Botched VA Contract Shows How Not to Do a Cloud Broker Program

A Veterans Affairs Department inspector general’s report on how the agency blew $5 million on a botched cloud broker program should be mandatory reading for any tech-focused program manager or executive.

Released Tuesday, the audit offers a guide of what not to do when it comes to implementing a cloud brokerage service. It depicts a trail of missed program management practices, bypassed testing and an improper funding model that left VA spending millions on something with “limited brokerage functionality.”

In other words, VA spent more than $5 million on two task orders for its 3X Cloud Expansion/Production Environment that had zero return on investment.

“Ultimately, any potential benefit to veterans and taxpayers could not be realized,” the audit states.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

For starters, a definition: A cloud broker “manages the use, performance and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers,” according to the IG. The federal government’s default definition for cloud computing was developed by the National Institute of Standards and Technology.

Cloud brokers are gaining in popularity because the market for cloud services in government is growing.

So what went wrong with the VA program?

According to the audit, a sub department in VA’s Office of Information Technology issued a $2.6 million task order in September 2013 through the department’s Data Center Acquisitions Transformation Twenty-One Total Technology contract. That money was to be used for “servers, software suites, software licenses, hardware and software support.” The office would make a second purchase order of $2.8 million for “cloud front-end software implementation and management, vendor contractor travel and software consulting and training credits.”

The IG audit found the project manager—whom the IG does not name—“did not ensure formal testing and acceptance were conducted on project deliverables as required by the contract.”

The entire project also wasn’t performed in accordance with VA’s Project Management Accountability System, a protocol VA uses to ensure projects are proceeding as they are supposed to. According to VA policy, any IT project with life cycle costs of more than $250,000 is subject to PMAS.

This mistake may be attributed in part to what was obviously an IT project being funded incorrectly, not from VA IT systems funds, but instead from VA franchise funds, a different money pool altogether. Large IT projects automatically trigger PMAS, but rules are different for franchise funds.

“These deficiencies occurred because of a lack of executive oversight and ineffective project management. Without enforcement of these oversight controls, OI&T could not ensure the value of contract deliverables or demonstrate an adequate return on investment for the project,” the audit states.

Read the report for more egregious details of mismanagement in the program. The program manager told auditors he “completed the acceptance criteria sheet, but that he was not sure if he had provided it to anyone.”

“Ultimately, the project manager could not provide any evidence of testing of contract deliverables or whether the product met minimum acceptable requirements,” the audit states. In addition, auditors found that the program manager continued regular dialogue with the prime and subcontractors despite being ordered by his supervisor not to do so.

Issues came to a head when a technical writer developing a user guide for the cloud brokerage system had to create a spreadsheet to document “numerous issues.”

A little over a year after the first task order was issued, in January 2015, someone called VA IG’s anonymous hotline with a complaint. The complaint coincided with a contract performance review in which the project manager “stated the cloud broker technical solution was not currently supportable as an enterprise service and that an alternate path was being pursued.”

“We substantiated the allegation that Enterprise Operations spent over $2 million on a cloud brokerage service contract that provided limited brokerage functionality and that VA’s actions did not ensure adequate system performance or an adequate return on investment. We identified that the total project costs exceeded $5 million and that limited capability prevented it from being used in a production environment,” the audit stated.

Any semblance of proper project management would have helped, the IG argued and delineated in its recommendations to VA. VA officials, responding to the IG complaint, agreed to all three IG recommendations.

In the meantime, the department spent $5 million on something that isn’t helping veterans and certainly didn’t help taxpayers.