Technology

Avoid IT Project Failure

Negotiate contracts that define expectations and balance risks.

May 17, 2011
KEYWORDS risk , third-party
/ PRINT / ShareShare / Text Size +

A credit union’s information technology (IT) systems are its backbone and central nervous system. Investments in these systems are significant, and the business risk in the event of their failure is even greater.

Yet too often, the process for selecting vendors, products, and services, and negotiating the contract that sets forth vendor obligations and credit union rights is rushed and flawed—customer references aren’t sought, system requirements are inadequately defined, and the fine print is ignored until it’s too late.

As NCUA Letter to Credit Unions 07-CU-13 (“Evaluating Third-Party Relationships") made clear, credit union boards have a fiduciary duty to ensure third-party relationships are conducted in a safe and sound manner.

In addition, state and federal regulators are holding credit unions accountable for performing due diligence and risk assessments in evaluating third-party vendors.

Credit unions must negotiate and obtain agreements that offer adequate protection in the event of a project failure or contract breach.

While there’s no silver bullet that ensures the success of IT projects, it’s possible to reduce the risk of failure through:

  • An informed system and vendor selection process;
  • Well-managed contract negotiation and implementation by the credit union; and
  • Reviewing NCUA Letter to Credit Unions 07-CU-13 before undertaking a major project.

Credit unions should follow these steps to increase the likelihood that IT projects succeed.

System and vendor selection

When selecting a system and a vendor, credit unions should:

• Identify and express what functions the system must perform: problems it will solve, tasks it will perform, and time requirements.

If there’s any concern that internal credit union personnel aren’t sufficiently equipped to perform this job, an outside consultant unconnected to whomever might ultimately be hired for the work should be hired to help identify requirements, draft requests for proposals and review vendor responses.

• Request proposals from multiple vendors and leave time for face-to-face interviews with not only the sales team, but the vendor’s designated implementation team for the project.

Successful implementation requires excellent communication and responsiveness. Interviewing the implementation team offers important information on the vendor’s capabilities in this regard.

• Request customer references and follow up with them. Don’t underestimate the importance of the vendor having implemented the system in credit unions or other financial institutions.

• Analyze the vendor’s business to assess not only its track record with similar projects, but its reliance on subcontractors and its financial health.

• Ask to see the vendor’s form of contract that will be used as the basis for the final contract early in the process. Retain counsel with experience in software licensing and IT contracting to review the contract.

• Set a timeframe for vendor selection that permits time for thorough review and consideration of the proposals and negotiation process.

Next: The contract negotiation

Great Comments

Ken Schroeder, CBCP, VP-Business Continuity, Southeast Corporate
April 20, 2011 9:03 am
Great points, especially the deliverables and remedies.

Actually, these principles apply to every critical vendor, not just for IT projects. A solid vendor management program will help ensure the CU is never left hanging in the wind when a critical vendor fails to perform.

Unfortunately, too many CUs just pay lip service to their vendor management program, or think it applies only to IT.


Flag Comment as Offensive

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Your Say: Have You Ever Suffered a Denial of Service Attack?

View Results Poll Archive