Other than actuaries – who analyze risk to the point of obsession – there are few others who have succeeded in truly calculating business risk. With more and more companies looking to outsourcing as a means of streamlining and saving money, there is an increasing desire to transfer the risk associated with various IT outsourcing jobs. But unfortunately, today there is little risk assumed by the outsourcers.
If it is a unique outsourcing solution you are after – and most are – you may not be able to transfer much risk at all, since you will be negotiating from a weaker position, said David Ackerman at a recent Gartner Inc. symposium in Toronto. The ability to transfer risk is low, since the buyer of the services has fewer companies to choose from for a solution, he added. As a senior director of Gartner’s outsourcing practice, Ackerman has seen it all, including service level agreements with as many as 300 levels – which is overkill, he said.
Though outsourcing has been around for years, with such stalwarts as payroll and printing services leading the pack, moving into IT has been more difficult, in part due to the difficulty of transferring the business risk. Though all outsourcing contracts have service level agreements about how many “nines” of up time will be offered and what is to be done if they are not achieved, there has been legitimate trepidation on the part of the vendors to assume any business risk.
The consensus among analysts is that an outsourcer would be “insane” to assume too much – if any – business risk. If a corporate e-mail system goes down and a CEO misses a message paramount to the success of an acquisition, to what extent should an outsourcer be held responsible?
If the industry does move into more of a commodity market, where solutions are plug and play, outsourcers are going to have to take on some of the business risk as a means of market differentiation once competition increases. If they do decide to inherit some risk, they will have to be extremely savvy when doing so.
“You’ll have to spell it out quite specifically,” said Dan McLean, director of outsourcing with IDC Canada in Toronto. Companies will have to agree exactly what risk will be assumed. If the e-mail system goes down, will the outsourcer simply get it back up in an agreed amount of time, or will it be responsible for lost business, McLean queried. His advice to outsourcers? Today you’d be crazy to assume the risk, he said. “It is a touchy area. Customers want the vendor to assume the risk, while the vendors want the customers to keep it,” he said.
a commodities market
But as the industry matures and the solutions become more of a commodity, there is a sense risk transfer will increase. For the commodity trend to succeed, traditions will have to change.
One factor which has slowed IT outsourcing in general, and risk appropriation in particular, has to do with traditional outsourcing economics. Historically, outsourcers have rather large up-front costs, while profits are not typically generated until years later when costs fall. Assuming risk with traditional outsourcing models would likely push costs sky high, since, for many projects, risk does not depreciate as the contract ages.
It is for this reason that new models are being looked at, especially ones in which starting prices are significantly higher but drop more quickly than with older models. The money made up front can help deflect the risk throughout the contract.
With newer models, companies are “no longer making big profits at the back end to balance out losses of early years,” Ackerman said.
In fact, with newer models, the profit is generated from the start. But companies which pass on risk to the outsourcer, and are paying for the service, need to make sure they are not duplicating the service internally. “You want sharing (of roles) to be minimized,” Ackerman said. This helps to reduce the likelihood of “it-is-your-responsibility” scenarios when systems go down, he added
Regardless how business risk transfer evolves in the future, as outsourcing becomes more of a commodity, there will be big hurdles to overcome. “The big issue is (the fear) of losing control over your environment,” McLean said. Since statistics show it is costly and difficult to reintegrate failed outsourced projects, companies must take their time assessing the situation.