Community Action Agencies in Massachusetts are now facing other IT-related issues besides the increasing burdens of data collection and reporting, the need to upgrade staff skills, and the lack of sufficient resources to keep up with changing technology. MASSCAP’s assessment reveals that other needs exist among many CAAs. These are described in this section.
Very few CAAs showed us any written agency-wide IT planning documents. CAPIC and HCAC are the only agencies that produced such documents. One other—CAAS—has an IT plan for one of its programs. And CAI recently--inspired by MASSCAP's May 1999 IT Conference--has launched an IT planning process. (To view a sidebar on CAI's planning efforts, click here.)
Yet in interviews at numerous agencies (but not a majority), we sensed that some key staff have given a great deal of time and effort to thinking about how they would like to expand and improve their IT systems. ABCD and, more recently, MOC, are the best examples. Representatives of several agencies told us that they intended to include IT goals in the strategic plans that they were doing for DHCD. Some of them, such as QCAP and SSCAC, offered specific MIS/IT goals and objectives that they were debating.
However, for other CAAs, formal IT planning is not taking place for one reason or another. In a handful of these agencies, the decision not to do it has been a conscious one. One relatively technologically savvy CAA executive director, who strongly believes in his agency’s need to become more technologically advanced, put it this way:
"You’re asking me about developing a technology plan? In the bookcase behind me, you’ll find several manuals about technology planning. So, you might ask, why am I not using these materials and doing it? I’m not doing it for one simple reason: I would have to invest a lot of money and staff hours to do good planning. But I can’t make that commitment when I honestly don’t think that we will be able to secure the resources to meet most of the goals that emerge from that process."
This executive director makes a good point and supports it with a strong rationale. But when staff at other CAAs were asked about IT planning, their reactions suggested that the concept had never occurred to them. It seemed as if these staff—even though many of them were relatively technologically sophisticated—think about IT issues as something that their organizations typically react to, not something that their organizations try to take control of.
Most CAAs lack written policies and procedures that cover most aspects of their information technology systems. We found that a few agencies have written policies and procedures that covered a few items on our check list (click here to see the sidebar for a list of areas covered) during our site visits, and a few others had such documents on a few other issues. Overall, most CAAs had a couple of written policies and procedures on something or other that was on the list. (A few samples of CAA policies that do exist appear as appendices.) Most CAAs said that they had unwritten policies that pertained to other items on our list, or else they said that other written agency policies covered such items. Yet most interviewed admitted that whatever written policies and procedures that they did have might be insufficient.
Thus, when we interviewed CAAs, we received a mixed message about formal agency policies and procedures that were in effect regarding IT systems and related subjects. We have concluded that most Massachusetts CAAs lack written policies relating to this technology and its use that would potentially protect them against potential trouble—in the legal sense, especially pertaining to handling of client records, etc., or in the use (or misuse) of these systems by their own staff members, as a result of either benign neglect or malicious intent. None of the agencies had any policies regarding e-mail despite the increasing utilization of it within several of these organizations.
While most CAAs reported that they had some standard procedures for computer users in such areas as back-up, system maintenance, security, protection of confidential client records, and software registration, few of them had put any of these in writing. This fact left us wondering about how consistently and widely such procedures are communicated throughout these agencies. It also raised questions as to whether or not these procedures are understood by computer users and how widely they are followed—especially given widespread testimony about the lack of basic IT knowledge among many CAA staff.
Practically every CAA has someone on staff—if not an MIS/IT staff, then another staff who effectively plays that role—who is reasonable knowledgeable about IT systems, products, and the choices available. Many of these staff research products by regularly perusing product reviews and other articles in computer magazines and journals, or downloading such information from the Web. In some cases, CAAs rely on consultants they utilize for some facet of IT for advice.
Usually, MIS/IT staff or, at other agencies, the staff who handle most MIS/IT functions, make the decisions about which products to purchase. Final decisions typically are made by the finance director, associate director, or executive director. The types of vendors from whom Massachusetts CAAs buy hardware, software, peripherals, and supplies run the gamut. Some agencies primarily purchase from large mail order houses and/or computer makers; others from chain office supply stores; others from local firms that assemble their own PCs.
One of the issues we raised during site visits was the idea that CAAs might yield some savings by jointly purchasing—perhaps through MASSCAP—computer equipment, software, and supplies. The response to this idea was decidedly mixed. Some strongly felt it was worth pursuing. A few were ambivalent. About half of those asked were against the idea. Some cited the fact that different agencies had different needs and product preferences. Others wanted to support local vendors. A few thought that the inherent complexities in such a statewide scheme would outweigh the little savings that they felt would result.
CAAs’ Efforts to Address "The Y2K Problem"
Nearly all the state’s CAAs are well aware of the threat posed by "The Year 2000 Bug" to their computer systems. However, not all agencies were cognizant of all the possible implications, including the fact that several older versions of commonly used software all have potential problems (some "patches" to fix these problems are now available from these software developers), and that devices such as thermostats and elevators may also be affected. By late winter and early spring of 1999 when our site visits took place, about half the agencies had already taken steps toward solving their problems. A couple of agencies had created internal ad hoc committees to address Y2K. Several other agencies had developed check lists, and the remaining ones indicated that they were planning to address the issue by summer.
MASSCAP disseminated to all CAAs a useful publication by the U.S. Department of Health and Human Services on Y2K written especially for health and human services organizations. Also, MASSCAP added a special page to its Web site (www.masscap.org) in the "Members Only" section that contains links to a score of other Web sites that contain much information on Y2K. In addition, MASSCAP held a roundtable discussion on Y2K at its IT conference in May 1999.
One CAA administrator, after discussing the steps her agency was taking, told us: "I’m not so worried that we won’t be prepared, but I do worry about some of the our state funding agencies. I’m not so sure about their systems—I’m concerned that we may not get paid on time."
This is a legitimate concern. However, the Commonwealth of Massachusetts, through its Y2K "czar" who is quoted in a June 20, 1999 Boston Globe article, supposedly is on track to have its systems in compliance by the end of the year. And the state is periodically placing agency-by-agency Y2K compliance progress reports on the Web for viewing by anyone who wishes to monitor its progress in this area.
During the period of the site visits, few CAAs seemed to have considered or have taken any steps to deal with another aspect of the Y2K issue, however. If the Y2K problem results in significant disruption of a major external system—say, the transportation system, for example—it could place additional stresses on CAA clients and, therefore, on CAAs. One CAA staff we interviewed put it this way:
"Suppose word gets out in mid-December that the transportation system, which relies heavily on computers, is filled with problems that will not be fixed in time, and shipments of food to stores may be stopped. Then, there is a run on the supermarkets. But low-income people, because they lack the money, don’t get to the store until the last week of the month. By then, the shelves will be nearly bare. Then, they’ll come to our food program. We’ve got to do some planning and anticipate that we may face extra demands."
Of course, no one can know exactly what will happen when 2000 arrives, and no one can anticipate all possibilities. Moreover, if major disaster strikes, such as widespread prolonged power outages, then it will certainly be beyond the abilities of CAAs to address such problems, despite the fact that many in the community perceive CAAs as places to go when they need help. After all, CAAs are not civil defense agencies. However, as noted above, a few CAAs have realized that they are perceived in their communities as places to which to turn during crises, and are thinking ahead and taking steps to address some of the potential stresses that might come. For instance, CEOC has become involved in the city of Cambridge’s Y2K Task Force and leads a work group addressing potential food shortages. And SSCAC is considering purchasing electrical generators for its day care sites.
MASSCAP should find ways to provide technical assistance to CAAs that would like to engage in technology planning. Through MASSCAP, members should share their written plans.
MASSCAP’s IT Committee is already following up on one suggestion that emerged in the midst of the site visits—that it collect sample written IT-related policies and procedures that do exist at various CAAs and other organizations, and use them as the basis for developing boilerplate documents that will be available to its members. Also, MASSCAP held a workshop on this topic at its May 1999 IT conference that included a presentation by a legal expert in that area.
MASSCAP should encourage the sharing of IT product information among members through its Web site. Many of those interviewed felt that the experiences of other CAAs with particular IT products would be very beneficial to them when it comes to making significant purchasing decisions.
MASSCAP has already followed up on suggestions made by members during this project’s assessment process regarding Y2K. However, if members detect that some of their state funding agencies are experiencing Y2K compliance problems that could adversely affect CAAs, they should bring them to the attention of MASSCAP, which could then raise them with these state agencies.
Individual CAAs that have not developed written information technology plans, or included such plans within their CSBG strategic plans, should strongly consider doing so. The thinking and discussion that takes place during the planning process can yield new ideas and solutions to problems as well as uncover important issues that have been overlooked. Merely articulating goals and objectives will not bring about results absent the resources to achieve them. Yet if goals and objectives are not articulated, it is less likely that the resources will be found to meet them. Of course, even the best plans sometimes must be adjusted to deal with changing circumstances. CAAs that have developed (or will develop) internal IT committees, could use these groups for planning as well as for communications, problem-solving, education, and support.
CAAs that lack written policies and procedures for many aspects of IT should develop them—and the boilerplate being developed by MASSCAP should make the work easier. The absence of some written policies at most CAAs does place these agencies at some legal risk. Moreover, if standard procedures for using IT have not been consistently and widely disseminated, it is very difficult to get staff to follow them and even harder to enforce them.
Any CAAs that have not already begun to bring their key systems into Y2K compliance had better get started—this is not one of those tasks that they can put off until next year!
Management groups at CAAs should be thinking about other major possible implications of the Y2K problem that may affect their communities and their clients—and in turn themselves—and brainstorming steps they need to take to prepare. Also, CAAs that are not participating in any local community task forces to prepare for the crisis should see whether such groups exist in their areas, and if so, send a representative.