achieving cost reduction, efficiency and managing risk
By Simone Hume, Head of Public Sector, Outsourcery
Over the years many government departments and agencies have outsourced their ICT services to large System Integrator (SI) organisations, in some instances believing they had also outsourced the risk by doing so. However, outsourcing everything to SIs has been proven not to work on many levels.
The practice has led to: contract lock-in with departments paying a premium in both time and money for any ‘contract changes’; business risk in moving away from the chosen supplier leading to multiple extensions with no real competition; capital investment in physical infrastructure that becomes outdated and sub-optimal over the course of the contracts, requiring constant upgrades (in many cases legacy infrastructure becoming either over- or under-specified to meet an organisation’s changing requirements and a barrier to transformation); and an inability to take advantage of new technology and cost reductions; to name but a few.
The world, however, has changed. Government has woken up to the fact that having a small number of large SIs controlling billions of pounds of government ICT spend isn’t driving innovation or efficiency and, more importantly, isn’t delivering the new services UK citizens expect, need and deserve. So, what is the answer?
There has been much debate around the tower model, stimulated by recent Government Digital Service (GDS) and Cabinet Office comments on how some recent implementations of the ‘tower model’ remain procurement-driven and have failed to achieve true service disaggregation, and thus deliver the benefits that an effective disaggregated ICT service environment offers. The debate has now moved on and is no longer about whether services should be disaggregated, but rather how best to achieve it at the lowest cost, with minimal risk to service continuity.
Much of the debate around ‘tower models’ seems to be missing the fundamental skills-challenge facing public sector bodies. Not every government department currently has the in-house expertise and governance to manage multiple suppliers and successfully integrate their services. In some instances, this is driving departments into the relative comfort of old-style procurement practices.
Delivering transformative services, previously managed entirely by a small number of major suppliers, requires a significant commitment to rapidly gaining the in-house skills needed to take overall control of the disaggregated service environment and ultimately to deliver the required benefits for users and citizens.
Until the skills and experience gap for Disaggregated Service Management (DSM) can be bridged, it will remain tempting for departments and agencies to pass too much responsibility to third-party SI specialists who may have a better understanding of the technology, but unfortunately not always of public sector users’ needs and business priorities.
Furthermore, adopting such an approach dilutes the ambitions and benefits of the disaggregation strategy, restricts the opportunity to engage directly with new suppliers (SME’s in particular), thus slowing down business-led transformation and innovation. There is, of course, a role for traditional suppliers, however, not in maintaining old delivery models and behaviours. This requires a fundamental change in approach to how their portfolio of services are offered and procured.
Moving from a fully outsourced environment to a disaggregated model, whereby a department takes control of their own services, involves significant cultural change across the organisation and supply chain. Departments need to instil personal and collective empowerment throughout their organisation in order for staff to take control, be clear about their requirements and take ownership for delivery.
This will lead to departments challenging, driving and demanding better services from suppliers, at better prices, to meet their user needs. A lack of in-house skills and experience will be addressed and therefore must not be seen as a reason to delay or avoid service disaggregation.
Achieving disaggregation’s aims
In order to accelerate the journey towards creating a truly disaggregated service environment, teams must ensure that the approach is flexible, agile, highly cost-effective and totally focussed on delivering the government organisation’s objectives and priorities, whilst managing the risk of moving away from traditional outsourced models.
To achieve this, the public sector can successfully adopt either of the following models to reduce and manage operational cost, comply with government policy and mitigate risk in ICT service disaggregation, dependent upon individual circumstances: multi-source with in-house service integration or multi-source with external managed services/Service Integration and Management (SIAM).
However, in order to be successful, and common to both models, must be the acceptance that responsibility and ownership for delivering the business outcome must remain within the department and that overall control of ICT systems and infrastructure must not be passed to a third-party, or multiple suppliers, after the initial transition period.
Managing and mitigating risk
The management of risk is a key factor in the transformation of ICT service delivery envisaged by disaggregation. Clear identification and management of supply-side risks and on-site public sector customer risks, will mitigate their potential impact and therefore eliminate the related cost of a disaggregation project failing to meet its original goals.
In addition, government has recognised that procurement and ICT acquisition policy has been inadequate and ineffective in managing risk and cost. New policies now support government departments in their journey to disaggregation.
For example, procurement policy now stipulates that no large, single, multi-year contract will be allowed for ICT services and that these services should, going forward, be disaggregated into smaller, modular cloud-as-a-service propositions.
Moreover, in a disaggregated service model, with shorter and smaller contracts, the risk to service represented by any one supplier is reduced. It is easier to replace a problem component or an under-performing supplier, than to fundamentally renegotiate or terminate an entire service contract. This reduction of risk should be reflected in the application of ‘suitable supplier’ tests applied during procurement.
It should be noted that the move to a fully disaggregated service is unlikely to be successful as a ‘big bang’ exercise, neither will it be effective if the migration is extended over a number of years. Migration plans should reflect a staged approach, application by application or service by service, which allows the risk to be managed whilst at the same time maintaining pace and momentum for the transformation.
Throughout government, there is a determination to make every taxpayer penny count. This has included a full overhaul of how ICT is procured and used across the public sector, in order to transform service delivery and achieve the best possible value for money. Through the G-Cloud, since 2012, over £120 million per year from the public sector IT bill has now been saved by improving government digital services and moving more processes online, ensuring that citizens’ experiences are simpler, clearer and faster. Put in to other terms, that equates to 16,000 nurses, 16 miles of motorway or one hospital.
The focus on innovation, agility and value for money was not possible when the vast majority of government ICT spend was with a small number of traditional, large ICT vendors. This left the public sector paying more for technology solutions and services, whilst falling behind in the acceleration of technology-enabled transformation which we now see being delivered in the commercial sectors by a host of new SME suppliers.
Therefore a multi-sourced vendor sourcing strategy in the government supply chain –rather than the traditional approach of a single supplier or prime contractor model which could lead to an over-reliance on the generalist skills of a few major ICT vendors – allows each supplier to specialise in their particular area of expertise, thereby raising the overall standards of delivery for the full department solution.
This, in turn, provides government with the ability to quickly switch suppliers to a higher-performing, or more competitive, vendor during the life of the service. The G-Cloud has led the way, by reducing contract lock-in for departments, lowering barriers of entry for new suppliers that bring a wealth of innovation to departments who previously didn’t have access to such services, and by actively supporting a multi-sourced strategy.
Government policy has created the opportunity for departments to move away from large, cumbersome contracts that restrict innovation and delay service improvements, often at a cost outside the original agreed scope of the contract.
With the resource constraints and level of organisational change required to successfully move to a disaggregated service model, engaging with SMEs is crucial.
Furthermore, with the addition of new procurement frameworks, such as the Digital Marketplace G-Cloud, government departments are now able to procure services more quickly than ever before. As a result, disaggregated service procurement provides government with the opportunity to regain control of their business requirements, deliver improved operational effectiveness and reduce risks and costs.
BOX OUT 1: Five steps to best practice
• Step 1: Identify user needs
• Step 2: Take ownership in-house – design, deploy, run
• Step 3: Minimise risk – design loosely coupled services and align to security principles
• Step 4: Reduce cost – utilise frameworks, such as the G-Cloud, which support multi-sourcing
• Step 5: Plan transition early
BOX OUT 2: Best practice standards
Increasingly ISO standards are the basis for establishing a best practice framework for government policy risk management, also enabling cloud vendors to collaborate more effectively using common practices, procedures and terminology.
• Content: ISO 17826 Cloud Data Storage Management Standard; ISO 15489 Document & Records Management Standard
• Process: ISO 22031 Business Continuity Management Standard ISO 14001 Environmental System Management Standard
• Infrastructure: ISO 27017 Cloud Security Management Standard ISO 27001 Information Security Management Standard
• Network: ISO 17789 Cloud Reference Architecture Standard ISO 20000 IT Service Management Standard (ITIL)
For more information, contact email@example.com.