Managed by the California Department of Technology (CDT), PAL was created to prevent expensive IT failures by requiring careful planning before a project moves forward. In theory, this makes sense. No one wants another multimillion-dollar boondoggle that collapses under its own weight. But in practice, PAL has become a labyrinthine obstacle course, where projects take three to five years just to get a green light. By the time a department wins approval, the technology they proposed may already be obsolete.
CDT is in an impossible position: blamed when IT projects fail, and blamed when they take too long to start. It’s no wonder they’re cautious about granting approvals. But here’s the thing: Over-caution is its own kind of failure. PAL was meant to ensure accountability, but ironically, it has diffused responsibility so much that no one moves forward with confidence.
A SMARTER WAY FORWARD: MORE ACCOUNTABILITY, LESS RED TAPE
In Gov. Gavin Newsom’s 2025-26 budget, he acknowledges the challenges with the PAL process, and it’s heartening to hear that he proposes to streamline it. Here are suggestions for how the state may want to approach PAL in the future:
Let departments own their projects: Right now, CDT plays gatekeeper, deciding which IT projects live or die. But the requirement for CDT approval gives department leadership a false sense that they don’t need to invest their energy into project oversight. If departments approved their own projects, they would be solely accountable for outcomes. With more skin in the game, department leadership would more actively oversee IT projects, generating better outcomes while freeing up CDT to focus on high-level strategy and statewide technology policies and challenges.
Delegating authority based on IT capabilities: Every department, no matter how experienced, gets funneled through the same approval process. That’s like making a veteran pilot take a beginner’s flight school every time they step into a cockpit. Instead, let’s match oversight levels to the department’s IT capabilities. For example, a more refined project approval process might allow departments with strong governance maturity, past project success, and the ability to self-fund to proceed independent of CDT approval.
Implementing an 'owner’s representative' model: PAL currently leans heavily on Independent Verification and Validation (IVV), which often prioritizes checking compliance boxes over actually fixing problems. What if, instead of this bureaucratic watchdog role, we adopted an “owner’s representative” model — an expert adviser embedded in the project to actively engage in project execution and help the department navigate pitfalls and deliver results in real time?
Make vendors and departments equally accountable: Ensuring accountability in IT projects requires a balanced approach. Departments must take ownership of their roles in project execution, alongside vendors who must meet their contractual obligations. CDT can play a valuable role in overseeing project execution, ensuring that executive sponsors, project leads, and staff within departments are held accountable alongside vendors. With CDT shifting their own resources from project approval to focus more on project execution, they could help foster a culture of shared responsibility and proactive problem-solving.
Allow smart adaptations, not endless amendments: In the tech world, flexibility is key. Yet, any significant change to a government IT project requires jumping through hoops and lengthy amendment processes. Instead, let’s create an agile but structured approval process with a more efficient decision-making approach that gives departments more authority to make necessary scope changes so that innovation doesn’t get strangled by red tape.
Focus on results, not just reports: Reporting under PAL tends to focus on compliance rather than outcomes. A shift toward a results-based framework that measures project timeliness, budget adherence, and public value could provide clearer indicators of success.
THE REAL QUESTION: HOW MUCH RISK CAN WE LIVE WITH?
California’s obsession with risk elimination is part of the problem. Yes, IT failures are costly, but so is government inaction. In the private sector, companies accept that some projects won’t pan out, but they know that calculated risks are necessary for innovation. If we expect zero risk in state IT, we will get zero progress.
Gov. Newsom’s call for a review of PAL is a promising start. But true reform will require more than tweaks — it requires a mindset shift. We need a system where CDT focuses on statewide tech strategy, while departments take more ownership of their projects.
And let’s be clear: PAL is just one piece of a much bigger puzzle. If California truly wants to modernize its IT systems, it needs to overhaul not just PAL, but how it develops RFPs, selects vendors, and manages project execution. Otherwise, we’ll be having this same conversation five years from now, while still waiting for yesterday’s technology to be approved.
This discussion is just beginning. Future articles will explore more ways for California to break free from bureaucratic inertia and deliver IT projects that work. But for now, one thing is clear: If we keep playing it safe, we’ll keep getting nowhere fast.
