Comment by marcus_holmes

Comment by marcus_holmes 4 days ago

38 replies

View on Hacker News

This is pretty normal for government procurement, though. and in fact, most large organisation procurement. There's a whole wall of standards that the supplier must meet, e.g. ISO9000 that your little web-dev shop almost certainly doesn't. They won't buy from a supplier that is likely to go out of business. There's a ton of other criteria that you've got to meet to get the business. If there's any, even the slightest, chance that buying from a business might one day reflect badly on the civil servant in the procurement office, then they won't buy from that business. The civil servant has nothing to lose from saying "no" and runs a risk if they say "yes".

Businesses that do meet these criteria charge like wounded bulls. In part because they know that all the other businesses that the govt could turn to will also charge like wounded bulls.

woooooo 4 days ago

I think you're being a little unfair to the civil servant who has to follow the law regarding procurement.

I once knew someone who had to solicit 3 bids and document them to buy a $500 camera for local government. They weren't thinking "I am useless and craven", they were thinking "this is silly but I have to do it".

Reply View 8 replies
  • Foobar8568 4 days ago

    For a government contract we budgeted somewhere between 50k and 100k to change a deployment script.

    I was against it, but "you know, if they don't do it, they no longer give a warranty on the solution", type of bullshit. Yeah 60md of warranty? My client are a bunch of fools.

    Like ONG, bribes and extracting public money is the first target.

    Reply View 1 reply
    • SomeUserName432 4 days ago

      With all the hassle a government contract can bring, it's just not worth it for anything lower.

      Reply View 0 replies
  • nick49488171 4 days ago

    Screenshot of the top 3 results on Google shopping ought to do it

    Reply View 5 replies
    • woooooo 4 days ago

      This was early-00s so it was slightly more trouble than that but still not the end of the world.

      The point is, the person wasn't trying to hedge against looking bad, they literally had to do and document this.

      Reply View 1 reply
      • disgruntledphd2 4 days ago

        Yup. Governments have to follow all the laws, which often companies can ignore in the interests of speed.

        Also, governments are large bureaucracies, with all the process that entails. And because there's no real benefit for them in delivering quicker, but lots of risk in delivering badly, this sort of stuff happens.

        Reply View 0 replies
    • wongarsu 4 days ago

      And even if doesn't, writing five online shops to send you a written offer takes a couple minutes and results in the same or lower prices

      Procurement for such small items can be quick and sane. It's the larger items where rules tighten and procurement portals or bidding become mandated that are problematic

      Reply View 2 replies
      • clort 4 days ago

        Nothing takes 'a couple minutes' when you have to sit down and research the five online shops, find if they are approachable, if they will deal with the restrictions of your purchasing department, find out how to submit a query. Many online shops just have a purchasing portal. Find the product, buy it here, pay for it and wait.

        So loosely I purchase items at my work from a budget that I am allocated in an organisation that is ultimately responsible to the UK government. I need to justify that the items I am ordering are reasonably priced, and the organisation would really really like to have the goods before any money goes out. That means they want to place an order, receive the goods and and invoice, and then pay the invoice. Many online shops don't want to deal with that. We have accounts set up with many companies, but not all. If I want to buy some reams of 160gsm A4 white card (for example, the other day), that whole process is going to take at least 10 minutes. Some of our suppliers don't sell exactly that. Is 240gsm ok? I've got to go back to the person who wants it (no btw, I had to go find some and take it to them for comparison). More esoteric items are going to take longer. What exactly do I want to order?

        So yeah, procurement is simple when you are at home with an amazon account. The items will be here tomorrow!

        edit: oh, I didn't mention the free delivery.. a box of white card doesn't get me free delivery. Is there something else I can add onto that? Ok, the order will have to wait..

        Reply View 1 reply
        • derangedHorse 4 days ago

          > I need to justify that the items I am ordering are reasonably priced

          Unfortunately it sounds like the process is misaligned with the intention. I doubt this mechanism actually works for efficient budgeting and even when it appears to work, it’s probably at the cost of standard quality.

          Reply View 0 replies
deaux 4 days ago

> If there's any, even the slightest, chance that buying from a business might one day reflect badly on the civil servant in the procurement office, then they won't buy from that business.

This is an absurd statement that might as well come straight out of Yes Minister. Buying from PWC reflects badly on them already, let alone when their next scandal happens. Which is of course never far away [0].

I'm sure Fujitsu met similar "criteria" when selected for Horizon. How well that selection reflected on the procurement office..

[0] https://en.wikipedia.org/wiki/PwC#Litigation

Reply View 2 replies
  • marcus_holmes 4 days ago

    You know Yes Minister was a documentary, right? ;)

    Buying from PWC reflects badly on them with us, because we know tech. It does not reflect badly with other civil servants, because PWC is a highly-respected organisation.

    It's very similar to "No-one got fired for buying from IBM", which was a cliche because it was true.

    Reply View 1 reply
    • bigfatkitten a day ago

      > because PWC is a highly-respected organisation.

      PwC are a well known band of crooks who always put their own enrichment well ahead of the public interest.

      They were banned entirely from bidding for Australian federal government contracts, because they misused privileged information on tax policy they received from one client (the government) to advise other clients on tax avoidance strategies. It was a symptom of systemic corruption that permeates their entire business.

      https://en.wikipedia.org/wiki/PwC_tax_scandal

      Reply View 0 replies
gerdesj 4 days ago

When was the last time you touted for this sort of business?

Strictly speaking its ISO 9001 but we do the same as you and call it ISO 9000. You forgot 27001 and 14001.

Reply View 2 replies
  • marcus_holmes 4 days ago

    About 20 years ago, so yes, I might be a little out of date ;)

    I've seen it happen time and again with startups, though. They have a great idea, perfect for a large business to use. They get a project manager or department manager excited about it, they even run a PoC successfully. And then they slap headfirst into the Procurement Wall and the whole project grinds to a halt. Three years between project approval and issuing a purchase order. And then 90 days between invoice and payment. Startups go bust waiting for these cogs to turn.

    Reply View 0 replies
  • Foobar8568 4 days ago

    Iso that everyone is certified but nobody can truly explain or follow, ensuring the money is extracted to the same bunch of bidders.

    Reply View 0 replies
boznz 4 days ago

I wrote a relevant article on this last year "On-Time and Under-Budget. Where some IT projects are Probably Going Wrong." [https://rodyne.com/?p=2074]

Reply View 1 reply
  • marcus_holmes 4 days ago

    > "Your system is NOT hard, it is you and your procurement procedures that are generally making it hard for small companies to help you, and it is you and your procurement systems and attitude that will likely make the project fail, be delayed or go over-budget."

    Quoted for truth. Well said.

    Reply View 0 replies
wasmainiac 4 days ago

> This is pretty normal for government procurement, though

Why accept the status que? How many working lives of tax revenue did this bs consume?

Reply View 3 replies
  • marcus_holmes 4 days ago

    It's common to all large organisations. Because large organisations get like this; if everyone does their own procurement then money gets misused, wasted, and becomes uncontrolled. So they centralise procurement, and that disconnects it from the people who understand what they're buying, so they have to control it through process, and the process bloats until we get to this point.

    One of the many, many, arguments for not allowing organisations to get this big.

    Reply View 1 reply
    • wasmainiac 4 days ago

      > Because large organisations get like this;

      Still it does not need to be this way. Large organisations used to actually get s** done generally in budget and on time. Now we can’t even do a simple tasks without mountains of paper work and cash. I know, my partner used to work in a related industry, it’s painful to hear their stories.

      Reply View 0 replies
  • rikroots 4 days ago

    Because corruption is a thing. Also: any government contract can be audited at any time by the National Audit Office, who have criminal prosecution powers if they find malfeasance in the procurement process. Also: being hauled in front of a Select Committee to answer questions about a given procurement is not fun. Also: politicians are always looking to ask questions that get their names in the paper.

    Follow the processes. Document everything. Make certain the winning bidder has all the relevant certificates and insurance covers in place before agreeing to anything.

    Leaving the Civil Service was one of the best work decisions I ever took.

    Reply View 0 replies
azornathogron 4 days ago

I don't doubt you're correct about the incentives, but one point seems amiss...

> If there's any, even the slightest, chance that buying from a business might one day reflect badly on the civil servant in the procurement office, then they won't buy from that business.

You don't think that spending £4.1 million on this garbage might reflect badly on someone?

Reply View 1 reply
  • marcus_holmes 3 days ago

    Nope. They followed the process, they bought from an approved, respected, supplier. The site meets the specification they drew up. There will be meeting notes from a few hundred meetings to document that everyone did their job properly.

    For us techies who know the tech (or even the law, in this case) this is a disaster. But for the folks in those meetings this is what they understood to be the brief.

    If enough of the public gets ahold of the story so that a politician has to get up on their hind legs and issue a statement, then harsh words might be had. But otherwise, this is business as usual.

    Reply View 0 replies
OkayPhysicist 4 days ago

ISO9000 is, bar none, the most brilliant grift I have ever encountered. It's so simple, yet so elegant.

Step 1: Come up with an incredibly easy to meet standard (because you don't want anybody abandoning the process because it's too much of a hassle) that sounds like a reasonable requirement on paper (to make it easy to pitch as a basic requirement of doing business). Say, "Have a plan for the things you do".

Step 2: Add one additional requirement to your standard: "Prioritize Vendors that meet this standard".

Step 3: Obscure the hell out of the standard, (to not make the grift too obvious) and stick it behind a paywall.

Step 4: Franchise out the (nigh-impossible to fail) "approval" process to 3rd parties, who pay you for the privilege.

Step 5: Your first few "standardized" companies put pressure on their vendors and customers to get certified, so they hire consultants, who in turn pay you, who tell them "Good job, you meet the standard. But do your vendors?".

Step 6: Watch as the cash floods in.

(Optional, Step 7): Once a bunch of major companies are certified, target governments to do your marketing push for you.

Reply View 14 replies
  • hluska 4 days ago

    I’m reading the original tender and there is zero mention of ISO 9000. In fact, the tendering authority even specifically stated this opportunity was a good fit for SMEs.

    Where does all this talk of standards come from?

    Reply View 8 replies
    • marcus_holmes 4 days ago

      In the tender there's one line:

      > IV.1.8) Information about the Government Procurement Agreement (GPA) The procurement is covered by the Government Procurement Agreement: Yes

      Googling the UK Government Procurement Agreement got me to:

      > https://www.gov.uk/government/collections/government-standar...

      which was when I realised this was a rabbit hole and while I am positive that somewhere deep in that rabbit hole would be a requirement for all procurement suppliers to meet ISO9000 or similar, I was going to have to spend hours finding it. Hours I don't have.

      You can cheerfully dismiss this opinion if you like, I don't have the data to provide you evidence.

      But I also think this proves my point; if you have to spend hours just finding out what the requirements are, you probably don't meet them.

      Reply View 2 replies
      • duckmysick 4 days ago

        It's there in the The Model Services Contract, under Core Terms:

        > Quality Plans

        > 6.1 The Supplier shall develop, within [insert number] Working Days of the Effective Date, quality plans that ensure that all aspects of the Services are the subject of quality management systems and are consistent with BS EN ISO 9001 or any equivalent standard which is generally recognised as having replaced it ("Quality Plans").

        The Short Form Contract also have optional ISO 27001 or Cyber Essentials (which is, uh, an adventure on its own). But there's also an option for no certification required. It depends on the contract.

        But yes, you're right. Dealing with requirements takes time and experience and you likely need a dedicated person (or team) to deal with it.

        Reply View 1 reply
    • Aeolun 4 days ago

      If this was a good fit for SME, and the price paid for the whole thing was 4M pounds, why didn’t any SME win the tender? Seriously, that’s the whole yearly turnover for most SME shops I ever worked at. And all of them could do a better job than this.

      Reply View 1 reply
      • hkt 4 days ago

        That's possibly why: small businesses reliant on contracts that are, to them, disproportionately huge.. well, they die at the end of the contract. HMRC killed off an OpenStack based AWS competitor by replacing them, about ten years ago. Anchor clients can be a real hazard if an SME can't live without them. Sometimes it just isn't worth it.

        Reply View 0 replies
    • lwhi 4 days ago

      For government tenders, I do know that agencies need certification. Maybe not ISO2001 (which is a security standard that many corporate procurement processes require the supplier to have obtained when purchasing software), but Cyber Essentials / Cyber Essentials Plus is common.

      Reply View 2 replies
      • rcxdude 4 days ago

        Cyber Essentials is a lot more of a PITA than 9001, it's very prescriptive in ways that cause all kinds of headaches without helping security.

        Reply View 1 reply
        • henryaj 4 days ago

          I absolutely hated doing Cyber Essentials (Plus). Huge waste of time

          Reply View 0 replies
  • pjmlp 4 days ago

    Just like any other kind of certifications in the same domain.

    Want to use enterprise product XYZ?

    Need to have at least X amount of certified employees to reach the basic layer, additional certifications for the next layers.

    The kind of support tickets, documentation and trainings available depend on the certification levels, and by the way they have to be renewed every couple of years.

    However it is how the ball rolls in certain industries, and rebeling against it won't win anything, better switch jobs for those anti-certifications.

    Reply View 0 replies
  • gerdesj 4 days ago

    Please show me on the doll where ISO 9000 hurt you!

    I have been an MD for 25 years. ISO 9001 reg. since 2006. Its been a bit of a pain at times but it does concentrate the mind towards doing things right. We've never used consultants, we've always just read and followed the standards.

    What is your experience?

    PS During our last assessment, the assessor described a few recent AI written efforts they had come across. Laughable.

    PPS I've been doing this for over 25 years and I think that a quality based approach to running a company is a good idea ... you?

    Reply View 3 replies
    • Supermancho 4 days ago

      My father was a ISO9000 and ISO9001 certification consultant for over 10 years. He taught at Cal Poly Pamona, near the end of that era. This was my first exposure to using the familiar terms seen in RFCs like MUST MAY SHALL, etc.

      Ever tried to write a quality based document describing how to create an air filled, japanese oragami balloon? (step 3 is the first big hurdle, https://www.wikihow.com/Make-an-Origami-Balloon). That was his goto starter for ISO classes.

      > I've been doing this for over 25 years and I think that a quality based approach to running a company is a good idea ... you?

      ISO standards don't ensure this, since certification is only based on verifying documentation format. What the ISO processes do tend to do is create a small memo indicating that every dept should justify the work they are doing by writing it down and showing it to their boss. What that does to an organization is to produce a crapload of near-useless documentation and throw a large number of people into political hell. After that, the solution is always the same. They quickly move from everyone trying to coordinate down to a very small number of people (1-3) taking charge of moving dept to dept. Either the agents or the supervisors who are articulate enough to gloss over inconsistencies and gaps to form a coherent story, write the documentation.

      While this may lend well to shoring up some companies' internals, in the early 2000s, ISO certification consultancy was a lucrative gig. It was chased as a stamp to markup pricing, rather than a quality tool.

      Reply View 1 reply
      • tverbeure 4 days ago

        I remember the backdated document signing parties at my previous company, the day before an ISO audit. So much fun!

        Reply View 0 replies
    • napaparts 4 days ago

      I think "concentrates the mind towards doing things right" is an accurate statement. On the other hand the parent is also correct that it is almost impossible to fail and the requirements are too broad to actually have much effect. The most helpful thing is you get the knowledge and experience of an auditor for a day. Other benefits are having someone make you write your processes down and making it easier to replace people, making sure there is a chart documenting the relationships between the people and to have some language about dealing with customer complaints and defective produce.

      Reply View 0 replies