Of Mice and Men: Simple, Practical Approaches to the Build vs. Buy Software Question

 

If you’re weighing whether to build or buy case management software for your investigation unit or company, remember, “The best laid plans of mice and men, often go awry.”

Perhaps if the Scottish poet Robert Burns were alive today, he’d be telling the cautionary tale of the field mouse and the plough in lyric form to managers wrestling with software “build vs. buy” questions.  His famous verse, though, would probably be redundant in this day and age; the corporate landscape is full of debris left from failed, high profile IT projects that started with the best intentions.  Recent examples like Avon’s $125 million write-down for their abandoned CRM/ERP project, the Los Angeles Unified School District’s $1.3 billion technology initiative debacle, and the $600 million lawsuit Bridgestone Tire brought against IBM for a system implementation Bridgestone claimed to put their “entire business operation into chaos,” have become familiar admonitions to managers having to make software decisions.  

And yet, with all these warnings we still see these scenarios played out in everyday corporate America; software that becomes shelf-ware, massive cost overruns, project delays, scope creep, poor architecture choices, etc., continue to plague managers. Separate studies by IAG Consulting and the Harvard Business Review show that some 68% of IT projects are considered failures, and one in six have an average cost overrun of 200%, as well as a schedule overrun of 70%.  Why, then, if there are so many examples of these failures do we continue to see them? 

When it comes to the choices inherent in building vs. buying software, much of the answers to that question lie in the analysis done at the start of the process.  A practical and realistic reflection on your organization’s core competencies, the development of a seriously thought-out risk plan, and the proper search and scoring of alternative choices when it comes to software can help you avoid disasters and put you on the right track toward a successful outcome.  When asked by investigation managers whether I think they should build or whether they should buy their case management software, I’ve used this simple matrix to illustrate a good approach to making the decision:

Essentially, the decision to build or buy comes down to how unique your needs are, (i.e. is there buyable software available that will meet most of your needs), and your level of expertise when it comes to software development.  This second factor, (software development expertise), is an important consideration for anyone hiring a third party to develop software for them.  If your core competency is not software project management, you might consider hiring an independent third party who has expertise in software systems architecture and project management.  They can review architecture and language decisions, keep the project focused and on task, review code, and make sure goals stay aligned.  

The Evaluation Scorecard

Giving yourself the ability to score competing alternatives helps in the final decision process by providing an objective overall analysis.  These scores can be weighted if desired.  Ultimately, much of the emotional aspects of the decision can be eliminated.  For example, a manager may fall in love with a feature in an off-the-shelf product that skews the decision toward that product.  Likewise, an IT manager may be pushing for a build decision because of pride factors.  Creating a scorecard like the one below can help to make rational thought prevail.  A simple scoring system of 0=feature does not exist, to 3=feature exceeds requirements, makes the evaluation easier.

                              THE EVALUATION SCORECARD

Risk Analysis

Having a real plan to analyze risks and to deal with future threats to the project can go a long way in helping you attain a successful implementation of your case management system.  Along the way, there will be mitigations to deal with, and if you anticipate and have a plan of action for them, you have a better chance of keeping your project on track.   The key elements here are:

  1. List all potential threats to the project,
  2. Judge the impact of those risks and whether they warrant consideration of alternative project choices, (e.g. buy instead of build)
  3. Plan your response to those threats, the points that must trigger actions, and the people who will be relied on to take the corrective actions.

An independent third-party professional can help you evaluate your risks and come up with a detailed plan for them. 

Other Considerations

Some things to consider in your evaluation:

Maintenance: IT professionals who manage software development projects may expect maintenance costs to be around 35% of the development cost during the first year, 30% in the second year, and 25% in 3rd year. After 3 years, the cost usually goes up again to 30-35% every year.   They also expect some sort of reengineering of the application after 5 or 6 years.  This is rarely discussed when people are planning development projects, but the truth is, it’s a very large ongoing outlay that needs to be budgeted.  The cost of adapting, preventing, correcting and fixing the software can be substantial. This often points to the advantage of buying over building in the area of maintenance.  With off-the-shelf software, these costs are typically fixed in the contract and the underlying burden is spread out over many customers. For software that is built, only one customer is there to absorb the burden, and that customer is you. 

Building a Security Model.  How will this fit in with your customer’s data security requirements?  Unchallenged new software development must be strenuously penetration tested and certified.  If you are housing personal, protected, or medical-related data in your system, you are at risk for a potential breach. It would be a very good idea to protect yourself from potential hackers.  Depending upon what the requirements are, this can get expensive.  As a rule of thumb, allow an additional 2.5% of the original development cost per annum. 

Documentation.  Building a case management system is not like building a house or an automobile.  In those examples, methods and outcomes are usually standardized and defined.  With software development, targets are often moving, and unknowns are tough to anticipate.  Methods vary widely, languages, architecture, and platforms are diverse, as are approaches to executing and managing the project itself.  Documentation is critical, and while it won’t allow you to avoid many of the pitfalls associated with the potential anguish of changing a software developer or software development company, it will provide you with a very important starting point.  Good documentation can also help reduce support costs overall, make for more efficient onboarding, and boost user acceptance.  It’s costly up front, (allow 20% of total development cost and 5% per year to update for new features, etc..) but it’s worth the investment. 

Testing.  This is an element of the process where thoroughness is essential.  Software is a series of interconnected codes that give you desired functionalities.  If testing is not done thoroughly and completely, unraveling new layers can be expensive and time-consuming if bugs and gaps are later found.  Unfortunately, the bulk of the testing burden usually falls on the shoulders of the buyer of the software.  It’s also a least-loved task for them. By necessity, testing is cumbersome and time-consuming, but it is important that this task is assigned to someone who can be dedicated to it and has an understanding of the overall vision for the project.  Figure the cost of unit tests, integration tests, and manual user tests to add somewhere around 5-10% of the development budget.

Designing system models.  The design and architecture, language chosen, etc., should be reviewed by someone who has independent expertise on system programming and architecture prior to commencement of the engagement.  This area is indeed fraught with dangers, as a wrong step in design means money sunk into a choice that needs to be undone or redone.  Over the years, we’ve observed quite a few engineers head in the wrong direction, and it was costly for their customers. In general, if the main engineer on the project has less than 15 years of good experience, there is a high probability that mistakes will be made in some critical areas. 

Timeframe for going live.  Like every other aspect of a business, time is money, but this is especially true for software development.  Even if you’re lucky enough to hit your hoped-for live date, consider as well your investment in time and effort, and the lost opportunity of an earlier live date that other alternatives may provide.  If there are delays, which is often expected, they are costly in terms of development dollars, management time, lost productivity and lost opportunities for productivity improvements.  Very often these delays spill into 20-50% time blowouts and cost blowouts. When considering what’s needed, huge gaps often exist in what’s really needed vs. what the original briefing with the developers scoped. A lot of elements that are “assumed to be in it” by the managers writing the requirements are not likewise “assumed” by the developers. If they don’t see it on paper they don’t do it. A good software engineer will catch things upfront with lots of extra questions. Most, however, won’t realize the gaps until it’s about to go live or has gone live, and someone asks a question like “How are we handling forgotten passwords?”

Availability of resources. If you undertake a software development project you have to seriously commit to staff being available extensively to sit through meetings, give input, do user acceptance and application testing and to make sure everyone is on track.  Training is often a factor in unstandardized software, whereas most off-the-shelf solutions come with a training program or module. This can be an enormous drain on time, but it’s important that you are willing to commit to it. If this area is underfunded, that will result in a product that won’t work for the user-base. Even if people come along to the first few meetings, they often quickly tire of the slow progress and tune out. Things get missed this way and the final product becomes insufficient. 

Summary

When making the decision whether to build or buy case management software, there are many factors that come into play.  The key is corralling those factors into real and objective analysis that can help you make the right decision and avoid common pitfalls. 

Vendor Management in the Age of Information

Part 1:  Qualifying and Assigning Investigators

Rick Shepherd, CFE, CSM President Polonious Investigation Management Systems

Having good partnerships with surveillance and investigation vendors is a critical operational component to the success of many Special Investigation Units.  These vendors fill geographic, staffing, and specialization objectives that would be difficult or inefficient for SIUs to attain without outsourcing. Utilizing vendors to help meet operational goals can be challenging, though, and the approaches we see SIUs take can be varied, with different levels of success.  We know from experience that automating the vendor management process can create meaningful efficiencies and successes in your fraud-fighting efforts.

As important as they are to the success of some SIUs, managing your vendors can be an exacting demand on the SIU staff who is charged with the task.  The vendor panels SIUs employ often contain surveillance and investigation companies numbering in the dozens. And the differences between these vendors in regions covered, customer service capabilities, quality of investigators, and reputation can be very significant. The number of investigators a vendor employs in a geographic area contributes to success components like how familiar investigators are with neighborhoods, how well they blend into the areas during their investigation, and whether they can speak languages and dialects that will help them with the investigation. Good investigators do more than hold a camera. Good investigators are capable of using their adaptive skills in intelligence gathering in a way that can be an important factor in the success of an investigation. And then, of course, there’s also the issue of compliance…

Using Automated Systems to Assure Vendor Compliance

Have you ever had worries about the currency of the licensing and insurance coverage required of your vendors? Has ensuring that agreements, documents, and renewals are up to date become a difficult task that still leaves you concerned?  We’d be naïve to believe that a vendor slip-up that could leave you exposed doesn’t happen from time to time. A good case management system should allow you to manage this part of your requirements with minimal effort on your part, while knowing that you’ll be alerted if a vendor falls out of compliance. In fact, granting vendors a secure and limited access to your case management system allows you to avoid much of the hassles and labor associated with keeping these records up to date. Good case management systems should allow import templates for this purpose which should allow the vendor to keep up to date on requirements like this easily. 

Not only should you be able to keep track of things like your vendor’s agency licenses, SLA agreements, and insurance coverages at the corporate level, you should be able to track the individual investigators they employ to assure that their licenses, individual auto, and other compliance requirements are kept up to date.  All the documents associated with these items can be uploaded and stored on the vendor company profiles and individual investigator profiles if you have a good case management system. If you require your vendors’ employees to be non-contracted, you may require some proof of employment to be uploaded to their profile as well, along with auto insurance documents, driver’s license, and PI license. 

When your vendor is in danger of going out of compliance, both you and your vendor should be notified, and if they fall out of compliance that fact should be reflected in their profile status. Their profile status, whether that be Active, Inactive, Under Probation, or Terminated should filter your selection of vendors when you go to assign cases. We’ve actually seen one very diligent SIU add a workflow process to their system to track the restoration efforts of vendors who have been put on probation, and to flag those vendors via system warnings when a case is assigned to them during their probation period.

Using Vendor Qualifications to Help Determine Which Vendors to Allocate Cases

Beyond compliance, you can also record qualifications on your vendors and their investigators. Each vendor company profile can contain check boxes for lines of business, types of investigations, investigation locations, charge-out locations, and pricing. Skill levels and types of tasks (e.g., Surveillance, Statement, and Scene Investigation), eligible locations, etc., can also be check boxes on individual investigator profiles that can qualify them and filter them for investigation selection.  The system can be set so that if a vendor or an investigator fails any of the qualifications, they are excluded from the selection process on a case.  

The data you collect on vendors and their cases can be used to determine which vendor is best to do a job. At a minimum, this data can be qualifying information like licensing, geographic locations, and minimum score summaries. A good case management system should filter and qualify vendors based upon these determinants.   

But if you are so inclined, the information you are capturing can do much more for you. Good case management systems allow an easy upload of useful information to the system. At the very least it supports your vendors as they keep licensing, skill level, addresses, skill set, and seniority details current. This can send compliance alerts when a license is expiring and assure compliance. But if you get even more relevant data during this upload, the selection and evaluation of investigative vendors becomes even more refined, creating force multiplier efficiencies.

For example, if you decided you wanted to create a geographic analysis of the investigators each vendor employs in a given area, you could do so by having the vendor maintain and upload a list of their investigators directly. You could then use geographic analysis to evaluate who the best vendor is for the job. It’s no secret that try as some national firms may to provide consistent quality everywhere, most of them experience deficiencies in certain locations where their management is lacking or good investigators are hard to find. 

Accumulated scoring reports by vendor are useful in the allocation process as well.  Over time, these scoring mechanisms help you find the best vendor and case allocation fits.

Which of your Vendors’ Field Investigators Should get the Case?

If you assign cases to vendors simply because they are compliant and licensed in a state, you may be missing some opportunities to pinpoint the best person for the job on your vendor’s rosters.  A vendor may be sending their investigators hundreds of miles to do your case because of lack of staffing availability and you may not even know it.  Vendors often take losses on cases to accommodate important clients, and they don’t want to reveal a staffing hole that could be viewed as a deficiency.

Aside from the economic burden on your vendor partner, the investigator they send may have no familiarity with the local neighborhood and may not blend in well in the area, which could compromise the investigation. A good case management system will allow you to calculate mileage and cost, and plot all the vendors’ investigators on a map.  This will help determine who is closest and allow you to drill down to see what their language and skillsets are. Ultimately, it gives you the opportunity to request the best person for the case, or select from several who fit well for the job instead of leaving the decision up to the vendor.  

In the end, finding the best, most qualified and most effective person to work the case can be tricky.  But through the help of automated systems and procedural change, this task can become much more manageable and the advantages you gain can be noteworthy.


GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link.