IT organizations don't have any baseline productivity and quality metrics
IT organizations can define process and capture the productivity data for their own organization and use the same to manage outsourced vendor's work. IT organization should train their employees on estimation and the quality processes. The same core employee group should participate in estimating all projects that goes out for "Request for proposal" with built in quality & performance assurance with standards and best practices.
Unlike quality of many products, quality of software should not be just tested by how it functions but also how it has been designed and coded? A best way to do is to define either own internal team to have review at each stages of system life cycle technical approach, design and code, performance test before it gets into production or have another vendor review the work of other vendor. This will ensure good quality of code and reduce subsequent maintenance cost.
In our experience, this worked very well with one of the core application at APL that was completely being rewritten where different vendors played different roles i.e. one vendor did the design work, other vendor did development work and another vendor performed independent review and testing. Obviously this requires a customer representative to play a key role to keep the teams from different vendors balanced. IT organizations would get pushed by vendor companies since they would like to perform end-to-end engagement as it sometime helps them hide the issues for example, development team might ask the testing team not to log many defects or ignore some cosmetic comments on code review or some bad design. This also requires IT organizations to write RFP very clearly with scope, acceptance criteria and responsibility for different vendors well documented.