Managing Risk in IT Outsourcing – Part I

Managing project risk is a process of identifying potential failure points in a plan, determining the probability of occurrence, and then estimating the impact of each. With that information in hand, an organization can move to the next step of actively managing risks by deciding which risks are tolerable and which ones need mitigation.  IT continuity is a classic example of this balancing act whereby a company can choose to spend several thousand dollars to have spare servers that can be loaded to replace a failed system within a few days (leaving business processes to be completed manually somehow in the meantime); or the same company can instead choose to mitigate the risk by spending millions to have redundant systems that can come online within moments of a critical failure.

Applying active risk management to an IT outsourcing project starts with the scope and complexity of the solution itself. Typically, an organization will find that outsourcing desktop and email support for 5000 users will be easier and have less risk than outsourcing support and maintenance of a customized ERP solution for 500. Age, uniqueness and stability of systems will all play a role in the risk calculation.

For example, if you are running an enterprise application that is multiple release versions behind what the software vendor is currently offering, it is unlikely that any IT outsourcing provider will offer a solution that includes Service Level Agreements (SLAs) when they cannot be sure that they will get adequate (or any) support from the software company. As a result, the proposed cost solution you receive will essentially be fixed and will not take advantage of the variable cost structure that an SLA can provide.

Next, are the systems considered for outsourcing COTS (commercial-off-the-shelf) or are they heavily customized and known only to a handful of developers who come down from the mountains in Wyoming every spring? Custom tailoring can be wonderful for suits, but will certainly raise risk and cost if an outsourcing provider needs to somehow replicate unique talent and knowledge. Custom systems will always cost more to outsource than plain vanilla ones. Here is a great example of where a risk can be mitigated: outsourcing almost always involves some amount of business process engineering, so an organization may choose to take this opportunity to finally restructure business processes in line with the best practices already defined within most leading enterprise applications.

Moving on to stability, one of the benefits to outsourcing is that you are looking forward to making the vendor take all the midnight calls to reboot the servers, clear out caches, etc.  The vendor, however, is not that altruistic and enjoys a good night’s sleep as much as the next person.  As a result, if the systems being considered for outsourcing take more than a reasonable amount of effort to support and maintain, that cost will either be charged back to you, or the vendor will simply choose to place that particular poor-behaving application out of scope for the agreement.  Vendors expect to get a certain amount of headaches and are counting on their strength in numbers and a deep technology bench to be able to overcome those headaches, but an unstable system will always cost you more to outsource than a stable one.  In keeping with the concept of mitigation, this presents an opportunity for you to evaluate whether to keep that old, expensive architecture or move to a newer paradigm.

In closing, risk costs money.  The more risk that can be driven out of an IT outsourcing solution, the less a vendor will charge you and the greater the chance becomes for a successful outsource. Risk management and program management are specialized skills that many organizations have not had to previously develop an in-house expertise for. Alsbridge is happy to provide the objective, experienced knowledge and insight to guide your company in successfully navigating an IT outsourcing effort.


    Popular posts

    Related posts