Retiring applications

A frequently-neglected part of the plan for implementation of a new application is the retirement of the one that is being replaced.

However, there is good reason to do that work at the same time as your new project, as there are risks and costs related to keeping an old system running after it is no longer actively used.

Why decommission

The most obvious concern with maintaining applications that are no longer used is the cost of licensing and support agreements. There are also less obvious costs. For example, you may be running certain hardware or operating systems for the sole purpose of maintaining the legacy applications. You may also pay consultants with legacy expertise to maintain that legacy hardware and software. Perhaps it is no longer feasible to apply some types of security to older systems.

Here is an approach to consider and tailor to your own application and organization.

Business ownership

Although managed by IT, there must be a business owner who will participate in retirement planning and approve any decisions that are relevant to the business.

Contracts

Unless the application being retired is fully home-grown, you likely have some contracts in place. For example, application licenses for users and administrators, and support agreements. The infrastructure or security support may also be covered by service contracts. Review all of the relevant contracts and determine what your rights and responsibilities are. E.g. if users are not maintaining any data, but are read-only, do you still have to pay? What is the notice period, and when is the deadline to give notice? Are your responsibilities truly clear in the contract, or do you need a lawyer to review it?

Continuing access to the data

Depending on the business use of the application, it may be necessary to keep the data for some period of time. Start by identifying the data that is kept in the system. Is it general ledger, purchase orders, energy usage? Also identify whether the application is the system of record for that data. If the application is just for reporting or transmitting, and the system of record is somewhere else, it may much easier to eliminate the application’s data set.

If the application is the system of record, map the data sets in the system to the corporate data retention policy. This policy will have been developed in alignment with compliance, legal, and regulatory requirements. Then, discuss with the business owner what their business needs are for ongoing access to the data. This may be different from the corporate data retention policy.

While you’re having that discussion with the business, find out what kind of access to the data is going to be needed. Do they still need to use the application to view the data, or will it be enough to be able to query the database?

Also ask the business owner how many users should have continuing access to the application. Perhaps you can reduce the number of users to just a few, either right away, or after a year or so.

If the application being retired is on some technology that you no longer use for any other applications, it may be tempting to copy the database to a technology that you support as a standard. However, this may not provide what the business needs. If the data structure is complex, you may no longer have an employee with the experience to query that structure and get the right answer. In addition, if there is a need to re-generate reports or documents, it may not be feasible to do so without the application.

Operations

Perhaps based on either the retention policy, or the business needs, you have learned that the application is still needed for inquiry and reporting for several years. There still may be steps you can take to reduce the effort of operating the application.

For example, since the data isn’t changing, it may not be necessary to do daily backups or manage high availability. Perhaps the business would now be fine with a monthly backup, so you have fresh media. Maybe the business would agree with a longer recovery in the event of failure.

It’s also likely that you could eliminate the development and testing environments for the retiring application.

Security and controls

You can also examine the security and controls for the retiring application. For example, discuss with the business whether they still require two-factor authentication.

It’s also a good time to discuss whether the controls for the application and its supporting infrastructure should be tested any more as part of the audit. Some of the testing may no longer be needed, which could reduce the effort of internal or external auditors.

Other considerations

If you are generally moving applications to the cloud, or no longer wish to support the particular technology platform of the retiring application in your data centre, you may consider options to have someone else manage it for you. There are usually vendors who would agree to host the hardware and application in their own data centre. Note that this approach requires considerable planning, and you should engage the potential vendor early to discuss requirements.

Conclusion

When you implement a new system, planning for the retirement of the old one should be planned at the same time. It should be possible to manage costs and risks by appropriate planning and execution.

This article provided some high-level guidance on retirement planning to get you started. You can use it as a framework, and customize it to your own organization’s needs

Project risk case study: Scarce resource management

Technology projects are heavily dependent on expert resources from the IT team and the business. Managing people whose work is critical to the success of the project is essential and managing their time can be challenging.

This case study is a situation where a business expert was proving to be unable to deliver to the timeline.

Case study

The project was development of custom reports. When engaging resources for the work, the project manager did the usual things to ensure availability of the resource: for example, arranged for dedicated team members, and obtained commitments from their managers that they would be free to concentrate on the project. For those who were not vendors, the project manager arranged for the individuals’ jobs to be filled by other workers so the project team could concentrate on the project work.

The situation

The development work proceeded but there were challenges and issues along the way (perhaps a case study for another time).  Due to the development issues, there were quite a large number of problems found in the testing phase. 

However, just as problematic, it was taking a very long time for the business expert doing the testing to identify the issues on the reports, and to re-test as defects were corrected.  As time went on, it became clear that the tester was a significant bottleneck in the process.

The project manager discussed the pace with the tester, who confirmed that he was concentrating on the testing tasks, and had not been pulled away to work on other non-project work. The tester claimed that it was just a temporary delay due to learning curve on what needed to be done, and that he would have no problem catching up.

Unfortunately, the tester’s prediction of increasing speed did not come true. The testing continued to take much longer than planned.  In addition, the tester claimed, and his manager agreed, that no one but himself was qualified to examine the reports and determine whether they were right or wrong.

Evaluation of the problem

The project manager decided to see for herself what was causing the delay, so she arranged to sit in the tester’s office while he worked. She did some other work, but by sitting close by was able to observe the tester’s process.

What she observed was that there were many time-consuming steps to complete the tester’s work.  He printed the legacy report; then printed the new report. Then, he went through every line and checked every heading, description, and number for accuracy.  Then, when he found a difference between the legacy and new report, he had to determine whether the difference was acceptable. If it was not acceptable, he had to log the defect in the tracking software.

The project manager realized that much of the work could actually be done by others. The only part of the work that the business expert tester really had to do for himself was to evaluate whether a difference was acceptable or not.

New approach

The project manager arranged to add two junior staff to the project. They were assigned to print the legacy and new reports, compare every heading, description, and number, and mark differences with highlighters and tape flags for review. 

The business expert was now able to focus on the one thing that no one but himself could do. He focused on evaluation of the differences between the legacy and new reports, and decided whether the difference was acceptable or a defect.

The project manager also arranged for someone else to log the defects for the tester, so he could concentrate on just the evaluation.

Conclusion

The project manager’s observation was essential to resolving the work bottleneck. Each report was taking two to four hours to test, but the portion that only the business expert could do was really only fifteen to thirty minutes.

By re-allocating much of the work to other resources, the business expert was freed up to complete the evaluation for many more reports.

Although their participation is critical to a project’s success, business experts can become a bottleneck on a project. In order to ensure the proper participation of the expert while also eliminating the bottleneck, it was necessary for the project manager to evaluate the work and break it down into its component parts. Then many of the steps could be completed by others, freeing up the expert to focus on the task for which he had the expertise.