Ying Ki Kwong, State of Oregon,
Phillip Lew, XBOSoft
In many organizations, enterprise software systems are acquired and not built internally. In these projects, the technical heavy lifting is outsourced to contractors and may span all aspects of the system development life cycle (SDLC). Even when the prime contractor is experienced and has a good track record of delivering projects successfully, a project that involves the acquisition of an enterprise system is a complex undertaking and so high risk.
Many times, the root cause of the problem may be a conflict between the contracting model and SDLC. This is especially true with Agile, where requirements are supposed to be discovered and clarified as a project progresses. Yet, from a contractual point of view, the acquiring organization wants a product delivered by a specific date that meets stated requirements. When combined with poor project management and contract administration, low-quality product, schedule delay, and cost overrun are common. The acquiring organization may face contract disputes or even lawsuits, as well as a variety of failure modes for the project itself and the careers of the people involved.
This paper examines some common pitfalls in quality & risk management of IT projects from the perspective of an organization acquiring enterprise software systems that may be commercial-off-the-shelf, transferred from another end-user organization, or fully custom.
Topics covered include:
- Unclear requirements, poor reference architecture, or lack of dominant design in the case of transformative initiatives
- A poor contract, or contracting model that is inconsistent with the actual SDLC being used by the contractor
- Human factors that render Agile, waterfall, and other SDLCs mere idealization of real-world complexity and organizational dynamics
- Problematic practices in user acceptance testing (UAT) – especially poor test planning, late start, and unclear entry & exit criteria.
The authors will discuss lessons learned from their experience in the public and the private sectors; with emphasis on improving quality, reducing risk, and minimizing technical debt of mission-critical systems with the need for strict regulatory compliance.