This three-part series for our procurement audience by Paul Rogers is about the award of a $30m+ contract to a non-approved supplier by a Department in the Victorian State Government. The perspective adopted is not a political one, but rather an exploration of the procurement processes that may help organisations avoid similar malpractice in the future.
Part three of this three-part series explores the systemic issues raised for the Victorian State Government and for the status of procurement in Australia. All of the information referenced is in the public domain and my motivation is to highlight what happens when an organisation relies on external providers but lacks the capability to act as an intelligent customer. An intelligent customer is an entity that is capable of engaging with supply markets in a mature way and achieving value from the interaction.
What has this ‘one-off’ contract got to do with procurement?
Because while the nature of the project means that the details are in the public domain, the root causes of the failure are representative of what is happening in this jurisdiction. Here are ten dimensions of procurement capability that are sadly lacking across the sector in Victoria:
- The ‘do or contract’ decision was poorly handled in deciding to use private security
- Procurement planning – even at the most basic level – was absent
- Risk management was completely absent
- The governance mechanisms that should have applied were bypassed
- The sourcing process was risible
- The procurement strategy was weak
- The specification or scope of work was egregious
- The negotiation process was a model of poor practice
- The contract document was inadequate
- Contract management was inadequate
Let’s take Mary Poppins’ advice and start at the very beginning
1 Do or Contract Decision
When I was involved in the rebuild of Christchurch after the 2011/2012 earthquakes, the client needed thousands of workers quickly. They decided to outsource the acquisition of trade services but to insource the accreditation of those workers.
This gave them the ability to validate credentials, licences and bona fides of workers, as well as the means to rescind accreditation for miscreants.
In Victoria, they did not do this. Accordingly, when sub-contractors themselves sub-contracted the work, the State lost control over the capability of the staff involved.
Imagine if there had been an accreditation office within DJPR. Imagine if proposed workers were checked for visas, given appropriate training (in diversity & inclusion and infection control) and issued with PPE.
Imagine the control that this would have given the State!
Learning Point #1
The ‘do or contract’ decision was flawed. The Victorian State Government knew the market was immature, so cannot claim that it was a shock when Unified Security (with 89 permanent staff) sub-contracted most of the 1759 posts that they were asked to fill. The Victorian State Government is not an intelligent customer and should not outsource complex services without a demonstrable step-change in capability.
2 Procurement planning was absent
Why did the Secretary of DJPR engage a team of well-meaning staff without the merest semblance of any commercial acumen to let a contract for a complex high-risk project for tens of millions of dollars at short notice?
In terms of stakeholder management, why didn’t the team from DJPR engage their own Departmental procurement specialist? Oh wait, is DJPR the only Department without a dedicated procurement manager? Is that correct? Why then didn’t the staff ask the State’s Category Manager for Security Services for advice? Why didn’t they undertake a risk management plan?
Learning Point #2
The Victorian State Government lacks commercial acumen. The Secretary of DJPR lacks understanding of the procurement function and the procurement process. There needs to be a structured awareness-raising program to increase understanding of the procurement function and the procurement process for all senior Departmental heads in the Victoria State Government.
3 Risk management was absent
I have worked with practitioners at multiple levels of government in many jurisdictions and it is clear than risk management is a core capability of the public sector.But not in this Department of the Victorian State Government. The absence of any reference to risk in the planning and the risible attempts to transfer risk through the mechanism of a boiler-plated contract exposes the absence of risk management capability in DJPR. Is this another example of the fabled swiss cheese model of how disasters happen?
Learning Point #3
The Victorian State Government lacks effective controls on risk.
The Auditor-General needs to investigate the role of the Secretary of DJPR in signing a contract for $30m which was prepared by staff who ignored virtually every protocol and control that would have prevented this debacle. When the VGPB warned departments not to make commercially naïve decisions, wasn’t that tacit admission that departments in this jurisdiction are commercially naïve?
4 The governance mechanisms that should have applied were bypassed
Why didn’t the officers involved in this debacle, from the Secretary down, consider what governance was appropriate? The procurement specialist tried to introduce caution, but as is so often the case, urgency and escalation were used as excuses to find a way around the procurement ‘blocker’. Was a lawyer involved? Which other specialists were consulted?
Learning Point #4
The governance arrangements for (procurement) projects in the Victorian State Government are ineffectual. The State Purchasing Contract was ‘mandatory*’ * except when a senior manager claims urgency and picks their preferred supplier over a mandatory contract with five suppliers.
The Auditor-General needs to investigate the role of the Secretary of DJPR in signing a contract for $30m which was prepared by staff who ignored virtually every protocol and control that would have prevented this debacle. One option is to separate the authority to spend money (expenditure approval) from the authority to select the supplier (commitment approval).
If, as has been claimed, the VGPB warned Departments of making ill-advised COVID ‘deals’, is this because they knew that commercial acumen is not an attribute of the State? Is the VGPB a ‘toothless tiger’?
5 The sourcing process was risible
The junior officers ignored an existing contract available to them online 24/7, 365 days a year and instead shared anecdotal stories about who they liked. Their reference to the security industry being full of ‘cowboys’ was projection; the DJPR officers were the real cowboys.
The most charitable take on why Unified Security was used is that the officers’ commitment to identity politics meant that they were prepared to pay an extra $3m of taxpayers’ money (11% of $27m) to use a security company that employed disadvantaged staff. Whether the other security companies on the State’s Purchasing Contract also employ disadvantaged staff we do not know.
I suspect that they do, and the security guards are exactly the same people whichever company is engaged but wear different colour polo shirts depending upon who employs them.
Learning Point #5
Every officer should be aware of how to access State Purchasing Contracts. One option is to separate the authority to spend money (expenditure approval) from the authority to select the supplier (commitment approval). This authority could be invested in another officer for higher-value projects to ensure that the selection of suppliers is undertaken with appropriate rigour and observes organisational standards.
Like using existing contracts?
Another option is to scrap the VGPB as a failed mechanism, and instead create a Chief Procurement Office. The CPO would be involved in approving contracts with a value above $25m. They might also sponsor a capability uplift program, like those that occurred in Queensland and South Australia. (Declaration of conflict of interest; I participated in designing both capability uplift programs)
6 The procurement strategy was weak
One of the refrains that can be heard when discussing this issue is that “It was a crisis! They had to act quickly!”
Here’s what a reasonable person would have done.
- Separate out the immediate requirement (security guards on-site in 24 hours) from the ongoing (“business as usual”) requirement
- Create two contracts; a short-term contract for two weeks. Price immaterial. Mobilisation time is everything.
- And when that ‘stop-gap’ contract is in place, plan to let a second, much larger contract for the remaining 10 weeks. Focus on delivering value; risk mitigation, quality of security services provided, infection control protocols, % of shifts resourced, hourly rate. Oh, and if you can find disadvantaged workers who have the appropriate capability and qualifications, great! As a secondarysource of value.
Let’s address the fixed price. $30,200,000.
How can anyone in their right mind commit to pay a fixed sum when they do not know how many hours of service will actually be provided?
Now call me a price-focused dinosaur if you like. But given the challenge of finding 1759 security guards at short notice isn’t this incentivising Unified Security to provide security services with the minimum numbers of security guards possible? Why not pay a weekly sum based upon the number of shifts actually resourced? The prioritisation of secondary sources of value – the engagement of disadvantaged groups as security guards – over the primary source of value – protecting the community – is a completely egregious failure.
Learning Point #6
The VGPB (or its successor body) should be tasked with defining ‘value for money’ in terms that prevent a repetition of this debacle. All officers tasked with developing procurement strategies should be supported by guidance that defines the relative weighting of social procurement objectives (5-25%) and primary sources of value.
That guidance should also address the use of fixed price contracts. This is a perfectly valid remuneration basis, especially when linked to a defined scope, known volumes, low complexity activities and work that can be split into bundles or linked to milestones. It is a completely inappropriate approach when linked to an uncertain scope.
As it was in this case.
7 The specification or scope of work was egregious
I have rarely seen such an appalling wish list substituted for a specification. It was generated by the ‘ground crew’ working on site, and what’s been added to it by head office?
“Ensuring there is an adequate number…”
There is an abundance of guidance on specification writing online. I do not accept urgency as an excuse.
“Stop coronavirus from escaping into the community.”
Seven words. A functional specification. Fit for purpose.
Learning Point #7
The VGPB (or its successor body) should develop and sponsor guidance on specification writing. Only accredited officers (who have attended training on specification writing) should be allowed to draft scopes of work for complex services
8 The negotiation process was a model of poor practice
Did the officers in DJPR negotiate with Unified Security?
When buying more than 600,000 hours of security?
Of course they did!
They got the rate down from $51 to $49.95!
A saving of $600k right there!
Of course, it isn’t a saving. And the negotiation shouldn’t have focused on price, but on risk. It appears that the ingenue in DJPR who was asked to negotiate with the CEO of Unified Security was out of her depth, and her counterpart David Millward is clearly an expert negotiator.
Learning Point #8
The VGPB (or its successor body) should limit negotiation to accredited officers (who have attended training on negotiation skills). (Conflict of interest declaration; I provide negotiation skills training)
The Secretary of DJPR should be counselled on delegating such a complex task to an officer so ill-equipped to perform the task they were asked to do
9 The contract document was inadequate
The contract document is appalling, from the wording to the myopic intent to transfer risk to a medium-sized company to the remuneration basis.
Learning Point #9
The VGPB (or its successor body) should limit contract drafting for high risk or complex projects to qualified lawyers or accredited officers (who have attended training on contract drafting and who have received guidance in configuring options in pre-approved contract templates).
The Secretary of DJPR should be counselled on delegating such a complex task to an officer so ill-equipped to perform the task they were asked to do.
10 Contract management was inadequate
There are photographs of security guards sleeping, engrossed on their phones, and multiple reports of inappropriate behaviour.
Not to mention the fact that the guard’s poor hygiene practices and lack of infection-control routines caused the largest industrial accident in Australian history. There are no standards in the contract and no KPIs.
Learning Point #10
The VGPB (or its successor body) should limit contract management for high risk or complex projects to accredited officers (who have attended training on contract management). (Conflict of interest declaration; I deliver training in contract management)
The Secretary of DJPR should be counselled on delegating such a complex task to officers so ill-equipped to perform the task they were asked to do.