The report issued by the Hong Kong Securities and Futures Commission last week into the debacle of duplicate share certificates being issued in the MTRC's recent initial public offering of shares identified computer problems as being its primary cause.

It appears that the main computer of the share issuer, Central Registration, which was used to process information regarding the share issue ran much slower than expected. The consequences of this was that Central Registration was forced to depart from its usual foolproof checking systems in order to meet the deadline for issuing share certificates. It is at this stage that errors appear to have crept in.

It's certainly not the first time that an IT system has caused problems by performing below expectations and nor will it be the last. In this case, Central Registration had relied on performance testing of its back-up computers (as it did not want to take its main computer off-line) and had extrapolated the results of these tests to assess the performance parameters of its main computer. The subsequent failure of the main computer to perform in accordance with these calculations has left egg on a number of faces and has resulted in Central Registration paying out some HK$5.5 million in additional expenses and compensation.

In this case, Central Registration had no-one to blame but itself for the failure of its computers to perform as required - it had relied on its own IT system which it had tested itself. However, businesses are becoming increasingly reliant on the IT systems of third parties in order to carry out their business functions. A typical scenario in this regard is the use of third parties to host web-sites and to perform other back-end functions (for example, payment systems).

It is all too common in such scenarios for the customer to be so impressed by the supplier's system and its overall capabilities that it fails to get into the nitty gritty of identifying and communicating to the supplier specific performance criteria which it expects to be met. Although the supplier may be putting forward an impressively powerful solution, has it answered questions such as how many concurrent users and transactions the system can handle?

Accordingly, when outsourcing any IT system to an expert supplier it is essential for both the customer and the supplier (if it wants to ensure that its customer is not dissatisfied with the solution it provides) to set out in relevant contractual documentation the service levels which the IT system is to meet (together with appropriate performance remedies which will apply in the event that these levels are not achieved).

It is, of course, also important to carry out thorough performance testing in conditions which simulate insofar as is possible the live conditions in which the IT system is to be used. The extent to which this is possible may be limited by a number of factors such as, in the case of Central Registration, a requirement that the system be kept on-line for other purposes. However, such limitations should not readily be accepted as it inevitably increases the risk of unwanted surprises when the system goes live.

Most customers which are used to outsourcing their IT requirements already appreciate the importance of the above points so that the risks of relying on IT systems can be minimised (although there is often a temptation to short-cut these procedures in order to meet a business deadline). The MTRC share certificate fiasco is a strong reminder both of the risks of IT systems failing to perform in accordance with expectations and of the potential consequences.

First published in SCMP Technology Post on 14 November 2000.