On-time and on-budget isn’t enough for IT modernization, CIOs say

Security, data governance, business processes and user-centered design add new concerns to IT modernization projects, state CIOs said.
smiley faces
(Getty Images)

Even though state governments constantly update their technology, the public mostly hears about it only when things go wrong. But completing projects on time, on budget and free from public derision is only a starting point, not a description of success.

In interviews with StateScoop, state chief information officers shared their main considerations when trading in old IT systems for new ones. Security, data governance, business processes and user-centered design all add new dimension to what are already complex endeavors. Neglecting any of these, the CIOs said, won’t necessarily torpedo a project, but could push forward the date of the next critical upgrade.

‘Getting into the community’

Many officials are beginning to depart from a longstanding neglect of the needs of the residents and workers who rely on state-built technology. For decades, government websites lacked easy-to-navigate designs, business processes were rushed into service without much thought and millions of dollars were spent on systems fitting the needs of their creators, not users.


But Washington CIO Bill Kehoe said officials in his state are beginning to embrace “customer-centric IT.”

“We realize we can’t just work in our agency silos, and even though we’ve done that and done that fairly well, our customers really don’t understand the structure of our large governments and the agencies and what they do,” he said. “We’re trying to really reach them where they are.”

In Washington, reaching people has meant speaking with them directly. The state recently redesigned its website, and Kehoe said holding focus groups and “getting into the community” were essential to making that project successful.

“We thought we knew what our residents want and how they want it designed, and we threw that out and said ‘we don’t really know — let’s go ask,’” he said. “It seems like a simple step, but it’s a mindset that’s different than in the past. When you go out into the communities, you learn so much, and we changed a lot of our design based on that feedback.”

That feedback informed much of the new state website’s terminology and navigation, he said. Like many state CIOs, Kehoe has decades of professional experience to draw on, but he said CIOs shouldn’t be upgrading systems now as it was done at the start of their careers.


“If we modernize them in the same way we did 10 or 15 years ago, then we’re not going to be successful, whether the project is successful or not in our own eyes,” he said. “There’s so many more components to modernization than just replacing a system.”

‘Intentional change management’

There’s “a real hunger for modernizing things” in Missouri, state CIO Jeff Wann said. Like Washington, Missouri is striving to make its technology “citizen-centric,” while also considering cybersecurity, enterprise architecture, data governance and building a digital infrastructure that not only meets current needs, but prepares the state for the future.

It’s a lot to track, but Wann said a process frameworks are a rigorous tool ensuring that projects are not only checking boxes, but meeting business needs.

“The first thing I look at is intentional change management, because when you’re doing modernization, it really is about changing the way that you interface with your citizens, changing the way people do their daily jobs as employees,” Wann said. “Using a framework allows you to have checklists to ensure you are having appropriate communication at the right time, you’re helping people through what to expect in change and really making the project work smoothly.”


Many CIOs say that managing people is the most challenging and important aspect of their work. In Missouri, Wann said, considering the people surrounding technology — both inside and outside of state government — is essential to ensuring projects are both considered successful and useful to the enterprise.

“You can be on time and on budget and still not meet the citizens’ expectations or even expectations within the agencies, but by putting an emphasis on being citizen-centric, you’re really going a long way to ensuring you’re going to receive the business value out of your modernization project,” he said.

Data, ‘a huge consideration’

Only meeting the minimum requirements of a project often means foregoing considerations that would allow it to last for years. Wann said planning for the future means “looking at things from an enterprise data perspective” and considering how a system can be more broadly relevant to an organization.

Kehoe, the Washington CIO, said providing wide access to data and analytics has long gone neglected in government’s modernization efforts, which is to largely miss the point of upgrading old technology in the first place.


“All of those things have to be taken into consideration as we modernize, and if we miss something, what we’re essentially doing is putting a new system into legacy services and business processes and we’re siloing the data, only on a more modern system,” he said.

Arizona CIO J.R. Sloan said data is “a huge consideration” for modernization projects.

“Before you start, ask yourself some questions like, ‘What do I need from the data of the system?’” he said. “If we wait until after we have finished our modernization project to ask what we need the system to tell us or what the system could tell us, it’s a missed opportunity. You’re now trying to retrofit data collection or data models to a system that you’ve already implemented.”

Some call the federal relief funding following the COVID-19 pandemic a “once-in-a-lifetime opportunity” to upgrade outdated systems loaded with data and intertwined with old business processes, Sloan said. Replacing a 20- or 30-year old system doesn’t only mean new hardware and software, he said, but a chance at rethinking the data and business processes, too. 

“These systems have come up on their lifecycle and need to be replaced,” Sloan said. “That’s a long time, a lot of data, a lot of business processes.”


All technology is legacy technology

For Pennsylvania CIO John MacMillan, all technology is legacy technology. Buying into a new platform doesn’t eliminate the risks of the old platform — it just transforms them, he said.

Viewing IT modernization through a lens of risk management has shifted MacMillan’s focus to the task of governance. The goal isn’t to spend away the state’s technology problems, he said, but to think of IT modernization as a continuous process.

“When we talk about the cloud, we think about it as an alternative to mitigate risk,” MacMillan said. “Going into somebody else’s data center, operating on somebody else’s hardware, with somebody else’s software, managed by somebody else’s people, still is a risk.”

The key, he said, is to manage the risks — of data governance, security, people, infrastructure and connectivity — proactively. He pointed to an executive order that Gov. Tom Wolf signed in 2019, codifying the technology department’s responsibility to create a “citizen-first” government, which MacMillan said has helped establish requirements for new IT projects, ensuring his state will be ready for the future.


“I’m a believer that the second after a system goes live, it’s legacy,” MacMillan said. “At some point, the people associated with that solution will leave their jobs. The hardware will age out, the software will need some sort of attention, one company will acquire another company.”

Latest Podcasts