IT Risk Management Newsletter

THE IT RISK MANAGEMENT NEWSLETTER FROM BEST PRACTICE GROUP
	In this issue: * Advice: helping IT vendors navigate the new contractual environment * Lawsuits to review#1: Stephenson Blake * Lawsuits to review#2: St Albans * How the industry will change * New on bestpracticegoup.com The IT risk management newsletter is a free collection of hints and tips for keeping the cost of IT projects under control. But rather than concentrate on traditional project management concerns, it focuses on risk management - advice for the layperson about the contractual, legal and technical issues that are not well understood by the mainstream. To contact the editor: editor@bestpracticegroup.com
Helping IT vendors navigate the new contractual environment
Back	Little known-changes to IT law mean that IT vendors now have significant new responsibilities. What do vendors need to know to avoid problems? Few vendors today realise exactly how much responsibility they take on when they take on a new IT contract. Vendors and their customers have a view of contracts that is far from the actual hard reality. That view is that both vendor and buyer will work together to try to define then build a system. But no matter how hard everyone tries to get it right, that definition will have holes. And so a new system will inevitably cost more than expected because it is more complex to build than first assumed. And someone will have to pick up that tab – usually the customer. Actually, the contractual reality is quite different. In the past customers typically carried any costs for unbudgeted extra development. But today, following a number of critical developments in IT contractual law, vendors are more likely to have to take that responsibility. That means vendors must be much more careful in planning and budgeting projects – a situation that will only become more financially challenging as more customers become aware of these rights. But will these rights really improve the IT industry's notoriously off-target budgeting? From a customer perspective, they are wonderful. The vendor could end up carrying the costs of budget overruns. But that isn't solving the overall problem. It simply forces someone else – the vendor – to pay for budget overruns, when it would be better to eliminate extra costs in the first place. BPG's business is to help its clients bring in IT projects on budget, on time and working as expected. But we believe that we're only able to do that by providing a unique purchasing and project-management process that works for vendors as much as it does for customers – not where one party is always hit with extra costs, but where unexpected costs do not occur. In the next issue of ITRM, we will offer some advice on how vendors can protect themselves against additional costs by providing a more transparent bidding and planning process, as well as an alternative, less acrimonious way of managing customer relations based on finding problems with an implementation before the contract is signed. But before we do that, it is worth considering how two historically important IT lawsuits have changed the contractual relationship between IT vendors and their customers. (In fact, there are almost 100 one hundred critical lawsuits that a project manager or vendor needs to review to know how to manage the total changes to the IT contractual and specification environment. But the two below provide some indications of indication of the broad change, and the rest are too technical to discuss in a single ITRM.)
Lawsuits you should review #1: Stephenson Blake v Streets Heaver, an IT consultancy.
Back	This lawsuit was one of many that help helped establish some important parts of a contractual framework for those working for IT vendors. Did you realise that, as a vendor, you have a duty to “think through” problems with your systems that your customer may not anticipate? If professions like lawyers, accountants, corporate finance advisors and chartered architects are legally required to provide sound advice, why aren't IT consultants? The perception in the IT industry is that they are not. Both consultants and their clients work hard to make IT projects work, but if they fail - or more common, just cost more than expected - then “that's life”. Actually, that's not the case. It's not widely known but the situation changed in 1992. That year, a business called Stephenson Blake sued an IT consultancy, Streets Heaver, that had helped it select its IT system. The issue was that, despite the consultancy undertaking a review of Stephenson's business to determine IT needs, the system Stephenson and Streets selected did not operate as Stephenson had anticipated. What was the problem? Stephenson argued that its professional advisor, Streets, had made assumptions about Stephenson's business – but not fully explained either the assumptions, or the affect those assumptions would have on Stephenson's new system. As a result, even though the system fulfilled its functional specification, it did not “work” – it could not fulfil Stephenson's business needs. Streets argued, in return, that Stephenson could have anticipated the problems itself. If Stephenson, the customer, had not understood the proposal, it should have queried the elements it did not understand. Also, Stephenson should have itself anticipated the problems that would arise from Streets' assumptions. If this situation sounds familiar, it's because this kind of buck-passing is common in IT projects when accountability does not appear to be 100% clear. However, contractual responsibility is now very clear following the ruling in this lawsuit. The Judge ruled that as a professional adviser operating in its own specialist field, Streets Heaver had a duty to “think ahead” and “think for” its client. That is, Streets Heaver had an “implied” responsibility to explain to its customers not only what its new system was expected to do, but also what it would not. Now that this lawsuit has established case law, all “expert” vendors share that same responsibility. Which means that vendors must be extremely careful to not “gloss over” problems or consequences when proposing systems to customers. Problem omissions can be anything from failing to disclose that a particular system lacks a “standard” function, to not mentioning problems with data migration or integration with existing systems. Or just failing to mention that a new system will require increased spend on infrastructure, training or staff. It's critical that vendors price systems in a way that covers the cost of managing “omitted” problems before signing a contract. Is that a viable goal? We'll discuss this in next month's ITRM. NOTE : Subsequent lawsuits have explained more fully the specific issues that need to be adopted, which the Stephenson Blake case omitted to deal with. Stephenson Blake is only one early ruling in a series of rulings, not all IT based cases, that fleshed out the contractual issues that must be considered in buying and implementing systems.
Lawsuits you should review#2: St Albans District Council v ICL
Back	The Stephenson lawsuit changed the baseline rules for consultants. St Albans did the same for vendors who resell systems. It closed a legal loophole that meant vendors could (and frequently did) argue that they didn't have to take responsibility for the systems and advice they provided. When you buy a product from the High Street, you can take it back if it doesn't work. But until 1996, it was difficult to “return” software that was not “fit for purpose” – that did not perform the functions for which you had bought it. This is because software is more likely to be licensed than bought, so its relationship to the Sale of Goods and Supply of Goods and Services Acts was not straightforward. That Act is clear about products you buy: if they are “not fit for purpose,” they must be “put right” by the vendor. But software? You normally only have a licence to use the product – you don't own it, really… Again, this situation changed because of a lawsuit named “St Albans District Council v ICL”. In this case, the Council had bought a system from ICL for calculating poll tax that did not work, causing St Albans to lose £1m in revenue. St Albans sued ICL to recover that loss, and asked a pioneering IT business rights QC, Richard Mawrey, to take the case. The case focused on two points. First, if a licence for software was considered as a ‘product' ICL would clearly have been responsible for ensuring the ‘product' met St Albans objectives; - that it was fit for its intended purpose. Second, when you consider the relationship between the developer of licensed software and its buyer, it is only through a technicality that the developer is not bound by the standard contractual responsibilities of the Sale of Goods and Supply of Goods and Services Act – that is, the requirement that their systems not have any material defects. Mawrey won his case (and an appeal that followed). As a result, vendors that represent themselves as experts now must work within the Sale of Goods and Supply of Goods and Services Acts. They must provide systems that do what the customer was told they will do. Where the customer has not been told that the system will not perform a “standard function,” that function must be provided. If not, in both cases, the vendor must pay the extra costs of making its system work.
New responsibilities
Back	The two cases above significantly change the traditional relationship between IT vendors and their customers. They let customers have a great deal more trust in their vendors. They make contractual accountability more clear. And they transfer many costs that traditionally have been the problem of a customer onto the vendor. At least they will, once customers realise that they have significantly more “rights” in IT than they currently understand. That change in expectations will affect how vendors communicate with customers and how salespeople and pre-sales are trained. It will make it a much more urgent matter for vendors to re-train salespeople who over promise, leaving their employer exposed to the cost of fulfilling those promises. It's not an easy situation for vendors to be in. In next month's ITRM, we'll provide some guidance to help vendors navigate the need to provide scrupulous advice to customers without losing deals to cheaper, less honest rivals.
New on bestpracticegroup.com
Back	If you've ordered a free copy of BPG's “little book of learning to love OJEC – a guide to public-sector IT buying,” please note it is now ready. Electronic versions will be sent out by e-mail within the next couple of weeks. It can also now be downloaded for free from the BPG website. In addition, BPG has just released three new case studies detailing how clients worked with their vendors to: Reduce the risk of running 40+ IT projects simultaneously – logistics giant TDG Bring a failing IT project back on track – software and training house Prior Analytics Ensure the customer gets all the value they're promised by vendors – government employment agency Essex, Southend and Thurrock Connexions (the careers service).

THE IT RISK MANAGEMENT NEWSLETTER is produced by Best Practice Group. We help you bring in IT projects at the cost you planned and working as you expected. If you'd like to discuss your IT buying or dispute-resolution needs, try our hotline 0845 345 0130 or email us at advice@bestpracticegroup.com. New subscriptions to risk@bestpracticegroup.com. To remove yourself from the list, follow the link below.