digital states at risk!: modernizing legacy systems - nascio

iDigital States at Risk!: Modernizing Legacy Systems

NASCIO: Representing Chief Information Officers of the States

Founded in 1969, the National Association of State Chief Information Officers (NASCIO) represents state chiefinformation officers and information technology executives and managers from the states, territories, and theDistrict of Columbia. The primary state members are senior officials from state government who have executive-level and statewide responsibility for information technology leadership. State officials who are involved inagency-level information technology management may participate as associate members. Representatives fromfederal, municipal, international government and non-profit organizations may also participate as associatemembers. Private-sector firms join as corporate members and participate in the Corporate Leadership Council.

AMR Management Services provides NASCIO’s executive staff.

© Copyright National Association of State Chief Information Officers (NASCIO), December 2008. All rightsreserved. This work cannot be published or otherwise distributed without the express written permission ofNASCIO.

DisclaimerNASCIO makes no endorsement, express or implied, of any products, services or Websites contained herein, noris NASCIO responsible for the content or activities of any linked Websites. Any questions should be directed tothe administrators of the specific sites to which this publication provides links. All information should beindependently verified.

Table of Contents

Background & Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Survey Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

NASCIO’s Definition of “Legacy System” for the Purposes of this Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Key Survey Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Current Trends in State IT Legacy System Modernization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Detailed Survey Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Survey Section 2: General Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Survey Section 3: Funding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Survey Section 4: Security and Enterprise Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Survey Section 5: Staffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Survey Section 6: CIO Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Survey Section 7: Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Appendix I – Complete Responses for Question 2.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26Appendix II – Response Definitions for Question 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Appendix III – Complete Responses for Question 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30Appendix IV – Complete Responses for Question 2.9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Endnotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Index of Tables and Figures

Table 1. Criteria by which states define “Legacy Systems” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Table 2. “Drivers” moving states towards modernization of IT systems and applications” . . . . . . . . . . . . . . . . . . . . . . . . . .8Table 3. States’ Ranking of Concerns around “Legacy Systems”. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Table 4. Most common methods utilized by states for the modernization of “Legacy Systems” . . . . . . . . . . . . . . . . . . . . . . .10Table 5. States’ Ranking of Obstacles or Challenges around “Legacy Systems” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12Table 6. “Enterprise Risk” Drivers towards modernization of IT systems and applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Figure 1. Percentage of IT systems states label as “Legacy Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Figure 2. Percentage of legacy IT systems states consider mission or business critical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Figure 3. Lines-of-business where most state legacy systems are located. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Figure 4. “Security” concerns that have driven states to modernize legacy systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

ii


Digital States at Risk!: Modernizing Legacy Systems

iiiDigital States at Risk!: Modernizing Legacy Systems


Kyle Schafer, Co-ChairChief Technology OfficerState of West Virginia

Sean McSpaden, Co-ChairDeputy Chief Information OfficerState of Oregon

Alicia J. WeaverState of Missouri

Barbara A. AnnisState of Hawaii

Betsy HartmanState of South Carolina

Claudia LightState of Oregon

Dan HealyState of New York

Debra A. GagneState of Hawaii

Fonda LogstonState of Oklahoma

Jay CoverdaleState of Kansas

Kathy DahlState of Delaware

Kim HeldmanChief Information Officer, CDOTState of Colorado

Mike MalikState of Delaware

Sarjoo ShahState of Oklahoma

Alvina NishimotoHP

James M. BradfordDeloitte

Knute SteelBDNA

Lance KnowltonOracle

Michael MooreEquaTerra

Neal BaumeyerCrowe Chizek

Robert J. (Bob) LutzACS

Shadi ShakibaiINPUT

Finally, NASCIO would like to thank, Drew Leatherby, NASCIO Issues Coordinator, for his work on this project, andDoug Robinson, NASCIO Executive Director, Stephanie Jamison, NASCIO Issues Coordinator, Charles Robb,NASCIO Issues Coordinator, Dianne Adams, NASCIO Programs & Education Director, and Chris Walls, AMRManagement Services Senior Graphic Designer and Web Developer, for their guidance, editorial revisions andother assistance regarding this publication.

Please direct any questions or comments about “Digital States at Risk!: Modernizing Legacy Systems” to DrewLeatherby at [email protected] or (859) 514-9178.

Acknowledgements

NASCIO would like to express its utmost gratitude to the members of its 2008 Legacy Systems & ModernizationWorking Group for lending their time and expertise in the development of this report.


Background & Approach

In 2008, NASCIO asked state CIOs to participate in aWeb-based survey regarding the status of “legacysystems” and modernization efforts in their states.The results of this survey serve as the baseline forthis report. The online survey was completed by thestate Chief Information Officer or other members ofthe state IT function.

NASCIO does not rank states, but individualresponses are available to state members so theymay better assess their respective IT modernizationinitiatives. Many of the states that respondedrequested that NASCIO keep their identitiesconfidential, so specific state attributions to manycomments have been removed. Through thisreport, NASCIO hopes to establish a baseline forwhat states consider to be “legacy systems” in theirIT operations; assess what impact these systems arehaving on the operations of critical businessapplications, and strategies states are utilizing tomodernize these systems without interruption toservice delivery.

Survey Participants

Twenty-nine states responded to the survey fromJuly 30 through September 5, 2008, representingapproximately *62.72 percent of the nation’spopulation. Participation included a widedistribution in geography, population, and budget.

*Source: Annual Estimates of the Population forthe United States, Regions, States, and Puerto Rico:April 1, 2000 to July 1, 2007 (NST-EST2007-01)<www.census.gov/popest/states/tables/NST-EST2007-01.xls>

The following states responded (listedalphabetically):

1. California

2. Colorado

3. Delaware

4. Guam

5. Hawaii

6. Indiana

7. Iowa

8. Kansas

9. Kentucky

10. Louisiana

11. Maine

12. Massachusetts

13. Michigan

14. Minnesota

15. Mississippi

Digital States at Risk!: Modernizing Legacy Systems 1

16. Montana

17. Nebraska

18. New Jersey

19. New York

20. North Carolina

21. North Dakota

22. Oklahoma

23. Oregon

24. Pennsylvania

25. South Carolina

26. South Dakota

27. Texas

28. Virginia

29. West Virginia

2



Executive Summary

As economic conditions worsen in late 2008, statesare facing conditions that continue to deteriorate.Revenue collection is down and budget cuts are ineffect, underway or being proposed to trim statespending. Although the current fiscal crisis in thestates is more severe than could be anticipated,State Chief Information Officers (CIOs) are facedwith the same continuing pressures. State CIOs arerequired to streamline IT budgets, justify ITspending and increase service delivery andefficiency to their government, citizen and businesscustomers.The modernization of state IT legacysystems is emerging as a significant financial,technical and programmatic challenge to states’ability to deliver services to citizens, and conductday-to-day business. Although state governmentshave advanced their IT environment withinvestments in new technologies, flexibleprogramming and a portfolio of online services,most still live with legacy. Many state systems havebecome obsolete, difficult to secure, costly tooperate and support. Without investments inlegacy system renovation, modernization orreplacement, the ability of states to operate as amodern organization and serve its citizens is at risk.

Recognizing this challenge, the National Associationof State Chief Information Officer’s (NASCIO’s)Executive Committee charged the Legacy Systems &Modernization Working Group to address issuesrelated to the many strategies, options andapproaches states are considering to modernizestate IT legacy systems and legacy applications. Thegoal of the working group is to provide members ofNASCIO with information and tools for theenhancement to the technical environment ofexisting legacy applications, re-engineering ofcommercial “off-the-shelf” software, conversion ortranslation to newer programming languages andtechnology platforms, extension of existing systemsto Web-based applications and other presentationlayers, utilization of Enterprise Application Integration(EAI) to encapsulate and link legacy applications, and

other approaches such as renovation, extension,Service Oriented Architecture (SOA), data conversion,applications wrapping, and use of automation tools.

NASCIO’s Definition of “Legacy System”for the Purposes of this Survey

The working group prepared a baseline definitionof “legacy system” for the purpose of keepingresponses to this survey uniform. The definitionagreed upon reads:“A Legacy System is not solelydefined by the age of IT systems (e.g. 20 years) asthere are many systems that were designed forcontinued upgrades, but the term also focuses onelements such as “supportability,” “risk“ and“agility,” including the availability of software andhardware support, and the ability to acquire eitherinternal or outsourced staffing, equipment ortechnical support for the system in question. Theterm may also describe the system’s inability toadequately support “line-of-business“requirements or meet expectations for use ofmodern technologies, such as workflow, instantmessaging (IM) and user interface.” Respondentsaffirmed the priority elements of this definition insurvey question 2.3.

[Note: “Line-of-Business,” often referenced in thisreport refers to states’ specific programmaticactivities, e.g. specific services provided by a stateagency to internal or external citizen customers.]

Key Survey Findings

NASCIO surveyed state CIOs concerning theirlegacy system modernization status, modernizationstrategies and initiatives. The trends exposed inresponses from 29 states revealed that states’classify approximately half of their IT systems as“legacy systems” and also classified approximatelyhalf of those systems as being in critical lines-of-business; see results below:

For updated information on the fiscal condition of the states and projections for 2009 in the coming year, pleasereference, The Fiscal Survey of the States, <www.nasbo.org/Publications/PDFs/Fall2008FiscalSurvey.pdf>,Copyright December 2008 by the National Governors Association (NGA) <www.nga.org>, and the NationalAssociation of State Budget Officers (NASBO) <www.nasbo.org>. All rights reserved.

3Digital States at Risk!: Modernizing Legacy Systems


Excerpt from survey question 2.1Percentage of IT systems in your state labeled“Legacy Systems?” (N=29)

35.4% – 40 to 60 percent31.0% – 60 to 80 percent

Excerpt from survey question 2.2Percentage of “Legacy Systems” identified asmission or business critical? (N=29)

34.5% – 40 to 60 percent27.6% – 60 to 80 percent

It was also evident from the survey results thatmost states are facing their largest legacychallenges with their Enterprise Resource Planning(ERP) systems, and in their highly siloed federalprogram management systems. The majority ofrespondents indicted that the lines-of-businesswhere most of their states’“Legacy Systems” werelocated, were their Administrative informationsystems (e.g. finance, human resources (HR),procurement, etc.), and applications that requireoutside federal interaction, (e.g. health and humanservice related systems); see results below:

Excerpt from survey question 2.4Lines-of-business in which most of your state’s“Legacy Systems” are located; (N=29)

86.2% – Administrative information systems(e.g. finance, HR, procurement, etc.)82.8% – Applications that require outsidefederal interaction, (e.g. health and humanservice related systems)

Survey results also indicated that the primary“drivers” moving states towards the modernization

of IT systems and applications, are the need tochange or re-engineer business processes and theinability to adequately support “line-of-business”requirements. Application design limitations andthe “Graying” of IT staff1 were the next most highlyindicated drivers; see excerpt from table 2.

Current Trends in State IT Legacy SystemModernizationCurrent trends that emerged from the responsesfor states’ legacy system modernization effortsdemonstrated that the utilization of techniques tomanage the aging and replacement of systems,including “life-cycle approaches“ for applicationsand infrastructure or plans they developed inadvance for the “end-of-life“ of new IT systemswere on the rise. For most states, life-cycle planningwas a state-wide function; however, five statesindicated that life-cycle planning was still afunction of the individual agencies. With few statesresponding, it would appear that end-of-lifeplanning is an emerging trend.

Additional insights from respondents indicatedstates are utilizing a myriad of strategies tomitigate the obstacles and challenges associatedwith the aging of IT systems; including:

� Overcoming Cost/Resource Availability andachieving cost reductions through the use ofmaster contracts to facilitate volumepurchasing of hardware and software.

� Addressing Culture/User Resistance toChange by involving end-users “early and

Drivers towards modernization Percentage

Change or re-engineering of business processes 86.2%

Inability to adequately support "line-of-business" requirements 82.8%

Application design limitations 69.0%

"Graying" of IT staff 69.0%

Excerpt from Table 2. "Drivers" moving states towards modernization of IT systems and applications;” N=29.

Source: NASCIO’s 2008 National Survey on Legacy Systems and Modernization in the States

4



often” during business process reviews, andimproving communications with affectedorganization(s) at all levels, agency directors,finance officers and end users.

� Some states are establishing enterpriseapplication program offices to modernizelegacy administrative applications, exploring“Shared Services” solutions across agencies tosatisfy similar needs and increasing businessowner involvement in legacy systemreplacement decisions to deal with theInability to Support Common Approaches.

� The Lack of Executive Management Interestand Reluctance to Address Legacy Issues isbeing solved through meetings with thelegislature to explain issues and gain theirsupport. Working with clients during thebudget planning process in an attempt tojustify the funding needed to replace thelegacy systems is also a technique gainingtraction.

� One of the main problems at the heart ofadvancing the replacement of massive ITsystems is the Lack of Project/ProgramManagement and Adequate Governance,which many states are addressing through theestablishment of program managementoffices, strategic planning, EnterpriseArchitecture (EA) and SOA, and the use ofoutside consultants to drive and manageorganizational program-level, and technologychange.

� Another major concern of states is the Risk ofMigration for which many CIOs are utilizingjoint application development sessions withbusiness users and legacy IT staff, andclustering agencies to develop common plansto ease integration of modernized applicationsacross agency lines.

Finally, the complex issue of identifying fundingsources2, which has slowed many state ITinitiatives, is pushing states towards innovativefunding practices including an increased focus onjustifying IT projects through robust business casedevelopment, looking at bond issues, federalfunding opportunities and outsourcing strategiesas methods to keep IT modernization projects ontrack. Virtualization and consolidation strategieswere also cited.



Detailed Survey ResultsThis section highlights particular areas of interestfrom the survey results and provides selectedsamples of state or national trends as well asobservations of those trends and their implicationsfor state CIOs and NASCIO. Survey results arepresented in the same order as they appeared inthe survey instrument.

Survey Section 2: General Questions

NASCIO’s Definition of “Legacy System” for thePurposes of this Survey:

NASCIO’s Legacy Systems & ModernizationWorking Group prepared a baseline definition of“legacy system” for the purpose of keepingresponses to this survey uniform. The definitionagreed upon reads:“A Legacy System is not solelydefined by the age of IT systems (e.g. 20 years) asthere are many systems that were designed forcontinued upgrades, but the term also focuses onelements such as “supportability,” “risk“ and“agility,” including the availability of software andhardware support, and the ability to acquire eitherinternal or outsourced staffing, equipment ortechnical support for the system in question. Theterm may also describe the systems inability toadequately support “line-of-business“

requirements or meet expectations for use ofmodern technologies, such as workflow, instantmessaging (IM) and user interface.”

2.1 Based on the definition provided above,please estimate the percentage of IT systems inyour state you would label “Legacy Systems;”these could include: mainframe, midrange andserver based applications or systems.

States were asked, using the survey’s baselinedefinition of a “Legacy System,” to indicate whatpercentage of IT systems in their states they wouldlabel as legacy. Responses revealed that statesestimated over 50 percent of their IT systems to belegacy; with 35.4 percent of respondentsestimating 40 to 60 percent, and 31.0 percentestimating 60 to 80 percent. Combined withadditional findings in this survey, this statisticpaints a clear picture that legacy systemmodernization is a serious problem facing manystates; see figure 1 below.

2.2 What percentage of the “Legacy Systems”you’ve identified would you consider mission orbusiness critical?

States were also asked to indicate what percentageof those IT systems in their states they labeled aslegacy that they would also consider to be missionor business critical. As in question 2.1, states

Figure 1. Percentage of IT systems states label as “Legacy Systems; N=29


6



estimated over 50 percent of their IT legacysystems to be mission or business critical; with 34.5percent of respondents estimating 40 to 60percent, and 27.6 percent estimating 60 to 80percent. Combining the findings from questions 2.1and 2.2, we are beginning to see the potential fordisruption to states’ day-to-day business operations

on par with a disaster event. Business critical ITsystems that shut down due to the lack of availablesupport for obsolete hardware or applications,combined with the lack of planning for theirreplacement, presents just as much risk to state IToperations as a man-made or natural disaster; seefigure 2.

Figure 2. Percentage of legacy IT systems states consider mission or business critical; N=29


Criteria States Use to Define a “Legacy System” Percentage

Inability to be adequately supported, maintained, or enhanced 82.8%

Inability to meet business needs or system not agile enough to continuallymeet the challenging needs of the organization.

79.3%

Obsolete hardware or software components 79.3%

Incompatibility with current and/or future intended enterprise architecture 72.4%

Enterprise information security risk and/or non-compliance concerns (e.g.,data security, integrity, privacy, system access controls).

48.3%

Unavailability of adequate documentation 44.8%

Performance degradation or abilities to handle required volume/load 34.5%

Table 1. Criteria by which states define “Legacy Systems;” N=29.




Figure 3. Lines-of-business where most state legacy systems are located; N=29


2.3 By what criteria do you define “LegacySystems” in your state? (Please check all thatapply)

Although NASCIO prepared a baseline definition of“legacy system” for the purposes of this survey,states were asked to choose the components thatbest fit their concept of what constitutes a legacysystem. States’ responses focused mainly on asystems inability to be adequately supported,maintained, or enhanced. A system’s inability tomeet business needs or incompatibility withcurrent and/or future intended enterprisearchitecture were highly indicated. Obsoletehardware or software components were alsoviewed by states as important elements of a legacysystem; see table 1.

2.4 Please indicate in what lines-of-businessmost of your state’s “Legacy Systems” arelocated. (Please check all that apply)

States were asked to indicate in what lines-of-business most of their state’s “Legacy Systems”were located. The majority of responses focused onstate Administrative information systems (e.g.finance, HR, procurement, etc.), and applicationsthat require outside federal interaction, (e.g. healthand human service related systems), which wouldindicate that most states are facing challenges withtheir ERP systems and highly siloed federalprogram management systems. A large number ofrespondents also indicated that internal client

facing applications were a legacy challenge as well.There was a significant drop in responses focusedon transportation information systems, and publicsafety/law enforcement information systems, whichwould seem to indicate that these areas are stayingahead of the curve in regard to applicationmodernization. Citizen facing applications receivedthe lowest response rate which is a reflection of thefocus and advancement that states are making inmodern web-based applications that involvecitizen-to-government and government-to-citizeninteraction; see figure 3.

Other legacy lines-of-business systems statesselected included:

� Elections� Vehicle registration and taxation� Third party interfaces� Tax/Revenue� Taxes, Motor Vehicles� Corrections Management System� Education� Early IT adopters

2.5 Please indicate which “drivers” are movingyour state towards modernization of IT systemsand applications. (Please check all that apply)

States were asked to indicate the primary “drivers”which are moving them towards themodernization of IT systems and applications. Over80 percent of respondents indicated the most

8



significant drivers were the need to change or re-engineer business processes, and the inability toadequately support “line-of-business”requirements. Application design limitations andthe “Graying” of IT staff3 were the next most highlyindicated drivers; see table 2.

2.6 Please rank on a scale of 1-5, the followingconcerns around “Legacy Systems” relative toissues you are facing in your state. (1 being leastcritical; 5 being most critical); [See Appendix 1 at theend of this report for complete responses to question2.6.]

Similar to question 2.5 where states were asked toindicate the drivers towards legacy modernization,states in question 2.6 were asked to rank concerns

Drivers towards modernization Percentage

Change or re-engineering of business processes 86.2%

Inability to adequately support "line-of-business" requirements 82.8%

Application design limitations 69.0%

"Graying" of IT staff 69.0%

Support costs beyond an acceptable range 65.5%

Inability to meet expectations for use of modern technologies, such asworkflow, IM, and user interface

62.1%

Skills shortages 55.2%

Lack of real-time data analysis and decision support 55.2%

End user demand 51.7%

Availability of newer products 48.3%

Code fragility 48.3%

Legislative mandates 41.4%

Regulations, both state and federal 41.4%

Budget constraints 31.0%

Security risks within the application 31.0%

Vendor stability issues 31.0%

Green IT initiatives 27.6%

Security risks in underlying infrastructure 27.6%

Staff reductions 3.4%

Other: “The need to better interface and share data across state agencies.” 3.4%

Table 2. "Drivers" moving states towards modernization of IT systems and applications;” N=29.




they are experiencing around legacy systems on ascale of 1-5, (1 being least critical; 5 being mostcritical.) Based on states’ rakings, the primaryconcerns - with a high percentage concern rankingof “4” - are Software Maintenance/Upgrades –limited or unavailable; Extensibility, Adaptability,Agility – inability to enhance or revise; andApplication Development tools – limited expertise(‘dead’ languages). This appears to demonstratethat states’ primary concerns are centered onapplication software and its ability to be adapted,upgraded and maintained. To a lesser degree, butwith a high percentage response, the lack ofdocumentation was also a significant concern; seetable 3.

2.7 Please indicate the most common method(s)your state is utilizing for the modernization of“Legacy Systems.” (Please check all that apply)[See Appendix 2 at the end of this report forresponse definitions to Question 2.7, and Appendix3 for complete responses to question 2.7.]

States were asked to indicate the most commonmethod(s) they utilize for the modernization of“Legacy Systems,“ either in the past, present, orplanned in the future, and whether the methods

had been utilized successfully. The differingresponse rate for each method, and the need tocombine “used in the past” with “currently using”figures to compare against the success level, makeranking these methods problematic. However,complete responses to this question can be viewedin appendix 3 of this report.

Based on analysis of responses, level of usage andindications of success, it would appear that stateshave found the most success utilizing “dataconversion” and “extension.”With the exceptionof Enterprise Application Integration (EAI) andService Oriented Architecture (SOA), all othermethods also received a high rate of usage andindication of success. What would appear as anemerging trend, based on the high rates indicatedof planning to use in the future, are (1) SOAintegration, with a 53.8% (N=26) response; and (2)Utilize EAI to encapsulate and link legacyapplications with a 42.1% (N=19) response. Alongwith their high figures for successful use, these twomethods are demonstrating a higher rate ofadoption; see table 4.

States’ Ranking of Concerns around “Legacy Systems” Ranking Percentage

Software Maintenance/Upgrades – limited or unavailable 4 58.6%

Extensibility, Adaptability, Agility – inability to enhance or revise 4 51.7%

Application Development tools – limited expertise ('dead' languages) 4 48.3%

Documentation – non-existent or out-of-date 3 58.6%

Security – ability to enhance, revise to meet changing security guidelines(e.g. passwords)

3 37.9%

Software – no longer available, limited or no support 3 37.9%

Technical Support – unavailable or difficult to obtain 3 37.9%

Hardware Maintenance – limited or unavailable 4 31.0%

Hardware – no longer available, limited or no support 1 and 4 tie 27.6%

Recoverability – uncertain how or where to recover 2 and 4 tie 24.1%

Table 3. States’ Ranking of Concerns around “Legacy Systems;” N=29.


10



2.8 If your state has a “life-cycle approach” forapplications and infrastructure, or plans inadvance for the “end-of-life” for new systems,please describe below:

States were asked to describe “life-cycleapproaches“ for applications and infrastructure, orplans they developed in advance for the “end-of-life” of new IT systems. Three states indicated thatthere is no formal state-wide approach; fivestates indicated that life-cycle planning was afunction of the individual agencies; 11 statesindicated life-cycle planning was a state-widefunction; two states indicated they utilize end-of-life planning; and two states provided otherresponses.

End-of-life plans:

� Every biennium, all the agencies submit a planto the state CIO for new initiatives or end-of-lifereplacement of the existing legacy systems dueto either prohibitive maintenance costs orbecause the application no longer serves thebusiness needs of the agencies, or both. (KY)

� There is no single lifecycle approach in NewYork state agencies for either applications orinfrastructure. However, in the CIO/Office forTechnology (CIO/OFT) we generally refreshinfrastructure every 5 years. (NY)

Function of individual agencies:

� Individual agencies own their own strategy justlike they own the applications. (IA)

� Each agency includes an “Asset ManagementPlan” in the IT planning/budgeting process.(ND)

� In early 2006 the state implemented acentralized applications portfolio management(APM) software tool for use by agencies toinventory and analyze the approximately 1,300applications currently in production. (NC)

� Individual executive branch agencies arecurrently responsible for their respectiveapplication lifecycle approach. The state hascentralized all IT infrastructure under a Private-Public Partnership which is responsible forinfrastructure lifecycles. (VA)

Modernization Methods Timing – Used in thePast/Currently Using

Experience – Used/ UsingSuccessfully

Data conversion 90.9% (N = 22) 100.0% (N = 19)

Extension 90.5% (N = 21) 100.0% (N = 17)

Virtualization/ Emulation 82.6% (N = 23) 94.1% (N = 17)

Re-engineer or replace with a COTS software 82.1% (N = 28) 91.3% (N = 23)

Applications wrapping 81.8% (N = 22) 70.0% (N = 20)

Re-hosting/ Re-platforming 80.0% (N = 25) 89.5% (N = 19)

Automated migration 73.3% (N = 15) 81.8% (N = 11)

Renovation/ Re-architecting 72.0% (N = 25) 87.5% (N = 16)

* Utilize EAI to encapsulate and link legacyapplications

57.9% (N = 19) 90.9% (N = 11)

* SOA integration 46.1% (N = 26) 84.6% (N = 13)

Table 4. Most common methods utilized by states for the modernization of "Legacy Systems."


* = Highest percentage reported of planning to use in the future: (1) SOA integration, 53.8% (N=26); (2) Utilize EAI toencapsulate and link legacy applications, 42.1% (N=19).



� Oregon is a decentralized state with agencieshaving the primary responsibility forapplication development/acquisition,implementation, maintenance and long-termsupport. (OR)

Life-cycle approaches:

� The state has an annual evaluation of systemfunctionality and risk which is reported to thelegislature. (IN)

� The approach for applications is determined bybusiness needs. The approach for infrastructureis to try to stay on supported hardware andsoftware, upgrading or replacing as needed.(KS)

� We have established technology refreshprograms for the infrastructure, but nothing forapplications. Although we have established alife-cycle refresh for the infrastructure, we arehaving difficulty getting the program funded.(WV)

� Annual evaluation of critical applications isencouraged through the state’s IT planningprocess. (MS)

� The state of South Carolina has an EnterpriseArchitecture (SCEA) committee to oversee new,emerging, and legacy technologies. The SCEAprovides a framework for making strategictechnology investment decisions on a cost-effective, enterprise basis. (SC)

� Our EA group has identified software/hardwareproduct life-cycles. This information is used inplanning for application replacement. (MI)

� There are two primary life-cycle processes inuse in Pennsylvania. The Enterprise ProjectManagement Methodology has a formalcloseout practice. The Commonwealth’sSoftware Engineering Process (SEP) hasenterprise practices for maintenance and re-factoring for the life of any application, legacyor non-legacy. (PA)

� For Louisiana’s Enterprise Resource Planning(ERP) project, we use the following steps: (1)Explore – what problems we are trying to solve;(2) Assessment – what technologies areavailable; (3) Develop – design and develop thenew system; and, (4) Conversion/Transition –testing and converting over to the new system.(LA)

� All IT infrastructure has a designated life-cyclein years which we use to determine refreshcycles. (SD)

� The state uses portfolio management to look

across agencies to identify opportunities formulti-agency applications. The state also hasidentified an information management life-cycle approach utilizing business casedevelopment and decision gates. (MN)

� We utilize a standard System DevelopmentLife-Cycle (SDLC) approach. EA is in its initialstages state-wide and will begin to impactstrategic information decisions going forward.(MT)

Other:

� Please view our IT Strategic Plan at:<http://maine.gov/oit/strategic/index.htm>.(ME)

� California’s approach utilizes the followingsteps: (1) Strategic Planning; (2) BusinessRequirements Definition; (3) Project Initiation;(4) Planning; (5) Procurement; (6) Selection; (7)System/Architecture Development; (8)System/Architecture Deployment; (9)Maintenance and Operations; (10) Project CloseOut; (11) Enhancement/Refresh; and (12)Improvement Planning. (CA)

2.9 Please indicate obstacles or challenges yourstate has experienced with the modernizationof “Legacy Systems,” and rank on a scale of 1-5.(1 being not challenging; 5 being extremelychallenging) [See Appendix 4 at the end of this reportfor complete responses to question 2.9.]

Similar to question 2.6, states were asked to rankobstacles or challenges their state has experiencedwith the modernization of “Legacy Systems,” andrank on a scale of 1-5; (1 being not challenging; 5being extremely challenging.) Responses variedwidely; however, based on states’ rakings, the mostcritical obstacles or challenge cited with a “5”ranking and the highest percentage of responseswas funding.4 With a slightly lower percentage ofrespondents and a challenging ranking of “3” weredata migration and risk of failure versustolerance or appetite for failure. Rankings for allother responses, with a lower percentage indicated,were most prevalent in the “3” to “4” range; seetable 5.

12



2.10 Please indicate other obstacles orchallenges your state has experienced with themodernization of “Legacy Systems,” anddescribe below:

States were asked to describe in an open responseformat, other obstacles or challenges their state hasexperienced with the modernization of “LegacySystems.“ Similar to question 2.9, some statesranked their responses on a scale of 1-5; (1 beingnot challenging; 5 being extremely challenging.)

2.11 Please describe strategies or tactics yourstate has employed to overcome the obstaclesor challenges indicated in questions 2.9 and2.10.

States were asked to describe strategies or tacticsthey have employed to overcome the obstacles orchallenges they indicated in questions 2.9 and 2.10.

[Note: Question 2.10, “Obstacles or challenges” andQuestion 2.11, “Strategies or tactics,” have beencombined for analytical purposes. In some casesstates responded to one but not the other, and inother cases states were responding to obstacles orchallenges they indicated in question 2.9. Stateresponses have been divided up and organizedunder different topical categories.]

Cost/ Resource Availability:

� Obstacles – Costs and price estimates (MA)Strategies – Maximize federal funds (grants,federally funded programs); targeted capitalinvestments for modernization of criticalsystems. (MA)

� Strategies – For funding, we have performed avariety of studies and assessments forproblematic or high-risk applications in orderto present responsive and convincing businesscases (with valid problems, challenges, andbenefits). (NC)

� Obstacles – Replacing a highly customizedlegacy application with a similarly customizedmodern application in a timely manner is verydifficult and expensive. (VA) Strategies –Created public-private-partnerships thatreduce the initial costs of legacy applicationand infrastructure upgrades. (VA)

� Obstacles – Funding; budget cycle (CA)� Obstacles – Pressure to lower costs; competing

resource demands – the ever increasingnumber of competing demands outstrips theorganization’s capacity to staff, manage,implement modernization efforts and/orrequired legacy system changes. (OR)

� Strategies – Master contracts have been set upto facilitate volume purchasing of hardware

States’ ranking of obstacles or challenges experienced withthe modernization of "Legacy Systems"

Ranking Percentage

Funding 5 55.2%

Lack of source code 2 55.2%

Data migration 3 53.6%

Risk of failure versus tolerance or appetite for failure 3 44.8%

Resistance (or lack of internal support) from internal end users 3 41.4%

Out-side vendor support 3 37.9%

System availability during transition period 3 37.9%

Staff support (including both state and contracted staff ) 3 and 4 tie 34.5%

Lack of documentation 2 and 4 tie 31.0%

Table 5. States’ Ranking of Obstacles or Challenges around “Legacy Systems;” N=29.




and software to achieve cost reduction. ATechnology Governance Board has been set upto address many issues facing enterprisesystems across the state to reduce duplicativeefforts and focus vendor support. (IA)

� Strategies – Funding is always a challenge. Wefocus business cases on applicationsfunctionality and/or risk mitigation, not ontechnology. Agency business folks, not theoffice of the CIO, have the lead role inadvocating for funding. We are very involvedbut do not take the lead. (NE)

Culture/ User Resistance to Change:

� Obstacles – User resistance to change (DE)Strategies – Heavy involvement of ourOrganizational Change Management team sothat end-users can be prepared for the changescoming. (DE)

� Obstacles – Culture change (KY) Strategies –Planning and a lot of stress on all directionalcommunication. (KY)

� Obstacles – Resistance to change (HI)Strategies – Independent departmentimplementations versus state-wide initiatives.(HI)

� Obstacles – Cultural change (Guam) Strategies– More stakeholder involvement; identifyfunding sources. (Guam)

� Strategies – Involved end-users “early andoften” during business process reviews, fit-gaps,configuration and testing. Communicationswith affected organization(s) at all levels –agency directors, finance officers and endusers. (OK)

Inability to Support Common Approaches:

� Obstacles – Inability to leverage federallyfunded projects/solutions across the enterpriseor to support common approaches. (NJ)Strategies – Currently working on a process,with the assistance of an outside vendor, toanalyze legacy applications and provide aprioritized list of applications that need to beaddressed. The list would then be used tosecure a dedicated enterprise funding sourceto begin the renovation process. Focus will beon applications which are unstable and offerthe highest reward if modernized. (NJ)

� Obstacles – Agencies, policies and legislationare difficult to ‘fit’ in pre-packaged or off-the-shelf modern hardware/software. (VA)

Strategies – (1) Established an enterpriseapplication program office to modernizelegacy administrative applications. (2) Explore“Shared Services” solutions across agencies tosatisfy similar needs. (3) Increase businessowner involvement in legacy systemreplacement decisions. (4) Gain top-levelexecutive support for modernization efforts.(VA)

� Obstacles – Demand for quality and speed;Service requirements increasing; Rise ofcustomer expectations (OR) Strategies –Strategies or tactics involve: (1) Electronic DataExchange; (2) Collaboration Tools; (3) AccessArchitecture; (4) Enterprise Architecture; (5)Data Management; (6) Process ModelingServices and Skills; (7) Document Managementand Workflow Strategy; (8) IS Service Model; (9)GIS Application Integration; (10) WirelessInfrastructure; and (11) Research andDevelopment. (OR)

Lack of Executive Management Interest/Reluctance:

� Obstacles – Lack of executive businessmanagement interest in potential problemsand related risks with legacy applications. (NC)

� Obstacles – Business stakeholders are oftenreluctant to re-architect and sponsor newapplications or technologies to replace legacysystems or expand the effort to automate theirbusiness processes. This discouragesreinvestment in new technologies andmodernization projects. (PA)

� Obstacles – Intentional stalling to wait outcurrent administrations. (HI)

� Strategies – Meetings with the legislature toexplain issues and gain their support. Alsoworking with our clients during the budgetplanning process in an attempt to justify thefunding needed to replace the legacy systems.(MI)

Lack of Project/ Program Management/Governance:

� Obstacles – Lack of acceptable programmanagement (IN) Strategies – Established aprogram management office to lead majorapplications development and tightened upthe language of the replacement Request forProposals (RFP’s). (IN)

� Obstacles – Project risks (MA)

14



� Obstacles – IT Governance; Enterpriseperspective (MN) Strategies – Enterprisearchitecture; Portfolio management;Addressing information life-cycle definitionand related IT governance. (MN)

� Obstacles – Strategic planning andcommitment (CA) Strategies – Improvedgovernance process; Recommitment tostrategic planning (CA)

� Obstacles – Competing pressures of short-termautomation improvements to extend the life oflegacy systems versus long-termimprovements involving full systemreplacement strategies – Automationimprovements provide tangible benefits tousers, while modernization improvements takemuch longer and not all of the value is drivenby user benefit. (OR) Strategies – (1) Onestrategy or tactic involves the use of a ProgramManagement Model for our modernizationefforts. With a Program Model, there aremultiple projects, each with its own goals andmethodology. This allows for separate teamsdriven by different objectives and deliverables.(2) Another strategy or tactic involves the useof outside consultants to drive and managechange, organizational and managementchanges, and creation of cross-divisional and/ormulti-agency advisory groups fostering anenterprise perspective. (OR)

� Strategies – Our general direction is to useCOTS packages to replace legacy applications.We sometimes engage consultants to performbusiness needs and fit gap analysis. For mostmajor application overhauls, we undertakelarge change management efforts and train thebusiness users on the new systems. (KS)

� Strategies – North Dakota uses an EA processto identify our future state needs which helpsbuild support for modernization projects. Inaddition, we have used a central servicesapproach when possible. Most of the effortshave been on a case-by-case basis – eachapplication/agency is unique and needs to behandled as such. (ND)

� Strategies – South Carolina has an EnterpriseArchitecture (SCEA) Committee to oversee new,emerging, and legacy technologies. The SCEAprovides a framework for making strategictechnology investment decisions on a cost-effective, enterprise basis. (SC) [Note: Directedfrom question 2.8]

� Strategies – It has been recognized by keystakeholders that an enterprise architecture

approach implemented with SOA is the way tomove the infrastructure forward while costeffectively maintaining IT alignment with thevarious agencies strategic business goals. (MT)

Large Scope:

� Obstacles – Enterprise solutions delay smallerstove-piped solutions. (VA) Strategies –Instituted rigorous IT program managementoversight for all large-scale IT projects. (VA)

� Obstacles – Resource availability – bothbusiness and IT (CA) Strategies – Collaboration;Shared services (CA)

� Strategies – Texas State Data CenterConsolidation initiative; and Texas state-widecooperative contracts for IT hardware, softwareand services. (TX)

Migration/ Risk:

� Obstacles – Balanced allocation of risk betweenvendors and the state. (MA) Strategies – Solicitvendor/consultant input regarding options andapproaches prior to procurement; many jointapplication development sessions withbusiness users and legacy IT staff. (MA)

� Obstacles – Lack of products on the market toease the migration off of proprietary platforms.(NY) Strategies – Several cluster agencies, forexample, agencies that support Public Safety orHuman Services, have joined together todevelop common plans to ease integration ofmodernized applications. (NY)

� Obstacles – Legacy application and dataarchitectures are at odds with moderndistributed and Service Oriented Architectures.The transformation of legacy architectures tomodern architectures when legacyarchitectures have been heavily enhanced overa long period of time and users includemultiple organizations is a difficult hurdle inmodernization. (PA) Strategies – Pennsylvaniahas four Communities of Practice (CoPs), eachthat govern IT in multiple agencies. Agencieswithin a CoP are organized by similar lines ofbusiness, e.g., public safety, and heath andhuman services. The CoPs have a broader viewof business and IT challenges than a singleorganization and work to identifyopportunities to break down agency silos anddevelop shared services. CoPs coordinate,prioritize, and approve projects that aid in thetransformation of legacy architectures to



modern distributed architectures. All ITprocurements must comply with theCommonwealth’s IT standards and policies.(PA)

� Obstacles – Legacy systems built in the pastwere not built for flexibility: (1) Incompatibledata and file formats; (2) Hardwareincompatibility; (3) Software tied to hardware;(4) Proprietary protocols and networks; and (5)Single system design. (LA) Strategies –Standardization; Interoperability facilities;Better interfacing between systems (LA)

� Strategies – Customer Client Reviews/Surveysto better understand the underlying problemswith migration to newer platforms; also, utilizedfunctional and technical contractor help. (OK)

� Strategies – For data migration we emphasizeattention to detail at the technical level alongwith extensive testing. We also attempt to limitchanges to data schemas (within reason) toreduce the risk of conversion. (NE)

Staffing/ Knowledge Transfer/ InstitutionalKnowledge:

� Obstacles – Training, knowledge transfer andimplementation (KY) Strategies – Planning anda lot of stress on all directional communication(KY)

� Obstacles – Lack of institutional knowledge ofboth the program and the applicationsupporting that program in addition to thecomplex coding and interdependencies of thelegacy systems. (NY)

� Obstacles – Large number of IT staff are eligiblefor retirement in the next 5 to 10 years. (OR)

16



Survey Section 3: Funding

3.1 In light of the current fiscal downturn inmany states, please describe to what degree theavailability of funding vehicles has influencedyour ability to modernize “Legacy Systems” inyour state, and what tactics you are utilizing toovercome funding concerns.

States were asked to describe the degree to whichthe availability of funding vehicles has influencedtheir ability to modernize “Legacy Systems” in theirstate, and what tactics they are utilizing toovercome those funding concerns.5

The overarching theme in this section focused ontightening state budgets, and although severalrespondents said state budget problems haveslowed IT initiatives, most states indicated thatvarious strategies and increased focus onjustifying IT projects has kept most state-wide ITinitiatives on course. Many states are looking atbond issues, federal funding opportunities andoutsourcing strategies as methods to keep ITmodernization projects on track. Virtualizationand consolidation strategies were also cited.States that gain a large portion of state revenuefrom energy resources have been impacted verylittle by recent downturns in overall state revenues.

[Note: This survey was conducted before the recentcredit crisis on Wall Street, national recession andrevenue shortfalls that many states areexperiencing as a result, so state comments,opinions and funding strategies presented in thissurvey may be affected.6]

State comments:

� Funding is unavailable so we are trying to getout in front of the issues; we have beenintensively planning modernization efforts forover a year and are now aggressivelyunderway; partnering with our vendor forsome “no cost” proofs of concept. (DE)

� No problem where business justificationsupports the funding. (IN)

� The competing funding priorities have alwaysplayed a role in such decisions. Themodernization of systems and infrastructureare planned, to the extent possible, in thenormal course of upgrades and maintenance.We are considering the implementation ofdepreciation funds across an array of

hardware and software expenditures in anattempt to stabilize the funding. (IA)

� Generally, if it isn’t broken, we don’t fix it. Unlessthe application isn’t meeting businessrequirements, or is becoming too expensive tomaintain, we do not prioritize its replacement.(KS)

� North Dakota currently has a large budgetsurplus, which has helped overcome somefunding concerns. However, the state continuesto be a fiscally conservative state, and eachproject is judged on its merit and must show astrong justification before it will be funded.(ND)

� The state is currently working on a process,with the assistance of an outside vendor, toanalyze legacy applications and provide aprioritized list of applications that need to beaddressed. The list would then be used tosecure a dedicated enterprise funding sourceto begin the renovation process. Focus will beon applications which are unstable and offerthe highest reward if modernized. (NJ)

� The current fiscal downturn has impactedalmost all agencies in the Commonwealth,resulting in budget cuts from 2 to 20 percent.These cuts have put new initiatives on hold. Theprogress on any pre-approved initiatives andthose already underway are being reviewed toensure they are in the Commonwealth’s bestinterest. (KY)

� During the last legislative session, West Virginiaapproved funding to pursue an ERP solution.We expect the ERP initiative will replaceapproximately 92 legacy applications usedacross various agencies and departments. (WV)

� Funding has always been tight, and we havesimply tried to present our business cases in amore convincing manner than other requestsfor scarce fiscal resources. Even under past andmore favorable economic situations, thecompetition for funds was extremelycompetitive, so we have tried to raise the levelof awareness and need to work harder to justifyrequests. Planning must be more thorough,justifications more persuasive, and links tobusiness strategies and IT plans must be directand clear (line-of-sight). (NC)

� Lack of funding has slowed the process ofmodernization. One of the alternative fundingapproaches for shared enterprise applicationsis through the issuance of governmentbonds. (MS)

� We have been successful in leveraging vendor



software contracts to include low or no costsoftware that will assist many agencies to Web-enable or upgrade their current legacyapplications. Total re-writes will be necessaryfor many other agency applications withfunding as a major issue. (SC)

� A $450 million capital investment forinformation technology has recently beenapproved which will in part be used tomodernize critical state systems. The currentfiscal downturn will affect operating budgetswhich may in turn impact funds available forthe maintenance and support of existingapplications. (MA)

� Systems are being prioritized with toppriorities being worked first and other systemsbeing “held” together. One strategy is theextension of current legacy systems for at least5 years until funds become available. (MI)

� While the current fiscal downturn has notaffected Texas as much as many other states,funding for needed technology initiatives suchas modernization is an ongoing constraint. Onetactic being deployed in our state is tocentralize the state’s data centers andoutsource their operations. This will in timeimprove our opportunities for rationalizationand modernization of our legacy systems. (TX)

� The advent of virtualization has helped todrive down costs of modernizing as lesshardware is required; software costs aresomewhat reduced and server support costsare reduced. The use of server consolidationstudies, savings in power and cooling and goodcost benefit analysis have proven effective inovercoming initial funding concerns. (NY)

� As funding has become tighter in every agencyin the Commonwealth, funding for large ITmodernization projects has been much moredifficult. Some agencies that receive largeamounts of federal funding (e.g. PENNDOT)have been able to move forward with largelegacy modernization projects, but mostagencies that have asked for new general fundsfrom the Governor’s Budget Office have beendenied over the past four years. A“productivity bank” loan fund has beenestablished that agencies can utilize toimplement projects, if they can establish apayback strategy over a multi-year period. Mostagencies have a difficult time establishing newrevenue streams with their IT modernizationprojects in order to pay back the loan. TheCommonwealth has turned towards realizing

technology innovation savings. For example,we will be investing in virtualizationtechnology to reduce infrastructure costs.The savings can be applied towardsmodernizing legacy systems. Likewise ournewly negotiated Data PowerHouse (DPH)outsourcing contract will result in significantsavings that could be directed to applicationupgrades. (PA)

� Louisiana has utilized both state general dollarsand federally matched funding in order toaddress some of the redesign issues. The statehas a self-administered internally financedprogram to provide state agencies themeans to acquire equipment on aninstallment purchase basis. The program isthe Louisiana Equipment Acquisition Fund(LEAF). Agencies are researching a variety ofsources to provide the services once providedby internal, legacy systems, including ActiveServer Pages (ASP) and (SaaS). (LA)

� We are delaying many legacy system migrationefforts due to reduced funding. We are seekingPrivate-Public Partnerships that will bring inprivate capital that will be repaid when actualsavings are realized. We are selecting moreaffordable COTS software; also, we areevaluating ways we can capitalize the large ITcosts of legacy system modernization. (VA)

� Most modernizations come out of the basefunding we have. Hence, the pace of changehas slowed down. (SD)

� Funding has not affected the state significantlyin the past three years, but could be an issue inthe next couple of years. (OK)

� “If it ain’t broke don’t fix it.” We budget only tokeep the place running. (HI)

� The tolerance/appetite for failure has been agreater challenge than funding for themodernization of our legacy systems. (ME)

� There’s no magic formula, just clearcommunication with the administration andlegislature. Our migration projects originatefor business reasons and not for technologyreasons. The availability of high federalmatching fund rates and federal mandates alsoinfluences the business case. (NE)

� We attempt to be creative to use multiplefunding vehicles to fund implementationcosts for new systems that will ultimately resultin cost savings. (MN)

� The availability of funding vehicles has drivenCalifornia to seek large statewide initiativeswhich are being promoted to modernize and

18



consolidate aging ERP functions, thusbenefiting the enterprise as a whole. (CA)

� We are utilizing a more aggressive pursuit offederal funds and exploring self-fundedmodels. (Guam)

� Oregon polled several large agencies on thisand other questions throughout the survey.One large agency indicated that funding formodernization is a combination of generalfunds, federal funds and public bond offerings.By combining modernization andautomation objectives, we are able to insuretangible benefits to our citizens, making thisinitiative more attractive. We have alsocombined our objectives with other initiativeswith similar technology goals, increasingsynergy and benefit and minimizing totalcosts. Another mid-sized agency indicated:Funding is one of many constraints restrictingagency capacity for modernization efforts. Evenwhen needed, and funding is secured,underlying constraints are revealed in otherareas such as management, technical staff,operations staff, need to accommodateseasonal workloads, etc. (OR)



4.2 Please indicate which of the following“Enterprise Risk” concerns have driven themove to modernize legacy systems in yourstate. (Please check all that apply)

When states were asked to indicate which“Enterprise Risk” concerns have driven their moveto modernize legacy systems, it was clear thatInability to meet line-of-business needs,Inability to adequately meet constituent needs(public perception), and Inability to adequatelymeet internal user needs were by far the mostsignificant concerns for states driving their movetoward modernization of legacy IT systems; seetable 6.

Other responses:

� Lack of COBOL programmers� Consolidation/integrated processing and

reporting. Hardware end-of-life.� Enterprise consolidation� Duplication and redundancy

Figure 4. “Security” concerns that have driven states to modernize legacy systems; N=29


Survey Section 4: Security and EnterpriseRisk

4.1 Please indicate which of the following“Security” concerns have driven the move tomodernize legacy systems in your state. (Pleasecheck all that apply)

Issues related to security and enterprise risk areimportant drivers for states as they move tomodernize their legacy IT systems. In question 4.1,states were asked to indicate which “Security”concerns have driven their move to modernization.Not surprisingly, a high percentage of statesindicated all available choices as issues of concernand significant drivers towards legacymodernization, including Application and/orPlatform Access Controls, Information/Data Privacy,and Information/Data Integrity. However,Information/Data Security was the highest pointof concern for states, with 72.4 percent ofrespondents indicating this as the most significantsecurity driver towards modernization; see figure 4.

20



Survey Section 5: Staffing

5.1 Please describe below to what degree staffsupport issues (either internal or outsourced)have influenced your ability, or is driving theneed, to modernize “Legacy Systems” in yourstate.

States were asked to describe the degree to whichstaff support issues (either internal or outsourced)have influenced their ability, or is driving theirneed, to modernize “Legacy Systems.” Theoverarching theme in this section centered greatlyon a high percentage of “retirement eligible” staffthat have the knowledge to run legacy systems,and that younger, new hires are not willing to learnthe old legacy languages.

States concerns:

� Over 50 percent of our applicationsdevelopment staff is eligible for retirement. Wehave been trying to cross-train, backfill, etc.(DE)

� The eligibility for retirement of nearly 40percent of our current IT workforce plays asignificant role in our current planning efforts.We are still assessing the issues and options

currently. We will be developing acceleratedplans for addressing these issues commencingin FY ’09. (IA)

� We are losing many of our staff that builtand operate our custom legacy systems. Weno longer have development staff capable ofwriting applications that are comparable toCOTS applications. In general, our approach isto select a COTS product and customize asnecessary to meet our business needs. It issometimes a struggle to balance the need forcustomization with the effort required to keepthose customizations current, particularly inconjunction with application version upgrades.(KS)

� Internal staff with institutional knowledge arecritical to moving forward with any renovationstrategy. Since these are the same resourcesmaintaining the day-to-day operation, it’snearly impossible to have them also involved innew development. One strategy that hasproduced some result is to partner with a usingagency to impose a moratorium or freeze onmodifications and enhancements. This allowsus to free-up experienced resources to help usarchitect replacement or new solutions. (NJ)

� The average age of an IT employee in ourstate is 50+. Since I have been with the state

“Enterprise Risk” Drivers towards modernization Percentage

Inability to meet line-of-business needs 75.9%

Inability to adequately meet constituent needs (public perception) 72.4%

Inability to adequately meet internal user needs 69.0%

Compliance 55.2%

Inappropriate failover and Disaster Recovery mechanisms 51.7%

Financial controls 48.3%

Enterprise information security risk 44.8%

Extended system unavailability due to obsolete hardware and software 44.8%

Performance degradation or inabilities to handle required volume/load 41.4%

Unreliability (unpredictable, unacceptable downtime) 31.0%

Table 6. “Enterprise Risk” Drivers towards modernization of IT systems and applications; N=29.




we have experienced considerable turnoverdue to retirement and death. (WV)

� To date the availability of internal (in-house)personnel and the appropriateness of vendorstaffing have not presented major problems forthe larger agencies. However, internal staffingresources have been an issue for smalleragencies, and both are anticipated to emergeas pressing concerns in the near future for allagencies. (NC)

� The availability of mainframe system engineersand programmers is an ever-growing concernand issue. (MS)

� In house technical support expertise continuesto be a huge issue for the state. As ‘graying’staff that have traditionally supported theselegacy systems retire, we are forced to lookmore and more at outside vendors. Technicalgraduates do not want to learn and supportlegacy systems, and lower state salaries arealways a concern. (SC)

� Good staff but “graying”. We need to move onmodernization now in order to leverage theirknowledge to transition to new technologies.We are currently recruiting younger staffthat do not have legacy system skills, nor anydesire to acquire them. (MA)

� Approximately 40 percent of state IT staff willbe eligible for retirement in next five years.Some systems are over 30 years old and thereare very few that understand not only howthey work but why they work the way they do.Finding support for old legacy developmentlanguages (e.g. COBOL-68) has become moredifficult. (MI)

� Many New York critical applications weredeveloped on the state’s mainframe platformsand the ability to find both the technicalsupport and programming skills to continue tosupport these platforms is extremely difficult.Skill sets coming out of college and into thestate workforce do not focus on oldertechnologies and we are forced to turn to thevendors for support. Institutional knowledge isalso retiring with the graying of the state’sworkforce, so utilizing that knowledge basebefore it exits is a strong influence in themodernization effort. (NY)

� Pennsylvania has a number of legacy systemsbuilt using many different technologies, e.g.,COBOL, PowerBuilder, assembler, and progress.It has become increasingly difficult to hire staffwith these skills. Additionally as the skill setsbecome more difficult to find internally, they

also become more expensive to acquire fromoutside sources. Inadequate resources andinadequately trained resources intensify therisk of failure of legacy systems which in manycases are mission critical. Therefore, staffingissues are a major contributing factor in thejustification of and decision to replace legacysystems. (PA)

� Finding and keeping the right IT staff remains achallenge for both states and large companies.The problem is attracting qualified IT staffwhere we have a large number of legacysystems and the need to migrate them tonewer technologies. The problem may not beabout an overall shortage, but rather ashortage of specific skill sets that are in highdemand and can’t be found fast enough – notinsufficient skills, but outdated skills. Because ofthese problems mentioned, Louisiana has hadto resort to supplementing state staff withcontract staff in order to meet the required skillsets needed. (LA)

� Our legacy systems support staff isapproaching and/or has reached retirementage. In some cases, we are hiring them back asconsultants after they have retired. It is verydifficult to recruit younger IT staff that arewilling to learn legacy computer languages. Wehave trained some of our legacy IT staff onnewer technology to reduce the fear of theirobsolescence after legacy migration. (VA)

� We have to hire young and train, while losingour senior staff to retirement. This actuallypushes us to modernize. (SD)

� Support staff for aging systems are gettingclose to retirement, and about 40 percent ofthe IT staff will be eligible to retire in the next 5years. Technical support and applicationdevelopment support for both the legacyhardware and applications are becomingdifficult to find. (OK)

� Thirty-two percent of IT staff are currentlyeligible to retire. Of course this is the groupwith the most knowledge. Newer staff are notinterested in pursuing legacy technologiesand would prefer to work on a more modernsystem with marketable skills learned along theway. (HI)

� To a considerable degree, the “graying” of ITstaff supporting legacy systems, and thegeneral shortage of skilled personnel in thisniche are driving the need to modernize ourlegacy systems. (ME)

� We have not modernized systems because of

22



staff support issues. (NE)� Workforce demographics and bureaucratic

hiring practices make it difficult to hireemployees with current skills. (MN)

� The “graying” of our IT workforce is definitelya driver. (MT)

� California is facing the daunting task ofreplacing an aging workforce. Successionplanning and the modernization of our systemsand infrastructure serve as means to leveragethe emerging workforce while meeting theneeds of business. (CA)

� Staff support has actually hindered our moveaway from legacy systems due to a lack ofavailable skill sets in our area. (Guam)

� Oregon polled several large agencies on thisand other questions throughout the survey.One large agency indicated: Many of thelegacy systems are written in COBOL and runon a mainframe. The staff who maintain thesesystems are, in many cases, close to retirementand persons to replace their skill levels aredifficult to find. There are also a limited numberof staff maintaining these systems. Since it isunlikely we can increase the number of staff, itis necessary to find ways to make ourmaintenance processes more efficient.Another mid-sized agency indicated: Thecurrent siloed, one-off architecture of legacyapplications require assignment of dedicated,specialized staff for support, maintenance andenhancements. We can no longer afford theinefficiencies of a fragmented environment andmodernization toward a common enterprisearchitecture will reduce the agency’smaintenance footprint. Another large agencyindicated: The agency is undergoing areplacement project to modernize our legacysystems for HR, Finance and Procurement andreplace them with an off the shelf ERPintegrated system. One driver for this effort isthe concern that the ability of the agency tosupport the current system(s) for theforeseeable future is quickly coming to an end.(OR)

On the positive side, several states indicated nosignificant issues with staff:

� The state of Indiana is not influenced bystaffing concerns. (IN)

� Initially it was feared that this would pose aproblem but it has not materialized. There hasbeen adequate support available in the vendorcommunity when needed. (ND)

� Inability to find knowledgeable staff to supportlegacy applications has been someconsideration, but it has not been a majorfactor. (KY)

� Texas recognizes the need to focus our limitedstaff resources/skill sets on achieving ouragencies’ specific missions. Therefore, we areconsolidating/outsourcing the operation of ourdata centers. This will, in turn, increase theability of our state agencies to innovate andmodernize. (TX)



Survey Section 6: CIO Perspectives

6.1 If your state has used, is using, or is currentlyconsidering legacy system modernizationpractices or processes that have not beenaddressed in this survey, or you consider animprovement or innovation to legacy systemmodernization practices, please describe theprocess or methodology below.

States were asked to describe legacy systemmodernization practices or processes notaddressed in previous sections of this survey, orthat they consider an improvement or innovationto legacy system modernization practices alreadydiscussed. Below are responses from eight statesthat provided input:

� New Jersey provided an Assessment Processand Renovation Matrix, <www.nascio.org/publications/documents/LegacySystemAssessment 2_NJ_0708.pdf>, “Legacy SystemAssessment Status,” July 2008.

� The Commonwealth of Kentucky commentedthat, “Often identifying the funding mechanismis an important aspect of initial planning of anylegacy system modernization. Capturing thetrue cost of an existing legacy system is veryimportant before the system modernizationinitiative can be discussed. This informationallows the stakeholders to better understandthe ROI of such system modernization.”

� The state of North Carolina provided thefollowing information: Our applicationsportfolio management (APM) software tool hasbeen invaluable in the management of theirlegacy applications by assisting statewide andagency staff to:

(1) Maintain a comprehensive and accurateinventory of applications;

(2) Analyze each application and theportfolio as a whole to determine thecurrent status (‘as is’ state) from value,performance, cost, and risk perspectives;and

(3) Develop coherent and realistic plans formanaging each application over itsuseful life and transitioning each and theportfolio of applications to the desired(‘to be’) state considering future(desired) business, information, andtechnical architectures.

Our approach for doing these things isexplained in question 2.8.

Similar to most IT management disciplines,APM is 20 percent tool and 80 percent people,methodologies, and processes. The intents areto optimize value/benefits and minimize costsand risks of individual applications over theiruseful lives while transitioning the state’sapplication portfolio to a more businessreceptive, technically controllable, financiallyviable, and risk suitable environment. The APMdiscipline reflects the facts that eachapplication is a valued asset deserving time,energy, and resources for reviewing it anddetermining its future in the organization, andeach asset has an appropriate plan (at leastover the next 5-years) for managing it over itslifecycle.

� Louisiana stated that they are in the process ofreviewing legacy systems for modernization orreplacement, and it is the state’s desire toreview integration and consolidation options,with the goal to reduce stove-pipedapplications.

� The Commonwealth of Virginia indicated thatthey are seriously evaluating Software as aService (SaaS) that promises to provide quickerimplementation solutions without the largecapital investment.

� The State of Hawaii stated that they will utilizeoutsourcing to mitigate their legacy problems.

� Montana said they are following the modelthat some federal agencies have deployed; theMethodology for Business Transformation or(*MBT). It operates within the enterprisearchitecture and provides a methodology forre-engineering our business processes. *Forexample, reference U.S. Department of theInterior, Office of the Chief Information Officer(OCIO) Webpage on MBT Toolkit: Guidanceand Templates,<www.doi.gov/ocio/architecture/mbt/guidance.htm>.

� Oregon polled several large agencies on thisand other questions throughout the survey.

One mid-sized agency indicated that: Outsourcinglines-of-business is a consideration but one that is

24



seldom a real option because state agency lines-of-business are usually mandated. However, ouragency is currently redefining methods for jointdelivery of related services to job seekers andemployers with workforce partners. Theredefinition could result in reduction or eliminationof a current line-of-business.

Another large agency indicated that: The agency ispushing for a statewide Enterprise Architectureprogram to enable the agency’s ERP EnterpriseProgram. In a perfect world, the state would havealready have completed an Enterprise Architecture.Showing:� The State’s Business Architecture,� The Information and Data Architecture,� The supporting Applications Architecture, and� The underlying Technology Architecture.

On the one hand, Enterprise Architecture equips uswith a Sustainable Business Architecture for best-in-class decision making:� With Alignment of EA-to-business needs,� A repeatable EA framework, and� Architecture that is visible across all state

agencies.

On the other hand, Enterprise Resource Planningcan define the as-is and to-be states for systemssupporting Human Resources, Finance andProcurement; the central services of ourorganizations.



Survey Section 7: Additional Resources

7.1 Please provide any links to models, studies,empowering legislation or other resources thatcould be of benefit to state CIOs in planning forlegacy system modernization initiatives.

States were asked to provide links to models,studies, empowering legislation or other resourcesthat could be of benefit to state CIOs in planningfor legacy system modernization initiatives. Beloware responses from five states that provided input:

� The Commonwealth of Kentucky: A systemmodernization prompted by a legislativemandate is a very effective vehicle for a legacysystem modernization initiative. TheCommonwealth had an initiative to modernizeits legacy vehicle information system that ismore than 40 years old. The need to modernizewas recognized by everyone and thatprompted legislation which created thefunding vehicle for this initiative, available at:<www.lrc.state.ky.us/record/06RS/HB537/bill.doc>

� North Carolina included the following threeresources:

(1) The URL for the state CIO’s statewide ITPlan is: <www.its.state.nc.us>. Lookunder “Hot Topics” in the right column.

(2) The URL for the state CIO’s LegacyApplications Report is:<www.scio.state.nc.us>. Look under “HotTopics” in the right column.

(3) The URL for the applications portfoliomanagement (APM) initiative is:<www.scio.state.nc.us/PortfolioManagementInitiative.asp> ApplicationsPortfolio Management is in the center ofthe page. A chart of NC’s four-stepprocess can be found by clicking onApplications Portfolio Management,then clicking on APM Process Diagram.

� The Commonwealth of Virginia offered theirexperience with an Act passed in 2002: ThePublic-Private Education and Infrastructure Actof 2002 (PPEA) was designed to bring privatesector expertise to bear on public projects,saving time and money. It has allowed privateentities to “acquire, design, construct, improve,renovate, expand, equip, maintain or operatequalifying projects” and encourages innovative

approaches to financing construction andrenovation. Available at:<www.dgs.virginia.gov/PPEA/tabid/62/Default.aspx>

� Oklahoma referenced past legislation: Thestate passed legislation in 2000 to replace thestate’s central accounting system. This was theauthorization to implement the ERP system.

� As in *Section 6, Montana referenced the U.S.Department of the Interior, Office of the ChiefInformation Officer, and additional Federalresources from the Federal Chief InformationOfficers (CIO) Council Website:

*Methodology for Business TransformationToolkit: Guidance and Templates<www.doi.gov/ocio/architecture/mbt/guidance.htm>

*U.S. Department of the Interior, Office of theChief Information Officer<www.doi.gov/ocio>

Documents Webpage<www.cio.gov/index.cfm?function=documents>

CIOC Architecture & InfrastructureCommittee<www.cio.gov/index.cfm?function=eastatement>

Appendix I – Complete Responses for Question 2.6.2.6 Please rank on a scale of 1-5, the following concerns around “Legacy Systems” relative to issues youare facing in your state.

Application Development tools – limited expertise (‘dead’ languages)

Documentation – non-existent or out of date

Extensibility, Adaptability, Agility – inability to enhance or revise

26



Hardware – no longer available, limited or no support

Hardware Maintenance – limited or unavailable

Recoverability – uncertain how or where to recover

Security – ability to enhance, revise to meet changing security guidelines (e.g. passwords)



Software – no longer available, limited or no support

Software Maintenance/Upgrades – limited or unavailable

Technical Support – unavailable or difficult to obtain

28





Appendix II – Response Definitions forQuestion 2.7.Question 2.7 Please indicate the most commonmethod(s) your state is utilizing for themodernization of legacy systems?

Applications wrapping: A technique that enablesa closed, non-open application to be part ofanother application and enables information thatwas resident in non-accessible applications to beused outside of this application.

Automated migration: Where an application isautomatically transformed (with little or no humaneffort) to another language and/or database; alsoreferred to as language conversion.

Data conversion: The conversion of one form ofcomputer data to another – the changing of bitsfrom being in one format to a different one, usuallyfor the purpose of application interoperability orfor the capability of using new features.

Extension: Technology platforms and softwarethat allow you to extend the life of your existingsystems. Might include extending systems to Web-based applications and new presentation layers.

Re-hosting/Re-platforming: Where an applicationis moved from one platform to another intact topreserve business logic but move to a lower costplatform. For example, a Unisys COBOL basedsystem is moved away from Unisys hardware toLinux with a relational database, with minimalchanges to the application.

Re-engineer with Commercial-off-the-Shelf(COTS) software: Legacy custom code to COTS.Where a proprietary application is moved to apackaged application (e.g. a mainframe HR systemis replaced by an off-the-shelf packagedapplication from a vendor).

Renovation/Re-architecting: Where anapplication’s key business logic or workflow isextracted and forward engineered to a new nativeapplication (e.g. COBOL to Java). This results in abrand new application that makes use of existinglegacy assets.

Service Oriented Architecture (SOA) integration:Covers both application and data integrationwhere clients expose current legacy applicationsand data as reusable services. This can be as broada using a SOA philosophy across an entireenterprise or as granular as one legacy applicationexposing a few services to be reused by one or twoapplications. (Vendor Lookup)

Utilize Enterprise Application Integration (EAI)to encapsulate and link legacy applications: Theprocess of linking such applications within a singleorganization together in order to simplify andautomate business processes to the greatest extentpossible, while at the same time avoiding having tomake sweeping changes to the existingapplications or data structures.

Virtualization/Emulation: Virtualization involvestaking a physical processor and partitioning it intomultiple contexts - all of which take turns runningdirectly on the processor itself. Virtualization isfaster than emulation - but requires that you havethe correct physical processor to work. Emulationon the other hand involves providing thefunctionality of your target processor completely insoftware. The main advantage of emulation is thatyou can emulate a processor on any other type ofprocessor. The main disadvantage is that it tends tobe slow.

Appendix III – Complete Responses for Question 2.7.2.7 Please indicate the most common method(s) your state is utilizing for the modernization of “LegacySystems.” (Please check all that apply)

30



Applications wrapping

Timing

Percent Count Answers

31.8% 7/22 Used in Past

50.0% 11/22 Currently Using

18.2% 3/22 Plan to Use in Future

Experience


70.0% 14/20 Used/Using Successfully

30.0% 5/20 Used Unsuccessfully

Comments

ADabas, Cobol financial system extracted data to a financial data mart Oregon agencies have used this method in the past and also plan to use it in the future

Automated migration

Timing





Experience




Comments

Systems were too complicated for the tool



Data conversion

Timing





Experience




Comments

We have used and are currently using data conversion for legacy system modernization; also have "Used in the past"

Retirement Systems Oregon agencies have used this method in the past and also plan to use it in the future.

Extension

Timing





Experience




Comments

We've had mixed results, some positive, some didn't make it into production In Process Web interfaces for tax system (difficult to maintain) Oregon agencies have used this method in the past and also plan to use it in the future

32



Re-hosting/Re-platforming

Timing





Experience




Comments

We haven't had much luck moving legacy apps to different platforms In Process Information Warehouse to *Netezza platform:

*<http://en.wikipedia.org/wiki/Data_warehouse_appliance> Have done this in the past Failed ERP implementation Oregon agencies also plan to use this method in the future

Re-engineer or replace with a Commercial-of-the-Shelf (COTS) software

Timing





Experience




Comments

This is our most common approach HR system using PeopleSoft Mixed experience Some unsuccessful attempts due to dynamic state needs (will use in future) Have and are using COTS DOT is acquiring Oracle Financials and if it works for them may become statewide



Renovation/Re-architecting

Timing





Experience




Comments

Mixed results This method is regularly used (all three blocks should be checked) which often requires a change to

our business practices Oregon agencies have used this method in the past and also plan to use it in the future

Service Oriented Architecture (SOA) integration

Timing





Experience




Comments

Have not used extensively, though this is a common direction Human Services, Employment and Training, Public Safety Have used since 2004 Exchanging data and services amongst law enforcement jurisdictions

34



Utilize Enterprise Application Integration (EAI) to encapsulate and link legacy applications

Timing





Experience




Comments

Intermediate solutions while planning for more extensive application replacement Customized MQ Series for data transfers across applications There are some current SOA initiatives with several planned for the near future. (should also be

checked use in future) Have used since 2001 Oregon agencies have used this method in the past and also plan to use it in the future

Virtualization/Emulation

Timing





Experience




Comments

There have been some failed modernization efforts using this method Migrating heterogeneous mix of servers, OS etc. to VMware on HP or IBM blades. Oregon agencies also plan to use this method in the future



Other, please specify

Timing





Experience




Comments

Bridge systems Replacing old COTS package with new one (usually from different vendor) Replace legacy systems with new SOA-architected solutions

36



Appendix IV – Complete Responses for Question 2.9.2.9 Please indicate obstacles or challenges your state has experienced with the modernization of “LegacySystems,” and rank on a scale of 1-5.

Legend: Overall rating based on the scale from 1 to 5

Not challenging 1

2

3

4

Extremely challenging 5 Data migration Percent Count Answers

0.0% 0/28 Not challenging 1

10.7% 3/28 2

53.6% 15/28 3

14.3% 4/28 4

21.4% 6/28 Extremely challenging 5

Funding Percent Count Answers


6.9% 2/29 2

10.3% 3/29 3

27.6% 8/29 4


Lack of documentation Percent Count Answers


31.0% 9/29 2

20.7% 6/29 3

31.0% 9/29 4




Lack of source code Percent Count Answers


55.2% 16/29 2

20.7% 6/29 3

3.4% 1/29 4


Out-side vendor support Percent Count Answers


24.1% 7/29 2

37.9% 11/29 3

17.2% 5/29 4


Resistance (or lack of internal support) from internal end users Percent Count Answers


27.6% 8/29 2

41.4% 12/29 3

13.8% 4/29 4


Risk of failure versus tolerance or appetite for failure Percent Count Answers


20.7% 6/29 2

44.8% 13/29 3

17.2% 5/29 4


38



Staff support (including both state and contracted staff) Percent Count Answers


27.6% 8/29 2

34.5% 10/29 3

34.5% 10/29 4


System availability during transition period Percent Count Answers


34.5% 10/29 2

37.9% 11/29 3

10.3% 3/29 4




Endnotes

1 For more information on the graying of state’s ITworkforce, refer to NASCIO’s survey report, State ITWorkforce: Here Today, Gone Tomorrow?,<www.nascio.org/publications> © CopyrightNASCIO, all rights reserved, www.NASCIO.org.

2 For more information on funding for state IT, referto NASCIO’s survey report, Innovative Funding forState IT: Models, Trends & Perspectives,<www.nascio.org/publications> © CopyrightNASCIO, all rights reserved, www.NASCIO.org.

3 For more information on the graying of state’s ITworkforce, refer to NASCIO’s survey report, State ITWorkforce: Here Today, Gone Tomorrow?,<www.nascio.org/publications> © CopyrightNASCIO, all rights reserved, www.NASCIO.org.



6 For updated information on the fiscal condition ofthe states and projections for 2009 in the comingyear, please reference, The Fiscal Survey of theStates, <www.nasbo.org/Publications/PDFs/Fall2008FiscalSurvey.pdf>, Copyright December2008 by the National Governors Association (NGA)<www.nga.org>, and the National Association ofState Budget Officers (NASBO) <www.nasbo.org>.All rights reserved.