Getting back to basics - planning your ICT sourcing to manage risk

By Alexandra Wedutenko and Magdalena Iwasiw.

Key Points:
Agencies undertaking ICT sourcing can take four basic steps to put themselves in a strong position from which to manage emergent issues and achieve the right solution.

Procurement of outsourced Information and Communications Technology ("ICT") services requires significant investment of time and resources, and usually involves a sustained, intense period of sourcing activity. Time pressures to complete a procurement can lead to mistakes. Part of the trick to securing the solution and service provider that will best serve your agency over time is to identify, plan for, manage and review the key risk areas involved in your procurement.

Choose and plan the right procurement process

Planning the right procurement process is an essential first step in an effective ICT procurement. Some relevant questions are:

• What are the outcomes (technology, relationship, contractual) sought from the procurement, and which procurement process will best support those outcomes?
• Do you have burning issues that need to be addressed?
• Do you want to move platforms or institute a new service delivery model?
• How best can you consult with industry?
• Is further information about emerging technology and industry trends required before you can crystallise your requirements? If so, a multi-stage procurement process (where justified by the size and risk of the services being sought) might be considered.
• If you already have an outsourced environment, what disengagement rights and obligations do you have?
• Do you have a clear picture on equipment used to provide your ICT services? Is it leased or owned? What is its planned useful life? Does it need refreshing?
• Are there any other agencies interested in acquiring the ICT services being procured? If so, have you considered grouping your procurement so that two or more agencies with similar requirements approach the market together in order to share the cost and administrative burden of sourcing activities? Agencies should note that co-operative procurement is a policy focus for the Australian Government, as discussed in the Department of Finance and Deregulation’s Good Procurement Practice booklet GPP 03 - Cooperative Agency Procurement, published in December 2007.

Define the ICT requirement

Sounds simple, and yet a major failing in complex procurements is to fail to define the requirement. Key reasons for this include not allowing time to identify your current environment and future requirements and being focused on inputs rather than outcomes. Well-drafted request documentation which anticipates rights that the agency may need to call on throughout the procurement is a key tool for managing ICT sourcing risk.

Where you plan a multi-sourced environment, you need to carefully define bundles, boundaries and governance arrangements with care. Don’t rush - you will live with the consequences.

If ICT specifications cannot be completely defined at the beginning of the procurement process, or if an agency is sourcing emergent technologies or innovative solutions to its ICT needs, you should consider a procurement process which allows for industry input and engagement. This will allow for information gathering that can then be used to refine the agency’s Statement of Requirements. The flip side of this methodology is that you need to build in sufficient time to undertake this analysis while moving towards your sourcing goal.

Implement interim and transitional arrangements

Not having a Plan B or not leaving enough time to completely evaluate proposals, consult stakeholders throughout the procurement, and to complete investigations of solutions and negotiations can place significant pressure on decision-making. In worst-case scenarios, it can lead to short-cuts which have long-term adverse consequences. In this respect, you need to plan around the expiry of your current outsourced services agreement.

Agencies planning to source ICT services need to undertake "due diligence" reviews of their existing contracts early in the planning process. Where extension options are available, these need to be exercised in a way which maintains the value for money of services delivered under existing agreements.

It is also crucial that an agency plan for disengagement and any transition-in arrangements that must be implemented following the acquisition of the outsourced ICT services. Most disengagement risks can be managed (if not avoided) if the disengagement process is planned as part of the development of your ICT sourcing strategy.

You need to develop an up-to-date comprehensive disengagement plan. This is so whether you are moving from internal service provision or already have an external ICT provider/s. In the latter case, your contract most likely provides for a disengagement plan. You should therefore ensure your service provider/s provide you with such a plan/plans. The plan will initially be high level and then become more focused as your detailed disengagement requirements become clearer.

In planning disengagement and also transition-in services to a new provider, some issues that agencies should consider include:

• accurate asset and software licence identification
• detailed current environment plans and descriptions
• the extent of the current provider’s obligations to transfer technical or other knowledge to the agency, and the extent to which that agency will need that information for its sourcing activities
• costs associated with disengaging from a current provider; and
• arrangements for resolution of technical problems during the transition-in phase.

Specify governance arrangements

Agencies procuring outsourced ICT services will need to devote time to selecting the types of governance arrangements that will apply during disengagement and transition-in periods and during the new ICT sourcing term. Ideally, governance requirements should be specified in the disengagement plan and the request documentation.

The governance structure to be adopted will depend upon the nature and complexity of the ICT services being sourced. Effective governance relationships include:

• procedures for managing the relationships between vendors in a multi-vendor environment, and between those vendors and the agency
• the protocol for resolution of technical issues (such as clear definition of help desk and issues resolution responsibilities), including timeframes
• definition of the spheres of responsibility of individual vendors and the agency
• ongoing accountability and reporting requirements; and
• dispute resolution mechanisms.

Once you have these processes in place you are on your way to managing risks in an ICT sourcing procurement. Risk management is not, however, a static exercise - you need to deal with issues as they arise and close tasks as they are completed. You also need to maintain clear audit trails of your decision-making processes and activities.

For further information, please contact Alexandra Wedutenko and Magdalena Iwasiw.