actions accurately, and exogenous changes that allow one party to behave opportunistically. Reviewing the comprehensive contracting literature in economics and adapting it to the unique area of ITO provide the basis for prescriptions on efficient and effective contractual arrangements. These prescriptions are in the form both of governance structures that emphasize the importance of ownership of critical assets and of contractual remedies to provide sufficient incentives to align parties’ interests.
If all actions that affect the value of a relationship are fully observable and verifiable, an outsourced contract is based on a documented set of agreed requirements and the payments contingent on completing them. Incentive payments are then necessary to align interests between the buyer and supplier. Much of the economics of the agreement is about the incentive systems and how they perform under different conditions.
Another critical economic issue in an outsourcing contract is risk sharing. Both the buyer and supplier may have different 114
Chap-04.qxd 3/1/05 12:32 PM Page 115
Understanding Risks When Outsourcing the IT Function preferences for risk, which generates opportunities for gains in the contract exercise. As parties become increasingly risk averse, so too can the cost of very highly attractive contracts become expensive because of the high-risk premium required.
Mutually unobservable behaviour may lead to inter-organizational problems associated with imperfect commitment. This frequently manifests itself through the problem of ‘double-sided moral hazard’ or mutual shirking.
‘Adverse selection’ arises when the buyer has difficulty choosing a supplier based on a given set of characteristics. Information asymmetries can be so severe that markets for certain goods can completely disappear or only low-quality goods become available for purchase. The appearance of selection errors that may result from an exaggeration of the facts by the supplier is common and is known as ‘hubris’ or ‘over-exuberance’. This expectation gap between the supplier’s performance at the time of selection and performance of work is a risk borne by the buyer.
When performance is not to the level expected and disputes occur, both buyers and suppliers may not honour commitments that were made at the time of contract agreement for reasons of changed circumstances. Imperfect commitment and unclear and/or incomplete contracts are often used as reasons. Again, the buyer carries significantly more risk, given that the ultimate responsibility originated with and still resides with the buyer.
This risk from an inexperienced buyer could be to severely underestimate transition and management costs. This puts the buyer organization at risk and vulnerable to the supplier’s opportunistic behaviour. On the other hand, the people resources taken over by the supplier from the buyer to manage legacy systems may not carry over sufficient expertise to enable the management of newer systems. The inexperience of the buyer of outsourcing services in the area of contract and supplier management also introduces a risk, particularly in the area where a relationship exists between the buyer and a wide range of suppliers that provide services for a prime supplier. The buyer ultimately carries the risks of diluted responsibility and opportunism.
The other risk factors relate to the transactions themselves. Asset specificity is the degree to which an asset can be reused once the supplier takes over operations, i.e. the extent to which its value needs to be sacrificed. Neither the buyer nor the supplier can predict with enough certainty the activities to be performed in the agreement. This is particularly true in the area of IT
115
Chap-04.qxd 3/1/05 12:32 PM Page 116
Managing the Risks of IT Outsourcing
management where the complex set of applications, hardware, networks and new technology is thrown into the mix constantly.
This is aggravated by the fact that businesses are constantly challenged to use this ‘IT mix’ to enable the proper functioning of core business strategy and operations. Unclear business objectives cannot drive IT development. Subsequently also, IT cannot enable the appropriate business functions to deliver business objectives, which remain ambiguous. For example, electronic ticketing has been seen as a strategic business enabler for competitive advantage. In a more remote setting, however, access to the Internet is restricted to a section of the community as a result of poor communications and social profile. Even if IT systems were able to deliver Internet ticketing successfully, the strategy would still fail as a result of an ambiguous business objective.
Measuring the value of the activities, processes and items exchanged is therefore also a challenge. The frequency of activities needs to be understood. It is beneficial to carry the risks associated with investments or uncertainty rather than invest in transactions that only occur once. Outsourcing interdependent activities within the IT function already causes serious difficulties. When IT is used to enable the running of business functions, this risk factor is compounded. For example, disputation over poor response time would then need to be attributed to more than one system, and ownership would be difficult to identify. Further, a risk factor arises if the supplier does not provide the latest technology that enables the buyer organization to maintain competitive advantage over its competitors.
A risk factor that is often highlighted and often not satisfactorily investigated is when the core competence of a buyer organization is outsourced. The buyer risks that the suppliers could either take it over in its own market space, or move in directions different from the ones the buyer might take strategically. Outsourcing an activity at the core of the organization could be potentially disruptive to the learning capabilities of its staff and reduce its overall competitiveness.
The governance structures set up during an outsourcing arrangement, the contracts, and the informal arrangements created to reduce conflict, to govern relations, and to increase the extent of co-operation and benefits, will provide the framework of controls in the buyer’s arsenal to mitigate the ‘human’ risks presented in an outsourcing agreement. A contract in itself, however, is also an area of risk exposure. The same contract will induce changes in behaviour and methods used, and hence also reduce 116
Chap-04.qxd 3/1/05 12:32 PM Page 117
Understanding Risks When Outsourcing the IT Function the losses incurred associated with undesirable outcomes or reduce the probability of occurrences of such outcomes.
Amendments to the outsourcing contract are routine, either because the buyer organization’s needs are changing, or because most contracts are indeed incomplete. As a result, many suppliers have used high charges. New services or changes are then renegotiated for services rendered. The uneven risk profile is skewed against the buyer.
A lock-in situation often results from specific investments that were made by the supplier when the contract was first signed.
At contract renewal time, if no other supplier is ready to make specific investments, the client has no alternative but to continue its relationship with the current supplier. The supplier can then increase its fees because of this lack of an alternative. The lock-in situation is more likely to occur in an industry where there are specialized IT requirements (buyer organizations for example) and there are only a small number of suppliers that are capable of managing the IT function. When the time comes to renew the contract, the buyer organization will not have many alternatives to consider. The supplier can then almost dictate the conditions of the contract and the risks to the buyer are escalated.
Service quality and service costs are two major issues in ITO.
The literature shows examples of degraded service levels resulting from outsourcing, including poor response time, poor turn-around time, late software updates and applications that do not meet requirements. Along with service degradation, service costs rise. This imposes a more significant risk on the buyer than on the supplier of outsourcing services. Financial penalties are often imposed for non-compliance with service quality arrangements.
These contracts, however, also impose a formidable resource requirement for measurement and governance. This imperfection, discussed earlier, does not help to mitigate this risk.
People- or resource-risks are also higher for the buyer compared with the supplier. After an outsourcing agreement is reached, often very few IT resources or little expertise remains in the buyer organization. This creates an initially advantageous cost position. It can, however, also be viewed as dangerous, since the organization will have lost its ability to use IT efficiently and effectively, and will remain dependent on an external supplier.
Again, the risk profile is highly skewed against the buyer.
Given that the RDS profiles measure the risk exposure value and allow the managers in the ITO exercise to understand the risks 117
Chap-04.qxd 3/1/05 12:32 PM Page 118
Managing the Risks of IT Outsourcing
dynamics, the next chapter provides some insight into the observed relationship between risk dimensions that is evident when the RDS is used. It is observed that the risk dimensions are interrelated to a significant extent. This observation also reveals an opportunity that can be exploited in order to mitigate risks, as explained in Section III (Mitigating (& managing) risks in IT outsourcing), the final component of the MUM method proposed earlier.
118
Chap-05.qxd 3/1/05 12:32 PM Page 119
5
Risk interaction in IT outsourcing