Home
|

About us
|

Services
|

Solutions
|

Clients
|

Case Studies
|

Newsroom
|

Articles
|

Contact
 
Managing Risk in IT Outsourcing - Part I
 

By Stephen Reed

Click here to read: Part I, Part II, Part III, Part IV, and Part V

When evaluating a proposed solution for outsourcing all or part of an organization’s IT functions, it is important to perform active risk management throughout all stages of the outsourcing lifecycle. This article is the first in a series and will focus on the first stage of the outsourcing lifecycle: Strategy Development.

Managing project risk is a process of identifying potential failure points in a plan, determining the probability of occurrence, and then estimating the impact of each. With that information in hand, an organization can move to the next step of actively managing risks by deciding which risks are tolerable and which ones need mitigation. IT continuity is a classic example of this balancing act whereby a company can choose to spend several thousand dollars to have spare servers that can be loaded to replace a failed system within a few days (leaving business processes to be completed manually somehow in the meantime); or the same company can instead choose to mitigate the risk by spending millions to have redundant systems that can come online within moments of a critical failure.

Applying active risk management to an IT outsourcing project starts with the scope and complexity of the solution itself. Typically, an organization will find that outsourcing desktop and email support for 5000 users will be easier and have less risk than outsourcing support and maintenance of a customized ERP solution for 500. Age, uniqueness and stability of systems will all play a role in the risk calculation.

For example, if you are running an enterprise application that is multiple release versions behind what the software vendor is currently offering, it is unlikely that any IT outsource provider will offer a solution with Service Level Agreements (SLA’s) when they cannot be sure that they will get adequate (or any) support from the software company. As a result, the proposed cost solution you receive will essentially be fixed and will not take advantage of a variable cost structure that an SLA can provide.

Next, are the systems considered for outsourcing COTS (commercial-off-the-shelf) or are they heavily customized and known only to a handful of developers who come down from the mountains in Wyoming every spring? Custom tailoring can be wonderful for suits, but will certainly raise risk and cost if an outsource provider needs to somehow replicate unique talent and knowledge. Custom systems will always cost more to outsource than plain vanilla ones. Here is a great example of where a risk can be mitigated: outsourcing almost always involves some amount of business process engineering, so an organization may choose to take this opportunity to finally restructure business processes in line with the best practices already defined within most leading enterprise applications.

Moving on to stability, one of the benefits to outsourcing is that you are looking forward to making the vendor take all the midnight calls to reboot the servers and clear out caches, etc. The vendor however, is not that altruistic and enjoys a good night’s sleep as much as the next person. As a result, if the systems being considered for outsourcing take more than a reasonable amount of effort to support and maintain, that cost will either be charged back to you or the vendor will simply choose to place that particular poor-behaving application out of scope for the agreement. Vendors expect to get a certain amount of headaches and are counting on their strength in numbers and a deep technology bench to be able to overcome those headaches, but an unstable system will always cost you more to outsource than a stable one. In keeping with the concept of mitigation, this presents an opportunity for you to evaluate whether to keep that old, expensive architecture or move to a newer paradigm.

In closing, risk costs money. The more risk that can be driven out of an IT outsourcing solution, the less a vendor will charge you and the greater the chance becomes for a successful outsource. The next article in this series will focus on assessing outsource provider risk and contract risk. Risk management and program management are specialized skills that many organizations have not had to previously develop an in-house expertise for, and Alsbridge is happy to provide the objective, experienced knowledge and insight to guide your company in successfully navigating an IT Outsourcing effort.

About the Author

Stephen Reed is an established industry leader with a successful track record in Outsourcing, BPR, and Program Management in a wide variety of Industries. Receiving his PMP Certification in 1996 from the Project Management Institute, Stephen is a recognized expert in Risk Management, and was a contributing writer on the Project Management Body of Knowledge (PMBOK). The PMBOK is the standard used by over 100,000 professional project managers worldwide. To date, Stephen has successfully led the implementation of over $2 billion in outsourcing and technology solutions.

Stephen has a BA in Management from Loyola College and an MBA in International Business from the Sellinger School of Business.

 
 
Outsourcing
Shared Services
Offshoring
Join our monthly Newsletter
Email:
www.outsourcingleadership.com
 

Request for Services:
How can Alsbridge help you? Please provide us with details on your business needs.

Contact us:
US Office: +1 (214) 696 6410
Email: EnquiryUSA@alsbridge.com UK Office: +44 (0) 20 7242 0666
Email: EnquiryUK@alsbridge.com
Home |  About us |  Services  |  Solutions  |  Clients  |  Case Studies  |  Newsroom  |  Articles  |   Contact