Businesses rely on IT for pretty much everything these days, from financial systems to business processes to competitive advantage. And if IT fails — or if it’s mismanaged — lawyers and industry pundits say it can lead to the failure of the business.
But is this just fear mongering or hyperbole? I’m usually skeptical when I hear broad statements like that — are the risks of poor (or no) IT governance and management failure really that bad?
Let’s look at a few rather catastrophic examples: In 2005, Ford Motor spent a whopping $400 million on a purchasing system, only to abandon it. And the FBI spent $170 million to develop a virtual case file, which was then scrapped.
Then there’s public sector IT projects that have gone off the rails, at the expense of taxpayers, from Ontario’s integrated justice project, to the Canadian Blood Services’ ERP rollout to the fed’s gun registry system. Yikes.
Indeed, poorly defined applications contribute to a 66 per cent project failure rate, costing U.S. businesses at least $30 billion every year, according to Forrester Research. And, 60 to 80 per cent of project failures can be attributed directly to poor requirements gathering analysis and management, says Meta Group.
While Gartner says 50 per cent of projects are rolled back out of production, Carnegie Mellon says 25 to 40 per cent of all spending on projects is wasted as a result of re-work.
But wait … there’s more: In a study by Geneca Consulting Research, 75 per cent of those surveyed admitted their IT projects are usually or always “doomed from the start,” and only 55 per cent are confident of the IT project’s business objectives.
These are not great numbers. In fact, they’re pretty scary.
At a time when almost all businesses are completely dependent on technology — complex, highly integrated technology — there are a whole whack of legal, regulatory, compliance and governance duties and obligations being imposed upon them. This, considering most of the technology we rely on nowadays didn’t even exist 20 years ago.
According to Duncan Card, a senior partner at Bennett Jones LLP, the failure or mismanagement of IT can result in business failure, class action litigation or even regulatory sanctions, civil liability and criminal culpability. Potential sources of liability include everything from failing to produce records or information, to failing to disclose a material fact that obstructs an investigation or audit.
Card, who spoke at a seminar last month in Toronto on IT governance sponsored by CIPS and ISACA, provided a list of best practices: get hands-on business leadership direction and sponsorship, create a formal business case, ensure projects are incremental with milestone verification, test along the way, establish adequate resource allocation, provide a change management system, and keep excellent records, emails, instructions and meeting notes. Oh, and encourage expert independent performance verification and audits.
Sounds like a mouthful? It is. These days, the network is the lifeblood of a business. So, with the help of your legal department and a sound strategy, you’ll need to securely manage your ICT, digital infrastructure and confidential data — because risking your network means risking your business. It’s not so much hype as the new business reality.