Audit finds ‘mixed’ review of state’s chief IT agency

Minnesota government’s chief IT agency, MNIT, has not provided proper oversight of state software development and it’s unclear to some other government agencies the services it is supposed to provide to them.

These findings were released Wednesday morning in a report from the Office of the Legislative Auditor. It’s a review that was commissioned a year ago, amidst controversy over technical problems with the rollout of a licensing and registration system known as MNLARS.

According to the report, the agency’s oversight of software projects like MNLARS has been “inconsistent” and not rigorous enough, sometimes in violation of state law.

“State law requires the MNIT commissioner to approve projects before they are undertaken, but such sign-offs have not occurred,” the report found. “MNIT has not developed standards for the architecture of state IT systems, nor for the independent audits required for large IT projects. In addition, MNIT has not always evaluated the performance of its professional/technical contractors, contrary to state requirements.”

But the report zoomed out from focusing just on MNLARS, digging in to overall operations of MNIT, which was created in 2011 by the Legislature to bring all of the state’s information technology services into a single agency. Before its creation, state IT operations and employees were scattered across more than two dozen agencies.

Now MNIT has more than 2,000 state employees and an annual budget of $600 million to do work for state agencies. It’s the only state agency for which DFL Gov. Tim Walz has yet to appoint a commissioner, calling it the the most “thankless” job in state government.

“More and more Minnesotans are going to interact with the state on a regular basis electronically, and the principal agency that is supposed to deliver those services is not delivering them well, in a timely manner or a cost effective manner,” said Rep. Jim Nash, R-Waconia, who was asked by the Walz administration to apply for the MNIT commissioner post but declined.

“If you talk to any legislator, no one is giving them an A-plus, they are giving them a D or a D-minus,” he added.

Agency reviews on how MNIT is doing are mixed, according to OLA.

“Parts of the effort to consolidate state IT responsibilities in MNIT are complete, but others are still in progress,” the report found. “State agencies have divided opinions about the consolidation, and there is some confusion about which agencies should be subject to the consolidation.”

For example, not all agencies’ IT functions are actually consolidated under MNIT, and some expressed confusion about whether or not they were supposed to be.

In a survey of agencies, 83 percent expressed satisfaction with the technical quality of software application services provided by MNIT or its contractors, and nearly 90 percent of agencies were satisfied with MNIT’s efforts to protect state information from cyber security attacks.

But half of agencies complained about MNIT’s timeliness, customer support and the agency’s billing, which they “perceive to be inaccurate IT invoices and time-consuming.”

Part of the issue is the law on the books, written by the Legislature, that created MNIT in the first place. The report said the language is “too broad” or outdated, and lawmakers haven’t had consistent oversight over the agency since its creation.

The auditor’s office recommends more oversight from the Legislature, including the creation of a House and Senate committee to review IT projects. Lawmakers should also clarify state law around MNIT to make clear which agencies are subject to MNIT’s authority.

In a letter to OLA, Acting Commissioner of MNIT William Poirier said they agree with the recommendations. “[The report] revealed key areas in which we believe action is required to enable MNIT and the executive branch to work better, smarter, and more cost-effectively,” he wrote in a letter.