When planning to outsource all or part of an organization’s IT functions, it's important to perform active risk management throughout all stages of the outsourcing lifecycle. As a quick recap of Part 1 of this series, managing project risk is a process of identifying potential failure points in a plan, determining the probability of occurrence, and then estimating the impact of each. With that information in hand, an organization can move to the next step of actively managing risks by deciding which risks are tolerable and which ones need mitigation.
After determining your overall strategy, it's time to seek out potential providers of the outsourced IT services your company needs. While you can always just call Lou, the second cousin of your sister-in-law who works for a big acronym company based in D.C, (don’t laugh too hard — this happens all too often); the best method for accomplishing this selection is to run a competitive bid process and issue a Request for Proposal (RFP).
By reaching out to multiple providers experienced in the outsource services that your firm needs, you will encourage the bids to be competitively priced. In addition, you will likely get a disparity of viewpoints that will point out potential pitfalls that may have otherwise been missed. Finally, in deference to the adage about keeping all of one’s eggs in one basket, having multiple vendors bid (and in some case jointly win) an outsourcing opportunity provides your organization with a fallback strategy if negotiations or delivery later go awry.
A simple but frequently forgotten risk management tenet to remember is that you want to provide every opportunity for your vendor to be a success. While this seems obvious, often executives can be heard saying things like, “I don’t worry about the details. That’s what we pay them for…” or “Our contract is ironclad. One misstep on their part and the penalties are so bad we’ll practically own their company.” While your trains sit idle as engineers try to figure out why the two tunnels didn’t meet under the channel or your order screens remain dark while you sit in court arguing with your call center provider over liquidated damages, your clients are flocking elsewhere.
The more clarity and detail you can provide in your RFP, the better your potential partners can determine if they can provide a solution and what it might entail. This does not mean that you have to tell them exactly what the solution is; one of the great benefits of a competitive bid process is the opportunity to have input from a variety of very knowledgeable organizations on how best to meet your goal. It does mean, however, that you should provide as much specificity as possible in regard to your current state. If you lack a complete inventory of your company’s IT architecture/infrastructure including existing (legacy) application portfolio, IT support structure and current projects, costs, and service levels, then a high level assessment of components and their suitability for outsourcing (and/or insourcing) needs to be accomplished first.
Within the RFP process there are other ways of reducing risk. The more time that you can provide your potential partners to perform discovery and develop their responses, the better. If for some reason your schedule is constrained, then provide as much access to internal subject matter experts for question and answers, follow-up meetings, etc. as possible.
Another easy tactic for reducing risk: Throughout the RFP, try to use quantitative descriptions instead of qualitative ones wherever possible. A personal favorite is when I see a client request or a vendor promise “best-in-class." Firsthand experience has shown that when it comes to IT, “best in class” means something completely different to an aerospace firm than it does to a highway-paving company.
Cutting to your bottom line, the more unknowns your service provider faces, the greater the risk. Risk costs money; the more risk that can be driven out of an IT outsourcing solution, the less a vendor will charge you and the greater the chance you have for a successful outsourcing endeavor.
Reprinted with permission from Alsbridge.
Read Part 1, doing risk assessment in your outsourcing endeavors:
Read Part 3, evaluating service provider proposals:
Read Part 4, covering disputes in the contract
Read Part 5, a guide to setting SLAs
Read Part 6, managing outsourcing after the contract is signed