Stick or twist? Assessing the risks of outsourcing

Stick or twist? Assessing the risks of outsourcing
By Alan Bowling, chairman of the SAP UK & Ireland User Group

Published: May 15 2009 13:15 | Last updated: May 15 2009 13:15

There was a time when organisations would not outsource their core systems. However, outsourcing is back on the agenda for many organisations as they look to outsource entire systems, or part thereof, in an attempt to reduce operating costs.

As an example, outsourcing company Capita reported that it had won £610m of contracts within the first seven weeks of 2009.

It is, however, important that organisations are outsourcing for the right reasons and not simply jumping on the cost-reduction bandwagon. Outsourcing purely for financial reasons can sometimes be a dangerous path.

As such, organisations need to work out what areas of their business they want to outsource and the potential risks of doing so.

Outsourcing can take many shapes and sizes ranging from the manufacturing of a particular product to the management of enterprise software. It is therefore vital that businesses firmly establish what they are outsourcing and develop a well-planned and well-managed risk management strategy to support it.

Is it a commodity that can be easily outsourced, such as a data centre or the hosting of a particular software application, or is it the outsourcing of a particular business process?

Software-as-a-Service (SaaS) is also changing the current outsourcing model, as organisations can now in effect “outsource” an entire end-to-end software function or process. All of these options carry particular benefits and risks which all need to be properly evaluated.

The movement of company and personal data is, quite rightly, an important and sensitive issue. There have been several high profile incidents over the last couple of years, where organisations have outsourced a particular aspect of their business only for the outsourcer to lose or compromise sensitive data.

It is clear that many organisations need to do more due diligence when it comes to outsourcing. For example, according to Gartner, more than 60 per cent of companies do not conduct any security risk mitigation when outsourcing their development, so there is a clear need for a change in mindset.

Another consideration for many organisations is the geographical location of their outsourcers, so it is important that businesses weigh up the pros and cons of outsourcing their operations overseas.

Undoubtedly, organisations can stand to make considerable savings by outsourcing to India or new emerging locations such as Brazil, but what effect will this have on an organisation’s level of service, particularly as operations and support is thousands of miles away? Are businesses sacrificing long-term prosperity for short-term gain?

There will always be a big human element to outsourcing, so naturally there will be an inherent element of risk. Whatever outsourcing partner an organisation works with, they need to ensure that the people they employ are capable of doing the job.

A good outsourcer should be seen as an extension of the organisation and, as such, should operate as if it was part of the in-house team.

Equally, outsourcers need to be accountable. Therefore organisations should ensure that they include specific and detailed requirements of what they will and will not accept in the contract.

One of the biggest challenges facing organisations is getting the outsourcing contracts shaped to ensure the liability of both sides is clear and that the level of risk is acceptable.

By having credible service level agreements (SLAs) in place, businesses can retain control over the outsourcer and hold them accountable for their performance if problems do occur. It is important that organisations read their outsourcing contracts carefully, and seek amendments accordingly.

While outsourcers will aim to demonstrate high levels of service, organisations should always be clear that the outsourcer views it very much as a commercial arrangement and will aim also to improve the profitability of the contract.

According to the Corporate Executive Programme (CEP), managing risk to protect brand revenue and reputation in the economic downturn is increasingly a legal challenge. This is, however, covering the worse case scenario. If all the planning, knowledge transfer and risk management is properly completed then the scenario will be a successful one.

The lasting message is that outsourcing can work and deliver but organisations must proceed with caution. Like all successful business projects, outsourcing requires meticulous planning and management as organisations need to understand fully what they will get out of it and the risks involved.

Ultimately, outsourcing should form part of a long-term business strategy rather than simply being looked at as a short-term cash-saving fix.


Copyright The Financial Times Limited 2009