In an ever more competitive world, businesses are under increasing pressure to transform the way they operate and adopt digital delivery models for their processes and services. Indeed, a successful digital transformation project can mean the difference between a business failing and one that embraces the future and realises its potential. But such projects carry high execution risks, and close attention needs to be paid to them throughout their life cycle. General counsel and their teams have a key role to play in this area.
Businesses may embark on IT transformations for a number of reasons: to remain competitive; to respond to the changing needs of customers and/or engagement with suppliers; to expand, often into overseas markets; to drive efficiency; and enable data-driven decisions.
The increasing adoption of the Cloud – vital thanks to its greater capacity to manage the huge volume of data a company may generate – can also mean the need for greater capabilities. Another key driver is regulatory requirements eg for data protection, cyber security and AI. IT transformation is also increasingly used by businesses to improve their ESG credentials, by reducing energy usage.
Success, however, can be elusive. Indeed, the sheer variety of drivers and objectives can contribute to that elusiveness. Basic disagreements or misunderstandings can arise about what the supplier will deliver, at what price and when. There can also be problems integrating new systems with legacy ones. At a minimum, these cost money to resolve, and may give rise to claims. At their worst however, these problems can prejudice the benefits of the transformation, and even lead to project failure and abandonment.
Projects therefore require careful planning and continuous monitoring to manage risks. So, what can general counsel and in-house legal teams do to mitigate risks from the outset, help projects stay on track and to ensure the success of an IT transformation?
For projects in the pipeline, in-house legal would ideally be embedded in the project team from the outset, and bring their skills and expertise to the following areas:
- Business strategy: in-house legal can facilitate a discussion between stakeholders to ensure the business case for the transformation – including the rationale, objectives and exact requirements – is well defined and understood by all. Once defined, they can help ensure the business requirements are set out clearly. This is valuable input precontract, to enable the business to prepare tender documents and for IT suppliers to price contracts, identify gaps and map out timelines.
- Due diligence: a robust DD process can identify any legal, compliance, commercial, technical or operational risks. These risks may relate to the IT supplier or sub-contractor, or the underlying product or service. Once known, the legal team can advise on how risks can be mitigated, for example by specific contractual requirements and warranties.
- Contract: it is vital to get the contract right at the outset, including basics such as ensuring it is appropriate for the type of project that is being undertaken, for example whether waterfall or agile. Business requirements should be well defined, and product or service specifications made clear. The project plan should specify the dates for the supplier’s deliverables, and that those deliverables are output-focused and can be tested by the client. In addition, acceptance criteria should be clear, and should avoid deemed acceptance without the client’s input. Terms which defer agreement on any issues to later in the project should be avoided, and a governance architecture which ensures oversight and appropriate escalation procedures included. Provisions that enable resolution of issues without unduly delaying implementation should be included, and work should not start until the contract has been agreed.
- Contingency planning: the business should have a contingency plan for project delays or failure, to avoid being locked into a failing project with a delinquent supplier. The contingency plan will depend on the project, but might require retaining the existing system and supplier, exercising step-in rights or outsourcing work elsewhere. Additionally, in a Cloud environment, it is important to consider who has the access and encryption keys.
For projects that are underway, project teams will be focussing on delivery, and lawyers can bring valuable objectivity throughout the process. That can involve watching for red flags such as repeated delays or change requests, unexpected invoices and high supplier staff turnover. In-house lawyers can help by:
- Carrying out ongoing due diligence on the supplier: monitoring public sources for key information such as security breaches and financial filings, including overseas affiliates or sub-contractors that are part of the IT services supply chain.
- Policing project governance: checking the contractual governance structure is set up and used by the project team, with regular monitoring. There should be easy-to-access repositories for everyone involved to access and store their records.
- Encouraging good contract management: ensuring the project team are familiar with the contract and that it is being followed. If there are any deviations from the contract on the ground, take immediate steps to preserve the contractual position or amend the contract. When amending it, follow the contractual procedures, in particular for key areas such as scope, timetable, costs and risk.
- Utilising the contract: encouraging project teams to use escalation procedures and other contractual rights – such as audit rights – that have been built in as a means of protecting the business.
Given all the drivers for change, the scale of business transformation is only likely to increase. Meanwhile in the current economic climate, where being lean and tight cost control is critical, ensuring the success of any project is more important than ever. Businesses simply cannot afford their projects going over budget or taking too long to finish, let alone fail altogether. With their expertise, general counsel and their teams are well placed to maximise the prospects of a successful transformation.
Addleshaw Goddard’s tech team
AG’s 50+ tech team brings together technology lawyers across commercial and contentious disciplines to assist clients reduce the legal risk in implementing IT projects and managing contracts, which are often high value, complex and business critical. Where issues do arise, we assess clients’ positions and options, formulating and implementing a strategy to achieve their objective. We act for a wide range of customers of IT systems, and also act for a number of IT suppliers, giving us a perspective and insight that we apply for the benefit of all our clients, whether customers or suppliers.