143B-1340. Project management.

(a) Overall Management. - All information technology projects shall be managed through a standardized, fully documented process established and overseen by the State CIO. The State CIO shall be responsible for ensuring that participating agency information technology projects are completed on time, within budget, and meet all defined business requirements upon completion. For separate agency projects, the State CIO shall ensure that projects follow the Department's established process and shall monitor schedule, budget, and adherence to business requirements. For all projects, the State CIO shall establish procedures to limit the need for change requests and shall report on this process to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division by January 1, 2016.

The State CIO shall also ensure that agency information technology project requirements are documented in biennial information technology plans. If an agency updates a biennial information technology plan to add a new project, the State CIO shall immediately report to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division on the reasons for the new requirement, the costs, and the sources of funding.

An agency that utilizes the system or software shall be designated as the sponsor for the information technology project or program and shall be responsible for overseeing the planning, development, implementation, and operation of the project or program. The Department and the assigned project managers shall advise and assist the designated agency for the duration of the project.

(b) Project Review and Approval. - The State CIO shall review, approve, and monitor all information technology projects for State agencies and shall be responsible for the efficient and timely management of all information technology projects for participating agencies. Project approval may be granted upon the State CIO's determination that (i) the project conforms to project management procedures and policies, (ii) the project does not duplicate a capability already existing in the State, (iii) the project conforms to procurement rules and policies, and (iv) sufficient funds are available.

(c) Project Implementation. - No State agency, unless expressly exempt within this Article, shall proceed with an information technology project until the State CIO approves the project. If a project is not approved, the State CIO shall specify in writing to the agency the grounds for denying the approval. The State CIO shall provide this information to the agency and the Office of State Budget and Management within five business days of the denial.

(d) Suspension of Approval/Cancellation of Projects. - The State CIO may suspend the approval of, or cancel, any information technology project that does not continue to meet the applicable quality assurance standards. The State CIO shall immediately suspend approval of, or cancel, any information technology project that is initiated without State CIO approval. Any project suspended or cancelled because of lack of State CIO approval cannot proceed until it completes all required project management documentation and meets criteria established by the State CIO for project approval, to include a statement from the State CIO that the project does not duplicate capabilities that already exist within the executive branch. If the State CIO suspends or cancels a project, the State CIO shall specify in writing to the agency the grounds for suspending or cancelling the approval. The State CIO shall provide this information to the agency within five business days of the suspension.

The Department shall report any suspension or cancellation immediately to the Office of the State Controller, the Office of State Budget and Management, the Joint Legislative Oversight Committee on Information Technology, and the Fiscal Research Division. The Office of State Budget and Management shall not allow any additional expenditure of funds for a project that is no longer approved by the State CIO.

(e) General Quality Assurance. - Information technology projects authorized in accordance with this Article shall meet all project standards and requirements established under this Part.

(f) Performance Contracting. - All contracts between the State and a private party for information technology projects shall include provisions for vendor performance review and accountability, contract suspension or termination, and termination of funding. The State CIO may require that these contract provisions include a performance bond, monetary penalties, or require other performance assurance measures for projects that are not completed within the specified time period or that involve costs in excess of those specified in the contract. The State CIO may utilize cost savings realized on government vendor partnerships as performance incentives for an information technology vendor.

(g) Notwithstanding the provisions of G.S. 114-2.3, any State agency developing and implementing an information technology project with a total cost of ownership in excess of five million dollars ($5,000,000) may be required by the State CIO to engage the services of private counsel or subject matter experts with the appropriate information technology expertise. The private counsel or subject matter expert may review requests for proposals; review and provide advice and assistance during the evaluation of proposals and selection of any vendors; and review and negotiate contracts associated with the development, implementation, operation, and maintenance of the project. This requirement may also apply to information technology programs that are separated into individual projects if the total cost of ownership for the overall program exceeds five million dollars ($5,000,000).