DoIT's FY26 request elevates IT investment fund use and cybersecurity; DLS flags project oversight and an ITIF balance discrepancy

The Department of Information Technology (DoIT) presented its fiscal 2026 budget to the House Appropriations Committee Transportation and the Environment Subcommittee; the department’s requested operating allowance increases $65.9 million (20.3%), much of which is budgeted to the Information Technology Investment Fund (ITIF). DLS analysts and DoIT officials clashed over project oversight, the timing and size of fund balances in ITIF and the new expedited‑project category.

DLS concerns: ITIF balances and oversight DLS analyst Yashoda Rai told the committee the fiscal 2026 allowance adds roughly $67.6 million to the ITIF, and pointed to a large discrepancy between the governor’s projected year‑end ITIF balances and DLS’s internal calculations. DLS calculated multihundred‑million‑dollar balances remaining in the ITIF at the end of FY25 and FY26; the governor’s budget book projected a smaller end‑of‑year balance (DLS reported the governor’s FY25 projected fund balance as about $17,000 and zero in FY26). DLS asked DoIT to explain timing assumptions and the expected schedule for disbursing existing fund balances against project spend plans.

Expedited projects and proposed BRFAA language DoIT’s FY26 request contains a new expedited‑project category and the governor’s budget would move the 20% statutory set‑aside for expedited projects. The administration’s BRFAA language would repeal the required 20% set‑aside and the budget bill included contingent language reducing the FY26 expedited appropriation by $13.8 million if that repeal takes effect. DLS recommended deleting the $28.8 million general fund amount for expedited projects and asked the subcommittee to require a report and clearer criteria before funding the category.

Cybersecurity, audit findings and AI DoIT acknowledged a 2024 Office of Legislative Audits (OLA) compliance report that included 16 findings for the period reviewed; four findings were repeat findings and four redacted findings related to cybersecurity. DoIT described remediation work underway, noted a planned cyber RFP to cover assessments and remediation, and said some cyber‑related contracts previously used would be reprocured. DoIT also described progress on state cybersecurity programs: the Office of Security Management (OSM) has onboarded 15 agency information security officers, initiated a “Hack the State” bug‑bounty program and expanded local‑government cybersecurity assistance to 35 jurisdictions.

AI governance and enterprise services DoIT described work under the state AI Governance Act (Chapter 496 of 2024) and the governor’s AI subcabinet: interim generative‑AI guidance was published March 9, 2024; an AI roadmap and…