The state of Virginia's $2 billion IT outsourcing deal with security firm Northrop Grumman Corp. has made national
headlines in recent months. Governance failures, missed deadlines, service outages and the firing of the state's former CIO have all led to questions about how to properly govern an IT outsourcing contract, and how to get this particular arrangement back on track.
Here is an edited and condensed transcript of our conversation:
What attracted you to this CIO position?
Coulter: What intrigued me about the Virginia situation was that it's probably one of the largest transformations going on in the world today … just the size of it, and of course the challenge. [I was drawn to] the way this was structured, as kind of a partnership transformation, with Northrop Grumman investing some of its capital to build the data centers, which are some of the top data centers I've seen -- they've done an excellent job of it. Also, it kind of keeps me in Virginia. I've been traveling pretty much nonstop for 25 years, and it's great not to get on a plane every Sunday night.
What do you view as the biggest problem with this IT outsourcing contract?
Coulter: I haven't spent a lot of time analyzing what went wrong. When I came in, I wanted to move things forward. I will say … the state-issued JLARC [Joint Legislative Audit and Review Commission] report is a good step-by-step of what's gone wrong with it.
If I were to point to anything on this, the one thing I've learned in the IT arena is that if you don't have the experience and haven't done this before, it's very difficult to say, in 2003, 'This is how it's going to go. We're going to structure this contract, and then expect it to be 100% accurate.' It is a very, very complex project. It's extremely large, and it's a change-agent project. You're taking 80-plus agencies that had been running independently and consolidating them, so there are elements of that coming into play.
Also, [there are challenges in] trying to outsource everything to one contractor, and getting the contract to where it's going to work perfectly. In my whole career, I've never seen one [single-sourcing contract] done well. I haven't seen an IBM or EDS one done where it's 100% accurate.
What about charges of governance failures and unenforceable service-level agreements (SLAs)?
Coulter: It's a judgment call, but the governance that's in place -- the way that the state and public sector has run in this -- I think it's worked in that it has brought certain things to the surface much more quickly than I think the governance model would have worked in the private sector. In the public sector, everything is visible. In the private sector, these projects sometimes can really get out of control. If I were to look at the governance, the way it's set up now, it's not perfect, but I think it did bring any deficiencies to the surface pretty quickly.
[As for SLAs], I can't tell you verbatim what's in the contract, but the way the contract works, if you miss an SLA, you have a chance to make that up in future months. It's probably not a heavy-penalty situation.
Is terminating the outsourcing contract an option?
Coulter: It's something the JLARC report looked at [but], from my perspective, the option is to make this successful. … As with any contract, it always needs to be modified over time to meet business conditions and governance.
How is the state looking to remedy these IT outsourcing problems with Northrop Grumman?
Coulter: We reorganized both teams [the Virginia Information Technologies Agency, or VITA, and Northrop Grumman] into a very customer service-focused organization, which we're in the process of rolling out right now. We're putting together seven teams that have all the expertise needed to do the transformation and ongoing support. We will have a one-stop-shop team to handle everything. We think that's a much different approach than before. Before, they were on a tower approach, where there would be a desktop team, a network team and a server team, and it wasn't very well organized. One team just worried about desktops, and wasn't talking to the networks people.
We already created a CIO council of about 18 members last month, with CIOs and IT directors of large agencies, plus some smaller and medium [agencies], two counties and a city, plus a Northrop Grumman project manager. We're using that council to help move forward with what we do from an architecture, project and process standpoint. We've included the agencies in the decision-making process, which was not going on before. It's helping me tremendously to focus on what the business is and what the agencies are concerned about.
What would you say to critics of this IT outsourcing deal?
Coulter: You know the media. What you read is not necessarily 100% accurate. I will say this: The project has brought tremendous benefits to the state. We now have statewide security processes, a secure network and very robust data centers. From that perspective, then, I think the project to date has created tremendous benefits to the state. It's always the bad news that gets out, but there is some very good news on what has been accomplished. Again, it's a very large transformation, change-agent sort of project.