Why Information Technology (IT) Projects Fail: Measuring Service Levels And Invoking Audit Rights

The failure of an IT project is rarely sudden and occurs more often than we would admit. The reasons behind the failure can range from commercial deadlocks, misaligned expectations between the customer and the service provider or poor service delivery.

In part one of this series, Why IT projects fail, we look at poor service performance monitoring, specifically the use of service levels and audit rights under an agreement.

Service levels - When performance is measured only in theory

Service levels are critical for ensuring that the parties are aligned on expectations. The customer should have comfort that it will get quality services, and the service provider should be aware of the expected standard and response times. The purpose of having service levels is to have clear measurable performance metrics that the parties can hold each other accountable to. Having to rely on breach provisions and lengthy cure periods are not practical, especially in high priority incidents where quick action is required. Many contracts allude to service levels, but few contain the details needed to operationally measure them.

• How is the service level defined: A generic obligation in an agreement to meet service levels is ineffective if the service level metrics are not defined. It is important to specify the quantifiable metrics that will apply to the service such as uptime and service availability, support hours, priority levels and corresponding response times, resolutions times, etc. Without defined metrics, the measurement of service levels becomes ambiguous, leaving both parties exposed. It undermines the customer's ability to quantify or successfully lodge a claim for poor performance of the services, and it leaves the service provider exposed to unreasonable claims for poor performance, especially where service level exclusions were not clearly defined.

For large scale IT projects, the service levels may vary for each phase of the project. This needs to be factored in the agreement, as the applicable service levels should align with the customer's needs at each project phase.

• When will the service levels be measured: The agreement should clearly state when service levels apply. Service levels may only apply during certain days and hours, and not over weekends and public holidays. For some services, the service levels need to be measured 24x7x365. It is also important to state the measurement period for service levels, for instance, will performance be measured on a monthly (calendar or rolling month) or longer period?
• What are the consequences for breach of the service levels: Service levels are not intended to be punitive; they are meant to disincentivise the service provider for poor service quality and provide the customer with a simpler and practical way to enforce service level adherence. Having service levels in an agreement is only useful if the failure to adhere to such service levels triggers consequences, such as service level credits and the method of calculating those credits must be clearly stated. While termination for failure to meet a service level is not always justified, the customer should have the right to terminate for repeat failures.

Audit rights – The clause everyone includes but hardly uses

Audit rights provide a party with the right to verify the other party's records and performance routinely. The purpose of an audit clause is to promote accountability and ensure that the other party is complying with its obligations under the agreement.

• Scope of the audit: The audit clause should clearly set out the services and environments that are subject to the audit. It should also state what is out of scope for the audit to ensure that information that is not related to the services or the agreement is kept confidential.
• When can the audit take place: An audit should minimise disrupting the other party's operations. Arbitrary limitations such as requiring prior consent which can be withheld at a party's sole discretion, placing an unreasonable cap on the number of permitted audits under the agreement, can undermine the purpose of the right. An audit right that is too difficult to exercise is the same as having no audit right at all. An audit clause needs to balance giving the audited party sufficient preparation time while avoiding excessive lead time that would enable the audited party to conduct a 'clean-up'.
• Consequences for non-compliance findings: Conducting an audit can be an expensive exercise. The party conducting the audit should be able to act on the audit findings. If there are no consequences or remedies available to the party, then the audit right will have little to no practical value.

Robust service level and audit right clauses are not just to comply with legal formalities; they also act as operational survival tools. When performance standards are compromised, the chances of project failure become elevated.

Sometimes monitoring failures are born from agreement drafting failures, which is why it is important to ensure that an appropriate contract is entered into before any IT project kicks off.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.