Government Operations Committee on Feb. 6th, 2012

ITAC is all private sector. Our total membership is somewhere near 400 companies. It's fully funded by the industry.

Anybody who touches IT would be our members. From a carrier point of view, it would be large carriers to small and new carriers. From a technology supplier point of view, it could be from IBM to small software companies. They're all over the place.

Globally, I think the IT market is still showing reasonable growth year over year. If you were to talk to most of the multinationals operating in Canada, they would probably say that the Canadian market outperformed in terms of year-over-year growth for their financials compared to most of the other geographies, if you leave out the emerging countries. In the G-8, Canada is outperforming them. The market is robust for them, but there is a struggle at mid-range because their access to market and capital continues to be an issue.

I believe the small and medium companies, and particularly Canadian technology and Canadian innovation, could be showcased here, even through the big organizations. A lot of the big organizations source some of their technologies from younger companies. I will give you one of my past companies. It was a public company, Certicom, of which I was CEO. We sold our stuff through IBM, Microsoft, and others. It was a successful technology company in Canada and got sold through the others—so yes....

I'll make two comments on this. One, the project scope is well defined, and when industry has lined up to quote something, I assume and I would believe most of my members will deliver within the price they put out. The risk is always that the scope keeps changing, and the buyer will always want changes within the current cost component. In the private sector that is known as customization. Hence I made the comment that a change management process needs to be put in place as part of the governance, so you know that if there is something different from what's out there that is specific to your needs, it will require new work, and that may cost more.

The private sector also fully understands, our members fully understand, that over time government will spend less money on IT. The government's overall IT consumption would go down, as would any other institution's. They understand that.

I think that varies. Often they are fixed-cost, but that does vary by project.

Having the public sector running this complex IT organization over this long has yielded a very significant pool of talent that resides as government employees. That talent pool is probably not readily available to a lot of small and medium companies if you look around today, so that talent pool needs to be harnessed. You are changing all right, but there is a talent pool, so there is a significant skill set within the public sector that can be reused, and must be reused, and it's valuable.

In this case, the private sector skill set you would bring in more often than any other would embark on a transformation plan and break it up into projects. You would have to look at how to measure those, how to know they were successful, and how to track them, so it would be almost like running a company. For that part you would probably need to look to some experience from the private sector.

I think on this one I'll respond that it's probably more a myth, to some degree, than it is real. When you have a smaller system, you are more vulnerable, in large part because most of the time you are on an older version of software. If you have a hundred different e-mails, I can almost assure you that only one is up to date and the other ninety-nine are six generations behind and therefore more vulnerable.

So you would expect, just by virtue of moving to a newer technology, that you would be a lot more secure, because from a security point of view you're up to date on all of the new technology that's available. It would be the same with your data centres and your network. Your data centre sitting in a closet is very vulnerable compared to a secure facility that is running 100% of the time.

So I think there is a little bit of a myth against centralization. There is a physical risk. You have one building or six buildings—the same way the stock exchange is in one building—so there is a physical risk. But from a technological point of view, the risk is actually lower by centralizing.

Thank you.

There are a few things. I think I mentioned them as I went through my comments and the questions and answers, so I'll start from the top.

The issue is that the major risk at the beginning, obviously, is not having proper planning put in place. There's a very significant amount of risk that is run if you don't have a plan. The other risk along the way is in terms of how you measure the project and how you measure the outcomes.

The third risk is if the people who are doing it are not accountable or are not given the tools to be successful. You can't ask people to do things if they don't have the talent, the tools, and the support from this committee and the rest of the government to get it executed. They need support from all of the other existing departments that consume their services now. They need them to be supportive and collaborative, the same as the private sector would be. So that's a major risk. Those risks are real because you're consolidating and there are shifts in the power balance and changes in the organization.

Finally, the risk is human. The whole risk is in the human area in terms of the culture and getting people into the same outcome-based approach. There is very little challenge on the technological side. Technology is never really a problem. Most of the time, the problems are the other issues.