Huge Money, Small Oversight: State IT Spending In Vermont
The use of technology in Vermont state government went from a background concern to a political flashpoint throughout the troubled rollout of Vermont Health Connect. But information technology in state government is ubiquitous and makes up a significant – yet unknown – portion of the state’s budget every year.
None of the projects funded by that spending get the public scrutiny of the health care exchange. But the shortcomings of Vermont Health Connect have legislators beefing up their efforts to oversee government technology spending.
The Department of Information and Innovation has increased its oversight of the hundreds of IT projects at the state level. But a VPR investigation has found that it’s nearly impossible for Vermonters to know how much of their tax money goes toward IT operations in the state, how successful IT projects are in meeting state needs, or how well state agencies follow defined protocols for state contracts.
Using available records, interviews and dozens of documents released in response to multiple records requests, VPR built a comprehensive database of IT projects across state government. The documents and interviews showed:
- Despite efforts to improve transparency, there is no way for state officials or the public to track the total amount of money spent by the state government on information technology. The most accurate available information shows that the state could spend nearly $1 billion or more on IT projects over the next five years.
- The state has increased oversight for IT projects in recent years, allowing the Department of Information and Innovation (DII) to monitor and even cancel projects from the time a department launches the procurement process to the finished product.
- Although increased oversight provides more opportunities for DII officials to identify problems with an IT project, there’s still no way to know how successful these projects are in meeting their stated goals.
- Specific protocols for state purchasing have been in place since 2008. Yet the state agencies tasked with ensuring those protocols are followed have never used their authority to audit compliance, making it difficult to know if agencies are following best practices as defined by the state itself.
In 2003, the state created the Department of Information and Innovation “to provide direction and oversight for all activities directly related to information technology” in the state, according to the enabling legislation. Under the direction of the commissioner, who is also the state’s Chief Information Officer (CIO), the agency is charged with overseeing virtually all technology in state government.
“DII really serves two functions,” says Richard Boes, who has served as the department’s commissioner since 2011. “One function is to provide services that are common within state government. So we provide common services. Those things are like email and Sharepoint services [which allow users to work and collaborate on documents across a network or the web] and some of the wide area network connectivity, Internet service, a lot of those types of things. IT Help Desk. Things that generally everybody needs.”
The department’s other charge is to keep track of and oversee major IT projects by its own staff and other agencies in state government.
“That oversight is a subset of what DII does, and that oversight until recently was only at the beginning of projects,” he said.
Until 2012, DII’s oversight of a project took place mostly in the planning phases. The department would hear from an agency that a new computer or IT system was needed. Boes’ staff would review that agency’s call for contracting bids, choice of contractor and the final contract. If a project began to fall apart during the execution of a contract, DII had no authority to oversee or intervene.
A law passed in 2012 expanded that oversight role to the implementation phases of a project. DII now has six people on staff tasked with making sure agencies have capable project managers in place to keep track of a project and monitoring project timelines. These “oversight project managers” have been assigned to any project that costs more than $100,000. Boes says those six people are overseeing a total of about 200 such projects – about 33 each.
These six oversight project managers are able to do their jobs well “at the level that we do it,” Boes says. But he acknowledges it isn’t as comprehensive as it could be.
"The question is how deep does that go? And that is, we're not managing day-to-day activities on the project. We're not overseeing day-to-day activities." - Richard Boes, commissioner of the Department of Information and Innovation
“The question is how deep does that go? And that is, we’re not managing day-to-day activities on the project. We’re not overseeing day-to-day activities,” Boes says. “But when the project manager who is on the project marks their project as yellow or marks their project as red, meaning that there are issues associated with the success of the project, then the oversight project manager gets more involved.”
The legislature raised the threshold for project management oversight this year to work costing more than $500,000.
Boes is in the executive branch, so he answers to the governor’s office, but he also has the job of explaining the state’s IT work to the Legislature.
“The difficulty is that quite frankly this is a citizens’ Legislature, and there are probably a handful of people in the Legislature that really understand the nuances of IT and the tech that is utilized in the running of a state,” says Senate President Pro-Tem John Campbell. “I mean we’re not talking about just knowing how to type into a computer or use the Internet. We’re talking about some very involved and very tech-savvy problems.”
"There are some folks that believe that DII has, and the management of DII, has decided to unilaterally create their own what some people to have referred to as a fiefdom within state government." - Senate President Pro-Tem John Campbell
Campbell says he is one of a number of lawmakers who mistrusts Boes. “There are some folks that believe that DII has, and the management of DII, has decided to unilaterally create their own what some people to have referred to as a fiefdom within state government,” he says.
That lack of confidence, Campbell says, as well as an increased sensitivity to technology spending led lawmakers this year to create a new position within the Joint Fiscal Office to help provide better oversight of IT spending. The position was paid for using money previously dedicated to a different position in the executive branch, Campbell says.
The new position, solicited as an “Information Technology Policy Specialist or Information Technology Consultant Services,” is expected to help lawmakers make more informed decisions. Campbell says high-profile data breaches at both private companies and government networks in recent years also have made him and other lawmakers aware that inattention to IT could have serious consequences for the state.
“I think what we have been examining in the past two to three years – and the experiences that we have had both good and bad – have led us to a point where we have become more aware of the potential problems that may exist or the potential exposure and liabilities that might be there if we do not pay attention to our IT,” says Campbell.
Campbell says the Legislature, as a steward of taxpayer dollars, can’t properly govern without informed oversight of the technology operations that agencies are requesting money for.
"We have become more aware of the potential problems that may exist or the potential exposure and liabilities that might be there if we do not pay attention to our IT." - John Campbell
“Love it or hate it, we are moving forward in the IT world as a whole,” he says. “You cannot now run a state, even one as small as Vermont without being tech-savvy and without utilizing the tools that IT has provided – so if we don’t keep our own people up to date, and keep our own eyes focused on that portion of state government, that being the IT ball, then we will not only lose out … but we also stand to be in a position that our actions or inaction could end up costing the taxpayers of the state significant amounts of money, and that to me is just unacceptable.”
DII doesn’t employ every IT professional working in Vermont state government. In fact, about three-quarters of the roughly 450 state employees responsible for IT work for departments outside DII. Those workers may have other job responsibilities, too, and their salaries are rolled into their own agency’s budget. Plus, any overall costs for technology activities under $100,000 are never reported to DII. As a result, no one knows how much taxpayer money supports technology operations in Vermont.
"If you look through the governor’s budget of all the activities the state is doing at any point in time and you could identify all the IT activities on that, then you could dig those [numbers] out,” Boes says. “But they’re not marked as IT activities in that budget, so there’s no easy way to get to that number, but it would be embedded in the business costs of the various different agencies and departments.”
The most comprehensive accounting of IT costs in state government is a list of IT projects that departments reported to DII, which is published every year in the department’s five-year strategic plan. That total doesn’t include any IT activities valued at less than $100,000, and ongoing costs associated with maintaining technology activities have been reported inconsistently over the years.
DII hasn’t historically documented costs associated with maintaining an existing IT system, Boes says, but is starting to now.
DII hasn't historically documented costs associated with maintaining an existing IT system, Boes says, but is starting to now.
“What we’ve put in place is as we see [new] projects going through that have an operational cost once they go live, we put in that operational cost and we provide that in our reporting,” he said. “But we don’t go back to say ‘What are all your existing operations?’ and try and get that reporting. We don’t have that.”
Jason Aronowitz, a budget analyst at the Department of Finance and Management, says that in theory the state should know how much spending is coded as IT-related. But the system used to categorize expenditures, known as the chart of accounts, isn’t used consistently.
“Here’s an example,” he says. “What many departments did in Fiscal Year ’12 is – we have a specific account for contracted third party services for information technology – and instead of using that account when they went out and had somebody do something IT-related, they would just book it onto a different account along with a bunch of other stuff called ‘contracted third-party services – other.’ So it’s comingled, you’ve got IT in there along with other spending.”
Jason Aronowitz, a budget analyst at the Department of Finance and Management, says that in theory the state should know how much spending is coded as IT-related. But the system used to categorize expenditures, known as the chart of accounts, isn't used consistently.
Aronowitz says resolving the problems categorizing costs haven’t been high priority because they don’t affect the overall finances. In other words, the spending is accounted for, even if it isn’t specifically noted as IT spending. But these issues do impair the state’s ability to make decisions based on spending data.
“We could see who’s better at what,” he says. “We could see, for example, if the way that a particular department is providing a particular IT service is more effective – they have a lower cost per FTE than another department – and then we could look at ‘Okay what are those two departments doing differently and should we change what one department is doing to achieve the best practices that are giving us good numbers?’”
The state is in the process of reworking the chart of accounts to do a better job of capturing IT costs.
‘Ongoing Performance Problems’
In August of 2010, the Vermont Department of Taxes went live with a new, $6.3 million “Enterprise Tax Management” (or ETM) system. The goal was to streamline the data-intensive tax process for the 21st century and include more taxes into its computer systems, which at the time managed only a small fragment of the state’s taxes.
According to a 2014 report, the new system fell far short of expectations.
“ETM has been challenging for VDT,” the report says. “Business users have experienced high processing times, and cited unintuitive design and an unfriendly user experience with the software.”
The system sped up processing for taxes that hadn’t previously been handled by software, but “other performance, usability, accounting and reporting issues” came up, the report said.
“It didn’t work well,” says Tax Department Deputy Commissioner Gregg Mousley, “and more importantly it was not an easy process to try and fix it.”
The fix would have been expensive, the report said. And there were big risks it still wouldn’t work as planned. In other words, the system was flawed beyond repair. So in late 2012, the Department of Taxes hired a consultant for $99,880 to figure out what to do.
That consultant led the department to the system it’s implementing now at a cost of $30 million. In order to get to that $30 million IT solution, the state spent $6.3 million on a product that didn’t deliver, and another $99,880 on a consultant.
There is no stage in the oversight process that tracks failures like these. If there are no red flags before an IT contract is signed, and DII’s oversight project managers don’t see any problems as the contract is executed, a project has gone well on paper. But if the finished product that was delivered with no issues doesn’t work the way the contracting agency wanted it do, “[i]t wouldn’t come to my attention unless they proposed a new project to replace it,” Boes says.
There is no stage in the oversight process that tracks project failures. If there are no red flags before an IT contract is signed, and DII's oversight project managers don't see any problems as the contract is executed, a project has gone well on paper.
With the tax system, that’s exactly what happened.
The Department of Taxes came back to DII in 2013 to work on the bidding and contracting process for a new IT system. Because the proposed contract was well over $1 million, it triggered a requirement that DII hire an outside contractor to examine the planned project, in some cases including what led to the need for the work. That review of the $30 million tax system is what shed light on the failures of the earlier project.
“We don’t manage the operations of these activities,” Boes said of ongoing IT work, “nor are the costs of all those activities reported through us centrally.”
DII doesn’t know if there are other flawed systems in operation throughout state government; if an IT system was implemented without any major failures, no one has to ask if it works.
Since July 2008, all state purchases of goods and services have been governed by a document known as Bulletin 3.5. Issued by then-Secretary of Administration Michael Smith, the bulletin lays out “general policy and minimum standards for soliciting services and products from vendors outside of state government, processing the related contract(s), and overseeing established contracts through their conclusion.”
The policy directive requires the chief information officer to review all solicitations for bids on technology and telecommunications. It sets standards for various procurement methods, ensures fair competition for state contracts and makes sure agencies and contractors alike are held accountable for the work they do using taxpayer dollars.
On the final page of the bulletin, Smith tasked the Department of Finance and Management and the Department of Buildings and General Services with oversight. The two agencies “will conduct management reviews of performance relative to the policy and requirements herein,” the memo said.
In the seven years since Bulletin 3.5 went into effect, neither department has conducted a single review of a state agency's compliance with state procurement policies.
In the seven years since Bulletin 3.5 went into effect, neither department has conducted a single review of a state agency’s compliance with state procurement policies.
James Reardon, the commissioner or the Department of Finance and Management, says his office wants to change the bulletin’s directive from “will” to “may.” He says the department hasn’t prioritized its limited resources to conduct the reviews because they’re not seeing any issues that trigger their attention.
Reardon said the department’s financial analysts don’t follow a formal checklist, but compliance with Bulletin 3.5 is baked into the review that every expenditure receives before the administration signs off on it.
Deborah Damore, the director of the purchasing and contracting office at Buildings and General Services, did not respond to requests for comment for this story.
Data journalist Hilary Niles compiled the database used for this story and contributed reporting.
This story is part of an ongoing series about the state government’s technology spending. Data reporting at VPR is supported in part by the VPR Journalism Fund.