Risking IT all?

Only 29 per cent of IT projects succeed - is it all the fault of IT? asks Laurent Seraphin, director software projects, EMEA, Borland

If you knew nothing about major IT projects and someone told you that 29 per cent of them fail, you'd probably think to yourself, 'Hmmm, almost a third, that's not so great, room for improvement there…'

But if the person then caught themselves and said they'd got it the wrong way round and that in fact, only 29 per cent succeed - well, you'd probably wonder why anyone took this kind of business risk in the first place.

This astonishing statistic is no 'what if' though. It's the unvarnished truth. And the reason that organisations accept these odds is that have no choice.

Every year software development and delivery become more important to the well-being of businesses, no matter where they are and what sector they operate in.

But if major IT projects are so crucial, so 'mission-critical' why do so many go wrong? Where does the blame lie? IT? Senior management? And what can be done to reduce this depressing figure?

Predictably projects hit the buffers for all sorts of reasons - communication problems across business units and development groups, corporate leadership (or lack thereof), unrealistic schedules and budgets and shortages of relevant skills. And perhaps most importantly, an inability to realistically manage risk which is part and parcel of all of the above.

'There are two ways of looking at it,' says Robert Charette a senior consultant at the Cutter Consortium. 'The non-cynical way is that there are a lot of pressures to do more with less, that companies view IT as a cost to be reduced, that there’s inexperience and so on. You might view it as systematic.'

But, he continues, the other, more damning stance is that there's no sense of urgency in organisations to make programmes succeed. People, he says, concentrate on avoiding personal or departmental failure, rather than incentivising overall success.

It all comes down to behaviours. Here, he offers the example of the UK civil service, an institution which is supposedly pushing very hard at risk management in IT, 'yet a national audit office survey said that half of civil servants don't pay attention to the value of preventing failure.'

That said, senior management is responsible for, at the very least, leading the behaviours of the business - and, if they're not going to take IT projects seriously then nobody else is.

It is, says Charette, axiomatic that companies that have CIOs on board tend to have higher success rates than those who don't - as they are more likely to view IT as strategic rather than just as a cost.

As well as boardroom buy-in for these projects though, the whole organisation also has to be realistic and this means being both clear about objectives and what is achievable.

Management should try and understand users' needs and what can and cannot be done and IT must do the same, 'whether it's IT managers shaving [cost] estimates or senior management cutting 10-15 per cent from a project,' says Charette.

Data from the Standish Group's CHAOS report shows that on average IT projects overran by some 84 per cent in terms of time and 56 per cent in terms of cost in 2004. This suggests that a big reality check is needed.

Yet until the entire organisation starts being up front about what is possible, it isn't going to happen. Indeed, the reason that many internal project budgets are unrealistic is because they are up against outsourcers who are also being unrealistic. If everyone is lying, what's the point in telling the truth?

Speaking of outsourcing, you might reasonably think that this would be the best way to ameliorate risk - that by outsourcing, you have made the risk someone else's problem. But all you've really done is transferred it.

Other than fact that you can get lawyers in, an unrealistic contract with a supplier is little different to making unrealistic demands on your IT department. If the price is ridiculously low, or the time constraints are too tight, the end result for you will be much the same.

It's also worth mentioning here that IT outsourcing contracts now tend to stretch to five or even ten years. In business terms, that's a marriage. So the relationship has to be an equable one - for who wants to be locked into mutual antagonism for a decade?

Perhaps the overall problem here is that many companies are failing to square up to risk management. Indeed, many don’t really even like to talk about risk it in anything but the vaguest terms. 'Risk,' after all is shorthand for 'risk of failure'.

Thus many businesses speak euphemistically about challenges and so on. 'Senior management needs to be inquisitive and ask about risks,' says Charette, 'unless you have a culture where risk management can be used, no risk management will be effective.'

Risk management remains a terribly underused management tool - and even where it is in place, it can often be no more than a pro-forma box-ticking exercise. You need a culture where risk is recognised as a fact of business life.

If it helps (and you still don't want to use that word) try and look at risk management as effective decision making in the face of uncertainty.

Risk management allows managers to see the organisation in ways that weren't possible before. And this essentially provides a way of looking at risk, the ability to exploit it and then being able to use it to gain competitive advantage. Risk management is about creating futures.

It may sound obvious but dealing with risks today is likely to result in a better tomorrow. Indeed - dealing with risk, being realistic, and engaging the whole company - none of these things are rocket science, but they do require hard work and commitment to implement.

Sadly that single, very bald headline statistic shows few businesses are tackling all - or in many cases, any - of these when it comes to their IT projects. And until they do, they're likely to remain part of the failed majority.