Strategy, Innovation, Leadership and Security
As mentioned in my post on November 7 2011, I was a guest speaker at a breakfast meeting for the Montreal Association of Information Security. My presentation was about best practices, tips and tricks about outsourcing.
As promised, I am making my presentation available here in PDF format. It can be freely distributed as long as it is left intact.
You can download it for free from my Evernote account by following this link : file.
I have spoken and written about outsourcing to China for a couple of years now. Although China does require special handling, many of the high level recommendations are the same as regardless of where you decide to outsource.
So here is a summary style high level overview of some of the important considerations:
Ask Why: Ask yourself exactly why you are outsourcing. It is because you want to reduce your costs, access specialized skills or as a risk management exercise? Understanding exactly why you want to outsource should be your first question. Take the time to get granular and as detailed as possible. If you want to save money, then decide exactly how much and how? Time spent thinking about this will help your decision making and later negotiations.
Ask Who: Once you’ve decided why you want to outsource, then the next logical question is who. What type of provider is best positioned to meet your why requirements? What is the ideal size of the provider? What is the ideal geographic footprint of the provider? What type of experience or client list does the ideal provider have?
Ask How: If I had to pinpoint one reason why most outsourcing deals fail to meet client expectations is SM&G (aka Service Management and Governance). You should have as much SM&G that you need to keep the delivery adequate and the relationship healthy but no more. Think about how you will measure successfully delivery and how you expect the vendor to report on it. What methodology should they use? How will you periodically check their reporting? Some aspects of SM&G that get forgotten are data privacy, IP handling, financial performance, etc. When dealing with offshore providers (India, Malaysia, Philippines, China, etc.), this can get doubly complicated because many times the small to mid size providers won’t have local presence and may have communication issues. Make sure all of this is clearly thought out and documented in your contract. An ounce of prevention is worth a pound of cure.
Chinese Model Cities: The Chinese government has built the concept of Chinese Model Cities. These cities are locations where government encourages a specific type of product or service. When dealing with China, it is important to consider this fact and deal with organizations that deliver the product or service you want from the designated Chinese model city for that product or service. Failing to do so may lead to huge headaches.
This is not an exhaustive list but hopefully it has given you food for thought. If you have questions, feel free to contact me using the Contact Form.
This is a multipart discussion that will be posted over the next several days.
Understanding how your company seems risk and the different types of risks will allow you to frame your risk management efforts with the proper light. Defining whether your risks are endogenous, exogenous or both is also critically important.
Managing Risks
The next question that comes up is “how do I handle risk?” For the purposes of our discussion:
The debate about outsourcing
No matter how thin you slice a piece of bread, there are always 2 sides. Even though most business professionals believe that outsourcing is a tool that allows them better control over cost, service and risk, some still believe outsourcing is bad and should be avoided.
On one side we have a clear presentation of business benefits[1] such as:
Opponents have stood their ground claiming [2]:
Having helped organizations outsource for the last 15 years, trust me when I say outsourcing can deliver extremely positive returns if negotiated and implemented properly. One of the key drivers to proper implementation is a strong risk management framework. When outsourcing deals “go bad”, it usually stems from:
All of these can be avoided if overseen by a manager that understands and is able to manage risks.
Reference:
1. Gupta, U. G. and Gupta, A., “Outsourcing The IS Function: Is It Necessary for Your Organization?,” Information Systems Management, Summer 1992, pp.44-50
2. Earl, M. J., “The Risk of Outsourcing IT,” Sloan Management Review, Spring 1996, pp.26-32
Stay tuned for part 3 tomorrow
This is a multipart discussion that will be posted over the next several days.
Over the last 5 years, I have seen a huge surge in the number of companies adopting formal risk management frameworks and methodologies. This is sometimes driven by regulatory requirements and other times by experienced executives that understand the importance of risk management.
I wanted to take a quickly look at risk management in the context of outsourcing.
What is risk?
The definition of risk is intuitive but can be summarized as “an event that may have a material impact on your business and its success or desired outcome”.
How does your company view and measure risk?
Depending on your industry, you can adopt one of the following risk management models:
Types of risks
There are 2 types of risks that your company may be subjected to (each with its own mitigation strategy):
When playing Russian roulette in a casino, the actual risk related to a result number other than the one I have chosen is exogenous and out of my control. Risking my capital by playing Russian roulette is an endogenous risk because it is a result of my actions.
Stay tuned for part 2 tomorrow