This document summarizes a presentation on managing risks in innovation procurement. It discusses factors that increase procurement risks, such as demands for improved healthcare and cost efficiencies. It also outlines recommendations for managing risks, including thoroughly understanding procurement rules, defining requirements and specifications, using advisors, and establishing accountability and controls. Contracts should focus on outcomes and allow flexibility for innovation projects.
Accountability – Managing the Risks of Innovation Procurement
1. Accountability – Managing the
Risks of Innovation Procurement
A Bennett Jones Presentation
Council for Innovation Procurement, Ottawa, Ontario
Lisa Abe-Oldenburg, Partner
Bennett Jones LLP
October 24, 2012
2. Accountability – Managing the Risks of Innovation
Procurement
• Factors for Risk
• Innovation Procurement Risk Management
• Frustrations and challenges
• Key Recommendations and Best Practices
3. Factors for Risk
• Government leaders and healthcare stakeholders demanding
transformative improvements in healthcare and patient experience
• Demonstrable value for investment returns
• Funding sources require drastic cost efficiencies
• Overarching framework of procurement rules (the Directive and
Guidelines), governance scrutiny, stricter demand for procurement
best practices, lack of tolerance for project failure
4. Factors for Risk
• Must follow both Federal Freedom of Information and Protection
of Privacy Act (FIPPA) and Ontario Personal Health Information
and Protection of Privacy Act (PHIPPA) – FOI requests, access
• Technology regulation is evolving, e.g. personal health
info, regulating patient management software as a medical
device, emerging technology standards
5. Factors for Risk
• Aging legacy systems
• Pressure to successfully undertake more complex and cost sensitive
technology transformation
• Rush to innovate
• Technology transactions often entered prematurely and well before
the business case for the prospective project exists
• Increased complexity with wireless, cloud computing, open
systems
6. Innovation Procurement Risk Management
• Rules appear too complicated to foster innovation, but bottom line
is they have always been part of common law – codification of
conduct for public sector:
• Level playing field, open – equal access
• Non-discrimination
• No conflict of interest
• Fairness
• Transparency and accountability
• Value for money, audits, are you getting what you contracted for
7. Innovation Procurement Risk Management
• Must understand the procurement tools, Directive and
Guidelines, and best practices
• The regulations don't prevent use of Vendor of
Record, RFIs, RFQs, Single and Sole Sourcing
• S.10.2.2 of Directive: Senior level individual must be given
authority and be accountable for compliance and must work with
advisors and consultants, as well as the funding ministry, to
implement Directive
• Related requirements under S. 10.2.3 of Directive: seek legal advice
for compliance with Ontario Law, Contract Law, Law of
Competitive Process, Privacy Law, Accessibility Legislation, Trade
Agreements, Agreements on Trade between provinces
8. Innovation Procurement Risk Management
• It is not just about issuing an RFP with contract terms
• Contract needs to reflect the business case, as well as
designs, definitions and descriptions
• Separate technology innovation into three stages:
• Business case creation phase
• Design, define and describe phase
• Build or buy phase
9. Innovation Procurement Risk Management
• Start with research – graduated process to determine own needs
and define the desired technology innovation
• Understand operational requirements and desired performance
results
• Demonstrate value for investment returns
• Undertake risk analysis
10. Innovation Procurement Risk Management
• Define specifications ("spec blueprint")
• Operational, functional
• Technical
• Performance results
• Define deliverables and acceptance testing criteria
• Stipulate infrastructure connectivity and
interoperability/integration requirements
• Establish performance milestones for building to the spec
blueprint
• Allocate project management and accountability resources
11. Frustrations and challenges
• Common mistakes and pitfalls
• Don't have enough time to run RFP process
• Don't fully understand all procurement tools available, e.g.
RFI, RFQ, Single or Sole Sourcing – which procurement instruments to
use and when
• Poorly drafted, vague RFP ; no specs
• Ill-defined business case
• Often don't have same sophistication in CIO and business leadership as
private corporations – Boards of volunteers, lack of project management
• Failure to use consultants to scope out design and requirements
• No legal representation, deficient contracts
12. Frustrations and challenges
• Common mistakes and pitfalls
• Don't focus on business purpose and total lifecycle
• Unproven technology, innovation without graduated implementation
• No staged testing, review and change process
• No post-acceptance verification (through reporting obligations and service
level analysis)
• No contractual remedies to repair, replace, compensate, modify or adapt
the technology in ways that were not originally contemplated
13. Frustrations and challenges
• Standard contract terms and lack of flexibility
• IP ownership
• Unreasonable representations, warranties, indemnities, SLAs
• Privacy and cloud use concerns
• Risk and liability for personal health info
• Inspection and audit requirements
• Data storage requirements – location and segregation, cleansing
14. Key Recommendations and Best Practices
• Rules aren't the problem
• Thorough understanding of the rules
• Need improved contracting practices
• Establish internal controls and project management
• Implement internal accountability, dispute escalation and resolution
processes
• Plan before purchasing: business case, needs
analysis, diagrams, flowcharts, requirements
• Stakeholder involvement in defining the business case and communication of
desired results/outcomes
• Fully define criteria, specs (operational, functional, technical), results &
outcomes (e.g. end results, efficiencies, patient experience), blueprint
• Canvass the market
15. Key Recommendations and Best Practices
• Obtain guidance, best practices and legal review before issuing competitive
tendering documents
• Use advisors and consultants early to properly assess needs and
scope, infrastructure interoperability and integration
• Due diligence of systems, interoperability, connectivity and compatibility
specifications
• Proper due diligence of vendors
• Select Vendors who will take responsibility for personal information within
their control and breach of privacy and security, especially when providing
cloud offerings (e.g. SaaS, IaaS); and who will allow inspections and audit
16. Key Recommendations and Best Practices
• Innovation projects are dynamic
• Constant and flexible review and adjustment of project
• Graduated implementation, plan for change management
• Anticipate additional or different resource allocations
• Consider exit and transitioning-out strategies
• Transitioning away from failing technology
• Risk mitigation strategies
• Allocate responsibility for overall performance, contingency planning
(disaster recovery), service levels, results and outcomes
• Inspection and audit requirements
17. Key Recommendations and Best Practices
• Developmental testing, acceptance testing, post acceptance
performance verification, service level analysis
• Contractual remedies that practically address outcomes and
performance, not just financial damages, e.g. robust repair and
replace remedies
• Technology currency and ongoing refreshment obligations, right to
future innovation at best prices
• Participation in vendor's R&D programs