Learning the lessons of Commonwealth IT procurement.
With the second round of market testing IT services about to enter into full swing for many Commonwealth agencies, it is timely to sit back and consider some of the risk management issues that have arisen out of the first round exercise and what steps can be taken to help alleviate those risks in this next phase.
Government agencies rightly spend a lot of effort managing the risks associated with procurement and transition activities: procurement and evaluation teams are established, external experts advise on latest models and negotiation strategies, probity advisers are engaged to ensure transparency and fairness of process, hefty contracts are negotiated and transition is tightly planned and managed, all under the watchful gaze of the senior executives. But what happens post-transition? How much emphasis is placed by senior executives on managing the operational risks associated with managing the contract and the vendor(s)? According to the Commonwealth Auditor-General, there is room for improvement in these areas.
The importance of good contract management in achieving required outcomes is a recurring theme in audit reports and in some recent high-profile cases and yet is often overlooked in the analysis of procurement risks. Contract management starts at the time of initial risk analysis for the project. Identifying risks arising in the contract management phase will enable an agency to properly allocate resources in line with the rating of the risk.
The negotiation phase is also important. Vendors are skilled at negotiating high value, complex contracts - they might negotiate several such deals each year. Agencies might negotiate one deal every three to five years.
Agencies often address this risk through “outsourcing” the negotiation function to experts in the field, but lose sight of the fact that this contract also needs to be managed in order to ensure that it delivers the agency its desired outcomes. The agency still needs to have clear business objectives and be willing to take ownership of the negotiated outcomes. The risk in relying too much on external experts is that you could end up with a solution that suits their needs rather than yours.
Good contract management is dependent upon having an appropriately resourced contract management team with the skills to manage not only vendor service delivery but internal expectations as well - non-acceptance of the outsourced service delivery model by the users (including senior management) is recognised as one of the biggest risks in any outsourcing exercise.
Regular communication between the users, the business units and the vendor should be agreed during contract negotiations and reviewed regularly for effectiveness.
Internally, the contract management team must be in tune with the business drivers of the agency to ensure that the service delivered meets their expectations. In this respect, a clear business-driven IT strategy and strong governance model within the agency will help determine IT priorities and help avoid the risk of projects failing to deliver promised outcomes. The governance model should cover such aspects as business strategies and objectives, communication processes and, perhaps most importantly, have buy-in from senior management. Without this support, it is unlikely the governance model will succeed.
Risk management plans for agencies rarely extend to operational levels such as management of the contract. Contract management functions are often bestowed on positions filled by relatively inexperienced officers who are pitted against experienced vendor project executives. In order to build a stable and productive relationship with its vendor(s), senior management must appreciate the exposure to risk posed by poor attention to contract management, and move to ensure that contract management teams are appropriately resourced, skilled and experienced. This is one risk management strategy that is guaranteed to bring long-term gains for relatively short-term cost.
Debra Tippett is a senior associate with legal firm Minter Ellison
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.