Vendor Management Gone Wrong

The Ontario government effort to port all their health programs to the internet, called eHealth has received a lot of unfavorable press lately from the news media. An audit of eHealth spending practices unearthed many questionable expenses. Most of these expenses were for petty amounts attributed to consultants, such as coffee and muffins but there were a few big ticket items which the auditor pointed out as well. One of these was a $30M (all figures in Canadian dollars) contract with IBM which was awarded without competition. These sins were written and talked about in various media sources and brought intense heat on the sitting Liberal government. The government fired the eHealth CEO, Sarah Kramer, in an attempt to deflect some of the heat. Sarah fired back at the government in an article in today’s (Monday, October 05, 2009) Toronto Star by staffers Robert Benzie, Rob Ferguson, and Tanya Talaga.

eHealth has a mandate to bring Ontario health records online by 2015. It has had a troubled past since its inception as Smart Systems. Smart Systems was the creation of the previous Progressive Conservative government (which may explain its morph into eHealth) in 2002 and consumed $647M (CAD) and produced relatively little in the way of results for all that money.

I find this story rather interesting because, whatever mistakes she may have made as CEO of eHealth Ontario it appears she knows something about Procurement Management. She responds to the implication that she was responsible for awarding the $30M contract to IBM without competition and her allegations tell a story of vendor selection that broke all the rules of good procurement management. Reading the story and Sarah Kramer’s allegations provide a good tutorial on how not to manage vendors.

Sarah told the reporters that she had warned the Ministry of Health brass that the contract was bad. “I vigorously opposed the terms of the contract, and said so to both the deputy minister of health, Ron Sapsford, and the assistant deputy minister in charge of the contract, John McKinley,” “I advised those officials against signing the contract, but my advice as ignored. It was my analysis that the contract was not specific enough in terms of the concrete deliverables from IBM.” She said that she felt the contract, as written, would be “opening the door for expensive change requests down the road.” Two of the areas which were left vague were training and security. According to Sarah Kramer “requirements for knowledge transfer or training once their work was complete were absent, and provisions around privacy and security of personal health information were insufficient.” Government officials, including Ron Sapsford, declined to comment.

The contract with IBM was a centerpiece of Auditor General Jim McCarter’s report on eHealth spending. The contract was approved by Deputy Premier George Smitherman and Finance Minister Dwight Duncan, members of the management board of government. Freedom of information laws makes all government information accessible to the public but the Ontario government has fought tooth and nail to keep the Auditor General’s report from the public.

The first fact that jumps out at me from this story is the departure from accepted project management practices, and apparently the IBM contract was not an isolated incident, there were $16M more in untendered contracts to consultants. The first misstep was the lack of solicitation. IBM might be a preferred vendor, but in my opinion the outsourcing organization should always solicit bids to determine a reasonable price range when money is such a critical issue. I assume the contract contains some form of Statement of Work (SOW) and in Sarah Kramer’s opinion the SOW is lacking in deliverable details in the areas of training and security. Hopefully someone will look to the reasons for this – if the contract was solicited using an RFP, the RFP may have left specifics to the vendor to supply, as they would define the solution. Training and security deliverables should be defined by the vendor in that case and the contract should have gone back to the vendor for revision before being signed. The RFQ would normally contain the SOW with deliverable details where eHealth had already defined the solution they wanted. IBM would have requested a meeting with eHealth if there was something in the RFQ, or RFP they didn’t understand. In either case, no contract should have been signed without that clarification.

According to government documents obtained by the Star as part of their research on this story, the IBM contained what the government refers to as “headroom”. Apparently headroom is government jargon for unallocated cash that can be used to cover “other costs”. Sarah is absolutely correct in her prediction that lack of deliverables in the SOW will lead to change requests down the road and I would be surprised if the government would have any “headroom” at all after paying for their changes. Training of government employees in the new system isn’t mentioned in the SOW and custom training in the IT world is costly.

Sarah Kramer’s dilemma brings me to the question: what exactly is your responsibility to your customer/client/employer in a case like this? In Sarah Kramer’s case, she alleges that senior government officials signed the contract over her objections and it is very likely that she behaved ethically in doing so. We should realize that the person who has signing authority over the project or program budget is the person who ultimately has the responsibility for ensuring that the budget is not misspent. The article doesn’t mention whether Sarah warned the government officials of the risks entailed in signing the contract, but I can’t imagine her objecting to the signing without providing her reasons, the same ones she shared with the Toronto Star. I believe that Sarah did act ethically in this case (providing her allegations are accurate).

Ethics call for us to use procurement management best practices when outsourcing work or materials. These best practices are described in the PMBOK® and are taught in any good PMP® Course or other PMP® Exam Preparation training. The choice of vendors will obviously be the ultimate responsibility of the executive sponsors of our projects and our duty is to provide them with all the information they need to make an informed decision. We may know, as Sarah did, that they didn’t have the information they needed, or are ignoring important information in which case it is our responsibility to tell them this. We should also point out the risks, in terms of cost and time, of ignoring our advice. When we have done that, we’ve done all we can do. Our decision at this point is whether to stay and help clean up the mess resulting from the impending disaster or to walk away to avoid being associated with the mess.