Software Implementation Checklist: Where Rollouts Quietly Fail

Updated May 2026. Rewritten around the failure modes we actually hit on rollouts, plus the four checks we add for AI-era systems.

Most software rollouts do not fail at go-live. They fail in the three months after, when half the users go back to the spreadsheet, the integration silently drops every fifth record, and the original sponsor moves to a new role. The checklist below is what we use to keep that from happening, written from the perspective of the things that actually broke, not the textbook order.

We are a Brisbane-based consultancy that does automation, integration, and AI builds for clients in healthcare, finance, professional services, and recruitment. Across enough engagements, the patterns repeat. The names of the systems change. The places where rollouts quietly come unstuck do not.

This guide walks through the seven phases of a software implementation, names the specific failure mode for each, and gives you the test that catches it. The order is the standard one. The advice underneath each phase is the part that takes years to learn. The natural companions are our system integration best practices and automation roadmap posts.

If you are reading this because you are about to start a rollout, the most important paragraph in this article is probably the change management section. Spend twenty minutes there. It is the underspent line item on every failed project we have inherited.

How rollouts quietly fail

Failed rollouts rarely announce themselves. The launch goes fine. The dashboard turns green. Three months later, somebody runs a report and discovers that 40 percent of orders have been categorised as “Other” because the dropdown the data team negotiated last quarter does not match the codes the operations team actually uses.

The five quiet failure modes we see most often:

• Users go back to Excel because the new system is technically correct but slower to use.
• Integrations silently drop the long tail of edge cases (foreign currency, multi-entity records, anything with a unicode emoji in the name).
• Reporting “works” but no two stakeholders agree on what the numbers mean.
• Permissions get cloned from a previous project and nobody can audit who has what.
• The internal champion leaves and the system has no documented owner.

Each of the items below maps to one or more of these. If your checklist does not address them, you are documenting the project, not protecting it.

Requirements: the gap, not the list

Most requirements documents are lists of features. The version that survives contact with reality is a list of decisions: which business problem this is solving, which existing workaround it replaces, and what we are explicitly choosing not to support. The “not supporting” half is the half most teams skip.

What we add to the standard MoSCoW (must, should, could, won’t) list:

• One named owner per requirement. Not a department. A person. If we cannot name them, the requirement is not real yet.
• An acceptance test for every must-have. Plain English. “When a sales rep submits a quote above $50k, the system routes it to the regional director and the rep gets a confirmation within ten seconds.” That is testable. “Approvals must be efficient” is not.
• An explicit out-of-scope list. Three to seven items. This is the document we point at when a stakeholder asks “but can we also…” in week six.
• A workflow map. A swimlane diagram from our process mapping work. Requirements that float without a workflow have nowhere to land.

The quietest source of failure here is requirements that describe the current state in slightly nicer language. You will not catch the inefficiency that prompted the project. Always ask: if we built exactly this, what would the user still complain about? Whatever they say next is the real requirement.

Architecture: decisions that bite late

The architecture phase is where you make a small number of decisions that are expensive to reverse later. The mistake we see most often is making all of them up front. Most can be deferred safely; a few cannot.

The decisions we lock down early:

• System of record. Which system holds the canonical version of each entity (customer, order, employee). Get this wrong and you spend the next two years arguing about which dashboard to trust.
• Identity and SSO. Microsoft Entra ID, Okta, Google Workspace. Pick the one already in the organisation. Adding a new identity provider mid-rollout is the most painful avoidable rework we see.
• Data residency. If you have Australian customers or healthcare data, decide now whether everything stays in ap-southeast-2 or equivalent. Retrofitting region constraints later costs months.
• Integration pattern. Event-driven via Kafka or RabbitMQ, request/response via REST, or batch via SFTP. Pick one as the default and document the exceptions.

The decisions we deliberately defer: UI library, exact database flavour, observability stack, microservices vs. modular monolith. None of those break the project if you start with reasonable defaults. The pre-launch decision discipline is documented in an Architecture Decision Record (ADR) per choice, with the alternatives and the reason we picked the one we did. We have re-read ADRs from three years back and saved ourselves a fortnight of “why did we do it this way?” arguments.

Environments: the “works on my machine” tax

Development, staging, and production environments that drift from each other cost more debugging hours than every other issue combined. The fix is unglamorous: define infrastructure in code, build the same artefact for all environments, and inject configuration via environment variables.

What we set up on day one, every time:

• A single Docker Compose or Terraform definition that spins up an environment identical to production.
• A staging environment that uses a recent sanitised copy of production data (never live PII, never synthetic data that misses the messy cases).
• Secrets in a vault (1Password, AWS Secrets Manager, HashiCorp Vault), never in source control, never in CI variables that exec everywhere.
• A CI/CD pipeline that promotes the same image through dev to staging to prod with no rebuild between them.

The “sanitised production copy” point is worth its own paragraph. Most fake test datasets miss the unicode names, the multi-byte addresses, the orders with seven line items, the customer with a leading apostrophe. Production-shaped data is the only way to find those before users do.

Testing: what we actually automate

Testing strategy is the section every checklist lists first and every team underspends on. We have learnt to be specific about which tests get automated and which stay manual. Automating everything is a lovely idea that nobody can sustain.

Our default test mix for a 12 to 16 week rollout:

• Unit tests for business logic. Fast, run on every push, target 70 percent coverage on the modules that hold real logic. Not the modules that just glue calls together.
• Contract tests for integrations. Pact or equivalent. Catches the schema drift that breaks a live integration the morning after the vendor pushes a release.
• A handful of end-to-end smoke tests. Playwright or Cypress. The five paths a real user takes most often. Run nightly and before every release.
• Manual exploratory testing. A real person, with the production-shaped staging data, trying to break it. The most underrated activity in the entire industry.

What we no longer bother with: large suites of end-to-end UI tests that flake on every browser update. The cost-benefit tipped against them once contract testing matured. We have rolled back exactly two production deployments in the last three years from defects that better contract testing would not have caught.

Data migration: where the leftover work lives

Data migration is the phase that runs out of budget. The plan accounts for moving the well-formed records. The 5 to 15 percent of records that are malformed, duplicated, or orphaned absorb 40 to 60 percent of the migration effort.

What we do differently from the standard playbook:

• Profile the data before estimating. Run a real script against the source, count nulls, duplicates, orphan foreign keys, free-text fields with formatting. Reprice the migration based on what you find.
• Decide the cleanup story up front. The bad records either get cleaned, archived, or skipped with a reason. There is no fourth option, and “we’ll figure it out later” becomes “we never reconciled and the totals are now wrong.”
• Reconcile every load. Source count, target count, sum of the obvious numeric fields. Print the diff. We have caught dropped records by reconciling that a textbook plan would not have flagged.
• Plan three dry runs minimum. The first finds the obvious problems. The second finds the subtle ones. The third is the one you trust enough to do live.

The patterns from our data validation work apply here too. Schema validation, business-rule validation, aggregate reconciliation. Same four-layer model, run as part of the migration.

Security and compliance: not at the end

Security at the end of a project is a compliance theatre tax. Security from the start is a series of small decisions that mostly cost nothing if you make them early. We do not have an opinion on which framework you should adopt (OWASP ASVS, NIST, ISO 27001) so much as an opinion on what to do every week regardless of which one you picked.

Items that go into the calendar from week one:

• Threat model before each major release. One hour with the engineering lead and one senior person who is not on the project. “What is the worst thing an attacker could do if they got an authenticated user’s session for ten minutes?”
• Automated dependency scanning. Dependabot, Snyk, GitHub Advanced Security. Triage weekly. Track median time to patch high-severity CVEs (we aim for under 7 days).
• Least-privilege role design from day one. Three to five roles to start. Resist the temptation to make a new role for every edge case. They never get cleaned up.
• Penetration test before go-live. Yes, the formal one. The first thing it always catches is verbose error messages and authorisation bugs in admin endpoints that no internal review found.

For Australian organisations handling regulated data (financial under APRA CPS 234, health under My Health Records, government under PSPF), data residency and encryption-at-rest decisions belong in the architecture phase, not bolted on. AWS Sydney, Azure Australia East, GCP australia-southeast1, or self-hosted in-country. Pick one in week two.

Change management: the underspent line

If a project is going to fail, it will fail here. Every other phase is technical and trackable. Change management is a softer discipline and gets cut first when the budget tightens. It is also the one that determines whether the system actually gets used.

What we have learnt to do, often the hard way:

• Identify the actual users, not their managers. Run the demo with the person who will spend four hours a day in the system. Not their VP.
• Find and over-resource the champions. One person per team who is excited about the new system. Give them early access, listen to them, name them publicly. They become the line of support for everyone else.
• Train role-by-role, not feature-by-feature. A two-hour session covering everything the role does is more useful than ten one-hour sessions covering every menu in the application.
• Run a 30-day post-launch retrospective. The questions are: what are people still doing in the old system, what shortcuts have they invented, what reports do they actually run. The answers shape the first hardening release.

The change management line item is usually 10 to 15 percent of a rollout’s budget. On projects we have rescued, it had been cut to 2 percent. The correlation is almost direct.

The pre-launch dry run

Two weeks before go-live, we run a dry-run cutover against a production-shaped environment with the real users. Not “test users”. The real ones. Eight hours, end-to-end, every workflow.

What this catches that nothing else does: the printer driver nobody knew was hardcoded to a specific server. The Excel macro that downstream finance still relies on. The customer-facing email template that nobody had reviewed because it was “just an email.” The integration that works for normal records but times out for the customer with 4,200 line items.

We do not skip this. We have once. The go-live was technically successful and operationally chaotic, and we have not skipped it again.

Where AI-era rollouts add new failure modes

Software rollouts in 2026 increasingly include an AI component (classification, extraction, agent workflows, support copilots). Four checks we now add by default:

• An evaluation harness. Not “the demo looked good.” A real labelled set of inputs with expected outputs, run before every model or prompt change. We aim for 100 to 300 labelled examples for most use cases.
• A token budget and a runaway alert. A poorly written agent loop will burn $500 USD an hour. Set a hard cap per workflow run and a daily alert on the org-level spend.
• Human review for low-confidence outputs. Anything below a confidence threshold (we usually start at 0.85) goes to a review queue rather than auto-actioning. The queue size tells you whether the model is good enough yet.
• A model identifier locked in code. Use claude-sonnet-4-5 or gpt-4.1, not "latest". Models change. So do their failure modes. The day a vendor silently updates the default is the day your eval scores move and nobody knows why.

The deeper version of this is documented in our AI agent development work. The summary version: an AI system that is not evaluated is not implemented. It is deployed and hoped for.

When this checklist is overkill

This is a checklist for non-trivial rollouts: more than one team affected, integrations with existing systems, real user training required. For smaller projects (a new analytics tool for a team of four, a Notion replacing a wiki), most of the above is theatre.

The minimum we always do, no matter how small:

• Write down the one decision the tool is meant to make easier.
• Pick a named owner.
• Schedule a 30-day check-in.

That is the entire process for a small tool. If it is not worth those three steps, it is not worth adopting.

For the larger projects, the full checklist applies. If you are inheriting a stalled rollout or scoping a new one and want a second opinion before you commit, that is a 30-minute conversation we are happy to have. Book a call and we can usually tell you within that meeting whether the plan you have is the one we would run.

Frequently asked questions

What are the best practices for software implementation?

Name a single decision owner per requirement, write acceptance tests in plain English, profile the data before you estimate, run a real dry-run cutover two weeks before go-live, and over-invest in change management. The other items matter, but those five separate the projects we have shipped cleanly from the ones that wobbled.

How much does a software implementation cost?

For a mid-market implementation (single department, one or two integrations, 30 to 200 users) we typically see $80,000 to $250,000 AUD for the build plus 12 to 18 percent of that annually for ongoing support and minor enhancements. Enterprise ERP and CRM rollouts run $500,000 to $5 million AUD and up. If a vendor quote is materially below those ranges, ask what is being left out.

How long should a software implementation take?

A SaaS rollout with light customisation: 6 to 12 weeks. A CRM with custom workflows and three to five integrations: 4 to 8 months. A finance ERP: 9 months to 2 years. Anything that promises a “go-live in six weeks” for a system that touches finance, payroll, or core operations is selling you optimism.

What is the difference between deployment and implementation?

Deployment is making the software available. Implementation includes deployment plus requirements, configuration, integration, data migration, security, training, and post-launch support. Most failed rollouts deployed correctly and implemented poorly.

What is an accounting software implementation checklist?

The same seven phases above, with extra emphasis on three items: chart of accounts mapping (every legacy code needs a destination), opening balances reconciliation (closing balance from the old system equals the opening balance in the new, to the cent), and tax configuration (GST, multi-currency, BAS reporting if you are in Australia). A pilot month running in parallel is the standard accounting-specific safeguard.

Who should own the implementation internally?

A single named person with the authority to make tradeoffs and the time to do so. Not a steering committee. Steering committees ratify decisions; they do not make them. The owner should report to the executive sponsor and meet with them weekly. If the project does not have a person in that role, do not start.

When should we do user acceptance testing?

Continuously, not at the end. We pair an engineer with two or three real users for an hour a week from week six onwards. By the time formal UAT happens, the users have already seen the system grow and most of the feedback has been absorbed. The end-of-project UAT then catches the last 5 percent rather than restarting the conversation.

Do we need an implementation partner?

For SaaS with light customisation, often not. For anything that includes integration, data migration, custom workflows, or AI components, the question is whether you have the in-house skill and capacity to run a multi-month project alongside everyone’s day jobs. The honest answer is usually no for the first one, and yes by the third.

If you want this checklist tailored to a specific rollout you have on, or a second opinion on a plan that is already drafted, that is what we do. We can usually tell you within a single working session whether the scope is realistic, where the unmodelled risk is, and which line items to push back on. Get in touch or read the adjacent n8n consulting notes for related thinking on the integration side.