When the head aches, all the members partake of the pain.
Miguel de Cervantes (1547–1616)
Spanish dramatist and writer of Don Quixote Managers who work with IT outsourcing (ITO) without using the risk dimension signature (RDS) tool or similar instrument described in the previous section, are often confronted with the predicament of having to rely on instinct and ‘gut feel’ for the impending risks. Some organizations will have a higher propensity for risk than others, and form a group of early adopters of the ITO concept. These organizations are not able to reap the maximum benefit of ITO as risk diminishes the benefits accruing to the ITO participants. There is, therefore, significant advantage to be gained from understanding the workings of the RDS and its implementation in this environment.
5.1
Interaction between supplier and
buyer in IT outsourcing
Risks are transferred via instruments like legal contracts and process changes between the supplier and buyer of outsourcing services, and vice versa, on multiple occasions during the term of an outsourcing agreement. This extends the original observation in this area on the shifting risks from the buyer to the supplier in the operations dimension. When the identified risks are tracked between the pair of stakeholders in a typical ITO exercise, an obvious ‘to-ing’ and ‘fro-ing’ of risk between the buyer and supplier is observed along several sets of risks. Importantly, however, in a ‘musical chairs’ fashion, the party left with the risk when the undesirable event occurs is stuck with the consequences. Supplier organizations experience a set of risks that are adopted from the buyer, and vice versa. A reasonable conclusion hence could be that, in an outsourcing arrangement, there are no exclusive supplier or buyer risks, merely risks that are shared or remain with one party temporarily (then passed on to the other party).
119
Chap-05.qxd 3/1/05 12:32 PM Page 120
Managing the Risks of IT Outsourcing
The paradox effect
There is also a ‘paradox effect’ that is observed. For example, when organizations outsource to save money, they often get more worried about being exploited on cost; when they outsource to improve service, they fear it may deteriorate; and when they outsource to avoid the hassle of management, they still need to control.
The risks are either shared between the supplier and buyer through a series of agreements and activities or passed between risk sets or types in the individual organizational risk-landscape.
The objective of the tool proposed is to assist in illustrating and identifying these risk sets and then determining the level of risks that can be tolerated at any single point in time. It allows the appropriate decisions and mitigating activities to be implemented early, in order to avoid often unbearable consequences.
Assume an organization has made the decision to outsource its IT function to derive competitive advantage in its market space and improve operations and performance. Further assume that there are suppliers that have sufficient economies of scale and superior IT management practices to deliver improved services at a lower price, and that the resulting savings are those that the client will benefit from.
A typical outsourcing selection process exists where a list of suppliers is created through advertising for an ITO project. Suppliers are invited to make submissions. They are then short-listed through a process where likely suppliers are identified based on a set of requirements. Once short-listed, suppliers are issued with a Request For Information (RFI) document that outlines the buyer’s objectives, services, assets, transfers, and issues of relevance to the outsourcing exercise. Suppliers respond by matching the buyer’s expectations with their own capabilities, track record, reference sites, and associated information. Those selected are then ‘invited to tender’ and issued a Request For Proposal (RFP) or Request For Tender (RFT). The process may differ slightly as a result of probity and procurement regulations often already set out in the buyer’s corporate policies.
A supplier would likely undertake opportunistic behaviour, seeking to reduce its own operational costs, often at the expense of the client. Social actors will behave opportunistically if it is advantageous for them to do so. This opportunism denotes the capability and willingness of organizations to pursue their own interests at the expense of partners by withholding, for example, information.
120
Chap-05.qxd 3/1/05 12:32 PM Page 121
Risk Interaction in IT Outsourcing
Relationship dynamics between buyer
and supplier
The selection process for a suitable supplier takes on the form of an auction where several suppliers are invited to tender for the outsourcing activity. As in an auction situation however, when the winner of the auction or bidding event systematically bids above the actual value of the objects or service, the bidder incurs losses. The suppliers are ‘squeezed’ to provide the lowest prices.
The difficulty in such bidding circumstances is to select those suppliers that offer the best deal. There is little or no differentiation between suppliers that is obvious during the selection process. Selection of the supplier hence tends to be based on what cost efficiencies suppliers can deliver.
The interplay of winning and losing scenarios is illustrated in Figure 5.1 where the ideal scenario would be for the buyer to obtain the best service delivery from the supplier, who in turn must be paid a ‘correct’ price.
Supplier
Cost too high for
Win
buyer
(profitable)
Win–Win
(Supplier secures
profit margin)
Cost too high for
Lose
supplier
Lose–Lose
(loss-making)
(services
Figure 5.1
compromised)
Interaction between
supplier and buyer
Buyer
in the selection
Lose
Win
(Negative impact)
(Positive impact)
process
5.2
Implications of relationship for risk
To derive a win–win situation (Figure 5.1), the relative risks of the ‘supplier’ and the ‘buyer’ of services in the outsourcing of the IT function are expected to be shared almost equally. This is not the case. While identifiable operational risks are transferred to the supplier, there are significant risks and inherent business risks that remain with the buyer. In addition to this, the risks associated with the relationship make the risk scenario or profile often too difficult to bear.
121
Chap-05.qxd 3/1/05 12:32 PM Page 122
Managing the Risks of IT Outsourcing
Interplay between buyer and
supplier RDSs
That the buyer carries a larger RDS or risk profile in comparison with the supplier needs to be recognized by both sides in order to derive a synergistic relationship. The emergence of partnership or alliance arrangements as alternatives to the formerly more popular transaction-based contracts1 indicates a shift to closer interactions between buyer and supplier. While partnership arrangements vary considerably in their operations, from flexibly defined, formal contacts, to loose strategic initiatives, they also include the provision of shared risk and benefits.
Transformational outsourcing provides for a set of partners who have a considerable stake in the game, and often that means sharing both risk and reward.
The need for successful outsourcing decisions and contractual arrangements in an ITO deal involves the understanding and management of risks inherent in the deal. Risk assessment and risk management are consequently critical contributors to the success and/or failure of an ITO venture. The understanding of the relative risk profile or signature between the buyer and supplier of services will enable appropriate action to be taken to manage the relationship.
While the direct financial benefits2, in terms of cost reduction, are a major driver to divest the organization’s ‘non-core activities’, there is a clear move to the outsourcing of products and/or services in consideration of scale and costs, that is, financial considerations. The risk, however, is often not qualified and can result in losses not recognized in an organization’s financial statements. This can be, however, qualitatively measured.
The outsourcing decision ultimately breaks down into a cost–
benefit trade-off. Again, the important benefits that the organization achieves when outsourcing include economies of scale, scope and specialization. To achieve these benefits, it incurs costs such as supplier organization search, negotiations, and legal fees to establish the relationships. ‘Outsourcing can ease many maladies – people shortages, skills gaps, and over-ambitious corporate plans. But increasingly, it can also improve your chance of seeing the inside of a courtroom’ (Goodridge, 2001). These costs, however, are often dwarfed by contractual risks associated with inefficient contracts, owing to differences in information 1 Usually a shorter and more tightly defined contract arrangement 2 Often over a period of (5) to 10 years
122
Chap-05.qxd 3/1/05 12:32 PM Page 123
Risk Interaction in IT Outsourcing
between the parties (asymmetric information), inability to observe actions comprehensively; and the inherent incompleteness of IT contracts. These risks are often driven by the large uncertainty surrounding IT investments, parties’ inherent risk aversion and bounded rationality.
Sharing of risks between buyer and
supplier
When the buyer’s operational risks are being shared with the supplier, this is often perceived as an advantage to the buyer.
This is because the resources now required to support risk mitigation for the buyer are reduced (as they are now shared with the supplier). Along with the sharing of operations risk, the responsibility for recovery from adverse activities as a result of the risk is also shared. These advantages provide support for the argument for outsourcing. There are a number of critical risks of ITO, including cost increases, management issues, service failures, loss of expertise and negative business impacts, including loss of innovation. Finally, there are questions as to whether the potential benefits of outsourcing offset the management risks that it introduces.