Few organisations have the resources to mount projects which have no change control process. Unauthorised changes could affect the budget, delivery time scale, resources, performance, functionality and operational costs of a project. In some cases there are legal, compliance, audit and regulatory constraints which have to be planned and controlled and delivered as part of the project change. Without project controls, proper cost benefit analysis of changes, prioritisation of development and release efforts for changes it is very easy for projects to go astray, bust their budget, have late delivery and limited/excessive functionality.
There may be complaints from developers, business users/clients that the change control process reduces flexibility in a project. Usually the risks of project failure from the lack of robust project control massively outweigh any gains from "flexibility".
The control process also helps to track the associated costs of any change. Such costs can be obvious, as in "x" man hours of additional development/testing effort, but they can be more subtle such as:
- the impact on system performance requiring an upgrade or alteration of system infrastructure;
- changes to support software licensing and maintenance costs;
- costs of consequent delays to system functions/services;
- or maybe there is a long term impact on operational costs;
- the costs associated with releasing the change to a stable environment;
- training costs to allow personnel to accommodate the change;
- knock on changes to archive/retrieval systems to meet compliance needs;
- modification of data migration planning;
- changes in one part of a system might necessitate changes to another system.
The control system should provide a documented authorisation pathway showing who has assessed the impacts, who has authorised the work and who will pick up the immediate and long term costs of the changes. It is all too easy for a business user to go "transparent" and say: "I said it would be nice if.... but I didn't agree to these extra costs/delays arising from the changes".
The authorisation of changes, the impact assessment, the implementation planning and progress of changes should all be tracked. Where the work is performed by external contractors it is essential to track/control the changes in order to be in the position to challenge bills presented by the contractors for "variations" at the end of project or the next round of billing.