It was a story that gave pause for thought across the US, creating in IT buyers everywhere those uneasy, there-but-for-the-grace-of-God sensations that beset us all when a peer comes under attack and we know our turn could one day come.

In its version, US CIO described how Elias Cortez, director of California's Department of Information Technology (DOIT), had fought back tears as he sat before the bright lights of a state legislative investigative committee and tried to deflect blame over a disastrous $US95 million contract for 270,000 Oracle database software licences. Licences, it subsequently turned out, that relatively few state workers needed or wanted.

At issue was whether the Oracle contract would cost taxpayers $US41 million, as a state auditor's April report had suggested, or save the state more than $US100 million, as Oracle claimed. Either way, the politics of the matter meant Cortez's bacon was clearly cooked.

It is a story that resonates with any large organisation buying software. Big spending customers have been hostage to software vendors since the industry's genesis, typically bound not only by the vendor's payment structures but often also by their terms of engagement.

The auditor's report found state officials working on the no-bid contract had applied little or no due diligence. It was bad enough that few state agencies wanted or needed the software, and that the state had bought many more licences than it had employees to use them, the auditor found. Insult had been added to injury by significantly inflated savings projections provided by an Oracle partner who stood to make millions of dollars, and the $US25,000 political contribution an Oracle executive had given a representative of California governor Gray Davis shortly after the contract was signed. The auditor's findings forced the governor to announce plans to try to nullify the May 31, 2001 contract and move to set up stricter guidelines for purchasing contracts.

Heads had to roll. Not surprisingly Davis, under intense political pressure, forced the resignation of Cortez after earlier accepting the resignation of two other top officials. Meanwhile Oracle vehemently rejected the criticism, insisting the contract would save the state money and improve its technology operations.

With investigations under way to determine exactly how the state's contract with Oracle went off course, enterprise CIOs around the US are saying mistakes outlined in the auditor's report were easily avoidable had fundamental IT purchasing practices been followed. The same, of course, applies in Australia. "IT is a hard enough business to get right as it is, and so taking contracts too casually is a very dangerous place to be," says Laurie Turner, general manager IT at David Jones. "I'm not saying that a good contract can save you, but it can certainly get you into trouble if it's a weak contract."

The DOIT's fiasco serves as a powerful study in how not to deal with vendors in developing and executing an IT purchasing contract. Making IT contracts bulletproof may not be easy, but it can be done.