CIOs take a new approach, put performance first
- By Richard W. Walker
- Jan 21, 2003
'The beauty of the [managed-services] model is that I just keep ordering up what I need and they have to figure out how to provide it,' says TSA's Patrick Schambach.
Henrik G. DeGyor
'You are trying to transform the delivery of IT into a service, just like we've developed the delivery of electricity, water, telephone,' said Nat Heiner, Coast Guard.
Henrik G. DeGyor
'I don't think we recognized the magnitude of the change we were embarking on,' said Rear Adm. Charles L. Munns, the Navy's NMCI director
Deidre Lee, the Defense Department's procurement director, says, 'We're saying to industry: We have a problem, you bring the solution.'
The landscape of government IT services acquisition is shifting.
Sure, agencies are buying more IT services. But the bigger story is that they are buying them differently. And they are looking at services acquisition differently'from an enterprise level point of view.
Underpinning this nascent transformation in services acquisition is performance-based contracting. Agencies are already feeling the heat to do more of it; it's high on the Bush administration's management agenda.
In essence, performance-based services contracting is this: You tell the contractor the result you want. You agree on performance metrics. And the contractor decides how to do it.
For the agency, then, outcome is everything. 'We are trying very hard to go to performance requirements rather than detailed specifications of 'how to', ' said Deidre Lee, the Defense Department's procurement director. 'That's what performance-based acquisition is all about. We're saying to industry: We have a problem, you bring the solution.'
The Defense Department 'used to be kind of an integrator,' she said. 'We would buy [the IT] and we would do the integration. You see us now buying a total service package.'
Steve Ehrler, the Navy's program executive officer for IT, said, 'We're really buying performance. We're not playing in the implementation details or the technology. That's a significant change for us.'Limelight on two projects
But performance-based services contracting is only part of the transformation. Much of the buzz in procurement circles is about managed services.
That's why all eyes are now on the twin peaks of the government services-acquisition initiative: the Navy-Marine Corps Intranet program and the Transportation Security Administration's Information Technology Managed Services contract.
How these colossal projects fare in the coming years will likely determine the direction of government services contracting. They also will be a fountainhead of lessons learned.
Under NMCI's $8.8 billion outsourcing contract, prime contractor EDS Corp. is building an enterprise network linking more than 400,000 service members to the intranet portal at sea and ashore.
To date, the Navy has cut over only 48,000 seats to NMCI. Defense CIO John Stenbit in December gave the go-ahead to move 100,000 more.
TSA's $1 billion IT Managed Services contract was awarded to Unisys Corp. last August to provide all of the agency's computers, software, networks, data centers and help-desk services at some 800 locations nationwide.
TSA CIO Patrick Schambach pioneered seat management in the late 1990s when he was CIO at the Bureau of Alcohol, Tobacco and Firearms and is now on the leading edge with his agency's IT Managed Services contract.
'Coming to TSA with the experience I had at ATF, I wanted to take the seat management concept and kick it up a few notches,' he said. 'I wanted to build in not only the traditional seat but a whole raft of new services on top of that'voice over IP, application development and access, and the whole public-facing Internet capability,' Schambach said.
But managed services isn't merely seat management on a grand scale.
The term seat management 'really doesn't capture what you're after here,' said Nat Heiner, chief knowledge officer for the Coast Guard. 'You are trying to transform the delivery of information technology into a service, just like we've developed the delivery of electricity, water, telephone as services.'
Thus, managed services is a fledgling business model that represents a new vision of the enterprise as a consumer of an array of integrated IT services.
'It's a high-level, strategic way of thinking about [the enterprise],' Heiner said.
While both NMCI and TSA's IT managed services share this strategic approach, in other ways the programs are poles apart. Each has distinct hurdles.
TSA is a new agency with no messy IT infrastructure, legacy applications or incongruous systems. Nor does it have an entrenched organizational culture. Schambach calls it a blank sheet of paper.
By comparison, NMCI officials and EDS are dealing with a filing cabinet full of used carbon paper.
When they opened the drawer on the Navy's IT infrastructure, they encountered a veritable junkyard of ancient networks (about 1,000) and legacy systems (about 100,000)'a situation that has caused major delays in the rollout.
Both Navy officials and EDS managers agree that it would have been better to have had a handle on the scope of the department's legacy IT assets much earlier, but it still might have been impossible to do a thorough inventory.
'I don't know that anybody could have ever visualized all of that until you actually dug in, especially in an organization that is as diverse as the Navy,' said Bill Richard, NMCI program executive for EDS.
The Navy's Ehrler concurred. 'The message we got from industry was when you get into these types of contracts nobody has a clear handle on what exactly they own,' he said. 'That's just part of the pain you've got to go through in deploying a [managed-services] contract like this.'
'In hindsight it would have been nice to have had a better enterprise, corporate-level view [of the IT environment],' added Rear Adm. Charles L. Munns, NMCI director for the Navy. 'I think we got a snapshot of it during year 2000. That was our first real effort to understand what we have. That's what made us understand that we really needed an intranet.'100,000 legacy applications
'You can look back at where the hurdles have been and talk about what might have been done differently but I don't know that we could have done it any other way,' he said. 'We needed a rallying point and that was the intranet. That's what got us to start to think corporatively.'
The department's tangle of 100,000 legacy applications have been the biggest hairball.
To get control of the situation, Munns last summer created a group of 24 functional application managers to make decisions about legacy applications. They quickly began killing apps that wouldn't work in a Microsoft Windows 2000 environment, were redundant or didn't meet NMCI security standards. Richard said this was a crucial step toward getting NMCI back on track.
Munns' 'emphasis on reducing the number of applications has been nonstop,' he said.
The number of legacy applications is now down to about 30,000 'but that's still too many. Our goal is to get down to about 2,000,' Munns said.
While it might not be feasible to know every LAN switch or proprietary application in an inventory, especially in a large agency with a 20-year IT buildup, it's still prudent to try to get some sort of idea of scope, observers say.
To this end, a total-cost-of-ownership study can help as well as allowing a preaward 'period of discovery' for vendors to inspect the agency's embedded IT base, said Sara DeCarlo, vice president of business development for AT&T Corp.'s government markets.
'I think we could have done more due diligence, especially in such an organization as the Navy,' EDS' Richard said.
In addition, services contracts can be written to allow for unforeseen circumstances.
'Not every single thing is going to be known,' DeCarlo said. 'Contractually, you have to build in some caveats.'
Despite starting from scratch, TSA's project also has suffered from scope creep.
When bidding on the contract, Unisys expected to deploy IT to 429 airport sites around the country. It turns out that there were about 800 sites, including additional airport locations and offsite offices, to be outfitted.
'So much of what we were going to need down the road was undefined a year ago,' Schambach said. 'I was lucky to know that there were 429 airports out there. But the beauty of the [managed-services] model is that I just keep ordering up what I need and [the contractors] have to figure out how to provide it.'
Tom Conaway, managing principal for defense for Unisys' global public sector, said: 'When you bid on something, you assume a certain level of complexity and you structure your proposal around that level of complexity. But when you get into the actual job, it's not unusual to find that complexity has increased over what you assumed it would be.'
In the case of TSA, 'We're restructuring our teams to deal with that,' Conaway said.
Another key to responding to unexpected complexity is flexiblity, he added. 'There has to be a true sense of partnership between the contractor and the government. Everybody has to remain flexible when these new complexities and new requirements come up'and they will'so that both parties are agile enough to deal with it,' he said.Determine expectations first
Managed-services relationships are complex and require effort on both sides, according to a recent report from market researcher the Yankee Group of Boston.
Issues and problems can be avoided or at least minimized 'if expectations are set up front, communication continues between service provider and enterprise, and all parties are as educated as possible,' the report said.
To be sure, managing the transition to a services environment and keeping a lid on organizational or cultural resistance to fundamental change is a major challenge for government managers.
'I don't think we recognized the magnitude of the change we were embarking on,' Munns said.
'We are going from an IT environment that was locally controlled and even locally owned to an enterprise intranet. That's a huge change.'Users resist migration
For instance, migrating users from old applications to new NMCI applications has engendered resistance.
'We're doing it corporatively instead of locally,' he said. 'We're defining enterprise applications instead of what anybody wants on a local machine.'
What Munns calls change management takes leadership from the top. 'We have to keep telling our people what NMCI is, why it is and why it is good for us,' he said.
The Navy's Ehrler advised a dose of realism for users during the transition: 'You have to temper expectations, educate [users] on what the contract is all about, that it is going to be work and they shouldn't expect things to get much better until later on.'
Switching to managed services also portends role changes for agency program managers as well. Their primary job becomes keeping tabs on performance and service levels.
Ideally, the managed-services model presumes a rigorous division of labor: the government provides the requirements, the vendor supplies the technology and design.
The reality, however, can get messy as managers try to adapt to a 'hands off the IT' approach.
'It's hard even to get my own people, if they're technically savvy, to keep from challenging the provider and saying, 'Why are you doing it this way and not that way,' ' Schambach said. 'They almost can't help themselves.'
'I have to keep dragging them back and telling them, 'Just evaluate whether the goal we set out is being accomplished at an [agreed-on] service level and stay out of the technical details of how,' ' he said.
Conaway of Unisys agreed. For managed services to work, 'the government has to be willing to turn loose on some of the controls,' he said. 'I can imagine that is a challenge for a lot of government managers to stay out of the detailed design fray. So there's a dynamic tension that has to be managed.'
Schambach said it's also difficult for vendors to stay on their side of the line and they will sometimes ask for opinions on a technical strategy.Technical issues
'Sometimes they invite our involvement in the technical [aspects],' he said. 'So it's a struggle on both sides of the table.'
Keeping the troops in line on both sides also requires leadership.
'Part of the key is that the management chain understands what we're trying to accomplish and how it's supposed to work,' Schambach said.
At the same time, assiduous in-house oversight is critical to ensuring that contract provisions are being met.
TSA's IT shop, for example, retains 110 program managers who oversee a spectrum of hardware and software functions.
'They define the requirements, put a measurement plan together, place the order through the managed-services office and then they track fulfillment,' Schambach said.
One hundred ten IT managers might seem too few for an organization of 62,000 users, but if they're doing their job they are enough, Schambach said.Define the service
'You need only enough to make sure you're getting what you're paying for,' he said.
Because service and outcome are the whole point of managed services, service-level agreements are critical to running the managed-services environment, observers say.
'It's one of the things that in a pretty significant way distinguishes managed services from everything else,' DeCarlo said. 'For example, you might need X amount of throughput. Whether you get it over fiber-optic cable or copper cable, it wouldn't matter. It's the X amount of throughput that matters.'
Knowing your requirements up front also is crucial. You have to know what you want.
'If you can't know that and articulate it there's no way a vendor can live up to expectations,' Schambach said. 'Pin down as much of the requirements as you can and from that total picture [determine] what piece you want to put under managed services first and in what sequence.'
Stan Soloway, president of the Professional Services Council and a former deputy undersecretary for acquisition reform at the Defense Department, said many of the problems incurred with the early seat management and other services contracts can be traced to flaws in stating requirements.
'I can turn something over to a contractor and say, 'Go do this.' But if my requirements aren't structured right, I'm really in trouble,' he said.
In the final analysis, it's a strong partnership between the agency and the contractor that will help smooth the road when bumps and potholes turn up. They have to work together as closely as possible, observers said.
'You don't just throw the requirement out to the vendor and measure them with a stopwatch to see if they accomplished it or not,' Schambach said. 'It needs to be an active, day-to-day involvement and there has to be a trust in each other. I see it as part of our job to help them make it.'
Thus, in a managed-services environment, vendor success means agency success.
'I said to the vendor on the very first day of contract award, 'I'd like nothing better than to write that check for $8 million [an incentive for meeting rollout targets] because that means I was successful,' ' Schambach said.
Those working with the new services model have no doubts that it's the way to go.