A REPORT
TO THE

ARIZONA LEGISLATURE

Performance Audit Division
Special Audit

Review of Selected State
Practices for Information
Technology Procurement

November • 2013
REPORT NO. 13-14

Debra K. Davenport
Auditor General

The Auditor General is appointed by the Joint Legislative Audit Committee, a bipartisan committee composed of five senators and five
representatives. Her mission is to provide independent and impartial information and specific recommendations to improve the operations of state and local government entities. To this end, she provides financial audits and accounting services to the State and political
subdivisions, investigates possible misuse of public monies, and conducts performance audits of school districts, state agencies, and
the programs they administer.

The Joint Legislative Audit Committee
Senator Chester Crandell, Chair

Representative John Allen, Vice Chair

Senator Judy Burges
Senator David Farnsworth
Senator Steve Gallardo
Senator Katie Hobbs
Senator Andy Biggs (ex officio)

Representative Paul Boyer
Representative Andrea Dalessandro
Representative Martin Quezada
Representative Kelly Townsend
Representative Andy Tobin (ex officio)

Audit Staff
Dale Chapman, Director
Jeremy Weber, Manager and Contact Person
Monette Kiepke, Team Leader
Laura Long
David Packard
Richie Rinaldi

Copies of the Auditor General’s reports are free.
You may request them by contacting us at:

Office of the Auditor General

2910 N. 44th Street, Suite 410 • Phoenix, AZ 85018 • (602) 553-0333
Additionally, many of our reports can be found in electronic format at:

www.azauditor.gov

STATE OF ARIZONA
OFFICE OF THE

DEBRA K. DAVENPORT, CPA
AUDITOR GENERAL

MELANIE M. CHESNEY

AUDITOR GENERAL

DEPUTY AUDITOR GENERAL

November 25, 2013

The Honorable Andy Biggs, President
Arizona State Senate

The Honorable Andy Tobin, Speaker
Arizona House of Representatives

Members of the Arizona Legislature

The Honorable Janice K. Brewer,
Governor

Mr. Brian C. McNeil, Director
Arizona Department of Administration
Transmitted herewith is a report of the Auditor General, A Review of Selected State
Practices for Information Technology Procurement. This report is in response to Laws 2013,
Ch. 100, and was conducted under the authority vested in the Auditor General by Arizona
Revised Statutes §41-1279.03. I am also transmitting within this report a copy of the report
highlights for this audit to provide a quick summary for your convenience.
As outlined in its response, the Arizona Department of Administration agrees with all of the
findings and plans to implement all of the recommendations.
My staff and I will be pleased to discuss or clarify items in the report.
Sincerely,

Debbie Davenport
Auditor General

Attachment
cc:

Clarence H. Carter, Director
Arizona Department of Economic
Security

John S. Halikowski, Director
Arizona Department of Transportation

Colonel Robert Halliday, Director
Arizona Department of Public Safety
2910 NORTH 44th STREET • SUITE 410 • PHOENIX, ARIZONA

85018 • (602) 553-0333 • FAX (602) 553-0051

Review of Selected State
Practices for Information
Technology Procurement
REPORT
REPORT HIGHLIGHTS
HIGHLIGHTS
SPECIAL
AUDIT AUDIT
PERFORMANCE

Our Conclusion
Pursuant
In
1980 Arizona
to Laws
citizens
2013, Ch.
established
100,
the Office
theof
Arizona
the Auditor
State Lottery
General
has conducted
Commission
a
to oversee
special
audit
theaddressing
Arizona State
Lottery “.state
selected
. . to practices
produce the
for
maximum amount
information
technology
of net(IT)
revenue consonant
procurement
as compared
with
theother
to
dignity
states.
of the
Specifically,
State.”
Eleven
we
analyzed
different
theprograms
State’s
or beneficiaries
practices
in the areas
receiveof
lottery revenues.liability,
indemnification,
We found
that although
insurance,
andsales
warranties.
and
beneficiary
As
with other
distributions
states we have
increased Arizona’s
reviewed,
over the years,
IT
both havehelp
contracts
leveled
to protect
off since
the
fiscal year
State
from 2007.
risk ofThe
loss,Lottery
but
can increase
would
benefitits
from
sales
IT-specific
and
beneficiary
contract
templates.
distributions
We also
by:
(1) expanding
reviewed
best practices
its retailerfor
network,
the
ownership
(2) increasing
of intellectual
the
number ofAlthough
property.
players, Arizona’s
and (3)
better and
terms
managing
conditions
its prize
expenses require
generally
and advertising
state
costs. We also
ownership
of intellectual
found that
the stepsfor
property
theITLottery
projects,
takes
the
to ensure
State
should
game
provide
integrity
options
andintellectual
for
player protection
propertyare
generally comparable
ownership
based on who
to
practices
pays
for the
thatdevelopment
other states
use or In
costs.
recommend,
addition, webut the
Lottery can
analyzed
IT enhance
standardization
these
stepsitsinimpact
and
severalon
ways.
the
procurement process.
Although standardization can
impact procurement, IT must
still be purchased through
a competitive procurement
process.

2010
2013
November
December • Report No. 10-03
13-14

Department’s standard terms and conditions protect the
State, but should be specialized for IT procurement
SPO oversees the State’s procurement process—The Arizona Department of
Administration’s (Department) State Procurement Office (SPO) administers the state
laws and administrative rules that govern the procurement of goods and services for
the State. SPO delegates procurement authority to state agencies, with or without limitations, based on state agencies’ expertise, knowledge, and the impact on efficiency
and effectiveness. Procurements exceeding an estimated $100,000 are solicited
through an invitation for bid or request for proposal, and contracts are awarded to
the vendor whose offer is the most advantageous to the State. The Department has
established uniform and special terms and conditions that are included in solicitations
and become part of the awarded contract.
Terms and conditions transfer liability to
vendors and help ensure product/service
Indemnification—An agreement to
quality—The terms and conditions related
hold a party harmless in the event of
to indemnification, liability, insurance, and
loss or damage.
warranties are intended to protect the State
Liability—The legal responsibility to
by transferring unlimited liability for potential
pay debts or other obligations.
claims to vendors and helping ensure the
quality of materials and services provided.
Insurance—A contract between
Although these terms and conditions are
insurer and insured that indemnifies
generally in line with the standard terms
the insured by making payments in
and conditions used in nine other states we
the event of certain losses.
reviewed, vendors we contacted expressed
Warranty—A promise that a claim is
several concerns with them. In particular,
true.
vendors were concerned that the terms and
conditions do not limit vendor liability, which
they reported transfers too much financial
risk to them relative to the value of the contract. Additionally, although the State can
negotiate these terms and conditions and did negotiate them in some contracts
we reviewed, vendors expressed concerns regarding the State’s willingness to
negotiate. Some vendors indicated that these concerns affect their participation in the
procurement process, such as not responding to a solicitation or submitting proposals
with exceptions to the terms and conditions.
Department should develop IT-specific contract templates—IT-specific contract
templates could help ensure that terms and conditions are appropriate, streamline
the negotiation process, and help address some vendor concerns. The Department
developed IT-specific contract terms and conditions in May 2012, including a provision
that allows for limiting vendor first-party liability to an amount that is equal to or a
specified multiple of the contract value. However, other states we reviewed have
developed separate contract templates that are relevant to the procurement of IT
materials and/or services. These templates provide terms and conditions that also can
be modified prior to solicitations or through the negotiation process, as appropriate.
States with these templates reported that the modifications have strengthened their
relationship with vendors, reduced the need for negotiation, or increased efficiency in
the procurement process.

Recommendations
The Department should:
Review existing terms and conditions;
Seek direction from the Legislature and/or Governor, as appropriate;
Develop and use specialized templates with IT-specific terms and conditions;
Develop and implement policies and procedures to regularly review the templates; and
Provide training and/or written guidance for the use and modification of templates.

•
•
•
•
•

Department should further modify intellectual property terms and
conditions
The State’s existing standard terms and conditions generally require state ownership of intellectual property
created as a result of a contract. In contrast, the Federal Acquisition Regulation (FAR) provides for three options
for intellectual property rights based on whether the government pays for all, a portion, or none of the
development costs. Intellectual property rights were a concern for several vendors we interviewed, and vendors
requested modifications to the intellectual property terms and conditions in most of the requests for proposal
we reviewed, which the State agreed to in some cases. Although the Department created an IT-specific
intellectual property provision in May 2012 that is similar to one of the FAR’s options, it should include the
options described in the FAR in the IT-specific contract templates we recommend that it develop.
Recommendation
The Department should include options for intellectual property rights, as described in the FAR, in the
IT-specific contract templates.

IT standardization can impact procurement, but IT must still be purchased
through a competitive procurement process
Standardization can occur at any level of an IT system, including computing platforms such as mainframes,
servers, and personal computers; operating systems; and applications. The Department’s Arizona Strategic
Enterprise Technology Office is responsible for setting state-wide IT standards and standardization efforts.
Some goals of standardization are to reduce costs and increase efficiencies. For example, the State has
purchased a single, state-wide financial accounting system to be used by all agencies instead of each having
its own system. Standardization can also affect specifications or the scope-of-work requirements for a particular solicitation. For example, an agency with specific requirements may develop solicitation specifications or
scope-of-work requirements to ensure compatibility with existing systems. However, standardization can lead
to state agency concerns about standards requiring changes to agency operations, increasing costs, or not
meeting agency needs.
Although IT standardization can impact procurement, IT materials and services must still be competitively
procured. Similar to Arizona, states we reviewed reported that they do not develop IT standards specifying a
particular product or vendor and that contracts must be awarded through a competitive procurement
process.

Review of
Arizona
State
Selected
Lottery
State
Commission
Practices
for and
Information
Arizona State
Technology
Procurement
Lottery

A copy of the full report is available at:
www.azauditor.gov
Contact person:
Jeremy
Dot Reinhard
Weber(602)
(602)553-0333
553-0333

REPORT HIGHLIGHTS

PERFORMANCE
SPECIAL AUDIT

November
December 2013
2010 • Report No. 13-14
10-03

TABLE OF CONTENTS
Introduction
Chapter 1: Department’s standard terms and conditions protect
the State, but should be specialized for IT procurement

1

3

Standard contract terms and conditions protect the State

3

Vendors have concerns regarding terms and conditions and
negotiation process

6

Department should develop contract templates with IT-specific terms
and conditions

8

Recommendations

Chapter 2: Department should further modify intellectual
property terms and conditions
Recommendation

10
13
15

Chapter 3: IT standardization can impact procurement,
but IT must still be purchased through a
competitive procurement process

17

Department responsible for IT standardization

17

Standardization can impact procurement, but procurement code
must still be followed

18

Other Pertinent Information: Vendor concerns regarding
state-wide contracts

21
continued

Office of the Auditor General
page

i

TABLE OF CONTENTS
Appendix A: Methodology
Agency Response

concluded

State of Arizona
page

ii

a-1

INTRODUCTION
Scope and Objectives

Laws 2013, Ch. 100, required
the Office of the Auditor
General to conduct a
special audit addressing the
procurement of information
technology (IT) materials and
services. Specifically, the law
required the audit to provide
the following information:
analysis of the State’s
• An
IT procurement method-

ology and strategies in
comparison to other states
for identification of best
practices in the areas of
warranties, indemnification,
liability, and insurance (see
Chapter 1, pages 3 through
11).

practices for the
• Best
management and owner-

ship of intellectual property
(see Chapter 2, pages 13
through 15).

analysis of IT platform
• An
standardization and its

impact on the procurement
process in comparison to
other states (see Chapter 3,
pages 17 through 19).

The law further directed
the audit to focus on IT
solicitations and contracts
awarded for fiscal year 2012
by four state agencies as
determined by the Auditor
General. Agencies were
selected based on volume
of IT spending and are
the Arizona Department
of Administration, Arizona
Department of Economic
Security, Arizona Department
of Public Safety, and Arizona
Department of Transportation.
Finally, this report includes
information on vendors
who have state-wide IT
contracts, but who receive
little or no business from
state agencies (see Other
Pertinent Information, pages
21 through 22).

State laws and regulations govern IT
procurement
Unless otherwise exempted by statute, state agencies are required to follow
the Arizona procurement code when procuring materials and services,
including IT materials and services (see textbox). The procurement code
comprises various statutes and administrative rules administered by the State
Procurement Office (SPO), which is a division of the Arizona Department of
Administration (Department) and is led by a state procurement administrator.
Although SPO serves as the
central procurement authority
IT procurement—Statute defines IT as all
for the State, the state
computerized and auxiliary automated
information processing,
procurement administrator may
telecommunications, and related
delegate limited or unlimited
technology, including hardware, software,
procurement authority to state
vendor support and related services,
agencies based on certain
equipment, and projects. As such, IT
criteria, including expertise,
procurement covers a wide array of
knowledge, and impact on
materials and services, ranging from
efficiency and effectiveness.1
software applications, computers, and
This allows an agency to make
network equipment to IT consulting, web
purchases up to its delegated
design, and maintenance and support
dollar limit without SPO’s
services.
involvement, although the
Source: Auditor General staff review of Arizona Revised
agency must still follow the
Statutes §41-3501 and IT-related contracts.
procurement code.
The procurement code generally requires that contracts be awarded through
a competitive sealed bidding process. This is done by issuing a solicitation,
which is an invitation or request for vendors to submit offers (see textbox, page
2). Purchases estimated to exceed $5,000 but less than $100,000 should be
solicited through a request for quotation, while purchases of $100,000 or more
should be solicited through an invitation for bid or a request for proposal. The
procurement code requires that vendors’ offers be evaluated based on how
well they meet the requirements described in the solicitation. For a request for
proposal, vendors are also evaluated on other factors, including their financial
resources, personnel, and past performance. After evaluation, procurement
officers may award the contract to the vendor whose offer is most advantageous
to the State or negotiate with vendors to improve their offers in areas such as
price, specifications, performance, or terms and conditions. In addition, SPO
awards state-wide contracts through which state agencies and other political
subdivisions can purchase materials and services without having to issue

1 The Department has delegated unlimited procurement authority to the other three agencies included within the

scope of the audit.

Office of the Auditor General
page

1

Types of competitive solicitations
Request for Quote (RFQ)—An informal solicitation method used for purchases estimated to exceed
$5,000 but less than $100,000. Agencies are generally required to purchase from small businesses.
Invitation for Bid (IFB)—A formal solicitation method used for purchases estimated at $100,000 or
more. Contracts are awarded to the lowest responsible and responsive bidder that conforms in all
material respects to the requirements and criteria set forth in the solicitation. IFBs are appropriate for
procuring materials, such as large specialized printers and printer replacement parts, where
negotiating terms and conditions is not necessary.
Request for Proposal (RFP)—A formal solicitation method used for purchases estimated to be
$100,000 or more. Unlike IFBs, the State may negotiate with responsible offerors that are susceptible
for award. Contracts are awarded to offerors whose proposals are deemed to be the most
advantageous to the State based on price and other factors. RFPs are appropriate for procuring
materials and/or services, such as network equipment and services or state information systems,
where negotiations may be necessary.
Source:

Auditor General staff review of the Arizona Procurement Code.

individual solicitations (see pages 21 through 22 for Other Pertinent Information about state-wide
contracts).1
The State has established both uniform and special terms and conditions to help guide the
preparation of solicitations. The uniform terms and conditions contain basic terms and conditions
that generally apply to most types of purchases and are included in each solicitation. The special
terms and conditions are optional, preapproved terms and conditions that can be used to
supplement or override the uniform terms and conditions, as needed. For example, the uniform
terms and conditions do not address insurance requirements, but various special terms and
conditions can be used to do so. In addition, although the uniform terms and conditions require a
1-year warranty on materials, various special terms and conditions can stipulate a different warranty
period, such as 90 days. The uniform and special terms and conditions included in the solicitation,
as well as any modifications to them that are negotiated with vendors, then become part of the
awarded contract.

1 Other Arizona political subdivisions include cities, counties, school districts, and other special districts. As of September 2013, statute also

allows certain nonprofit organizations to purchase from state-wide contracts.

State of Arizona
page

2

CHAPTER 1
The Arizona Department of
Administration (Department),
in collaboration with the
Attorney General’s Office,
has established standard
terms and conditions related
to liability, indemnification,
insurance, and warranties
designed to protect the State
by transferring unlimited
liability for potential claims to
vendors and helping ensure
the quality of materials and
services provided. These
terms and conditions
are generally in line with
those used by other states
auditors reviewed, but
vendors have expressed
several concerns with them.
Although the terms and
conditions can be negotiated,
vendors expressed
concerns regarding the
State’s willingness to
negotiate, which may
affect their participation in
the procurement process.
To ensure that terms and
conditions are appropriate
for information technology
(IT) procurements, the
Department should
develop and periodically
review separate contract
templates with IT-specific
terms and conditions similar
to other states’ practices.
Implementation of this
practice could streamline
the negotiation process
and address some vendor
concerns.

Department’s standard terms and
conditions protect the State, but should be
specialized for IT procurement
Standard contract terms and conditions protect the
State
The Department, in collaboration with the Attorney General’s Office, has
established uniform and special terms and conditions related to indemnification,
liability, insurance, and warranties that are intended to protect the State (see
textbox for definitions). Although auditors did not identify best practices
regarding these specific terms and conditions, Arizona’s terms and conditions
are generally in line with standard terms and conditions in other states
reviewed. Modifications to Arizona’s terms and conditions may be negotiated
with vendors, but some changes require the Department’s approval.
Indemnification—An agreement to hold a party harmless in the event of loss
or damage.
Liability—The legal responsibility to pay debts or other obligations.
Insurance—A contract between insurer and insured that indemnifies the
insured by making payments in the event of certain losses.
Warranty—A promise that a claim is true.
Source:

Gifis, S.H. (Ed.). (2003). Law dictionary (5th ed.). Hauppauge, NY: Barron’s Educational Series,
Inc.

Terms and conditions transfer liability to vendors and help
ensure product/service quality—The terms and conditions related
to liability, indemnification, insurance, and warranties are intended to protect
the State. With some exceptions, these requirements are generally in line
with standard terms and conditions used in nine other states that auditors
reviewed.1 Specifically:

•

Indemnification and liability—The indemnification terms and
conditions are intended to protect the State by transferring liability to
vendors. Liability is the legal responsibility to pay debts or other
obligations, such as damages awarded for first- and third-party claims

1 Auditors reviewed the standard terms and conditions used by nine other states for IT procurement. These

states were California, Iowa, Nevada, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah (see
Appendix A, page a-1, for additional information on how these states were selected).

Office of the Auditor General
page

3

(see textbox). Specifically, the indemnification terms and conditions included in the
solicitations transfer liability to vendors for third-party claims that are not caused by the State’s
negligence. In addition, the terms and conditions do not limit vendors’ liability for first- and
third-party claims, meaning that a vendor would need to pay the full amount of any awarded
damages, including direct and indirect damages. According to department officials, these
terms and conditions were developed because good business practices dictate protecting
the State from claims or lawsuits resulting from alleged vendor negligence and because the
Arizona Constitution prevents the limitation of damages that can be awarded in the event of
a claim.1 Further, statute prohibits the State from incurring any obligations for which there has
not been an appropriation. Because a limitation of damages would make the State liable for
any unpaid damages, such a limitation has the effect of creating a state obligation. However,
Arizona Revised Statutes (A.R.S.) §41-621(V) gives the Department authority to limit the
liability of a vendor who contracts with the State, and this can be negotiated on a case-bycase basis with approval from the Department’s State Risk Manager (see pages 5 through 6
for additional discussion about negotiated modifications to terms and conditions).2
First- and third-party claims for damages
Damages—In law, damages are an award of money to be paid to a person or entity as compensation
for loss or injury. Damages can be direct and indirect. Direct damages are compensation for actual
losses, such as lost wages or medical bills, while indirect damages are compensation for intangible
losses, such as pain and suffering.
First-party claim for damages—The State and the vendor that contracts with the State are first
parties. Examples of potential claims by the State against a vendor could be for the costs associated
with failure to develop a system in accordance with contract specifications or damage to state
property.
Third-party claim for damages—A person or entity who is associated with neither the State nor the
vendor but who suffered a loss or injury as a result of their actions could make a claim for damages.
Examples of potential claims by a third party include a data breach that results in identity theft or a
failure of a 911 system that leads to a lack of incident response. The affected persons could file a
third-party claim for the damages to recoup their losses.
Source:

Gifis, 2003

The nine others states auditors reviewed have similar standard terms and conditions that
transfer liability to the vendor. Similar to Arizona, none of the states limit vendors’ liability for
third-party damages. However, six states limit vendors’ liability for first-party damages. In
addition, five of these six states use a default multiple of the contract value to limit this liability
for certain types of IT purchases. Specifically, California limits liability to twice the amount of
the contract value for purchases of IT goods, nonproject-related services, and low-risk IT

1 A.R.S. Const. Art. 2, §31, and Art. 18, §6
2 The State Risk Manager leads the Department’s Risk Management division, which is responsible for protecting the State’s assets from loss

and minimizing employee injuries. The division provides insurance coverage to state agencies and employees for property, liability, and
workers compensation losses.

State of Arizona
page

4

projects.1 Oregon limits liability to the amount of the contract value for software purchases and
consulting services. However, officials from California and Oregon reported that these terms
and conditions may be modified depending on the purchase.

•

Insurance—The insurance terms and conditions require vendors to carry insurance against
potential third-party claims for personal injury, death, and property damage, thus ensuring that
vendors will have the financial means to pay claims. Vendors are also required to name the
State as an additional-insured on the insurance policies. In addition, vendors are required to
provide a certificate of insurance as proof of insurance, and may be required to provide copies
of insurance policies upon request.
Similar to Arizona, all nine states require vendors to have insurance. Additionally, seven of the
states require vendors to list the state as an additional-insured on their policies. Further, six of
the states require certificates of insurance; however, only one other state also requires that
vendors provide copies of insurance policies upon request.

•

Warranty—The warranty terms and conditions require vendors to guarantee for a period of
time that contract deliverables are free of liens, of industry quality, fit for their intended purpose,
and compliant with applicable laws.2 The terms and conditions provide four options for the
warranty period length: 90 days, 1 year, lifetime guarantee, or any other length determined by
the contracting agency. In addition, the terms and conditions require vendors to provide
remedies for failure to meet these warranties. For example, some of the warranty special terms
and conditions require that the contractor fully correct any defects in design, workmanship, or
materials at no cost to the State. Vendors are required to maintain contractual insurance levels
through the warranty period.
Similar to Arizona, six of the nine states require vendors to provide a warranty that products
and services will perform as expected and/or meet contract specifications. The warranty
period required by these states is either 90 days, 1 year, or not specified. However, only two
of the nine states require a warranty for materials to be free of liens. In addition, only two other
states require a warranty that products be fit for intended purposes.

Terms and conditions may be negotiated at the State’s discretion—The Department’s
State Procurement Office (SPO) and state agencies with delegated procurement authority may
negotiate modifications to terms and conditions when using a request for proposal (RFP); however, modifications to the indemnification and liability terms and conditions require approval from
the Department’s State Risk Manager.3 Department officials reported that the decision to negotiate
may depend on various factors, such as the State’s specific needs, the timing of the procurement,
the particular industry, the competitive environment, and vendors’ responses to the RFP, which can
either accept the terms and conditions as included in the RFP or propose alternative terms and
1 A California official reported that California has since revised its terms and conditions to limit liability to the amount of the contract value

effective November 2013.

2 A lien is a charge, hold, claim, or encumbrance on property as security for some debt.
3 The State Risk Manager reviews requests for modifications to indemnification and liability terms and conditions based on the purchasing

agency’s review of exposures and risk to assess the level of risk of loss to the State resulting from the requested modification. According to
Risk Management, if the State Risk Manager approves exceptions, the purchasing agency agreeing to the exceptions becomes responsible
for any first-party damages that exceed the vendor’s liability.

Office of the Auditor General
page

5

conditions. According to department officials, an evaluation of the initial responses to an RFP
drives the basis or decision for negotiation; however, if qualified proposals are submitted without
exceptions to the terms and conditions, the State may not need to negotiate. If qualified proposals
request exceptions, negotiations may be necessary. Additionally, department officials indicated
that negotiating on a case-by-case basis helps protect the State’s interests by negotiating the
terms and conditions only when necessary.
Still, these terms and conditions are negotiated in some contracts. Of the 14 IT-related RFPs
issued or awarded in fiscal year 2012 that auditors reviewed, 3 contained modifications to the
indemnification, liability, insurance, and/or warranty requirements in the awarded contracts.1 For
example, in the contract for replacing the Arizona Department of Transportation’s (ADOT)
ServiceArizona© Web site, the State negotiated a limitation of liability that limited the vendor’s total
liability to the value of the contract. All three vendors responding to the RFP had requested
exceptions to various terms and conditions, and the limitation of liability was negotiated with the
awarded vendor because ADOT felt this was an acceptable financial risk given its experience with
the vendor.

Vendors have concerns regarding terms and conditions and
negotiation process
Contract theory indicates that there is inherent tension between contracting parties who behave in
their own best interests. Vendors that auditors contacted expressed several concerns regarding the
State’s standard terms and conditions for indemnification, liability, insurance, and warranties, as well
as the State’s approach to negotiations for IT procurements.2 Specifically:

•

Standard terms and conditions concerns—Of the four terms and conditions discussed in this
chapter, vendors that auditors interviewed expressed the greatest concerns regarding liability.3
Specifically, several vendors indicated that the State’s standard indemnification terms and
conditions do not limit vendor liability. Some vendors claimed that not limiting total liability
transfers too much financial risk to them relative to the value of the contract. In addition, some
vendor representatives from publicly traded companies stated that agreeing to unlimited liability
was unacceptable to their shareholders because it could affect their financial position. These
vendors stated that, as a result, they generally submit proposals with exceptions to these terms
and conditions, which could put them at a disadvantage compared to vendors who submit
proposals without exceptions. For 6 of the 14 RFPs that auditors reviewed, one or more vendors
proposed a change to the terms and conditions to limit liability. Additionally, as stated previously,
although none of the nine states auditors contacted have standard terms and conditions that

1 Auditors reviewed 27 IT-related solicitations issued or awarded in fiscal year 2012 of which 14 were issued through an RFP. An RFP is a type

of formal solicitation for which terms and conditions may be negotiated (see Appendix A, page a-2, for additional information).

2 To obtain vendor input, auditors interviewed six individual vendors and three vendor stakeholder groups. Auditors also conducted a survey

of Arizona Technology Council members, a vendor stakeholder group whose membership includes approximately 175 IT companies
according to the Arizona Technology Council’s CEO. Twenty vendors responded to the survey. Auditors’ conclusions regarding vendor
concerns were based on a combination of evidence obtained from these methods. See Appendix A, page a-1, for additional information.

3 Vendors also expressed concerns with intellectual property terms and conditions (see Chapter 2, pages 13 through 15, for additional

information).

State of Arizona
page

6

limit vendors’ liability for third-party damages, six states’ standard terms and conditions limit
vendors’ liability for first-party damages (see page 8 for additional information regarding
IT-specific special terms and conditions the Department issued in May 2012 that allow for
limitation of vendors’ first-party liability with department approval).
Some vendors also expressed concerns with other specific terms and conditions. For example,
one vendor auditors interviewed expressed a concern with an additional requirement that
vendors provide a copy of insurance policies upon request. This vendor expressed this concern
because insurance policies, which contain sensitive information, would become public
documents if requested. This same concern was noted by 2 vendors in their responses to 1 of
the 14 RFPs auditors reviewed. The State Risk Manager stated that this requirement is included
in the terms and conditions in case of a claim or lawsuit and that copies of insurance policies
are rarely requested. As stated previously, only one other state that auditors reviewed requires
vendors to provide copies of insurance policies upon request. Additionally, another vendor said
it was difficult to comply with the warranty requirement that products be fit for intended purposes
because vendors may not always know the intended purposes, or the purposes may evolve
over time. As stated previously, only two other states that auditors reviewed require a warranty
that products be fit for intended purposes.

•

Negotiation process concerns—Although the State does negotiate terms and conditions with
vendors, several vendors expressed concerns with the State’s approach to negotiations.
Specifically, some vendors auditors interviewed indicated that the State was unwilling to
negotiate. Additionally, vendors responding to auditors’ survey typically reported that the State
was unwilling to negotiate, but vendors with experience in other states reported that Arizona was
as willing or less willing to negotiate as compared to other states. Some vendors also reported
that the State was inconsistent with regard to when it will negotiate. For example, one vendor
stakeholder group indicated that the State appeared unpredictable when it would make
exceptions to terms and conditions. Two vendors auditors interviewed stated they would like to
know what terms and conditions are negotiable at the outset of the process because the
preparation of a solicitation response can require significant effort. For 9 of the 14 RFPs that
auditors reviewed, vendors requested exceptions to the indemnification, liability, insurance, and/
or warranty terms and conditions. The State agreed to modifications to the terms and conditions
in 3 of these 9 RFPs. In 2 of these 3 RFPs, auditors determined that all qualified vendors
requested exceptions, thus requiring the State to negotiate these terms and conditions.
Department officials acknowledged that there are inconsistencies in the negotiation process,
but that consistency in negotiations is challenging because each IT procurement is unique.
Department officials also indicated that, although some inconsistencies may be appropriate
given the circumstances of a particular procurement, other inconsistencies in approach to, or
expertise in, negotiations could be addressed through training.

Although some vendors indicated that they were likely to continue participating in the State’s IT
procurements under the existing terms and conditions and procurement process, some vendors
indicated that they were not. Further, some vendors indicated that these concerns have affected their
participation in the procurement process, including refraining from responding to a solicitation or
submitting proposals with exceptions. Additionally, one vendor stated that it will not participate in
solicitations with unlimited liability. Some vendors indicated that if they bid, their proposal price and

Office of the Auditor General
page

7

other specifications could be impacted to compensate for the State’s terms and conditions. For
example, in one RFP that auditors reviewed, a vendor’s response to the RFP stated that it would be
unable to provide the broad and extensive warranties proposed by the State without significantly
impacting the vendor’s price, and the vendor proposed modified warranty terms.

Department should develop contract templates with IT-specific
terms and conditions
The Department should develop IT-specific contract templates to ensure that terms and conditions
are appropriate for IT procurements. The Department has already developed some IT-specific terms
and conditions. In late 2010 and early 2011, the Department worked with a vendor stakeholder
group, the Attorney General’s Office, and other state agencies to review its terms and conditions as
it relates to IT procurement. As a result of these discussions, in May 2012, SPO issued special terms
and conditions specific to IT purchases that include new terms and conditions in the areas of
limitation of liability, indemnification, and warranties. One of the changes includes a provision that
would allow the State to limit a vendor’s first-party liability to an amount that is equal to a specified
multiple of the contract value. For example, for a $1 million contract with liability limited to three times
the contract amount, the vendor would be responsible for only up to $3 million for damages, even if
the actual loss exceeded that amount. These new IT special terms and conditions can be used on
a case-by-case basis to modify the uniform terms and conditions, but their use requires SPO’s and/
or the State Risk Manager’s approval.
Other states that auditors reviewed have taken additional steps by developing IT-specific contract
templates, including California, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah
(see textbox on page 9 for examples).1 As used in other states, these templates contain default
terms and conditions—including, but not limited to, liability, indemnity, warranty, and insurance—that
are relevant to the procurement of IT materials and/or services. The terms and conditions in the
templates can be modified prior to solicitations or through the negotiation process, as appropriate.
Some states have more than one template, used for different types of procurements. For example,
Pennsylvania developed templates for IT services and software whose warranty terms and conditions
differ from those used for all other procurements, including for IT materials. Specifically, the IT
services template requires a remedy in the case of disruption of operations, while the software
template requires that products be free of viruses, and the standard terms and conditions used for
materials require repair or replacement of purchased items.
Many of these states reported that they developed IT-specific terms and conditions given the
particular needs of IT procurement versus procurement of commodities. Many of these states also
reported that the use of these templates has strengthened their relationship with vendors, reduced
the need for negotiation, or increased the efficiency of the procurement process. Finally, some of
these states reported that they periodically review their contract templates to ensure their continued
appropriateness, which is consistent with best practice.
1 States interviewed were California, Iowa, Nevada, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah. Auditors chose

western states as well as states suggested by vendors and state officials (see Appendix A, page a-1, for additional information on how
these states were selected).

State of Arizona
page

8

Examples of other states’ IT-specific contract templates
California—This state has developed a template for purchasing IT goods, nonproject-related services, and
low-risk IT projects, and is in the process of revising this template with vendor input. California law requires
that its repetitively used terms and conditions, including its IT-specific terms and conditions, be periodically
renegotiated and that vendor input be solicited as part of that process.
Oregon—After reviewing its terms and conditions in 2010, Oregon developed six templates for four types
of IT procurement, including hardware, software, IT services, and consulting. Each template contains terms
and conditions appropriate for each type of procurement, which can be modified as necessary for each
solicitation. The state began another review of its templates and the associated terms and conditions in
2013 with input from vendor representatives and reported that it plans to continue reviewing them every 2
to 3 years.
Source:

Auditor General staff interviews with California and Oregon state officials, review of California state statutes, and review of contract
terms and conditions used for IT procurements in those states.

Similar to these states, the Department should develop contract templates with IT-specific terms and
conditions. This would help to ensure the appropriateness of the contract terms and conditions for
IT procurements. Such IT-specific templates could also improve the efficiency of the procurement
process and address some vendor concerns regarding the terms and conditions and negotiation
process. As part of this process, the Department should:

•

Review existing terms and conditions—The Department should undertake a review of terms
and conditions used in IT procurements similar to the review it conducted in 2010 and 2011.
However, it should consider all the requirements in the uniform and special terms and conditions
and select all requirements that are relevant to IT procurements for review. The Department
should obtain stakeholder input on these requirements from procurement, technology, risk
management, and legal personnel, as well as representatives from state agencies and the
vendor community, as appropriate.

•

Seek direction from the Legislature and/or Governor, as appropriate—As the Department
reviews and considers revising existing terms and conditions based on stakeholder input, it
should seek direction from the Legislature and/or Governor, as appropriate. For example, in
considering revisions that would limit vendors’ liability, the Department should seek clarification
regarding what revisions could be made within the Department’s existing authority and what
revisions would constitute new public policy that should be legislated prior to the Department
taking action.

•

Develop and implement specialized templates of contract terms and conditions for IT
procurements—Once the Department has selected relevant IT-specific terms and conditions
and considered or made revisions based on stakeholder input and direction from the Legislature
and/or Governor, it should incorporate these IT-specific terms and conditions into a specialized
contract template that it uses for IT procurements. Similar to two states, the Department should
also consider developing separate templates for IT materials and services.

•

Develop and implement policies and procedures for regular review of templates—The
Department should develop and implement policies and procedures to guide the regular review

Office of the Auditor General
page

9

of the IT-specific terms and conditions included in its contract templates. These policies and
procedures should indicate how frequently the terms and conditions should be reviewed and
who should participate in the review.

•

Provide training and/or written guidance for the use and modification of templates—The
Department should provide training and/or written guidance to procurement officers at SPO
and the state agencies with delegated procurement authority on how to use and modify the
different templates, as needed.

•

Negotiate when appropriate—Although developing contract templates with IT-specific terms
and conditions may reduce the need for negotiation, the Department should negotiate terms
and conditions for IT procurements, as necessary. The Department should also provide training
and/or written guidance to procurement officers at SPO and state agencies with delegated
procurement authority to reduce inconsistencies in the negotiation process that can be
addressed through training.

Recommendations:
1.1 The Department should develop contract templates with IT-specific terms and conditions.
Specifically, the Department should:

State of Arizona
page

10

a)

Undertake a review of terms and conditions used in IT procurements by considering all
the requirements in the uniform and special terms and conditions, selecting all
requirements that are relevant to IT procurements, and obtaining stakeholder input on
these requirements from procurement, technology, risk management, and legal
personnel, as well as representatives from state agencies and the vendor community, as
appropriate;

b)

In reviewing and considering revisions to existing terms and conditions based on
stakeholder input, seek direction from the Legislature and/or Governor, as appropriate;

c)

Based on its review, develop and implement a specialized template of contract terms and
conditions for IT procurements. In addition, the Department should consider creating and
using separate templates specific to procurement of IT materials and services;

d)

Develop and implement policies and procedures to guide the regular review of the
IT-specific terms and conditions included in its contract template(s). These policies and
procedures should indicate how frequently the terms and conditions should be reviewed
and who should participate in the review;

e)

Provide training and/or written guidance to procurement officers at SPO and the state
agencies with delegated procurement authority on how to use and modify the template(s);
and

f)

Negotiate terms and conditions for IT procurements, as necessary, and provide training
and/or written guidance to procurement officers at SPO and the state agencies with
delegated procurement authority to reduce inconsistencies in the negotiation process that
can be addressed through training.

Office of the Auditor General
page

11

State of Arizona
page

12

CHAPTER 2
The Arizona Department of
Administration (Department)
should further modify
its terms and conditions
regarding intellectual
property rights for information
technology (IT) procurements.
The existing standard terms
and conditions generally
require state ownership of
IT contract deliverables,
but state ownership may
not always be necessary
to ensure appropriate
government use of these
deliverables. In fact, the State
agreed to modifications of
these terms and conditions
in some solicitations auditors
reviewed. Federal regulation
provides three options for
intellectual property rights
based on who pays for the IT
development costs. Although
the Department created an
optional IT-specific intellectual
property requirement in May
2012 that is similar to one
of these options, it should
provide options for intellectual
property rights in the
IT-specific contract templates
recommended in Chapter 1
(see pages 3 through 11).

Department should further modify
intellectual property terms and conditions
The Department should further
Intellectual property rights—“Intellectual
modify its terms and conditions to
property” refers broadly to the creations of
provide options for intellectual
the human mind. Intellectual property rights
property rights to ensure that the
protect the interests of creators by giving
rights included in a particular IT
them property rights to use and profit from
solicitation are appropriate based
their creations. Creations that are protected
on who pays for the IT
by these rights include inventions, industrial
designs, and trademarks.
development costs (see textbox).
The existing uniform and special
Source: World Intellectual Property Organization.
(2005). Understanding industrial property
terms and conditions generally
(WIPO Publication No. 895(E)). Geneva,
require state ownership of (1) all
Switzerland: Author.
materials, products, and other
deliverables
developed
in
response to a contract with the State, and (2) any intellectual property created
or conceived pursuant to or as a result of a contract. However, the State may
not profit from ownership of intellectual property because Arizona Revised
Statutes §41-2752 prohibits it from competing with private enterprise. In
addition, although state ownership may be appropriate for some procurements,
such as when all of the intellectual property for an IT project is developed solely
at the State’s expense, state ownership may not always be necessary to
ensure appropriate government use of the acquired materials, products, or
other deliverables. The Federal Acquisition Regulation (FAR) provides three
options for intellectual property rights based on whether the government pays
for all, a portion, or none of the development costs (see textbox, page 14).
Intellectual property rights were a concern for several vendors auditors
interviewed.1 For example, one vendor stakeholder group reported that
intellectual property is vendors’ most valuable asset and allows vendors to
compete in the market. As a result, vendors have proposed changes to the
State’s intellectual property terms and conditions in response to specific
requests for proposal (RFP). Specifically, vendors proposed modifications to
the intellectual property terms and conditions in 11 of the 14 RFPs issued or
awarded in fiscal year 2012 that auditors reviewed.2 For example, some of
these exceptions (1) clarified vendor ownership of preexisting intellectual
property or (2) maintained vendor ownership of intellectual property while
granting use rights to the State. The State agreed to modifications in 4 of these
11 cases. For 2 of these 4 RFPs, auditors determined that all qualified vendors
1 Auditors interviewed six individual vendors and three vendor stakeholder groups, and used other methods to

obtain vendor input (see Appendix A, page a-1, for additional information about these methods).

2 Auditors reviewed 27 IT-related solicitations issued or awarded in fiscal year 2012, 14 of which were issued

through an RFP (see Appendix A, page a-2, for additional information). An RFP is a type of formal solicitation
for which terms and conditions may be negotiated.

Office of the Auditor General
page

13

FAR options for intellectual property rights
Government purpose rights—The rights to use, modify, reproduce, release, perform, display, or
disclose intellectual property within the government without restriction and outside the government for
noncommercial purposes only for a negotiated period of time. Upon expiration of that time frame, the
government has unlimited rights to use the intellectual property. This right is appropriate for projects
that use the vendors’ preexisting intellectual property and intellectual property developed and paid for
by the State. If agreed to, this requirement permits a government entity to use intellectual property
and the vendor to have exclusive right to use intellectual property for commercial purposes for the
specified time frame. For example, if the State issues a solicitation for a vendor with experience in
developing human resources systems to develop a system that is tailored to the State’s needs, it
would be appropriate to include a government-purpose rights requirement in the solicitation. Under
such an agreement, the vendor could continue to market and sell its system and expertise to other
customers for the specified time frame.
Restricted rights—The rights to use, modify, reproduce, release, perform, display, or disclose
intellectual property within the government. The government may not, without the written permission of
the vendor, release or disclose the technical data outside the government. This type of intellectual
property right is appropriate for items not developed in performance of a contract, i.e., they use the
vendor’s preexisting intellectual property. This type of requirement is used for acquisitions of software
and other products that are also commercially available to the public, such as Microsoft Windows™ or
Adobe Photoshop™. A government entity that agrees to this requirement does not own the intellectual
property.
Unlimited rights—The rights to use, modify, reproduce, perform, display, release, or disclose
intellectual property in whole or in part, in any manner, and for any purpose, whatsoever, and to have
or authorize others to do so. The State would have this type of intellectual property right after
government purpose rights expire or for projects where all intellectual property is developed at state
expense. The vendor retains no rights, i.e., it may not use the intellectual property for future projects
or transfer it to another entity. This type of intellectual property requirement would be appropriate for
“work for hire” contracts where a vendor provides services such as database or Web site design.
Source:

Auditor General staff review of 48 CFR 227.7203-5.

requested exceptions to the intellectual property terms and conditions, thus requiring the State to
negotiate these terms and conditions. However, vendors who submit proposals with exceptions
could be at a disadvantage compared to vendors who submit proposals without exceptions and run
the risk that their proposals will not be considered. For example, in one RFP auditors reviewed, a
vendor was excluded from further consideration because it requested an exception to the intellectual
property terms and conditions in its response (see Chapter 1, page 7, for additional information
about vendors’ concerns with the negotiation process).
Although none of the nine states that auditors reviewed have adopted the specific FAR language in
their standard terms and conditions, two states have implemented modified government purpose
rights.1 Specifically, Oregon’s standard IT terms and conditions stipulate that contractors own their
intellectual property, but they grant the state a license to use it. An Oregon procurement official
reported that vendors were refusing to bid on solicitations that included “one-sided” terms and
conditions requiring the state to own intellectual property rights. As a result, Oregon adopted a
1 States interviewed were California, Iowa, Nevada, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah (see Appendix A, page

a-1, for additional information on how these states were selected).

State of Arizona
page

14

version of government purpose rights requirements that allow full government use but also allow
vendors to continue to own and market the intellectual property that they develop. In addition,
California’s standard terms and conditions for IT goods, nonproject-related services, and low-risk IT
projects stipulate that contractors own what they create for the state, but the state has an unlimited
license to use those creations.
In May 2012, the Department created an IT-specific intellectual property provision that is similar to the
FAR’s government purpose rights. This provision grants the State the right to use intellectual property,
although it does not transfer ownership of the intellectual property to the State after a specified period
of time and its use is optional and requires department approval. Because the need for state
ownership of intellectual property may vary depending on who pays for the IT development costs,
the Department should include options for intellectual property rights, as described in the FAR, in the
IT-specific contract templates recommended in Chapter 1 (see pages 3 through 11). These options
should provide flexibility to ensure that the intellectual property rights included in a particular IT
solicitation are appropriate for that solicitation. As discussed in Chapter 1, the Department should
also provide training and/or written guidance on the appropriate use of these terms and conditions.

Recommendation:
2.1 The Department should include options for intellectual property rights, as described in the FAR,
in the IT-specific contract templates recommended in Chapter 1 (see Recommendation 1.1,
pages 10 through 11). These options should provide flexibility to ensure that the intellectual
property rights included in a particular IT solicitation are appropriate based on who pays for the
IT development costs. The Department should also provide training and/or written guidance on
the appropriate use of these terms and conditions.

Office of the Auditor General
page

15

State of Arizona
page

16

CHAPTER 3
Information technology
(IT) standardization, which
can include the process of
developing standards for
the repeated and consistent
use of IT, can impact
procurement, but IT materials
and services must still be
acquired in accordance
with the procurement code.
The Arizona Department of
Administration (Department)
is responsible for state-wide
IT standardization efforts. IT
standardization can affect
what technology is procured,
the number of procurements
solicited, and which vendors
are capable of responding
to a solicitation. However,
similar to other states auditors
reviewed, the State’s IT
standards do not identify a
specific product or a specific
vendor to purchase from, and
IT materials and services must
still be purchased through
a competitive procurement
process.

IT standardization can impact procurement,
but IT must still be purchased through a
competitive procurement process
Department responsible for IT standardization
Standardization can occur at any level of an IT system, including computing
platforms such as mainframes, servers, and personal computers; network
equipment; operating systems; and software applications. IT standardization
can include the process of developing and implementing standards for the
repeated and consistent use of IT.1 IT standards can address various business
requirements, such as the interoperability and compatibility of IT systems,
information sharing, and security.2 Additionally, IT standardization can be
achieved through an IT governance structure that specifies the decisions,
rights, and accountability framework for IT investments.3 It can also be
achieved by standardizing business processes or unit functions, or through
existing preferences (also called de facto standardization; see page 21 for
more information about de facto standards).4
The Department’s Arizona Strategic Enterprise Technology Office (ASET) is
responsible for setting state-wide IT standards and state-wide IT standardization
efforts. Specifically, ASET is responsible for developing state-wide IT policies
and standards; reviewing and approving state agencies’ IT plans and projects
valued at $25,000 or more; and developing a coordinated state-wide IT plan.
ASET uses an enterprise architecture approach that provides a framework of
business principles, best practices, technical standards, and migration and
implementation strategies that direct the design, deployment, and management
of IT for state agencies. The State has also standardized some business
processes; for example, all state agencies use one payroll system for human
resource management.

1 Van Wessel, R.M. (2008). Realizing business benefits from company IT standardization. Doctoral dissertation,

University of Tilburg, Netherlands; Digital government: Building a 21st century platform to better serve the
American people. (n.d.) Washington, DC: The Obama Administration, Office of Management and Budget,
Office of E-Government & Information.

2 National Association of State Chief Information Officers. (2005). IT procurement & enterprise architecture:

Recognizing the mutual benefits (Research Brief). Lexington, KY: Author.

3 Pardo, T. A. & Burke, G.B. (2009). IT governance capability: Laying the foundation for government interoperability.

Albany, NY: University of Albany, Center for Technology in Government.

4 Van Wessel, 2008

Office of the Auditor General
page

17

Standardization can impact procurement, but procurement code
must still be followed
IT standardization can have several impacts, many of which can affect procurement. For example:

•

Some goals of standardization are to reduce costs and increase efficiencies by eliminating
duplicative purchases and having fewer types of IT to support.1 This could affect the type of IT
materials or services solicited and the number of solicitations issued. For example, the State
has purchased a single, state-wide financial accounting system to be used by all state agencies,
instead of having multiple systems purchased by individual agencies. As a result, standardization
can lead to fewer procurements, as well as fewer contracts to negotiate and manage.

•

Standardization can also affect the specifications or scope-of-work requirements developed for
a particular solicitation. Specifically, standards can define the requirements that an IT product
or solution should meet. This could also involve the need to ensure continued compatibility and
interoperability with existing IT systems, hardware, and/or software. For example, an agency
with specific networking requirements may develop specifications or scope-of-work requirements
within a solicitation to ensure compatibility with its existing systems. This could affect which
vendors are able to meet those requirements and respond to a solicitation, although this would
be true of any procurement. Further, changes to IT standards could require contracts to be
resolicited if the vendors holding the contracts cannot meet the new standards.

•

However, standardization can lead to state agency concerns about a central technology
agency, such as ASET, imposing IT standards that could require changes to agency operations,
increase agency costs, or that may not meet agency needs. For example, one state agency
expressed concerns that a standardized IT system may not provide the specific capabilities
needed by the agency. Additionally, there may be costs associated with switching to a new
standard, and these costs may outweigh the potential benefits of switching to the new standard.
Further, standardization could delay some solicitations while a consensus is reached on what
IT materials and/or services need to be procured.

Although standardization can impact procurement, IT materials and services must still be purchased
through a competitive procurement process. According to Arizona Revised Statutes §41-2501(B),
the procurement code applies to all expenditures of public monies, including IT procurements.
Although the State has standardized around specific applications, the State’s IT standards outline
various requirements for IT systems but do not identify a specific product to purchase or a specific
vendor from which to purchase. Additionally, contracts for IT materials and services must still be
awarded through a competitive procurement process. This is consistent with nine other states
auditors interviewed regarding their approach to developing IT standards.2 All of these states have
a state technology agency responsible for setting state-wide IT standards. Similar to Arizona, these

1 Van Wessel, 2008
2 These states were California, Iowa, Nevada, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah (see Appendix A, page a-1,

for additional information on how these states were selected).

State of Arizona
page

18

states reported that they do not develop IT standards specifying a particular product or vendor.1 This
approach is consistent with literature, which indicates that standards should be flexible enough to
adapt to the changing environment.2 Further, all nine states reported that IT contracts must be
awarded through a competitive procurement process.

1 A Pennsylvania official reported that the state may still have a few standards citing a product, but was moving away from product-specific

standards. In addition, an Oklahoma official reported that, although IT contracts are typically awarded through a competitive procurement
process, Oklahoma has the ability to negotiate directly with providers for contracts that are establishing a state-wide technology standard.

2 Van Wessel, 2008

Office of the Auditor General
page

19

State of Arizona
page

20

Other Pertinent
Information
During the course of the
audit, auditors identified
an additional procurement
issue regarding concerns
from vendors who have
state-wide contracts for
information technology (IT)
materials or services, but
receive little or no business
from state agencies. This
section of the report has
no recommendations,
but provides information
regarding the Arizona
Department of
Administration’s (Department)
use of state-wide contracts
and how the Department and
other states respond to this
vendor concern.

Vendor concerns regarding state-wide
contracts
The Department’s State Procurement Office (SPO) awards state-wide contracts through which state agencies and other political subdivisions can purchase materials and services, such as toner cartridges and network equipment.1 SPO issues state-wide contracts for commonly used materials and
services. These contracts allow SPO to
negotiate price discounts and other
De facto standard—A type of informal
favorable terms—such as maintestandard that develops once a specific
product or service gains a certain
nance and service agreements—for
acceptance rate. For example, there
all purchases made through these
may be no formal standard requiring
contracts. They also eliminate the
the use of a specific operating system;
need for agencies to issue individual
however, every personal computer at a
solicitations for similar materials and
particular agency may be running
services. Additionally, Arizona state
Microsoft Windows™. De facto
executive branch agencies are generstandards may be based on
ally required to make purchases from
preference; familiarity or experience
state-wide contracts and may purwith a product, service, or vendor; or
chase from any vendor with a conother reasons.
tract. Agency decisions regarding
Source: Van Wessel, R. M.(2008). Realizing
these purchases could lead to what
business benefits from company IT
standardization. Doctoral dissertation,
are termed de facto standards (see
University of Tilburg, Netherlands.
textbox).
SPO may award contracts for specific materials and services to one or more
vendors depending on various factors, such as the State’s needs or industry
practices, but some vendors may not receive business. For example, SPO has
awarded state-wide contracts for telecommunications carrier services to nine
vendors. However, according to department reports, although state agencies
and/or political subdivisions purchased from five of the vendors, four vendors
did not receive business from these entities in fiscal year 2013.
Although the state-wide contracts specify that holding a contract does not
guarantee business, the Department reported that vendors occasionally
express concern when they hold a state-wide contract but do not get much
business from state agencies. SPO does not require state agencies to justify
which state-wide contracts they purchase from. However, according to a SPO
official, SPO will look into vendors’ concerns. This official also stated that when
SPO finds that these decisions are based on de facto standards, it will

1 Other Arizona political subdivisions include cities, counties, school districts, and other special districts. As of

September 2013, statute also allows certain nonprofit organizations to purchase from state-wide contracts.

Office of the Auditor General
page

21

encourage state agencies to re-assess their decisions, as appropriate. According to this official,
SPO will also remind vendors of their responsibility to market themselves.
Some other states indicated that their vendors have conveyed similar concerns. All nine states that
auditors interviewed reported that they may also award state-wide contracts to multiple vendors and
generally require state agencies to purchase from these contracts.1 Similar to Arizona, six of the nine
states reported that they do not require state agencies to justify why they purchased from certain
state-wide contracts, although some of these states reported that they may encourage or instruct
agencies to negotiate with multiple state-wide contract vendors. However, Pennsylvania requires
state agencies to obtain quotes from contracted vendors for purchases above $10,000 when
multiple vendors are awarded a state-wide contract, and Utah requires state agencies to obtain
quotes for all purchases. In addition, North Dakota reported that agencies may be required to obtain
offers from multiple vendors on state contract depending on the type of IT purchase and estimated
cost. Finally, when responding to vendor concerns, similar to Arizona, many of these states reported
that their contracts include language that holding a state-wide contract does not guarantee business
and that it is up to vendors to market themselves to the state agencies.

1 The nine states were California, Iowa, Nevada, North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah (see Appendix A, page

a-1, for additional information on how these states were selected).

State of Arizona
page

22

APPENDIX A
This appendix provides
information on the methods
auditors used to meet the
audit objectives.
The Auditor General and
staff express appreciation
to officials and staff from
the Arizona Department of
Administration (Department),
the Arizona Department of
Economic Security (ADES),
the Arizona Department of
Public Safety (ADPS), and
the Arizona Department
of Transportation (ADOT)
for their cooperation and
assistance throughout the
audit.

Methodology
Auditors used the following methods to meet these objectives:

•

Interviewed officials and staff from the Department, ADES, ADPS, and
ADOT, and reviewed these agencies’ procurement policies and
procedures, statutes and administrative rules comprising the Arizona
Procurement Code, applicable articles of the Arizona Constitution, the
State’s uniform and special terms and conditions, and other applicable
information.

•

Reviewed the Arizona Strategic Enterprise Technology Office’s policies
and procedures regarding information technology (IT) project approval
and standardization.

•

Interviewed procurement and/or IT officials from California, Iowa, Nevada,
North Dakota, Oklahoma, Oregon, Pennsylvania, Texas, and Utah and
reviewed applicable documentation from these states. Auditors selected
states primarily based on geographic location (i.e., western states), but
also selected states that were mentioned by literature, experts, and/or
agency officials.1

•

Reviewed literature in the areas of outsourcing, contract development,
procurement, intellectual property rights, and IT standardization.

•

Reviewed the Federal Acquisition Regulation for model language for
intellectual property terms and conditions in government contracting.

•

Interviewed a former president of the National Association of State Chief
Information Officers and a member of the National Association of State
Procurement Officials.

•

Interviewed six individual vendors and three vendor stakeholder groups.2
Additionally, auditors conducted a survey of Arizona Technology Council
(Council) members regarding the terms and conditions included in the
audit scope and the State’s procurement process, to which 20 vendors
responded. The Council is a trade association for science and technology
companies that works to advance technology in Arizona. According to its
CEO, council membership includes approximately 175 IT companies.

1 Auditors also contacted procurement and/or IT officials in Colorado, New Mexico, New York, South Carolina,

and Washington. However, for various reasons, officials from these states either did not respond to interview
requests or did not provide sufficient documentation to support information stated in interviews.

2 Auditors contacted four additional vendors who did not respond to auditors’ requests for interviews.

Office of the Auditor General
page

a-1

•

State of Arizona
page

a-2

Reviewed all 27 IT-related solicitations from the Department, ADES, ADPS, and ADOT that these
agencies identified as being issued or awarded in fiscal year 2012. These solicitations included
14 requests for proposal, 6 invitations for bid, 3 requests for quotation, 2 emergency
procurements, and 2 sole-source procurements. Auditors also reviewed an additional request
for proposal issued and awarded in fiscal year 2013 that used IT-specific special terms and
conditions developed by the Department in May 2012.

AGENCY RESPONSE

Janice K. Brewer

Brian C. McNeil

Governor

Director

ARIZONA DEPARTMENT OF ADMINISTRATION
OFFICE OF THE DIRECTOR
100 NORTH FIFTEENTH AVENUE  SUITE 401
PHOENIX, ARIZONA 85007
(602) 542-1500

November 19, 2013
Debbie Davenport, Auditor General
Office of the Auditor General
2910 North 44th Street, Suite 410
Phoenix, Arizona 85018
Re: Preliminary Report - Review of Selected State Practices for Information Technology Procurement
Dear Ms. Davenport:
Thank you for providing the revised report on the review of state practices for Information Technology (IT)
procurements. We have reviewed the report in its entirety and provide the following responses to the
findings/recommendations:
1.1 The Auditor General finds that the Department should develop terms and conditions templates for IT
procurements, as well as policies, guidelines and training for the use of said terms and conditions. The finding
of the Auditor General is agreed to and the audit recommendation will be implemented.
The Department is in agreement with the finding and will proceed with implementation. We think it is
important to note, though, that implementation will require significant effort to undertake the actions outlined
in the finding. A high level of subject matter expertise, knowledge, and time is necessary to develop the
envisioned skills. Consequently, we anticipate needing to address a number of matters over time (e.g., staff
recruitment/retention, compensation and training) in order to have successful outcomes.
Until implementation is complete, the Department will continue to promote its current policy for IT Terms and
Conditions that was formulated in collaboration with the vendor community and the Attorney General’s Office
(TB 046; Attachment 1).
2.1 The Auditor General finds that the Department should assess intellectual property language in its standard
terms and conditions, using federal regulations as a baseline, and subsequently provide training for
procurement officers. The finding of the Auditor General is agreed to and the audit recommendation will be
implemented.
Thank you for the opportunity to provide the Department’s comments on the Preliminary Report.
Sincerely,

Brian C. McNeil
Director

Performance Audit Division reports issued within the last 24 months
11-14
12-01
12-02
12-03
12-04
12-05
12-06

12-07
13-01

Arizona Game and Fish
Commission Heritage Fund
Arizona Health Care Cost
Containment System—
Coordination of Benefits
Arizona Health Care Cost
Containment System—Medicaid
Eligibility Determination
Arizona Board of Behavioral
Health Examiners
Arizona State Parks Board
Arizona State Schools for the
Deaf and the Blind
Arizona Health Care
Cost Containment
System—Medicaid Fraud and
Abuse Prevention, Detection,
Investigation, and Recovery
Processes
Arizona Health Care Cost
Containment System—Sunset
Factors
Department of Environmental
Quality—Compliance
Management

13-02
13-03
13-04
13-05
13-06
13-07
13-08
13-09
13-10
13-11
13-12
13-13

Arizona Board of Appraisal
Arizona State Board of Physical
Therapy
Registrar of Contractors
Arizona Department of Financial
Institutions
Department of Environmental
Quality—Underground Storage
Tanks Financial Responsibility
Arizona State Board of
Pharmacy
Water Infrastructure Finance
Authority
Arizona State Board of
Cosmetology
Department of Environmental
Quality—Sunset Factors
Arizona State Board of Funeral
Directors and Embalmers
Arizona State Board for Charter
Schools
Arizona Historical Society

Future Performance Audit Division reports
Arizona Game and Fish Commission and the Arizona Game and Fish Department