August 25, 2014Doug Hadden
Doug Hadden, VP Products
The "Cover Oregon" healthcare exchange failure has made for some sensational "copy" – beginning with the "blame game" – and, now lawsuits by both parties. The contractor, Oracle, claiming defamation by the State of Oregon. The state claiming racketeering and false billing by Oracle. A federal SWAT team found incompetence in Cover Oregon management while Oracle "threw bodies rather than skill sets" at the project. There is a reported "whistleblower" and some alleged skirting of state law. As Michael Krigman points out "With these complex IT projects most of the time it’s virtually impossible to say that blame or responsibility lies completely on one side or the other The two sides are very intertwined during the execution of the project.”
There has been a lack of perspective in reporting on this project failure because of the focus on the sensational aspects of the story. I'd like to add some more perspective:
- Some facts about the "Oracle Solution"
- The real costs to the State
- What $240M+ buys in the software industry
- The impact of $240M is on healthcare in Oregon
- What could have prevented this fiasco
1. Cover Oregon is a Lot More than a Web Site
- There has been a lot of talk about the problems with the Obamacare custom-developed and the Oracle COTS (Commercial-Off-The-Shelf) Cover Oregon solutions as "web sites" – these are not simple "web sites" but exchanges with significant amount of back-office functionality, workflow and integration required
- The implementation is 2 projects: "HIX-IT" and "Social Services Modernization"
- The key application used was Siebel Public Sector Case Management with Oracle Policy Automation that has a Siebel connector
FreeBalance is an Oracle middleware partner. However, FreeBalance competes against Oracle in government financial management implementations, but not against the Siebel CRM suite used for Cover Oregon. FreeBalance does not provide a healthcare exchange software application. It's unusual for me to opine about competitors/partners by name in this blog, but I think that the perspective might help in the debate. It's highly likely that both parties have some explaining to do.
— Oracle (@Oracle) August 26, 2014
Government agencies look for more modern, efficient, & cost-effective ways to connect w/ the public they serve – http://t.co/Iepe8lJ2bT
— Oracle (@Oracle) August 28, 2014
Oracle has made some misleading claims in their lawsuit:
- "Oracle is a company with a 30-year history of successfully developing and implementing some of the complex technical systems in the world including the health insurance exhanges of a least a half dozen states." – There is a big difference between "developing" and "implementing". Oracle rarely implements these systems. The statement also implies that Oracle has developed many successful health insurance exchanges. Which states? Was the Siebel product used? Was the Oracle database used and this is presented as success? The only thing relevant here is weather the same solution was used successfully.
- Oracle claims that "public officials chose not to give a measured, fully informed response" by blaming Oracle. Welcome to the real world – the application software is the visible element – and, I can tell you, the app vendor will be blamed for systems integration, middleware, hardware and network errors. Or, internal support personnel who do not follow instructions on security patches or maintenance procedures.
- Oracle claims that the "state thus undertook a multi-part project of unprecedented size and complexity for which it had no expertise." Did someone put a gun to Oracle's head? If true, et should have been as obvious then that it is now. Why did Oracle take the contract? It's clear that the lack of expertise by the state was a pre-existing condition.
- Oracle made a presentation 2 months ahead of the scheduled release indicating that requirements were not ready. It appears that not all requirements were completed where UI and security functions were not ready. There are requirements that are show-stoppers – perhaps there were. Let's say that this is true. Is a "presentation" the proper venue for this? Surely Oracle should have been communicating in many other channels prior to this date.
- Oracle claims that the Cover Oregon Executive Director was more concerned about the "sizzle than the steak". It is naive to think that this wouldn't occur – it is highly predictable that this happens in front-office projects in the public and private sector. And, Oracle should know this by now.
- Oracle claims that the state "continued to frustrate Oracle's efforts at every turn. Nevertheless, Oracle continued to work at Cover Oregon's request, trying to drive the project to a conclusion." This seems to imply that Oracle was making some noise about the project but did not communicate the level of urgency. It's normal to hear an implementation firm presenting risks to protect them should things for wrong. Was Oracle seen to be in "CYA" mode by the state?
- Oracle makes a case that the "time and materials" contract was appropriate in this case. Oracle claims that "without a fixed scope for the project – the equivalent of architectural blueprints – no contractor could reasonably be expected to agree to work on a fixed-fee basis." This is from a company that has theoretically done a "half dozen" of these projects and has an off-the-shelf solution. Did Oracle decide to leverage the lack of state project management capabilities to extend the time and materials?
- As an added point – you ALMOST NEVER get "architectural blueprints" in government RFPs for fixec price contracts using off-the-shelf software. You sometimes get process workflow ("as is" and "to be") and database models. Sometimes there are UML diagrams. These always change during implementation.
The state has also made some interesting assertions:
- 'Oracle lied to the State about the “Oracle Solution.” Oracle lied when it said the “Oracle Solution” could meet both of the State’s needs with Oracle products that worked “out-of-the-box.” Oracle lied when it said its products were “flexible,” “integrated,” worked “easily” with other programs, required little customization and could be set up quickly. Oracle lied when it claimed it had “the most comprehensive and secure solution with regards to the total functionality necessary for Oregon.”' The jumping point for the argument seems to be about sales claims. It seems to me that it can be argued, relative to other solutions, that the software meets many of these claims. The key point is the extent to which source code had to be modified – that takes out all of the fluff about what people understand as "flexible" or "integrated."
- Oracle claimed progress throughout the project until near the end when scope was reduced. This seems to contradict the notion that all sorts of last minute change were introduced. It's almost as if Oracle and Cover Oregon were not on the same project.
- The state claims that "by late September, however, when Oracle was unable to demonstrate a working website." 1 or 2 weeks prior to launch is far too late to notice this. (It seems odd that the solution wasn't in final QA at this point where the number of resolved bugs exceeded the number of new bugs discovered.)
- Cúram Software, acquired by IBM, was the only competitor in the acquisition process, and they pulled out of the process (perhaps because of the talks with IBM made their original bid invalid because the business entity was about to change). Were other vendors aware of the opportunity? Was the process truly competitive? Were other vendors well aware of the expected project problems?
- "In November, Oracle executives continued to represent to Cover Oregon that the system was nearly ready to launch." There is a significant disconnect here in perception and communications.
- The claim by the state is very detailed. One of the claims is that 'Maximus, Cover Oregon’s outside quality assurance consultant, also found that Oracle’s work was below industry standards. In its October 2013 report, Maximus stated that Oracle’s “processes do not meet industry standards. Impact analysis, code review, coding standards and proper parallel development techniques are ad hoc and inconsistently applied or understood.”' Errors would easily creep into a project that had excellent business process articulation if this statement is true.
- It should be noted that ERP companies present solutions as fully integrated and flexible. As Michael Krigsman points out: "Anybody that knows enterprise software knows that these are not absolute terms."
2. $240M is Not the Full Cost
"$240 Million" is the figure most often reported, but this does not represent the full cost to the state.
- Oracle has billed an additional $23M
- Oracle may have cost the "state as $26 million this year and $54 million next in lost carrier assessment revenue due to low enrollments"
- There can be significant internal costs for project and contract management and user training
- Commercial software usually requires maintenance fees for product support and upgrades – this adds to the Total Cost of Ownership (TCO) well beyond $240M
- The state claims to have spent over $420M so far
- The move to the federal healthcare exchange cost $18.4M
- The consultant helping to manage the turnaround billed $600,000 based on a $100,000 contract
- Cover Oregon may need to use manual expensive enrollment if the new exchange is not ready by November 2014
3. $240M Buys a Lot of Software Development
$240M+ buys a significant amount of software development – it is difficult to justify this cost even if the software worked.
- $240M buys 1,000 person years of software development assuming a cost of $20,000 per month per person that includes salaries, benefits, equipment, training and space. That's more than enough to build COTS software for both functions from scratch.
- $240M covers about 1/24 of the cost to Oracle to acquire Siebel, and, even if considering profits on Cover Oregon, is a material amount of money to recover the expense of acquisition. The $5.5B claim by the state is almost as much as the cost to acquire Siebel.
- $240M exceeds the $110M raised by Salesforce.com when going public and possibly could cover the amount paid by Infor to acquire Saleslogix – so it stands to reason that the state could have bought a CRM vendor.
- $240M is about 10 times the cost to acquire a core financial management system for a population of 3.9M in the international market, estimated at $6 per person. Of course, implementations in a developed country are more sophisticated – but not 10 times more sophisticated, and not for a smaller scale of functionality.
- $240M covers twice the full ERP implementation costs for Zambia 14.3M people (originally $26M, ballooned to $42M) and Vietnam 89.7M people (originally $40M, ballooned to $71M).
4. $240M+ Has a Significant Impact to Health Care in Oregon
- Oregon GDP was estimated at $168.6B in 2010 with total healthcare costs estimated at 17.9% in the United States giving a total spend of over $30B or around $7,750 per resident per year – roughly the full cost of supporting 31,000 Oregonians.
- $240M covers almost half of the state's budget for "public health".
- $240M is more than the box office receipts of the movie "Patch Adams" estimated at over $202M worldwide.
- The $5.5B claim by the state will go a long way to balance the budget
5. What Could Have Prevented this Fiasco
- Software written for the private sector experiences problems when applied in the public sector. Software manufacturers operating in many industries often see the similarities in public sector needs, but rarely understand the differences – and the complexity of these differences. And, these manufacturers tap into the myth that "government should operate more like businesses." Government buyers should expect hyperbole when vendors whose products were written for the private sector claim to have "out of the box" functionality.
- Many problems occur in government implementations when the software vendor is not part of the governance structure. In general, the full participation of the software vendor, as consulting company, is a good sign. It's a good sign if the vendor is using the experience to upgrade software to meet the unique needs of a health exchange. Software vendors, in general, do not have an incentive to rack up services revenue because this devalues the company. However, the $240M is a drop in the bucket for Oracle. And, Oracle may not have been committed to changing the product, rather to increase the revenue associated with the time and materials contract. "Oracle lacked an accountability structure to ensure that the website design was doable within the assigned deadlines and that the deadlines actually were being met."The licenses appear to have been estimated at $7M. Government buyers should not engage in time and materials contracts beyond prototypes and should expect software vendors to change products, not customize.
- Let's say that there was too much uncertainty to expect a fixed price contract. We have to accept that the "out of the box" functionality and "flexibility" notions touted by Oracle were hyperbole. Time and materials does not seem to be the appropriate contract vehicle because there isn't the kind of uncertainty associated with putting someone on the moon. Or the uncertainty around the famous McDonnell Douglas A-12 or Avro Canada CF-105 Arrow projects. A performance contract may have been more appropriate in this case where Oracle could be paid on outcomes. That could have changed incentives. Government buyers need to select the most appropriate contract method based on risk and uncertainty.
- The observation that there were 1,198 errors in the acceptance test period is troubling. This seems to be a phenomenal number of errors. It could be that there was no process re-engineering where government staff was looking for little or no change of behaviour from the legacy system. Or, staff did not fully articulate the requirements up front. It points to a lack of expertise by the vendor in the domain. Needs articulation and analysis ("as-is" and "to-be") should not be a generic process headed by software experts – it should be headed by domain experts. In other words, Oracle staff who were expert in insurance, health care, law (to understand Obamacare), and government financials. Oracle needed to bring more to the table than Siebel software expertise (i.e.: why not tap into the Skywire acquisition or the cadre of lawyers that go after 3rd Party Maintenance firms?). Government buyers should insist on domain experts.
- Implementation projects often run into problems. The stress involved often sends the client and provider into the spiral of adding more staff to try to deliver on time. This approach is almost always wrong. Increasing team size reduces efficiency, an observation made in the 1960's with the Mythical Man Month. (There is also the tendency to avoid innovative ideas and experience an increasing commitment to a failed process.) Never, never throw more people at a failing project.
- Oracle alleges that the state's project management was incompetent, as does the federal review. Okay. Project management in the public sector tends to be inferior than in the private sector. Oracle knows this. They know the risk. Did Oracle seek to build capacity? Did they attempt to persuade the state to provide needed information? Did they conduct change management workshops? It doesn't matter how poor the project management is on the government side – it's up to the vendor to build capacity to overcome the problem. It's public money.
- The implementation time frame of June 2011 to October 1, 2013 is about 18 months. This is a tight, but reasonable schedule for a project of this sort when using COTS software. It's the kind of schedule that needs risk detection and risk mitigation strategies. (See the next point.) And, it needs more agile management to test prototypes and business rules up front. Otherwise, you end up delivering something that seems to meet the spec but doesn't meet the need – the infamous "as designed" problem. Waterfall implementation methods are ineffective on tight timelines.
- The state alleges that "Oracle’s president claimed that the exchange had been ready to launch in February 2014. Her self-serving claim was belied by assessments performed by independent experts." It's reasonable to think that Ms. Catz was unaware of the true situation based on feedback from the implementation team – a situation all too common in large organizations. It's hard to hide the fact that a client is unwilling to pay. Perhaps, the Oracle team decided to roll out the big gun at this point. The Oracle team should have rolled out the big gun much earlier in the process, as soon as the contract was awarded. Executives need to be up-to-date on large, unusual or highly political contracts – certainly when it's all 3. Oracle might be advised to use Oracle Risk Management software and risk management best practices. Imagine if Ms. Catz had reached out to the state when the first set of problems became evident. Government buyers and vendor partners need effective risk management processes for large contracts.
- Oracle does not operate as a "customer-centric" organization. That's not an unreasonable position for a technology company. Yet, there are many tools available for technology companies to collaborate with organizations – some traditional like the Primavera Enterprise Project Management Suite owned by Oracle – some based on social networking like the suite owned by Oracle. Did Oracle use these tools for project management and customer engagement? If not, why not? Software vendors need to eat their own dog food.
- The state alleges that Oracle exhibited a "pattern of racketeering activity." That's the kind of hyperbole one uses in lawsuits. Nevertheless, there has been a concern about vendor consolidation that is creating cartels where third party suppliers are aligning with the Tier 1 vendors. The ERP value chain for large implementations has been predominantly captured by these two vendors. Government buyers need to understand the risk of having no leverage with large vendors – it's an asymmetric battle where the vendors do not need the revenue, have access to more resources and information and have better lawyers.
Will This Bad PR Hurt Oracle?
It is unlikely that this lawsuit will hurt Oracle in any short-term material way:
- Oracle has been able to tap into the narrative that government IT lacks competence, as do governments in general
- Oracle fills cyberspace with marketing messages in general and promotes their views, so it's only a matter of time before the controvesy is overwhelmed by noise
- Oracle has not appeared to have been affected by previous high profile failures in government
It is likely that the lawsuit, in combination with ERP environmental factors such as cloud computing, lack of penetration in the SME market, methods of customer ownership/rent seeking will hurt the company in the long run:
However, "it’s incongruous that a globally respected firm such as Oracle would allow its employees to produce such a deficient product. Indeed, the state goes so far as accusing Oracle of “a pattern of racketeering activitythat has cost the State and Cover Oregon hundreds of millions of dollars.”
And, as Tim Brugger points out "it's not likely Oracle will be on the hook for $5.5 billion in this case, regardless of its culpability for the Oregon Obamacare mess. But as more specifics are uncovered and the respective lawsuits run their course, how receptive will other governments and large, private entities be to hiring Oracle?"
Latest posts by Doug Hadden (see all)
- 6 Big Data and Artificial Intelligence Smart Government Lessons - June 21, 2017
- Sustainable Development Goals and Public Financial Management - June 13, 2017
- Public Investments: The Case of the Trans-Canada Highway - June 12, 2017
- What is the use case for Public Investment Planning feedback loops? - June 8, 2017