The Clinger-Cohen Act of 1996 (once known as the Information Technology Management Reform Act) requires that an increasing number of government spending decisions must be preceded by a business case analysis that justified their expenditures. The expectations for responsible decision making and accountability have been rising, and there is no reason to think that they won’t continue to increase in the future.

Along with giving IT procurement authority back to federal agencies, one of the key provisions of Clinger-Cohen is to encourage the acquisition of commercial off-the-shelf (COTS) software as a way of reducing the cost of procurements and leveraging existing commercial technical capabilities.

Under the Act, agency heads (usually operating through their Clinger-Cohen mandated Chief Information Officer) are required to systematize their IT management process so that procurement decisions are made based on anticipated value to the agency and with a reasonable calculation of risk. This requires integrating IT management with financial and program management. IT acquisitions are also expected to support the agency’s programs, and have a measurable metric that indicates performance. These are all excellent goals, and should be part of any professional IT management operation. The Catch-22 of Clinger-Cohen arises in the way it is applied to the interaction between BPR and the selection of COTS software.

Clinger-Cohen requirement: As interpreted by most CIOs, BPR will take place as part of the vetting process that leads to an acquisition. Once the agency’s IT operations have been reorganized and rationalized, software can be procured to support the agency.

COTS best practice: Virtually every implementer of a major COTS product, and with increasing intensity as the size of the implementation grows larger, recommends and ultimately demands that the software be used to drive the BPR of the agency so that major customizations are not necessary to fit situations that are alien to the software.

That’s the Catch-22. If the agency waits until it purchases COTS software to do the BPR, it is not in compliance with Clinger-Cohen. If it complies and performs the BPR before the software purchase, it will almost certainly have to do another BPR once the software arrives. What’s an agency to do?

Pivotal Insight’s research indicates that most agencies are “nullifying” this aspect of Clinger-Cohen and making their major software acquisitions before doing full scale BPR. They are also honoring the letter of the Act by doing minimal BPR activities in advance so that they appear to be in compliance. We recommend that the government consider a revision to Clinger-Cohen that makes this subterfuge unnecessary—or a reinterpretation of this provision by the agency CIOs. When an agency is making a major COTS purchase, it is important to reasonably justify the acquisition, but the BPR should wait until the software has been selected.