IT projects – risk assessment and mitigation

The recent BSkyB v EDS case in the United Kingdom, which involved the implementation of a replacement customer relationship management solution (see our August 2010 article), is a relatively recent example of a large IT project which was blighted by severe delays and costs overruns.

Large IT projects (such as the one undertaken by BSkyB) require the commitment of significant time and resources for both suppliers and customers and can have a significant business impact on both. Therefore, before commencing such a project, a detailed assessment of the key risks that are likely to arise in relation to the project should be conducted, with a view to implementing appropriate risk mitigation strategies.

In this article, we look at some of the key risks that commonly arise with large IT projects, and suggest possible mitigants that can be built into the supply contract (and the process for developing and agreeing the contract terms) to address these risks.

Over Promising - the supplier over-promises during the sales phase, and this results in project delays and cost overruns

The BSkyB case illustrates the need for proper estimates, given by appropriately qualified and skilled personnel, as to the time and costs required to implement a project. In the BSkyB case, inadequate estimates as to the time and costs involved were given by an unsuitable EDS employee who was in charge of conducting negotiations with BSkyB.

Possible Mitigation:

• The supplier's project manager who is responsible for the implementation is involved in the contract negotiations (to act as a "check" on the sales team).
• The supplier commits to all supplier personnel who are involved in the project being appropriately qualified.
• The supplier has (and warrants in the contract that it has) all appropriate certifications to perform its obligations under the contract. These certifications should be properly checked by the customer.

Inadequate Specifications - the customer fails to properly specify its requirements and, as a result of this, the supplier's solution fails to meet actual requirements

The customer could either over-specify its requirements (which could result in the supplier failing to provide an innovative solution), or under-specify them (which could lead to project delays, disputes and additional expenses being incurred).

Possible Mitigation:

• Ensure that there is an ongoing flow of relevant information between the customer and supplier, which enables the supplier to put forward a suitable solution to the customer.
• The customer conducts an internal or external peer review of its technical requirements, to ensure that these are appropriate.
• Following the above steps, both parties ensure that the contract fully and accurately reflects their understanding of the specifications for all deliverables.

Budget Blowouts/Scope Creep

The price of the project can escalate and exceed the customer's budgeted amount if care is not taken to ensure that the project scope is clearly understood and documented, and changes to the scope are properly managed.

Possible Mitigation:

• The customer determines its key requirements in advance and does not change them unless this is absolutely necessary.
• The supplier provides fixed prices and is clear about the potential consequences of variations (where these are possible).
• The contract includes an objective mechanism for pricing variations (such as a set of appropriate pricing principles).

System Failure

Significant issues can arise if on commissioning (or after commissioning), the new IT system does not perform in accordance with the agreed specifications.

Possible Mitigation: The parties should ensure that:

• there is a clear understanding of the required acceptance testing process and testing requirements, and that full acceptance testing takes place; and
• the requirements for remedying any failures are clear, including appropriate allowances made for timeframes and the consequences of the remedy not being executed within those timeframes.

Changes to Key Persons

Often a successful project will depend on ensuring key people are available to manage and execute the project. If key supplier personnel keep changing, this can lead to errors, delays and relationship breakdowns.

Possible Mitigation:

• The contract contains appropriate key personnel provisions covering matters such as availability, accessibility and specific roles that are to be performed by particular individuals.
• The parties are clear about "people - continuity" requirements, and the processes and requirements for the replacement of key persons.  

Supplier Capture

Following the implementation, there is a risk that the customer remains over-reliant on the supplier for future repairs and upgrades to the system.

Possible Mitigation:

Ensure an adequate transfer of intellectual property and knowledge from the supplier takes place to enable the customer to use another service provider in order to maintain or upgrade the system, if it needs to do so. This could include the transfer of intellectual property for any customised work that has been carried out for the customer, and the requirement for operations manuals and other documentation to be developed, maintained and available.

Delays

Delays in implementing a system can arise due to a wide range of reasons. Some delays will be unavoidable but others can be avoided with appropriate planning. Comprehensive project plans and processes for addressing delays that do arise can assist in keeping a project on track.

Possible Mitigation:

• A detailed project plan is included in the contract, setting out a clear timetable and project milestones. It is also clear about each parties' responsibilities, particularly where there are inter-dependencies.
• Project milestones could be linked to the payment structure under the contract, with the overall cost being payable by the customer upon the completion (and acceptance by the customer) of specific stages of the project.
• The contract could also address what happens if there is a delay, and the steps that are required to minimise the effect of the delay.

Supplier Failure

A project can be at risk if the supplier has inadequate financial, technical or other resources to perform its obligations (which may arise from problems with the project itself, or from problems the supplier has with other unrelated projects).

Possible Mitigation:

For a supplier, it is obvious that the supplier should ensure it has the ability to secure all resources needed to fulfill its obligations. A customer may seek added comfort by ensuring that, to the extent possible, the supplier's liability under the contract extends to the ultimate parent company. This can be achieved through the supplier providing appropriate parent or related company guarantees.

In addition, the customer may require the supplier to deliver, on signing, a performance bond (or bonds). This would be a simple, on-demand instrument that the customer can demand if the supplier is not performing its obligations under the contract (and could provide a quick "cash-fix" to be used to pay the costs of an alternative service provider that is performing the supplier's obligations under the contract).

Conclusion

The risks we have identified above are examples of ones which are commonly associated with large IT projects. Naturally, these risks may not be relevant to a particular project and other key risks may apply to that project.

Clearly, both the customer and supplier are likely to benefit greatly from preparing a detailed risk analysis before undertaking any project, as this can then be used to determine how the key risks associated with the project can be mitigated both contractually and by appropriate project management. We can assist with such a risk analysis.