Hewlett-Packard was abrubt in parting company with its long-serving CEO, Carly Fiorina. One factor to count against her tenure was surely the catastrophic failure of HP’s Enterprise Resource Planning (ERP) implementation in spring 2004.
Hewlett-Packard’s ERP project went horribly wrong and the firm attributed losses of $400 million due to delivery and logistics failures as a result. Additional costs – in stock price markdowns, management distraction and damage to brand and reputation – must be incalculably higher.
HP is not alone. Even when projects do not result in catastrophe, a typical company spends 30 per cent of its IT budget on strategic projects, yet 40 per cent of IT projects fail to deliver their intended return. If anything, we believe these numbers to be an understatement. Nor is the problem confined to the IT world; recent scandals in the pharmaceutical industry, for example, point to failures of project governance in new product development projects. These failures are having multi-billion dollar repercussions.
In our experience, at any moment, companies are spending between 20 and 50 per cent of their total available resources on projects. Sometimes even more – we once helped a client to work out that its project commitments required 1,200 person-years’ of effort – this was a pity, as the company only employed 800 people.
Project working has so exploded across the business world in the past 25 years that projects now comprise a significant part of business activity. Companies may, simultaneously, have projects running in IT, supply chain, operations, risk, organisational design, new product development, sales, marketing, back office operations – and anywhere else that change is needed in the business. As we have seen, one effect of this panoply of projects is to place the business proper at increased operational risk.
This issue falls squarely in the domain of the board – especially when one considers the increased demands of regulatory frameworks such as Sarbanes-Oxley in the US and Turnbull in the UK. Section 409 of Sarbanes-Oxley, for example, requires US-quoted companies to report “…material financial events immediately…” instead of waiting for quarter-end. As HP found, the foundering of a major project certainly qualified as a ‘material financial event.’ The project went wrong; it had to report it – and the stock price tumbled 16 per cent.
In the UK, the Turnbull Report places a similar onus on the board: “The Board of Directors is responsible for the company’s system of internal control. Executive management is responsible for managing risks through maintaining an effective system of internal control, and the board as a whole is responsible for reporting on it.”
Most companies address this requirement in two related ways. The first is through their systems of management and financial reporting; the second is through the organisational structure.
Look at most company reporting at the board level, however, and as far as projects are concerned one would be hard pushed to find evidence of either. It is difficult to see how board members find out what they need to know about the projects in the company from standard internal reports. And it is rare to have anybody in the executive suite responsible for project oversight (except in the case of major programmes, perhaps, but these are only a proportion of the company’s total project activity). In practice, everyone knows projects are happening, but no-one knows quite how many. The only times the board normally becomes aware of a project are when it requires significant spend or strategic commitment, or when it crashes.
In other words, most companies lack a systematic, consistent and transparent way to report on projects, their initiation, their progress and their risks. This leaves the company, and the board in particular, exposed in more ways than one.
When a company’s share price goes south because a project fails – how long will it be before we see directors being sued by shareholders on charges of criminal negligence – is it because the board lacked the reporting or financial controls to limit and manage the company’s exposure to reasonable and predictable project risk? This is not a trivial matter.
The problem arises because projects are, naturally, different from ‘normal’ or ‘line’ working. Everyday line working is what companies do. So the reporting, organisational, budgeting and planning processes the board relies on as evidence of internal control are based on line working. As we have seen, however, some 20 to 50 per cent of a company’s resources and attention may well be consumed by projects. Under the line management model the board has little way of knowing about this commitment, and hence is unable to understand, less still manage, the risks to which these projects may have exposed the company.
So how does a board know when it has control of its project exposure? When it can answer, quickly and consistently, the following questions:
- What projects are currently running in the company?
- What value will these projects deliver?
- What mechanisms exist to ensure the resources these projects need are defined, scoped, approved and capped?
- What criteria do we use as a basis for project approval? Project rejection?
- How do we stop projects spawning unilaterally in the business?
- What are the specific risks presented by each project? To the business? To its own success? To the success of other projects?
- What standards do we expect of people in planning for the prevention and handling of these risks?
- How will we know when our project commitments or project risks are going off plan?
The answers may lie in a programme office. They may entail creating a Chief Projects Officer. They could result in installing a standard project management process. They might conceivably involve software (but beware – software can only be part of the answer; it will never be the whole solution). They should certainly include a ‘projects’ heading in any management report that the board sees.
We used to live in a stable world but change is now the norm. Projects are how companies plan and execute such change. By the same token, projects are also how companies expose themselves to self-inflicted risk. There is now no excuse for the board not to accept the project challenge: projects are a significant, potentially dangerous part of business life – it’s time we managed our businesses to reflect this.