However, when seeking to upgrade an existing system or implement a new system, it may be sobering to know that the likelihood of getting the features that you want, at the agreed cost, in the specified timeframe is unlikely. A study of over 13,000 IT projects by the Standish Group has shown that:
only 34% of IT projects were deemed successful;15% were cancelled;most projects, 82%, ran over time;the average cost overrun was 43% of the initial cost; andperhaps, most importantly, on average, the finished projects included 52% of the required features.Often IT projects run into problems when the risks inherent in each project are not adequately assessed and mitigated prior to commencement. As such, it is imperative to identify and address risks at the early stages of any IT project.
The two general types of risks in IT projects are systematic risks and project specific risks
Specific risks are risks common to most IT projects, such as ensuring that the developer will not infringe any third party intellectual property rights.
Project specific risks are the risks specific to each particular project. An example of this type of risk is where it is suspected that the developer is pitching for another project, which may hamper the resources that can be devoted to the client’s project. In such a situation, specific provisions in the agreement between the developer and client should specify the resources to be used, in order to mitigate the risk.
Effective IT agreements should include provisions for:
service levels; andchange control procedures.Service levels are defined levels which the developer must meet in the provision of the service under the agreement. If the service levels are not met over a specified period of time, then the agreement may provide that the developer should return a proportion of the fee paid for the service during that period. This rebate or refund is commonly known as a service level credit.
The purpose of service level clauses and service level credits is to:
measure the dereliction of duty of a developer under an agreement;act as an incentive for developers to provide the service as agreed; and allow clients to terminate agreements where service levels are constantly not met.Change control procedures are another important part of risk management in any IT agreement. Change control provides inbuilt mechanisms for changing requirements and re-setting expectations as the project progresses, as there are many unknowns at the outset of every IT project.
When contracting for an IT project it is important to identify, assess and mediate both the systematic risks and project specific risks, in order to increase the likelihood of a successful project. To achieve this, expert legal advice is recommended from the outset of any IT project.
