Deconstructing IT outsourcing risks

15.06.2020
7 min.
title

Despite the negativity that pervaded some reports, the information technology outsourcing (ITO) industry is active and doesn’t show signs of stopping.

Market research hasn’t yet caught up on the economic impact of the global pandemic and the ensuing crisis, apart from Gartner, perhaps, that predicts a $300 billion slash to the total IT spending in 2020. The current uncertainty might require certain adjustment of forecasts, but the 2019 projections for the IT outsourcing growth consistently fell between the CAGR of 4% (Technavio) and 6% (Beroe) for the period leading up to 2022.

According to Statista, in 2019 ITO generated $66.5 billion in global revenue over the $26 billion generated by business process outsourcing, showing the prevalence of the former. The model of contracting third parties to provide custom software development has been proving its viability for years and isn’t going anywhere.

ITO is not only ubiquitous but instrumental to meeting the imperatives of business growth and resilience. The KPMG research on the state of operations and outsourcing in 2018 identified the proportions of companies with over $1 billion in annual revenue relying on external partners in key areas:

Reliance on internal and external partners to achieve C-suite directives

With all these facts on hand, we can be sure of the model’s vitality. It’s all the more interesting then to dissect the reasons behind this vitality and understand why companies keep outsourcing, which common fears and challenges are associated with this model, and how to address the omnipresent outsourcing risks identified below.

Why do businesses outsource at all?

To understand why certain companies opt for outsourcing, we need to get to the core of contemporary business operating models.

This trend toward opening up companies’ boundaries to external contractors can be traced in the organizational theory of the last few decades. The topic of temporary teams versus permanent organizations has been occupying economy philosophers such as Gernot Grabher, Charles Leadbeater, and Charles Handy, among others. They argue that as we entered the post-Fordist era of economy, traditional firms started shifting to outsourcing models, many of which consist of virtual networks of so-called ‘portfolio workers’.

Project-based collaboration is preferred by today’s generation of entrepreneurs. Getting together to reach a particular goal with the optimal set of required competencies that come from both inside and outside the core company becomes the way to reach benefits that are otherwise unattainable.

With volatile markets, ever-changing customer demands, and disrupting technologies, every company is forced to become flexible or fall behind their competition, and the outsourcing model provides this level of flexibility with its well-oiled mechanisms of change management.

It’s worth noting that cost-cutting is no longer found at the top of the list of reasons for outsourcing, which reflects how the priorities have shifted over the past years. Companies looking to outsource their technology development, migration or maintenance to short-term or long-term contractors seek to minimize time to market and make advantage of the contractors’ established skillsets and know-how, which otherwise would take years to accumulate and field-prove for non-specialized companies.

The pressure to innovate is tremendous. Deloitte’s latest Global Outsourcing Survey, published in 2018, hailed the coming of disruptive outsourcing as a model transforming the industry, led by migration to the cloud and robotic process automation. It’s not surprising that many smart companies are looking to gain advantage through ‘power partnerships’ with specialized providers showing mature expertise in these domains.

Other reasons to go for outsourcing include reducing the burden of HR administration along with other overheads related to accommodating in-house staff. This equally entices both mature corporations and startups that can’t afford being hindered by their inability to attract sought-out talents.

However, there is the flipside to everything, and ITO is no exception. There are software development risks inherent to every IT project per se, but companies that choose to outsource have to learn to trust their contractors, which doesn’t come easily as they have to make do with certain opacity regarding project management. There are other challenges of outsourcing, too, which can originate on both the outsourcing vendor’s and the customer’s sides. Although they are perceived as risks, they can be addressed and effectively mitigated. Let’s look at them in more detail.

Get equipped to handle these IT outsourcing risks

In a time when digital transformation becomes a matter of businesses’ survival and a strategy of maintaining their relevance on the market, ITO vendors are the ones turning into full-fledged partners. It’s not uncommon for these partners to take end-to-end responsibility over their service delivery cycle, from business analysis and project management to continuous maintenance. But, as they say, risk management is the only activity CIOs can’t outsource.

Risk no. 1: remote and distributed teams

All outsourcing projects are by definition remote, which can be viewed as the number-one challenge. This typically leaves the client with little control over the project execution on the vendor’s side in between the deliverables reported.

Yes, outsourcing teams are almost always in another location, probably even on another continent, but there are always ways to solve this issue.

Business trips should be frequent, especially at the beginning of the project when building mutual trust and gathering requirements. Face-to-face communication works best for establishing the initial connection and working out comfortable ways of sharing control and responsibilities between the team and the project stakeholders. It helps if the customer takes part in interviewing and selecting team members prior to the project start as it helps to get to know the people and check if there is ‘professional chemistry’ before the work kicks off.

All in all, providing that 80% of any work can be done remotely, and there are effective technologies on the market to make communication seamless and timely, this challenge becomes quite manageable.

Risk no. 2: domain expertise

One possible pitfall of sourcing work beyond your company is the lack of domain-specific knowledge within the vendor’s team. Creating artificial intelligence for radiologists might be too specific a task to take up by your average software developer. Success of any project is always determined by how well it fits into the industry where it’s meant to bring value. If the team has no previous experience of similar projects or can’t navigate the industry’s problems and needs easily, the customer will have to allocate extra time on knowledge transfer and team orientation.

There are two ways to go about this challenge. The first one is to hire only those vendors who can showcase their portfolio of projects done for your industry, the requirement that should be made clear at the presales stage. The second one is to include the discovery phase in the first stage of the software development cycle, so that the vendor’s team and the customer’s board of project owners could get on the same page regarding the project requirements and the customer’s expectations.

Risk no. 3: security and compliance of data practices

The price of a data breach is as high as never. In addition to reputational damage, companies may suffer severe penalties by regulatory bodies: in 2019, British Airways was faced with a record $228,000 fine for infringing the General Data Protection Regulation (GDPR) that resulted in the data of almost 500,000 customers being stolen.

Outsourcing any operations that deal with sensitive customer or corporate data places an increased responsibility on both the customer and the contractor, since regulatory scrutiny is increasingly extended to vendor relationships. It’s fully acceptable for you as a customer to require the proof of secure software development practices and reliable frameworks of IP protection in place at the vendor’s organization.

It’s important to ensure the transparency and compliance of all the practices adopted down the supply chain, too. If your contractor outsources a portion of your project scope to sub-contractors, the latter should follow the same safe data policy as required by your applicable legislation. It helps ensure that third-party service providers act in your best interests while adopting your set of values to provide deliverables that are consistent and compliant.

To wrap up, Deloitte’s survey cited above provides a glimpse of other common steps taken to mitigate cybersecurity risks during outsourcing:

How organizations are addressing cyber risks when making decisions to outsource

Risk no. 4: team motivation

Starting on a high note, both in-house and outsourced teams can develop fatigue and show decreasing motivation on long-term projects. As we know, projects differ, and not all of them are about developing ground-breaking products or devising a data analytics strategy to survive a crisis.

One of the possible solutions is to introduce a dynamic cooperation culture, where developers themselves have a voice in shaping the product on the grounds of innovation. As research shows, companies have adopted diverse approaches to encouraging their vendors to innovate. Deloitte compares the 2016 and 2018 responses to their Global Outsourcing survey:

Three levers that saw the greatest increase between 2018 and 2016

Another option to stir up the team’s spirits relates to the vendor’s policy of employee engagement. Namely, it is recommended to keep rotating the staff across teams and locations in-between projects, and strive to make it 70% work and 30% fun.

Risk no. 5: customer engagement

It doesn’t happen often, but sometimes customers ‘disappear’ as soon as the project starts, thinking their job is done until it is time to reap the end result. When messages are ignored for a few days, it can be a solid reason to stop the project until further notice. If the vendor’s team doesn’t get timely response to their questions or requests, chances are the end product will not be what the customer initially envisioned.

It’s a good practice to put down communication guidelines and the level of the customer’s involvement on the whole in the contract, so that there is no ambiguity left. Also, both sides need to remember that constant monitoring and feedback are the key prerequisites for success. After all, it’s a two-way street.

Risk no. 6: critical feedback

On the customer’s part, being ‘too nice’ and automatically approving each stage of the development can seriously hurt the project. The outsourcing team needs criticism like they need air; it is the very foundation for their day-to-day decision making. Constructive criticism shows that the customer is aware of how the project is going and that the project participants are fully dedicated to doing their best. The more detailed the criticism, the better the results.

From transactional relations to true partnerships

Looking closer at the risks sketched above makes it clear that they mostly spring from a poor collaboration culture between the customer and the vendor.

In the past two decades, we’ve seen the best results from relationships that went beyond pure transactions and grew into true partnerships. This is not always easy, because it requires a cultural shift that emphasizes work toward the same objectives, alignment of responsibilities, and focus on creating value, not just outputs.

Shared accountability should be at the core—only then collaboration becomes healthy and drives successful results. Such accountability should go beyond the basic metrics of time, scope, and budget, including also hard policies on managing risks, such as those related to legislation, security, and confidentiality. Drilling down to the foundation of any successful ITO project, we shouldn’t forget about effective project management either. Skipping managerial duties on the customer’s part can result in chaos and lack of control. If there is no project manager on the vendor’s side, the customer is likely to get lost in a flood of emails from designers, developers, and testing engineers, and thus risk overlooking critical information.

This is how efficient project management, shared accountability for the project outcome, and a transparent collaboration environment can help address the IT outsourcing risks outlined above.

Vendor relationship management does take time to mature, and there is always room for improvement. When asked if they would do anything differently next time, the respondents of the Deloitte survey identified more than one lesson learned:

Key learning from past outsourcing experiences

So is outsourcing that risky?

Yes, outsourcing is risky indeed, but only if you underestimate the importance of fine-tuned project management and communication. So, if problems of outsourcing do exist, they are likely to be caused by the lack of proper project governance and fickle relationships between the customer and the vendor.

Paying attention to the clarity of partnership terms, strengthening project management guidelines, and keeping up genuine communication throughout the project is a way to go for those who want to avoid falling in common traps of mismanaged outsourcing.