Infor pays UK construction retailer Travis Perkins £4.2m settlement following cancelled upgrade of 'Sellotape and elastic bands' ERP system

Great, back to the '80s green-screens


Global ERP slinger Infor has paid UK hardware and construction retailer Travis Perkins £4.2m in settlement for a four-year failed ERP project that cost £108m.

In its half-year interim results [PDF] published last week, the retailer said the "gain of £4.2m is the result of the full and final settlement of claims in relation to the cancelled replacement of the Group's merchant ERP system".

The settlement relates to an earlier statement from Travis Perkins' full-year 2019 results [PDF], published in March 2020, which said: "Following the change in approach to the replacement of the Group's merchant ERP system announced in July 2019, the Group terminated its relationship with Infor… in October 2019 and formally set out its damages claim."

The full-year results also detailed a £108m impairment relating to the halting of the ERP replacement programme. The decision to end the programme leaves the £7bn-revenue retailer, a household name in the UK, running its main enterprise systems in green-screen environments dating back to the 1980s, sources close to the implementation told The Register.

In fact, Travis Perkins admitted as much when then CEO John Carter told the audience of Infor's New York conference in 2016 that its systems were "being held together by Sellotape and elastic bands".

With great fanfare, Carter and then Infor president Stephan Scholl shared the stage to discuss the 24,000-user implementation of the CloudSuite version of Infor's core M3 ERP product in a deal expected to be worth $200m to the software vendor over 15 years.

According to reports, Scholl declared: "It's the largest cloud ERP transaction in this game."

But sources speaking to The Register said it was not long before the project started to go wrong. A central problem was a lack of scrutiny of the design phase, which did not include functional specifications for interfaces, database schemas and security schemas. With barely any input from the IT department, business leaders in charge of the project said these aspects could be decided later during the construction phase.

"It was just an absolute mess," one source said.

By 2018, Travis Perkins was no longer able to hide problems with the project. Half-year results [PDF], published in June 2019, said the "ERP replacement programme in December 2018 as this programme has continued to face significant challenges".

The trading statement continued: "As a result, the Group is considering whether to implement the various elements of an ERP system as separate items, after modernising the Group's core IT architecture. A revised approach may incorporate components from the existing project, however under accounting standards the Directors have concluded that the existing assets of £111m should be written off."

But by the end of 2019 it was all over. As well as ending the relationship with Infor, the full-year results detail the Group's "possible obligations under the relevant contracts, which include break clauses limiting the Group's maximum possible contractual exposure to circa £65m".

"In the view of Directors, it is probable that the Group will be able to successfully resolve this matter without making any payments to the software provider," the results said. "Accordingly, no provision has been made in respect of these contracts. The Directors expect this matter to resolve in the next 48 months."

It continued to describe "improvements required to core IT and digital platforms to enable the businesses to perform, and to adapt their propositions as customer demands change".

Travis Perkins has not responded to The Register's requests for comment.

Infor's revenue was $3.2bn as of 2019 [PDF]. It was bought by the privately owned Koch Industries in February 2020 in a deal thought to be worth $11bn. It has also declined the opportunity to comment on its relationship with Travis Perkins. ®


Other stories you might like

  • Tencent admits to poisoned QR code attack on QQ chat platform
    Could it be Beijing was right about games being bad for China?

    Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.

    In a post to rival social media platform Sina Weibo – a rough analog of Twitter – Tencent apologized for the incident.

    The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts.

    Continue reading
  • Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyberattacks
    Now those are some phishing boats

    Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks.

    A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

    It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading

Biting the hand that feeds IT © 1998–2022