Friday, January 25, 2008

Is outsourcing too risky?

Source: Continuityforum.org

Before an organisation decides to follow the outsourcing trend, attention must be paid to the many risks involved in this way of doing business, says Anthony Plewes.

No matter what the reason is for outsourcing key IT processes, there's always an element of risk. Will the supplier deliver? Was the contract appropriately scoped? Are the business objectives truly being fulfilled? These issues shouldn't be left to chance.

Anyone considering the outsourcing route must take deliberate, methodical steps to mitigate the potentially high risks involved.

Here are the areas you should be sure are covered thoroughly.

Due diligence

The first step in risk mitigation is to carry out due diligence on the outsourcing service provider. Amongst other information, this will help identify whether the outsourcer has the capacity to carry out the work and whether it will be sufficiently financially stable to service the contract for its entire length.

The continued importance of offshore outsourcing means the outsourcers' business continuity planning also needs to be robust to cope with any shaky infrastructure and outages.

Internal audit

Before assessing the outsourcer's capabilities, you need to work out exactly what is being outsourced. If you cannot accurately identify the current state, it's not possible for you and the outsourcer to agree the scope of the contract, costs and service levels involved. Scoping the current state will help prevent the risk of poor performance, future disagreements and the cost and disruption of renegotiating the contract.

"There is no substitute for doing an internal audit on your organisation," says Kit Burden, partner and outsourcing specialist at law firm DLA Piper. "It is vital to accurately define the outsourcing service scope, because the 'your mess for less' approach is a recipe for disaster. The customer needs to spend enough time with its internal people to find out exactly what it is they do."

A business impact analysis will also identify exactly what processes are important and will help companies set relevant service level agreements (SLA).

Many disputes between customer and outsourcer are sparked by a disconnect between what the client is expecting and what the outsourcer thinks it should be delivering. For example, a 2007 report from outsourcing analysts TPI found unrealistic expectations on behalf of the customer were a problem in more than half of all outsourcing contracts, forcing many companies to restructure their agreements within as little as 18 months.

It is also essential to build flexibility into the contract because it's inevitable that your requirements will change over the lifetime of the relationship. One way of mitigating the risk of change is to have shorter contract lengths but even then it is essential to have a clear governance structure that sets out a procedure to cope with any changes.

The most common change is in volumes of transactions and this can be easily accommodated by having some form of utility pricing that allows them to be scaled up or down.

Ongoing management

Once the contract has been signed, the focus must be shifted to managing the relationship with the supplier. Just because a company is outsourcing a function doesn't mean they can no longer pay attention to the area.

"Outsourcing can be very effective in transferring risk, especially in pricing and operational risk, but supplier management is absolutely crucial to make it a success and some companies don't put enough emphasis on it," warns Susan MacLean, a member of law firm Morrison & Foerster's Global Sourcing group.