IT disaster? what IT disaster? And what d’you mean “we’re not insured for it”!?
You are an established, reputable, medium-sized corporation. A year ago your board decided to upgrade your existing computer systems by buying a 'unified package’, ‘lightly-customised’, from a ‘solution provider’. The new modified system was to be complete, installed and working, 3 months after the Contract Date.
You identified and chose the package, and the ‘solution provider’, on the basis of a somewhat hurried selection process – you did always mean to go and visit some other reference sites, and actually see the software live in action, and talk to some other (satisfied) customers. But you were always much too busy. Just like you always intended to get your company’s end user staff members involved in the selection process. But didn’t. The same goes for your business managers’ preparing a full written Requirements Specification document defining in detail the business processes to be automated. Your usual corporate law firm took a ‘quick look’ at the Contract, at your request, and did not raise any major concerns.
The initial package installation was delayed by 4 months – it turned out that the ‘light customisation’ work needed was badly under-estimated by the solution provider’s Project Manager. The system when finally delivered, late, and incomplete, was therefore implemented on a 'pilot' basis only. Problems with data migration from one of your company’s key legacy systems then bedevilled running/testing during the pilot phase. Each party accused the other of failing to take responsibility for clean (or cleaning the) legacy data.
The working relationship between your own IT Systems Manager and the supplier’s Project Manager has deteriorated rapidly. And your end users are stubbornly refusing to love the new system, claiming it is more difficult, slow and cumbersome to use: “it frequently crashes and you can’t trust the data anymore”. You are beginning to lose some of your best operational staff to your competitors.
Now you’ve checked the Contract and find it is completely silent on data migration, data quality etc and who should/not be responsible for achieving it; also, in respect of specifying 'non-functional requirements', such as system uptime and service levels, disaster recovery standards, performance and throughput targets, and user response times. Similarly, as regards user training.
You’ve been trying to run the pilot system for two months, and your board is “beginning to lose patience", as you euphemistically put it to the corporate lawyers you’ve just consulted. The lawyers have advised that they should write a letter on your behalf giving the supplier 30 days' notice to "deliver a functionally complete, operationally reliable and contractually compliant" system. They further advise that, if the supplier then fails to do so, you would be entitled to reject the software and terminate the Contract.
The lawyers further say that you may then be able to sue the supplier for breach of contract, on the grounds that the system is "worthless and useless; and contains many fundamental design and other flaws, deficiencies, and further unresolved problems". Your board has insisted it would expect to claim for over £5m in compensation for actual and consequential losses and damages arising from any material breach of contract
The supplier tells you in no uncertain terms that he would vigorously defend any such claim, and will counter-claim for £750,000 of unpaid invoices and licence fees. He contends it was your own failure to analyse and define your detailed business processes and system requirements, to provide clean legacy data, and to co-operate in achieving a successful project outcome which are to blame for the difficulties encountered, and there is nothing fundamentally wrong with the software package. “How can there be”, he asks, “when it is a proven system, installed, ‘tried and tested’ at twenty other sites?”.
You have a suspicion that his ‘tried and tested’ assertion is (and always was) a misrepresentation, as you have heard rumours that the original package was not fully finished in the first place. The supplier retorts that that would not have made any difference anyway: there were so many changes in requirements insisted upon by your company’s IT Systems Manager – since your end users refused to co-operate in learning to use the new software and its improved business processes – that his firm’s programmers had to “write masses of new code amounting to bespoking a new system from scratch – which was certainly not the object of the original contract!”. He mentions that his lawyers have told him that the courts have ruled there is an obligation on a customer to co-operate with a supplier in achieving the successful outcome of an IT implementation project of this nature – and your company has woefully failed to meet it.
Either way, your company still does not have the nice new system its board wanted. You have taken to reading the job ads first in the morning newspaper, before the news or the sports pages…
Where did it all go wrong? Could you have planned to avoid such an IT Disaster? You have to face a difficult meeting with your CEO:
CEO: Who carried out the IT Project Risk Assessment?
You: Um… what IT Project Risk Assessment?
CEO: You mean none was done? Please don’t tell me we’re not insured for this, either?
You: Well, I’m not sure…
CEO: Hell, look, I’m no expert but I’m fairly certain we would not have got into this mess if we’d made sure we had an effective contract, a good product, and decent project management – and a good project manager could still salvage the situation, even getting involved this late. I’ve been Googling –there’s a Course you can go on that says it teaches the ‘Forensic Approach to assessing and dealing effectively with IT Project Risks’:
Learn the systems implementation disaster signals
Get the IT contract right in the first place
What are the Technical Issues that produce IT disputes and litigation?
How can I avoid them?
What are the early warning signs that things are going wrong?
How do I deal with problems if they do arise?
Get ‘tips from the trenches’ – valuable insights that can help you achieve the best outcome if you do run into an IT dispute or legal action.
You: Oh… I didn’t know about that Course…
CEO: What! It’s had wide media and conference coverage*! Surely, given that there is this sort of expert knowledge readily available, shouldn’t we have checked out our situation before we got into this IT Contract? And could we not have obtained some kind of IT insurance, after having done the type of proper IT Project Risk Assessment this course seems to instruct, to satisfy our brokers and insurers…?
You: Well, that’s a good point – I’ll check it out right away – um, for next time…
CEO: For you my friend, there may not be a next time…
You do some research, and discover:
Insurers may employ lawyers to ‘risk assess’ IT Contracts, but neither they nor the lawyers seem to use experienced forensic IT experts (i.e. skilled IT professionals) to identify IT Project Risks;
There is Professional Negligence Indemnity insurance available to software and systems vendors, IT consultants, package suppliers etc, but there’s no general legal obligation on any supplier to have such PI cover;
You can’t get any IT Project Risk insurance cover as a customer, only as a supplier.
You feel a little relieved – your ‘solution provider’ has at least got PI insurance cover in place, from a leading computer software and services industry PI insurer. Had things gone well, you were planning to roll out the new system solution to the US companies in your group, too, and it seems that the PI insurance also covers your supplier in the USA notwithstanding the unlimited ‘punitive damages’ risk at litigation there.
You report back:
CEO: So, you are saying that, as an IT customer, it is essentially impossible for us to insure against our own IT Project Disasters?
You: Um, yes…
CEO: Well, sounds like the only practical ‘insurance’ is to make sure they don’t happen in the first place. OK, you get one more chance – get a decent project manager in at the start next time, someone with the track-record to act effectively on our behalf and take us through the whole process from selection to implementation. And make sure you get yourself booked onto that new course on Avoiding IT Disasters, asap, right?.
You: Right away!
CEO: In the meantime, I suppose we had better instruct our lawyers to terminate the current Contract, and issue proceedings against the supplier. Or would that be a bad move…?
You privately think that that would indeed make matters even worse. The fact that your supplier carries PI insurance could be a double-edged sword. You can see that it might guarantee a pot of cash to pay your company compensation, but it also surely provides the supplier with substantial resources to mount the “vigorous defence” that he said will happen. It also gives the supplier instant access to a team of seasoned professionals to establish his case – you muse that his insurers must be very experienced in these matters…
On the other hand, as an uninsured customer, your company will undoubtedly have to fund its own claim (and defence to any counter-claim) and find its own professional help. This will most likely be from your usual corporate lawyers – and you suspect that they are not very knowledgeable about handling IT contract disputes (after all, they let you get into what you now discern was clearly an inadequate IT Contract in the first place!).
It is clear that any fight of a litigious nature is going to be an instant mismatch. “Which makes it all the more important to get the IT Contract and Project right at the outset! Now, where are the details of that course…?”, you mutter as you reach for the telephone.
For more information:
‘Avoiding IT Disasters – the Expert Way’
A two-day intensive seminar, workshop and clinic, further details at http://www.e-expertwitness.com. The Course Leader is internationally-acknowledged independent computer expert, consultant and project manager, Dr Stephen Castell. Stephen, a Pelicam Associate, is Chairman of CASTELL Consulting, and Medallist, BCS IT Consultant of the Year 2004.
Pelicam Project Assurance
Pelicam Project Assurance is a specialist project assurance and resourcing company helping major organisations manage change by delivering complex projects. Pelicam can help at any stage of a project:
Identifying initial requirements and proposing an independent solution;
Project and programme management from conception to successful delivery;
Delivering the Pelicam Health Check for an objective progress assessment at any point;
Project recovery, regaining control of a runaway project and ensuring value is not lost.
Examples of media and conference coverage of ‘Avoiding IT Disasters – the Expert Way’:
‘Disaster but no recovery?’, ‘Opinion’, Computer Weekly, 13 September 2005:
'The forensic approach to assessing and dealing effectively with IT Project Risks: a strategic and practical overview', Triple i Convention, 18-20 September 2005, http://www.iiicon.com/pages/index.cfm?pageID=1656.
‘What do you mean we’re not insured for it?’, European CEO magazine, Risk Management, pp. 158-158, September – October 2005.
'Interactive Workshop IT Disasters', SQC-UK2005 London Conference, 27-28 September 2005, http://www.sqs-conferences.com/uk/programme.htm.
‘Avoiding IT project disaster which cannot be insured’, Insurance International/Commercial Insurance magazine, Project Risk, pp. 15-17, Early Summer 2005.
(see especially paras 13-15)
'Procurement planning can cut IT waste', Madeline Bennett, ManagementWeek, page 45, ITWeek, 28 February 2005