Appendix D: Guide to the Considerations of an ICT Consultancy Project

D.1 General

This guide aims to help you select the ICT consultancy that is most capable of providing solutions appropriate to your needs.

There are three main reasons why you might require the services of a consultancy:

• you don’t have the expertise yourself;
• you have the expertise, but don’t have sufficient resource capacity to meet business driven timescales;
• you are seeking an independent source of advice.

Whatever your reason, there are many common elements in using consultancy services and you should assess potential suppliers against their abilities to address these. Individual businesses will need to decide which of these elements are most relevant, based on their own requirements and existing ICT.

Typical elements include:

• requirements identification and analysis;
• scoping;
• proposals;
• agreement on deliverables;
• resources and timings;
• project management;
• risk management;
• communications;
• investigative and analytical techniques;
• report writing and presentation;
• quality assurance;
• project closure;
• sign off;
• post project review.

These are covered in more detail below. The key to successful consultancy projects lies in:

• being clear about your requirements;
• understanding how you and the appointed consultants can work best together;
• common sense and proportionate use of tried and proven tools and processes.

These need to be backed up with extremely clear and effective communication between the consultancy and the client.

D.2 ICT Consultancy

The accredit UK ICT consultancy Segment comprises three Specialisms:

Business Consultancy – (see D.2.1);

Technical Consultancy – (see D.2.2);

Service Management Consultancy – (see D.2.3).

D.2.1 ICT Business Consultancy

Approach businesses certified in this specialism if you are seeking consultancy and advice focusing on:

• the alignment of the strategic use of ICT and of business change to organisational objectives and priorities;
• strategy development for the effective use of ICT to support and influence business change;
• change management;
• programme and project management;
• the application of business change methodologies to effect transformational change supported by ICT;
• or similar business-focused consultancy in which ICT plays a significant part.

Consultancies in this specialism may also provide advice and support on pan-organisation information requirements, management of information and the ICT needed to underpin these. They may also cover all aspects of information assurance, and supporting the corporate CIO – covering issues including information integrity and security, Data Protection and Freedom of Information Acts. Your potential supplier in this specialism should be able to demonstrate capability in these areas as well as in the generic areas in Section D.3 below.

In selecting a consultancy in this specialism you may wish to assess their knowledge of proven tools and methodologies including: Diagnostic tools, SWOT analysis, PEST(LE) analysis, Value Chains, Lean Systems, CBINS, Six Sigma, Case walkthrough reviews and many other examples. You may also wish to test their awareness of relevant standards such as BS 7799 for security, the Crystal Mark of the plain English organisation, and others covered in appendix B. Their attitude to staff training and qualifications may also be worth looking at – are they members of NCC, etc and do their staff have relevant qualifications such as: MBA, MIBC, MBCS, CITP, CIPD, etc.

D.2.2 ICT Technical Consultancy

Approach consultancies certified in this specialism for consultancy services relating to ICT and its design, configuration and operation. This covers such examples as:

• Enterprise architecture design;
• Desktop specification;
• Hardware requirements specifications;
• Architecture migration strategies;
• Software licensing rationalisation advice;
• Green ICT advice;
• Advice on ICT to support mobile and flexible working;
• Disaster recovery planning and testing;
• Procurement support for ICT infrastructure, systems and applications;
• ICT security planning;
• Voice system design;
• Advice on systems operation and performance optimisation.

Consultancies in this specialism may also provide advice and support on security policy and design, risk management, security standards, disaster recovery, authentication, encryption, data protection and governance, and penetration testing. they may also provide consultancy services relating to high level design, options and feasibility analysis for technical and infrastructure elements (but excluding detailed network design and installation which is covered by businesses certified in the accredit UK ND&I segment), together with Internet Protocol (IP) convergence advice.

Your potential supplier in this specialism should be able to demonstrate capability in the above areas as well as in the generic areas in Section D.3 below. Your best sources of evidence of a consultancy’s capability are verifiable, relevant case studies – and references from recent clients, ideally through direct personal contact. Your confidence can be further increased if the consultancy has a positive attitude to membership of relevant ICT professional and trade organisations – and above all a positive policy of staff development and a commitment to the maintenance of current awareness.

D.2.3 ICT Service Management Consultancy

Approach consultancies certified in this specialism if you are seeking advice and support on the quality of ICT service management in meeting business needs.
Consultancies in this specialism should be able to offer advice and consultancy on how your ICT service should be managed on a day to day basis. They will be able to cover service performance, frameworks to support: service monitoring, capacity planning, asset management, application of the IT Infrastructure Library (ITIL), business continuity, legal compliance, governance and resourcing, skills requirements for service management, and the provision of ICT interim management.
Your potential supplier in this specialism should be able to demonstrate capability in the above areas as well as in the generic areas in Section D.3 below. The best sources of evidence of a consultancy’s capability are verifiable, relevant case studies – and references from recent clients, ideally through direct personal contact. Your confidence can be further increased if the consultancy can demonstrate a comprehensive understanding of ITIL, now internationally accepted as best business practice in this area, and ISO/IEC 20000 – ICT service management. The consultancy should also be knowledgeable on BS 25999 – the code of practice for Business Continuity Management and aware of the code of practice for ICT Continuity – BS 25777 – which is coming soon (as of December 2008).

D.3 Generic guidance

There are many elements of consultancy services which are common to all three of the above specialisms. Potential suppliers should be assessed against their abilities to address:

• requirements identification and analysis – how well they understand your needs and can express them clearly;
• scoping – assessing the size and complexity of the assignment and responding accordingly;
• proposals – developing clear, costed proposals, setting out the work needed to meet your needs;
• agreement on deliverables – agreeing on what you can expect from the assignment so that there is no doubt about what you will be getting;
• resources and timings – how much resource the assignment will require and how long it will take – may be an opportunity for some discussion and compromise;
• project management – the project management methods and processes in place to ensure that the project is delivered on time, to specification and within the agreed cost;
• risk management – identifying and controlling the risks that might impact on the project, or on the recommendations emanating from the project;
• communications – the mechanisms used by the supplier to maintain effective communication between you and them during (and hopefully, after) the assignment;
• investigative and analytical techniques – the wide range of methodologies, tools and techniques used by the consultants to make their analysis, identify and evaluate options and arrive at their recommendations or advice;
• report writing and presentation – the capturing of the consultancy approach and recommendations in clearly written reports and presentations, aimed at the specific audiences for which they are intended;
• quality assurance – the set of procedures and processes which ensure that the quality of the assignment and of its end results are effectively managed;
• project closure – the set of procedures and processes necessary for bringing a project to a satisfactory completion – including effective handover of results, review of the project, drawing learning points, and looking at opportunities for the future;
• sign off – the process of signing off the results of the assignment – indicating the customer’s satisfaction with the outcomes;
• and post project review – a review of the project, at the end, or some weeks after, the completion of the work.

These elements are explained in more detail in the following sections.

D.3.1 Requirements Identification

It is absolutely essential that you help your supplier to understand your real requirements. These may be quite different from what you think are your requirements! You can help by preparing a written summary of your requirements as you see them, and which you use as a basis for inviting outside advice and assistance. Alternatively, you may find it easier to talk to a few consultants to discuss your requirements – this can often help to clarify your own thinking, and help you to describe what you need. Consultants generally won’t charge for this.

Once you have a reasonably clear idea of your needs, a good consultancy will take this as the initial remit, discuss it with you to understand the need as expressed, but also to explore whether there may be other, more relevant needs (what you may be describing may be the symptoms, rather than the cause), and also to see how this fits in with your business objectives. The consultancy may be able to offer a wider perspective and add value at this point (and it’s still not likely to be costing you anything!)

D.3.2 Requirements Analysis

Having established the initial view of the requirement the consultancy needs to analyse this in close consultation with your relevant key stakeholders. Various techniques may be used at this stage dependent on the type and complexity of the requirement e.g. Gap analysis, Diagnostic tools, SWOT analysis, PEST(LE) analysis, etc.

In addition the consultant may be looking at details of your current ICT infrastructure and applications – if these are likely to be relevant to the assignment.

D.3.3 Scope

Your supplier should be able to take the results of the requirements identification and analysis phase and clearly document these and formally present them to you for confirmation that they have understood your needs fully. The scope of the work needed to produce a suitable solution to meet the defined requirement now needs to be agreed. At this stage you need to be clear about your budget and timescale – as these will impact on the proposed way forward. Consultants will usually try to work within your budget limits if they can, but equally they will tell you if what you are asking for just can’t be delivered within your budget. It is essential that the very good lines of communication between you and the consultancy, established at the outset of the work, are maintained around this point so it is very clear to both parties what is within the scope and also what is outside the scope.

D.3.4 The proposal and project plan

Your supplier should now produce the proposal document, based on the work carried out in D.6.1 to D.6.3 above. This is their formal offering to you, to undertake work as set out in the document, aimed at tackling specific needs, and which will deliver certain outcomes, at a stated cost. Once agreed this will form the basis of a contract between you. It summarises the requirements identification and analysis and the scope of the work as already identified. It should also contain (depending on scale) a fully costed description of the work to be carried out, an account of the tools, techniques and methodologies which they will use for the work, a summary of the resources needed from both parties, a schedule of dates for key stages and a list of project outcomes and deliverables linked to payments. There will be a defined process for project management and monitoring of progress and risk, a defined communications plan, and a defined process for sign-off of stages and payments including an escalation procedure.

Don’t forget that this is simply a proposal – you don’t have to accept or reject it as it stands. For example, you may wish to suggest missing out a stage, or including more stakeholders in the process or ask for any other amendments you feel necessary.

D.3.5 Project Management

It is important that your supplier has a sound, structured approach to project management (pm) for consultancy assignments to deliver to their full potential. This does not mean a full rigid interpretation of, for example, the prince2 methodology in every case, but rather that the pm is fit for purpose for the size and complexity of the work, and a common sense and pragmatic use of elements of the relevant basic essentials of the prince2 (or similar) model are put in place. Key elements in all situations would include – clear and unambiguous communications with the client; full engagement of key stakeholders; regular monitoring of progress against set milestones – with associated agreed sign off of interim deliverables and stage payments where appropriate; management and documentation of changes; avoidance of scope creep; and monitoring and management of risk.

Project management involves both you and the consultancy – it’s not one-sided. You’re the person commissioning the work, and the consultancy is delivering, so active participation in the project governance will pay dividends.

For most projects the first and most obvious element of pm is the production of a project initiation document, or similar, which defines unambiguously the scope, resources, timescales, risks and issues of the project and which is a document jointly owned by the project board – essentially, you and the consultancy.

D.3.6 Risk Management

At the time of producing the project plan your supplier should include a careful assessment of risks to the project (and to your business). This must be carried out and a risk register established of all significant risks that are visible at the start of the consultancy project. Included against each individual risk will be an estimate of the probability of the risk and an estimate of its impact should it materialize. it will also show what actions could be taken to ameliorate the risk. this risk register must be monitored at the regular project progress meetings, and reviewed and updated throughout the life of the project. Inevitably issues will crop up during the life of the project, some of which will be managed within the pm system and some will add new risks on to the register.

D.3.7 Communications

Make sure that a communications plan is embedded within the project plan. This will contain a list of all the client and consultancy staff involved in the project and will identify key staff and their responsibilities for communications purposes, together with back-up arrangements and escalation procedures. Included with the communications plan will be a list of all the formal meetings scheduled to take place during the project (as much as they are known at this stage) – including the post project review, and a list of all other forms of communication that is planned for the project – for example weekly reporting of progress.

D.3.8 Investigative and analytical techniques, report writing and presentation

Your supplier should be able to demonstrate their capability of calling on a range of consultancy tools, methodologies, techniques and skills – including the ability to present results clearly and concisely in a form best suited to your needs. A beautifully crafted report that sits on the shelf is worth nothing compared to an incisive presentation which results in action being taken by the client to implement the advice of the consultancy. The tools and techniques used will depend on the nature of the consultancy and the specialism of the consultant.

You can benefit from the skills and knowledge that your consultant brings – the real value of having consultants is that you learn from them; you pick up some of their skills and methods. You can increase this by specifying that you want to work with the consultant, and that there is to be an element of knowledge transfer in the course of the assignment. Most consultants like to work this way, because it ensures very close working, and hence reduces the opportunities for misunderstandings and reduces risk. But of course you do have to be available when required.

D.3.9 Quality assurance

You should ensure that a formal QA process is embedded in the management of the project, and this should be reflected in the project plan. The project plan (as embedded in the project initiation Document or its equivalent) will normally define the specific deliverables for the project, with a specification of each sufficient to provide a basis for assessing its completeness and fitness for purpose. for example, rather than simply stating that the project will provide an ICT strategy, it will specify the scope and level of detail of the strategy, the extent to which it will include a detailed action plan, and from the client’s perspective what it will contain. this not only provides a basis for later QA (did the deliverable meet the specification set for it) but it also helps to manage the client’s expectations, and avoid serious mismatches between what the consultant thinks he is providing and what the client thinks he is receiving. This approach should ensure that all elements of the work in hand meet their relevant quality standard if appropriate. In particular – all formal written communications from the consultancy to the client should be checked by a senior member of the consultancy staff – ideally outside of the project team.

D.3.10 Project closure

At the end of the project, sit down with the consultant and formally review the final deliverables. Assuming the work has been completed to your satisfaction, you can sign off and authorise payment according to the schedule. It is also useful to carry out a formal post project review with the consultant – maybe a few weeks after the end of the project – this can lead to useful lessons being learned by both parties. A small financial retention against this post project review will encourage it to happen.