Lessons For HealthCare.gov: Former DHS CIO Talks Recovery
Former Homeland Security CIO Richard Spires says the key to running big IT programs -- and recovering when they fail -- is first-class program management.
Few CIOs understand the scope of disciplines needed to manage large-scale IT projects quite like Richard Spires. He led one of the largest business IT modernization efforts ever undertaken by the federal government at the IRS, eventually landing him the top IT spot there, and later, a deputy commissioner role in charge of operations.
The lessons he learned at the IRS (particularly the importance of program and project management capabilities) were sharpened when he became CIO of the Department of Homeland Security -- a position he held for nearly four years before leaving this year to start his own consulting firm.
For Spires, the core principles for recovering from an IT project failure are the same ones he would use for shepherding a big IT project in the first place: having the right program management talent and skills in place.
"I'm still a believer, nothing replaces the right kind of management discipline" on large IT projects, Spires told us. When a manager is under pressure, "you tend to want to shortcut the discipline to get the functionality in place. You can't take shortcuts and expect things to go any faster."
"It's always been my experience that it's better to take a little more time and get [the IT development] right than it is to continue to rush to get the next release into production for users -- because you don't want to disappoint them a second time."
In a recovery, just as with an IT project rollout, Spires stressed the need for a robust development and build process, hopefully moving to an automated build process so you can cycle-build faster, particularly when you're trying to recover from a failure. Similarly, you want to automate and speed up testing.
He also emphasized taking stock of the situation, understanding where the real issues are, and deciding on a plan. "I feel for those working on HealthCare.gov site" developed by the Centers for Medicare and Medicaid Services. "There's tremendous pressure from above to get things fixed. It takes strong program management to make the case that says, 'This is what we need to do to fix this' and then stick to those guns."
Spires recognizes there are times when bringing outside help can make sense to speed up the recovery process. Outside experts can help if they are the right kind of people in the technical areas where help is needed most. "You have to be careful bringing in too many new people, though, because their learning curve can slow down the rest of the team. It's a tradeoff."
It's equally important to reassess the rigor of your management disciplines and make adjustments. "What I've seen in government too often is you have organizations that just don't have much experience delivering large-scale IT programs. They don't understand the complexity level; they don't understand the discipline you need to bear." Some of that is an ignorance issue. In other cases, it's a cultural issue where agencies fail to devote the necessary talent and disciplines to managing large-scale IT projects.
Should an IT project with the number of issues HealthCare.gov has faced simply be taken down and repaired offline? The fact that the site had 400 software bugs that required fixing over the past two months speaks to the fact that it just wasn't ready to be launched -- and to the underlying lack of effective program management. "Given the number of problems... if politics wasn't an issue, I would have immediately shut it down."
Best-practices would favor taking the site down, making needed repairs, and relaunching it in a pilot mode with a small set of users. Meanwhile, a recovery team would do rigorous performance testing behind the scenes.
Another facet in a recovery is communication -- both internal and external. Inside the operation, it's crucial to have daily status reviews. Team leaders "need to have the pulse on what's going on" and have a forum to discover and jump on issues. Communicating outwardly is always more complicated, especially in a heated political environment. From a best-practice point of view, Spires is big believer in transparency. "It doesn't mean you have to communicate daily."
When he ran the IRS Business Systems Modernization program, "we would have monthly program reviews, and I would send the results of the reviews to all our stakeholders, including up to the Hill." The important thing is to tell it like it is. This builds trust and rapport with your stakeholders. But perhaps the most important communication effort a CIO can make is to educate senior leaders of an organization on the institutional importance of building a culture that values program management capabilities and disciplines.
There's no single migration path to the next generation of enterprise communications and collaboration systems and services, and Enterprise Connect delivers what you need to evaluate all the options. Register today and learn about the full range of platforms, services, and applications that comprise modern communications and collaboration systems. Register with code MPIWK and save $200 on the entire event and Tuesday-Thursday conference passes or for a Free Expo pass. It happens in Orlando, Fla., March 17-19.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.