In order to take this argument further, extensive experimental evidence and data will need to be collected from both buyer and supplier organizations. In this context, however, it is noted that the experiment would need to cover all the parameters mentioned in the earlier chapters including the factors influencing the creation of the RDS in the first place. In combination, many of the simplistic and theoretical examples made in this section would provide the complete picture that is theorized, to follow the equilibria proposed by Nash. This would have to be the subject for another book.
6.7
Chaos theory
If the risk profiles are taken and viewed from yet another perspective, that is, as chaotic systems (Baker and Gollub, 1990) and using chaos theory (Lorenz, 1993), the initial observations, curi-ously, are also substantiated. It is known that even the smallest imaginable discrepancy between two sets of initial conditions would always result in a huge discrepancy at later or earlier times in any system following chaos theory. Here, chaotic systems are mathematically deterministic, that is, they follow precise laws. The irregular behaviour of chaotic systems appears to the casual observer to be random. The presence of chaotic systems in nature also appears to place a limit on our ability to apply deterministic physical laws to predict risks with any degree of certainty. The discovery of chaos therefore implies that randomness lurks at the core of any deterministic model such as the one discussed in this book. The complexity and uncertainty of the risk influences notion made earlier were designed to argue the fact that a conclusive link may never be found.
Amid the apparent confusion, however, patterns of natural equilibrium were observed. There were clues that become evidence in support of a form of constancy in the total risk exposure in the patterns in the RDS illustrations. The observed equilibrium over time supports the observations of constancy in the data that 151
Chap-06.qxd 3/1/05 12:33 PM Page 152
Managing the Risks of IT Outsourcing
were examined. If there is a state of equilibrium, then the idea of a relationship between the risks dimensions that compensates for changes between them is also supported. This, in turn, supports the thinking and general notion that a clear relationship exists between risk dimensions in an ITO exercise that allows the total risk exposure levels to reach a state of equilibrium over time.
The arguments for development of the notion that risk relationships exist are strengthened as observations are made from alternative perspectives. There is no defeat in admitting to chaos; rather, facing the problem provides the practitioner with a management challenge that is integral to managing in this environment. Outsourcing arrangements in their simplest forms involve two organizations, the buyer and supplier. The models that were introduced included agency theory and game theory, which have already been used to describe many of the situations in which the ITO arrangement operates. The association with game theory (between the buyer and supplier organizations) and semb-lances of the Nash equilibrium does not completely justify this but supports the observations of an equilibrium in the risk profiles occurring in the ITO exercise. Authors Elitzur and Wensley (1997) followed a similar path and placed emphasis on the observable phenomenon of risk sharing in an ITO exercise. They also attempted to provide game theory interpretations of key aspects of ITO arrangements. This study provides an alternative and comprehensive view of this theory through specific models that have been constructed in the ITO arrangement.
6.8
The perfect project
There has never been an attempt to describe the illusory ‘perfect project’ described at the start of the chapter, nor any endeavour to predict risks. The observations described in this chapter were designed to build additional rigour into the risk assessment framework, which is constantly being reconstructed and refined.
The manager’s idealistic dreams mentioned earlier may never be realized but the observations from the RDS support the proposition that the relationship between the selected risk dimensions that arise in the outsourcing of the IT function results in a constant total risk exposure for both the supplier and buyer organizations.
There appears to be no set of ‘rules’ that govern the interrelationship. The interrelationships between each of these events and the risk exposure can be described as being ‘complementarily interconnected’, i.e. they affect each other. There is no direct 152
Chap-06.qxd 3/1/05 12:33 PM Page 153
Risk Characteristics and Behaviour in an ITO Exercise cause-and-effect relationship that can be observed. The essential characteristics of the interaction cannot be neglected either as some features can be used to mitigate some effects of risk. Although rules provide some structure for the analysis, they also divert attention from key observations; i.e. risks are outcomes or a set of events that by their very nature cannot be predetermined accurately. The concept of risk balancing involves the proposition that risk exposure tends to settle into a state of equilibrium after a period of time. This supports the notion that all risks in all dimensions are interrelated.
Over a period of time relationships are observed to reach a state of equilibrium. A natural state of equilibrium for total risk exposure is proposed. In this natural state, the total risk exposure for an organization (either the buyer or the supplier) remains constant over time. This is also the state in which the fluctuations in risk exposure for the buyer are mirrored for the supplier. In the midst of all the activities, events and changes in the environment, the total risk exposure for the buyer equals that for the supplier. The apparent harmonious relationship between the organizations is reached where both organizations have a mutually beneficial and synergistic existence. Examples of this are observed in many outsourcing relationships that have survived over significant periods of time. If these observations are true, this is expected for ITO relationships (which are relatively recent) moving forwards.
After the rigour of developing models and defining risk categories, conclusions were reached using a set of heuristics and trends from observations of risk exposure and outcomes within the boundaries of an ITO exercise, also incorporating both internal and external features of the business landscape influencing the interaction between the actions and subsequent events. The next chapter describes this risk relationship notion further and concludes the study with some final observations before the case study is introduced to show the application of these concepts in the management of risks in this environment.
153
Chap-07.qxd 3/1/05 12:33 PM Page 154
7
Mitigating risks in an ITO environment
Mitigate: origins lie in the Latin mitigare , to make mild; mitis , gentle or soft; and agere ; to do.
15th century vocabulary
An enduring task of a manager in a typical ITO exercise is to reduce risks. There is no discrimination regarding the type of risks that will need attention, and risks along any of the dimensions where risk exposure has obviously exceeded the organization’s appetite for risk may need to be mitigated. A manager might also proactively forecast risks that may eventually exceed the organization’s risk tolerance limits. The task is never-ending because risks are dynamic and risk influences are always present.
As risks are transferred to the supplier benefit derived by the buyer organization arises through reduction in risk exposure along, for example, the operational and technical risk dimensions, for which the supplier is compensated with a fee. In addition, the supplier’s financial and business risks relating to the ITO exercise are observed to decrease. This shift in risk exposure values is a phenomenon that is fairly predictable.
Risks along each of the dimensions demonstrate distinctive patterns of behaviour. For example, in the previous chapter, it was shown that a relationship exists between risk dimensions to the extent that, in one instance, the total risk exposure for a project remained constant over time. This was repeatedly observed in the same ITO exercise, and the same phenomenon is seen over many different projects. As illustrated in Section II, the RDS tool allows risk exposure to be mapped on the various risk dimensions. The method for mitigating the risks described here, utilizes this unique behaviour.
7.1
The ITO risk ecosystem
The state of equilibrium mentioned earlier is where the total risk exposure is constant. This applies when variables like the type of organization, time and selected ITO exercise remain constant.
154
Chap-07.qxd 3/1/05 12:33 PM Page 155
Mitigating Risks in an ITO Environment
These variables are found in what is described as an ITO ‘risk ecosystem’. The risk ecosystem borrows the term ‘ecosystem’, which was coined in 1935 by the British ecologist Sir Arthur George Tansley, who described the living and nonliving parts of natural systems as being in ‘constant interchange’. In this ecosystem, the sum total of risks is constant as the risk dimensions are in a constant state of flux and interchange. The correspondence with the ITO scenario allows the RDS tool to be used and fairly accurate predictions to be made based on the notion that specific relationships exist between the risk dimensions in the outsourcing of the IT function. The relationship between the risk dimensions allows changes to take place along each risk dimension to the extent that the mathematical sum total of all the risk exposure elements remains constant. The state of equilibrium exists to the extent that a natural state of equilibrium exists, previously described mathematically and restated here as: