Why Information Technology (IT) Projects Fail: Selection And Management Of Vendors

Selecting the right vendor is critical to the success of an IT project. A dysfunctional relationship between the vendor and the customer, or just one that is not a good fit, can hinder the progress of the project and ultimately jeopardise its completion.

In part three of this series, Why IT Projects fail, we discuss the process of vendor selection and management of vendors. To catch up on the other articles in the series, click here.

Selecting a vendor often starts with issuing a Request for Proposal ("RFP"), and a well drafted RFP sets the tone of the relationship between the parties. The RFP must contain sufficient details about the project to ensure that prospective vendors understand the service requirements. The RFP should clearly set out the scope of work, evaluation criteria, and any terms and conditions that would apply to the provision of the services. A poorly drafted RFP will affect the success of the project and will likely result in misunderstandings around scope, what is included and excluded in the pricing, performance expectations, and delivery timelines.

While the RFP process is usually managed by the procurement team, it is important to involve other stakeholders at this stage of the project. This includes the operational team, which is best positioned to describe the scope of work and technical requirement for the project, and the legal team, which will ensure that the applicable terms and conditions and compliance obligations (including any regulatory requirements) for the project are included in the RFP. For instance, we have often seen how not considering regulatory requirements in the development of software, can cause serious delays and increase in cost when such requirement is only discovered at a later stage in the development process.

After shortlisting the vendors, it is strongly recommended that thorough vendor due diligence is conducted. Performing vendor due diligence enables the customer to identify potential risks associated with a vendor before entering into any binding contract. In certain sectors, such as financial services, due diligence is not only best practice but a regulatory requirement before vendor selection and finalisation. Vendor assurance ensures that the chosen vendor and the services to be provided align with the customer's standards, support the overall project objectives and mitigate potential risks. Once the vendor has been verified and selected, the customer and vendor should formalise the relationship by entering into a written contract. Having a written contract is important because a party can only enforce obligations and exercise rights that are expressly set out in the contract. Therefore, the contract must clearly define the roles and responsibilities of both parties, allocate risk appropriately and ensure that each party's rights are understood and protected.

The contract must contain clauses that address the core aspects of the customer–vendor relationship, some of these clauses include:

• Performance of services: The primary purpose of the contract is to ensure that the services are delivered and the project is successfully executed. The contract should specify what the vendor is required to deliver, the scope of services, and applicable service levels and performance standards. It should also outline the fee structure and payment terms that the customer needs to adhere to, and include a process for managing changes to the scope of services or requirements. It is not enough to have high level clauses addressing performance of services, the contract must be detailed enough to ensure that there is no ambiguity regarding the parties' obligations. As a guiding principle, the contract should contain enough details to allow an uninvolved third party to be able to decipher what the services and deliverables were without prior context.
• Liability and risk management: Arguably, the most contested and heavily negotiated provisions in the contract relate to liability and risk allocation. This is because these provisions dictate the potential legal and financial exposure of each party. There is a delicate balance that must be struck to ensure that both parties are allocated proportionate risk under the contract. To achieve this, the contract should include limitation of liability clauses to confirm the scope of liability for each party, indemnity provisions to protect against third-party claims, and warranties to confirm the quality of services.
• Rights and governance: To protect the interests of each party, the contract needs to provide each party with specific rights. These rights relate to ownership and licensing of intellectual property, conducting audits, and termination of the contract. The enforcement of rights under the contract allows the customer to manage the vendor effectively. Another important aspect of managing the customer-vendor relationship effectively, is having governance processes in place. For multi-jurisdictional contracts it is also very important to choose your governing law and mechanism for dispute resolution carefully.
• Cooperation with third parties: For large IT projects, it is often the case that the project is being executed in a multi-vendor environment. Therefore, it is important to ensure that all parties involved cooperate to minimise project delays. To promote cooperation, the contract should contain clauses that require the vendor to cooperate with customer's other service providers.
• Appointment of subcontractors: In many cases, a vendor may have to subcontract aspects of the project or enter into partnerships with third parties for various reasons. The contract must specify whether subcontracting is permitted, under what conditions, and whether prior approval from the customer is required. If subcontracting is permitted, the vendor must ensure that it enters into a contract with the subcontractor. These contracts, often referred to as back-to-back contracts, need to ensure that the obligations of the vendor under the main contract are passed down to the subcontractor. This creates a clear and traceable chain of responsibility to make sure that the obligations to the customer are met. An ambiguous back-to-back contract makes it difficult to enforce obligations, and resolve disputes between the vendor, subcontractor, and customer. Well drafted back-to back contracts are just as critical to the success of the overall project as the main contract.

Effective management of the vendor requires robust provisions in the contract, as well as actual implementation of those terms and exercising of rights. Project meetings and mandatory reporting, which are sometimes overlooked, are initial measures that can be implemented for ensuring effective vendor management. As an added layer, the customer should exercise its audit rights to continually monitor vendor's performance and compliance with the contract. Similarly, the vendor should hold the customer accountable to ensure that the customer fulfils its obligations regarding payment and project management.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.