Department of AdministrativeServices: Computing and NetworkingInfrastructure Consolidation (CNIC)Risk Assessment
S e c r e t a r y o f S t a t e A u d i t R e p o r t
B i l l B r a d b u r y , S e c r e t a r y o f S t a t e C h a r l e s A . H i b n e r , D i r e c t o r , A u d i t s D i v i s i o n
The Department of Administrative Services(department) is responsible for providingcentralized services to state agencies. In July2004, the governor accepted the department’sproposal to consolidate 12 of the state’s majordata processing centers. The majority of funding for the resulting Computing andNetworking Infrastructure Consolidation(CNIC) project was authorized by the 2005legislature. The total anticipated cost of theproject was approximately $63.6 million. The purpose of this audit was to provide aninterim evaluation of the department’s CNICproject. Our primary audit objectives were todetermine whether the department planned andmanaged the CNIC project to ensure its overallsuccess.
RESULTS IN BRIEF
During our review we identified severalsignificant weaknesses in the department’sproject planning and management processesthat adversely affected the integrity andviability of the CNIC project, including thefollowing:
Initial project planning weaknesses led tounrealistic project expectations, objectivesand timelines, causing the department toduplicate its efforts to adopt a more feasibleconsolidation strategy. We concluded thatthese changes were justified and likelynecessary to help mitigate significant projectrisks. However, the changes would delaypromised savings by at least one biennium.
Revised project plans remained incompleteregarding how, when or to what degreeconsolidation of data center resources wouldoccur or how some critical security anddisaster recovery services would beprovided.
Because of ineffective contractmanagement, it was unclear what value thestate received from at least $3.4 million of contract dollars spent. In addition, thedepartment may have limited its ability toobtain remedy for those dollars spent.
The absence or ineffectiveness of independent quality assurance processesalso likely impacted decision makers’ viewof project risk, cost, and benefit.
Accounting and compliance issues mayresult in loss of federal support and/ormisstatements in the financial records.
We recommend that the department:
Develop detailed plans necessary to achieveproject objectives.
Reevaluate project management processes toensure the viability of future majorinformation technology projects.
Provide more robust reviews of contractdeliverables.
Work with the contractor and legal counselto ensure that the state receives fair value forall incomplete or insufficient contractdeliverables.
Provide more effective quality assurancereviews.
Ensure all relevant costs are identified andcapitalized in accordance with generallyaccepted accounting principles.
Ensure compliance with federal Office of Management and Budget requirements andmake adjustments for inequitable costrecoveries that have already occurred.
The Department of Administrative Servicesgenerally agrees with the recommendations.
Report No. 2006-33September 5, 2006