A survey conducted by Computer Economics on IT Outsourcing found that outsourcing is becoming an attractive option for smaller organizations and application development is the most outsourced function. It also found that outsourcing of IT security is increasing rapidly - compared to other outsourced functions. These trends can be primarily attributed to the growing availability of cost effective and scalable solutions in the cloud computing, robotic automation, and managed services solutions space.

In terms of preferred geographical location for outsourcing, The Economic Times recently reported that 75% of Multi-National companies (MNCs) in a survey chose India due to its buoyant economy, progress in enacting regulatory reforms and growing talent pool. While outsourcing was used as a cost cutting tool, the rationale is undergoing a perceptible change. Businesses are increasingly considering outsourcing as a cost-effective solution to draw top talent.

Readiness and evaluation risks

During evaluation of internal readiness, it is important to determine the best work to be outsourced which is ideally established areas of your business, as new innovative ideas or research can run the risk of IP theft. Introduce a confidentiality agreement that safeguards your business interests. Determining what the third party can or cannot do with regards to your outsourced product or processes, and the ownership of any creative output from the partnership, must be decided upfront.

Risk increases as geographical distances grow, in terms of international business. In case of offshoring, understanding the geopolitical situation is critical because business continuity plans must be initiated based on government stability, labour rates, laws, and vendor reliability – just to name a few. A detailed study of vendors to judge the soundness of their infrastructure and processes along with a review of their past partnerships must be carried out.

Operational and transaction costs

Operating under the assumption that outsourcing is going to reduce cost of ownership tends to overlook the evaluation costs incurred in identifying the appropriate vendor, infrastructural investments, organizational restructuring, etc. This is in addition to costs incurred to firm up the partnership in terms of knowledge transfer and making necessary changes to strengthen infrastructure as required. Hidden costs and unanticipated changes could crop up and how to handle them needs to be decided prior to the contract signing. Resolution of issues could get delayed in the absence of well-defined SLAs, which could seriously impact your business. Most risks can be avoided by drawing up a defined list of what the vendor must fulfil.

Business and compliance liabilities

When an IT function is outsourced, understanding the end to end flow is critical. A breakdown along the way could have cascading repercussions affecting revenue and profitability. Analyse the risks that are likely to occur which can affect your business and strategically address what to do if the risks were to be realized.

Ensure that the supplier has the right set of resources and partnerships in place to uphold regulatory compliance. If a chosen partner has external partnerships with several other companies, it can be a riskier proposition since all the parties involved must be audited for overall quality, compliance, and robustness of the security measures. According to the Deloitte outsourcing survey, 75% were confident of the vendor to stay on top of legal and regulatory issues while 64% shifted their focus to security protocols and sharing the security risks with the vendor. Disaster recovery and downtime due to infrastructure breakdown should be anticipated and addressed to ensure business continuity.

Outsourcing is a journey with the service partnership evolving over time. Maintaining a risk log at every step of the outsourcing project and regularly reviewing it, is a good practice to protect your business. Taking a page from the top three responses on outsourcing lessons from the Deloitte survey, companies should spend more time in service transition, constructing better service level agreements and devoting more time to vendor selection.

Asking the right questions upfront to understand your own risk tolerance, avoiding ambiguous contracts, conducting periodic reviews, and using an iterative approach to encourage innovation, are some tried and tested ways to keep risks from spiralling out of control.