Managing the Risk of IT Outsourcing Agreements

by Marrie Hopper.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on business it  

You are here: Categories » Business » Business IT

Outsourcing offers several advantages, which include enabling existing staff to concentrate on core competencies, focusing on achieving key strategic objectives, lowering or stabilizing overhead costs, obtaining cost competitiveness over the competition, providing flexibility in responding to market conditions, and reducing investments in high technology. There are also several disadvantages to outsourcing agreements, which include becoming dependent on an outside supplier for services, failing to realize the purported cost savings from outsourcing, locking into a negative relationship, losing control over critical functions, and lowering the morale of permanent employees.

Executive management is increasingly recognizing that sometimes the disadvantages of outsourcing outweigh the advantages, even after an agreement has been signed. Many companies are canceling their outsourcing agreements, renegotiating agreements, or deciding to hire their own staff to provide in-house services once again.

There are all sorts of reasons for having second thoughts, including arrogance or uncooperative behavior of the vendor, competitive advantage in the market no longer exists, costs of the services are too high, quality of the services are inadequate, and types of services are unnecessary.

Unfortunately, many companies could have avoided having second thoughts about their outsourcing agreements if they took one effective action: perform a meaningful risk assessment.

RISK MANAGEMENT 101

Risk is the occurrence of an event that has some consequences. A vulnerability or exposure is a weakness that enables a risk to have an impact. Controls are measures that mitigate the impact of an event or stop it from having an effect. The probability of a risk is its likelihood of occurrence (e.g., a 60 percent chance of happening). The impact of a risk is its degree of influence (e.g., minor, major) on the execution of a process, project, or system.

The basic idea is to have controls in place that minimize the negative consequences of a “bad” outsourcing agreement, known as risk management.

Risk management consists of three closely related actions:

- Risk identification

- Risk analysis

- Risk control

Risk identification is identifying risks that confront a system or project. Risk analysis is analyzing data collected about risks, including their impact and probability of occurrence. Risk control is identifying and verifying the existence of measures to lessen or prevent the impact of a risk.

Risk management for outsourcing agreements offers several advantages. It enables identifying potential problems with agreements. It enables developing appropriate responses to those problems. Finally, it helps to better identify mission-critical functions to retain and others to outsource.

Despite the advantages of risk management, there several reasons why it is not done. One, it is viewed as an administrative burden. Two, the understanding and skills for conducting risk management are not readily available. Finally, the information required to do risk management is not available.

There are several keys to effective risk management. Risk management is best performed as early as possible, preferably before signing an agreement. It requires identifying and clarifying assumptions and addressing key issues early. It requires having the right people involved with the outsourcing agreement, such as subject matter experts knowledgeable about key issues.

One final caveat. Risk management is not a one-time occurrence. It must be done continuously. The reason is that risk management involves taking a snapshot in time and using it to anticipate what might happen in the future. The conditions of an environment, however, may be extremely dynamic and may challenge the validity of assumptions incorporated when managing risk. Hence, it is wise to continuously revalidate risk management before, during, and after negotiating an outsourcing agreement.

RISK IDENTIFICATION

There are many potential risks confronting outsourcing agreements. These risks can fall into one of three categories: legal, operational, and financial.

Legal risks involve litigious issues, prior to, and after negotiating an agreement, such as:

- Including unclear clauses in the agreement

- Locking into an unrealistic long-term contract

- Not having the right to renegotiate contract

- Omitting the issue of subcontractor management

Operational risks involve ongoing management of an agreement, such as:

- Becoming too dependent on a vendor for mission-critical services

- Inability to determine the quality of the services being delivered

- Not having accurate or meaningful reporting requirements

- Select a vendor having a short life expectancy

- Unable to assess the level of services provided by a vendor

- Vendor failure to provide an adequate level of services

Financial risks involve the costs of negotiating, maintaining, and concluding agreements, such as:

- Not receiving sufficient sums for penalties and damages

- Paying large sums to terminate agreements

- Paying noncompetitive fees for services

These categories of risks are not mutually exclusive; they overlap. However, the categories help to identify the risks, determine their relative importance to one another, and recognize the adequacy of any controls that do exist.

The risks also vary, depending on the phase in the life cycle of an outsourcing agreement. There are essentially seven phases to an outsourcing agreement: (1) determine the business case for or against outsourcing; (2) search for vendors; (3) select a vendor; (4) conduct negotiations; (5) consummate an agreement; (6) manage the agreement; and (7) determine the business case to decide whether to renew, renegotiate, or terminate a contract.

A Sample of the Risks in Each Phase

Phase Risk
Determine the business case for or against outsourcing Using incorrect data
Search for vendors Using a limited selection list
Select a vendor Entering biases into the selection
Conduct negotiations Not having the right people participate in the negotiations
Consummate an agreement “Caving in” to an unfair agreement
Manage the agreement Providing minimal expertise to oversee the agreement
Determine the business case to renew, renegotiate, or terminate the contract Ceasing a relationship in a manner that could incur high legal costs

RISK ANALYSIS

After identifying the risks, the next action is to determine their relative importance to one another and their respective probability of occurrence. The ranking of importance depends largely on the goals and objectives that the agreement must achieve.

There are three basic approaches for analyzing risks: quantitative, qualitative, and a combination of the two.

Quantitative risk analysis uses mathematical calculations to determine each risk’s relative importance to another and their respective probabilities of occurrence. The Monte Carlo simulation technique is an example.

Qualitative risk analysis relies less on mathematical calculations and more on judgment to determine each risk’s relative importance to another and their respective probabilities of occurrence. Heuristics, or rules of thumb, are an example.

A combination of the two uses both quantitative and qualitative considerations to determine a risk’s relative importance to another and their probabilities of occurrence. The precedence diagramming method, whic h uses an ordinal approach to determine priorities according to some criterion, is an example. Whether using quantitative, qualitative, or a combination of the techniques, the results of the analysis should look:

Analysis Result

Risk Probability ofOccurrence Impact
Unable to assess the level of services provided by a vendor High Major
Locking into an unrealistic long-term contract Low Major
Select a vendor that has a short life expectancy Medium Major
Paying large sums to terminate agreements High Minor

RISK CONTROL

There are three categories of controls: preventive, detective, and corrective. Preventive controls mitigate or stop a threat from exploiting the vulnerabilities of a project. Detective controls disclose the occurrence of an event and preclude similar exploitation in the future. Corrective controls require addressing the impact of a threat and then establishing controls to preclude any future impacts.

With analysis complete, the next action is to identify controls that should exist to prevent, detect, or correct the impact of risks. This step requires looking at a number of factors in the business environment that an outsourcing agreement will be applied to, factors like agreement options (e.g., co-sourcing, outtasking), core competencies, and information technology assets, market conditions, and mission-critical systems. There are many preventive, detective, and corrective controls to apply during all phases of outsourcing agreements.

The Result of Analysis

Preventive Controls Detective Controls Corrective Controls
Provide ongoing oversight during the execution of the agreement Establish minimum levels of performance in an agreement Re-negotiating because of changing market conditions
Have the right to approve or disapprove of subcontractors Maintain ongoing communications with the vendor Identify conditions for discontinuing a contract

After identifying the controls that should exist, the next action is to verify their existence for prevention, detection, or correction. To determine the controls that exist requires extensive time and effort. This information is often acquired through interviews, literature reviews, and having a thorough knowledge of a subject. The result is an identification of controls that do exist and ones lacking or needing improvement.

Having a good idea of the type and nature of the risks confronting an outsourcing agreement, the next step is to strengthen or add controls. That means deciding whether to accept, avoid, adopt, or transfer risk. To accept a risk means letting it occur and taking no action. An example is to lock into a long-term agreement regardless of conditions. To avoid a risk is taking action in order to not confront a risk. An example is to selectively outsource noncritical services. To adopt means living with a risk and dealing with it by “working around it.” An example is a willingness to assume services when the vendor fails to perform. To transfer means shifting a risk over to someone or something else. An example is subcontracting.

TOOLS

The “burden” of risk management can lighten with the availability of the right software tool. A good number of tools now operate on the microcomputer and support risk identification, analysis, and reporting or a combination. Choosing the right tool is important and, therefore, should have a number of features. At a minimum, it should be user-friendly, interact with other application packages, and generate meaningful reports. One of the more popular packages is Monte Carlo for Primavera™.

CONCLUSION

Risk management plays an important role in living with a workable, realistic outsourcing agreement. Unfortunately, risk assessment takes “back seat” before, during, and after negotiating an agreement. As a result, many firms are now renegotiating and canceling agreements. Some examples include large and small firms canceling long-term, costly agreements with highly reputable vendors. The key is to use risk assessment both as a negotiation tool and a means for entering into an agreement that provides positive results.

Share
Leave a comment or ask a question
Total comments: 0

Business IT Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Market Wars: Who Benefits - So far the mobile audience has been shaken by a range of quite scandalous revelations as well as legal suits or at least their promises. It seems that mobile companies and all those even marginal (more...)
Corporate Continuity for the 21st Century - Business dependency on IT systems has never been greater, so when things go wrong the impact can be catastrophic. Whether its the CEO waiting for information as part of an acquisition negotiati (more...)
How important is the after sales process in consumer durable industry - Predicting the future sales of new and established products is a more critical activities for companies to be able to plan and provide the best consumer support in consumer durable industry (more...)
IT support service to help your business - IT support service form an integral part of the solutions provided by IT companies. A growing number of companies outsource their IT needs to service providers. The package deals offered by the pro (more...)
Find Call center and BPO jobs in India - There are many kinds of jobs in BPO as there are in any other industry. The prevalence of BPO adheres to the existing need of different industries, like manufacturing, servicing industries, consume (more...)
IT Jobs opportunities for the young talents - In today's digitally emerged and technically enhanced business world there will be none who doesn't know about Information Technology. Even an illiterate says its computers related stuff as an answ (more...)
Why Structural 3D Modeling is Critical for Industrial Designs - As Industrial designs intend to create and execute design solutions towards problems of form, usability, engineering, brand development and sales, 3D modeling has a crucial role to play. 3D modelin (more...)
Advantages of Outsourcing - There are many functions that are being typically outsourced these days. Take for instance the case of promotional materials that are so very important for the success of any enterprise, big or s (more...)
IT SERVICES - "An IT Services provider is an entity that provides services to other IT service." IT Services, as defined by the Information Technology Association of America (ITAA), is "the study, design (more...)
Data Entry Offshore Services - Data Entry Services is a fast growing industry. The universe of business is dynamic, fast paced, and in constant flux. In such an atmosphere the accessibility of precise, thorough information is a (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.