Considering Outside Help for a Project? Here are Several Questions You Should Ask

An Article by Denim Group Principal, John Dickson

One of the more complex business decisions that IT managers are consistently faced with is whether or not they should undertake a certain project internally or reach outside their organization for assistance. Although at the surface level this may appear to be a fairly straightforward decision, experienced IT managers understand complex factors that will affect the success of their project. They also know that implementing an in-house project versus outsourcing the project presents unique areas of concern.

There are certain factors an IT manager should consider when considering bringing in a professional services firm for assistance with a particular project. These factors may not be patently obvious at the outset of the project, but can largely influence the success of the project regardless of whether the project is executed flawlessly. A sophisticated and forward-looking IT manager will find the following decision points useful when making the decision to hire an outside vendor or complete a project utilizing internal resources.

Perhaps the first question to ask when faced with this decision is whether the organization has the skill sets available internally to complete the project. If so, the project may likely be well supported with internal resources. However, If the organization makes a strategic decision to embrace Microsoft .NET technologies, and those skills do not exist within the organization then, it becomes apparent rather quickly that outside help is necessary. Knowledge transfer from an outside vendor is a proven approach used by many to introduce a technology initiative within an organization.

Furthermore, an IT manager should take stock of their internal project management competencies that exist within the organization. Does the organization have project managers that have experience managing outside vendors? Do they have technical knowledge in the project area? Are these individuals going to be able to manage project milestones that include dependencies on both the vendor’s side of the project, as well as internally?

Another question that a manager might ask is whether there is enough recurring project work to justify having full time staff on board throughout the year for capital expenditure (“CAP EX”) projects. In other words, is there enough of a consistent project pipeline throughout the year to justify hiring and maintaining a large project team? Or, conversely, are major IT projects few and far between? If so, this may create an environment where the organization has a project staff that is overwhelmed at times, while at other times they are underutilized. If this is the case, outside help might be the best strategy given that you can turn on and off contractors and eliminate an organization’s need to maintain head count.

In addition, an IT manager might consider whether the internal staff has a project-based competency. Is the project team good at building new technologies, or are they better suited to maintain what’s already been built? For example, in a software development environment, does the internal development team have a well-defined and universally understood software development process? If not, bringing in outside help is a viable strategy.

Finally, and most importantly, the “R Word.” Are requirements well-defined? If so, then an organization can decide what projects they can successfully complete with an internal team or with a third-party vendor. If not, a time and material contract may be one strategy. Perhaps a better strategy is to hire an outside firm to conduct a requirement phase, after which they provide a project “blue print” that will help them deliver a fixed priced project bid.

About John Dickson

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.