Covid-19 lockdowns have forced change on the business world. Two of the most visible areas of change have been in relation to the way we work and operate and the technology we use to support our work and operations.

As restrictions have eased, businesses are now starting to review which changes they should retain and develop vs which changes they should discard as temporary lockdown workarounds.

In doing so businesses should consider how they wish to operate moving forward – their business model and processes – and whether their current and planned technology will support this. They should also think about their staff’s ability and willingness to embrace more change. For instance, it may be that changes forced by lockdown mean that the workforce is now more open than ever to new ways of working and/or technology. Alternatively, it may be that staff felt bombarded with a number of new tools and processes adopted during lockdown, and would be resistant to further change. The sentiment will undoubtedly change from business to business, and probably even within each business.

If, following the review, the business decides to implement or upgrade any business critical IT, the stakes are now higher than ever (given the more challenging economic environment). Do it well and your business could realise greater efficiencies and perhaps even a strategic competitive advantage. Fail and…..well, let’s not dwell on that here….

It follows that effectively mitigating the risks associated with IT projects is going to be crucial.

At the moment ‘traditional’ risk mitigation strategies are still going to be as relevant as ever. These can include: ‘configuration over customisation’ (configuring existing commercially available software instead of developing custom-built software); a staged-implementation over a ‘big bang’ (implementing and releasing the new technology in stages (and potentially within pilot groups) instead of all in one go); ‘on ramps’ and ‘off-ramps’ (flexibility to commence and suspend/terminate stages of the project as it progresses); and appropriate testing before the technology ‘goes live’.

Are there any Covid-specific risks and how might a business look to mitigate these?

Risk that the project team’s ability to function is impacted by Covid-19

While here in New Zealand we are currently enjoying relatively low case numbers and freedom of movement, we cannot discount the risk of the team responsible for delivering the project (on the customer and/or supplier side) being directly impacted by further Covid-19 transmission. ‘Impacted’ could mean being required to work from home, being re-assigned to other more urgent projects or matters, or even illness itself, all of which could delay or even derail a project.

This risk should be considered before embarking on the project, with appropriate mitigation strategies and contingency arrangements formulated. These might include:

• ensuring the project team will be able to work together remotely in an effective manner;
• favouring (where possible and appropriate) a project team comprising individuals based in less-affected countries (such as New Zealand and Australia);
• appointing a supplier who has the ability to call-in replacement personnel if need be;
• ensuring there are appropriate communication and reporting procedures between team members and their reports – i.e. to avoid too much ‘project knowledge’ being confined to the minds of certain individuals; and/or
• having the ability to suspend and recommence, and/or abort, the project.

Heightened risk of the supplier becoming insolvent

The anticipated recession triggered by Covid-19 will bring with it a heighted risk of the technology supplier becoming insolvent and being unable to deliver the project and/or support the technology in the future.

To mitigate this risk, businesses could (as appropriate in the circumstances):

• conduct due diligence on the supplier before appointing the supplier – this would include assessing the strength of the supplier’s balance sheet and ability to withstand the recession;
• enter into contingency arrangements with third parties – for example, an escrow arrangement where a third party holds the source code for the software and releases it in the event that the supplier becomes insolvent (so that the software can continue to be maintained and developed in the supplier’s absence), and/or contingent arrangements with the supplier’s key subcontractors which could be activated upon a supplier insolvency to ensure the continued supply of those subcontractors’ services;
• tie certain payments to the achievement of project milestones – any fees paid to the supplier may not be recoverable in an insolvency situation, so the business will want to avoid paying too much before key milestones are met; and/or
• seek security in the form of parent company and/or bank guarantees – these could be called upon in the event that the supplier failed to perform. However, it is important to remember that these are more in the nature of ‘ambulances at the bottom of the cliff’ and accordingly should be viewed as secondary risk mitigation strategies.