Skip navigation

California Prison Health Care Services - Improper Contracting Decisions and Poor Internal Controls, CA State Auditor, 2009

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
California Prison Health
Care Services:
Improper Contracting Decisions and Poor Internal Controls
January 2009 Report I2008-0805

CALIFORNIA
S TAT E A U D I T O R

The first five copies of each California State Auditor report are free. Additional copies are $3 each, payable by
check or money order. You can obtain reports by contacting the Bureau of State Audits at the following address:
California State Auditor
Bureau of State Audits
555 Capitol Mall, Suite 300
Sacramento, California 95814
916.445.0255 or TTY 916.445.0033
OR
This report is also available on the World Wide Web http://www.bsa.ca.gov
The California State Auditor is pleased to announce the availability of an on-line subscription service. For
information on how to subscribe, please contact the Information Technology Unit at 916.445.0255, ext. 456,
or visit our Web site at www.bsa.ca.gov.
Alternate format reports available upon request.
Permission is granted to reproduce reports.
For questions regarding the contents of this report,
please contact Margarita Fernández, Chief of Public Affairs, at 916.445.0255.

Elaine M. Howle
State Auditor

CALIFORNIA STATE AUDITOR

Doug Cordiner
Chief Deputy

Bureau of State Audits

555 Capitol Mall, Suite 300

S a c r a m e n t o, C A 9 5 8 1 4

January 22, 2009	

916.445.0255

916.327.0019 fax

w w w. b s a . c a . g o v

Investigative Report I2008-0805

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California  95814
Dear Governor and Legislative Leaders:
Pursuant to the California Whistleblower Protection Act, the Bureau of State Audits presents its
investigative report concerning acquisitions of information technology (IT) goods and services
by California Prison Health Care Services (Prison Health Services) with the assistance of the
Department of Corrections and Rehabilitation (Corrections). When Prison Health Services
discovered that some of its IT acquisitions had been made with a single vendor in 2007 and
2008 without complying with either the state contracting process or the alternative contracting
processes established by a federal court, they requested that we investigate the matter.
This report concludes that staff at Prison Health Services ignored state contracting laws, as well
as the alternative contracting requirements established by a federal court, when it acquired
$26.7  million in IT goods and services in a noncompetitive manner from November 2007
through April 2008. Specifically, Prison Health Services used 49 purchase orders to acquire
$23.8 million worth of IT goods from a single vendor when it should have sought competitive
bids. It also contracted with the same vendor to provide $2.9 million in IT services again without
using a competitive process. Further, staff at Corrections helped to execute the purchase
orders for Prison Health Services after initially questioning the propriety of the process used.
Consequently, the State cannot be certain that Prison Health Services spent $26.7 million in
public funds prudently or that it received the best value for the money spent.
Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor

California State Auditor Report I2008-0805

January 2009

Contents
Investigative Results
Results in Brief	

1

Background	

1

Facts and Analysis	

6

The Means Used by Prison Health Services to Acquire the IT Goods
and Services Violated Legal Requirements and Bypassed
Internal Controls	

8

Prison Health Services and Corrections Failed to Establish Systems
to Ensure That Staff Conducted IT Procurement Appropriately	

14

Recommendations	

18

Appendix
The Investigations Program	

21

Response to the Investigation
California Prison Health Care Receivership Corp.	

23

Department of Corrections and Rehabilitation	

25

vii

California State Auditor Report I2008-0805

January 2009

Investigative Results
Results in Brief

Investigative Highlights . . .

The California Whistleblower Protection Act empowers the Bureau
of State Audits (bureau) to investigate and report on improper
governmental activities by agencies and employees of the State.1
As the entity exercising the powers vested in the secretary of the
Department of Corrections and Rehabilitation (Corrections) to
manage the State’s prison medical health care delivery system,
California Prison Health Care Services (Prison Health Services) and
its employees are subject to the bureau’s investigative authority in
their exercise of those powers.

California Prison Health Care Services’
(Prison Health Services) staff violated
legal requirements and bypassed internal
controls by noncompetitively acquiring
$26.7 million in information technology
(IT) goods and services. Specifically, Prison
Health Services:

When Prison Health Services discovered that some of its information
technology (IT) acquisitions had been made with a single vendor
in 2007 and 2008 without complying with either the state contracting
process or the alternative contracting processes established by a
federal court, they requested that we investigate the matter.
We found that staff at Prison Health Services ignored state
contracting laws, as well as the alternative contracting requirements,
when it acquired $26.7 million in IT goods and services in a
noncompetitive manner from November 2007 through April 2008.
Specifically, Prison Health Services used 49 purchase orders to
acquire $23.8 million worth of IT goods from a single vendor when
it should have sought competitive bids. It also contracted with the
same vendor to provide $2.9 million in IT services again without
using a competitive process. Further, staff at Corrections helped
to execute the purchase orders for Prison Health Services after
initially questioning the propriety of the process used. Consequently,
the State cannot be certain that Prison Health Services spent
$26.7 million in public funds prudently or that it received the best
value for the money spent.
Background
In April 2001 in the United States District Court for the Northern
District of California, prisoners filed a class action lawsuit against
the State alleging that Corrections engaged in cruel and unusual
punishment by providing them with inadequate medical care
in the State’s prisons. In June 2002 the State settled the lawsuit,
Plata vs. Schwarzenegger, and in the settlement the State agreed to
implement in its prisons comprehensive new medical care policies
and procedures that would elevate prison medical care to meet
1	

For more information about the bureau’s investigative authority, please refer to the Appendix.

»» Used 49 purchase orders to aquire
$23.8 million of IT goods from a single
vendor without inviting competitive bids.
»» Contracted with the same vendor to
provide $2.9 million in IT services without
using a competitive process.
Staff at the Department of Corrections
and Rehabilitation ultimately executed
purchase orders after initially questioning
the propriety of the process used.

1

2

California State Auditor Report I2008-0805

January 2009

acceptable standards. Under the settlement, the court has the
authority to enforce the agreement. The State attempted to fulfill
this agreement from 2003 through 2005. However, in October 2005
the court found that the State “failed to achieve even a semblance
of compliance.” The court therefore appointed a receiver the
following year to provide leadership and executive management
of Corrections’ prison health care system with the goals of
restructuring day‑to‑day operations and developing, implementing,
and validating a new system that provides adequate medical care to
prisoners in state facilities as soon as practicable. To help achieve
these goals, the court gave the receiver all powers vested by law in
the secretary of Corrections as they relate to the administration,
control, management, operation, and financing of California prisons’
health care system. These powers encompass the authority to hire
and fire Corrections’ employees and to acquire and dispose of
property and equipment, including IT goods and services.
To carry out this mission, the receiver established a
nonprofit corporation called the California Prison Health Care
Receivership Corporation (receivership) to provide executive
management for the delivery of medical care in California’s prisons.
The Plata Support Division within Corrections, consisting largely
of Corrections’ employees, provides administrative support
for the implementation of the receiver’s projects.2 The receiver
recently began using the name Prison Health Services to describe
collectively both the receivership and the Plata Support Division.
Although Prison Health Services has an organizational structure
independent of Corrections’ management, it nonetheless relies on
Corrections’ employees who have remained under Corrections’
management structure to perform many administrative functions,
including business services and accounting.
To acquire goods and services that are needed to administer and
improve California’s prison health care system, Prison Health
Services, with the assistance of Corrections, generally uses the
established state contracting process. However, as will be discussed
in greater detail later in this report, the federal court has also given
Prison Health Services the authority to bypass the state contracting
process and instead use certain alternative contracting processes
expressly approved by the federal court for specified projects.
Figure 1 illustrates the organizational relationship between the
receivership, the Plata Support Division, and Corrections as it
relates to acquiring goods and services.

2	

Plata is the name of the complainant in the class action lawsuit alleging that Corrections
provided inadequate medical care in the State’s prisons and thus failed to ensure prisoners’
constitutional rights.

California State Auditor Report I2008-0805

January 2009

Figure 1
The Relationship Between California Prison Health Care Receivership and the
Department of Corrections and Rehabilitation

California Prison Health
Care Receivership
(receivership)

Plata Support
Division

Department of Corrections
and Rehabilitation
(Corrections)

Receivership employees who report
to the receiver
Corrections’ employees who report
to the receiver
Corrections’ employees who report
to the secretary of Corrections
Source:  Bureau of State Audits.

As the entity exercising the powers vested in the secretary of
Corrections, Prison Health Services generally must comply
with state laws, regulations, and administrative policies that govern
state contracting practices except to the extent that the federal
court exempts it from doing so. The California Public Contract
Code, sections 12100 through 12113, govern the acquisition of
IT goods and services. In particular, Section 12100 requires that
the Department of General Services (General Services) make or
supervise the creation of all contracts for acquiring IT goods and
services. Section 12104 requires that the State Contracting Manual
(contracting manual) set forth all policies, procedures, and methods
for state agencies to use when seeking bids for IT acquisitions.
Further, Section 12101(c) authorizes General Services to delegate
purchasing authority to those state agencies that demonstrate, to
General Services’ satisfaction, an ability to conduct value‑effective
acquisitions of IT goods and services. For fiscal year 2007–08,
General Service had delegated to Corrections only the authority
to purchase IT goods and services costing less than $5,000, unless
the purchase was being made under an existing statewide contract.
Chapter 3 of the contracting manual describes the requirements for
conducting competitive solicitations for IT goods and services and
specifies that acquisitions exceeding $5,000 must be competitively
bid. The contracting manual prescribes various processes to achieve
competitive bidding that are dependent on the value of the contract.
For IT acquisitions less than $100,000, state agencies are required
to invite competitive bids by soliciting at least two responsive bids
from potential vendors. For IT acquisitions exceeding $100,000,
state agencies are required to solicit competitive bids by advertising
the proposed acquisition through an invitation for bid or a request

3

4

California State Auditor Report I2008-0805

January 2009

for quote process and base their selection of the winning bidder on
specified criteria. An invitation for bid is a request by an agency
for potential vendors to submit bids on what they would charge to
supply goods and/or services that will satisfy a known and detailed
requirement. In a request for quote, state agencies identify a specific
need and ask potential vendors for proposals to satisfy that need
including the price for doing so. For IT acquisitions exceeding
$500,000, state agencies are required to solicit competitive bids by
advertising a formal request for proposal in which the agency puts
forward a document that describes in general terms some problem
to be solved or goal to be achieved, and asks for proposals that will
solve the problem or achieve the goal and specify a price for doing
so. Once an invitation for bid, request for quote, or request for
proposal is advertised to potential vendors, bidder participation
is not controlled; thus, there is no requirement regarding the
minimum number of bidders that must participate before an agency
may award a contract. As shown in Table 1, to comply with state
law, Prison Health Services is required to seek competitive bids for
any acquisition over $5,000.
Table 1
Requirements for Obtaining Competitive Bids to Provide Information Technology Goods and/or Services Under the
State Contracting Process
Dollar Value
of Acquisition

Bid Solicitation
Method

Evaluation method

Advertisement

$5,000 to $100,000

Informal

Oral or written response from two responsive bidders

Not required*

$100,000.01 to $500,000

Informal

Invitation for bid or request for quote

Required

More than $500,000

Formal

Request for proposal

Required

Source:  State Contracting Manual, Chapter 3.
*	 Acquisitions of IT services that exceed $4,999.99 are required to be advertised. Advertisement is not required for acquisitions of IT goods that are less
than $100,000.

However, there is an exception to the competitive bidding
requirements under state law for the purchase of goods and services
that are available for acquisition from a vendor having an existing
statewide contract. General Services has established statewide
contracts for the provision of particular goods and services to state
departments at a set or specified maximum price. As statewide
contracts have already been competitively bid by General Services
when established, and the contracts are structured to comply
with California procurement laws, policies, and guidelines, state
departments may purchase items identified in the contracts by
simply issuing a purchase order for the items without engaging in
the more cumbersome bidding processes otherwise required of
state departments.

California State Auditor Report I2008-0805

January 2009

Although Prison Health Services is generally required to comply
with the state laws, regulations, and administrative policies
previously described that govern state contracting practices, it
also has been given special authority by the federal court to bypass
those requirements when acquiring goods and services for certain
projects, provided that it complies with an alternative set of
requirements intended to be more expeditious than normal state
contracting requirements while still preserving essential elements of
transparency and competitive bidding.
Specifically, in June 2007, the federal court concluded that the
state contracting process adversely affected the receiver’s ability to
implement necessary, timely remedial measures that would provide
adequate medical care in the State’s prisons. Consequently, the
federal court issued a waiver of state contracting laws for specific
projects. The federal court approved the receiver’s request for a
waiver in order to expedite institutional and medical reform. In
granting the waiver, the federal court recognized the receiver’s need
to act promptly and effectively while preserving the fundamental
purposes of the State’s contracting laws, such as preventing fraud
and corruption, ensuring transparency and procedural fairness, and
protecting the public interest. The federal court therefore ordered
that when he does not follow state contracting rules, the receiver
must nonetheless follow one of three alternative contracting
processes: expedited formal bid, urgent informal bid, or sole source.
Table 2 describes the relevant requirements of each of these
alternative contracting processes. Most noteworthy, both the
expedited formal bid and urgent informal bid processes require
the receiver to follow a competitive bidding procedure. The
sole‑source process allows Prison Health Services to select a single
vendor to meet its needs without seeking other bids, but the use
of this process is limited to when only one vendor can provide the
goods or services required for the project.
Table 2
Alternative Contracting Processes Approved by the Federal Court for the Purchase of Goods and Services for
California Prison Health Care Services
Alternative
Contracting Process

Value of Acquisition

Is Competition Required?

Expedited formal bid

$750,000 or more

Yes—must formally solicit three bids

Urgent informal bid

$75,000 to $750,000*

Yes—make reasonable effort to obtain three proposals

Sole‑source bid

No dollar limits

No—only one source can reasonably supply the need

Source:  United States District Court for the Northern District of California, No. C01-1351.
*	 The federal court stated that the expedited formal bid process shall also apply to contracts whose total contract price is estimated to be valued from
$75,000 to $750,000, unless the receiver determines that urgent circumstances do not permit sufficient time to use the expedited formal bid process.
The federal court stated the receiver may also use the urgent informal bid process for any contract whose estimate value is less than $75,000.

5

6

California State Auditor Report I2008-0805

January 2009

With the advent of the alternative contracting processes approved
by the federal court, Prison Health Services began acquiring goods
and services using both the state contracting process and the
alternative contracting processes, depending on the circumstances
of the acquisition. Figure 2 provides an illustrative overview of
the contracting procedures available to Prison Health Services
for the acquisition of IT goods and services under the state
contracting process and the alternative contracting processes
instituted by the federal court.
Figure 2
California Prison Health Care Services’ Contracting Processes for Acquiring Information Technology
Initiation
California Prison Health Care Services (Prison Health Services) identifies the need
to acquire information technology goods and/or services.
Prison Health Services determines whether it should use the state contracting
process or the alternative contracting processes to acquire the goods or services.

State contracting process
Development
1. Prison Health Services chooses an acquisition approach that
complies with state contracting procedures.
2. Staff members develop supporting purchase documents
and solicit or advertise for bids, as necessary.
Review
3. Prison Health Services and/or the Department of
Corrections and Rehabilitation (Corrections) staff route
purchase documents for internal review and to the
Department of General Services, if necessary, and selects
a vendor.
Execution/Payment
4. The parties involved in the acquisition execute the purchase
order or contract, and those with delegated authority and
the vendor—when appropriate—sign the documents.
5. Invoices are paid after approval from Prison Health Services
by Corrections.

Alternative contracting process
Development
1. Prison Health Services chooses an alternative
contracting process, and depending on the process
chosen, Prison Health Services solicits bids and makes
recommendations, as necessary.
2. The receiver or his delegate selects a vendor.
Review
3. Prison Health Services’ managers and legal counsel
negotiate the contract with the vendor. The
counsel reviews the contract for legality and to
ensure that all parties followed the requirements
of the alternative process used.
Execution/Payment
4. The receiver and the vendor sign the contract.
5. The executed contract goes to California Prison Health
Care Receivership Corporation’s accounting office for
receipt and payment of invoices.

Sources:  Bureau of State Audits’ interviews with employees from Prison Health Services and Corrections.

Facts and Analysis
Staff at Prison Health Services, with assistance from Corrections’
staff, improperly acquired IT goods and services worth
$26.7 million without seeking competitive bids. Specifically,
between November 2007 and April 2008, Prison Health
Services paid $23.8 million for IT goods. In addition, between
December 2007 and February 2008, it paid more than $2.9 million

California State Auditor Report I2008-0805

January 2009

for IT services. However, in acquiring these goods and services,
Prison Health Services failed to comply with applicable state laws or
the alternative contracting processes approved by the federal court
that require competitive bids to be sought.
Between November 2007 and April 2008, Prison Health Services
executed 49 purchase orders for IT goods with one vendor and
one of the vendor’s subcontractors at a cost of $23.8 million.
Although purchase orders could have been used to acquire these
goods if the vendor and the subcontractor had a statewide contract
to provide such goods, the goods described in the 49 purchase
orders were not covered by a statewide contract. Therefore, these
IT goods should have been acquired through a competitive process
rather than by improperly using purchase orders. Under state law,
Prison Health Services was required to solicit bids from other
vendors before making these acquisitions by advertising what it
needed through either an invitation for bid, a request for quote, or
a request for proposal, depending on the value of each acquisition.
Table 3 provides a general description of the IT goods that were
acquired with the purchase orders and their cost.
Table 3
The 49 Purchase Orders Executed by Prison Health Care Services for
Information Technology Goods From November 2007 Through April 2008
Purpose of
Purchase Orders

Number of
Purchase Orders

Back-up power supply

34

$671,121

Network infrastructure

11

10,401,764

4

12,715,838

49

$23,788,723

Equipment
Totals

Cost of
Purchase Orders

Source:  California Prison Health Care Services.

Similarly, between December 2007 and February 2008, Prison
Health Services entered into a noncompetitively bid contract for
IT services from the same vendor, which it subsequently amended
three times on the same day, for a total cost of approximately
$2.9 million. Because the original cost of the contract, prior to the
amendments, was approximately $45,300, the original contract
well exceeded the $5,000 threshold at which state agencies must
seek competitive bidding, yet Prison Health Services did not solicit
any competitive bids. With the nearly $2.9 million in contract
amendments that soon followed, the contract also exceeded the
$500,000 threshold at which state agencies must advertise a
request for proposal in order to seek competitive bids; however,

7

8

California State Auditor Report I2008-0805

January 2009

this requirement was also ignored. Table 4 provides a description
of the original IT services contract along with its amendments,
including the execution dates and costs.
Table 4
The Contract and Three Amendments for Information Technology Services
Executed by Prison Health Care Services From December 2007 Through
February 2008
Amount

Original contract

Date Signed

$45,277 December 7, 2007

Amendment 1

11,365 February 15, 2008

Amendment 2

443,100 February 15, 2008

Amendment 3
Total

2,430,000 February 15, 2008

Purpose

House back-up data equipment
through a lease contract
Provide help‑desk services
Provide infrastructure design and
build consulting services
Provide information security services

$2,929,742

Source:  California Prison Health Care Services.

The Means Used by Prison Health Services to Acquire the IT
Goods and Services Violated Legal Requirements and Bypassed
Internal Controls
Our investigation determined that Prison Health Services acquired
IT goods and services using various procedures that did not comply
with either state contracting laws or the alternative contracting
processes approved by the federal court. Prison Health Services’
staff also bypassed certain internal control procedures that were
intended to prevent such noncompliance from occurring. Figure 3
illustrates the control failures of Prison Health Services and
Corrections as they relate to the acquisition of IT goods
and services.
Prison Health Services’ Staff Incorrectly Determined That They Could
Completely Avoid Competitive Bidding Requirements When Acquiring
Needed Goods and Services for a Proposed IT Network
The failure by Prison Health Services’ staff to comply with
competitive bidding requirements apparently began with an
incorrect determination that statewide contracts and the
alternative contracting processes authorized by the federal
court provided a convenient means for avoiding all competitive
bidding requirements.

California State Auditor Report I2008-0805

January 2009

Figure 3
Employees at California Prison Health Care Services and the Department of Corrections and Rehabilitation Failed to
Fulfill Their Contracting Responsibilities
California Prison Health Care Services (Prison Health Services)
1SPWJEFTMFBEFSTIJQBOEFYFDVUJWFNBOBHFNFOUPGIFBMUIDBSFEFMJWFSZJO$BMJGPSOJBTQSJTPOT

Official 1*
0WFSTFFTEBZUPEBZPQFSBUJPOT

Official 3†
0WFSTFFTJOGPSNBUJPO
technology (IT) projects
Official 3 failed to fulfill his
responsibilities when he did
the following:
t 4FMFDUFEBWFOEPSXJUIPVUVTJOH
either the state contracting
QSPDFTTPSUIFBMUFSOBUJWF
contracting processes.
t "QQSPWFEGPVSQVSDIBTFPSEFST
XJUIPVUBOZFWJEFODFPGSFRVJSFE
DPNQFUJUJWFCJEEJOHBOEGBJMFEUP
send them to Corrections
for processing.

Manager A†
Directs IT projects
.BOBHFS"GBJMFEUPGVMmMMIJT
responsibilities when he did
the following:
t &YFDVUFEBDPOUSBDUGPS
TFSWJDFTXJUIPVUIBWJOH
authority and without using a
SFRVJSFEDPNQFUJUJWFQSPDFTT
t 'BJMFEUPSFRVFTUBQQSPWBMGSPN
PöDJBMTBOEUPBDRVJSF
HPPETUISPVHIBMUFSOBUJWF
contracting processes.

Official 2
1SPWJEFTMFHBMDPVOTFM

Official 4
0WFSTFFTUIF1MBUB4VQQPSU%JWJTJPO

XIJDIQSPWJEFTBENJOJTUSBUJWFTVQQPSU
Official 4 failed to fulfill his responsibilities
when he did the following:
t "QQSPWFEGPVSQVSDIBTFPSEFSTXJUIPVU
BOZFWJEFODFPGSFRVJSFEDPNQFUJUJWF
bidding and failed to send them to
Corrections for processing.
t 4JHOFEQVSDIBTFPSEFSTUIBUXFSF
OPUDPWFSFECZBTUBUFXJEFDPOUSBDU
t "QQSPWFEUISFFBNFOENFOUTUPB
DPOUSBDUGPSTFSWJDFTXJUIPVUUIF
authority to do so and without using a
DPNQFUJUJWFQSPDFTT
t 'BJMFEUPSFRVFTUBQQSPWBMGSPNPöDJBMT
BOEUPBDRVJSFHPPETUISPVHI
BMUFSOBUJWFDPOUSBDUJOHQSPDFTTFT

Department of Corrections and
Rehabilitation (Corrections)

Office of Business Services
"ENJOJTUFSTQSPDVSFNFOUBDUJWJUJFT
5IF0öDFPG#VTJOFTT4FSWJDFT
failed to fulfill its responsibilities
when it did the following:
t &YFDVUFEQVSDIBTFPSEFSTUIBU
XFSFOPUDPNQFUJUJWFMZCJEBOE
UIVTFYDFFEFE$PSSFDUJPOT
delegated authority.
t 1SPDFTTFEQVSDIBTFPSEFST
without sufficient documentation
UIBU1SJTPO)FBMUI4FSWJDFT
RVBMJmFEGPSUIFBMUFSOBUJWF
contracting processes.

Manager B
Handles procurement for
UIF1MBUB4VQQPSU%JWJTJPO
Manager B failed to fulfill her
responsibilities when she did the following:
t 'BJMFEUPFOTVSFUIBUQVSDIBTFPSEFST
followed the state contracting process or
BMUFSOBUJWFDPOUSBDUJOHQSPDFTT
t 'BJMFEUPFOTVSFUIBUUIFBQQSPQSJBUF
MFWFMPGEPDVNFOUBUJPOFYJTUFETIPXJOH
FYFDVUJWFNBOBHFNFOUBQQSPWBMUPVTF
BMUFSOBUJWFDPOUSBDUJOHQSPDFTTFT
t 'BJMFEUPJEFOUJGZUIFNPTUBQQSPQSJBUF
NFBOTUPBDRVJSFHPPET
t 'BJMFEUPSFRVFTUBQQSPWBMGSPNPöDJBMT
BOEUPBDRVJSFHPPETUISPVHI
BMUFSOBUJWFDPOUSBDUJOHQSPDFTTFT

Sources:  Bureau of State Audits’ interviews with employees from Prison Health Services and Corrections.
*	 Official 1 did not oversee day-to-day operations for IT projects until February 2008 when the current receiver was appointed. The former receiver
provided day-to-day oversight for IT projects prior to February 2008.
†	 Official 3 left his employment with Prison Health Services in February 2008. Manager A was terminated from employment in June 2008.

9

10

California State Auditor Report I2008-0805

January 2009

Soon after Official 3 assumed responsibility for overseeing Prison
Health Services’ IT projects, he decided that Prison Health Services
needed to establish an IT network for the transmission of prisoners’
health care information throughout Corrections’ prison facilities.
He therefore started planning for the creation of such a network.

An official selected a vendor to
provide the IT goods and services
without making any effort to solicit
competitive bids.

In April 2007 a vendor learned that Prison Health Services wanted
to establish an IT network and contacted Official 3 about addressing
this need. According to the vendor, it indicated that it had been
awarded a statewide contract to provide IT goods and services at a
competitive price and that it was interested in providing the goods
and services that Prison Health Services needed under this contract
and the statewide contracts of its subcontractors. As a result,
Official 3 selected the vendor to provide the IT goods and services
for the IT network without making any effort to solicit competitive
bids. According to both Official 3 and the vendor, Official 3
intended to use existing statewide contracts to the extent possible
to build the IT network. However, according to the vendor’s
representative, for any IT goods and services not available under
existing statewide contracts, Official 3 and the vendor agreed that
the acquisition would be made by using one of the three alternative
contracting processes approved by the federal court. Over the
course of several months, Official 3 and Manager A, who managed
Prison Health Services’ IT projects for Official 3, met with this
vendor and its subcontractors numerous times to discuss Prison
Health Services’ IT network needs. According to the vendor’s
representative, the vendor informed Official 3 and Manager A
throughout the course of the meetings about which IT goods could
be purchased under the vendor’s statewide contract and which
could not. However, Official 3 stated that based on his discussions
with the vendor, he believed that all of the IT goods needed for the
project that are the focus of this report could be purchased under
existing statewide contracts, so he authorized the use of purchase
orders to acquire these items. Statements made by Official 3 and
Manager A to staff within Prison Health Services document their
understanding that all of these items were available under existing
statewide contracts, though we were unable to resolve how they
could develop this understanding if the vendor’s representative had
told them otherwise.
In contrast to the goods discussed above, Official 3 and Manager A
correctly understood that the IT services they needed for the
network project were not available under the vendor’s existing
statewide contract. Official 3 and Manager A therefore determined
that they would enter into a separate contract with the vendor
for the provision of these services using one of the alternative
contracting processes. However, the process Prison Health

California State Auditor Report I2008-0805

January 2009

Services used to acquire IT services was not consistent with the
requirements of any of the alternative contracting processes
approved by the court.
Prison Health Services Violated Legal Requirements and Bypassed
Internal Control Procedures in the Way It Used Purchase Orders
As previously noted, Prison Health Services’ officials incorrectly
determined that they could acquire $23.8 million in IT goods
through the issuance of purchase orders. Based on that
determination, they made those acquisitions in violation of state
competitive bidding requirements. In November 2007 Official 3
and Official 4 began the acquisitions by signing two purchase orders
with the vendor worth approximately $12.1 million to provide
equipment for the proposed IT network. As each of these purchases
exceeded $500,000, the officials were required by state law to
develop a request for proposal and advertise the request to vendors
before making the acquisition, but they did not.
Two months later, in January 2008, Official 3 and Official 4
signed two more purchase orders with a subcontractor to the
vendor for data servers and other IT‑related equipment worth more
than $479,100 and $102,200, respectively. Because both purchase
orders totaled between $100,000 and $500,000, and were not
included as items in the vendor’s statewide contract, the officials
should have sought competitive bids through an invitation for bid
or a request for quote before making these acquisitions.
Finally, during March and April 2008, Official 4 signed 45 more
purchase orders with the vendor, each exceeding $5,000 and
together totaling $11.1 million. Since all the purchase orders were
signed within a short period of time—one week—and the total
purchases exceeded $500,000, and were not included as items in
the vendor’s statewide contract, Prison Health Services should have
developed a request for proposal and advertised the request to
vendors before making these acquisitions.
When they issued the first four of these purchase orders, Official 3
and Official 4 failed to ensure that Prison Health Services’ staff
sent the four purchase orders to Corrections’ Business Services for
processing, which under Corrections’ normal procedures entails
the creation of appropriate accounting records and a review of
the transaction by accounting personnel to determine whether the
transaction is proper. Instead, Official 3 and Official 4 apparently
returned the signed purchase orders directly to the vendor without
processing them through Corrections’ Business Services. Several
months later, the vendor sent an invoice to Corrections’ Business
Services for payment. Because Corrections’ Business Services did

During March and April 2008, an
official signed 45 purchase orders,
totaling $11.1 million, rather than
using a competitive bid process
as required.

11

12

California State Auditor Report I2008-0805

January 2009

not process the purchase orders, neither Prison Health Services’
accounting office nor Corrections’ Business Services had an
official record that these purchase orders had been executed.
Moreover, no one having familiarity with state contracting rules
had an opportunity to scrutinize the purchase orders to evaluate
whether the items being acquired were eligible for acquisition by a
purchase order.

Even though Corrections’ staff
initially rejected the purchase
orders, they later approved them,
convinced that an authorized
alternative contracting process was
being used.

In contrast, when Official 4 issued the remaining 45 purchase
orders for IT goods, those purchase orders were routed to
Manager B at Prison Health Services who then sent the purchase
orders to Corrections’ Business Services for processing. Having
the opportunity to review these purchase orders, Corrections’
Business Services determined that the goods listed on the purchase
orders were not covered by a statewide contract with the vendor,
and therefore the use of the purchase orders was improper
under state law. Consequently, Corrections’ Business Services
rejected the purchase orders and returned them to Manager B.
However, according to Manager B, after speaking with Manager A,
Manager B was under the impression that the IT goods and services
were being acquired under one of the alternative contracting
processes authorized by the federal court. Manager B then
resubmitted the purchase orders to Corrections’ Business Services
even though Corrections’ Business Services would not normally be
involved in acquisitions under an alternative contracting process.
According to Manager B, she did this because Corrections’ Business
Services was normally the entity that processed purchase orders
issued by Prison Health Services for items covered by statewide
contracts, and lacking any guidance on how the purchase orders
should be processed, felt that their involvement as the processing
agent was necessary. Corrections’ Business Services processed the
purchase orders for Official 4’s signature based on Manager B’s
representation that the purchase orders were proper under the
authority granted to the receiver by the federal court. Neither
Manager B nor anyone at Corrections’ Business Services confirmed
the accuracy of the representation with executive management
at Prison Health Services. In actuality, Prison Health Services’
executive management did not authorize the use of any of the
alternative contracting processes to acquire the IT goods listed in
the purchase orders. Moreover, Prison Health Services’ staff made
no effort to use any of the alternative contracting processes for
these transactions.
For his part, Official 4 stated that while he signed all of the
purchase orders on behalf of Prison Health Services, he did so
without questioning them and simply assumed that the purchase
orders related to a properly approved contract between Prison
Health Services and the vendor that had already been vetted
with the appropriate staff at Prison Health Services. Significantly,

California State Auditor Report I2008-0805

January 2009

as Prison Health Services had neither requested nor received
delegated purchasing authority at the time of the purchase order
acquisitions, Official 4 did not have the delegated authority
from General Services to sign the purchase orders on behalf of
Prison Health Services. Although General Services delegated
to Prison Health Services the authority to purchase up to
$1 million in IT goods and services in September 2008, prior
to that authorization, any purchases under state contracting law
should have been approved by Corrections, which had delegated
purchasing authority up to specified dollar limits, or by General
Services. Had this requirement been followed, the purchase orders
would have been subject to greater scrutiny.
Prison Health Services Also Violated Legal Requirements and Bypassed
Internal Controls in Its Contract for IT Services
As we discussed previously, when Prison Health Services entered
into a contract with the vendor for IT services worth approximately
$2.9 million between December 2007 and February 2008, it violated
state competitive bidding requirements applicable to the contract
and each of its three amendments. Specifically, because the original
cost of the contract was nearly $45,300, Official 4 and Manager A
were required to informally solicit at least two responsive bids
before entering into a contract for the services. Moreover, before
they could amend the contract to acquire nearly $2.9 million in
additional services, Official 4 and Manager A were required to
advertise a request for proposal seeking competitive bids for the
provision of these services.
However, as justification for not adhering to state contracting
requirements for these acquisitions, Official 3 and Manager A
provided the impression that they were using one of the alternative
contracting processes authorized by the federal court. But just as
the contract violated state law by not complying with applicable
competitive bidding requirements, it similarly failed to comport
with the requirements of the alternative contracting processes,
which also required competitive bidding. In particular, as the value
of the original contract was less than $75,000, the federal court
authorized Prison Health Services to use the urgent informal bid
process as an alternative to using the state contracting process, but
this process required Prison Health Services to make a reasonable
effort to identify and solicit proposals from three vendors. Further,
the three subsequent amendments to this contract were signed
on the same day and exceeded $750,000 in total. Due to the
amount of these amendments, under the federal court order, Prison
Health Services was required to engage in an expedited formal
bid process before executing the three contract amendments. This

Not only did a $2.9 million contract
for IT services violate state law,
it also failed to comport with
requirements for alternative
contracting processes.

13

14

California State Auditor Report I2008-0805

January 2009

process obligated Prison Health Services to develop and advertise
a request for proposal and to formally solicit three bids. Yet, Prison
Health Services did not take these actions.
In addition, use of the alternative contracting processes authorized
by the federal court was not sought or properly approved by Prison
Health Services’ executive management for these acquisitions.
Official 1 stated that he established a rule that any time staff at
Prison Health Services intended to use any of the alternative
contracting processes, he must approve such a use. Similarly,
Official 2, also a member of Prison Health Services’ executive
management, asserted that if Prison Health Services purchased
goods or services under the federal court’s alternative contracting
processes, Prison Health Services’ use of the process would be
subject to his review as well. However, both of these officials have
asserted that they were completely unaware that Official 3 and
Manager A intended to use an alternative contracting process for
these acquisitions, and we found no evidence to indicate that they
were ever advised of this intention.

Had an official questioned the
amendments to an IT contract,
he would have found that only
a manager had signed the
original contract.

Official 4 was the official who signed the amendments to the
contract, but he stated that he signed them without asking
questions because he assumed the original contract had
been properly approved by Prison Health Services’ executive
management. Had Official 4 questioned the amendments, he
would have found that only Manager A, who was not a member of
executive management, had signed the original contract.
By neglecting to advertise or to seek requests for proposals from
other vendors, Prison Health Services not only violated state
contracting rules and the rules approved by the federal court that
require competition, but it also failed to ensure that it used public
funds prudently or that the State received the best value for the
money spent.
Prison Health Services and Corrections Failed to Establish Systems to
Ensure That Staff Conducted IT Procurement Appropriately
Our investigation identified several factors that led to Prison Health
Services and Corrections paying one vendor and its subcontractor
$26.7 million for IT goods and services without competitive bidding
as required by state law and the processes prescribed by the federal
court. In particular, key Prison Health Services’ personnel, such as
Official 3 and Manager A, did not understand or disregarded the
fact that they were unable to use purchase orders to acquire
the $23.8 million in goods that they needed for the proposed IT
network because those goods were not covered under a statewide
contract with the vendor. In addition, Prison Health Services

California State Auditor Report I2008-0805

January 2009

failed to adequately educate its own staff and staff at Corrections
about the effect of the June 2007 federal court order that waived
state contracting laws for specified projects so that they would
understand the correct impact of that order on the contracting
process. Further, Prison Health Services lacked formal policies
and procedures to follow when creating and processing contracts.
Moreover, Prison Health Services as well as Corrections lacked
adequate internal controls to effectively ensure compliance with
applicable contracting rules. Finally, Prison Health Services fostered
a working environment that discouraged its own staff and staff at
Corrections from raising concerns about Prison Health Services’
contracting practices.
Key Staff at Prison Health Services Either Did Not Understand or
Disregarded That They Could Not Properly Use Purchase Orders to
Acquire $23.8 Million in IT Goods
As we discussed earlier, Official 3 stated that he believed all of
the IT goods that are the focus of this report were covered by a
statewide contract with the vendor so it was proper to acquire the
items from the vendor by simply issuing a purchase order for them.
In addition, e‑mails authored by Official 3 and Manager A appear
to document that they shared an understanding that the items
were covered by a statewide contract. However, a representative
of the vendor asserted that he regularly informed Official 3 and
Manager A throughout the acquisition process that certain IT
goods and services were not available under its statewide contract.
Although our investigation was unable to resolve this conflict in the
evidence regarding what Official 3 and Manager A actually knew
about the propriety of using the purchase orders, we have been left
to conclude that the initial cause for the noncompetitive acquisition
of over $23 million in IT goods was a lack of understanding or
appreciation by these key officials regarding the wrongfulness of
using purchase orders for the acquisitions.
Prison Health Services’ Officials Failed to Adequately Educate Staff
About the Federal Court Order Waiving State Contracting Rules
Prison Health Services’ officials failed to adequately educate all staff
involved in the contracting process about the meaning and impact
of the federal court’s order waiving state contracting rules for
certain projects and how this waiver affects the process of acquiring
goods and services. Official 1, who is part of Prison Health Services’
executive management, told us that management did not need to
communicate to staff concerning the impact of the federal court’s
order because Prison Health Services did not allow its staff to enter
into contracts.

Prison Health Services lacked
formal policies and procedures
as well as adequate internal
controls to ensure compliance with
contracting rules.

15

16

California State Auditor Report I2008-0805

January 2009

Staff at various levels had little,
if any, understanding about the
competitive bidding requirements
imposed by the federal court.

As a consequence, it became apparent during the investigation
that Prison Health Services’ staff at various levels had little, if
any, understanding about the competitive bidding requirements
imposed by the federal court when obtaining goods and services
via the waiver. Although Official 4 acknowledged that he had
regular meetings with Official 2, another member of Prison Health
Services’ executive management, he also stated that he was unaware
of any communication with Prison Health Services’ staff about the
federal court’s order. According to Official 4, he knew only that
the court order was available for review on Prison Health Services’
Web site. Moreover, until we commenced our investigation, key
staff at Prison Health Services stated that they were not aware that
the waiver could only be invoked with the approval of Official 1 and
review by Official 2.
The clearest illustration of the risks associated with not educating
staff about the various requirements of the federal court’s order
regarding the alternative contracting processes occurred when
Corrections’ Business Services initially refused to process
45 improper purchase orders because the goods being acquired
were not available under a statewide contract. Even though
Manager A and Manager B had no authority to enter into
contracts on behalf of Prison Health Services under the alternative
contracting processes, their lack of information about the meaning
of the court order caused them to override Corrections’ rejection of
the purchase orders based on an incorrect assumption that the
court order somehow authorized use of the purchase orders. Thus,
they incorrectly assured Corrections’ Business Services that the
purchase orders were proper due to the federal court order. Staff
at Corrections’ Business Services then proceeded to process the
purchase orders for Official 4’s signature because they too lacked
a sufficient understanding to dispute this assurance. Had staff at
Prison Health Services and Corrections been adequately educated
about the impact of the court order on the contracting process, the
improper use of these purchase orders could have been avoided.
Prison Health Services Lacked Written Contracting Procedures
As a consequence of not issuing any written procedures concerning
the processes to follow when creating and processing contracts,
executive management at Prison Health Services provided staff with
insufficient guidance about what they needed to do to comply with
state law, the federal court’s order, and management’s expectations.
Official 4 and his subordinate, Manager B, confirmed that Prison
Health Services has no written contracting policies and procedures
in place to advise staff of their responsibilities concerning contracts
entered into under either state law or the alternative contracting
processes authorized by the federal court. In the absence of such

California State Auditor Report I2008-0805

January 2009

procedures, the investigation revealed numerous instances in which
staff made improper decisions about how to handle the acquisitions
they were making.
Examples of this mishandling regarding the purchase orders are
the failure of Official 3 and Official 4 to have the purchase orders
signed by persons with proper authority and the failure to route
four of the purchase orders to Corrections’ Business Services for
its accounting and review processes. As for the contract for IT
services that Official 3 and Manager A apparently intended to be
handled under the alternative contracting processes, two examples
of their being mishandled are the failure of these officials to
obtain executive management approval for use of the alternative
contracting processes and their failure to seek any competitive bids
for the contract and its amendments. If Prison Health Services had
written procedures in place concerning how these acquisitions
were supposed to be made, staff would have been in a much better
position to avoid engaging in the improper practices we discovered
or to detect them when they occurred.
Prison Health Services and Corrections’ Business Services Lacked
Adequate Internal Controls Over Contracting
Prison Health Services has no mechanism in place to ensure that
when its staff identifies a need to acquire some good or service,
the proper process—state or alternative—will be instituted
for the acquisition. As we previously described concerning both
the purchase orders for IT goods and the contract for IT services,
Official 3 and Manager A decided, apparently on their own, the
processes to follow for the acquisition of goods and services for
the IT network, even though they seemingly lacked any clear
understanding of contracting requirements. Had they been required
to obtain the approval of someone else, particularly in executive
management, before they moved forward with their acquisition
plans, their improper acquisition of the IT goods and services might
have been thwarted.
Similarly, Prison Health Services and Corrections have no
mechanism in place to ensure that when contracts and purchase
orders are being processed for execution, someone with knowledge
about the contracting process reviews the documentation for
these transactions and has the power to abort a transaction if it
does not appear to be in compliance with state and alternative
contracting requirements. This was clearly illustrated by the failure
of Manager B and Corrections’ Business Services to stop the
processing of the 45 improper purchase orders that Corrections’
Business Services had initially identified to be improper, at least
as measured against state contracting requirements. If Manager B

Managers responsible for acquiring
the IT goods and services seemingly
lacked any clear understanding of
contracting requirements.

17

18

California State Auditor Report I2008-0805

January 2009

and Corrections’ Business Services’ staff had been armed with a
sufficient understanding of the state and alternative contracting
requirements to determine that what Prison Health Services was
attempting to do was improper, and they had the authority to halt
the processing of these purchase orders upon discovering their
impropriety, the State may have avoided the unlawful expenditure
of more than $11 million for 45 of the 49 purchase orders for IT
goods that we discuss in this report.
Prison Health Services’ Work Environment Discouraged Staff From
Raising Concerns About Contracting
We observed that Prison Health Services created an environment
that discourages Corrections’ staff working both inside and
outside of Prison Health Services from raising concerns about
its contracting practices. Specifically, we observed a sense of
trepidation among staff about slowing any of Prison Health
Services’ projects even when acquisitions for the projects did not
appear to adhere to state policies or procedures. For example,
Manager B asserted that when she was advised by Corrections’
Business Services that although the 45 purchase orders were
improper under state law because they were for IT goods that were
not covered by a statewide contract, she was also told by Manager A
that the goods being sought were related to one of Prison Health
Services’ time‑sensitive projects and she should do whatever she
could to expedite them as acquisitions made pursuant to the federal
court order that waives state contracting rules. Consequently,
Manager B did not question the explanation given concerning these
purchase orders and expedited them as directed. However, had she
raised concerns about the need to abide by state contracting laws
or had a thorough understanding of the court‑approved alternative
contracting processes, Prison Health Services may not have
acquired the IT goods in a noncompetitive manner, in violation of
state law and the requirements of the federal court.
Recommendations
To ensure the consistent application of proper contracting
procedures for acquiring IT goods and services, Prison Health
Services should do the following:
•	 Require employees with procurement and contracting
responsibilities to attend training at regular intervals regarding
state contracting processes.

California State Auditor Report I2008-0805

January 2009

•	 Formally communicate to purchasing and contracting staff at
Prison Health Services and Corrections the meaning of the
federal court’s waiver order and the correct procedures that must
be followed to use the alternative contracting processes approved
by the court.
•	 Develop and document contracting procedures for staff to
follow when acquiring IT goods and services under existing
state processes.
•	 Develop and document the contracting procedures for staff
to follow when acquiring IT goods and services under each of
the three alternative contracting processes approved by the
federal court.
•	 Specify in writing who at Prison Health Services has authority
to sign contracts and purchase orders under the state and
alternative contracting processes, and distribute this information
to employees who have responsibilities regarding procurement.
•	 Establish internal procedures to ensure there is documentation of
approval from the receiver or his designee to make an acquisition
under each of the three alternative contracting processes.
•	 Ensure that prior to staff selecting a method for acquiring an
IT good or service, the proposed acquisition is reviewed by an
appropriate staff member to evaluate whether the method of
acquisition is proper.
•	 Ensure that when contracts and purchase orders are being
processed by staff at either Prison Health Services or Corrections
for IT goods and services, an appropriate staff member will
evaluate the proposed acquisition to determine whether it is
proper and has the authority to halt the acquisition until any
suspected impropriety has been resolved.
To ensure that the State follows applicable contracting laws,
Corrections should establish a protocol for communicating with
Prison Health Services’ executive management when it becomes
aware of any potential violations of state contracting laws.

19

20

California State Auditor Report I2008-0805

January 2009

We conducted this review under the authority vested in the California State Auditor by Section 8547
et seq. of the California Government Code and pursuant to applicable investigative standards.
Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor
Date:			

January 22, 2009

Investigative Staff:	
			
Legal Counsel:		

Russ Hayden, CGFM, Manager
Siu-Henh Canimo, CFE
Steven Benito Russo, JD

For questions regarding the contents of this report, please contact
Margarita Fernández, Chief of Public Affairs, at 916.445.0255.

California State Auditor Report I2008-0805

January 2009

Appendix
The Investigations Program
The California Whistleblower Protection Act (Whistleblower
Act) contained in the California Government Code, beginning
with Section 8547, authorizes the Bureau of State Audits (bureau),
headed by the state auditor, to investigate allegations of improper
governmental activities by agencies and employees of the State. The
Whistleblower Act defines an improper governmental activity as
any action by a state agency or employee during the performance
of official duties that violates any state or federal law or regulation;
that is economically wasteful; or that involves gross misconduct,
incompetence, or inefficiency.
To enable state employees and the public to report suspected
improper governmental activities, the bureau maintains a toll‑free
Whistleblower Hotline: (800) 952‑5665 or (866) 293‑8729 (TTY).
The bureau also accepts reports of improper governmental activities
by mail and over the Internet at www.bsa.ca.gov.
Although the bureau conducts investigations, it does not
have enforcement powers. When it substantiates an improper
governmental activity, the bureau reports confidentially the details
to the head of the state agency or to the appointing authority
responsible for taking corrective action. The Whistleblower Act
requires the agency or appointing authority to notify the bureau of
any corrective action taken, including disciplinary action, no later
than 30 days after transmittal of the confidential investigative report
and monthly thereafter until the corrective action concludes.
The Whistleblower Act authorizes the state auditor to report
publicly on substantiated allegations of improper governmental
activities as necessary to serve the State’s interests. The state
auditor may also report improper governmental activities to other
authorities, such as law enforcement agencies, when appropriate.

21

22

California State Auditor Report I2008-0805

January 2009

Blank page inserted for reproduction purposes only.

California State Auditor Report I2008-0805

January 2009

(Agency response provided as text only.)
California Prison Health Care Receivership Corp.
501 J Street
P.O. Box 4038
Sacramento, CA 95812-4038
January 15, 2009
Elaine M. Howle, CPA
California State Auditor
Bureau of State Audits
555 Capitol Mall, Suite 300
Re:	 January 2009 Investigative Report No. 12008-0805 Regarding California Prison Health Care
Services and Department of Corrections and Rehabilitation
Dear Ms. Howle:
I want to thank you and your staff for your evident professionalism in investigating and documenting the IT
contracting concerns which I brought to your attention shortly after my appointment in late January, 2008.
As you know, back in 2002, Governor Gray Davis called on me to assume the State CIO role in the aftermath
of the Oracle contracting problem. Within a few months of my appointment back then, it was clear that
the problems with IT contracting were broader than just Oracle. Among other things, I discovered
that the e-government project, which was responsible for establishing a state “portal” early in the Davis
Administration, had been implemented through a series of utterly inappropriate, serial short-term sole
source contracts that had been strung together over a period of years with a single vendor at an overall cost
to the State in the millions. Working with key executives in the Davis Administration, we shut down those
contractual relationships and put IT procurement and project management back on sound footing.
After several years of effort, we were even able to junk the old, improperly-procured portal in favor of
a portal implemented entirely by a small team of state employees, proving that we don’t always need
expensive consultants to make significant progress in state IT matters. That new portal is garnering national
attention, as noted by the Little Hoover Commission in a recent report:
“Due in large part to the efforts of the state’s previous chief information officer [i.e., the current Receiver],
who created a strategic plan for California information technology, the state’s reputation for technological
sophistication has improved. In a few years, California has gone from the back of the pack to near the front.
The Center for Digital Government placed California in the No. 5 position in its most recent ranking of
tech-savvy states. The state’s Web site also hs improved dramatically, earning recognition and awards for
its customer-service features.” Little Hoover Commission, “A New Legacy System: Using Technology to Drive
Performance,” p. ii (November 2008).
My experience as State CIO made me quite sensitive to process issues in IT procurement. That is why, when
it came to my attention, shortly after my appointment, that some of the IT contracts executed during my
predecessor’s tenure may not have followed appropriate state laws and policies, I immediately contacted
your office to conduct an audit. At about the same time, I was able to replace the Receivership’s former
CIO – who had no prior state government experience – with a CIO, Jamie Mangrum, who had decades of

23

24

California State Auditor Report I2008-0805

January 2009

Letter to Elaine Howle
Re:  Investigative Report No. I2008-0805
January 15, 2009
Page 2 of 2

state IT experience, and I directed Mr. Mangrum to immediately begin reviewing our processes to ensure
compliance with state law. As previously found by the federal court in Plata v. Schwarzenegger, not only
was the clinical side of the prison medical system broken prior the Receivership, but the administration
of the contracting system was also in shambles. See generally March 30, 2006 Order re State Contracts
and Contract Payment Relating to Service Providers for CDCR Inmates. While progress has been made
in this regard, for better or for worse, the greater balance of the resources of the Receivership under my
predecessor were applied to addressing the abhorrent clinical conditions on the ground in the prisons.
This, as found by Mr. Mangrum and made clear by your report, may have been at the expense of the need
to focus a greater degree of effort on much needed administrative controls. Mr. Mangrum, for example,
discovered that policies and procedures had simply not been implemented. Subsequently, we began to
establish those polices as soon as possible. In addition, we have also worked closely with the Department
of General Services to ensure that the continuing use of services from the IT vendor at the center of your
investigation is appropriate and in the best interest of the state. To that end we have sought and obtained
an appropriately justified approval for an NCB for the ongoing use of the services.
The results of your audit confirm my fears that the one bad IT contract I had seen was but the tip of an
iceberg. Your audit also confirms that Mr. Mangrum’s quick actions to establish policies resulted in immediate
improvements. Recent actions since the completion of your investigation, for example, the adoption of a
formal policy governing use of the federal court’s waiver of state contracting laws, will also lead to further
improvements. Achieving perfection in processing IT contracts remains a challenge under the state’s overly
complex IT procurement rules, but I am heartened at our improvements and confident that, with the
information provided to us by your audit, we can do even better.
Sincerely,
(Signed by: John Hagar for)
J. Clark Kelso

California State Auditor Report I2008-0805

January 2009

(Agency response provided as text only.)
Department of Corrections and Rehabilitation
Office of the Secretary
P.O. Box 942883
Sacramento, CA 94283-0001
January 14, 2009
Ms. Elaine Howle, State Auditor
California State Auditor
Bureau of State Audits
555 Capitol Mall, Suite 300
Sacramento, CA 95814
Dear Ms. Howle:
Thank you for providing us a copy of your draft report concerning your investigation into the California
Prison Health Care Services’ (Receiver) improper contracting decisions and poor internal controls.
We agree with the factual findings in your report regarding improper contracting. In fact, it was California
Department of Corrections and Rehabilitation (CDCR) employees who correctly identified many of these
concerns in the first place. In each instance regarding the 45 purchase orders that your report deems
improper, it was CDCR employees who correctly identified these improprieties, raised their concerns to
the Receiver’s office and refused to execute these purchase orders. We agree with the suggestion in your
report that our managers must continue to review contract documentation and abort any transactions
that violate applicable contracting requirements. We also appreciate your recommendation to improve our
communication with the Receiver’s office to ensure our continued future compliance in this regard. We look
forward to doing so.
Thank you for your work in this area. If you have any questions or need additional information, please
contact me at (916) 323-6001.
(Signed by: Matthew L. Cate)
MATTHEW L. CATE
Secretary

25

26

California State Auditor Report I2008-0805

January 2009

cc:	

Members of the Legislature
Office of the Lieutenant Governor
Milton Marks Commission on California State
Government Organization and Economy
Department of Finance
Attorney General
State Controller
State Treasurer
Legislative Analyst
Senate Office of Research
California Research Bureau
Capitol Press