Responses to the Audit
Use the links below to skip to the specific response you wish to view:
- Department of Veterans Affairs
- California Government Operations Agency, California Department of Technology
California Department of Veterans Affairs
June 9th, 2016
Elaine M. Howle, State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814
Dear Ms. Howle:
Thank you for the opportunity to review and comment on the redacted copy of the California State Auditor (CSA) draft report titled, “The State Paid Nearly $28 Million for a Flawed System That Fails to Meet the Needs of Veterans Homes.”
At the request of the Joint Legislative Audit Committee, the CSA conducted an audit of the California Department of Veterans Affairs (CalVet) Enterprise-wide Veteran Home Information System (Ew-VHIS) Project. The project was initiated in 2007 via an approved Feasibility Study Report (FSR) by the California Department of Technology (CDT) and concluded in 2015 with the goal to implement an Electronic Health Record System for its eight veteran homes.
As further explained below, CalVet generally agrees with all seven recommendations in the State Auditor’s report, which serve to introduce departmental processes and policies related to information technology projects at CalVet. CalVet also agrees with the Report’s references to costs and scope. We take our fiduciary responsibilities very seriously and remain committed to the safeguarding of public resources.
In retrospect, we could have moved more quickly or acted with greater urgency. However, CalVet took steps to address our concerns about the project. In December 2013, we reported critical concerns about the project to CDT and then, in partnership with CDT, took the initiative to implement stronger IT project management processes and practices, in alignment with industry best practices and standards, to prevent a similar situation in the future. Some of the new processes include the implementation of the following plans for current and future projects:
• Project Governance Plan
• Project Change Management Plan
• Project Requirements Management Plan
• Project Risk and Issue Management Plan
• Project Test Management Plan
CalVet is also under new leadership, including myself as Secretary and Russell Atterberry as Undersecretary, and we believe that the Auditor’s recommendations will further strengthen the department in areas of project oversight, project management, and contract management going forward. Furthermore, I believe CalVet has already made great strides towards implementing the resolutions.
CalVet recently began the process to find a replacement system. On May 31, 2016, the department successfully completed the first of four stages of the contracting process. CalVet aims for implementation of the replacement system in 2017.
The following are CalVet’s specific responses to each recommendation provided within the report.
Recommendation #1
To ensure that its project management of IT projects promptly identifies problems and develops resolutions, by September 2016, CalVet should define the project executive and project manager responsibilities to ensure that the individuals who fill those positions take an active role on each project.
CalVet Response #1
CalVet understands and agrees with this recommendation. Existing IT projects at CalVet have documented roles and responsibilities for the project executive, project manager, and project team. A governance plan is created for each IT project to define the escalation process and ensure effective risk and issue management.
Recommendation #2
To ensure that it adequately identifies and monitors problems in its future IT projects, by September 2016, CalVet should establish a formal process for its project executive to verify that the project team prepares all of the required project management and other required plans. This formal process should also include a process to periodically verify that the project team adheres to all these plans.
CalVet Response #2
CalVet understands and agrees with this recommendation. Existing IT projects at CalVet have documented formal processes for ensuring required project management plans are created, adhered to, and kept up to date, in accordance with the policies of our control agencies. CalVet is currently working on its IT governance structure, which will be rolled out in a phased approach. By September 2016, the IT governance structure will implement a formal process for ensuring a project executive is identified for each IT project. This project executive will verify that the project team prepares required plans and ensures the plans are followed.
Recommendation #3
To ensure accountability and independence between the provision of Independent Project Oversight [IPO] and Independent Verification and Validation [IV&V] on future IT projects, by September 2016, CalVet should establish a policy requiring it to use separate contractors for IPO and IV&V services when IPO services are not provided directly by CDT.
CalVet Response #3
CalVet understands and agrees with this recommendation. In late 2013, CalVet reported this issue to the CDT relative to the Ew-VHIS project. While previously IPO and IV&V services were provided by the same contractor, CalVet ensured the CDT provided IPO services moving forward. CalVet is currently drafting a department-wide IT policy to ensure IPO and IV&V services on future IT projects use separate contractors for each service. CalVet expects to have this policy implemented by no later than September 2016.
Recommendation #4
To ensure that it complies with state contracting laws and can demonstrate the basis for its decisions when awarding contracts, by September 2016, CalVet should establish a process to periodically verify that its staff follows state contracting requirements and maintains all required contract documentation.
CalVet Response #4
CalVet understands and agrees with this recommendation. By September 2016, a formal process will be implemented to periodically verify that state contracting requirements are followed and contract documentation is maintained and kept current.
Recommendation #5
To ensure it maintains all documentation related to its IT contracts, CalVet should, by September 2016, establish a process to verify that all divisions comply with its policy requiring each division to submit a records retention schedule to its Office of Procurement and Contracts.
CalVet Response #5
CalVet understands and agrees with this recommendation. By September 2016, a formal process will be implemented to ensure that each division submits a records retention schedule to its Office of Procurement and Contracts as required by departmental policy.
Recommendation #6
To ensure that it only accepts and pays for deliverables that are complete and meet the contract requirements, by September 2016, CalVet should establish a process to verify and maintain documentation of all contract deliverables before approving payment.
CalVet Response #6
CalVet understands and agrees with this recommendation. This is an existing practice at CalVet for acceptance and payments related to all IT contracts and associated deliverables. By September 2016, a formal process will be created to reinforce this expectation of all contract managers.
Recommendation #7
To ensure that it maximizes its opportunity to successfully implement future IT projects, by September 2016, CalVet should establish a formal process to verify that its staff conducts lessons learned sessions for all key phases of future projects and incorporate the recommendations identified in its post implementation evaluation.
CalVet Response #7
CalVet understands and agrees with this recommendation. Currently, CalVet is applying this process to existing IT projects. By September 2016, the management expects to conduct lessons learned sessions for all key phases of future projects and incorporate the recommendations identified in its post implementation evaluation report in future projects and/or project phases via a formalized process.
Sincerely,
Vito Imbasciani MD
Secretary
California Government Operations Agency,
California Department of Technology
May 24, 2016
Elaine M. Howle, State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814
Re: CALIFORNIA STATE AUDITOR’S REPORT NO. 2015-121
Pursuant to the above audit report, enclosed are the Department of Technology’s comments pertaining to the results of the audit. The Government Operations Agency would like to thank the state auditor for its comprehensive review. The results provide us with the opportunity to better serve our clients and protect the public.
Sincerely,
Marybel Batjer,
Secretary Government Operations Agency
Enc
Memorandum
Date: May 24, 2016
To: Marybel Batjer, Secretary
Government Operations Agency
From: Amy Tong, Interim Director
California Department of Technology
Subject: Response to California State Auditor’s Draft Report No. 2015-121
We are providing for your review the draft California State Auditor’s Report No.
2015-121 concerning CalVet’s Enterprise Wide Veterans Home Information System
(EW-VHIS). The following responses address the California State Auditor’s recommendations regarding the California Department of Technology’s (CDT) operations.
RECOMMENDATIONS
RECOMMENDATION #1: To ensure it can demonstrate that it acts in the best interest of the State, theTechnology Department should, by December 2016, create a formal process to summarize its involvement and document key actions taken and decisions reached during agencies’ contract disputes and negotiations for the termination of a contact and maintain those documents according to its record retention schedule.
Department of Technology’s Response #1:
The Department of Technology agrees with this recommendation. CDT will develop internal procedures for documenting the formal process associated with contract dispute or contract termination negotiations. The procedures would include retaining a summary of negotiation outcomes which will be maintained with applicable law and CDT’s records retention schedule.
RECOMMENDATION #2: To ensure accountability and independence between the provisions of IPO and IV&V services, the Technology Department should, by December 2016, establish a written policy requiring departments that request and receive approval to contract for IPO services to use a different contractor than the ones providing IV&V services.
Department of Technology’s Response #2:
The Department of Technology agrees with this recommendation. By statute, CDT has the authority to provide IT Project Oversight (IPO) for state agencies’ IT projects. CDT has worked to develop the numbers and skills of the staff in this division for this purpose to ensure adequate independence from the state staff leading projects within their state entities. This is in keeping with the principle underlying the CSA recommendation. To ensure that this principle is followed in the future, CDT will update State policy to clearly indicate that when using vendors to provide IPO services, under the management of CDT, and IV&V services, these services may not come from the same vendor.
RECOMMENDATION #3: Although the Technology Department indicated that its intent is not to outsource its statutory authority for IPO, in any instances when its staff conduct a portfolio review of a project’s IPO, the Technology Department should, by December 2016, establish a process for its review of the documents created by the agency’s IPO contractor that includes verifying whether these reports include critical analysis of the project progress and vendor performance so that it can intervene when necessary.
Department of Technology’s Response #3:
The Department of Technology agrees with this recommendation. CDT will develop internal procedures for the IPO Division staff to evaluate vendor and state entity reports as well as any additional input that is warranted given the state, stage and trends of a project and to document the results. The procedures will reference the IPO Division escalation process in the event such action is warranted.
CONCLUSION
The Department of Technology is committed to improving the delivery of information technology for the
State of California.
If you have any questions about this report, please contact Randy Fong, Internal Audit Manager, at (916) 403-9636.