Imagine your favorite world class service provider replacing the Board of Directors and key executives with people without any experience in managed services. Then limit the provider’s authorities to use their own funds or execute projects with the condition that key decisions for most routine business must go to another company, which has its own bureaucracy, priorities and little background in the provider’s industry. Then take certain procurement authority and put it in yet another company. All the while, your organization is held to the same expectations as other world class providers for delivering its services. Obviously, our provider would go out of business. Unfortunately, this is the situation of IT in the Government of Canada. However, if we organize and operate more like world class providers, we would be a very innovative, effective and efficient environment while accommodating the accountabilities of government.
Shared Services Canada
Shared Services Canada (SSC) was established by the Shared Services Act (SSA) “to standardize and consolidate … certain administrative services … and … enable those services to be provided more effectively and will support the efficient use of public money.” Innovation and security were implicit in the mandate, and the intent for SSC to manage its services as an enterprise is key (and somewhat unique). SSC has begun to successfully answer the question, “Would you prefer to have a few billion dollars hidden among departments or well managed in one fit-for-purpose organization?” Part of the reason for the Act and SSC was to consolidate risk into a fit-for-purpose organization that would have the expertise to assess and manage risk, thereby relieving the burden from departments with less ability to consistently assess risk. Also, the intention was to expand beyond IT into other areas – e.g., HR transactions – over time.
Providing IT services is not core to Government departments – IT is core to SSC. SSC is now a multi-billion-dollar systems integrator and managed services provider serving well over a hundred client organizations. SSC has performed well by making significant savings for the Government while reducing incidents, increasing Government capabilities and security, with good and improving customer satisfaction and steadily increasing demand for its services. While SSC continues to mature in meeting expectations akin to world class providers, many of the remaining challenges are outside SSC’s control.
Treasury Board (TB) and Treasury Board Secretariat (TBS) are obviously the governance implied in the analogy above. I believe the majority of people in these organizations work very hard with the best of intentions for the greater good – period. Nevertheless, this governance inhibits performance across the enterprise. Also, requesting organizations often wear the blame when progress is delayed due to TB/TBS processes and practices: 6+ month lead times through limited windows of the year to gain TB approval for routine transactions are not conducive to the success of a 24/7 service provider. This is one of the reasons projects take months and years.
In the case of SSC, this position was validated by the Gartner Review Expert Panel specifically addressing this situation when members told the Secretary of TBS, “You need to take the shackles off.” While these governance issues are very real, there is a reluctance to recognize the issues by affected organizations. With some friendly humor, I refer to this resistance as a bit of Stockholm Syndrome – people are afraid to admit their captors are the problem and will protect the status quo despite the negative impacts.
Another example of this hindering governance is in project management via TBS’s Organizational Project Management Capacity Assessment (OPMCA). This process attempts to assess an organization’s capacity to manage projects, however OPMCA is not certified by any credible industry body – e.g., Project Management Institute (PMI) – nor does TBS have adequate experience to assess SSC given SSC’s scope and scale of work. This has led to unnecessary delays and impeding SSC’s performance. Even though SSC successfully scored against OPMCA’s criteria and demonstrates continuing improvement, Treasury Board reduced SSC’s project authority, further impeding SSC’s progress and causing a backlog of work hindering many Government of Canada departments and their services to Canadians.
During my time at SSC, I recall being told that even if TBS wanted to recommend returning SSC to its previous OPMCA level, the Treasury Board would never approve it, which begs the question, “Why?” I also recall colleagues passing on comments from senior TBS officials saying that SSC was unnecessary and should be ended. When looking at how funding and authorities for SSC are routinely withheld, one wonders what other agenda is at play. What is important to understand is these actions negatively affect the breadth of the Government which SSC supports.
Divided House of Service Providers: A Missed Opportunity?
Delays, Confusion and Gaps
While SSC is the only organization charged with providing IT services for the Government as an enterprise, Public Services and Procurement Canada (PSPC), TBS and now the Canada Digital Service (CDS) are also providers of IT services. Government organizations have complained about the confusion by multiple organizations and sometimes conflicting guidance as to the role of each organization, including when the guidance is different than the law and official mandates. Forcing customers to go to different departments for infrastructure, software or cloud services based on artificialities makes the customer secondary to a parochial division of responsibilities.
Most significant projects require PSPC and SSC to be involved in addition to the customer organization, e.g., PSPC procures the applications and SSC provides the hosting, connectivity, security, operations management, and sometimes software. Some projects only require SSC and the customer organization. Significant projects require briefing up the levels of management for decisions to Deputy Ministers (DMs), and the time can be significant.
While the SSC DM and Associate are engaged daily on IT projects, this is not the case for PSPC – which, in fairness, is managing a much larger portfolio where IT projects are a minor portion. Add to this additional delay where CDS or TBS in its unofficial provider role are added. This is another reason projects take months and years.
Whether insourced or outsourced, the continuing trend of private and public sector enterprises is toward shared service organizations and maturing those organizations. SSC has demonstrated it can improve service and security, add capabilities, and save money by managing across the enterprise; however, no organization is lawfully mandated to manage the software of the enterprise to this same end. The Government continues to have significant software issues, e.g., being out of compliance in some of its software agreements and missing opportunities to save tens of millions of dollars through GC-wide enterprise agreements. In accordance with the Shared Services Act, SSC could easily seize this opportunity.
Public Services and Procurement Canada
The Minister Responsible for SSC has the authority to define the services provided under the Shared Services Act. The definition includes data centre services, which includes processing and storage of GC data, even in cloud or Software as a Service (SaaS) environments. Therefore, under the Act, no other department than SSC may host (or contract the hosting of) GC data, as it is a data centre service. Government organizations affected by the SSA must obtain their services from SSC and nowhere else (including PSPC), and doing so is a violation of the Act. Yet organizations continue to unlawfully obtain these services from PSPC (this definition of unlawfulness was confirmed by Department of Justice attorneys prior to my departure).
To illustrate how previous lines begin to blur, let’s look at software currently provided by SSC to GC customers:
- Microsoft Office is provided on desktop and laptop devices.
- Microsoft Office 365, which is a SaaS service, is also available from the Microsoft Enterprise Agreement, procured and provided as a service by SSC.
- Why would management of this agreement and of the service change if the Government moved to Office 365? Logically, SSC would continue to manage both, yet the current environment might cause a change due to artificialities in governance.
Treasury Board Secretariat
Many may be surprised TBS acts as an IT provider although it is not in TBS’s mandate. TBS is increasing its role as a service provider by providing certain centralized IT and collaboration services. There is an obvious concern regarding what checks and balances exist for TBS initiatives, e.g., contract management, and OPMCA (this is akin to “owning the bank and counting your own money”), and there have been issues.
Canada Digital Service
Canada Digital Service was based on the UK’s Government Digital Service and the U.S.’s 18F, both of which were established for different reasons facing those countries. The justification for CDS used examples of ongoing successful projects and the assumption that more departments would have such successful projects if CDS were created. However, if the example projects were successful without CDS, then why is the cost and overhead of a new organization warranted? CDS is an answer to other countries’ problems.
At its inception, CDS’s stated mission was:
- Facilitate the reuse of existing solutions within the Government to minimize the waste of redundant solutions and associated costs, and
developmentof innovative solutions.
However, one of the earliest examples of CDS’s efforts seems inappropriate. Learning of a ministerial trip abroad, CDS quickly developed an iPad solution for ministers to carry their documents digitally instead of hard copy. Most TBS documentation is classified SECRET. CDS unfortunately looked past existing solutions for classified electronic binders and sent a ministerial delegation with classified info outside of Canada on a redundant new system without proper security review.
Another example is the request-a-new-citizenship-appointment service. The basic question is why would one make the significant investment to develop a service when this type of commodity application can be bought stand-alone or as a service with a credit card, probably better, faster and cheaper? Where was the business justification?
CDS, as created, is:
- Not held to the same standard for project management, standardization and security as SSC and other departments, and
- Taking on significant risk for the Government by pursuing developmental projects and not anticipating the risk, resources and processes necessary to compete with industry as a mature software development organization (i.e., how would CDS expect to compete with CA, CGI, IBM, Microsoft, or Oracle in developing software and systems?).
This redundant organization is not needed as currently constituted.
Mitigations and Recommendations
Change in Governance: SSC Board of Directors
The current governance structure of SSC has demonstrated to be insufficient for SSC to achieve its objectives supporting the Government. While SSC has an advisory board composed of customers in the form of the Deputy Minister Committee on Enterprise Plans and Priorities (DM-CEPP), SSC needs to be governed by a competent Board of Directors composed of very senior managed service-provider industry veterans who would report to the Minister Responsible for SSC.
The SSC Board would ensure SSC operates more in line with industry norms to be more effective and efficient. The SSC Board would have the typical committees to fulfill its fiduciary duties and provide transparency to the Board’s and SSC’s operations. The Board would ensure:
- SSC is fully audited using the same guidelines and processes as a public company (which are often stricter than many government departments).
- Proper benchmarking, transparency and oversight of its finances, operations and security by qualified internal and third party auditors.
- Appropriate succession planning and hiring for key leadership roles based on competitive compensation.
- SSC achieves the vision and objectives of the Shared Services Act.
Change in the Constitution of SSC: Department, Agency, Crown Corporation?
Since its inception, there has been some debate about how SSC is constituted: should it be an agency or even a crown corporation? Maybe the answer is something else.
SSC needs the same organization, capabilities and controls as the world class organizations to which it is compared while maintaining the intimate relationships with colleagues across the Government, through the Deputy Minister level. One should consider successful models such as Defense Construction Canada or Nav Canada while maintaining the DM-level relationships of a typical department. An answer may be to have two organizations with the DM, Associate DM and select executives dual-hatted across both organizations. For example:
- SSC, the Department/Agency, would be responsible for bureaucratic functions, while
- SSC (by another name?), the Agency/Crown Corporation, would be the larger operational entity organized very much like industry world class providers.
If there are effects on the workforce (e.g., retirement plans), these can be grandfathered to minimize the impacts on employees and help for a smooth transition.
Change in Authorities
Another aspect crippling SSC’s performance is its limitations of authorities, especially when compared to the reference group. Following is a summary of proposed improvements to SSC’s authorities:
- Financial, contractual and procurement: double existing authorities for obligating and committing funds for projects and services, and make exceptions and governance subject to approval by the new Board of Directors.
- Relieve SSC from OPMCA oversight and institute a recognized industry regimen with third party certification (e.g., Project Management Institute) and oversight by the Board.
- Provide greater latitude for SSC to hire, terminate and compensate people in line with industry norms.
- Provide more flexibility in SSC’s acquisition rules or perhaps its own rules – there are examples in other countries.
Consolidation of Service Providers
The consolidation of services among PSPC, SSC and TBS (incl. CDS) is a “low hanging fruit” opportunity. Each department has its own hierarchy with different mandates, agendas, cultures and resources. The excessive delay and extra cost cannot be overestimated based on this current model. The only organization mandated to run GC IT services as an enterprise is SSC; therefore, the logical step is to consolidate to SSC.
Simply put, the IT missions and resources from PSPC and TBS need to be transferred to SSC, with the exception of the retained CIO and staff equivalent to other partner departments. The reality is the more that is transferred, the better the result for each department. Following is an estimate of the transfer (while this may be dated, it is illustrative):
- Included: IT and IT procurement as a service (e.g., GCDocs)
- NOT Included: IT services apart of PSPC programs (e.g., Phoenix), however this should be reviewed on a case-by-case basis
- Enterprise applications and
information management, e.g.:
- Shared Case Management Service (SCMS)
- Hardware and software procurement
- <300 personnel (DG-led; includes ~10 procurement personnel for applications); estimate $21–41M budget
- GC Tools
- ~15 Personnel (paid by ~$1.5M revenue from Depts)
- CDS in its entirety
- GC Tools
This consolidation is very achievable with minimal disruption. Moving the entire organizations, including people and budgets, provides an existing management structure around which to organize. The ~315 personnel are ~5 per cent of SSC’s current staff with an associated small budget by comparison to be absorbed by SSC. Lastly, minimal administrative changes are required as the Shared Services Act [Subsection 6(a)] already provides for addition of these services.
Organization of Consolidated Resources
SSC currently provides some software services within its Data Centre Branch. This organization would be moved out of the Data Centre Branch and combined with the majority of new resources under a new branch. The mission of the new branch would be to provide software services (including SaaS), and achieving certifications (e.g., CMMI Levels 3-5) would be near-term objectives to benchmark its capabilities and operations.
Benefits can be summarized as:
- Productivity boost to affected organizations and supporting GC customers and Canadians
- Single DM structure cuts existing managerial governance by at least half, significantly reducing decision cycle time and focuses on IT daily
- Simplifies and streamlines IT services for customers
Netneutral cost to GC – budgets and people move together
- More closely aligns with Gartner report recommendations
- Improved security, building on SSC’s demonstrated success in security management and culture
- Hard dollar savings through further procurement consolidation
- Accelerates standardization and consolidation of the IT enterprise
- More capability to provide integrated digital services to Canadians
To give some sense of what can be achieved through consolidation, it may help to look at what a total GC consolidation could achieve based on industry experience. For consolidation of environments such as the GC’s current state, 20 per cent savings from total spend is considered a safe and achievable goal. Given the total IT spend of the Government is in the range of $5 billion per year, a 20 per cent savings would be $1 billion. If we reduce this by half to be safe, we still achieve a significant savings of $500M per year. These savings are realistic by industry experience, while providing improved capabilities, and show the continuing improvement possible by continuing the vision of the Shared Services Act.
In the spirit of open government, I hope these recommendations will be seriously considered and implemented.