Division of the Budget Landon State Office Building Phone: (785) 296-2436 900 SW Jackson Street, Room 504 adam.c.proffitt@ks.gov Topeka, KS 66612 http://budget.kansas.gov Adam Proffitt, Director Laura Kelly, Governor Division of the Budget January 30, 2023 The Honorable Troy Waymaster, Chairperson House Committee on Appropriations 300 SW 10th Avenue, Room 112-N Topeka, Kansas 66612 Dear Representative Waymaster: SUBJECT: Fiscal Note for HB 2077 by Joint Committee on Information Technology In accordance with KSA 75-3715a, the following fiscal note concerning HB 2077 is respectfully submitted to your committee. HB 2077 would require the Joint Committee on Information Technology (JCIT) to advise and consult on all state agency information technology projects that pose a significant business risk as determined by the Information Technology Executive Council’s policies. The bill would define “business risk.” The bill would also alter the definition of “information technology project.” HB 2077 would require whenever an agency proposes an information technology project, the agency would prepare documentation that would include a financial plan showing the proposed source of funding and categorized expenditures for each phase of the project and cost estimates for any needs analysis or other investigations, consulting, or other professional services, computer programs, data, equipment, buildings, or major repairs or improvements to buildings, and other items or services necessary for the project. Also, the documentation would have to be consistent with information technology resource policies and procedures and project management methodologies for all state agencies; an information technology architecture, including telecommunications systems, networks, and equipment that covers all state agencies; standards for data management for all agencies; and a strategic information technology management plan for the state. The bill specifies the following requirements to be met prior to the release of any request for proposal for an information technology project with significant business risk: 1. Specifications for bids or proposals for a project would be submitted to the Chief Information Technology Officer (CITO) of the branch of state government of which the The Honorable Troy Waymaster, Chairperson Page 2—HB 2077 agency is a part of. Information technology projects requiring the CITO’s approval must have that CITO’s written approval on the bid or proposal specifications; 2. Each CITO must submit the project and project plan, including architecture and the cost benefit analysis, to each member of the JCIT and to the Kansas Legislative Research Department (KLRD). Each project plan must include a notice specifying the date the summary was mailed or e-mailed; 3. Each JCIT member would review the summary and may submit questions, requests for additional information, or a request for a presentation and review of the proposed project at a JCIT meeting; 4. If at least two members of the JCIT contact KLRD within seven business days of the date specified in the summary description and request that the JCIT schedule a meeting for presentation and review, KLRD would notify the CITO of the appropriate branch of state government, the agency head, and the Committee Chairperson that a meeting has been requested on the next business day following the members’ contact with KLRD; 5. The Committee Chairperson would be required to call a meeting of the Committee as soon as practicable after receiving notice of the request. The Chairperson would furnish the CITO and agency head with a notice of the time, date, and place of the meeting; 6. A state agency could not authorize or approve the release of any request for proposal or other bid event for an information technology project without having first advised and consulted with the JCIT at a meeting unless fewer than two members of the JCIT contact KLRD to request a Committee meeting for presentation and review or a Committee meeting is requested by at least two members but the meeting does not occur within two calendar weeks of the Chairperson receiving the notification from KLRD; 7. The bill would require the JCIT to report to the House Appropriations Committee and the Senate Ways and Means Committee on the JCIT’s recommendations regarding the merit of information technology project appropriations; and 8. The JCIT would be responsible for reviewing information technology plans and budget estimates for all state agencies. The bill would also update and clarify provisions of the Kansas Cybersecurity Act and add additional state agency cybersecurity training requirements and reports. The Office of Information Technology Services (OITS) states the agency does not currently have data on low-cost projects that are high-risk because state agencies are not reporting those outside their agency. OITS states that the Kansas Information Security Office currently provides security awareness training to Executive Branch agencies through a vendor. OITS estimates additional expenditures of $120,096 in FY 2024 to train employees from the Board of Regents and universities, the Judicial Branch, and the Legislative Branch. OITS indicates this funding would be paid to an outside vendor and recovered through billings to participating agencies. The Honorable Troy Waymaster, Chairperson Page 3—HB 2077 The Kansas Department of Transportation states that enactment of the bill would result in additional workload for KDOT to complete required documentation and reports; however, the agency indicates any additional workload could be absorbed within existing budget resources. The Kansas Department of Revenue indicates there would be no fiscal effect on agency operations because the agency follows all state IT processes. Any fiscal effect associated with HB 2077 is not reflected in The FY 2024 Governor’s Budget Report. Sincerely, Adam Proffitt Director of the Budget cc: Brian Reiter, OITS Karen Clowers, Legislative Services