Blog
How to Scope a Custom Software Project Without Getting Burned
Most custom software projects blow past budget and deadline. Here's how to scope yours correctly from day one — with a discovery phase that actually works.
- mid
You’ve gotten a quote for a custom software build. It looked reasonable on paper. Six months later, you’re 80% over budget, two release dates have slipped, and the vendor is asking for more money to add features you thought were included. You’re not unusual. McKinsey and Oxford research found that only 0.5% of IT projects meet all three success criteria simultaneously — on time, on budget, and delivering the intended benefits. That figure should stop you cold before you write the first check.
The usual culprit is not a bad vendor. It’s bad scoping. Here’s how to do it right.
Why Scopes Fail Before Development Starts
Most projects blow up because the scope was never real. A client describes a vague outcome — “a system that handles our orders” — and a vendor turns that into a fixed-price estimate based on assumptions neither party has verified. The moment development starts, reality diverges from the estimate. Features get added. Edge cases appear. Integrations take longer. The result is scope creep, widely cited as the leading cause of budget overruns.
McKinsey data shows that projects exceeding $15 million run 45% over budget on average and deliver 56% less value than predicted. But the same failure pattern hits $50,000 projects too — the scale is smaller, but the damage relative to company size is often worse for an SMB.
Two root causes come up repeatedly:
- Requirements weren’t documented. Verbal agreements and slide decks are not requirements. Without written, signed-off functional specs, every misunderstanding becomes a change order.
- Complexity was underestimated. Third-party integrations — Stripe, QuickBooks, Shopify, existing ERPs — routinely take two to three times longer than initial estimates. Each API has its quirks, rate limits, and error handling requirements that only become visible during implementation.
Run a Discovery Phase First
The single highest-ROI step you can take before any development begins is a formal discovery phase. This is a defined, paid engagement — typically four to eight weeks — where a small team maps your actual requirements, documents your data model, identifies all integrations, and produces an architecture decision record and detailed project plan.
Discovery phases produce significantly more reliable cost estimates compared to the wild-guess estimates that come from a 90-minute sales call. The upfront cost is real, but it’s the difference between a project that finishes close to scope and one that doubles in cost.
What should come out of a discovery phase:
- A written functional specification signed off by all stakeholders, describing what the system does, what it does not do, and how edge cases are handled
- A data model and integration map showing every external system touched (payment processor, accounting software, shipping API, existing database) and the direction and frequency of data flow
- A prioritized backlog with must-have features for launch separated from nice-to-haves that can be deferred to a later release
- A realistic timeline with milestones tied to deliverables, not just calendar dates
- Acceptance criteria — specific, testable conditions that define when each feature is actually done
If a vendor refuses to do a discovery phase and jumps straight to a fixed-price contract, that is a red flag. They are either overconfident or protecting themselves from a scope they know is underspecified.
Define “Done” Before You Start
One of the most common traps in software contracts is ambiguity around completion. “The system will handle user authentication” sounds clear. It isn’t. Does that include password resets? Multi-factor authentication? SSO via Google or Microsoft? Session timeout policies? Each of those is a separate feature with its own development and testing time.
For every major feature in your scope, write acceptance criteria in plain language: “A user who has forgotten their password can reset it via a link sent to their registered email address. The link expires after 24 hours. If the user enters a mismatched password confirmation, an inline error message appears without reloading the page.” That level of specificity prevents disputes, speeds up QA, and leaves no room for a vendor to bill you extra for obvious features.
Structure the Contract to Protect You
Fixed-price contracts feel safe but often are not. Vendors pad estimates to cover unknown risk, and when scope inevitably shifts, they issue change orders. Time-and-materials contracts give you flexibility but expose you to runaway billing. For most mid-complexity custom builds, a hybrid works better.
A practical structure:
- Phase 1 (Discovery): Fixed price. Defined deliverables, defined timeline.
- Phase 2 (Development): Time-and-materials with a monthly budget cap. You review and approve hours weekly. Any work exceeding the cap in a given month requires your explicit sign-off.
- Milestone payments tied to demos. Pay on delivery of working software, not on calendar dates. If there’s nothing to show, there’s no payment.
Also negotiate a provision for source code escrow or regular repository access. If the vendor disappears or goes out of business, you need to own your code.
Watch the Integrations Closely
Integrations kill more projects than any other single factor. A Stripe integration for a standard checkout flow is well-documented and manageable. A QuickBooks Online integration that syncs invoices, payments, and refunds in real time across multiple tax jurisdictions is a different problem entirely. The same applies to GDPR-compliant data handling if you have EU customers, or SOC 2 requirements if you’re selling to enterprise buyers.
Before signing anything, ask your vendor to show you at least two prior projects involving the same integrations you need. Ask them specifically about failures — what broke, why, and how long it took to fix. A vendor who has never integrated with your accounting system is not necessarily the wrong choice, but they should price that risk honestly, not hide it in a “standard integration fee.”
The Number That Should Bother You
According to a Harvard Business Review study cited by Runn, roughly 17% of IT projects perform so poorly they threaten the company’s future — with cost overruns reaching 200% or more. Not 20% over — 200%. For a $100,000 project, that’s $200,000 in unexpected costs. For a company running on thin margins, that can be existential.
The projects that blow up this badly almost always have one thing in common: the scope was agreed to before anyone really understood what was being built. The fix is not to demand a cheaper vendor. It’s to invest the time and money upfront to actually know what you’re building before development begins.
If you’re planning a custom software project and want a candid conversation about scoping, timelines, and what questions to ask before you sign anything, we’re happy to talk — no charge, no commitment.
Sources: Runn — IT Project Management Statistics; Code & Pepper — Discovery Phase Guide 2024. Figures current as of mid-2026; verify against primary sources before acting.