Under the leadership of Elaine Howle, during the past 12 months the State Auditor’s Office has released a series of jarring reports on cybersecurity compliance, IT project oversight and website accessibility – while also keeping a close eye on the Department of Consumer Affairs’ troubled licensing system and the state’s new financial administration system.
Howle looked back at those topics and more on Tuesday during a local cable TV interview with Techleader.tv. Here are five key takeaways from her comments.
Turnover at FI$Cal is a challenge. Howle noted that with several recent departures among executive staff, keeping continuity will be difficult as the Financial Information System for California continues to be rolled out. By statute, the State Auditor reports at least once each year on FI$Cal’s progress.
Noncompliance with cybersecurity standards is "stunning." Seventy-one of 77 state entities reported that they weren’t fully compliant with the State Administrative Manual and other regulations, according to an audit made public last month. At least agencies said they would be fully compliant until 2020, Howle said.
Should the Department of Technology be an agency again? Howle said the department’s stature could be an issue as it tries to assert oversight over other departments’ projects. "We think CalTech [Department of Technology] has the authority and the responsibility, but certainly, in my view, if they were an agency-level and had that stature, there might be a different perspective," Howle said. The California Technology Agency under the Schwarzenegger administration became the Department of Technology under Gov. Jerry Brown’s reorganization plan.
Procurement should be faster. "There’s got to be a way the State of California can streamline that for IT projects, and not necessarily have to follow all those same protocols. We certainly want to have protections in place, but I think that process takes so long that in some cases by the time you get through the procurement process the technology has changed," Howle said. State CIO Carlos Ramos says the state’s new process for approving and procuring reportable IT projects the Project Approval Lifecycle (PAL) – won’t necessarily be faster overall, but it should lead to better outcomes.
More potentially damning IT audits are coming. Howle said her staff will be releasing reports on a California Department of Veterans Affairs information system as well as the California Medicaid Management Information System (CA-MMIS).
