A National Offender - The Same Old Lessons Have Not Been Learnt

The Public Accounts Committee (PAC) have released their report on the The National Offender Management Information System (C-NOMIS) project.

The C-NOMIS project, originally expected to be delivered in January 2008 for £234 million, was stopped in August 2007 because costs had trebled. Astonishingly, £161 million had been spent but the National Audit Office was unable to determine what the money had been spent on. The scope and benefits have since been reduced and the project is now expected to cost £513 million and be delivered in 2011.

"The way the C-NOMIS project was managed and monitored was completely unacceptable. It is deeply depressing that after numerous highly critical PAC reports on IT projects in recent years, the same mistakes have occurred once again. We question the purpose of our hard work if Whitehall accepts all our recommendations but still cannot ensure a minimum standard of competence. In this report we make further recommendations for how other organisations can avoid the mistakes made on C-NOMIS through identifying risks, monitoring progress properly and taking action to mitigate risks as they emerge."

The Chairman, Edward Leigh, who has reviewed other out of control projects, most notably the NHS Connecting for Health Programme (aka NPfIT), started the proceedings by expressing his exasperation:

"I have had all this before and I just do not know whether there is any point really carrying on frankly...Why did these problems re-occur, the same old lessons have not been learnt; over ambitious, weak project management and all the rest."

The problem was that it was seen as an IT project rather than as a programme of IT-enabled business change and it was badly managed. An analysis by the National Audit Office of the underlying causes of the costs increases and delay indicated that C-NOMIS suffered from seven of the eight common causes of project failure - four in full and three in part.

"In scales of comprehensiveness of incompetence it is largely unmatched."

The recommendations from the report are fundamental to successful delivery of IT-enabled business change:

• Major projects should be reviewed by senior management with sufficient rigour and scepticism to ensure that proposals are well-focused, realistic and take full account of uncertainties. "As usual it is key managers and what key managers do that makes a really big difference."
• Do not wait for blame to follow failure. Ensure proper performance management at all levels.
• A plan showing how business change and new IT are to be integrated should be upfront in the Full Business Case for all major IT projects.
• The organisation's capacity to manage major projects should be assessed and, where appropriate, strengthened.
• Monitor projects closely using reporting systems that are fit for purpose, based on actual evidence of performance.
• Take swift and robust action when reviews, such as OGC Gateway reviews, identify concerns or shortcomings in the management or progress of a project.
• Use existing guidance to avoid repeating the mistakes of the past.
• Negotiate contracts to ensure suppliers match expenditure against deliverables.
• Record and validate benefits and financial savings.

"Clearly this project was handled badly, it achieved poor value for money, many of the causes of delays and cost overruns could have been avoided. I could make some grand eloquent statement about how we never expect to see this happen again in the Civil Service but I suspect I would be wasting my breath." - Edward Leigh

How the Mighty Fall

Mark McDonald, in his article How CIOs can sense if their companies are getting ready to fall, draws on Jim Collins book, How The Mighty Fall: And Why Some Companies Never Give In, to provide some useful insight into how five stages of company decline manifests in leadership attitude and use of IT.

Collins' five stages of decline are:

1. Hubris Born of Success.
2. Undisciplined Pursuit of More.
3. Denial of Risk and Peril.
4. Grasping for Salvation.
5. Capitulation to Irrelevance or Death.

McDonald maps these to five stages for IT:

1. A breakdown of investment and technology management disciplines.
   
2. Multiple and competing business unit initiatives pursuing more IT.
   
3. IT budgets increase focus on current operations as support requirements consume resources. Executives begin to doubt the ‘value of IT’ as they challenge the need for costs that seem to be rising faster than revenues.
   
4. Hope that a single integrated application system and infrastructure will erase systemic weaknesses. The silver bullet solution mobilizes IT resources and gives IT an apparent new relevance coming from the prior stage.
   
5. Good talent moves on and there are challenges attracting and retaining market leading talent – leading to reduced expectations for IT.

According to one reviewer of Collins' book, the book does a particularly good job of describing dysfunctional leadership behaviors of companies in decline.

I think McDonald does a good job describing the stages of dysfunctional leadership in the use of IT.

"Senior management teams often question the value they get for their IT investments....which sustain - but do not improve - [business] performance. Among the many knee jerk management team responses to these frustrations, firing the CIO and outsourcing all of IT have emerged as perennial favourites. The problem with these two solutions is that, for most enterprises, they do not attack the cause of the problem - poorly designed IT governance, often with a corresponding lack of business leadership participation in the key IT decisions...If IT is not generating value, senior management should first examine its IT governance practices - who makes decisions and how the decision makers are accountable." - Weill & Ross, MIT Sloan School of Management, in their book "IT Governance", p147.

Waltzing with the Elephant

Mark Toomey's latest newsletter is a good, easy to read summary of the major issue in getting value from IT; that business leaders must be engaged in directing and controlling their organisation’s use of IT to achieve their business goals. That is fundamentally what governance of IT is about.

The article refers to Sir Peter Gershon's address to the ISACA Oceania conference in Canberra, where the Elephant in the Room was identified in the context of public sector governance of IT but applies equally in business:

"Realising the dream of world class governance of IT in the public sector largely depends on the behaviour of those at the top."

The article goes on to explain why leadership in governance is needed; Directing and controlling the use of IT is part of the much bigger picture of directing and controlling the business.

"IT is an enabler of radical change. But, the mere act of buying or building an IT solution does not of itself deliver the change – a reality that has been proven again and again through the failures of projects where there seems to have been a delightfully naïve expectation that this would indeed be the case."

After reading the article I'm looking forward to reading Mark Toomey's new book, Waltzing with the Elephant.

Governance of Programmes and Portfolios for Strategic Success

Project management success does not mean project success. There is an important distinction:

• Project management success occurs when the project deliverables are on-time, within budget and according to specification;
• Project success, on the other hand, occurs when the overriding strategic benefits are realised - after all, this is the reason projects are undertaken.

A Cranfield University study reported in 2006 that only 27% of projects deliver intended benefits, supporting earlier studies that suggested that fewer than 10-20% of projects ever deliver the expected benefits and 30-40% of projects are implemented without any discernable benefits whatsoever.

The limitations of project management must be understood to understand why so many projects do not succeed. Two key limitations are that:

1. Many benefits cannot be realised until after the project has ended yet benefits realisation must be actively managed; and
2. Project management methods were designed to address the development of new products or assets, not "soft" initiatives, such as as organisational, business process and behavioural change.

A research paper by Raymond Young, Paul O'Conner and Simon Poon, Goverance of Programmes and Portfolios for Stategic Success - Implications from a study of the State of Victoria, demonstrates these issues very well. The paper reports on the results of a study commissioned by the Victoria Auditor General's Office (VAGO) in Australia to evaluate the role of projects within the Victorian public sector and to evaluate the appropriateness of the Victorian Investment Management frameworks:

"The Victorian public sector was expected to be at the forefront of practice but the study suggested billions of dollars are invested in projects with few of the expected strategic benefits being realised."

For example:

"A 2009 VAGO audit of literacy and numeracy found that 10 years of effort by the Victorian Education Department had only lifted literacy in the early childhood years and numeracy had actually declined. There seems to be a similar pattern for Health services where waiting times appear to have remained either static or increased...Our conclusion is that although the Victorian Investment Management frameworks focus on benefits, the emphasis is to ensure an asset is aligned to a benefit rather than the actual realisation of a benefit and there is no focus on realising higher order strategic goals...The high level strategic goals have been clearly defined and relatively stable for at least 10 years. If one of the best performers did not have the tools to help it achieve its strategic goals, what are the implications for the rest of us?"

The paper asserts that the Victorian Investment Management frameworks, though considered to be world class, are inadequate for achieving strategic goals:

"Their strength is that they emphasise a portfolio approach to choosing projects and using benefits as the selection criteria for investment rather than simply focussing on on-time on-budget delivery. Their weakness is that they are directed mainly at asset investments and do not focus on soft-projects even though the majority of project expenditure appears to be on soft-projects...The crucial deficiency seems to the absence of meaningful linkages to programme management."

Furthermore, the paper suggests that the innovations with the most potential to increase project success rates (portfolio management, programme management and project governance) are still too immature to gain widespread adoption:

• Project governance must be closer aligned with corporate governance principles so that top management provides the level of engagement projects need to succeed and have assurance that key governance issues are being addressed.
• Programme management has more potential to deliver strategic benefits but requires more flexibility to support strategic thinking and enable top management and programme management to engage in appropriate levels of questioning, feedback and dialogue.
• Portfolio management must be linked to programme management because strategic outcomes can only be achieved when a whole programme of change is undertaken (the programme then selects the individual projects that will contribute to outcomes).

This has significant implications for organisations that are counting project management or project portfolio management to achieve IT project success. They need to consider how they will address these issues.

Val IT provides helpful guidance for the governance of IT investment portfolios. It is a coherent approach that can be used to complement existing practices and provides a set of principles, processes and practices for addressing the issues discussed here.