Why don’t more organizations recognize potential IT project problems before they escalate into full-blown failures? Bruce F. Webster believes many companies reject good solutions to fix bad projects for three reasons: internal politics, budget, and fear/pride.

Bruce’s column in Baseline describes three sins that make failure almost inevitable in many organizations:

Internal politics. Large internal IT systems…usually involve several different groups, each of which may or may not be all that happy about having to work with some of the others, but are forced to do so for various budgetary, departmental, or business alignment reasons.

Budget. This may seem counter-intuitive, but management often finds it easier and safer to have a project drag on year after year, ultimately costing large sums of money, than to spend a relatively small (but still painful) portion of that amount up front and fix the problems now.

Fear/pride. Fear and pride can be closely related, particularly when the issue is admitting you made a mistake. This is particularly true if a key manager, architect, team leader, or developer has championed or defended a given approach that turns out not to have worked.

Organizational inertia, the decision-making gridlock that arises when conflicting personal agendas and viewpoints prevent team consensus, lies at the heart of many failures.

While experienced CIOs may recognize that politics and fear cause failure, simply wishing the problem away accomplishes nothing. Instead, wise leaders must take active steps to change organizational attitudes toward failure itself. In fact, it can be healthy for companies to prune back their project portfolio periodically, encouraging natural selection to leave only strong projects untouched.

Facing the inevitability of failure, what’s a responsible CIO to do? Aside from seeking new employment, transparency is the best weapon in the fight against corporate inertia. Exposing self-interested agendas to the harsh glare of daylight is the surest way to keep the system honest.

And that, my friends, is precisely what’s needed to improve IT project success.

[Image via http://home.att.net/~s.l.keim/Sermon.htm.]

High rates of IT project failure persist because most organizations don’t understand the real reasons why their projects fail.

Executives often blame the project manager for planning or budgeting errors without recognizing their own contributions to failure. Don’t ignore the early warning signs of failure; they’re a loud siren if you listen carefully.

A research paper by two academics and a business consultant, Early Warning Signs of IT Project Failure: The Dominant Dozen, sheds light on the underlying causes behind many failures. The paper provides a framework for examining early-stage IT projects to identify and prevent downstream problems.

Sensitivity toward early warning signs [EWSs] can increase project success rates by giving advance notice of potential points of failure. For example, the team can shore up weak executive sponsorship if it identifies the problem sufficiently early. The paper groups causes of failure into two categories: people-related risks and process-related risks.

Here are the top people-related risks:

1. Lack of top management support
2. Weak project manager
3. No stakeholder involvement and/or participation
4. Weak commitment of project team
5. Team members lack requisite knowledge and/or skills
6. Subject matter experts are over-scheduled

And the most important process-related risks:

1. Lack of documented requirements and/or success criteria
2. No change control process (change management)
3. Ineffective schedule planning and/or management
4. Communication breakdown among stakeholders
5. Resources assigned to a higher priority project
6. No business case for the project

Note that technology failures aren’t included anywhere in the list. As the authors say:

[I]T projects almost never fail because of technical causes, despite the fact that people and process problems may manifest technically…. Technical risks cannot be eliminated, but they can be managed.

Truer words were never spoken! We live in an imperfect world of sometimes-frail technology; software has bugs, the cloud goes down, and technology glitches interfere with well-laid plans. The real key to project success: strong project leadership combined with a top-down organizational commitment to instituting thoughtful project processes.

If this seems easy or trivial to you, then I suggest following the lead of Nepal Airlines’ risk mitigation practices. Your results are likely to be the same as theirs.

• Also see: New techniques for saving failed projects

[Via Francine McKenna. Image via victorysiren.com.]

According to an interesting post in CIO Magazine, recent price increases by both SAP and Oracle were made possible by implementation complexity and the difficulty of replacing existing systems.

CIO explains:

[O]ne of the complaints customers have about these products is the huge implementation costs of putting them in. Said a different way, they’re so complex that very few companies can afford to take on the cost of getting them installed and working. Consequently, reducing prices on the software probably wouldn’t grow the customer base, because most companies can’t afford the total cost of owning them.

In other words, enterprise software customers believe they have few choices and therefore willingly pay whatever vendors ask. For their part, software suppliers are aware of this dynamic and take full advantage of their incumbent position.

It’s a one-sided perspective but compelling nonetheless.

[Image via Univ. of Warwick]

SME portfolio strategy. Jeff Stiles, SAP’s Senior Vice President for SAP SME Solution Marketing, articulated a coherent product offering that segments the market along several dimensions:

• Customer size
• Business and organizational complexity
• Growth rate and trajectory
• IT infrastructure capability
• Preference for on-premise vs. software as a service (SaaS) solutions

In a follow-up email, Jeff commented:

The other thing that should be considered is how an organization competes (do they need to deeply customize the solution to fit their unique needs?)

SAP’s offering to the SME market consists of the following:

Business One: SAP’s product for “small businesses that have outgrown their accounting only applications.” Appropriate customers will generally be under 100 employees with 30 users.

Business byDesign: SaaS offering for “fast-growing midsize companies, with limited software & systems, that don’t want to build a large IT backbone.” While the target market for byDesign appears to overlap Business One and All-in-One, the hosted aspect is one strong point of differentiation.

All-in-One: Aimed at “mid-size companies looking for a solution that meets their demanding industry requirements and helps grow and scale the business.” This product can handle much of the business complexity addressed by SAP’s large enterprise suite, but is designed for smaller companies.

The following graphic summarizes these points (adapted from an SAP-supplied slide):

The clarity and quality of SAP’s SME strategy has come a long way over the past several years. As Dennis Howlett commented on Business One:

My past experience with BusinessOne is of a solution that was relatively stagnant in the market, of less than competitive functionality and suffering from performance issues. That was two years ago. Today, the product is improved from every angle. Performance has been beefed up significantly, quality has improved but most important, smart VARs have figured the current iteration provides a genuinely viable alternative to Microsoft products.

Implementation innovations. From a project failures perspective, I want to highlight the SAP Best Practices component of All-in-One. Rooted in work started in the mid-1990s by SAP’s Simplification Group, SAP Best Practices advances the implementation state of the art.

Here’s SAP’s slide on this topic:

In my view, productizing knowledge represents one of the best opportunities for reducing software implementation time and expense. On a directly related note, I also believe that packaged services will ultimately form the basis for all but the most complex implementation consulting efforts across the enterprise software industry.

Software vendors and consultants can improve implementation efficiency through standardized implementation road maps, structured pre-configuration analysis, and consistent information sharing from pre-sales through go-live. However, given the organizational complexity around selling and deploying enterprise software, combined with technical configuration challenges, achieving these goals has been elusive.

It’s worth mentioning that some third-party consultants and system integrators resist implementation efficiency because it reduces billable hours. Although many consultants hate failure, I believe third-party billing churn continues to be consulting’s dirty little secret.

Although I haven’t spoken with SAP customers about specific Best Practices-based implementations, both concept and presentation pass the smell test. [Disclosure: For many years, starting in 1996, my company was deeply involved in developing the first generations of SAP’s rapid implementation tools. I have no such relationship with SAP at present.]

What’s missing. While SAP’s small and medium enterprise positioning has become crisper over time, several points remain confusing:

• The positioning still needs additional focus and clarification. For example, overlaps between byDesign and and the other products need further definition. In addition, the line between All-in-One and the larger Business Suite product remains somewhat fuzzy.
• SAP’s statement of long-term commitment to byDesign needs reinforcement. Changes in byDesign’s product release strategy, combined with the company’s historical large enterprise focus, could make potential customers skittish about adopting this offering. If SAP is serious about byDesign, it must put a definite stake in the ground and make clear its intention to remain solidly behind this product for the long haul.

Transparency and openness. The SME deep dive raises the bar on communications by enterprise software vendors. Led by Jeff Stiles, SAP executives, partners, and customers accepted challenging questions from the small audience (30 people). To his credit, Jeff allowed the full-day schedule to drift based on audience interest in particular topics. While many of the questions were tough and analytical, the answers were straightforward and reflected confidence in the offerings.

SAP blogging. Many of the day’s most insightful questions came from Enterprise Irregulars attending as guests of SAP’s blogger outreach initiative: Vinnie Mirchandani, Dennis Howlett, Brian Sommer, Sandy Kemsley, and myself. Run by SAP’s Mike Prosceno and Stacey Fish, the program offers bloggers unprecedented access to SAP senior executives and information. With this program, SAP sets the enterprise software standard in providing transparency to bloggers.

Note to other enterprise software companies: transparency is a sign of confidence and demonstrates you have nothing to hide. Let’s see you step up and meet the openness challenge.

The following diagram gives an overview of this concept. Note the role of insight as driver for making smart business decisions:

Drilling down further, SAP fleshes out the linkage between an organization’s underlying business strategy and the operational steps required to execute business decisions:

Robert Kaplan, guiding light behind both activity-based costing and the balanced scorecard concept, provided professorial gravitas:

Kaplan offered his perspective on the strategy to execution concept, which he calls as “linking strategy and operations.” Although cut off from the image, Kaplan presents five steps, starting from the upper-right and proceeding counter-clockwise:

Another key theme is crossing “the information divide.” Through Business Objects, SAP seeks to extend its reach across both technical and non-technical users:

These themes sound great at a high-level but the devil is in the details. I’m particularly looking forward to learning how these concepts carry forth to IT execution and reducing rates of IT project failure.

For a more…pointed…perspective, see Dennis Howlett’s comments on today’s Summit.

[To see more presentation pictures click here.]

Many of you had trouble accessing Gmail for a couple of hours this afternoon, and we’re really sorry. The issue was caused by a temporary outage in our contacts system that was preventing Gmail from loading properly. Everything should be back to normal by the time you read this.

This is becoming an unhappy habit :(

[Thanks to Ed Shaz for alerting me to the problem.]

Technology failures, design flaws, and software bugs can be found in the most unexpected places. Now, researchers have developed a method for remotely compromising heart pacemakers surgically implanted in a patient’s chest.

The Medical Device Security Center describes the vulnerability in a paper titled, “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses“:

Our investigation shows that an implantable cardioverter defibrillator (1) is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry, and (2) may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered. Moreover, standard approaches for security and access control

According to Wikipedia, implantable cardioverter-defibrillators (ICD) are:

‘[S]mall battery-powered electrical impulse generator which is implanted in patients who are at risk of sudden cardiac death due to ventricular fibrillation. The device is programmed to detect cardiac arrhythmia and correct it by delivering a jolt of electricity. In current variants, the ability to revert ventricular fibrillation has been extended to include both atrial and ventricular arrhythmias as well as the ability to perform biventricular pacing in patients with congestive heart failure or bradycardia.

The paper adds:

ICDs have modes for pacing, wherein the device periodically sends a small electrical stimulus to the heart, and for defibrillation, wherein the device sends a larger shock to restore normal heart rhythm.

Here’s a picture of a pacemaker device (scale in centimeters). [The picture is for illustration purposes only; according to one commenter, Guidant pacemakers are encrypted and therefore not subject to the exploits described in this post. Since encryption can be broken, verifying this claim would require careful analysis.]

The research team consists of people from both medicine and computer technology:

Our investigation was motivated by an interdisciplinary study of medical device safety and security, and relied on a diverse team of area specialists. Team members from the security and privacy community have formal training in computer science, computer engineering, and electrical engineering.

The extensive list of specific vulnerabilities could lead to life-threatening scenarios:

• Triggering ICD identification
• Disclosing patient data
• Disclosing cardiac data
• Changing patient name
• Setting the ICD’s clock
• Changing therapies
• Inducing fibrillation
• Power denial of service attack

As technology proliferates through our daily lives, risks associated with poor planning, lack of testing, and failed implementations also increase. In many cases, however, we cannot reasonably expect product designers to foresee the future technology environments into which their products may be placed.

The researchers summarized the problem:

Our research into implantable cardioverter defibrillators has demonstrated failure modes that do not appear to be addressed by some present-day design strategies and certification processes.

Note to pacemaker patients: these exploits are based on laboratory experiments only. The authors emphasize that, to their knowledge, no IMD patient has ever been harmed by a malicious attack.

[Via Zoliblog. Broken heart image via IrishHealth.com. Pacemaker image via Wikipedia Commons.]

Poor staff training on Qantas’ new Altea Departure Control-Flight Management system led to delays on flights departing from Sydney, Australia. Given the airline’s poor IT record, no one should be surprised.

Australian IT has the details:

[A] busy Monday morning threw the Sydney terminal into chaos.

Qantas said the system was introduced without incident on Saturday and blamed Monday’s delays on staff unfamiliar with using the new system in a live environment.

“The system upgrade happened on Saturday so people are coming to work today and have not used it before,” a Qantas spokesperson said.

Qantas said it had been planning the Altea Departure Control-Flight Management rollout since selecting the system in July 2007, but it now appears airline staff were not sufficiently trained to deal with a busy Monday morning.

“Monday is busier than usual and passenger numbers increase due to business travel. We have put a lot of trials and practices in with staff, but it is the first time some staff are using it in a live environment,” the Qantas spokesperson said.

The Qantas spokesperson said the new system integrated two previously separate computer interfaces that were used to manage flights and reservations.

Oops. I guess somebody forgot to really train those pesky users before rolling out the new system.

This isn’t the first Qantas IT failure and it won’t be the last. From a blog post last February:

I believe Qantas is poised for ongoing IT failure: complex technical infrastructure, outdated legacy systems, leadership that doesn’t understand basic IT issues, union problems, and an historical pattern of failure combine to paint an uncertain future.

Folks, keep an eye on Qantas for more IT screwups.

[Image via eHow]

The impact of most IT failures is limited to inconvenience, delays, and higher costs. However, computer problems affecting police, fire, and medical response can directly cause loss of life and property.

Maryland 911. A boy almost drowned when the fire department didn’t respond following a faulty Verizon system upgrade. From the Washington Post:

Peter Lucht, a Verizon spokesman, said the disturbances in Prince William “stemmed from an unusual combination of factors” and were “not something that we usually see.” The company has worked closely with the county “to stabilize the system and ensure that [problems] won’t be repeated,” he said.

The county purchased its 911 system from Verizon in 2002, and it was installed in 2003, and fire officials said there were no problems until the May 28 upgrade. There have been no problems since July 12, they said.

Maine 911. Seven “system shutdowns” prevented callers from reaching emergency services. From the Kennebec Journal:

Between April and June, emergency communications systems at the Cumberland County regional communications center, the state dispatch center in Gray and the Penobscot County regional center had problems receiving 911 calls. The most severe problems were at Cumberland County’s system in Windham where a series of seven system shutdowns in April and May left callers getting no answer, in one case for as much as an hour.

In response, FairPoint installed a switch allowing dispatch centers to immediately transfer calls to a backup center when there is a problem, and a designated a separate telephone line to alert staff when there is a problem. The equipment was installed in the six dispatching centers in the state that had the type of equipment affected by the malfunctions.

London ambulance services. Failed computers caused London ambulance workers to fall back on pencil and paper call tracking. From the Evening Standard:

Ambulance staff were forced to record emergency calls with pen and paper and find addresses using A to Z after their computerised system crashed early yesterday morning and a computer failure at the Royal Free Hampstead NHS Trust means patients face delays and records have been lost.

The Royal Free introduced the system in June to reduce paperwork but since then it has crashed, leaving those waiting for operations and blood tests badly affected. When the same system was introduced at Bart’s and The London NHS Trust, cancer patients missed critical appointments because their records were lost.

A spokesman for the Royal Free said: “With change on this scale, it is inevitable that it will take time for staff to familiarise themselves fully with all the functions that they need to use but overall we are pleased with the progress being made.

“It is recognised that while staff are getting used to the system a small number of our patients may have to wait longer than expected in clinic.”

Australian ambulance services. System failure forced Queensland, Australia emergency services to record and track calls using whiteboards. From IT Failures blog:

Thorough investigations have been conducted as to the cause of each, with the following outcomes:

• Two of the outages have been attributed directly to human error. The first was an SQL update which had unexpected results, the second was a server which was inadvertently shut down.
• The third outage has been traced back to a fault with the replication software ‘Replistor’, which resulted in the primary database server rebooting.

[No humorous picture today, because there’s absolutely nothing funny about these failures.]

To reduce costs, Chrysler has combined IT and global finance into a single organization. While the move is not without risk, the company’s financial woes require dramatic steps.

From Chrysler’s press release:

Chrysler LLC today announced the appointment of Jan A. Bertsch, Senior Vice President Treasurer and Chief Information Officer as part of an on-going effort to streamline functions for greater efficiencies. Bertsch will lead the efforts to consolidate Information Technology Management and Treasury into a new structure.

Under this integrated structure, Bertsch is responsible for the Company’s global treasury operations. She continues to direct the Company’s systems and computer hardware strategy and planning, systems applications development, data center operations and telecommunications network operations.

THE PROJECT FAILURES ANALYSIS

On the surface, the plan appears a nonsensical attempt to reduce costs by combining unrelated corporate functions. Financial Week quotes an observer stating this view:

The move caught some treasury department watchers by surprise. “It’s not common at all,” said Dan Carmody, managing director with Treasolution. “Generally speaking, companies merge departments to streamline management hierarchy and to reduce overhead costs in order to provide greater value to shareholders.”

[H]e added that “the merger of treasury and IT is unique, mainly because of each department’s different functions.”

Down the road, Mr. Carmody doesn’t see more companies following Chrysler’s lead.

On closer inspection, however, the changes make sense for three reasons:

1. Chrysler’s financial performance has been dismal. According to the Wall Street Journal, the company’s sales “have fallen about 25% this year.”
2. Chrysler’s existing CIO, rather than the bean counters, is assuming control, ensuring that IT remains a strategic force within the organization.
3. Bringing finance under IT creates opportunities to drive cost-savings within the context of maintaining successful IT operations. That’s smart.

This isn’t the first time companies have combined IT with other functions under a single umbrella. Recently, I applauded Bausch & Lomb for merging customer service and information technology under CIO Alan Farnsworth:

Disconnects, gaps, or communication issues that might arise between these important groups now have a built-in resolution mechanism. With a single of point of responsibility, there are fewer cracks into which issues might fall and disappear.

•  Also see: Bausch & Lomb puts new CIO in charge of customer service

At the same time, not everyone has confidence in Bausch & Lomb’s decision. For example, TechTarget’s Margaret Rouse offers a less enthusiastic perspective:

Has IT become so integrated into business that the CIO not only doesn’t have to have a technical background — he also has to have a second job within the company?

It’s also interesting to note that JetBlue once tried to combine IT and marketing. Larry Dignan, ZDNet’s editor-in-chief, described this back in 2004, in a Baseline Magazine article titled Tough Sell.

Negative reactions from Twitter. Many observers will criticize Chrysler for taking steps reminiscent of past failed cost-cutting drives in IT. Ric Hayman, an IT manager, tweeted: “IT and Finance is a bad fit either way … who guards the guards?” He added:

[M]aybe I should be a developer at Chrysler then, to improve my retirement prospects :’)

Similarly, Patrick Moorhead sent this tweet:

The things companies do to “save” money……. Remember the “answer” was outsource all of IT to India? Or customer service?

Consultant and former auditor, Francine McKenna, from whom I learned about this story, twittered an eloquent summary of the case against combining IT and finance:

What’s next? Engineering & the Cafeteria?

My take. Chrysler’s cost reduction car chase is hitting a stride and IT plays a role. I think it’s a smart move.

Update 7/7/08 12:00 PM EDT: I asked CIO Magazine senior editor, Stephanie Overby, for her opinion:

The IT executives I spoke to talked a great deal about the cost savings and efficiencies to be gained by outsourcing IT application and infrastructure services to two main partners – CSC and TCS in India. And clearly the focus is on getting costs down and getting the balance sheet in shape under private equity ownership. They’re cutting their in-house IT resources in half.

What they didn’t talk about in any detail were any new projects in IT, any real investment in IT that will help Chrysler innovate and compete. It seems that they’re trying to get through this rough period first. Any really transformational ideas are thoughts for another day.

[Image via SlashGear.]