 Thank you all for coming This is a spicy title, isn't it? At least the first one looks very exciting. I don't know how we feel about the second one But we'll find out if that's interesting too. So my name is Sebastian roll. I have a teeny tiny company that does Consulting gigs. I do hardware design. I Like to play around with micro Python and until recently I also was a senior consultant at a medium-to-large size consulting company in Norway so the agenda for today is to Explain what the principal agent theory problem is Look at it in the context of software consulting We're gonna have a look at some sneaky things that a consulting company might do And We're gonna have a look at mitigation strategies what we can do about it. So let's start at the beginning What is a consultant do? I'm sure you've seen one of those maybe at the office We like to wear shirts at least I wear a shirt at the interview and Maybe sometimes for the first day at work and then I relax a little bit and I start wearing my t-shirts again So consultants are called in to gain some Some external some objective advice That you can't get in-house recommendations a consultant might also be an expert at a field Where you're missing that competence in-house But a consultant can also be a person that helps you out temporarily at a project that you have and you need extra hands It can even be that's part of your project or even the entire project itself might be Handled by a consulting company. So these are the four main parts of being a consultant and It's booming It grows every year Technology and IT consulting can comprises 20% of the global consulting market Recruiting is very high especially in Norway for consulting companies and they pay well It's exciting to be a consultant because you can Get to see many different technologies you get to see how things are in many different companies and you learn fast some businesses they Like the idea of having a consultant because then you can just get someone in for a specific purpose And when they finish with their job they leave so you don't have to deal so much about retaining people laying people off when there's no need for them So it's easier to get rid of us but IT projects do not always fare well So there was a study in 2015 from a Norwegian University called success and failure in public IT projects and It had some damning statistics statistics. So what they did that was that they found five metrics That they used one is use value of the deliverable technical quality of the product Cost control in the project time management and lastly efficiency in the project execution and They found out that only 8% of these projects succeeded on all these success factors Around 50% Were unsatisfactory and at least one of these factors and also the largest projects seem to be overrepresented in the cases where there are failures To bring up one example we had was there was a project in Oslo our capital to To have a unified electronic ticketing system for our public transportation So if there are any Django developers here, they would maybe say this I think it'll take three weeks It took ten years and it cost around 67 million euros and it was a complete failure What the report also interestingly found was that they found no significant difference between private and public IT projects They all had very similar failure rates So what causes this what makes bad project? Why do we overspend and why do we underachieve? Why do we delay? Is it the client? Does the client not give good enough specifications? Is it the contractor? Do they do not deliver high quality? Usually it's a bit of both usually it's one usually it's the other you should sometimes it's external factors that You cannot foresee maybe a key person or some key personnel drops out of the project And you lose important experience But for the purpose of this presentation, we're gonna be focusing on the contractor the consulting company But to get closer to the nature of this problem Let's consider It's more simple example So your car breaks down or your car starts making a noise an annoying noise, and then there's a dashboard light that comes up One of those dangerous genie in a bottle lights and you're worried So what can you do? You can do one of two things you can either decide. I'm gonna learn about car repairs I'm gonna spend a couple of months Studying this and I'm gonna try to do it myself For me if I tried that it would still be my first attempt trying to fix a car So I would probably still fail So what I would do is I would take it to a repair shop and the repair guy he comes he looks Pleasant he has a look at the problem gives me a diagnosis It gives me a price But there are two important concepts that are at play here In this interaction and one is that The repair guy knows much more than I do about the domain So the repair guy knows a lot about repairing cars But I don't so I don't have any good way to figure out if he's actually telling you the truth or not Is he scamming me is he being reasonable? Is he a good repairman is he even a car repairman at all? The second factor is There's a potential difference in interest here So my interest is to get the car repaired as fast as possible if you can work overtime. That's cool If you can do it for free that would be great If not then the lowest possible price Whereas the repair a car repair person he wants to get as high price as he can that would still make Me happy to pay the price So there are slightly different incentives games here, so turns out that economists and People in political science they define this type of interaction as a principal agent problem a Principal agent problem occurs when you as a principal you want something done and you don't want to do it yourself You want an agent to do it Maybe the agent is much better at doing that than you are This is from Wikipedia Principal hires the agent the agent performs work for the principal There is asymmetric information there comes in from the top So one is that I can't really know if he's a good repair car repairman. I don't Know if what he's telling me is the truth, but I also don't really I can't really control him I can't really know if he's doing what he should be doing So that's asymmetric information There is also the concept we talked about different interests. You see the self-interest thing that goes there So These two concepts combined to form a potential risk for the agent Doing things that are contrary to the principal's interest So the agent might do things that the principal don't want him do not want him to do and the result We call Adverse election you might pick the wrong person for the job and Also moral hazard moral hazard is that thing where the agent is working contrary to your interest as a principal And this works on four fundamental assumptions one is that principal and agent are rational actors To the action of the agent affects the success outcome of the principal the principal cannot fully control the agent and There's a divergence of interest Play and that causes the potential of adverse election and moral hazard This concept is relevant to many different things It's it can be described an employer employee relationship can be described in this way Shareholder management, they might have different incentives shareholder wants to maximize profit Management maybe wants to keep his job and they have a more stable outlook for his for the company so Asymmetric information Many of you might already be looking at this and thinking is this high quality code Thank you, and you might be able to determine that but if you're not a coder You're not going to be able to determine that you have no way of knowing if this is high quality You can only ask Does it work maybe but is does it work? Is that a good enough? qualification for a good execution or for a good product Definitely, it's not The different interests you might want I wanted a house I wanted it to be built according to specification. I gave them dimensions and everything and this is what they gave me They minimized their own cost To to hand in a product that's according to specifications now What I'm gonna do in my research here I found a publication called principal agent theory and its application to analyze outsourcing of software development and We're talking about like how does this principal agent problem apply to software consulting? And it says I quote The problem is especially glaring for the software business due to missing metrics and measures for programmers productivity and software quality The missing concreteness of software makes it harder to control effort invested and results reached So I would say definitely that software consulting is Has the potential of asymmetric information for sure and there's also diverging interest So Let's play a game I know there are some hackers in the audience. Maybe some pen testers So we're gonna have fun and figure out which exploits can we find if we're a nefarious agent? How can we maximize our own gains? according to our interests So What we can do we can do the bait and switch so you get the top guy in your company Really good guy. He's has awesome CV. He's very good at writing proposals. You kind of implicate that he's gonna be part of the project You use The brand that you have you're a big company. Maybe you're recognized and then when you get the contract You kind of change the terms all of a sudden this guy Awesome star guy. He's out of the project and replaced by 10 junior Developers who are form or are just recent graduates we slap some certification on these junior graduates so they have some at least something on their CV and The junior devs they make more mistakes too. So that means that there's more work to be done There's more bugs to be fixed and that's also good for when the product is delivered and you want maintenance so One thing to say about that is that resumes are personal or professional is personnel marketing Devices that people use and the potential for for puffery is is there The second one is called the land and expand So you do kind of a similar thing you get your top guy into the company only him and You have him do a great job at one or more projects and then you have him climb up the corporate hierarchy gain trust and When you do that you you try to get build some good will and then you are in a position to start influencing the decision-making processes So now every time it comes up. Oh, we we might need to build a new website because our website is two years old And there's a new thing that we need to a new technology Then this guy can say oh, we have actually the star team We have the perfect team and before you know it you will find that consulting company is everywhere with also junior devs But it's a great way to get in and to increase the number of consultants with your clients and Talent the guy who came in he get he might get some reward scheme Back home and also You have more political allies because you have more people from your consulting company Then there's a vendor lock-in So when you're already in a company with a client And you're nefarious then you want to make it as costly as possible to replace you so in Our circles we have a saying that says to leave your code as if the next person is a vengeful psychopath that has also knows your address But if you're nefarious you don't want to do that you want to create exclusivity you want There to me not so much documentation You want maybe to promote more novel Tools and technologies because that decreases the available pool that can replace you If you're really smart, then you're gonna want to sell some in-house software Into the client so that means that when You're the only one who can help out with that software No one else knows anything about this in-house tool and also it's probably it can be some old legacy software that you just sold So there's not a lot of maintenance on it. So when your client Has a problem because the software doesn't run anymore. They're gonna have to Talk to you and you you'll say we can fix that bug for a price So make it as costly as possible To replace you and then when you're there, then you can start to inflate the cost of your personnel Maybe you want to minimize effort so you can double staff have them work in a Different with a different client as well If there are any changes that wants that needs to be made on the project you make a variation order like a change order So everything that needs to be done extra. You're gonna have to get paid for that You can also if there's a problem you can always blame any issues on the client constantly changing the specifications all the time Since we're talking about nefarious actors here, why don't we go one step further? We absorb the business and domain knowledge of the company We're gonna want to recruit the top talent pay them a little bit better and If we're extra Divious will sell it back to them at a premium There's one funny phenomenon that I heard about that's I'd like to tell you about it's called the CV driven development So that's one a consultant comes in and he wants to learn the coolest new shiny Technology so he proposes that as a solution because then he gets to learn how to use how to use this new technology on your bill and You're left with maybe something beta stuff and Anyway, it was developed by someone who learned it the first time So it's not necessarily a good deal for you Okay, so how what can we do to? mitigate these risks That the agents are doing to us So if you remember what I mentioned The two things the a submit information asymmetry and the incentive difference. So you want to decrease the information gap you don't want to be a Project leader a technical leader that has no idea about the technological stack. I've seen that too many times that there's there's Technical management in house that kind of have outsourced too much to the consultants And that's not a good position to be in You want to insist on full access to source repositories? to any metrics You want to own the source source repositories preferably? The build system the task management system. It's good to have access to that stuff It's important to note that there's also difference between Information that you gather and also understanding that information so information itself will not get you anywhere unless you understand what it means You might want to introduce a technical review by a third party nonpartisan party that can come in and at least then there's no skin in the game for them to To cater to a bad solution So Just keep someone on your side that knows enough to judge whether this is a good way forward or a bad way forward That also puts accountability to your to a person that's your employer So you don't want accountability to be with the consulting company. You want to be part of the project? You can also try to align these incentives so that you get more of the same interests You want to maybe increase the number of interactions with a with a consulting company? So don't just give them the whole project at once maybe just give them a project like a small part of the project See how they do that gives them an incentive to achieve a good solution for you Split the project into parts. Yeah You can also do a performance based reward That's getting more popular now that the consulting company comes in and say we can just get a cut of whatever success that you have And we don't have to get paid if you don't succeed It's interesting, but it also might end up costing you a lot if you have a lot of success And also it might not always be easy to to find a way to measure objectively the monetary success Okay, minimize dependency Minimize that song cost that potential for some cost you want to make it easy to replace Avoid vendor lock-in at all costs. That's a very good tip insist on using standard tools code guidelines Proper documentation well-known technologies You might want to consider multiple contractors so more than one maybe two contractors This is this is especially useful if you are dealing with more novel technology innovative technology or like niche languages because then you always have one extra Supplier it also helps to enforce these code guidelines because then they will have to communicate with each other and share code One thing to remember is that us consultants. It's very easy for us to be yes, man can do people. Yes, we can do it One of the reasons for that is that if we are too critical we might be dropped off the project and It's much easier for us to just get by on Fixing things for you and doing what you tell us to do But if what you tell us if you as a client tells us consultants to do something that we consultants might not agree with Then it might be feel hard for us for some of us to Take that discussion because things can very quickly turn political If there's a consulting company, that's nefarious and we come in If I were to say well, this solution is not very good There's still a person in-house that got this consulting company in in the first place and he might want not want to feel attacked in that way Be aware of patchwork and band-aids for things instead of big rewrites That's something that might happen and In conclusion We went very quickly through a Principal agent problem and how that might apply to software consulting in the software consulting industry We've seen what asymmetric information is and different interests and How it can create a risk of what's called moral hazard, which is the agent working against your own interests We discussed some possible techniques that are available for a nefarious actor and how to mitigate them But I would like to leave you with Two important points three important points Remember that a consultant always works for two companies They work for you as the client and they also work for their employer and most of us are very good at keeping a balanced attitude towards these two loyalties, but it's always a thing to remember that we work for two companies The second one is has to do with accountability again, so if you imagine your project is the Titanic Then us consultants We are the first class first-class passengers That means we always We're the ones that get the lifeboats when the ship starts sinking because we can go to a different project at a different client and The solution itself that's not working will stay with you, so you might find yourself with a violin in your arms and Play as the ship goes down but most importantly We are decent people most of us are and This principal agents problem comes from economic theory. It comes from game theory It excludes sometimes It assumes that we're all acting in our best interests economic interest But it it is also the case that if you motivate people and if you don't micromanage them if you Keep them motivated. They will do a good job for you most likely. So that's always important to keep in mind I don't want you to find find that you now are very Too skeptical and are showing it too much. So just assume good intentions encourage mutual trust and Avoid micromanagement because your consultant might go the extra mile for you He might want to do it out of personal reasons and he will probably put in that extra effort that is required sometimes So in conclusion do not get tricked by the worst among us and nurture and support the best among us Thank you very much Thank you very much Sebastian for this talk. We have time for questions Sebastian thanks. Thanks for your talk. I like your car repair metaphor, okay, so how would you Project your mitigation structure as to strategies in the car repair scenario Which scenario did you say scenario that my car has a funky light in the dashboard? Oh, I need to go there Yeah, yeah, I'm the principal the mechanic is the actor So what kind of medic? How would you project your mitigation strategies and to that metaphor? Yeah So what I would do then is that I would try to decrease the information gap So part of that information asymmetry is that I don't know if he's a good repairman or if he's trustworthy So I could go to a review site and I would see does he had good reviews and that would help me to get information about other people's experience And I wish that there was something similar in terms of software consulting I think that would be very helpful for everyone involved But it's it's very difficult because then you would need some objective metrics and I don't think it would be that easy to set up I think most of the time more major corporations as clients. They would have their internal registry Where they log there and experiences More questions Yeah, thanks for the talk As a role as a consultant you told about this information asymmetry and the agent and the What was the P again? Principal principal And you also told us that there exists some technical leaders in companies that are a little bit Far away from the tech experts. They need to lead do you encounter this Principal and agent problem within companies and how do you deal with them when they are already existing and you Yeah, join that If I encounter this in existing companies, what does it exist? Yes, I would say yeah, I would say it does exist I've encountered situations where there's a very very bad situation and Somehow it needs to be dealt with so it might be a bad technical Solution that is only going to be viable for the minimum viable product and it's not going to work for any real-case scenario the problem if if the in-house leadership lacks the technical know-how Specific to that domain is that if another well-meaning consultant comes and says look at this This is not going to be going to work Well, we need to do it this way and that way instead is what I propose then The the management has a tough situation because he he can't really Do any value judgment whether or not That well-meaning person is correct So that makes it in turns it into almost like a trust issue. Who do I trust the most? And then sometimes the person who's been there for longer has gained more trust so I definitely find that to be a Difficult situation sometimes and specifically for companies that don't have software as their main revenue generating Area All right out of time. Thanks again Sebastian for this nice talk and if you have further questions come up to him Thank you