Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

9/25/2013
01:52 PM
100%
0%

You Are Not Over Budget -- You Underestimated

When forces align to underfund IT projects, they guarantee an ugly finish

We all know horror stories of IT projects that run over budget, deliver the wrong result, or simply fail to cross the finish line at all. I bet you've been involved with such projects.

Even if businesses and governments rarely admit it publicly, IT disasters are more common than IT successes, and it's a rare project that actually delivers a great solution on time, within budget.

No single type of project is immune. The victims include software development, hardware upgrades, compliance efforts, security measures, and, in a twisted irony, even audits of other IT projects.

If the failure of these toxic projects weren't bad enough, their failure spreads in a ripple effect -- or a tsunami effect, considering the potential loss -- since late, overbudget projects likely have operational, compliance, and security shortcomings. This creates corrective projects, with their own risks of budget and schedule issues, to address the failures of the original, late, overbudget projects.

Generations of new approaches in project management, years of new technology, and thousands of new project tools have attacked the problem, but the chronic failure to deliver on time and within budget persists.

The problem is so common that nontechnical management has become almost universally skeptical of all IT projects. Many would rather buy a used car from a shady lawyer than commit to another large IT effort. Who can blame them?

So why do IT projects continue to run late and over budget? Why are we apparently powerless to correct a problem we have defined so thoroughly? Are we not learning the right lessons? Is the pace of technology overwhelming our ability to implement it? Are we just stupid?

I suggest that we can't solve this problem because we are trying to solve the wrong problem. Many, if not most, of these failed projects are, in reality, neither over budget nor overdue. It's much more likely that they are underestimated, not only for cost but also for time required.

Before they even start, these projects are destined to fail to meet either budget, time tables, or benchmarks.

The worst part of this problem is that everyone is complicit in this conspiracy of accepting, and contributing to, an appallingly high amount of failure.

Nontechnical management and staff often do not understand the "magic" of IT, so they focus their pressure on two things they do understand: cost and scope.

Many in management dislike the very nature of IT in business -- the seemingly endless demands for funding, like a hungry teenage boy who always wants another pizza. Out of frustration, these managers start drawing the line on cost without due consideration to the lowered odds of success. Or for a given cost, they cram in more requirements -- you know, to "get their money's worth."

Technical professionals are equally responsible and in a lot of different ways. The worst is the often-fatal group-created (and group-reinforced) false optimism. "Sure, we can pull that off!" is the groupthink of an entire industry filled with smart people who seek opportunities to show others how smart they are.

Some others allow their underestimated projects to become bloated because they are genuinely powerless to say no.

Everyone involved is at least sometimes guilty of poorly matching deliverables to realistic cost. If the project budget increases, so does the scope. The odds of delivering successfully drop accordingly, and everyone was a contributor in building a booby trap for themselves and their co-workers alike.

When outsourced bidding is involved, you get a deadly mix of 1) intentional low-ball bidders (win on price, hit them with change fees); 2) inadvertent low-ball bidders (they genuinely don't understand their under-estimated winning bid may put them out of business); and 3) decision makers who are not equipped to evaluate bids using success as a metric.

In fact, in bid situations, low-cost-limited success usually beats higher-cost success.

This problem will only be resolved when IT and non-IT leaders learn to be grown-ups about cost, time, and realistic expectations. To save real time and money requires uncommon professional discipline. In the end, it may be too much to ask of people.

Glenn S. Phillips agrees with Walt Kelly, "We have met the enemy, and he is us." Glenn is the president of Forte' Incorporated where he works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. Glenn is the author of the book Nerd-to-English and you can find him on twitter at @NerdToEnglish. Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6486
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6487
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6488
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6489
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6490
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.