---------- DOCUMENT HEADER ----------
---------- DOCUMENT HEADER ----------
ARIZONA HOUSE OF REPRESENTATIVES
Forty-ninth Legislature – First Regular Session
Minutes of Interim Meeting
House Hearing Room 5 -- 9:00 a.m.
Chairman Stevens called the meeting to order at 9:06 a.m. and attendance was noted by the secretary.
|
Representative David Stevens, Chairman |
Representative Laurin Hendrix |
|
Representative Carl Seel, Vice-Chairman |
Representative Debbie Lesko |
|
Representative Rick Murphy |
Representative Rae Waters |
|
Mrs. Tovar |
Introduction of Members and Opening Remarks
Chairman Stevens thanked Leadership and the Members of the committee for allowing this long-awaited committee to happen. He explained that his vision for this committee is to identify and correct some existing services, provide better interoperations for the agencies and address state, county and city needs. Transparency website legislation that came up over the last year was also a driving force for this committee. The modernization of the current infrastructure will be researched as well as decreasing the 90 networks in the state to 85. He would also like to identify some new services such as developing and implementing technical and configuration review processes. There is nothing new being introduced here. The Committee is just discussing the development and implementation of ideas. Chairman Stevens mentioned the success of the candidates with campaign websites and services and how Voter Registration can now keep someone’s history within the state no matter where they live and the convenience of registering to vote any time from home.
Presentations by Agency Information Technology Departments
Vice-Chairman Seel introduced the first item on the agenda; a presentation from the Department of Revenue.
Department of Revenue
Susan Silberisen, Assistant Director, Chief Information Officer, Arizona Department of Revenue (DOR), explained the DOR’s unique Information Technology (IT) infrastructure has been working on a large scale replacement of its legacy system for the last eight years and is one small application away from modernizing its infrastructure. She asked the Members to follow along with her in the presentation packet, Department of Revenue: Information Technology Department Services (Attachments 1 and 2).
Chairman Stevens asked if there is remote access to the Business Reengineering Integrated Tax System (BRITS). Ms. Silberisen replied that the BRIT system is hosted at the data center but DOR staff manage and do all of the software releases.
Vice-Chairman Seel asked if there is a difference between the 80,000 device and the 8,000 device in terms of functionality and end results. Ms. Silberisen explained that they are not the same and it takes three to four Intel boxes to the one Solaris box but it still comes out as a net savings for DOR, not just in the purchase of hardware but also in licensing. It’s virtualizing the entire environment. Virtualizing costs are prohibitive from Oracle, but in order to drop the license and hardware costs. They opted for a Lennox/Intel environment with substantial savings. She confirmed that they were able to drive down licensing and similar costs last year, working with Oracle and that they are still using the Lennox box.
In response to Chairman Stevens’ question, Ms. Silberisen said that they are using the Sun Solaris 8-80’s and 8-90’s and are planning to move to the later versions. It is the perfect time for DOR to change its platform.
Vice-Chairman Seel asked what security provisions are in place. Ms. Silberisen said she has a division to handle that task with three certified security engineers with a defense in depth model and rigid security infrastructure. DOR’s internal and external security annual assessments continue to be very good with low vulnerabilities. She confirmed that the user name login model is currently used and there are powerful monitoring tools and controls around their active directory structure.
Chairman Steven asked if there is a list that accounts for how many times DOR has had to implement the Sungard Contract. Ms. Silberisen answered that it has never been implemented other than for annual testing and there has never been a failure of the entire system since it was implemented.
Vice-Chairman Seel referred to page five, Attachment 1, asking about the income modeling tool. Ms. Silberisen replied that she could answer any question in relationship to the income model but not on the total model figure. She explained that the income modeling tool is a very old main frame. This is a concern because there is not a good model between the DOR legacy data and the client server data. They are in the process of building that now to allow for more transparency and a quicker way to analyze and show confidence about the numbers.
In response to Mr. Murphy’s questions, Ms. Silberisen said that the model was not segregated into the norm and that the model is very static. She deferred to Anthony Forschino.
Anthony Forschino, Assistant Director, External Services and Special Projects, Department of Revenue, explained that the model uses older data at this point. It is the information that Joint Legislative Budget Council (JLBC) uses and a newer model is needed to get more current information. He confirmed that it is a static model.
Ms. Silberisen explained that the new system will support a more dynamic model but the infrastructure, warehouses and the tools are not being implemented now, that will be done in about eight months.
Referring to page ten, Attachment 1, Mr. Murphy asked if the transparency website will be dependant upon interfacing with the DOR system. Ms. Silberisen said there would be very little dependency and involvement.
In response to Chairman Stevens’ question, Ms. Silberisen stated that she has been working with various other state agencies recently because the warehouse and business intelligence tool and new modern architecture gives IT a lot more flexibility than before. She replied in the negative when Chairman Stevens asked if DOR is not receiving data needed from other agencies. Sometimes it is difficult to get data from agencies because DOR is modernized and several other agencies are still working with older technologies. This means that some implementations are delayed.
Chairman Stevens asked if it is possible to have tax form I-40 as strictly an online process. Ms. Silberisen replied that it is DOR’s hope that this will happen and she agreed it will save a lot of money.
Mrs. Lesko asked what went into the decision of not going with Department of Administration (DOA) totally versus infocrossing for outsourcing. Ms. Silberisen explained that it was a request for proposal that went out to the DOA and two other vendors responded. The process included several factors including cost and client server capabilities. It was a rated and scored effort but in the end another vendor was chosen over DOA.
Vice-Chairman Seel asked if the same job can be done with less staff. Ms. Silberisen explained that reporting is the ability to manage and do something with data so their job is to provide the Legislature, JLBC and other agencies with better data and to also streamline and make more efficient the DOR processing, auditing and corrections capabilities. The outline of the projects underneath the implementation is very long. The BRIT system is about 95 percent of all of the processing. For IT staffing they are at their minimal requirements at present, hence the 85 percent to 15 percent resources. She cannot speak for the rest of the agency.
Chairman Stevens asked if anybody on her staff has to do any of their jobs outside of the IT system and bring the results back in. Ms. Silberisen stated that there are processes that could be automated but not a large volume at this point. There is one that involves the audit division where their outlying systems do not have complete automated interfacing. They are working on that.
In response to Mr. Murphy’s question, Ms. Silberisen stated that the percentage of individual income tax returns that are e-filed is 44 percent and has increased every year since it was introduced. She added that some businesses can e-file now and more will be able to in the future.
In response to Chairman Stevens’ question, Ms Silberisen explained that a change to the income tax policy would be fairly easy to make in relation to percentages, but year-end changes require a lot of sizing by IT. It takes about six months to get entered into the system and operational. Discussion ensued.
Department of Transportation Motor Vehicle Division
John Halikowski, Director, Arizona Department of Transportation (ADOT), thanked Chairman Stevens for putting the Committee together and went over a hard copy version, Arizona Department of Transportation Information Technology Overview, (Attachment 3) of a slide presentation.
In response to Chairman Stevens’ question, Mr. Halikowski explained that new hires are usually cross-trained in title and registration and driver’s license systems which can last as long as one year due to the amount of information that is learned.
Vice-Chairman Seel asked about the prevention of identity theft. Mr. Halikowski explained that there are a number of elements involved, beginning with screening of the documents when a person first comes into the Department of Motor Vehicles (DMV). Employees are trained in document recognition and can verify the authenticity of the documents. Any questionable documents are copied and sent to the Office of Special Investigations for follow-up. Motor vehicle records are protected by the Driver’s Privacy Protection Act. There are several security systems within the DMV’s data base to ensure that they are not hacked into.
In response to Chairman Stevens’ question, Mr. Halikowski stated that DMV is tied into the Department of Health Services (DHS) database so that when someone is deceased DHS notifies DMV and that license is cancelled. Transmissions between databases are encrypted. Discussion ensued on driver and voter registration, validation of residency and the accuracy of information.
Mr. Halikowski responded in the positive when asked by Vice-Chairman Seel if DMV balances driver’s license information off of death records and social security records to validate individuals that live in Arizona and avoid any gaps.
Mr. Halikowski explained to Vice-Chairman Seel and the Committee that the documents needed to apply for a driver’s license are a form of picture identification and documentation to verify age and identity such as a birth certificate. He stated that he would get a copy of the policy for Vice-Chairman Seel which is also available online.
Chairman Seel asked about DMV’s communication with insurance companies. Mr. Halikowski replied that the DMV receives information from insurance companies on a daily basis regarding cancellations, non-renewals and new policy issues. If a cancellation or non-renewal exists on a vehicle then a notice of intent to suspend is sent to the driver. If a response is not received within 15 days of the sent notice the vehicle’s registration is suspended. He further explained that the Registration Query System in police cruisers notifies an officer of a suspended registration. If the registration is found to be suspended when a driver is stopped, the officer is required by law to remove the license plates of the vehicle at the stop.
Government Information Technology Agency (GITA)
Chad Kirkpatrick, Director, Government Information Technology Agency, thanked the Chairman and Members for establishing the Committee and stated that the state is to be commended on its success thus far with technology. Many agencies have made good use of the budget dollars and specifically the Department of Administration, Information Service Division (ISD) services. The state is highly decentralized in how Information Technology (IT) resources are organized. Every agency has its own business unit with its own IT shop. There are benefits to that with direct accountability to the director; however there are a few drawbacks such as the redundancy of resources like server rooms with their own management, network, security and infrastructure that is being replicated across several agencies. Related to that, every agency sets its own internal policies, procedures and standards. There are also some security issues with 80 – 90 different networks existing. That makes 80 – 90 different points where cyber thieves can break in and attack the systems. Many agencies do a great job at managing these things but there is variability in terms of level. GITA was established about 12 years ago to address these issues and has since developed statewide standards. Some agencies exceed these standards and some fall short. GITA has approval authority for strategic planning and investments in IT for anything over $25,000. GITA monitors the implementation of those projects and works with the agencies.
Mr. Kirkpatrick opined that GITA has somewhat of a weak role in that it establishes standards that agencies are obliged to follow but there are no enforcement mechanisms. GITA is working closer with several agencies now by having regular meetings to establish key priorities and initiatives. From that they hope to create a statewide plan and move towards those objectives. GITA believes that the approval process needs updating and to that end has worked to streamline the process, making it more risk-based. This will measure projects against being high or low-dollar projects and how projects are monitored, which is somewhat loose. At present there are no defined metrics or timelines to measure success. GITA is working on correcting this and getting other agencies involved in terms of measuring and tracking compliance. GITA recently held a technology summit about state information technology and those sessions are available online at AZGITA1 on YouTube where all the presenters are shown. GITA also has a Facebook page and will be publishing a two-minute public service video every month to show how GITA is advancing the state’s technology infrastructure.
Mr. Kirkpatrick stated that he could supply Vice-Chairman Seel with an internal use only list of the agencies that are not complying with the GITA standards after he clears it with the information security officer.
In response to Mrs. Lesko’s question, Mr. Kirkpatrick stated that on the purchasing of hardware and software there can be significant savings. If, for example, the Gaming Department buys the Microsoft operating system for 100 people and then the Department of Transportation buys the Microsoft operating system for 5,000 people there is a significant difference in price and both departments are missing out on pricing for 35,000 people, which is the number of state employees. GITA is working with the State Procurement Office and other agencies to identify some software and hardware items that can be a consolidated procurement practice. GITA is also encouraging agencies to take advantage of the DOA’s data center. AHCCCS, for example, has moved a lot of servers and mainframes to DOA’s database.
Mrs. Lesko asked if Mr. Kirkpatrick thought that the DOR would be able to move it’s data center to DOA. Mr. Kirkpatrick opined that he does not know the specifics as to why DOR is outsourcing its database but that it would be worth revisiting their needs/options. In response to another question, Mr. Kirkpatrick explained to Mrs. Lesko and the Members that a few agencies are very receptive to consolidating the procurement process, understanding that they are limited in scope to things that are common across the agencies. Technically, GITA cannot tell an agency that it can or cannot make an IT purchase. GITA’s approval authority is limited to technical evaluations and does not include business perspective or pricing evaluations.
In answer to Chairman Stevens’ question, Mr. Kirkpatrick replied that GITA does not oversee the counties and is not aware of any move to do so. He explained that when a department needs approval for funding from GITA, after GITA approves it, the project goes through a Request For Proposal (RFP) and then it goes through a State Procurement Office (SPO). GITA is involved after the purchase is made from the vendor to monitor the implementation. GITA stays out of the decision of which vendor to use to avoid a conflict of interest. GITA will help guide the process. He explained that the idea of consolidating data such as name, mailing address and phone number into one area has been talked about but it would be a huge project. There are some initiatives to move down that path using a small set of defined data through the Arizona Financial Information System (AFIS) but GITA does not have any formal project at this time.
In response to Chairman Stevens’ question, Mr. Kirkpatrick explained that there is no tracking of software licenses at this time. There is an inventory system that keeps track of the licenses that have been purchased but there is a gap. For instance GITA has learned that there are more license purchases than employees for certain departments and agencies.
Vice-Chairman Seel asked if all agencies use SPO. Mr. Kirkpatrick replied in the negative. By statute the purchase eventually has to go through GITA.
Mrs. Lesko asked if GITA could be prevented from declining approval of an IT purchase over $25,000 based on pricing when the purchase could be made at a lower price. Mr. Kirkpatrick explained that when this happens GITA challenges the agency by asking where the pricing was derived from. He does not believe any illegal activity is taking place. He further explained that GITA’s responsibility has been interpreted as more of a technical evaluation.
Arizona Health Care Cost Containment System (AHCCCS)
Jim Wang, Chief Information Officer, Arizona Health Care Cost Containment System, spoke from the power point presentation – hard copy (Attachment 4).
Vice-Chairman Seel asked what it costs Arizona to serve Hawaii. Mr. Wang explained that the $7,000,000 in the annual operating budget represents Arizona’s cost for providing services to Hawaii. AHCCCS does not make any revenue or profit from Hawaii. There are several system changes and operating costs that were carried in the past, strictly by AHCCCS but are now used and shared with Hawaii up to 50 percent. He clarified that there is a net positive. He confirmed for Vice-Chairman Seel that AHCCCS is not using Cognos but is using another system from IBM.
In answer to Chairman Stevens’ question, Mr. Wang stated that some reports can be run at the user’s leisure but in order to read a custom report the user would need to have some knowledge of the data. AHCCCS has a number of users who use the data warehouse.
Vice-Chairman Seel asked if Mr. Kirkpatrick could supply a report on the effectiveness of the business intelligence software in AHCCCS.
Chairman Stevens asked for documentation on the random access memory redesign project, specifically the changes and improvements. Mr. Kirkpatrick answered in the positive.
In response to Mrs. Lesko’s question, Mr. Kirkpatrick stated that AHCCCS is proactive about keeping staff so that they can reduce the amount of turnover and the amount of new hires. Virtual Office helps keep and retain some of the employees when they are hired.
Chairman Stevens asked if AHCCCS could provide documentation on how Virtual Office works and how long it takes to train a new employee. Mr. Kirkpatrick said that he would be happy to provide documentation to the Chairman noting that training takes up to a year as it encompasses the actual training of the business, laws and the system.
Mr. Kirkpatrick explained to Vice-Chairman Seel and the Members that AHCCCS is not spending more money on maintenance than for the purchasing of new servers. It is moving toward server virtualization and added that it costs money today to save for the future.
Without objection the meeting adjourned at 11:12 a.m.
____________________________
Sarah Griffith, Committee Secretary
November 16, 2009
(Original Minutes, attachments and audio on file in the Office of the Chief Clerk; video archives available at http://www.azleg.gov)
---------- DOCUMENT FOOTER ---------
AD HOC COMMITTEE ON AGENCY
INFORMATION TECHNOLOGY
2
October 27, 2009
---------- DOCUMENT FOOTER ---------