Given the financial impact of project failures, the risk factors for transformative IT projects have been well studied and documented by public inquiries into such failures and by research studies published by some of the world’s leading consulting firms.
In Canada, those diagnostic inquiries have included: the 2003 Ontario Auditor-General’s report into the failure of the $500 million Integrated Justice project, the 2005 City of Toronto’s “Bellamy Report” into a $100 million failed IT procurement, the 2005 Ontario government’s report from the Special Task Force as to why large IT projects have such a high failure rate, and the 2009 report of the Auditor-General of Canada on the $300 million Phoenix Payroll Transformation failure.
The British Government is among the most recent victims of a large IT project failure. After the 2013 launch of a £200 million project to create and implement a digital identity platform for the use of government services, called “Gov.UK Verify”, that platform had so many operational problems and budget overruns that it had to be scrapped by 2021.
The lessons learnt from the Verify project led to a new £400 million replacement project, “Gov.UK One Login”, the road map of which was updated last month.
Studies have shown that the leading causes of IT project failures are quite common, if not strikingly uniform.
Perhaps the most dangerous of those common risk factors, and a leading cause of litigation, arises when the parties fail to comprehensively define and stipulate all the operational, functional and technical specifications for the services that will be performed.
All service delivery requirements, key performance indicators, service outcomes, detailed service-level specifications, standards of professionalism and service quality attributes must be formulated and clearly set out as an essential part of every IT service agreement.
A second common prescription to promote IT project success involves a combination of undertakings that might best be described as vendor due diligence, quality of service provider and solution, and vendor compatibility evaluation, otherwise known as the adage, “you get what you pay for”.
As trite as this fundamental IT project risk sounds, the associated mistakes of vendor selection and solution choice still unnecessarily dominates IT project failures.
Statistically, the studies are clear that the more proven the technology is, the better the reputation of the vendor is, and the more resources the vendor has, the greater the transaction’s risk of success will be. The inverse is also true. Choose wisely.
Many authors on the topic of IT project best practices strongly recommend “adult supervision”. The combination of IT service complexity with the equally complicated commercial and contractual demands of the transaction require direct senior executive engagement and the involvement of seasoned professional expertise.
These projects are not well suited for support by neophyte advisers. In her CIO.com article in October titled “Why IT Projects Still Fail”, the first of Mary Pratt’s eight reasons answering that question was the “lack of project management expertise”.
In addition to building a highly experienced professional team around a transaction, buyers of IT services should speak to as many vendor references as they can to learn about the vendor, the proposed service solution and what aspects of their transactions they wish they had done differently. That vital information will inform even the most seasoned of professional advisers.
If the customer has decided to be a first adopter of an IT service that circumstance will pervasively require a very different level of prudent and diligent contractual risk management. In those situations, the need for normal financial compensation provisions, indemnities and even damages for failed service-level performance become far more pronounced.
Whether engaging in outsourcing — whether commercial or as shared-services across affiliates — cloud, software as a service, or other data-processing services, all IT services share common commercial and performance risks, which can be well addressed by commercially established contractual terms and conditions that have been designed over decades to manage those very risks.
Lastly, where the proposed IT transformation project will involve the delivery of intercompany services, there are additional factors to consider.
There may be regulatory, privacy law, transfer pricing and corporate governance requirements to ensure that fair market value and arms-length best contracting practices are undertaken by the participants to promote the success of the IT project, notwithstanding the familial and non-adversarial nature of the project.
First Published in The Royal Gazette, Legally Speaking column, December 2023