EvolveWare Blog

Application Modernization – Risk Assessment to Keep Project in Scope and On Time


Modernization of legacy systems remains a top priority. The 2022 State of the CIO research found 85% of IT leaders confirming that as much as 40% of their time this year will be spent on transformational responsibilities, among them, modernizing infrastructure and applications.

If you have been through the process of application modernization, you’ve likely experienced the somewhat inevitable painful delays with cost overruns. For the Office of Personnel Management (OPM), their modernization efforts have been significantly delayed due to unreliable cost and schedule estimates throughout the project. OPM recently told the Government Accountability Office (GAO) that FFS, which supports more than 8 million active federal employees and retirees, will not cross the IT modernization finish line until October 2023, nearly six years after the initiative began, and more than $13M over budget. And while OPM did perform many of the recommended risk assessments prior to beginning their modernization effort, they haven’t addressed some crucial factors associated with the risks involved.

Unfortunately, this challenge is not unique to OPM. The culprits for such delays are all too common. Organizations often embark on this journey without a full understanding of their existing systems and complexities. They do not follow a controlled, automated defined process, and as a result, have not properly planned for proper support levels throughout the course of the project.

While there isn’t a magic formula for mitigating the risks associated with application modernization, there is a suggested methodical approach to anticipating and mapping out these common risks:

  • Risk 1 – Undiscovered complexities that were previously unaccounted for in the existing applications—leading to delays and cost overruns
  • Risk 2 – Starting the project without a defined process that includes sufficient automation that was tested and finalized during a proof-of-concept stage
  • Risk 3 – Lack of staff to support the modernization process from start to finish
  • Risk 4 – Expired SLAs and maintenance agreements for existing systems that end before the modernization effort is complete

So how can you and your team get ahead of these risks?

Proper Assessment: How well do you know your existing code?

All too often organizations depend on the memory retention of their support personnel and user community to understand the complexity, dependencies and logic being executed by that code. Alternatively, they will run the code through an automation tool to gather high-level information from the code. However, the details are insufficient and organizations likely do not have the subject matter expertise to perform a “deep-dive” to provide more accurate analysis. This mode of garnering information results in incomplete and subjective knowledge without sufficient hard evidence to back up the findings.

A viable project plan requires access to artifacts that are generated from the production version of the code and includes at the very least:

  • A set of “drill down” diagrams of the system showing both internal and external dependencies.
  • A complexity report that is objective, calculating the complexity from the system level down to the individual routines.
  • Database access details including details of which other systems share the same databases.
  • Data type details to assess the impact on shared databases.
  • Logic in formats that can be understood both by technical and business analysts.
  • Other reports that provide insight into areas of the code that may be optimized during the modernization process to minimize performance issues during testing.

Modernization Process: Have you identified the best process to modernize your application by performing an end-to-end proof-of-concept?

Organizations tend to run proof-of-concepts (POC) on very small pieces of code where the entire process from assessment to execution of the modernized application is not thoroughly vetted. In order to provide the most accurate and viable POC, a representative portion of the systems must be tested end-to-end from assessment, to modernization, to execution. The process must include automation that provides at least 40% reduction in effort when compared to manual methodologies. The goal should be to have manual services be an aid to automation, not the other way around. Finally, it would be preferable that the process finalized during the POC is repeatable for modernization of different applications across your portfolio.

Staffing: Are you adequately staffed to complete the project within the scheduled time-frame?

Instances of short-staffing to reduce costs are unfortunately all too common across projects, whether it is application modernization, new development or support. More often than not, the lowest cost bid becomes the most expensive solution when it comes to calculating the final cost of ownership. Staffing levels in modernization projects will depend on the level of effort expended during the POC stage and the severity levels defined to ensure timely resolution of issues. For efficiency’s sake, modernization teams need staff on hand to provide subject matter expertise, project management, technical and business analysis and testing support

Existing Systems: Are you covered for maintenance and support of the systems being modernized?

In an effort to contain recurring costs, there is sometimes a tendency for organizations to terminate infrastructure and maintenance agreements prematurely for the systems undergoing modernization. Service level agreements need to be regularly reviewed throughout the modernization process, in order to prevent unexpected interruptions of service that could jeopardize the progression of the project.

Intellisys can help.

Intellisys automates processes related to assessment and modernization. For the assessment phase, Intellisys automatically extracts all embedded knowledge from the source code and generates a set of detailed documentation artifacts that includes diagrams, complexity reports, logic in multiple formats and code quality reports like dead code report, and redundant code report. As applications move on to the modernization phase, Intellisys provides a wide array of features to automate processes related to business rules extraction, optimization and code migration.

As an example of planning to mitigate risk, a leading healthcare provider performed two proof-of-concepts (POCs) with Intellisys with different volumes of code. This helped them develop a plan to modernize its entire application portfolio over several years. To date they have successfully modernized more than 1.5 million lines of code in a period of 18 months in 2 phases: phase 1 was generating documentation artifacts of their code and phase 2 was extracting business rules from that code for export into a third-party rules engine product.

Although many organizations may be anxious to kick off their modernization sooner rather than later, taking the time to thoroughly and accurately assess risks upfront, will pay off in the long run with fewer delays and unaccounted costs.

Learn more about how your team can use the Intellisys platform to take advantage of a practical and intelligent approach to application modernization or contact us.

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *