As legacy applications move through their life cycle, they frequently evolve from assets that manage key processes and information to liabilities that drain time and resources. As a result, these applications become increasingly more difficult to maintain.At the point when an organization's legacy assets no longer serve its goals for financial management, customer intimacy, regulatory compliance, and operational effectiveness, management must decide whether to rebuild key systems, replace them with third-party applications, or modernize aging applications to extend their useful life.
Is time on your side?
Although legacy systems represent a reliable platform for day-to-day processing, they also contain embedded business knowledge, which is less understood as applications age.
Maintaining legacy applications becomes difficult because past assumptions about the structure of the organization, its business processes, or other external factors-such as distributor relationships, and specific regulatory requirements-are embedded in system code.
Successive changes to any of these underlying assumptions may have resulted in layers of system logic with increasingly convoluted maintenance coding patches.
At some point, the time, understanding and creativity required to maintain such systems exceeds the capacity and patience of support staff.
To determine whether time spent on legacy systems is excessive, managers must consider the size, number and age of legacy applications, their criticality to the core business, their structure, and the number of internal and external interfaces the systems support. IT staff may lack necessary business knowledge or technical skills (older programming languages, embedded development tools), and vendor support may be spotty or nonexistent.
Some of the critical time-related questions include:
* Does IT have sufficient business, technical and project management skills to design and build a new system?
* Does anyone understand the business logic and processes embedded in the application? Can management differentiate between current and obsolete business logic and assumptions?
* Does the company have a positive track record of defining appropriate system requirements and measurable development outcomes?
* What other systems, processes and projects would be affected by changing a core business application?
Complexity of the market
The need to replace or enhance legacy applications is often directly related to the stability of the underlying business model. Companies with stable product lines, distribution channels and organizational structure often feel less pressure to make significant changes to core systems.
However, even in stable organizations, strong organizational values or concerns, such as customer service quality, may cause insurance companies to consider legacy modernization.
And dynamic organizations may find numerous drivers for system change, including changing competition, increased channel or customer demands, or the need for better underwriting or more efficient claims handling.
Companies in a growth mode exhibit increased complexity that results in greater pressure on IT to provide more support for legacy applications in a narrow, decreasing window of opportunity.
Therefore, executives should address these complexity issues:
* Do existing applications reflect and accommodate the company's core values and business goals?
* Has the organization clearly articulated its drivers for change and desired outcomes?
* Is the company likely to undergo any significant structural, business model or product changes within the next 36 months?
Cost considerations
The cost of legacy modernization is related to the company's perception and management of IT-related risk.
While the risk factors related to recovery of computer applications in the event of a business interruption are well understood, less obvious risks around legacy applications are a function of the declining transparency of embedded business logic over time.
This situation is exacerbated when these applications have been acquired through mergers or acquisitions and continue to support a significantly changed organization.
Among the cost-related questions carrier executives should be asking are:
* Has the company developed comprehensive security and privacy policy and procedures that cover all automated and non-automated business processes?
* In the event of a business interruption, which critical business processes would be compromised?
* Does the company account for IT-based risks as part of its operational risk management strategy?
When time, complexity and cost factors remain in balance, legacy enhancement is an acceptable choice. When complexity and cost are high, but time is within acceptable limits, companies may consider rebuilding legacy applications. Finally, when time, cost, and complexity are high, and risks associated with aging legacy systems are unacceptable, companies should seriously consider replacing their legacy applications.
Judy Johnson is vice president of insurance strategies for Sapiens Americas.
