Recommendation Priority Ranking
Based on the management audit findings, the Budget Analyst has made 32 recommendations detailed in this Attachment to the transmittal letter. The Budget Analyst has ranked these recommendations based on priority for implementation. The definitions of priority are as follows:
| Priority 1: | Priority 1 recommendations are directed to the Chair of the Committee on Information Technology or the Director of Telecommunications and Information Services and should be completed within six months or March 2008. These recommendations meet one the following criteria: (a) have budget impact, (b) address significant information technology process issues, or (c) can be implemented easily. The Chair of the Committee on Information Technology or Director of Telecommunications and Information Services should submit information on recommendation implementation to the Chair of the Government Audit and Oversight Committee prior to March 31, 2007. The Budget Analyst will review the status of the implementation of these recommendations, as directed by the Government Audit and Oversight Committee. |
| Priority 2: | Priority 2 recommendations are directed to the Controller, the Office of Contract Administration or to each of the City departments and should (a) be completed, (b) have achieved significant progress, or (c) have a schedule for completion prior to June 30, 2008. Each City department should submit information on recommendation implementation to the Chair of the Government Audit and Oversight Committee and the Budget and Finance Committee during the FY 2008-2009 budget review. |
| Priority 3: | Priority 3 recommendations are directed to City departments and are specific to intra-department and inter-department information technology projects or planning for projects and systems. Therefore, the respective City departments should demonstrate implementation of these recommendations when requesting funding for projects and implementation of information systems. |
| Recommendation | Priority |
1. Information Technology Planning and Purchasing
| The Chair of the Committee on Information Technology should: | ||
| 1.1 | Request each City department to develop an information technology-specific strategic plan which provides specific, quantifiable goals within a timeline that the department can check against actual outcomes. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |
| 1.2 | Develop incentives that guide each department to re-visit its strategic plan as a means of ensuring achievement of strategic plan goals. | 1 |
| 1.3 | Create communications tools for information technology managers to communicate more effectively with each other | 1 |
| 1.4 | Develop and recommend to the Board of Supervisors a protocol that requires Board of Supervisors review and approval of all City information technology contracts funded with City monies prior to transfer to a separate authority. | 1 |
| The Director of the Department of Telecommunications and Information Services should: | ||
| 1.5 | Work with the Purchaser and Controller to develop procedures to track City department purchasing requests against their long-term information technology goals in order to ensure that purchasing requests are not only needs-appropriate but also goals-appropriate. | 1 |
| 1.6 | Develop a process to continually solicit feedback from City departments in order to determine the most-appropriate technological offerings of any enterprise license agreement and then negotiate lower license costs by aggregating all City departments' total information technology needs. | 1 |
| The Office of Contract Administration should: | ||
| 1.7 | Review the Office of Contract Administration's procurement policies in order to ensure that departments have the appropriate information to make information technology procurement decisions and that processes are applied consistently across all departments. | 2 |
| Recommendation | Priority |
2. Information Technology Project Management
| The Chair of the Committee on Information Technology should: | ||
| 2.1 | Establish criteria for information technology project management, including definitions of (a) project leadership, (b) business objectives, (c) budgets. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 3 | |
| 2.2 | Establish project management guidelines for inter-departmental projects based on the information and technological needs of each of the participating departments. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 3 | |
| 2.3 | Establish simple, flexible, citywide project management tools and guidelines for City department information technology. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 3 | |
| 2.4 | Assist City departments in reviewing the key service delivery functions within each department to identify relationships and inter-dependencies between core information technology systems. | |
| Chair of the Committee on Information Technology | ||
| City departments | ||
| The Director of the Department of Telecommunications and Information Services should: | ||
| 2.5 | Establish information sharing channels for information technology and other department staff so that project ideas, success stories, and challenges are shared within and across departments. | 1 |
| 2.6 | Improve access to project management training for information technology and administrative staff. | 1 |
| The Controller should: | ||
| 2.7 | Work with City departments to develop accounting and budgeting systems that track information technology project costs, including staff time and overhead. | 2 |
| Recommendation | Priority |
3. The Justice Information Tracking System (JUSTIS)
| The Director of Telecommunications and Information Technology should: | ||
| 3.1 | Present a report to the Board of Supervisors prior to December 31, 2007, on the status of JUSTIS implementation, including project timelines and costs. | 1 |
| The Chair of the Committee on Information Technology should: | ||
| 3.2 | Develop policies and procedures governing interdepartmental projects, including responsibility for project and budget management. | 1 |
| 3.3 | Develop a policy to assign a dedicated project manager on large-scale projects that exceed some threshold amount, to be defined by the Committee on Information Technology. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 3 | |
| Recommendation | Priority |
4. Information Technology Resources
| The Board of Supervisors should: | ||
| 4.1 | Adopt an Administrative Code provision establishing a citywide information technology capital planning process under the direction of the Committee on Information Technology. | 2 |
| The Chair of the Committee on Information Technology should: | ||
| 4.2 | Prepare an annual information technology capital expenditure plan based on the citywide information technology capital plan and submit a report for the Board of Supervisors containing details of the annual capital expenditure plan. | 2 |
| 4.3 | Request the Mayor to include the capital expenditure plan in the annual proposed budget to be submitted to the Board of Supervisors. | 2 |
| 4.4 | Establish formal information technology managers' meetings. | 1 |
| The Department of Telecommunications and Information Services should: | ||
| 4.5 | Maintain a list and serve as a clearinghouse of information technology expertise in City departments. | 1 |
| 4.6 | Implement a Citywide information technology mentoring program. | 1 |
| Recommendation | Priority |
5. Information Systems Security
| The Chair of the Committee on Information Technology should: | ||
| 5.1 | Establish policies and standards for each City department to develop a risk assessment plan that (a) identifies the City departments with the greatest security risks, and (b) resources necessary to reduce security risks. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |
| 5.2 | Recommend annual funding for City departments' information system security programs based upon the risk assessment. | 2 |
| 5.3 | Establish criteria for City departments' information system security policies and procedures | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |
| 5.4 | Define job skills and functions necessary to manage departments' information system security programs. | 1 |
| 5.5 | Develop formal decision-making guidelines for City departments that share information systems. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 3 | |
| Recommendation | Priority |
6. Information Technology Systems Inventory Management
| The Chair of the Committee on Information Technology should: | ||
| 6.1 | Develop citywide information technology inventory management policies, procedures and standards. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |
| 6.2 | Develop a citywide plan for replacing and upgrading General Fund department information technology. | 1 |
| 6.3 | Develop a citywide policy and controls for issuing and monitoring laptop computers. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |
| 6.4 | Request all City department directors to maintain information technology inventories consistent with the Committee on Information Technology's standards. | |
| Chair of the Committee on Information Technology | 1 | |
| City departments | 2 | |