It's never going to happen is it? No IT supplier is ever going to cook the books and end up in the hands of liquidators. No software company is ever going to run out of cash and be hung out to dry. No hardware supplier is going to see its systems discontinued after a hostile takeover.
So stop reading right now . . .
. . . because really, there is no need for due diligence to be performed every time you purchase a mission-critical application. There must be truly very little requirement to have source code held in trust for your security - in escrow - in case of a vendor's collapse. And to have lawyers draft a contract that allows you a graceful exit should there be a change of control at your supplier, is surely overkill.
In fact it is not. Increasingly, purchasing mission-critical systems is a risky business, and CIOs are fully aware of this.
Fiona Balfour, CIO of Qantas, says the potential for a supplier to collapse for any number of reasons is a concern to large corporate computer users. Qantas, like most corporations, is heavily reliant on its information systems. Should a vendor go belly up, the airline would still need to support, run, modify and enhance those systems - or see its own revenue streams threatened. In order to protect itself, Qantas has a fairly sophisticated approach to analysing the viability of its suppliers, and also uses a variety of legal mechanisms.
"For example," says Balfour, "you can arrange to have software held in escrow at a mutually agreed place." In fact, it's a policy Qantas has had in place for some years with certain key and specialised software. The rationale is that even if the supplier goes out of business, the source code can still be accessed. She says, however, that with other less specialised software there are different issues to contemplate.
"Say Oracle went broke, what would happen? They have an extraordinary asset base in terms of their customers and the revenues from those customers. When a company like that goes broke, a white knight would acquire the company. Then you have an interesting issue. If it is friendly, you can renegotiate the contract; but if not - you can have problems," Balfour says. "Qantas has a change of control provision in its contracts. If there is a change of control and we are uncomfortable with the new owner then we can buy some time to migrate off the platform. I've been using contracts like that for most of my career and Westpac or BHP would do that. You would find most law firms have standard clauses for contracts."
Brian Mitchell, managing director of Oracle in Australia and New Zealand, has so far successfully withstood Balfour's hypothetical collapse, and says that in fact it is not the large companies that are vulnerable - rather the smaller suppliers. He has noted since the dotcom crash a flight to quality on the part of consumers of IT products and services. Although there was a willingness during the dotcom era to give smaller suppliers a go - the reasoning being that even if they went bust someone else would pick up the company and its IP - that is no longer the case, he says.
"All that has gone. If it is a weak company, then people need to look at it many times before they invest in their products. This [scepticism] commenced at the end of the dotcom boom and accelerated massively with Enron. People are now seeking transparency and better corporate governance," Mitchell says.
"Companies have also moved to rationalise their supplier group. They no longer have 20 to 30 suppliers - they are down to two to five maximum," he adds. Of course this strategy, while sensible when suppliers are efficient and effective, might potentially make the user more vulnerable should one of those handful of suppliers stumble or suffer a change in ownership, changing the product mix or service offered.
Mitchell begs to differ. He says that placing all your eggs in just a couple of baskets is not necessarily risky (although that's not all that surprisingly since he's the local head of a top tier supplier). "Because of the longevity and security of the supplier, and the recognition that the industry is rationalising very quickly, there will be two to three suppliers in most areas. Corporations need to get on board with that dynamic and align with those companies," he argues.
Of course Enron, from a distance, looked like one of the big, safe players in a similarly rationalising industry sector. The maggoty core of the business was not evident for years. And although corporate regulators are putting regimes in place aimed at ensuring better disclosure and transparency, the federal government's CLERP 9 proposals and even prescriptive black letter law such as the US' Sarbanes-Oxley Act are no guarantee companies cannot fail.
Chris Bennett, managing director of SAP in Australia, while prefacing his comments with, "That is never going to happen to SAP", acknowledges that no matter how thorough a customer's due diligence is on a supplier, it will only uncover what the company has allowed onto the public record. "Unfortunately there is not much that anyone can do about deceitful conduct except perform some degree of due diligence and take advice from analysts and hope that they are better at it than they have been in the past," says Bennett. "Every company has to weigh up the benefits and the costs. Basically it is a return on investment decision."
Bennett also points to the quality of the product itself being a good indicator of whether it will survive regardless of the fortunes or failings of the supplier. "In the last 10 years there are not too many examples where the vendor in the ERP space collapsed with no future direction for the company. One reason is because the most valuable asset of the software company is in the client base," he says. And that base, the argument follows, would be picked up by that theoretical white knight.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.