benefits the buyer through time- and cost-savings directly related to the IT function. Outsourcing is observed also as a trade-off between lower production costs (provided the supplier possesses lower-cost technology) and higher monitoring costs (Lewis and Sappington, 1991).
As the buyer provides management and supervisory content, there are restrictions imposed on the activities performed in the outsourced function. Along with this definition, a fee-for-service model is described where outsourcing services are an arrangement whereby a third-party provider assumes responsibility for 8
Chap-01.qxd 3/1/05 12:29 PM Page 9
Common Terms and Concepts Used in Outsourcing performing functions at a predetermined price and according to predetermined performance criteria. It is implied that agreed terms and contractual conditions for the services performed have a service level, fee components and a deliverable that is measured against a set of measurement criteria. This extends the earlier definition to include a measurement method and a form of governance, both by the buyer and by the supplier.
Elements of this ‘view’ have changed since the early 1990s to include significantly more emphasis on outcomes-based agreements. The idea that a portion of responsibilities in IT can be contracted to an individual or organization on a piecemeal basis was accepted with the rise of large-scale ITO arrangements exemplified by Eastman Kodak and Xerox Corporation a decade ago. Managers questioned whether the traditional paradigm of
‘owning’ the factors of production is the best way to achieve competitive advantage.
In the case when responsibility and control is handed over, there is an inevitable loss of management control and responsibility over the detailed processes. Control over the IT function is relinquished voluntarily by the buyer to the supplier. There is a perception that this loss of control over the process is sometimes not adequately compensated for by increased control over the outcomes. The buyer is no longer able to directly manage all of the outsourced processes but has final control over the quality of services that are delivered through an agreement and compensation process. The outcomes of the activities in the IT function could mean defining response times for specific applications, or determining turn-around times for maintenance activities. The supplier is compensated or penalized, based on the set of agreed service levels. In this way the control over the outcomes, which is essential, remains with the buyer of the outsourcing services.
A very significant difference in meaning, however, arises when contracting is compared with outsourcing.
1.4
Contracting versus outsourcing
The terms contracting and outsourcing are often observed to be used synonymously. Although the difference is not immediately noticeable, a clear distinction needs to be made between these terms by way of control of the processes and outcomes by the buyer organization.
9
Chap-01.qxd 3/1/05 12:29 PM Page 10
Managing the Risks of IT Outsourcing
The difference between the different terms is important especially when risks are considered. For example, in a contracting situation, the operational processes and risks remain with the buyer of contract services. The organizational boundaries are distinct where both the buyer and supplier have no integration. The tasks, deliverables and processes are defined and agreed.
In an outsourcing situation, the processes are shifted away and become the responsibility of the supplier. In this situation the boundaries are no longer clear. The outsourced function that comprises people, processes and technology belongs to the supplier but works for, and in the interests of, the buyer organization.
Another more subtle difference is that, in contracting, there is a significant level of management effort and supervision. In outsourcing, the supplier provides a good or a service independent of the buyer management. The outsourced services are provided based on a set of performance metrices and are based on a set of outcomes rather than detailed supervision in a contracting situation. With outsourcing, the independence allows the buyer resources to be released or redeployed.
A further difference in the resourcing model using the definition, is where the processes are delegated to the supplier and almost all the staff or resources no longer belong to the buyer organization. The supplier organization fulfils this role. The motivation for streamlining processes and reducing staff resources has been shifted to the supplier. Along with this responsibility, operational risks are shifted to the supplier. The benefits to the buyer are obvious. Key benefits to the supplier come from a steady income stream over a fixed period, focus on its own core competency and an opportunity for optimal utilization of its resources. The risks that are carried are mitigated through legal agreements that set the boundaries of responsibility as well as through key factors involving reduced financial and business risks.
Process controls are ‘owned by’ and remain the responsibility of the buyer of the outsourcing services. The responsibility for the outcomes of the processes and ultimate ownership remains with the original buyer organization. The outside party or supplier assumes responsibility for the operations within the function, promising to deliver the outcomes previously defined by the buyer. The concept for outsourcing places emphasis on the benefits of the buyer organization through the ‘removal’ of non-essential or non-core competence functions from the organization.
10
Chap-01.qxd 3/1/05 12:29 PM Page 11
Common Terms and Concepts Used in Outsourcing 1.5
Blurred organizational boundaries
The boundaries of the organization are redefined with the use of outsourcing. There is an observable change in the relationship of many organizations, i.e. from an external supplier of products and services to that of an entity that is networked to the buyer organization in the form of a partnership. Organizational boundaries are being redefined and expanded. The business communities today are observed to be increasingly networked.
The motivation or need for new outsourcing services is integral to this new, networked community. Few single organizations can now operate independently given the need to provide more comprehensive services. The implications of the definition can be far-reaching, including the creation of virtual organizations where all activities and functions are outsourced. At the core, apart from the owners and shareholders of the organization, only the outsourcing managers remain.
Organizations, however, still struggle with the use of outsourcing to support IT. IT has been seen as the domain of a single organization because of the specialized functions it supports as well as the unique expertise required to support its operations. The ability to choose whether to outsource or not, then selecting the right IT supplier, determining the right terms, ensuring that the planned benefits are achieved and managing risks, are critical to a successful outsourcing agreement. Until the 1990s, the major drivers for outsourcing were primarily cost-effective access to specialized skills. The costs of hiring, firing, training and motivating skilled people in the area of IT representing indirect overhead costs, which are ‘non-core competencies’, are increasingly being outsourced.
The motivating factors and working relationships of the buyer and supplier of outsourcing services provide the background required to understand the risks as a result of ‘human factors’ as defined in agency theory (see subsequent section). While this book also serves to illustrate knowledge already known and published, it provides an opportunity to guide the reader to make observations of new areas that have received little or no attention in many ITO projects. These areas are highlighted as the elements of ITO are illustrated. There is a shift in emphasis that has taken place, as there is a realization of the importance of quantifying and understanding risks. This is especially so when there is an uneven experiential level between the supplier and buyer that could skew advantage toward the supplier. There are several chapters in the book that are devoted to the areas of risk 11
Chap-01.qxd 3/1/05 12:29 PM Page 12
Managing the Risks of IT Outsourcing
that influence the decision to outsource the IT function, and the subsequent governance thereof is highlighted. The forces that determine equilibrium in the risk profiles for the buyer and supplier are of specific interest.
Finally, it is important to highlight a key difference in terminology and concept between what may appear to be virtually the same at first, but which in fact have significant differences. Differences in emphasis are discussed next.
1.6
Differences in emphasis
Risks are observed to derive from the way an exercise is managed, the very definition of the term outsourcing and the use of IT
within the organization. The transfer of risks is different in one scenario compared to another, and the buyer/supplier relationships are different. In addition, changes in the process model and related risk profiles depend on this definition of outsourcing.
Risk transfer difference
The risks previously borne by the buyer in a contracting exercise for the management and supervision of a particular function are relinquished to the supplier in an outsourcing exercise. In the context of evaluating the risks and risk exposure of the supplier and buyer organizations, risks are transferred from the buyer to the supplier along with processes, assets and personnel management. The majority, if not all, of the buyer’s resources are no longer required and will no longer exist. In another outsourcing/contracting situation the work functions might still belong to the outsource supplier and the operations risk exposure still remains with the buyer organization.