Saturday, December 30, 2017

The changing role of the technology team in ERP implementations (part 1)

Companies change their Enterprise Resource Planning (ERP) systems infrequently, only every ten to twenty years. If your ERP no longer meets your business needs and you are thinking of its replacement, here is a summary of how your technology team will be involved in ways that may not have applied the last time around.

The technology team has always had a role in the selection of the ERP, evaluating the vendor’s technology solution and direction. The technology team also set up the on-premise system, extracted and transformed data for loading to the new ERP, and trained a support team.  Depending on how long ago the ERP was implemented, and the company’s industry, they may have built some interfaces.  

It’s tempting to think that the world of cloud solutions is easier for the technology team during the ERP implementation project. It isn’t so. Here are some of the changes to think about when you are scoping and planning your new ERP implementation project.

Mobile technology
ERPs now have mobile features, such as approvals on mobile phones, and reporting on tablets. In the implementation project, you’ll have to test operability with all of the device types and operating systems that you support. You also may need to support multiple browsers to handle your new ERP at the same time as any remaining legacy systems. You may also have concerns about security if mobile devices are lost, or need to figure out how to implement dual factor authentication for these.

Integration between systems used to be a nice-to-have. Now integration is a must-have. The business relies on automated interfaces to communicate with customers, vendors, banks, and business partners.

Interfaces to/from the existing ERP may have been built over time with a variety of tools and approaches. When implementing a new ERP, you will need to re-develop all of those that connect with the ERP. If you plan to select a new integration tool or define a new approach, this is the time to do it. As a result, you need to factor in time, money, and expertise for selection, purchase, and training your team on the new toolset.

With some of your applications, and possibly also your integration tool, in the cloud, the development, testing, and promotion to production of the integrations requires access to multiple environments in a variety of public and private cloud environments. The external parties with whom you exchange data may also have cloud applications. Engaging the internal and external parties and their cloud providers and working with all of them to achieve a common go-live date is a significant coordination effort.

ERP is an important source of data for company reporting. With implementation of a new ERP, the data model of that source data is changing, which will require you to re-build data feeds to your reporting platform. The standard reports in the new ERP will also be different from the existing one. As a result, this is a good time to re-evaluate reporting requirements and perhaps replace that application or the mechanism by which it receives its data. As with integration tool replacement, this requires selection, purchasing, and training staff.

Business-managed systems
Cloud has made it easy for the business to implement solutions that IT is not aware of. Many of these applications will be affected by the ERP implementation (integration, data changes, process impact). Although it is the responsibility of the business to identify these situations, they will need support from the technology team to assess impacts and identify how to integrate these solutions into their new processes.

Stay tuned
There is more to cover on the changing role of the technology team in ERP implementation. Watch for part 2 

Friday, December 29, 2017

Project risk case study: Scarce resource management

Technology projects are heavily dependent on expert resources from the IT team and the business. Managing people whose work is critical to the success of the project is essential and managing their time can be challenging.

This case study is a situation where a business expert was proving to be unable to deliver to the timeline.

Case study
The project was development of custom reports. When engaging resources for the work, the project manager did the usual things to ensure availability of the resource: for example, arranged for dedicated team members, and obtained commitments from their managers that they would be free to concentrate on the project. For those who were not vendors, the project manager arranged for the individuals’ jobs to be filled by other workers so the project team could concentrate on the project work.

The situation
The development work proceeded but there were challenges and issues along the way (perhaps a case study for another time).  Due to the development issues, there were quite a large number of problems found in the testing phase. 

However, just as problematic, it was taking a very long time for the business expert doing the testing to identify the issues on the reports, and to re-test as defects were corrected.  As time went on, it became clear that the tester was a significant bottleneck in the process.

The project manager discussed the pace with the tester, who confirmed that he was concentrating on the testing tasks, and had not been pulled away to work on other non-project work. The tester claimed that it was just a temporary delay due to learning curve on what needed to be done, and that he would have no problem catching up.

Unfortunately, the tester’s prediction of increasing speed did not come true. The testing continued to take much longer than planned.  In addition, the tester claimed, and his manager agreed, that no one but himself was qualified to examine the reports and determine whether they were right or wrong.

Evaluation of the problem
The project manager decided to see for herself what was causing the delay, so she arranged to sit in the tester’s office while he worked. She did some other work, but by sitting close by was able to observe the tester’s process.

What she observed was that there were many time-consuming steps to complete the tester’s work.  He printed the legacy report; then printed the new report. Then, he went through every line and checked every heading, description, and number for accuracy.  Then, when he found a difference between the legacy and new report, he had to determine whether the difference was acceptable. If it was not acceptable, he had to log the defect in the tracking software.

The project manager realized that much of the work could actually be done by others. The only part of the work that the business expert tester really had to do for himself was to evaluate whether a difference was acceptable or not.

New approach
The project manager arranged to add two junior staff to the project. They were assigned to print the legacy and new reports, compare every heading, description, and number, and mark differences with highlighters and tape flags for review. 

The business expert was now able to focus on the one thing that no one but himself could do. He focused on evaluation of the differences between the legacy and new reports, and decided whether the difference was acceptable or a defect.

The project manager also arranged for someone else to log the defects for the tester, so he could concentrate on just the evaluation.

The project manager’s observation was essential to resolving the work bottleneck. Each report was taking two to four hours to test, but the portion that only the business expert could do was really only fifteen to thirty minutes.

By re-allocating much of the work to other resources, the business expert was freed up to complete the evaluation for many more reports.

Although their participation is critical to a project’s success, business experts can become a bottleneck on a project. In order to ensure the proper participation of the expert while also eliminating the bottleneck, it was necessary for the project manager to evaluate the work and break it down into its component parts. Then many of the steps could be completed by others, freeing up the expert to focus on the task for which he had the expertise.

Sunday, April 30, 2017

Introduction to IT Project Risk

While working on a variety of IT projects, I’ve seen several project charters and risk registers. Over time, I’ve noticed that not all project managers have a solid grasp of how to identify and mitigate project risk. So, here’s an introduction to the subject.

These aren’t project risks
Perhaps it seems an odd place to start, but the most common problem I see is that many risks identified aren’t really risks.  So, what is not a project risk?

An issue is not a project risk.  An issue is something that is already a problem for the project. E.g. a risk item that states: Vendor is late delivering components. Since the vendor is already late, or you already know the delivery is going to be late, this is an issue, not a risk. A risk is something that could happen, but hasn’t happened yet.

An outcome is not a project risk. E.g. a risk item that states: The project might not go live on time. This statement is an outcome of one or more events that could happen, for which the outcome is that there could be an impact on the project timeline. A risk is the thing that might cause the project to go late or cost more, etc.

Also, a vaguely-defined concern isn’t a risk. Risks aren’t really properly identified if they are not specific. E.g. a risk item that states: Testing is a risk. This statement is too vague, as it doesn’t say what specifically about testing is a risk and why it is being identified.

These aren’t mitigation plans
In addition to incorrectly identified risks, I often see vague mitigation plans. E.g. Manage dependencies and milestones. E.g. Leverage vendor’s experience. These mitigation plans are too vague to be actionable.

What are we worried about? What will we do about it?
Every book on project management has a risk definition along the lines of “Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality.” (PMBOK, Fifth Edition). Following that, there’s a definition of risk mitigation, such as: “Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.” (PMBOK, Fifth Edition)

Although accurate, these definitions can be simplified to aid understanding. The easiest way to identify risks is to ask yourself and others: What exactly are we worried about and why are we worried about it?

Then, once the worry and rationale are very clearly defined, the mitigation plan is based on:  What very specific actions are we going to take regarding that worry?

An example
Do you have reason to believe the vendor might deliver late – before it happens? For example, maybe the vendor has recently made a lot more sales than usual and you’ve had late deliveries when you’ve bought from other fast-growing vendors. If so, you can record the risk very clearly: Vendor has gained significant market share in the last three months. Based on our experience with other vendors, this market gain can have an impact on manufacturing capacity, which may result in late delivery.

If you want to avoid this event, think about what options you have to avoid your project being derailed by late delivery. For example, if the contract isn’t signed yet, can you build in a penalty clause, or pay a premium for on-time? Can you spend extra effort on vetting your requirements to ensure your own project doesn’t cause any impact on the vendor? Do you have access to other equipment you could use temporarily if the delivery is late? Does that strategy lead you define an additional risk and mitigation plan? Ask others for ideas on how they’ve managed this kind of risk before and how successful the strategy was for them. Be specific in your mitigation plan: go beyond platitudes such as good project management.

Do you have other worries?
Anything that causes you a specific concern is a candidate to be included as a risk.  Risks are as varied as the projects on which they arise. Here are a few examples I’ve seen: (1) Servers are being moved from a company-run to an external data centre during the same time period that our project needs to test connectivity for several interfaces. Testing connections to the old data centre will need to be repeated for the new data centre, with potential for delay to our project’s timeline. (2) Although the on-site project manager assigned by a major vendor has great leadership skills, he’s not particularly rigorous about scheduling and tracking against the schedule. Since he is managing a large team and a tight delivery timeline, we are concerned that we won’t have adequate visibility to progress or lack thereof. (3) Previous upgrades to this application have failed due to lack of understanding of the integration points.

Notice that all of these risks are very specific, and they provide a rationale for why the risk has been identified.

Schedule and follow up
Assign a responsible person and due date for every mitigation action item. If you aren’t able to assign a person and due date, the mitigation step probably isn’t defined clearly enough. Track these mitigation steps to make sure that they actually get accomplished.

Understanding of IT project risks and mitigation plans can be improved by simplifying the definitions to: (a) What you are worried about exactly and why; and (b) what you will do about it.

It is important to be very specific and provide the rationale for the risks. The mitigation plan needs to be detailed enough that each task in it can be assigned to a person and on a specific date. 

Friday, June 10, 2016

Project risk: Vendor management case study

Working with vendors is a fact of life on technology projects. It makes sense to engage vendors to work on your projects. They have product experience with many clients and can bring best practices in addition to technical expertise.

However, vendors are not your employees and it is wise to remember that their goals and your company’s goals are not always completely aligned. As a result, in addition to the benefits, there are risks in bringing on vendors to deliver your projects.

Case study
Here’s an example of a project gone off the rails due to issues with selecting and managing the vendor.

The client had issued a Request for Proposal (RFP) and selected a vendor to implement a new application and its supporting technology platform.

The vendor started missing deadlines early in the project. The client’s requirements for performance were not met. To resolve the performance issues, the vendor proposed hardware changes. The resulting procurement and installation time caused more delay.

Unfortunately, installation of the new hardware did not resolve the performance problems, so the vendor embarked on a series of changes to try and improve performance.  Time after time, the vendor said the performance changes would be done by the following week, but every time they were unable to deliver the improvements.  It was clear that the vendor’s team was working hard, including evenings and weekends, but still the system could not operate within the necessary timeframe.

After months of promises followed by non-delivery, the vendor asked for a three-month period to achieve the necessary performance. The client agreed to the three-month timeline, but once again, the performance metrics were not achieved.

At this point, the vendor asked if the client would make changes to other applications in the same business process. As long as all of the applications fit into the overnight process, the vendor’s own application performance would be of less concern. The client agreed to modify other applications, which caused further delays while requirements, development, and testing took place.

Unfortunately, the changes to the other applications were not sufficient. When done, it was clear that the vendor would still have to significantly improve the performance of its own product.  

The vendor continued to work at application changes and database tuning to try and correct the performance issues. When that failed to achieve the desired results, the client agreed to examine the business process to see if they could change it to accommodate the product’s performance issues. The process re-design did not create enough efficiency to solve the problem.

If you’ve ever been in this position, either as vendor or client, you know it’s a very unpleasant situation. The client and vendor blame each other for the problems. Millions of dollars are spent. The business does not have their new application. The vendor is losing money on the project. Discussions about legal action take place.

There were several problems with this situation.

In the RFP, the client did not specify performance requirements. This lack of guidance allowed the vendor to avoid considering performance when creating the proposal.

The vendor was a solid, well-established company, with an excellent reputation for delivery and support. However, the product was new, with no installations in the client’s industry or any other industry. When evaluating the vendor proposals, the client did not recognize the importance of the fact that the references provided by the vendor (for other products) were irrelevant to the project they were proposing.

The vendor’s size, stability, and reputation were a good thing, of course, in that the vendor was motivated to deliver to the client’s satisfaction, and had the financial resources to invest in efforts to correct the problems.  A smaller, less reputable vendor may have simply walked away early on.

As delays continued over many months and millions were spent, the client never had any discussion regarding whether the project should be cancelled and alternative products evaluated.  This inability to face the failure of a product and project is common. Many clients, once they’ve invested a lot of money, time, and resources, do not admit defeat and start over.

The interests of the client and vendor were never aligned right from the start. The client was looking for a product to install and add value to their business process right away.

The vendor was looking for a successful installation of its new product, so they could use it as a reference when selling to other clients.

If the client had realized up front the differences in their goals, they may have been able to negotiate an approach that worked for both. Instead, both the client and vendor have failed to achieve their objectives.

Tuesday, July 21, 2015

Listening every day to identify project risks

There are plenty of resources available on project risk management. It’s an important topic. After all, if you mismanage risks, your project could run late, go over budget, fail to deliver its benefits, or fail to be completed at all. The topic of project risk management is often treated academically. Try reading most books, articles, or blogs on the subject and you are quickly submerged in frameworks, assessments, protocols, Black Swan theory, and Monte Carlo simulation. There is also some practical advice about holding an initial risk assessment meeting at the outset and again during the project, so risks can be logged and monitored.  Unfortunately, there are also things that happen that team members don’t really recognize as project risks, as they are situations that happen all the time and assumed to be ‘just the way it is’.

Identify risks by listening

Often, additional risks can be identified outside of formal risk meetings. Once identified, risks can be managed, so identification is critical. Project managers need to practice their listening skills throughout the project to identify additional risks. In any kind of project meeting or casual discussion, risks can be identified. Here are several examples I’ve heard at different times, and how I heard about them:

·         When we change the active directory security groups we need to make sure it isn’t month-end because there are always so many errors that users can’t work for a while. (In a meeting on scheduling)
·         At go-live, it’s always crazy trying to get the inventory to reconcile, the accountants end up doing lots of ‘plugs’ and estimates, then they figure it out correctly and fix it the next month. (In a status meeting, when the discussion got side-tracked to an unrelated topic)
·         When we launch new forms, the end users make a mess of them because they can’t figure out how to fill them in. Then we have to re-work the form and launch the revision. (At a kickoff meeting for a project to design and implement a new form)
·         We hope that Jenny never catches the flu, as no one else knows how to do that critical step we need at go-live. (At a status meeting, while explaining that a component is late due to Jenny’s lack of availability)
·         It seems like there’s an awful lot of work to be done on the go-live weekend, I wonder if it’s too tight. (In the kitchen, when the project manager was getting coffee)
·         We have a new vendor working on an internal web site for our HR department. (In a discussion about roles and responsibilities)
·         The vendor’s project manager is a sub-contractor; do you think she will keep the vendor’s senior management informed and engaged? (Informal chat, after the vendor’s project manager had been introduced)

The risks noted above did not come up in official risk identification meetings, but instead came up in other unrelated discussions.

Managing the risks

Because these came up outside of the formal risk meeting, and many were assumed as ‘just the way it is’, there was sometimes resistance when the question was asked “what can we do to manage this?” However, when pressed further, it was frequently possible to identify steps that could be taken to manage the risk. Let’s look at risk mitigation ideas for the first few risk examples:

·         If changes to AD security groups usually have a lot of errors, can they be subject to a rigorous review step before implementation, or can the testing approach be examined to see if there are gaps, or can part/all of the process be automated?
·         If it’s crazy trying to get the inventory to reconcile, how about a rehearsal, or customized reconciliation reports, or review the approach with the accounting department to see what additional controls are warranted?
·         If new forms are not well received, can they be vetted and changed as part of the project instead of after launch? Is it possible to create a user advisory panel, or run a pilot with a subset of users?

As you can see, once the risk is identified, it’s possible to come up with ideas on how to mitigate that risk.


Although the risk identification meetings can generate some ideas about risk, additional risks can be identified if the project manager is listening for them. Ask yourself every day: Did I hear something today that might suggest there’s a risk we aren’t managing?

Copyright 2015 Debbie Gallagher

Monday, July 20, 2015

Great by choice by Jim Collins and Morten T Hansen (book summary)

Have you read Great by Choice, by Jim Collins and Morten T. Hansen? The book describes nine years of research done to try and identify why some companies thrive in uncertainty and others do not. As I read the book, I realized that with the fast pace of change in technology, the question is relevant not just to companies, but to their IT projects as well.

The study

The authors studied the stock market for the period 1972 to 2002, and selected several companies who met three criteria: (a) stock price beat their industry index by ten times (10X); (b) the environment in which the company operated over that period was turbulent; and (c) the company was fairly small (and therefore vulnerable) at the beginning of the period.  These companies and their leaders were called 10Xers.

Then for each 10X company, they selected a comparison company in the same industry. The majority of the work was to research what was different between the 10X companies and the comparison companies to find out what could have been the cause of the 10Xer’s success.

The results of their research surprised them. Great creativity and risk taking turned out not to be key factors to success in the long run. Instead, the 10X companies and their leaders managed risk very well, and had three key behaviors: (a) Fanatic discipline; (b) empirical creativity; and (c) productive paranoia


The authors use the race for the South Pole in 1911 by Roald Amundsen and Robert Falcon Scott to illustrate some of the book’s findings. They liken the approach of Amundson’s successful expedition to the10X company leaders, while the comparison company leaders lean more toward the habits of Scott, whose team perished before completing the trek.

It’s an interesting step back in time and also illustrates very well not only the concepts of the study but also the relationship between risk management, success, and failure.

Fanatic discipline

In turbulent times, the companies that outperformed their industries had consistent goals and performance. Instead of pursuing massive high-growth strategies, they pushed for consistent returns every year, no matter how difficult it was to achieve. In addition, even during boom times in their industry, they held back from wild growth strategies despite pressure to do so.

Achieving consistent performance no matter what is happening in the marketplace requires concrete, clear, intelligent, and rigorously pursued performance mechanisms to keep on track. Fanatic discipline is not about bureaucracy, but about the ability to remain clear about goals and find ways to deliver consistent performance. It also requires the ability to be a non-conformist and avoid the herd instinct of the marketplace.

Empirical creativity

The most successful companies tested new concepts on a small scale and determined what worked and what didn’t work before launching significant new lines of business, markets and technologies.

These trials allowed the 10X companies to spend a lot of time and money on big launches only once they had tried the concept on a smaller scale and determined how to be successful. Alternatively, they sometimes learned that the concept didn’t work for them and avoided spending a great deal of money and resources to learn that.

Although innovation is necessary, the authors were surprised to find that the most innovative were not the most successful companies. Instead, a threshold level of innovation is required to compete in the industry, and beyond that the amount of innovation doesn’t matter very much. Instead, it matters more that innovation is paired with the ability to scale the innovation and deliver on commitments to customers.

Productive paranoia

Leaders of 10X companies prepared for the unknown and managed risks well.  They concerned themselves with what could go wrong and created buffers to deal with those known and also with unknown risks.

The leaders of the 10X companies avoided taking actions that had huge downside potential. In addition, they had the ability to look beyond daily operations to see the big picture and identify the biggest risks to their companies.

IT project risk

This book is based on research into US corporations and makes interesting references to the South Pole expeditions of 1911.  However, as I read it, I thought very often of IT projects I’ve been on, and how the lessons could be applied. Many projects fail to achieve their objectives (or even fail to complete) due to lack of discipline, trying to deliver untested concepts, or poor risk management. Examples include projects without clear objectives, sponsorship, scope, or requirements (lack of discipline). Also, there are projects attempting to launch big technological or business changes without pilots (lack of empirical information).  Probably anyone reading this can think of cases where big risks (new software, new hardware, new vendor) were taken, but the risks were either unrecognized or unmanaged (lack of productive paranoia).


The authors of the book Great by Choice have based their book on research into US companies that outperformed their industry competitors over a thirty-year span by at least ten times. They identify three key characteristics of 10X companies and leaders that have been key to their success: (a) fanatic discipline; (b) empirical creativity; and (c) productive paranoia.

They make no claim at all of the book’s relevance to IT projects. However, as I read the book, I thought the parallels were easy to see and recommend the book to those who are interested in managing the risk of IT projects.

Copyright 2015 Debbie Gallagher

Sunday, July 19, 2015

It's just an upgrade

This is a true story. The company name has been changed.

The project manager was developing a project charter for his new project. He and his supervisor expected this project to be low risk and quite straightforward, as it was just an upgrade to an application that had already been running for many years in the organization. The application was used daily by approximately ninety percent of employees across the country.

The first risk assessment

The project manager met with his assigned mentor to discuss the project. At this company, it was a requirement that the project charter include a risk assessment section. The project manager included as risks some items that had been problems on previous projects, such as business resources and IT code promotion resources not being available. When questioned, the project manager said there was no particular reason to believe these would be problems on the new project, but he wasn’t sure what else was relevant to include as risks.

The real story

In discussion with the project manager, the mentor learned more about the project, which was in the planning stage prior to charter approval and project launch.

The application vendor had been slow to respond to requests for help with planning the upgrade.  The vendor was apologetic about the lack of assistance provided and explained that they had recently sold a very large engagement and were very busy as a result.

The existing application had numerous customizations and interfaces, almost none of which were documented. Upgrades of this application had been attempted before, but the projects were never completed due to the difficulty in replacing the undocumented customizations and interfaces.

The project sponsor had just gone on medical leave for several months and appointed a junior manager to act as sponsor in her place.

The mentor helped the project manager to identify three significant risks: (a) unavailable vendor resources; (b) undocumented customizations and interfaces; and (c) inappropriate sponsorship.

Actions taken

The mentor suggested several follow up actions to the project manager to try and manage the risks before launching the project.

The project manager approached the application vendor about alternatives for resourcing the project, but the answers were discouraging. The vendor had no business partners trained to perform implementations and also could not recommend any other companies or individuals who might to able to guide the company through the application upgrade process.

A business analyst was assigned to start documenting the customizations and interfaces, but the work was progressing very slowly as he was also assigned to a high-priority project.

Although the original project sponsor was available for a brief phone call, she was unable to suggest a more appropriate replacement sponsor for her expected several-month absence.

Unfortunately, none of the actions resulted in lower risks.

Updated risk assessment

After these follow up actions and further discussion with the mentor, the project manager had a much more realistic view of the project risk.

The vendor’s lack of availability during planning raised significant concerns about its ability to provide appropriate resources for the project itself. Noticeable lack of availability during the sales cycle made it clear that the vendor was overwhelmed by the large contract they had just signed and would not be focused on this company’s upgrade. Even if they managed to provide a few resources, the vendor would not be able to support them to the extent needed.

Undocumented customizations and interfaces had already caused previous upgrades of this application to fail. Proceeding with the project without developing a good understanding of the customizations and interfaces would certainly cause the project to fail once again.

The lack of an appropriate project sponsor is a risk that sounds alarm bells for any experienced project manager.  The appointment of a low-level resource shows a lack of understanding of the role of the sponsor. Someone too junior to determine business priorities and commit resources is not an appropriate choice.

Any one of the three risks described would put the project at significant risk of failure. Given all three risks, it would be nearly impossible for the project to succeed. 


The project manager discussed the revised risk assessment with his supervisor. The supervisor was reluctant to delay the project but did finally agree that it was too risky to proceed at that time.  However, the discussion of the risk with the sponsor would be a delicate matter, especially given the concern about the inappropriateness of the sponsor.

The supervisor arranged for the IT vice-president to have a discussion with the business vice-president (to whom the original project sponsor reported).


The two vice-presidents agreed that a different project was needed first, one with the purpose of documenting the existing customizations and interfaces. The IT vice-president agreed to commit resources to this predecessor project.

They expected that by the time that project was completed, the original project sponsor would be back from medical leave and the vendor would have had time to train new resources.


Given the risks identified for the project, the vice-presidents made the right decision. Delaying the project and starting with documenting the customizations and interfaces was the best option to set it up for success.

Evaluating project risk is frequently a challenge for junior project managers. It is typical for new project managers to focus on schedules and budgets, and develop their understanding of risks and issues at a later stage of their project management career. Providing a mentor for the project manager was a wise course of action for the company. The mentor was able to guide the project manager through the risk assessment process, leading to a more realistic evaluation of the project’s chance of success.

Copyright 2015 Debbie Gallagher