failed to develop accurate cost estimates for the statewide case management project, which is now at risk of failure due to a lack of funding.

Due to these shortcomings, the auditor noted, the seven superior courts using interim versions of the case management system “experienced challenges and difficulties in implementation, and some are reluctant to implement CCMS. Many of the remaining 51 superior courts not using an interim version expressed uncertainty about various aspects of the project.”

So, other than a lack of cost-benefit analysis or business case justification for the project, inadequate planning and oversight, a lack of transparency regarding cost estimates, a dearth of analysis and documentation to support key project decisions, poor contract structure, operational issues that prompted some courts to refuse to adopt the system, and a failure to obtain the funding needed for full deployment of the system, the project went swimmingly.

In response to the serious issues raised by the state auditor, the Judicial Council of California—the policy-making body for the state’s courts—voted to kill the CCMS project in March 2012. Contractor Deloitte Consulting agreed to refund $16 million due to project delays and quality issues.

Recommendations

California’s government IT projects have suffered deficiencies in a number of different areas, which have led to wildly inflated costs, years of project delays, hundreds of millions of dollars wasted on systems that had to be abandoned, and continued reliance on outdated and unstable legacy systems. The areas for improvement include project planning, contracting, implementation and oversight, accountability, and data privacy. Below are 20 recommendations and best practices intended to help resolve these significant problems.

Planning

1. Ask Whether This Is a Proper Function of Government

The first consideration in any project should be whether the government should be engaging in such an activity at all. California has a large and intrusive state government. Continually adding more programs, more regulations, and more bureaucracy also tends to add to IT demands and the amount of information that the government collects on its citizens and residents. We should, therefore, begin by asking whether we are asking too much of government, or giving it too much power and influence over people’s lives. Decision makers should also explore whether a given function—IT-related or otherwise—could be better provided by the private sector.

2. Need for Thorough Up-Front Planning

There can be a thin line between doing one’s due diligence and doing so much up-front analysis that projects end up stalled right out of the gate, but proper planning prior to the signing of contracts can go a long way toward avoiding misunderstandings and other headaches down the road. This should include not only a clear delineation of what functions IT systems are to perform but also performance measures that can be used to quantify and track whether the system is meeting those standards.

It is practically inevitable that problems and opportunities for more efficient solutions will be discovered during the implementation of large IT projects. But proper planning and clear delineation of what the technology is expected to do at the outset can reduce the need for costly midstream changes and delays.

3. Require a Cost-Benefit Analysis and Business Case Justification

One common theme for many of the projects discussed in these pages is insufficient—and even nonexistent—cost-benefit analysis and a business case justification for the project. This is a crucial element of any such project, but has been lacking in a number of cases, leading to substantial delays and sometimes the need to drastically change direction in the middle of a project.

Contracting

4. Always Competitively Bid Projects

Outsourcing offers a number of benefits for government agencies and taxpayers—whether for IT systems or any other goods and services—but there are good and bad ways to do it. The DMV’s Database Modernization project, for example, showed the folly in relying on sole-source contracts. Introducing a competitive bidding process reduces the opportunity for cronyism—or even the appearance of it. State law generally requires competitive bidding, except in particular circumstances, but state agencies do not always comply with this policy.

Perhaps the greatest benefits of competition, as opposed to doing projects in-house without seeking alternatives or relying on sole-source contracts, is the introduction of competition to an otherwise monopolistic government bureaucracy. Competition changes incentives drastically (as will be discussed in further detail below) and provides the greatest motivation to realize cost savings, high-quality services, risk mitigation, and other benefits. As the state auditor acknowledged in a June 2017 report, “economic experts agree that competition in public procurement benefits taxpayers and consumers by providing lower prices, greater innovation, and improved products and services.”

This is particularly important for such large, complex, and costly projects. Even if there are only a handful of firms capable of handling a particular big data project, allowing them to compete for the contract will force them to lower their prices, maximize their service quality, and help the state to achieve the best value possible.

5. Be Willing to Go with the Best Value, Not Always the Lowest Price

While IT decision makers should always keep taxpayers’ interests in mind, this does not mean that they should always go with the lowest bid. It may be better to go with the bid that offers the best value, as opposed to just the best price, if the company can offer additional benefits through unique expertise, more important functionality, better customer service and training of government staff on the new system, etc. This will also help to mitigate low-ball bids. The key is that the government should be able to provide a convincing case why it selected a particular contractor (and document that reasoning).

6. Use Contracts to Transfer Risk from the State to the Contractor

In addition to cost savings and the ability to utilize outside expertise that is not available in-house, another primary, though often overlooked, benefit of outsourcing is the ability to shift financial and legal risk from the government to the contractor. This seems to have been underutilized in some cases, however, particularly with the Department of Consumer Affairs’ BreEZe IT system, intended to handle all of the main IT functions for 37 of the department’s 40 occupational licensing boards, bureaus, committees, and a commission.

During the request-for-proposals phase of the procurement process, only Accenture submitted a protest, proposing 44 modifications to the state’s standard IT contract. For reasons unknown, the Department of General Services accepted 18 of these modifications, responded with its own revisions to 19 others, and rejected just seven. Additional changes were made during contract negotiations after Accenture was deemed to be the only responsive bidder. As the State Auditor’s Office explained in 2015, “some of those accepted changes to the standard IT contract’s terms and conditions decrease Consumer Affairs’ ability to obtain rights to work product that Accenture builds if Consumer Affairs terminates the contract early, and they reduce Consumer Affairs’ financial protections in the event of intellectual property rights violations.”

Wherever possible, contracts should, thus, include provisions that transfer risk to the contractor and protect California taxpayers’ financial and legal interests.

7. Ensure that Warranties Do Not Expire Before IT Systems Can Be Tested and Fixed

This recommendation is also related to risk transfer, but deserves special mention due to the state’s repeated mistakes to properly address it in its IT contracts. While outsourcing offers many benefits, as the example above of the Department of Consumer Affairs’ BreEZe project demonstrates, contracting is only as good as the contract itself.

California has seen too many IT projects—or phases of projects—“completed,” only to discover that systems could not be tested before the expiration of the contractor’s warranty. Not surprisingly, this has led to the discovery of additional functionality problems, for which the state was forced to bear significant additional time and costs to resolve.

For example, the Court Case Management System project of the Administrative Office of the Courts was burned when it was unable to test its civil system in a live operational environment before the contractor’s warranty expired, and it ended up having to deal with thousands of system defects that were no longer under warranty. It learned its lesson the hard way, and negotiated with the contractor to ensure that the same thing would not happen again for other portions of the project.

8. Utilize Performance-Based Contracting

A competitive bidding procurement process may provide great incentives to lower costs and increase quality and accountability, but these incentives may be enhanced further through the use of performance-based contracting. Performance-based contracts may offer bonuses for contractors who deliver results above and beyond baseline expectations, or who consistently meet deadlines, as well as financial penalties for those who are not meeting objectives spelled out in the contract. The contract should stipulate corrective terms, clearly describing the processes to be taken—and penalties imposed, if necessary—when problems arise. (For more detailed discussion of performance-based contracting, see the Reason Foundation’s helpful how-to guide.) A good model for this is the State of Washington, which successfully implemented a comprehensive statewide performance-based contracting approach nearly a decade ago. It has also been used, for example, to help significantly reduce recidivism in Pennsylvania at dozens of community corrections centers run by private operators and to improve highway maintenance through cost savings and higher road maintenance ratings in Florida, Virginia, Washington, DC, and nations such as Argentina, Australia, and New Zealand.

9. Minimize Change Orders and Contract Amendments

If the planned strategy or execution of an IT project clearly is not working out, significant changes may be necessary, but state agencies should not make a habit of doing this. When substantial changes are made to a project, they generally come with high costs, so, as mentioned previously, proper planning goes a long way.

A contract with Deloitte Consulting to assist in developing the Court Case Management System project, for example, saw 102 change orders over a seven-year period, including incorporating additional courts into the systems, which raised the contract’s cost from $33 million to $310 million.

Worse still is the fact that state agencies sometimes use contract amendments to increase existing contract values, or award additional contracts, without undergoing the competitive bidding process. The Employment Development Department used four amendments—three of which were not competitively bid—to increase a contract for the processing of unemployment claims from $600,000 to $10 million. This is a failure not only of contracting, but also of planning and oversight.

In a scathing report criticizing state agencies’ failures to prevent these abuses, the state auditor concluded:

[The Department of General Services and California Department of Technology] approved nine noncompetitive requests—with a total value of nearly $1 billion—that agencies likely could have avoided had they engaged in sufficient planning by, for example, issuing requests for proposals in a timely manner. Although both General Services and Technology have mechanisms they can use to encourage agencies to comply with noncompetitive procurement policies, they rarely employed them during our five-year audit period. Until General Services and Technology create consequences for agencies that habitually overuse noncompetitive requests, these agencies will have little incentive to change.

10. Do Not Be Afraid to Cut Your Losses

Even when IT projects do not work out, another benefit of outsourcing is that it is much easier to fire a private-sector contractor than a government agency. Private companies are not perfect and sometimes fail to live up to contracts due to negligence, miscommunication, the loss of key personnel, or other reasons. When it becomes clear that an IT project is not going to function as intended, within reasonable cost and schedule, project managers must not be afraid to terminate the contract and look for alternative solutions.

In a number of the state’s IT projects, serious issues were allowed to remain unaddressed for long periods of time, and projects were allowed to continue well after it should have been clear that they were destined to fail. Those responsible for the projects, and who hope to benefit from their implementation, understandably have a lot invested in them, but, as the economists say, “sunk costs are sunk.” In other words, money spent is gone and decisions should be made based on the best outcomes that can be achieved going forward, rather than hanging onto a project too long—and, thus, digging an even deeper hole—because you do not want to admit failure and are fixated on the amount that has been wasted.

Contracts do not necessarily have to be terminated at the first sign of trouble, however. Sometimes, suspending the project to allow additional cost-benefit or other analysis to determine whether and how a project should proceed is the best course of action.

11. Improve In-House Contracting Expertise or Outsource This Function

The numerous and repeated errors to abide by the aforementioned recommendations and best practices demonstrates that the state must further develop its in-house contracting expertise, whether at CDT, the Department of General Services, or another agency. If the state is unable to appreciably improve this function to prevent such mistakes and deliver greater cost savings and improved product and service quality, then it should be outsourced to an independent private firm (or firms) with demonstrated contracting expertise.

12. Do Not Pile New Bureaucracies on Top of Old Ones!

Gov. Gavin Newsom brought in some new blood to reinvigorate the state’s use of modern technology to improve state service delivery. The newly established Office of Digital Innovation has a budget of more than $40 million and is exempt from many government procedures, which is intended to make it nimbler and more effective. However, Newsom chose to maintain the Schwarzenegger-era Office of Technology Services, which has the same basic mission.

How ironic that an attempt to improve efficiency and service delivery led to duplication, waste, and inefficiency.

Oversight

13. Invest in Data Security to Better Defend Against Cyberattacks

Ransomware and other cybersecurity attacks are on the rise and have victimized governments at all levels in recent years. This makes it all the more crucial to invest in adequate data security measures. This includes simple things such as regularly installing software updates and security patches, as well as more cumbersome and expensive endeavors like wholesale upgrades of large systems’ infrastructure. Maintaining offline backups of data and utilizing coding best practices, particularly for web applications, provide additional protections. In case all else fails, and in a sign of the times, insurance policies are now available that cover such cybersecurity incidents.

14. Improve Follow-Through to Ensure That Project Issues Are Resolved

It is clear that CDT is oftentimes much better at identifying issues of concern during IT projects than ensuring that these issues are resolved. In many cases, numerous serious concerns were identified by CDT and other oversight agencies and contractors, but those in charge of oversight were too slow to act on them and demand that these problems be fixed. Sometimes, as with the State Controller’s Office’s MyCalPays system, projects have been allowed to continue for months or years after serious issues were discovered—at a cost of millions of dollars—before the contracts were ultimately suspended or terminated.

While it is great that CDT is uncovering these problems, the agency must rededicate itself to making sure that there is adequate follow-through to address them. Additional training for independent project oversight analysts on when to recommend corrective actions to their managers could also help.

Part of the blame for this also rests on the agency that is implementing the IT system. Too often, the sponsoring agency has ignored CDT’s prodding (as well as that of independent audits) to work with the contractor to resolve such issues.

15. Improve Documentation of Important Project Concerns, Decisions, and Action Items

One way to improve transparency and accountability is to assiduously document important issues, actions taken, and project status. The state auditor found that CDT (1) failed to document action items from meetings between it and sponsoring agencies; (2) failed to document issues that independent project oversight analysts had elevated to the State CIO, or pursue the resolution of these issues; and (3) inconsistently retained project status reports submitted by sponsoring agencies. Such documentation can be used not only to better hold people accountable, but also as a reference to better track project developments and improve decision making.

16. Change the Incentives and the Culture

Given the state’s numerous failed IT projects, it would be tempting to simply say, “Do your jobs better,” but this would not be particularly helpful, and the voluminous—and growing—catalog of audit and independent project oversight reports that suggest much the same do not appear to be having the desired effect. IT project oversight and implementation is not likely to materially improve without a change in incentives and a change in culture.

As discussed above, competitive bidding for projects, the use of performance-based contracts, and outsourcing more contracting and oversight functions could introduce better incentives (which are more typically found in the private sector) to minimize costs and maximize quality and accountability.

Changing the monopolistic, status quo culture at bureaucratic government agencies—where finances and goals are determined by politics rather than by performance and economic considerations—is much more difficult, and will require the sustained efforts of competent and dedicated employees, particularly at the top.

17. Outsource the California Department of Technology

If CDT cannot adequately perform its oversight functions—and there is a long track record that points in that direction—then perhaps it is time to outsource CDT entirely. Over the past two decades, a number of state and local governments—including San Diego County, Florida, Georgia, Pennsylvania, Texas, and Virginia—have engaged in large-scale IT outsourcing. Moreover, this would also help to mitigate the problem of personnel turnover. The state already outsources some technology oversight functions, so this should not be too much of a stretch.

Accountability

18. Need for Better Leadership

As alluded to above, one of the ways to improve oversight is to change an agency’s culture, from a culture of stagnation and mediocrity to a culture of accountability and proficiency. This depends largely on the leadership and involvement of members of the executive office and those at CDT and sponsoring agencies that are in charge of IT project oversight and implementation. A good leader’s attitude and work ethic can be contagious and filter down through the organization, though any positive changes are likely to last only so long as such competent leaders and employees remain at their agencies.

This is sadly lacking in key positions in the state government.

“Nobody wants to take risks,” California Air Resources Board member Dean Florez, who previously served in the Assembly and the state Senate, told CalMatters. “Nobody wants to stick their neck out” on state technology decisions.

As a senior figure involved in trying to end the string of IT project failures during the Schwarzenegger administration explained to CalMatters columnist Dan Walters, “The No. 1 reason IT projects fail is because there is usually no executive sponsorship of the project.” And if the supposed leaders of state agencies are not seriously invested in, and taking responsibility for, IT projects, then those underneath them are less likely to as well.

19. There Must Be Consequences for Poor Performance

Dan Walters’s source has some additional helpful advice for this next recommendation: there must be consequences for those who contribute to project failures. State employees in charge of failing projects do not seriously fear any career repercussions for the projects’ failures, he contended. “As I told Gov. Newsom when we bumped into each other on a flight from DC to (Sacramento), when are you going to fire somebody for all these failures, and put an executive in charge responsible for performance?”

Similarly, there need to be consequences for employees who shirk oversight responsibilities or knowingly or persistently provide inaccurate information to CDT and outside independent project oversight analysts. If this is constrained by civil servant protections, then these must be relaxed to ensure proper project oversight and accountability.

The problems are not just at CDT. The sponsoring agencies, or state agencies that are actually implementing the new IT systems, bear a great deal of responsibility as well. Audit reports found examples of state agencies providing overly optimistic and misleading assessments of projects’ progress, submitting false information to CDT, failing to comply with reporting requirements, not training employees on new IT systems, and refusing to acknowledge CDT’s authority to demand project remediation when issues failed to be resolved.

Data Privacy

20. Stop Selling Californians’ Personal Data

Keeping Californians’ personal data secure should be a top priority of all state agencies. Of course, one of the best ways to protect Californians’ personal information is to successfully replace the state’s decades-old computer systems and implement all of these IT modernization projects so that government IT systems operate on currently supported technology with proper data security measures in place.

What the state certainly should not be doing is allowing agencies such as the DMV to sell driver’s personal information, to the tune of more than $50 million a year. State lawmakers should pass a law prohibiting agencies from selling such personal data and/or federal lawmakers should close loopholes in the federal Driver’s Privacy Protection Act of 1994, which permits the practice in some instances.

Conclusions

California’s IT project problem is certainly not a lack of available talent. The state has probably the most highly skilled technology workforce in the world, much of it within close proximity to the State Capitol. In searching for the true answers to this question, one thing that stands out in the many audit reports on failed and failing state IT projects was the repeated conclusion that the problem was not that the state does not have the tools to do the job, but rather that it simply fails to utilize the tools. This makes it all the more frustrating, then, when agencies do not abide by those policies—and, sometimes, even state laws—and the CDT, Department of General Services, and others do not fulfill their oversight responsibilities. As a result, known problems are allowed to fester for months—sometimes years—without resolution until projects can no longer be salvaged.

Much of the troubles with the state’s IT projects stem from the poor incentives and lack of accountability that plague other aspects of bureaucratic government operations. California’s IT woes are compounded by the size and scope of the state, and thus its government, which serves roughly 40 million people—more than that of 21 other states combined, not to mention 250,000 of its own state government employees. This is especially true of such an active government as California’s, which seems to seek control over all manner of people’s lives. Once again, before even embarking on a given project, we must consider whether it is a proper function of government, or could be better provided by the private sector.

A monopolistic government bureaucracy that faces no competition, and whose budgets are not tied to its performance, simply does not have the same incentives as a private-sector company that must constantly innovate and keep its prices low and its service levels high in order to survive and obtain new customers. And just as outsourcing the IT contracts themselves can produce better outcomes by introducing competition, so, too, could outsourcing IT project oversight and other CDT duties, not to mention entire functions of government.

Even with a governor such as Gavin Newsom who seems dedicated to improving the state’s use of modern technology, it would be unrealistic to expect sudden, dramatic improvements in California’s IT project track record. But with some improved initial planning, contract reforms, outsourcing of oversight and other functions, better documentation of project problems and responses, consistent follow-through after issues are discovered, and more accountability starting at the top, the state should begin to see significant improvements—and perhaps no longer feel the shame of the disparity between the technology used by the government and that of its entrepreneurs and citizens who have made the state the tech capital of the world.

Appendix A. Selected California Government Technology Failures

Starting Year Project/Department Cost Estimate Result
1987 Department of Motor Vehicles (DMV) – Info/California, Database Redevelopment Project $49 million The project’s cost increased 73 percent from its initial $28.5 million estimate to $49.4 million, but the system never worked properly and the project was canceled in 1994.
1992 Department of Social Services – Statewide Automated Child Support System (SACSS) $111 million Terminated in 1997. Due to delays in implementing the system, the state was forced to pay the federal government $1 billion in fines.
2003 Administrative Office of the Courts – California Court Case Management System (CCMS)
  • Intended to allow communication among the courts and provide coordinated scheduling, real-time access to court information for judges and law enforcement, and enable the public to access information, e-file documents, and make online payments
$500 million The project to integrate 70 separate court computer systems (including those at all 58 superior courts) was originally slated to cost $33 million and scheduled to be completed in 2009. The state pulled the plug in 2012 after spending more than $500 million. (One of the subcontracts went from an initial $33 million estimate to a $310 million bill, aided by 102 change orders.) By then, the cost estimate had skyrocketed to $1.9 billion and the completion date was pushed back to 2015-16.
2003 Employment Development Department (EDD) – Unemployment Insurance Modernization (UI Mod) Project
  • Intended to upgrade the EDD’s call center and continued claims operations
$246 million The EDD’s call center upgrade project and continued claims redesign project were initially estimated at a cost of $38 million and $58 million, respectively (a total cost of $96 million), in 2003. These projects were merged into the UI Mod Project, and numerous schedule delays and scope changes hiked the price tag to $246 million. The call center upgrade was completed in 2011, but there were implementation problems with the first part of the continued claims redesign, leading to significant backlogs and payment delays affecting hundreds of thousands of beneficiaries in the fall of 2013. The remainder of the continued claims redesign, originally scheduled to be finished by June 2008, was finally completed in 2015.
2004, 2010 State Controller’s Office – 21st Century Project
  • Intended to create the MyCalPays system to integrate six human resources systems and manage payroll for 160 agencies
$373 million The project was actually terminated twice. Project cost estimates nearly tripled from $132 million to $373 million before the project was canceled the first time in 2009. After being relaunched in 2010, a disastrous test of 1,300 employees resulted in numerous errors, and the project was killed again in 2013 after spending a total of more than $200 million. Controller Betty Yee vows that she will revive the project yet again.
2005 Department of Finance – Financial Information System for California (FI$Cal)
  • Intended to improve and consolidate budgeting, accounting, procurement, and cash management functions statewide
$1.1 billion The project has endured several drastic changes in cost and scope. It is still ongoing after 15 years and costs have topped $1 billion, though many agencies are resisting its adoption and there are concerns that its use will result in inaccurate financial statements, and, thus, higher state borrowing costs.
2006 Department of Motor Vehicles – IT Modernization Project
  • Intended to update the antiquated driver’s license and vehicle registration systems
$208 million The project was canceled in 2013 after spending $136 million and completing only the system for issuing new driver’s licenses.
2009 Department of Consumer Affairs – BreEZe
  • Intended to consolidate and improve the occupational licensing processing system for 37 boards and bureaus
$96 million The cost more than tripled from its initial $28 million estimate in 2009 to $96 million. Only about half of the 37 boards and committees to be included ended up transitioning to the system, and the project was terminated in 2015 due to performance problems, delays, and cost increases. Some of the remaining boards and commissions are scheduled to receive IT upgrades over the next several years, and the Legislature provided $5.5 million for IT system improvements at six of these entities in the fiscal year 2019-20 budget, though full project costs have not yet been determined.
2010 Board of Equalization / Department of Tax and Fee Administration – Centralized Revenue Opportunity System (CROS)
  • Intended to update technology, streamline operations, improve accuracy and the detection of tax cheats, and better manage the collection of 36 taxes and fees collected by the agency
$290 million The CROS system was completed in 2018 but quickly drew the ire of business owners, accountants, and other business tax preparers for being overly complex, more time-consuming, and less userfriendly than the system it replaced. It was so unwieldy that worldwide accounting and auditing firm KPMG chose to ignore the new online filing system altogether and mail in paper returns instead. Some accountants reported that it took 90 minutes to file taxes using CROS—about three times as long as under the old system—and taxpayers complained that information that had been calculated automatically by the previous system now had to be entered manually. As a result, the Department of Tax and Fee Administration felt compelled to waive late-filing penalties if taxpayers filed a complaint about the new system.
2011 University of California – University of California Payroll, Academic Personnel, Timekeeping, and Human Resources (UCPath)
  • Intended to upgrade the UC system’s 30-year-old payroll and human resources technology and integrate 11 separate systems covering 10 campuses, five medical centers, and the Office of the President
$306 million In 2011, the UC Office of the President estimated that the project would cost $170 million, or $306 million with related costs included, and that it would be completed by August 2014. In addition, it claimed that UCPath would save the university system $753 million, mainly from staff reductions. By 2017, however, the project was still not completed (its deadline had been pushed back nearly five years to June 2019) and costs had tripled to $504 million for the main project, and $942 million including related costs. Moreover, those planned staff cuts were no longer going to materialize, so the $636 million cost increase plus the loss of $753 million in cost savings resulted in a net economic impact of nearly $1.4 billion. The State Auditor’s Office also criticized the Office of the President for “weaknesses” in its project management and for a lack of transparency for failing to inform the UC Board of Regents of the project’s struggles. After a partial implementation of UCPath in late 2018, hundreds of employees reported improper payment amounts, tax deductions, or union dues withdrawals.
2012 Covered California – California Healthcare Eligibility, Enrollment, and Retention System (CalHEERS)
  • Created the computerized system that interfaces with certain state, federal, and private entities and allows consumers to enroll in qualified health insurance plans offered through Covered California and Medi-Cal, and determine eligibility for other assistance programs
$359 million As with the federal healthcare.gov website, the state’s Covered California exchange (CalHEERS) suffered from website crashes and sluggish performance, usability and customer service issues, and errors in determining eligibility. In some cases, the latter resulted in the payment of millions of dollars in Medi-Cal premiums for people who were not eligible, and in other cases tens of thousands of individuals who were eligible for Medi-Cal were rejected by the system. These kinds of errors persisted several years after the launch of CalHEERS. The main contract was awarded to Accenture in 2012 at a cost of $359 million, and the state spent a total of $493 million on the exchange over the first three years. In 2015, Covered California apologized for sending out 100,000 incorrect tax forms to people receiving health insurance subsidies. The State Auditor’s Office, additionally, identified significant project risks and criticized the project for a lack of oversight and the use of solesource (noncompetitive) contracts in a number of instances.