Top 10 risks of offshore outsourcing

According to Meta Group research, offshore outsourcing is growing 20%-25% per annum, with little evidence of slowing. While most enterprises experience initial resistance, most technical issues are readily resolved and geopolitical risk is deemed insignificant after careful evaluation. For those implementing or considering offshore outsourcing options, Meta created a list of the top 10 risks.

According to Meta Group research, offshore outsourcing is growing 20%-25% per annum, with little evidence of slowing.

While most enterprises experience initial resistance, most technical issues are readily resolved and geopolitical risk is deemed insignificant after careful evaluation. For those implementing or considering offshore outsourcing options, Meta created a list of the top 10 risks.

Through 2004/05, IT organizations will outsource discrete projects/functions offshore (e.g., from application development projects to specific call center support). Growth will continue at 20%+. Offshore strategies by domestic vendors will shift business from large, integrated outsourcing contracts, but most IT organizations will still develop strategies that focus on pure-play offshore vendors. The top 10 risks of offshore outsourcing are as follows:

1. Cost-reduction expectations: The biggest risk with offshore outsourcing has nothing to do with outsourcing - it involves the expectations the internal organization has about how much the savings from offshore will be. Unfortunately, many executives assume that labor arbitrage will yield savings comparable to person-to-person comparison (e.g., a full-time equivalent in India will cost 40% less) without regard for the hidden costs and differences in operating models. In reality, most IT organizations save 15%-25% during the first year; by the third year, cost savings often reach 35%-40% as companies "go up the learning curve" for offshore outsourcing and modify operations to align to an offshore model.

2. Data security/protection: IT organizations evaluating any kind of outsourcing question whether vendors have sufficiently robust security practices and if vendors can meet the security requirements they have internally. While most IT organizations find offshore vendor security practices impressive (often exceeding internal practices), the risk of security breaks or intellectual property protection is inherently raised when working in international business. Privacy concerns must be completely addressed. Although these issues rarely pose major impediments to outsourcing, the requirements must be documented and the methods and integration with vendors defined.

3. Process discipline (CMM): The Capability Maturity Model (CMM) becomes an important measure of a company’s readiness to adopt an offshore model. Offshore vendors require a standardized and repeatable model, which is why CMM Level 5 is a common characteristic. META Group observes that approximately 70% of IT organizations are at CMM Level 1 - creating a gap that is compensated for by additional vendor resources on-site. Companies lacking internal process model maturity will undermine potential cost savings.

4. Loss of business knowledge: Most IT organizations have business knowledge that resides within the developers of applications. In some cases, this expertise may be a proprietary or competitive advantage. Companies must carefully assess business knowledge and determine if moving it either outside the company or to an offshore location will compromise company practices.

5. Vendor failure to deliver: A common oversight for IT organizations is a contingency plan - what happens if the vendor, all best intentions and contracts aside, simply fails to deliver. Although such failures are exceptions, they do occur, even with the superb quality methodologies of offshore vendors. When considering outsourcing, IT organizations should assess the implications of vendor failure (i.e., does failure have significant business performance implications?). High risk or exposure might deter the organization from outsourcing, it might shift the outsourcing strategy (e.g., from a single vendor to multiple vendors), or it might drive the company toward outsourcing (if the vendor has specific skills to reduce risks). The results of risk analysis vary between companies; it is the process of risk analysis that is paramount.

6. Scope creep: There is no such thing as a fixed-price contract. All outsourcing contracts contain baselines and assumptions. If the actual work varies from estimates, the client will pay the difference. This simple fact has become a major obstacle for IT organizations that are surprised that the price was not "fixed" or that the vendor expects to be paid for incremental scope changes. Most projects change by 10% to 15% during the development cycle.

7. Government oversight/regulation: Utilities, financial services institutions, and healthcare organizations, among others, face various degrees of government oversight. These IT organizations must ensure that the offshore vendor is sensitive to industry-specific requirements and the vendor's ability to: 1) comply with government regulations; and 2) provide sufficient "transparency" showing that it does comply and is thus accountable during audits. The issue of transparency is becoming more significant as requirements such as the USA Patroit Act and the Sarbanes-Oxley Act place greater burdens of accountability on all American corporations.

8. Culture: A representative example: although English is one official language in India, pronunciation and accents can vary tremendously. Many vendors put call center employees through accent training. In addition, cultural differences include religions, modes of dress, social activities, and even the way a question is answered. Most leading vendors have cultural education programs, but executives should not assume that cultural alignment will be insignificant or trivial.

9. Turnover of key personnel: Rapid growth among outsourcing vendors has created a dynamic labor market, especially in Bangalore, India. Key personnel are usually in demand for new, high-profile projects, or even at risk of being recruited by other offshore vendors. While offshore vendors will often quote overall turnover statistics that appear relatively low, the more important statistic to manage is the turnover of key personnel on an account. Common turnover levels are in the 15% to 20% range, and creating contractual terms around those levels is a reasonable request. Indeed, Meta Group has seen recent contracts that place a "liability" on the vendor for any personnel that must be replaced. The impact of high turnover has an indirect cost on the IT organization, which must increase time spend on knowledge transfer and training new individuals.

10. Knowledge transfer: The time and effort to transfer knowledge to the vendor is a cost rarely accounted for by IT organizations. Indeed, we observe that most IT organizations experience a 20% decline in productivity during the first year of an agreement, largely due to time spent transferring both technical and business knowledge to the vendor. Many offshore vendors are deploying video conferencing (avoiding travel) and classroom settings (creating one-to-many transfer) to improve the efficacy of knowledge transfer. In addition, employee turnover often places a burden on the IT organization to provide additional information for new team members.

Business impact: Offshore outsourcing can reduce IT expenditures by 15%-25% within the first year. Longer term, process improvements often make great impacts on both cost savings and the quality of IT services delivered.

Bottom line: As IT organizations consider the vast benefits and allure of offshore outsourcing, they must balance the risks and uncertainties with the potential for labor arbitrage.

Copyright ©2004 Meta Group Inc.

Dig deeper on Offshore outsourcing

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close