Chancellor's Recent Speeches

Remarks by Dr. Charles B. Reed
Chancellor, California State University
Joint Legislative Audit Committee
CMS Audit Hearing Statement
Sacramento, CA
April 3, 2003

The California State University, the country's largest university system, has the massive task of managing information and services for its 23 campuses, 407,000 students, and 45,000 employees. The CSU is responsible for tracking financial aid information, test records, grades, and graduation requirements for its students; and human resources data for its employees. In order to fulfill its mission on a day-to-day basis, the CSU needs information management systems that work efficiently and effectively.

The CSU has known since the 1980s that it would need to update and replace its administrative technology systems. CSU campuses had been operating a patchwork of older administrative management systems, many of which were no longer serviced by vendors. Those "legacy" systems were clearly unable to keep up with the complex demands of such a large university system. In 1993, CSU campus presidents launched a comprehensive technology planning process. After extensive campus consultation and review, the CSU decided to adopt a system-wide administrative technology program that would serve its students, staff, and faculty more effectively. The CSU identified an administrative systems replacement project in 1995. That project later evolved into the Common Management System (CMS). CMS is currently within its planned budget, on schedule, and meeting its deliverables.

The Bureau of State Audit's recent findings about the CMS project are of great concern to the CSU. While we disagree with some of the auditors' interpretation of facts, we have found the audit's recommendations to be very valuable. We are implementing the 30 recommendations of the auditors: Three have already been addressed, 19 are in progress, and response action on the remaining eight is in the planning stage. We believe that our concerted action to implement those recommendations will not only address the findings but will also improve the CMS project.

Let me comment briefly on a few more specifics about the CMS project:

CMS Business Case

The CMS project was the outgrowth of more than a decade's worth of planning. Our campuses believed that collaboration in developing and operating CMS would be fiscally and operationally beneficial, and that leveraging the size of the CSU would allow for better pricing and service from vendors. A 1996 IBM study corroborated this belief. Our campuses also believed that a common data center would minimize individual campus expenditures for data center support. The Pacific Partners study supported this belief.

The CSU is now undertaking an analysis to confirm the current benefits of CMS and identify other potential benefits to the system through CMS. A preliminary study in this effort completed by Cap Gemini Ernst Young corroborated the value of a system-wide, common software approach. A campus-by-campus approach could have cost 70% more than CMS. Additionally, had the CSU patched and modified the legacy systems to provide service even marginally comparable to CMS, the estimated annual operational cost in 2006/07 would have been $105 million, compared to $65 million for CMS.

CMS Cost Estimate

The CSU made the decision to fund CMS out of its general administration partnership funding rather than asking for new money. These dollars came out of funding for non-instructional support costs, which are legitimately used for institutional support.

The CSU's cost estimates for CMS included the projected campus implementation costs and the cost to centrally implement and operate the system. In 1999, the CSU's cost projections for CMS totaled $439 million over the seven-year period of implementation. The current projection totals $445 million when comparing like expenditures.

The auditors, however, included campus operations and maintenance costs during this period of implementation in their total. We believe that this total does not accurately portray the cost of CMS because these costs are equivalent to the ongoing expenses for operations and maintenance of the legacy systems.

The CSU has been reporting to the Legislature on CMS funding and expenditures since 1999 and will continue to do so regularly.

CMS Security

The CSU has made every effort to provide for – and CMS has achieved – a high level of information security in the current implementation.

The CMS system assigns a "unique identifier" to students and employees that is not tied to Social Security numbers. However, the CSU, like every other university in the country, must use Social Security numbers for such functions as standardized tests, financial aid, tax reporting, and payroll.

To further protect individual privacy and reduce the potential for identity theft, the CSU instituted increased security measures last week. From now on, CSU employees may only have access to confidential information if they need it to perform their job and if they have written approval by the campus president or vice president for administration. This applies to all automated university systems including CMS. CSU employees who currently have access to confidential information must undergo a re-approval process.

Additionally, we are working with PeopleSoft to have improvements in the base PeopleSoft product that will allow us to mask the birth year and the first five digits of Social Security number from authorized employees using the system who may not have a need for complete confidential information. The letter I received yesterday from PeopleSoft CEO Craig Conway confirms this.

We will continue to monitor the status of our security efforts to ensure that our students and employees are protected.

Conflict of Interest

The university and its employees have complied with conflict of interest law and policy.

The auditors questioned two situations among the hundreds of CSU employees who have participated in the CMS project. Regarding one employee's relationship with PeopleSoft, that professional engagement with PeopleSoft was disclosed fully with supervisors and with participants in the selection process that led to a contract with PeopleSoft. The employee recused himself from all decision-making sessions.

My understanding is that whenever the auditor discovers a potential or apparent conflict of interest, the auditor refers the case to the FPPC. The auditor has done so in this case. The CSU has written to the FPPC and assured them that we will fully cooperate should any investigation take place.

The second issue was with an employee's purchase of Dell stock near the time that a CSU pricing agreement was signed with Dell. This non-exclusive pricing agreement with Dell was to facilitate purchase of Dell equipment by campuses at a reduced rate. Dell was one of several vendors selected for campus purchase agreements, and it was common knowledge that several campuses had a preference for Dell equipment. There was no specified commitment to purchase a particular volume of equipment. The employee in question had no knowledge of the non-exclusive pending pricing agreement with Dell and the stock was purchased by the employee's husband without knowledge of the pending pricing agreement.

Conclusion

The CSU has been working for more than a decade to establish an administrative technology system that would help the university carry out its work more efficiently and effectively. The CMS project is within its planned budget, on schedule, and meeting its deliverables. The system is operating successfully on 16 campuses and will be operational on all but four of our campuses by the end of this year.

The CSU takes the report of the auditors very seriously. We have already strengthened security measures and we are working with PeopleSoft to further strengthen our system. Additionally, we have implemented or are planning to implement all 30 of the report's recommendations.

Thank you for giving us the time to present this information.


Back to speeches