IT innovation and program risk: Not an inseparable pair

As the world's largest buyer of IT, the U.S. government cannot afford to keep allocating more than 75% of agency IT spending to the operation and maintenance of existing, often-aging systems. Much of this legacy IT was developed using now-outdated methodologies -- a situation that creates unnecessary cyber vulnerabilities. However, the solution is not simply to replace old equipment with shiny new stuff.

One of the major impediments to IT modernization across the federal landscape is the acquisition process itself. Solicitations for modernization services must also be updated to mitigate risk and help IT-enabled enterprise transformation take hold -- especially in programs burdened with aging and costly technology infrastructures and applications.

New acquisition strategies can give federal agencies broader access to commercial capabilities and talent. The growing use of Other Transaction Authority agreements, which are exempt from most of the laws and regulations that apply to Federal Acquisition Regulation-based contracts, indicates that some agencies are already changing their "go to market" strategies. But OTA is still mostly a niche tool that not all agencies have the authority to use. Agencies' increasing emphasis on governmentwide acquisition contracts and “best in class” contract vehicles, such as One Acquisition Solution for Integrated Services (OASIS) and Alliant 2, highlights another strategy for delivering efficiencies and innovative solutions for IT acquisitions.

But there are several improvements that federal agencies and the General Services Administration should make to increase competition and leverage the government's buying power while also reducing their risk during IT modernization initiatives. 

First, new contract vehicles should be considered for IT modernization, focused on solutions or methods (e.g., DevSecOps) or new technology areas (e.g., robotic process automation, distributed ledger technology) to increase government access to potential vendors with relevant capabilities.

Second, the structure of procurements should not unduly disadvantage firms that primarily serve commercial customers. Agencies can attract more new entrants by minimizing requirements for government-unique administrative systems for accounting, procurement and pricing.

Third, past-performance criteria that only considers federal IT projects can limit agencies' access to potential offerors with applicable private-sector expertise with state-of-the-art solutions. Evaluation criteria should permit the assessment of potential vendors' commercial expertise and delivery risk based on independent industry evaluators such as Gartner or Forrester. Similarly, agencies should accept commercial customer references, with appropriate documentation standards and past-performance evidentiary “forms.”

Finally, agencies should more frequently use demonstrations for IT acquisitions, which allow offerors to show their capabilities or solutions rather than just describe them in a written proposal. This exercise can include hosting demonstration days, establishing a series of technical milestones before awarding a contract or incorporating technical demonstrations or development challenges as part of formal proposal evaluation criteria during the acquisition process. These practices are becoming common in commercial source selection.

Accelerating agencies' IT modernization is essential for reducing cybersecurity risks and delivering better mission outcomes across government. Agencies can increase access to commercial innovation and reduce program risk by ensuring that their "go to market" strategies for IT modernization encourage and facilitate a broad spectrum of companies with relevant capabilities and experience to compete.