Washington State

House of Representatives

Office of Program Research

BILL

ANALYSIS

Appropriations Committee

2SSB 5315

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Description: Aligning functions of the consolidated technology services agency, office of the chief information officer, office of financial management, and department of enterprise services.

Sponsors: Senate Committee on Ways & Means (originally sponsored by Senators Roach, Liias, McCoy, Pearson and Benton; by request of Office of Financial Management).

Brief Summary of Second Substitute Bill

  • Transfers all duties and functions relating to information technology in the Office of Financial Management, the Office of the Chief Information Officer, and the Department of Enterprise Services to the Consolidated Technology Services Agency.

  • Transfers the Office of Risk Management and the human resources functions within the Department of Enterprise Services to the Office of Financial Management.

  • Creates a workgroup to review the central service model and chart of accounts of the agencies after the reorganization.

  • Creates a task force to review the necessary qualifications, experience, compensation, benefits, professional development, and skills training required to recruit and retain a skilled state government IT workforce.

Hearing Date: 4/7/15

Staff: Marsha Reilly (786-7135).

Background:

In 2011 a bill was enacted to reorganize and streamline the central service functions, powers, and duties of state government. The Department of Information Services was abolished and its various functions were transferred to the Office of Financial Management (OFM) under the newly created Office of the Chief Information Officer (OCIO), the newly created Department of Enterprise Services (DES), and the newly created Consolidated Technology Services Agency (CTS). The Department of Personnel was abolished and its functions were transferred to the DES and the OFM. The Office of Risk Management within the OFM was transferred to the DES. Generally, the OFM directs and supervises personnel policies and the application of civil service laws and the DES directs and supervises the implementation of the laws.

Office of the Chief Information Officer.

The OCIO is headed by the Chief Information Officer. The primary duties of the OCIO include: (1) preparing and leading the implementation of a strategic direction and enterprise architecture for information technology (IT) for state government; (2) enabling the standardization and consolidation of IT infrastructure to support enterprise-based system development and to improve and maintain service delivery; (3) establishing standards and policies for IT services throughout state government; and (4) establishing statewide architecture to serve as the organizing standard for IT for state agencies.

Department of Enterprise Services.

The DES provides IT services and application functions, such as the central personnel payroll system and financial management system. The DES manages the Data Processing Revolving Account established to pay for equipment, supplies, services, salaries, wages, and other costs related to the implementation of information services and telecommunications systems. The DES also is authorized to become a licensed certification authority as part of the system for authenticating digital signatures under the requirements of the Electronic Authentication Act.

In addition to the central personnel payroll system, other human resources functions performed by the DES include training and career development and background checks on prospective agency heads appointed by the Governor.

Consolidated Technology Services Agency.

The CTS provides information services to public agencies and public benefit nonprofit corporations. The CTS operates the state data center and offers IT services, including mainframe computing, network operations and telecommunication, shared email, IT security, and storage.

Summary of Bill:

Functions and duties of the OCIO and the IT functions of the DES are transferred to the CTS. The Director of the CTS is also the state Chief Information Officer. The Director must appoint a state chief information security officer.

In addition to the other standards and policies it sets, the OCIO must adopt a policy for cybersecurity. The OCIO must require a state agency to obtain an independent compliance audit of its IT security program and controls once every three years to determine whether it is in compliance with the standards and policies established by the CTS and that security controls identified by the state agency are operating efficiently.

The specific requirements regarding what must be included in a state agency's IT portfolio are removed. State agencies and local governments that collect and enter information concerning individuals into electronic records and information systems must review the information collected and justify the purpose for collecting it at least once every five years. The licensed certification authority for digital signatures is changed from the DES to the CTS.

For IT investments exceeding $5 million, requiring more than one biennium to complete, or financed through financial contracts, bond, or other indebtedness, the OCIO must:

If the Director suspends or terminates the investment, state agencies may not make additional expenditures for the IT investment unless approved by the Director. Allocated funds must be placed into unalloted reserve status. Oversight and management of any remaining activities are transferred to the Director.

The OCIO may delegate to state agencies authorization to purchase or acquire IT investments without review or approval, depending on the dollar amount or type of investment, based on an assessment process developed by the office. If so delegated, state agencies must comply with requirements or policies established by the Director. An agency not in substantial compliance with overall policies established by the OCIO may not be delegated this authorization.

The Office of Risk Management within the DES is transferred to the OFM. Human resource functions within the DES are transferred to the OFM.

OFM's statewide budget, accounting, and forecasting functions are funded through a new central service charge to state agencies on all funds and accounts consistent with OFM's statewide cost allocation plan for federal funds. A nonappropriated account, the Central Service Revolving Account, is created for these purposes.

The Data Processing Revolving Account (DPR Account) managed by the DES is replaced with four IT revolving accounts and the residual balance of funds remaining in the DPR Account are apportioned to the new accounts:

The CTS Revolving Account requires expenditures to be approved by the Director of the CTS, or a designee. The statewide IT System Development Revolving Account is an appropriated account managed by the OFM. The remaining two accounts are nonappropriated accounts that require signatory approval by the OFM for expenditures.

The OFM must convene a workgroup that includes representatives of the DES, the CTS, the OCIO, the Legislative Evaluation and Accountability Program Committee, and legislative fiscal staff to review the central service model and chart of accounts of the agencies after the reorganization.

The OFM must convene a task force to review the necessary qualifications, experience, compensation, benefits, professional development, and skills training required to recruit and retain a skilled state government IT workforce. As part of this effort, the OFM must:

The task force must review the information and make recommendations to the fiscal committees of the Legislature by August 1, 2016.

The Select Committee on Pension Policy, with the assistance of the Office of the State Actuary and the OCIO is requested to review pension options in the commercial information technology industry and develop recommendations for more attractive retirement benefit options for the state's IT workforce who are less likely to vest their benefit in the state public retirement system.

The bill contains an emergency clause and takes effect July 1, 2015.

Appropriation: None.

Fiscal Note: Available on the original bill. New fiscal note requested on April 6, 2015.

Effective Date: The bill contains an emergency clause and takes effect on July 1, 2015.