Background:

In addition to its budget and accounting responsibilities, the Office of Financial Management (OFM) has other statutory duties, including:

maintaining an inventory system of owned and leased facilities used by state government and submitting a plan every two years regarding the space requirements for state agencies;
developing and maintaining a system of internal controls and internal audits for use by state agencies;
establishing objectives and performance measures for the Department of Transportation (DOT) for policy goals relating to the planning, operation, performance of, and investment in, the state's transportation system;
contracting for a salary survey for purposes of collective bargaining and arbitration for DOT ferry employees;
completion of a yearly government management and accountability performance report of the ferry system;
payment of assessments levied to state-owned lands under certain circumstances;
establishing policies for the acquisition, operation, use, maintenance, and disposal of all motor vehicles owned by the state;
developing and maintaining of an inventory of state land resources; and
appointing loss prevention review teams and reporting of team findings.

Government Streamlining.

In 2011 a bill was enacted to reorganize and streamline the central service functions, powers, and duties of state government, including information technology functions. The Department of Information Services was abolished and its functions were transferred to the Office of Financial Management under the newly created Office of the Chief Information Officer (OCIO), the newly created Department of Enterprise Services (DES), and the newly created Consolidated Technology Services Agency (CTS).

Office of the Chief Information Officer.

The OCIO is headed by the Chief Information Officer. The primary duties of the OCIO include: (1) preparing and leading the implementation of a strategic direction and enterprise architecture for information technology (IT) for state government; (2) enabling the standardization and consolidation of IT infrastructure to support enterprise-based system development and to improve and maintain service delivery; (3) establishing standards and policies for IT services throughout state government; and (4) establishing statewide architecture to serve as the organizing standard for IT for state agencies.

Consolidated Technology Services Agency.

The CTS provides information services to public agencies and public benefit nonprofit corporations. The CTS operates the state data center and offers IT services, including mainframe computing, network operations and telecommunication, shared email, IT security, and storage.

–––––––––––––––––––––––––––––––––

Summary of Amended Bill:

The OFM must establish and enforce policies and workplace strategies that promote the efficient use of state facilities. The facilities inventory must be updated by all agencies, departments, board, commissions, and institutions by June 30 of each year.

Each agency head or authorized designee in an agency that meets risk-based criteria as developed by the OFM must establish and maintain internal audits that meet professional audit standards.

The OFM duties for establishing and reporting objectives and performance measures relating to the planning, operation, performance of and investment in the state's transportation system and completing the yearly government management and accountability performance report of the ferry system are transferred to the DOT.

The required salary survey for collective bargaining and arbitration purposes for DOT ferry employees is no longer required to be contracted out.

The requirement that a property assessment be paid by the OFM instead of the state agency being charged the property assessment is removed so that the state agency pays the property assessment directly.

Duties associated with establishing policies for the acquisition, operation, use, maintenance, and disposal of all motor vehicles owned by the state; developing and maintaining of an inventory of state land resources; and appointing loss prevention review teams and reporting of team findings are transferred to the DES.

Obsolete references to community networks are repealed. References to the Human Resources Director are amended to refer to the Director of the OFM.

Functions and duties of the OCIO within the OFM are transferred to the CTS. The Director of the CTS is also the State Chief Information Officer (SCIO). The duties of the SCIO include:

establish standards and policies to govern information technology in the state of Washington;

develop statewide standards and policies governing software, and technology-related equipment and services;
develop statewide or interagency technical policies, standards, and procedures;
review and approve standards and common specifications for new or expanded telecommunications;
provide direction concerning strategic planning goals and objectives for the state;
establish policies for the periodic review of state agency performance related to IT;
coordinate annual information technology expenditures exceeding ten million dollars; and
develop statewide standards for agency purchases of technology networking equipment and services.

The Data Processing Revolving Account managed by the DES is replaced with four IT revolving accounts managed by the OFM with signatory approval required by the Director of CTS. The residual balance of funds remaining in the account are apportioned to the new accounts. The new accounts are created with the following purposes:

the CTS revolving account, for the acquisition of equipment, software, supplies, and services, and the payment of salaries, wages, and other costs related to those acquisitions;
the statewide IT system development revolving account, for the development and acquisition of enterprise IT systems;
the statewide IT system maintenance and operations revolving account, for maintenance and operations of enterprise IT systems; and
the shared IT system revolving account, for development, acquisition, and maintenance of shared IT systems.

Amended Bill Compared to Substitute Bill:

The striking amendment clarifies that for those agencies that the Director of the OFM determines an internal audit is required, the agency must establish and maintain internal audits following professional audit standards. For agencies in which the Director of the OFM determines an audit is not required, the agency may establish and maintain internal audits following professional audit standards, but must comply with policies established by the Director of the OFM to assess the effectiveness of the agency's systems of internal controls and risk management processes.

The OCIO and other information technology functions from the Office of Financial Management are transferred to the CTS. The Director of the CTS is named as the SCIO. The Director of the CTS must appoint a state chief information security officer. The OCIO must adopt a policy for cybersecurity. Agencies are required to obtain an independent compliance audit of their IT security programs and controls once every three years to determine compliance with the standards and policies established by the CTS and that security controls identified by state agencies are operating efficiently. State agencies and local governments that collect and enter information concerning individuals into electronic records and information systems must review the information collected and justify the purpose for collecting it at least once every five years. Four IT revolving accounts replace the Data Processing Revolving Account.

Staff Summary of Public Testimony:

(In support) The bill aligns the OFM with current practices. Not all agencies have internal auditors. The intent was to clarify that agencies that have internal auditors, will continue to have internal auditors. At certain agencies, it is required that they hire internal auditors. The reporting functions statutorily assigned to the OFM and transferred to the DOT are reports that the DOT is primarily doing now. The requirement to contract out salary surveys is removed because there is the ability to do that in house. Motor pool functions were transferred to the DES in 2011 and motor pool provisions in the bill align with the 2011 transfer.

Some internal auditors have concerns that the language of the original bill is confusing. Professional audit standards means generally accepted government auditing standards or standards adopted by the institute of internal auditors. The proposed amendment would clarify the language of the bill.

The University of Washington supports the amendment. There was some concern about auditing standards, and the amendment clarifies that language.

(Opposed) None.