The Texas House Appropriations Committee meet to take invited testimony on the following issues: Sunset Recommendations Affecting the Budget, Audits Affecting the Budget, State Contracting, Employee Retirement System, Teacher Retirement System, Cybersecurity and IT, Deferred Maintenance and Capital Needs, and other budget matters.

This report is intended to give you an overview and highlight of the discussions on the various topics the committee took up. It is not a verbatim transcript of the hearing but is based upon what was audible or understandable to the observer and the desire to get details out as quickly as possible with few errors or omissions.

 

Sunset Recommendations

Jennifer Jones, Acting Director of Sunset Commission

  • Adopted 496 recommendations
  • Resulting in 27 Sunset bills
  • Consolidation recommendations will result ultimately in savings but there may be start up costs
  • Eliminating of certain regulations in the recommendations – plumbing, alcohol and beverage licensing, deregulation results in loss of fees to revenue of state is agencies is occupational licensing and regulatory agencies
  • Commission will send a letter to request adding historical commission and library commission to be able to retain proceeds from surplus property system
  • DPS was a long and hard discussion, knows it will be a critical issue in the upcoming session – transferring driving licenses to DMV
  • Walle -question on Texas Behavioral Health Executive Council, generate sufficient revenue and long term savings in consolidations question
    • Once agency is up and running and consolidated, there can be administrative efficiencies and feels they will learn from consolidation with Psychology board and licensing process will be streamlined
    • Still individual license
    • Would also apply to plumbers when consolidated with TDLR

 

State Auditor’s Office

Lisa Collier, SAO

  • Provided overview of who they are and what they do as well as results of reports
  • Availability to search audits for example see results of all contracting audits
  • Can also look at priority ratings, most priority ratings have been related to contracting issues
  • Recently summarized results of contracting results from those since March 2016
    • As new contracting audits are released this site will be updated
    • Schaeffer – do you do a risk assessment to determine where you will focus
    • Risk assessment includes qualitative and quantitative factors
    • Schaeffer – can you give me an example
    • Go to largest agencies and then consider things of legislative interest, agencies not visited in a while, there are some things they must go to every year
  • Another area they audit β€œquite a bit” is information technology
    • Audits on access and change management
    • Look at data entry, reports with programming errors
    • IT business related process, any sort of reconciliation process to identity and correct
  • List of resources includes all audits released since Jan. 2018 with priority ratings
  • Davis – who is the state auditor and how long have we not had one?
    • There is not one, not since 2015
  • Schaefer – is there a central agency that looks at cyber issues
    • Not aware
    • Schaefer – think of you more as physical and this is data security
    • Gave example of financial audits, they need to look IT systems
    • Schaefer – is each agency responsible for their security, no one else publishing guidelines
    • There are industry standards (Nationwide) and guideline (DIR) but as far as I know they are (the agencies) individually responsible
    • Zerwas – notes DIR may be helpful in answering these questions when they come up

 

State Contracting

Jack Pew, Legislative Budget Board

  • Contract oversight and technology team overview
  • Database went live in 2016, as of Jan 2019 174 agencies have reported and over 77k contracts are in the database, covering $317.6 million
  • Bell – did you say certain agencies are exempt from having to upload contract data? Do those contracts exist?
    • They are reported, agencies report data but exempt from uploading the attachments or solicitation documents (TxDOT was listed as one of these exempted agencies)
  • Vendor performance tracking began in 2013 but agencies not required to use until SB 20 in 2016
    • Usage is quite low, only 14.8% have a corresponding review in tracking system
    • Walle – 80% are not reporting, is there a discrepancy
    • They do not have a correspondence entry that is required at contract closeout
  • Zerwas – seems like 85% of the required reporting is not being accomplished
    • That is correct
    • Bell – what type, what would the data look like
    • Information put in that system will transfer into a letter grade on the performance level
    • Toth – is there a lack of accountability?
    • Looking into the reason, such as a lack of knowledge
  • Bonnen – asked about exemptions, what are rationale?
    • Institutions of Higher Ed since they live in education code
    • HHSC and TxDOT have a large number of contracts that are fairly boiler plate and it would be a large burden on the system
    • Contracts with no real negotiation
    • Bonnen – asked about meaning of β€œno real negotiation”
    • HHSC provider enrollment contracts, providers to accept the Medicaid rate
    • Bonnen – state has contracts with MCO, are those recorded?
    • Documents are not included, but data is recorded
    • Bonnen – would that be helpful?
    • We believe it would be
  • Schaefer – what is rationale for exempting Higher Ed? Does it deal with high number of duplicative contracts?
    • No aware, its statutory
  • Overall issues on contracting they found: agencies can improve how they do vendor selection, negotiations with vendors over terms can weaken the contract, change orders and amendments can cause issues
  • Howard – inadequate planning is primary reason you found for errors, do you know what inadequate planning is based on? Based on lack of people, political intervention in process?
    • Not really but may be first option, lack of people and ability to negotiate early on
    • Howard – would it be because of pay, lack of sufficient training, can you see if there is any improvement
    • Trends not apparent yet
  • Johnson – asked about evaluating HUB’s participating?
    • Not part of their process, that lives in Comptroller office
    • Keeton, LBB – Comptroller is responsible statutorily required to track as well as individual agencies
    • Johnson – would like to start streamlining
  • Bell – would like to come back to change order question, how does assessment work or is there an assessment on change orders?
    • Number of change orders vary across the agencies, certain changes/amendment are necessary but trying to asses why they came about
    • Bell – are vendors not meeting requirements in their bids/contracts, and that is where this body needs to be concerned
    • Something they are looking at when they look at individual contacts, there are some situations where that occurs but cannot answer this broadly
  • Bonnen – asked about remarks in handouts about no being based on price?
    • Statements of Work and deliverables are defined, the more this is defined up from, the last likely it is going to need to change or alter the course
  • Schaefer – isn’t it state law for things like engineering/architecture that we are prohibited from considering price?
    • Correct, we look at statement of qualifications not price
    • Schaefer – again restates they are prohibited from looking at price

 

Department of Information Resources

Hershel Becker, DIR

  • Gave overview on the following: Cooperative contracts, purchasing, NextGen Data Services procurement
  • Bulk purchases are done utilizing cooperative contracts
  • Shared operating services model diagram was provided to the committee
  • NextGen DCS – current contracts expired in 2020 and overall next several months will solicit information
  • Potentially they will be 8 year contracts so looking out 8-10 years on planning
  • Request for Offers will be posted beginning Feb 2019
  • List provided of different offerings they are soliciting was provided (networking, security operations, technology solution, services, etc)
  • There will be 8 separate procurements and timeline has them staggered
  • Capriglione – asked about cybersecurity and how DIR helps
    • Todd Kimbriel, DIR – DIR does have a primary mission component for cyber security, do provide guidance through Texas Administrative Code, and monitor through a biannual report on compliance with 40 different cyber security control objectives
    • Kimbriel – report was given to offices 2 weeks ago
    • Kimbriel – they do not have the ability to enforce
  • Capriglione – refers to β€œDigital Storage Study” that was provided, which stated a significant amount of data is being stored and cost of maintaining data increases
    • Kimbriel – Private connections and cloud environments reviewed, see regulated data and non-regulated data
    • Kimbriel – Use framework developed by FBI, data is highly protected, everyone goes through FBI background check
  • Capriglione – concerned on cost, what can be done to reduce cost? Almost $500million
    • Kimbriel – It is a problem in the industry, moving to phase of digital government so in a way increases amount of data to manage but it is a way they need to go to deliver more effective services to citizen
    • Kimbriel – Costs will go up but unit price we pay for storage will decrease
  • Capriglione – NextGen DCS details
    • Kimbriel – First award for this summer, last next spring – it could be as many as 8 awards or it could be fewer than 8
    • Kimbriel – In total it will be largest procurement in public sector $1.2-$1.5 billion for all awards
    • Kimbriel – This group will help them work closer with agencies
  • Capriglione – in regards to storage study, asked agencies if they comply with records rules and results of survey showed that 18% said no and 17% didn’t know, wants to get a better handle on what we have
    • Kimbriel – Would say challenge is in purging records once they go beyond their retention schedule
  • Miller – asked about Sen. Nelson concerns and for a copy of her letter
    • Kimbriel – Sen. Nelson letter said she wanted to make sure legislative body could weigh in on the procurement and have transparency in the process, awards will be after the session
    • Kimbriel – There was a concern on Atos North America as the vendor, that parent company is based in Europe and if resources were secured and the other element of concern was original award in 2012 vendor became Xerox and then in 2015 they became Atos
    • Kimbriel – They did due diligence on the contract and approving the vendor
    • Kimbriel – Have a good partner, they are based in Texas and people are working here in Texas
    • Kimbriel – Data does not leave Texas, no data goes to Europe

 

Cybersecurity and IT

Nancy Rainosek, DIR

  • Discuss program DIR provides to agency to help with Cyber security
  • Chart provided that shows traffic in last year
  • Have a Texas Cybersecurity framework, based on federal government model
  • Have had agencies measure themselves and they also offer assessments
  • Trend in last 3 biennium from 16 to 18 there was an 11% growth, state still compliant but very close to compliant level
  • Multifactor authentication was request for exceptional funding, Office 365 advance protection,
  • Next biennium plan to do a statewide, fishing exercise, review 202, set up information sharing and analysis, continued communications on threats to state agencies, etc
  • Wu – agency conducted 50 intrusion tests? Is it sufficient?
    • Yes, there are 150 agencies so getting about 1/3 a year
  • Schafer – have we had any significant breeches?
    • No sir, had issues with emails where employees got paycheck rerouted
    • Not aware of any data loss, no significant breeches
  • Capriglione – asked about local government data breaches
    • Example of school district problems on paycheck – $3 million for a building project
    • Not necessarily technological, also reaching out to business offices
    • Agrees training is important
    • Happy to meet and go through specific examples
  • Capriglione – agrees multifactor authentication is a priority

John Hoffman, Chief Technology Officer DIR

  • DIR role for each agency IT department, each department is unique
  • 10% are 5 years old or older for laptops and computers, can leverage DIR to improve this
  • Cooperative contract program also leverages cloud services
  • Over 2 million transactions through DIR portal
  • DIR helps with training, planning, direction, project management framework
  • Howard – can they procure cloud services directly?
    • That is correct, there are some agencies which need to utilize their structure which other agencies can utilize but don’t have to
    • Goal is to provide agencies with different components to help them make choice immediately
    • 12% adoption on cloud services and number is growing, there is a lot of challenge around it
  • Howard – frustrated, want more interoperability. When hearing Medicaid is still working on excel spreadsheets – why still so far behind?
    • Moving to digitization age, not only interaction with constituents but address entire process flow
  • Kimbriel – Report has been published on legacy opportunities to help lawmakers target funding, there will be a refreshed list published
  • Capriglione – request examples in state agencies, on outdated or security concern, not cost effective or unusable
    • Kimbriel – In data service plan, Microsoft 2003 is no longer serviceable, so they have been working to eliminate 2003 from all servers in the environment down to about 70-80 servers have 2003 on them
  • Bell – If agencies have option to use private services, how does cybersecurity work
    • Kimbriel – Policies on what data can be in cloud providers, etc
    • Kimbriel – Worked with developers team to determine appropriate cyber hygiene or note regulated data not for certain cloud environments
  • Schaefer – do you see agencies procuring something on their own they could have gotten at a lower cost through you?
    • Kimbriel – Don’t know what they don’t know; they do price comparison in the market place, generally will not find a better deal in the market place
  • VanDeaver – if agency goes to DIR for contract, is there a fee to agency? What do they get for the fee?
    • Kimbriel – Not agency/customer, but vendor which turns out to be 68 cents on $100
    • Kimbriel – Fee is cost recovery for manage catalogue of contracts
    • Kimbriel – If organization has a large volume purchase they can negotiate for a deeper discount
    • Kimbriel – Customer gets assurance that all right elements in place, and all requirements meet
    • Kimbriel – Generally, least expensive and vendors have confidence in their cooperative contracts so much so that other states utilize it

 

ERS

Katy Fallon-Brown, LBB

  • Reviews state employee benefits
  • There are four systems in ERS, covers HB 1 recommendations
  • Return investment assumption reduced from 8% to 7.5%
  • $4 billion in all funds, maintains contribution rate, ERS did not request and increase in state contributions
  • Social security benefit replacement pay, state must contribute 7.65% of salary, totals $1.8B

 

State IT projects

Richard Corbel, LBB analyst

  • Cybersecurity projects, $26.7M in 18-19, $42.9M in 20-21
  • Legacy modernization projects to update old systems, $840.2M in 18-19, $239.9M in 20-21
  • Other projects, $526.6m, $401.1M in 20-21
  • All IT projects subject to Quality assurance team for oversight
  • $1.04 billion in all funds
  • Quality Assurance Team – shows QAT project progress chart imagine of QAT project dashboard which includes project measures for scope and quality
  • Bonnen – asked about Art II outlier
    • Compilation of moving DADs and DARs into HHSC
    • Trying to get older systems up to speed

TRS

Avery Zachs, LBB

  • Provided overview of system and optional retirement program
  • 3 primary benefits, Retirement system and other two are health insurance programs
  • Pension is defined benefit program (forgive type on presentation)
    • Fixed percentage of payroll and receives investment earnings
  • TRS care provides health benefits
    • Revenue sources payroll-based contributions from state, employers, and employees
  • TRS active care – funded through Foundation School Program
    • State provides $75 per member per month
    • Min $150 per member per month from employer
  • Have a defined contribution program as an alternative for Higher Ed employees
  • Gonzalez – Higher Ed retirement go wht and decrease?
    • Delay on 2018 data, so this is more technical, so revised numbers will be available in the next couple months
  • Toth – 3.9% growth, is that premiums to retired teachers or is that assuming more teachers in the system?
    • That is assumed growth of underlying payroll, each program gets revenue that is essentially a fixed percentage of payroll
  • Cortez – There was a major overhaul of TRS care in 2017, members were expecting a level of support in 2015, but overhaul led to a different pension & higher out of pocket cost for these members; are we looking at any sort of relief?
    • Following enactment of HB 3936, TRS is now two primary statewide plans, one high deductible for non-Medicare eligible, and one for Medicare eligible; this structure is assumed to continue in HB 1
    • Additional funding was provided in the 85th Regular and the Special, additional ongoing funding, etc.; all reforms went together as a package
    • HB 1 adds $230.8 million in ESF funds on top of previous contributions to maintain structure, but no funding for premiums; There will not be a change in the benefits under HB 1
  • Cortez – Often contacted by constituents about changing benefits
  • J Johnson – How much is in the pension fund currently?
    • $154.6 billion market value of assets
  • J Johnson – Is this fully funded?
    • Adhere to statuary sound standards, currently over 31-year threshold for paying off pension balance
    • Agency has requested increase of 1.82% of payroll, $1.7 billion across all funding sources; there are some offsetting costs not from GR
  • J Johnson – Are we looking to take this from GR or does this pass to agencies, schools, etc.?
    • $1.4 billion in GR is just to increase state contribution rate, will be presenting some models in subcommittee; goal is 1.82% of payroll
  • Schaefer – Any sense of how growth in public sector compares to private sector?
    • Can look into this
  • Zerwas – Will be looking at this deeply in subcommittee

 

Deferred Maintenance and Capital Needs

John Montgomery, LBB

  • Asked agencies to submit requests under 4 categories: new construction, health & safety, deferred maintenance, and maintenance over next biennium
  • Last biennium, $2.1 billion in AF requests for capital needs projects, $983 million appropriated across all articles
  • Upcoming biennium, agencies requested $3.3. billion in capital needs, subject to being updated pending new exceptional items requests
    • $1.2 billion of this for revenue or general obligations bond authorities
  • Of items requested included in introduced HB there are $414M in all funds, largest being for $326M TxDOT to re-consolidate its Austin campus
  • Joint Oversight Committee on Government Facilities is the main means of legislature having oversight over maintenance need
    • Expired earlier this month, will need legislative action to renew or shift responsibilities to another body
  • Bell – What do you mean by TxDOT reconsolidating Austin campus?
    • Most TxDOT employees in Austin are in leased campus on Riverside, owner has decided to sell land, are looking at new locations