It goes against human nature to always expect the worst. But with IT projects, pessimism\u2014otherwise known as contingency planning\u2014is the only way to keep small technology problems from becoming full-blown business disasters.\n\nToo bad no one can bring themselves to do enough of it.Christina Hanger had little reason to be pessimistic in May 2004, when she was moving one of Hewlett-Packard's biggest North American divisions onto a centralized ERP system from SAP. As the leader of an IT consolidation project rooted in HP's acquisition of Compaq two years earlier, Hanger, HP's senior vice president of Americas operations and IT, had an unbroken record of success migrating five product groups within the two former companies onto one of two SAP systems.Hanger had every reason to believe that the sixth would go well too. Even so, she knew to be prepared for problems. At approximately $7.5 billion in annual revenue, the division involved with this latest project, Industry Standard Servers (ISS), is much larger than any of the others that Hanger had migrated to SAP to that point. So Hanger took the contingency plan that her team had developed for the other five migrations and adjusted it to accommodate the ISS division's larger sales volume. She planned for three weeks of IT snafus, mostly focused on what might happen as a result of tweaking a legacy order-entry system to work with the new SAP system. The contingency plan addressed business impacts too. HP banked three weeks' worth of extra servers and took over an empty portion of an HP factory in Omaha to stand by for any overflow of orders that needed special configurations (for example, an unusual component or software combination) and could not be stockpiled ahead of time.But the plan wasn't pessimistic enough.Starting when the system went live at the beginning of June and continuing throughout the rest of the month, as many as 20 percent of customer orders for servers stopped dead in their tracks between the legacy order-entry system and the SAP system. As IT problems go, this wasn't too big: Some data modeling issues between the legacy system and the SAP system prevented the SAP system from processing some orders for customized products. These programming errors were fixed within four or five weeks. But Hanger and her business colleagues from the ISS division who were on the project steering committee never envisioned the degree to which these programming glitches would affect the business.Orders began to backlog quickly and HP did not have enough manual workarounds to keep servers flowing fast enough to meet customer demand. Angry customers picked up the phone and called HP\u2014or worse, arch\u2014competitors Dell and IBM. In a commodity market such as servers, customer loyalty is built upon a company's ability to configure products to order and get them delivered on time. HP could do neither for much of the summer. In a third-quarter conference call on Aug. 12, HP Chairman and CEO Carly Fiorina pegged the financial impact at $160 million: a $120 million order backlog that resulted in $40 million in lost revenue. That's more than the cost of the project itself, which AMR Research estimates to be $30 million.The headlines all claimed an IT disaster, but in fact, HP's disaster resulted from a few relatively small problems in IT that snowballed into a much bigger problem for the business: the inability to cope with the order backlog. This was a disaster that could have been prevented\u2014not by trying to eliminate every possibility for error in a major IT system migration, which is virtually impossible, but by taking a much broader view of the impact that these projects can have on a company's supply chain.But if CIOs want to stop being held liable for hundreds of millions of dollars in losses for relatively small IT problems, they have to convince business leaders of the vastly increased risks that major enterprise software projects pose to businesses with high-volume supply chains. They must use that awareness to build\u2014with full support and cooperation from the business\u2014a business contingency plan for IT projects that is as robust as the project plans they create for the new software."The potential benefits to the supply chain are much bigger than the IT costs in projects like this," says Bill Swanton, vice president of research for AMR Research. "But the potential risk to the supply chain is also much bigger." If business contingency planning continues to play a secondary role to IT project management, the problem is only going to get worse as computer systems become more powerful, integration methods improve, and companies consolidate their critical business processes on fewer and fewer systems.In retrospect, HP CIO and Executive Vice President of Global Operations Gilles Bouchard does not see the data modeling problems between the legacy and SAP systems as the source of the $160 million impact. He focuses on HP's inability to keep pace with orders in the supply chain once the problems were discovered. "It was mostly capacity issues, material issues and factory issues," he says. "We had a series of small problems, none of which individually would have been too much to handle. But together they created the perfect storm."The Limits of Project ManagementWhen contingency planning prevents a disaster, it's nearly impossible to tell whether everything that was done was necessary. Remember Y2K? Many business leaders continue to suspect that the billions spent on Y2K was a waste of money because nothing happened. CIOs who try to warn their CEOs that programming glitches could cost millions will almost invariably be met with this response: Then make sure the glitches don't happen!That's why IT project management has become high art while business contingency planning remains in the Dark Ages. But the problems that can affect an enterprise software project increase all the time as the projects encompass more code and more business processes. And there are nearly infinite combinations of small problems that together can have devastating effects. In the end, it is riskier for companies to try to protect themselves from glitches in enterprise software projects through ever better IT project management techniques than it is to plan for manual workarounds to get products to customers in case of failure.Other companies besides HP have faced similar business disasters from relatively small IT errors. Nike, for example, had a problem with a demand-planning application when it switched to a centralized SAP system in 2001. The problem was tamed within a few weeks. But because the company did not have an adequate business contingency plan, the small glitch in IT cost Nike $100 million in revenue. (See "Nike Rebounds.")In both Nike's and HP's cases, the IT problems were due to a combination of factors that would have been difficult to eliminate in the project-planning process. At HP, Hanger says her team tested the connections between the legacy front-end ordering system and the SAP system. And the connections worked fine for orders that did not involve any custom configuration, as well as for some custom orders.But Hanger's team was unable to adequately test orders that could be configured by customers because the product marketing team had not fully scoped the breadth of configurations that customers would want. When the system went live, some of these custom configurations went through and others did not. Those that didn't got spat out into a dead zone, sitting idle until they could be entered manually. "We had customers wanting a little more flexibility in how they purchased and configured their servers," she says. "And we did not always have the data modeled correctly [for that to happen]." Could Hanger have tested more configurations prior to going live? Yes. Could the team have envisioned all of them? Probably not.But that wasn't the only problem. Hanger's team trained the customer service representatives who would be using the new system two weeks prior to going live. All representatives were required to pass a test showing that they could enter orders without making errors. But when the system went live, the representatives had trouble remembering all the training and were flustered, compounding the number of dropped orders. Hanger's team offered refresher training two weeks into the rollout, but by then, too many orders had fallen out to catch up. "We might have improved things if we had started giving them refresher training a week into the rollout instead of two weeks," she says.Things only got worse when customer demand for configure-to-order systems spiked by 35 percent in June, beyond what HP's demand forecast models predicted. Instead, Hanger's business contingency plan called for normal demand through the summer. "We had planned for three weeks of extra inventory at a 50\/50 split between standard servers and configure-to-order servers," she says. The factory in Omaha that had set aside some of its lines to handle the three weeks of orders quickly became overwhelmed. HP rushed to get a second factory in Europe online to help take up the slack two-to-three weeks later, but by then, it was too late.Once the orders backed up, the only way HP could respond was by speeding up deliveries. Depending on the size of the product and distance shipped, the extra cost ranged between 35 percent and 40 percent, according to HP, and gained the company a few days on orders that had already been delayed by weeks.The Contingency Plan That Wasn'tBy traditional IT contingency planning standards, HP had already gone beyond the call of duty. Most IT contingency planning focuses on preparing extra code rather than extra products. Convention says that to ensure a problem-free transition to a new system, there should be a redundant system ready to handle things if the rollout goes sour. At the very least, there should be a "rollback" strategy to go back to the old system if there is an issue.But both Bouchard and Hanger maintain that neither strategy would have worked in HP's case, considering the scale of its server business. "If we had had two systems running, that would have meant that every supplier would have had an order for us in the old system and the new system," says Hanger. "When it was received into the manufacturing line, it would have had to be received twice and then [be reconciled] twice." Says Bouchard: "You would have created a backlog of orders because of the cumbersomeness of the duplication effort."What HP should have done was to create a plan for taking orders and shipping products that assumed the IT system it had planned to use didn't exist. "Contingency planning is not about IT," says AMR Research's Swanton. "It's [about] having people who are watching what's happening, able to detect if there's a problem and working out some simple manual way around it until you're ready to work with the system. If that takes a team working a bunch of overtime, fine. It will be a lot less disruptive than losing sales." Taking your order-to-cash process back to the 1950s requires a mind-set change among all the people involved in that process, from customer service representatives to warehouse clerks, because it will feel silly and unnecessary\u2014sort of like imagining what will happen if the sun doesn't come up tomorrow.Next Time, Imagine the WorstEven extending HP's business contingency plan to bank an additional few weeks' worth of servers might have seemed risky because those extra servers might not have sold. In most companies facing such decisions, CIOs feel more comfortable trying to eliminate project risk by perfecting their project management skills. This route appeals to our optimism and quest for competence, says Robert Charette, president of Itabhi, a risk management consultancy. Business contingency planning, on the other hand, is gloomy and expensive.But if companies are ever going to perfect IT project management, Charette says, it will require a revolution to overthrow the principles that rule most IT projects: budget and schedule. "Cost and schedule are what let people rationalize away crucial pieces of project management like application testing and training," he says.Worse, a cost-and-schedule approach never holds up during a crisis, says Charette. When HP saw that the order management system wasn't working properly, it pulled out all the stops to get the code working properly\u2014cost and schedule be damned. Charette says when using this event-driven approach, "the project doesn't move forward until you've gotten each step right." Yet event-driven project management has its own pitfalls. It's not infallible, and if not carefully managed, projects can drag on forever.In retrospect, Gilles Bouchard, HP CIO and executive VP of global operations, says he should have had additional manufacturing capacity ready before the ERP rollout. \nHere's what Bouchard would have done differently. He would have expanded the contingency plan to cover five or six weeks. Instead of trying to prevent IT problems that were too small and rolled up in too many strange combinations, it would have been easier to bring the backup factory in Europe online earlier and stockpile more generic servers. In his interview with CIO, he did not address whether additional manual workarounds, such as a manual order-entry process, would have helped.If that sounds like passing the buck, Bouchard is only passing it from one hand to the other. In December 2003, he became CIO and executive vice president of global operationsone of those rare CIOs who also runs the supply chain. Besides emphasizing business contingency planning more strongly, he is in the process of reorganizing the operations and IT groups of HP's businesses. Bouchard replicated his dual role at the regional level too. Hanger runs both IT and operations for the Americas. The more consolidated approach should improve communication between IT and the business, he believes, and make it easier to identify how IT projects affect operations.One message that needs to be communicated more strongly within HPand within every company these days, Bouchard believesis the message that is implicit in his dual role: "There is big leverage between IT and the business processes when you deal with a large supply chain," he says. "Just looking at contingency planning from an IT point of view would be a big mistake. It has to be looked at from an integrated view of IT processes and the business.