Risk Mitigation in I.T. Outsourcing Strategies

The scandal enveloping Satyam, India’s 4th largest technology company has made several organisational I.T. policy makers queasy (to put it mildly). As I have been responsible for insourcing and outsourcing decisions in my career, the latest developments in India have forced me to contemplate the actual value proposition that outsourcing provides while taking into account contractual risk mitigation. While an organisation may secure its outsourcing contracts via back-to-back service level agreements, the very prospect of almost immediate, multiple project failures and internal/external client dissatisfaction is a decision maker’s worst nightmare. Proponents of outsourcing also have to battle with their conscience about the moral justifications of sending work overseas. Scandals such as these help reaffirm the conviction that maybe insourcing is a better model.

While browsing the topic, one restless night, I happened to find an article that provided some good advice regarding outsourcing. The advice below is from Fujitsu Network Communications SVP and CIO, Jeff Meier. From experience I found that many of Jeff’s pointers ring clear and true:

1. Perform due diligence on determining whether outsourcing is right for your company. Tie your sourcing strategy to the company's business strategy. Make sure your IT organization has a sourcing plan.
2. Fully understand how outsourcing will affect the current IT organization's employee morale and productivity. Also, will a potential outsourcing relationship impact current customer relationships?
3. Obtain upper management support by creating a decision-making framework based on your sourcing strategy. This is achieved by having an accurate understanding of your IT organization's total costs, your IT service levels that need to be attained, and what IT functional areas would be best considered for outsourcing.
4. Always conduct a full-scale RFP process in selecting an IT outsourcing provider. If your company has business units that provide IT services, stand firm on insisting that these business units participate in the RFP process just like an external organization.
5. Ensure that a clear, detailed understanding exists between your company and the IT sourcing provider on the total responsibilities of each party in the partnership. Ensure the responsibilities of each party are thoroughly defined in the forthcoming legal agreement governing the IT outsourcing relationship.
6. Maintain a line of strong internal IT leaders responsible for setting IT strategy and managing the day to day activities of the IT outsourcing relationships. The IT leaders should report directly into the CIO office.
7. If the deal involves the transfer of internal employees to the external IT outsourcing provider, identify and document in the contract agreement "key personnel" who will continuously remain active on the your account unless otherwise specified. If key personnel terminate employment with the IT outsourcing partner, clearly lay out the steps required to replace the departed key personnel with the IT outsourcing partner.
8. Clearly define and document your security and intellectual property protection requirements with the IT outsourcing partner.
9. Specify that the internal IT organization is responsible for the management of all services provided by the IT outsourcing partner. Your CIO should be the primary point of contact for all current or potential activities of the IT outsourcing provider.
10. Once an IT outsourcing partnership begins, be diligent in monitoring the performance of the IT outsourcing partner. Ensure that agreed-to service levels are being achieved and insist that the provider submits improvement plans for service levels not being met.