charges is the baseline charge, recuperating charges for ongoing services. but the problem we found during the audit is that baseline service was not ever defined and so no one knew what was actually included in the baseline service charges. in addition to that, the baseline charges were assessed against f.t.e. so the result was the largest departments were paying the largest of the baseline service charges, regardless of their actual service use for the baseline services. and separately, the baseline charges are assessed on a budgetary basis, so when actual spending is below budget which it has been for the past several years, d.t. will go through a process where they credit customers with a portion of the charges, the process is not defined anywhere and not transparent. and so the net effect of all this -- >> big departments are subsidizing the little departments. >> that's right. >> because the big departments, they tend to just use less also. so, sort of like the cause and

effect relationship with the cost sharing is kind of broken. i think the primary negative effect of all this, d.t. customers don't understand what they are paying for and according to our survey, they want to understand what they are paying for and want to choose what services they are getting from d.t. so another way that d.t. recovers costs is through what i'll call project-based work orders. so, this is funding that is to cover service requests that can't be accomplished within the baseline recoveries. however, as i just said, no definition for what's in baseline services so it's really up to the d.t. division managers when they get a service request to determine whether or not it can be accomplished in their baseline budget. and so we reviewed these project work orders, and we found that less than half had any documentation that would

describe the work effort or the schedule or the basis for costs, and even when that documentation was available, it was often missing such key information, and this is just inconsistent with the work order guidelines and makes it difficult for the department to plan and prioritize work. finally on financial management, we had findings related to contracting. so, as you know, d.t. manages several citywide contracts for i.t. services, but until the end of 2016, they did not track the contracts, despite 2012 audit recommending to do so. during the audit, we looked at the d.t. contract management data, manually compiled into a spreadsheet and found it problematic on several fronts. number one, we could not determine the remaining spending authority on the active contracts just by looking at their contract data. and in addition to that, even

though it was compiled in a spreadsheet, it was not in a fully functional contract management database that would do things like notify you if a contract was about to expire. so, we noted, for example, there was 35 contracts that had expired but under which services were still being performed at the time of the audit. and we also noted a case where a vendor had to notify d.t. of the pending expiration and the renewal cost was not in d.t. budget, so a scramble for resources to make sure the contract was renewed on time, and that there were appropriate funds for the services that other departments were relying on. the other thing i'll say about contracts, too, they often lacked cost controls, work, deliverables not to exceed amounts and performance measures. customer service, found

inconsistency, providing clear explanations to the customers with the services they are getting and the level of support they could expect and as miss campbell mentioned, d.t. was in the midst of just rolling out a new service management system and was working through the implementation of that new system. and then finally, looked at the project management office, or p.m.o. that was created about three years ago to manage high priority i.t. projects. and what we found was that number one, it did not have a clearly defined role what it should do to marshall resources, and in addition to that, p.m.o. did not have access to project budget and expenditure information and did not in some cases accurately or consistently report on the status of projects. and so we thought all that really impaired the core mission, which is to manage i.t. projects and we have specific

recommendations about how to improve the p.m.o. and i think it's just really important to mention that, because as you all know, i.t. projects are expensive and very high risk for the city. it's important to get that right. so i think the overall conclusion of the audit and of the recommendations which you can find in the report are that d.t. should improve its financial controls for contracting and charges, and needs to regularly obtain input from customers, clear explanation of services, and better define the role of the p.m.o. and i think these recommendations which the department mostly agrees with will improve the value of d.t. services and make it more effective service provider for other city departments. with that, i thank the department. they worked really well with us throughout the audit and it was an excellent working relationship. happy to take questions now or -- >> thank you, nick. i think that is all set forth in the audit report and appreciate

your work, i think it was helpful and constructive, which is what audits should do. they are not got-cha things. miss drurel. welcome. good afternoon. it is now afternoon and maybe you can just start with for everybody's edification, just the breadth of everything that d.t. does. i don't think everybody realizes how widespread the scope of what you all do is and i think that might be a helpful jumping off point. >> ok. well, thank you, supervisors for this opportunity. as your new, servings as your new city c.i.o., it is a pleasure to be here. d.t. does a wide range of activities and services for the departments, everything from

s.f.govtv, i'm sorry, the connection here in the chamber is down, but it is being broadcast out to the public, so that's not interrupted, but it's like having a power point, you know, you come up to do a power point and it wants to misbehave on the one time you need it. so, this is appropriate that it misbehave right now. so, d.t. provides the s.f.govtv services, networking services, data centers service, a wide range of enterprise application services, project management we discussed and also public safety, all the radios for the 800 megahertz system used by law enforcement and fire, as well as all the external cabling that is done to provide dark fiber to the city buildings.

so, it's not a large team but it's a mighty team, a very dedicated technology professionals that are committed to providing excellent service to the city departments. we do support 55 departments so at times we have to juggle priorities. it's always a challenge to prioritize our work and i think that's something that i hope we can make more transparent, which is what is involved in this audit. so just moving forward, i want to say thank you again for being here. i have served as a c.i.o. for eight years for pierce county, washington. i have 30 years managing technology and technologists. i have completed my first 100 days of service and i hope that i will be able to provide the stable and long-term leadership

that the city is looking for. i want to make sure our infrastructure and services are up to date. cost effective, and secure. and we will also be ensuring that we provide excellent customer service to the city departments and the public i want to thank severin, and the team. the list of horribles would probably make any c.i.o. run, but the d.t. team has leaned into the audit, incorporated recommendations and solutions for the audit findings in the d.t. strategic plan, which you have a one-page handout, kind of looks like this, that describes the initiatives and actually some of the projects that d.t. is working on in fiscal year 17-18. we have acted on all of the

recommendations from the audit, and we have provided the supervisors with a matrix that talks to and speaks to the response, our comment and an update, which shows the majority of the recommendations with actions completed for their improvement. so all of these process improvements that have been suggested and recommended. again, we are taking every action we can to make these improvements. i would like to stress that improvement is all a continuous process and we will continue to work on these over time. i want to highlight some of our accomplishments in our recommendations back to the audit committee of what we have been able to address. in the areas of customer service, we have prepared service level agreements and we have prepared a rate book that

describes how rates are calculated that has been shared with the departments. we have ensured that our service level agreements are implemented in our service tracking system, which is service now. we retired an older ticketing system, so the new system should be much more capable of providing that transparency. our staff time has -- our staff time management has shifted from an obsolete on track internal system to the citywide people-soft system. a way to have transparency by using a common and standard system in the city. and we are refining our analysis of expenditures and recoveries in order to provide the mayor with timely information for our budget process. and i will say to the audit committee, i think one of the things that's important to understand when we start talking about charge-backs and the whole concept of charge-back models is that there are instances where a

charge-back model built on f.t.e. base in a department is appropriate when it is something such as network utilization, and things that are standard across the infrastructure and then there are those times when the work orders are appropriate, when they are doing particular work for a department, and we are trying to make a bright line between those two. on the contracting side, d.t. is exploring the use of contract and supply management features in the new people-soft financial system. this will give us the ability to manage the contracts. in response to the request for new procurement policies, we have updated or creating purchasing travel reimbursement guidelines. updating training materials on the checklists how to do d.t. procurements, and most interestingly, i have participated in these, initiated

procurement training with o.c.a. and the city attorney with d.t. managers and that's helpful to understand procurements and to work to make process improvements in that area. in the area of work orders, we are implementing our new interdepartmental service agreements and templates that prompts for line item budget, delivery timeline, scope of work and the basis for cost, that those will be documented for the work orders. we have procedures and policies drafted that are compatible with the controllers new people-soft system so we need to leverage that technology and the capability of that system to improve our business process and we will do that, and are doing that. in the areas of project manager that was discussed, we are evaluating our resource and staffing priorities and we must support our core functions and projects.

we have implemented formal protocols on planning project management and scope definition, which is very important to making sure that you deliver a particular widget on time and don't end up with a never-ending project. we have trained staff on invoice review procedures to ensure that business owners and their delegates review prior to payment and color coded status and demand management reports shared with the departments. on the staffing side, we have high scores, 70% agree on personal motivation and involvement in engagement with management in the department, we have continued to make improvements. we have had 100% staff participation in a self-and supervisor assessment program, this is something i initiated,

this is not something that was done before i came on board. we are increasing performance evaluation reporting to the entire department, one of my objectives, well on the way doing that. increasing transparency in c.i.o. decisions so staffing changes and changes to process that i'm implementing are communicated to every level in the organization. we have renewed our online training program, and we are encouraging staff to request skills improvement training. so, in conclusion, i want to thank david german, leah levinson, the technology staff that is with me here today, on preparing for this audit review and hearing. the whole d.t. team has really embraced the audit, and is actively working on improving

their processes. right now there is a meeting going on where the strategic plan i shared with you is going into what we call a deep dive, so we are actually working with each one of the divisions and reviewing each individual project and have that dashboard, color coded dashboard to review and i'm aware where each project is. thank you for the opportunity to present and i certainly look forward to working with all of you on technology projects for the city. so, i'm happy to answer any questions. >> thank you, linda. colleagues? >> i do have a few questions. so, thank so much, for presenting today. and it feels like you know, there's quite a bit of work that needs to be done, but i'm glad that we are moving towards a process of addressing it. i had, i wanted to bring up somewhat separate concern, although related to this audit, which is expense of our licensed

software usage here in san francisco and i know i bring this up all the time at the board meeting when we have licensed software contracts that come before the board. and it's really not a criticism on each individual contract, but just the city's overall vision and work on what we are doing at reducing our reliance on licensed software, paid licensed software and the work we are doing to figure out which systems need to be on licensed software and which are on free or open source. this is something i've been bringing up continually since at least 2011, and neither of you were on the board when i first began speaking about this. but i do think that government spends an inordinate amount of money on licensed software, some we have to do, probably not other times of operating systems that we can include that isn't paid licensed software.

but some of which i think we could wean ourselves off of and save the city millions of dollars, you know, taxpayer dollars. so what i want to ask the department of technology and this has come up in previous years, but what has been the continuing discussion and vision about how we can relook at how we do licensed software here in san francisco. >> i'm happy to address that, and i agree with you, i have always been a proponent for open source solutions, having said that, open source is a unique type of software implementation, and it's not just about the, how the software is coded, it is the infrastructure that's around it. so, having said that, i know there have been discussions with the p.u.c. about their use of open source software. they have demonstrated that they are using open source. and quite honestly, the biggest

software system that d.t. supports, or did support, is an open source product. you may not be aware, the city's entire web presence, both internal and external, is on druple, an open source environment. so i think that shows the commitment to that type of technology. having said that, we also need to recognize that druple is widely supported, has a very large community of support that makes it viable. so i think as we move forward and talk about how we make technology choices, i am always going to come down on the side of reliability, sustainability, and its ability to be improved and stay secure into the future. i think an open source project needs to demonstrate that just like we would require that of a vendor and i think we look forward to lowering our license

costs by also starting to use more standards. so, really adopting a strategy that says let's look at the portfolio, the technology portfolio that we have today. let's use the software technology we have in place today. let's expand that. we gain so much when we do that through training that's already in place, support that's already in place. all we have to do is expand a bit of capacity and it's operational as opposed to a complete implementation. so, i'm an advocate for, let's always before we implement something totally new, and i know there are lots of industry conferences that people go to and come home with a new shiny widget, let's look at what we have in the city. the more we can standardize, the more we can share data. you heard the conversation this morning about shared data. the more we share systems, the more we share data.

>> thank you so much for that response and i think it's great the website is operated on open source, i'm not sure everything should be open source although i question whether licensed software is more secure than open source, in particular given what we are seeing in the national headlines what we assumed were the most secure agencies in the country that is getting hacked. but i think it's -- that is the answer that i've gotten before, that it's something that's being examined, that we look at it. i guess i want to understand if we are going to establish protocol so we start to see less licensed software contracts come before the board of supervisors. i guess i have not seen that reduction yet. and so i'm not sure if departments are seriously examining the options. one great example is the fact all of our emails on microsoft outlook. there are clearly other free email software that's out there that other government uses, and

so you know, there are just some easier ones that seems we are not tackling. i get it with the recent, for example, the recent p.c. contract with oracle that came through, there probably is not a lot of open source software that deals with bill management and construction communications. seems like for some very specific types of operating systems we will have to pay for licensed software, but for stuff like microsoft word and email, there clearly are other free options that are available to the city where you know, i think security is probably equal between paid and unpaid. and i'm just wondering why we haven't been examining the resources so we can save our taxpayer dollars and put them towards street cleaning. >> so, i can address that. i think you have to look at the total cost of ownership on any project and you also need to look at integration, which we have also heard can be crippling when the systems don't talk to each other.

so, the fact that patch management for office products is integrated with its security, integrated with its identity managements, integrated, so it's not just email, it's the whole suite of applications that interface with email and can those be delivered in a cost effective way looking at total cost of ownership. integrating or trying to manage identity differently in maybe a siloed email systems versus how other desktop tools are provided might actually increase the cost of ownership. we can always do a study on that, if you would like me to. but i think it's really looking at as we move forward and i agree with you, have new conversations about new investments or even look at old ones as contracts come up for renewal, let's look at that total cost of ownership, look at

what it takes to integrate, deliver and secure, and make sure we are making the best investment possible. >> supervisor kim: i'm not going to put this on both of you, you were not here when i was bringing this up, when i was on budget committee in 2011 and 2012, but i have not seen a plan come forward, and i think it's often too late at the point that we are procuring contracts to begin to examine open source. i feel we have to do that work now and have a long-term plan for the next 10, 20 years. in the time we do contract procurement, we don't have a lot of time to look at massive kind of systems change, and i think what i'm asking for is more of a comprehensive system change look that will take time to implement. so, 5 or 6 years down the road when we are finally looking at what type of email system we will use, today we have already determined that moving to this system, you know, is the right move and the cost effectiveness for the city. i just think these decisions are

going to take a lot longer to implement. and so i just think -- what i would ask, actually, is that we begin to examine that now so that, you know, we can say by 2025 we will move our email system to a free service, or you know something along those lines. i'm not suggesting it be email, although i do know municipal governments and other cities use g mail for free, i believe others are on g mail, not saying it has to be google. but i think we should be looking at these systems and seeing how we can save taxpayer dollars and put them into, you know, put them into uses that, where we really need some changes like improving our parks and our streets like i said. so -- that's something that i asked 5, 6 years ago and i think there was some lip service that was given to open source or free software but i have not seen the city really move in that

direction. and i think department of technology is in a very difficult position in the sense that you know, we would like you to lead and manage for all of our departments around their technology but that's just not frankly what happens today. and so there is just some incredible inefficiency on the executive side in terms of the project management that you have been talking about. we put the accountability on d.t., but i don't feel like we really give you the authority and power to make sure all the departments are aligning under one vision and one system, i don't know how we can fix it. it's frustrating we have the same conversation year after year about improving efficiency and direct management but that does not seem to actually happen the next year we have the same discussion. so i'm not providing any answers, i'm just venting a little bit of frustration that i've had over the conversation that's been, at least for me going on for seven years and i have not -- does not appear there's been a lots of

improvement and it may not be on the department of technology. >> i think we can look at it. >> overall frustration i've been having. >> i think we can look at it. but remind you, it's always on the business requirements as well. so, and business requirements change and the technology changes. so, there was a time when many of our peers were looking at g mail. but it does not support other requirements, which are required for law enforcement so then we would be supporting two environments. now duplicating infrastructure for two environments. it's the total cost of ownership. what is it going to take to support, what is it going take to deliver the business service and is it cost effective. we may get the license for free, but staff up 25 people to support an environment, it's more costly than possibly another solution. so, thae -- >> absolutely, and i think -- i think that's why an overall plan

is really helpful because when we get these contract by contract kind of decision making here at the board it's really hard to understand the overall thinking and vision that went into why that individual contract comes before the board. >> very, very good point. >> the contracts are incredibly expensive. they are millions of dollars, and so for me as someone who is a steward of public dollars i think it's important for us to always be asking questions, is this the most cost efficient way to deliver these services for the city. and often i feel like i don't get the bigger bird's eye view of why we decide to go down this route with each individual contract but it would be helpful to have the overall vision and answers of why the system is not going to work for us and that's why we went with this licensed software. >> i absolutely agree with you. and i am a very big proponent for what is called i.t. governance, and that sounds kind of nebulous, but really isn't.

for every project understanding many of the things in the audit, about scope, about cost, but really doing that cost benefit analysis over five years, it's understanding what the market provides, and what are your options and alternatives and making that part of the business decision before procurement is done, and i will promise you that we are going to implement that. >> my final comment that i'll make, and this is a comment i made several times, is that i in particular have a long standing frustration with certain companies like oracle who have been in the business of providing licensed software to government that have these ballooning payments in the final years when their software is largely outdated but we are totally dependent on it because everybody is on it so we pay the exorbitant amounts of money and i want us to be cautious as we contract with companies that there are certain companies in their business model with government have figured out ways

to extract argue amounts of public taxpayer dollars and you know, that is how they kind of meet their "bottom line." and so i hope we are thoughtful in the negotiations with these companies who put that kind of in there, the reports to their investors in terms of how they make money. i think it's incredible irresponsible of those company, for example but it's incredibly frustrating from our side to see these contracts come before us. thank you. >> thank you. >> so, if there are no further questions, why don't we open this up to public comment. i don't know -- unless -- d.t. staff want to make public comment, you are welcome to do. ok. seeing no public comment, item number 4, closed, any closing comments? >> i would like to thank the budget and legislative analyst's office and the department of technology and linda, you better stay for a long time, and thank

my colleagues on the government audit and oversight committee and with that, i would like to file this item. >> thank you. we will take a motion to file this item and do it without opposition. any other items before this board? >> that completes the agenda for today. >> meeting is adjourned.

- working for the city and county of san francisco will immerse you in a vibrant and dynamic city that's on the forefront of economic growth, the arts, and social change. our city has always been on the edge of progress and innovation. after all, we're at the meeting of land and sea. - our city is famous for its iconic scenery, historic designs, and world- class style. it's the birthplace of blue jeans, and where "the rock" holds court over the largest natural harbor on the west coast. - the city's information technology professionals work on revolutionary projects, like providing free wifi to residents and visitors, developing new programs to keep sfo humming, and ensuring patient safety at san francisco general. our it professionals make government accessible through award-winning mobile apps, and support vital infrastructure projects

like the hetch hetchy regional water system. - our employees enjoy competitive salaries, as well as generous benefits programs. but most importantly, working for the city and county of san francisco gives employees an opportunity to contribute their ideas, energy, and commitment to shape the city's future. - thank you for considering a career with the city and county of san francisco.

francisco. >> my name is fwlend hope i would say on at large-scale what all passionate about is peace in the world. >> it never outdoor 0 me that note everyone will think that is a good i know to be a paefrt. >> one man said i'll upsetting the order of universe i want to do since a good idea not the order of universe but his offered of the universe but the ministry sgan in the

room chairing sha harry and grew to be 5 we wanted to preach and teach and act god's love 40 years later i retired having been in the tenderloin most of that 7, 8, 9 some have god drew us into the someplace we became the network ministries for homeless women escaping prostitution if the months period before i performed memorial services store produced women that were murdered on the streets of san francisco so i went back to the board and said we say to do something the number one be a safe place for them to live while he worked on changing 4 months later we were given the building in january of

1998 we opened it as a safe house for women escaping prostitution i've seen those counselors women find their strength and their beauty and their wisdom and come to be able to affirmative as the daughters of god and they accepted me and made me, be a part of the their lives. >> special things to the women that offered me a chance safe house will forever be a part of the who i've become and you made that possible life didn't get any better than that. >> who've would know this look of this girl grown up in atlanta will be working with produced women in san francisco part of the system that has abused and

expedited and obtain identified and degraded women for century around the world and still do at the embody the spirits of women that just know they deserve respect and intend to get it. >> i don't want to just so women younger women become a part of the the current system we need to change the system we don't need to go up the ladder we need to change the corporations we need more women like that and they're out there. >> we get have to get to help them. >>

>> good evening and welcome to the november 15, 2017 meeting of the san francisco board of appeals. the presiding officer this evening is president darryl honda, and also on the dais, we have commissioners. to my left is brad russe. he's a department city attorney and he'll provide any legal assistance. i'm cynthia goldstein, the bored's executive director. we're also joined by representatives from the city departments that have cases before the boards tonight. sitting at the table is cory