PROJECT APPROVAL AUTHORITY - 4819.34
Authority for approval of information technology (IT) projects lies with the Department of Technology, but it is the intention of the State’s Chief Information Officer to delegate approval authority to Agency/state entity directors to the maximum extent practicable.
When an Agency’s/state entity's proposed expenditures on IT are consistent with established policies and when the Agency/state entity has consistently adhered to those policies and successfully implemented IT projects, the Department of Technology will consider delegating authority for the approval of resources to Agency/state entity directors, as defined below.
The Department of Technology will establish an Agency/state entity-specific cost delegation level, i.e., the project cost level above which the Agency/state entity must obtain project approval from the Department of Technology (see SAM Section 4819.37) before the Agency/state entity is authorized to initiate the project.
The Department of Technology’s delegations fall into one of four general groups:
Group 1 – Desktop and Mobile Computing Delegations: Agencies/state entities that have established and currently maintain an acceptable Technology Recovery Plan and plan for the appropriate application of desktop and mobile computing will be delegated authority for the acquisition of equipment and software to support their desktop and mobile computing activities. See SAM Section 4989.2.
Group 2 – Commercial-off-the-Shelf (COTS) Software and Cloud Software-as-a- Service (SaaS) Delegations: Agencies/state entities are delegated the authority for the approval and acquisition of COTS software and Cloud SaaS solutions which are classified as Delegated (see SAM Section 4819.37 for a list of Project Delegation Criteria). The acquisition must meet “ALL” of the following conditions:
- Software licenses and consulting services will be acquired through a leveraged purchasing agreement managed by the Department of General Services (e.g. CMAS or MSA) or through one of the Department of Technology’s Data Center Service Offerings.
- Does not require installation of new hardware on premises at the Agency/state entity or its designated data center.
- Solution is single purpose use, not mission critical, and used for internal purposes only.
- Does not exchange confidential or sensitive data with other systems.
Pursuant to the Cloud Computing policy (SAM Section 4983), Agencies/state entities must utilize Cloud SaaS services provided by the CDT whenever feasible. Additionally, COTS software services provided by CDT must be utilized whenever feasible. Agency/state entities must notify the Department of Technology of all COTS and SaaS acquisitions prior to project initiation as defined in Statewide Information Management Manual (SIMM) Section 22.
Group 3 – Agency/state entity Delegated Projects: Approval authority for projects which are delegated to the Agency/state entity director. Agencies/state entities undertaking delegated projects are expected to employ appropriate project review, approval, and reporting procedures as specified in SAM Sections 4819.35 and 4819.36. See SAM Sections 4819.37 and 4819.39 for a list of project reporting criteria and a definition of project cost delegation.
Group 4 – Requested Delegation for Non-Delegated Projects: An Agency/state entity with an acceptable Technology Recovery Plan and an Agency Information Management Strategy that has been approved by the Department of Technology may submit a Project Delegation Request (see SAM Section 4819.38) to the Department of Technology for new projects prior to the encumbrance or expenditure of funds, including the use of staff resources, on the project beyond the Stage 1 Business Analysis. The Department of Technology will review the form and notify the Agency/state entity whether it has been delegated project approval authority for the proposed project. If delegation is not granted, the Agency/state entity must submit a Stage 2 Alternatives Analysis to the Department of Technology for approval.
- Among the factors considered by the Department of Technology in determining whether to grant delegated project approval authority:
    - The apparent adequacy of the Agency’s/state entity's planning process;
- The cost, scope, and complexity of the IT project;
- The size and composition of project staff;
- The Agency/state entity executive staff's project management experience;
- The level of complexity and completeness of prior Project Approval Lifecycle documentation prepared by the Agency/state entity;
- The number and complexity of previous IT projects attempted by the Agency/state entity;
- The demonstrated ability of Agency/state entity project management staff to successfully monitor, control, and report progress during a complex undertaking; and
- The Agency’s/state entity's past success in applying IT to attain goals on time and within budget and to realize expected objectives.
 
- Delegation of project approval authority will NOT normally be given for projects which:
    - Have significant statewide, interdepartmental, or intergovernmental impact;
- Involve the establishment or use of nonstandard or extensive communication facilities;
- Propose software or equipment acquisition expenditures that are large in relation to the Agency’s/state entity's IT budget;
- Have the potential for involving new or unfamiliar technology;
- Produce revenue for the State, such as licensing fees, tax collection, etc.;
- Have a high potential risk associated with the security and confidentiality of the information being processed;
- Involve IT acquisitions that exceed the Agency’s/state entity’s Department of General Services Delegated Purchasing Authority (as defined in SAM Section 4819.2) or
- Depend upon decisions to be made during the development or enactment of the Governor's Budget, such as approval of a Budget Change Proposal or Budget Revision.
 
- Splitting a project into smaller projects to avoid either fiscal or procedural controls is prohibited.
- Agencies/state entities undertaking delegated projects are expected to employ appropriate project review, approval, and reporting procedures as specified in SAM Sections 4819.35 (Project Approval Lifecycle) and 4819.36 (Project Reporting/Oversight) below.
- All IT projects are subject to audit. Documentation supporting project decisions must be kept by the Agency/state entity for a minimum of two years following approval of the Post-Implementation Evaluation Report (PIER). See SAM Sections 4947-4947.2.
- The Department of Technology, at its discretion, may rescind previously delegated approval authority for individual projects or for all IT activities in progress or proposed by an Agency/state entity. The Department of Technology may require that project planning, design, or implementation be halted or redirected.
The decision to rescind delegation will typically be based on review (audit) of the Agency’s/state entity's information management practices: review of a specific project; redefinition of the project; significant increases in project cost projections; major cost overruns; specific control language placed on expenditures through legislation (i.e., the Budget Act); identification of significant unresolved technical issues; or a change in the direction of state policy.
