Decisions on outsourcing often have long-term implications; for this reason, understanding how IT organizations and executives make their decisions, and value and manage risk is an important part of IT outsourcing. Often times, poor decision-making result in lock-in effects that pose detrimental risks to competitiveness of the company, challenge the organization’s morale, and have significant costs to the company. Managing the risks that come with the IT outsourcing cycle is at the center of any successful IT outsourcing.
It all begins with the strategy phase of an IT sourcing initiative. Throughout the course of the entire project, companies should aim to formulate a structured approach to risk management. In this manner, IT executives need to make sure that the organization has a good understanding of the multiple impacts that come with outsourcing IT, and at the same time evaluates its pros and cons. In the tactical phase, companies need to manage both the outsourcing and third party risks actively. They should also consider how to manage and maintain internal control over outsourced IT deliveries and other regulatory requirements needed. Lastly, it would include the operational phase of an IT sourcing initiative. Companies should implement reporting and monitoring arrangements from inception to the end of an agreement, during the whole contract life cycle. The arrangements would include the business case, the contract, the implementation of the contract to its expiry, contingency plans and exit strategies.
However, transformation is still the turning point when it comes to risk management. There should be a balance between the operational agenda and the prospective strategic initiatives as such risk exposure is in balance with transformational change. In this respect, decision-making is a critical issue. Prudent managers would tend to evaluate the situation, look over possible courses of action and identify related risks before deciding on a course of action. Unfortunately, there are some that are too cautious that they would lean towards decisions that are too costly yet the outcomes are not as favorable. And there are some who are overconfident or highly impressionable.
Decision-making has numerous traps that can be managed through awareness. Awareness is the basis and foundation of a suitable risk management framework and process in an IT outsourcing initiative. It would help in avoiding the pitfall of bias, false sense of security from estimates, excessive caution, overconfidence and failure to overlook costs. As such, things like management and maintaining control over deliveries from outsourced IT should be considered. In addition, depending on the industry that a certain company focuses on, there should be due consideration as to the regulatory requirements that are being used.
There a few risks in outsourcing IT that is in need of strategic, tactical, and operational management. Companies should manage outsourcing and any third party risk in an active manner. The approach to risk management should be included in the reporting and monitoring arrangements that should be put in place from the beginning until the end of any IT outsourcing deal – this includes the contract, the business case, the implementation of the said contract until its expiration, any contingency plans, and finally, the exit strategies. This approach is something that must be operationalized during the tenure of the contract, and is not something that should be done once.
It is important to note, however, that in order to realize the true value of IT sourcing, it will come with transformation and risks. IT organizations need to be able to balance their operational agenda with more forward-looking strategic initiatives. As such, there needs to be a balance between the level of transformational change, and risk exposure.
There are a few traps in decision-making, and perhaps, awareness is the best tool that you can use to manage them. Awareness of the decision-making traps will help companies, as well as executives to avoid any mishap, false sense of security, excessive caution, overconfidence, and even failure to ignore sunk costs. This awareness is the basis for a suitable risk management system and process in outsourcing IT.
One of the most common pitfalls in IT outsourcing is the tendency to think that risk can be outsourced. 3gamma, together with its clients have noticed and worked through issues wherein a vendor is not able to deliver. One of the best strategies to manage situations like this is many. In cases like this, the contract plays a significant role to cover different eventualities.
In order to reduce risks and hit the business objectives with the use of IT outsourcing, companies need to apply a holistic approach – this means that due consideration must be given to the entire life cycle of the outsourcing process. However, it should not merely be a legal issue, because it is important to include this approach in the IT outsourcing strategy. There must be due focus given on:
- Reviewing the alignment with business objectives and a regular business case assessment.
- Assessing the impact of limitations in flexibility and understanding lock-in mechanisms (processes, architecture, integration, tools etc.)
- Monitoring contractual alignment and the contract’s validity to the services required and delivered, understanding potential scope creep and contract leakages
- Assessing the change effort required and exit-mechanism applicability
- Understanding available external market capabilities for the services in scope
- Understanding of internal execution capability, i.e. an ability to transfer services from one vendor to another vendor (or insource)
The approach on the management of risks must also be continuous and not limited to any actual decision. In fact, most IT executives must revisit their revisions on a regular basis and manage their vendor base through a portfolio in order to optimize the business’ value.