Tag Archives: development

Spend more on delivery, less on risk mitigation

Let’s do a simple Lean analysis of government IT system delivery projects. How much of our spend is on activities that directly create value, and how much is additional overhead? What percentage of our spend is value-creating?

The value-creating part of a software development project is primarily the actual development and testing of the software. Add to that the cost of the infrastructure on which it is run, the cost of designing and building that infrastructure, and perhaps the cost of any software components from which it is built. I mean to include in these costs the salaries of everyone who is a hands-on contributor to those activities.

The non-direct-value-creating part is primarily management overhead and risk mitigation activities. Add to these the costs of the contracting process, documentation, and a bunch of other activities. Let’s call these overhead. A great deal of this overhead is for risk mitigation – oversight to make sure the project is under control; management to ensure that developers are doing a good job; contract terms to protect the government against non-performance.

No one would claim that these overhead categories are bad things to spend money on. The real question is what a reasonable ratio would be between the two. Let’s try a few scenarios here. An overhead:value ratio of 1:1 would mean that for every $10 we spend creating our product, we are spending an additional $10 to make sure the original $10 was well-spent. Sounds wrong. How about 3:1? For every $10 we spend, we spend $30 to make sure it is well spent? Unfortunately – admittedly without much concrete evidence to base it on – I think 3:1 is actually pretty close to the truth.

Why would the ratio be so lopsided? One reason is that we tend to outsource most of the value-add work. The government’s role is management overhead and the transactional costs of contracting. Management overhead is duplicative: the contractor manages the project and charges the government for it, and the government also provides program management. Another reason is the many layers of oversight and the diverse stakeholders involved. Oversight has a cost, as does all the documentation and risk mitigation activity that is tied to it. When something goes wrong, our tendency is to add more overhead to future projects.

A thought exercise. Let’s start with the amount we are currently spending on value-creating activity, and $0 for overhead. Now let’s add incremental dollars. For each marginal dollar, let’s decide whether it should be spent on overhead or on additional value creation (that is, programmers and testers). Clearly we will get benefit from directing some of those marginal dollars to overhead. But very soon we will start facing a difficult choice: investing in more programmers will allow us to produce more. Isn’t that better than adding more management or oversight?

To produce better results, we need to maintain a strong focus on the value creating activities – delivery, delivery, delivery.

Optimize the whole

Let’s talk about how to reduce government IT cycle times (mission need to deployed capability). As the Lean principle urges, we need to “optimize the whole.” The “whole” in this case goes well beyond system development. We can implement Continuous Delivery practices but if we don’t address the other parts of the value chain, our impact will be tiny. And we’re shooting for a big impact, right?

To go from mission need to deployed capability, here are some of the steps we may need to pass through: gathering requirements into a monolithic “program,” documenting the program and its plan, satisfying oversight bodies, securing funding, executing one or more procurements (typically for development services, hardware, and software), onboarding contractors, developing and testing the product, having it retested by independent verification and validation (IV&V) partners, configuring production hardware and networks, receiving an Authority to Operate (ATO – verification that it is secure enough to release), passing it through a change control board, and deploying the system.

I’ve probably missed a few things here. But a few things should be clear. First, the “value add” development part is tiny compared to the whole (both in time and cost). Second, there are many opportunities for leaning out the process, even if we still need to execute each of these steps. Third – and most subtly – there are real “business” needs, in the government context, driving each of these steps. We really do need to ensure that the system meets FISMA security requirements. We really do need to secure funding through an appropriations process. And so on.

So the question for me is: how can we meet these “business needs” of the government through the leanest possible process?