This is a multipart discussion that will be posted over the next several days.
Understanding how your company seems risk and the different types of risks will allow you to frame your risk management efforts with the proper light. Defining whether your risks are endogenous, exogenous or both is also critically important.
The next question that comes up is “how do I handle risk?” For the purposes of our discussion:
- Do Nothing
- Hedge the risk by investing in risk mitigation processes, technologies and tools
- Transfer the risk via insurance or securitization
- Switch to a provider with a “better” risk profile
- Exit the business or relationship generating the risk
The debate about outsourcing
No matter how thin you slice a piece of bread, there are always 2 sides. Even though most business professionals believe that outsourcing is a tool that allows them better control over cost, service and risk, some still believe outsourcing is bad and should be avoided.
On one side we have a clear presentation of business benefits such as:
- Lower costs
- Economies of scale
- Access to specialized resources
- New business venture opportunities
Opponents have stood their ground claiming :
- Escalating costs
- Diminishing service levels
- Loss of expertise
Having helped organizations outsource for the last 15 years, trust me when I say outsourcing can deliver extremely positive returns if negotiated and implemented properly. One of the key drivers to proper implementation is a strong risk management framework. When outsourcing deals “go bad”, it usually stems from:
- The customer has not properly defined what they really wanted.
- The outsourcer did not properly understand what was being asked for.
- The contract does not properly define the agreement which leads to disagreements (both scope and financial.
All of these can be avoided if overseen by a manager that understands and is able to manage risks.
1. Gupta, U. G. and Gupta, A., “Outsourcing The IS Function: Is It Necessary for Your Organization?,” Information Systems Management, Summer 1992, pp.44-50
2. Earl, M. J., “The Risk of Outsourcing IT,” Sloan Management Review, Spring 1996, pp.26-32
Stay tuned for part 3 tomorrow