Auditor general Karen Hogan painted a clear picture of mismanagement around the ArriveCAN app in her recent report, concluding the $59.5-million app did not generate “value for money.” Her inability to determine the total cost of ArriveCAN – owing to poor quality documentation – brought to mind the challenges we faced in our 2022 research on government contracts.

We found that the federal government spent an estimated $4.7 billion on IT contracts in 2021-22 alone, but as with ArriveCAN, the data describing these contracts was incredibly difficult to make sense of.

The newly released report found that departments and agencies involved with ArriveCAN clearly breached government procurement policies in several ways. Documentation from contractors was so incomplete that it wasn’t possible to accurately assess the cost of the app. GCstrategies, the primary vendor, helped the department develop a follow-up competitive contract that it then bid on and won. User testing was incomplete, security protocols weren’t followed.

What should be done in response to the findings? A classic response from Ottawa to this kind of report would be to add more rules, more oversight mechanisms, and more internal processes to prevent more scandals. But following this age-old pattern will all but ensure that failures like ArriveCAN and its IT scandal predecessor Phoenix continue.

The blatant breaches of contract management identified in the AG report are unacceptable. That goes without saying. But the set of rules and processes governing IT in the federal government as a whole need to be revised if we want to get “value for money” from federal IT projects going forward.

Too dense, too cumbersome

As a starting point, the set of rules and processes governing IT management and contracting are already so dense and cumbersome that they themselves pose a threat to good public management.

Federal government IT teams spend more time on compliance and oversight paperwork than they spend building quality online services. Complex procurement rules and processes also tilt the playing field toward established private vendors whose expertise is in navigating government processes, not necessarily in developing good IT systems and products.

Allegations of threats and lying perturb the federal public service

ArriveCAN jaw-droppers and Sean Boots’s 10 steps for revolution | The Functionary

The federal government needs a digital transformation

SIGN UP

The inner workings of government

Keep track of who’s doing what to get federal policy made. In The Functionary.

Read it now.

SUBSCRIBE

The Functionary

Our newsletter about the public service. Nominated for a Digital Publishing Award.

Departments often default to outsourcing because contractors don’t have to abide by the complex rules and processes public servants face, allowing them to move more quickly. We’ve learned this in interviews with federal public servants.

Perhaps most concerning, procurement rules and processes favour large IT contracts despite overwhelming evidence that large contracts are likely to fail. It takes so much effort to set up these contracts that public servants are incentivized to “go big” even though extensive research shows that creating several smaller contracts will lead to greater project success.

Reforms to start with

What rules and processes would help the federal government out of its IT mess?

Countries like Estonia, the United Kingdom and the United States have taken clear and deliberate steps to improve their government tech capacity. For Canada to follow in their footsteps, the federal government should rapidly pursue the following reforms:

• Adopt spending controls that dramatically lower the cap on the size and duration of IT contracts. These measures are frequently and inaccurately confused with contract splitting. Contract splitting involves the intent to circumvent transparency disclosures, competitive bidding, or spending control limits. Breaking large IT projects into smaller, more manageable pieces is simply good practice. Government can more easily dispense with vendors that underperform. This approach also broadens competition for bidders.
• Streamline HR procedures to hire faster. Among other reforms, adjusting the security clearance process could allow new public servants to start at the “reliability” clearance level instead of waiting months for “secret-level” clearance. This would allow departments and agencies to build in-house teams more quickly for pressing IT needs versus having to outsource the work. Core digital teams could be built to work effectively with vendors when limited outsourcing makes sense.
• Allow for multidisciplinary teams. They are the secret sauce of world-class digital services. A wide mix of roles – designers, design researchers, software developers, product managers – all work as part of a single team. Government staffing procedures and organizational models still reinforce “monoculture” teams, all made of a single classification. They make it nearly impossible to create teams where public servants in one classification report to managers in another. This is entirely at odds with how modern digital-service organizations are managed.
• Shift ownership of tech-related intellectual property. Government of Canada policies emphasize that vendors should own the intellectual property of any custom software produced through government contracts. This is a flagrant recipe for paying for similar software over and over. This policy should be reversed as soon as possible so that when the government pays for custom software it owns it.

Who’s in, who’s out, and what’s up in the federal public service? |The Functionary

Canada’s tech policies and priorities aren’t doing enough to make citizens safer online

• Mandate open-source software across the board. For decades, leading private-sector technology companies have been creating and using open-source software. Canada is years behind its government peers in adopting it. Software that is open source is more secure and higher-quality than software that isn’t. Open-source software is easier to audit and easier to quickly fix when issues emerge, and vendors working on open-source software are motivated to do their best work since the public can observe their efforts firsthand. Governments publishing their software as open-source code also improves public trust and transparency, by showing the inner workings of systems that citizens interact with.
• Improve cybersecurity and access to modern tools. Public servants work with technology that is often a decade old or more. Outdated software and outdated security approval processes hamper the effectiveness of public servants and put the data of Canadians at risk. Adopting an “approved once, approved everywhere” approach and more permissive use of open source and software-as-a-service tools would make public servants substantially more effective and capable, and would put them on the same footing as the private contractors on which they are overly dependent for digital services.
• Improve cloud adoption. The Government of Canada has taken several steps backward on cloud adoption. Late last year, it watered down its guidance, from “cloud first” in 2018 to “cloud smart” in 2023. It then announced that cloud specialists across the public service would move to Shared Services Canada (SSC), an eerie repeat of the mistakes inherent in the creation of SSC more than a decade ago. Cloud infrastructure is almost always cheaper and more scalable than traditional data centres when implemented well. This requires application development expertise working closely alongside cloud infrastructure expertise – in a multidisciplinary team rather than siloed away in separate departments like SSC.
• Improve reporting on IT projects and contracts. The federal government should comprehensively track vendor performance, as we wrote about more than a year ago. Departments should disclose annually the total amount they spend (on a per-vendor basis) on IT and professional-services contracts. Proactively disclosed contracts data should include improvements in data quality and granularity (such as business numbers that would allow observers to more accurately group together contracts from the same vendors). Other countries have addressed similar transparency gaps with tools like the Open Contracting Data Standard. Adopting this standard would help prevent a repeat of the glaring data gaps identified in the ArriveCAN report.

Lastly – and perhaps most importantly – the federal government should hire external technology experts, appoint them as deputy ministers, and mandate them with implementing the steps above. These recruits should not be management consultants or sales VPs. They should be people who have actually built and shipped modern software products and digital services that people want to use.

Several provincial governments have outstanding digital leaders who could serve as inspiration. Unlike the federal public service’s current leadership, which has for the most part never been asked to understand technology, these outside experts will understand why the changes we’re advocating for matter to the quality of government and of service delivery to the public. Without this injection of new leadership, IT failures like ArriveCAN will inevitably continue on as the federal government standard.