Home Page > Publications > Managing Risk When Offshoring IT

Managing Risk When Offshoring IT

When planning to offshore part of an organisation's IT functions, it's important to identify and manage risk throughout the outsourcing lifecycle. As Stephen Reed of Alsbridge comments on sourcingmag.com, "Active risk management is a process of continually identifying and monitoring potential failure points in a plan, determining the probability of occurrence, estimating the impact of each failure and then developing ways to lessen or avoid those risks (i.e. mitigation). The more unknowns your service provider faces, the greater the risk. Risk costs money, so the more risk that can be driven out of an IT outsourcing solution, the less a vendor will charge you and the greater the chance becomes for a successful outsource." In this article we address four risk factors when offshoring IT: internal expectations, data security, vendor attrition rates, and knowledge transfer.

Since the 1990's IT organisations have been offshoring discrete projects across application development, eCommerce, remote infrastructure management and helpdesk. Growth has been staggering, and the graveyard of failed projects is full of carcasses. Let's take the coroner's view, and look at how ineffective risk management can lead to a project's demise.

Internal Expectations: The biggest risk with IT offshoring has to do with the expectations the internal management team has about how much the savings from offshoring will be. Many executives assume that labour arbitrage will yield savings comparable to person-to-person comparison so they look at someone's salary in Chennai and compare it to London without regard for the hidden costs and differences in operating models. There are hidden costs in offshoring like communication barriers, cultural differences and it often takes 18 months to get over the steep learning curve. In reality, most IT organisations, do not manage the expectations of the internal organisation effectively. You are better off promising small numbers and then exceeding them.

Data Protection: Have all the necessary checks been done on security prior to migrating IT services offshore. Does the supplier have the ISO 27001 and 27002 qualifications? A site visit is recommended to ensure robust security practices and to verify if vendors can meet the security requirements your organisation has internally. The risk of intellectual property protection is inherently raised when working in India and China so vet the vendor carefully. The data protection requirements must be documented and the integration with a service provider well managed.

Vendor Attrition rates: Prior to the credit crunch, the dynamic labour market in India meant that most offshore providers could see annual attrition rates of 50% or more. Few things are more painful than spending 6-12 months training someone, and having them leave just as they are becoming effective. While offshore vendors will often quote overall turnover statistics that appear relatively low, they can vary greatly from client to client. Therefore, it is essential to build loyalty among your outsourced teams. Luckily, economic factors are helping to drive down overall attrition rates, but it is still a primary risk to address.

Knowledge Transfer: The time and effort to transfer knowledge to a service provider is often underestimated by IT or the finance teams. According to Gartner, most IT organizations experience a 20% decline in productivity during the first year of an agreement, largely due to time spent transferring both technical and business knowledge to the service provider. When selecting a supplier ensure they have strong expertise and experience with managing knowledge transfer. Proven processes, templates and documentation is vital in succeeding when offshoring IT work.  

Quick Contact Form
Company Name
Contact Name *
Telephone Number *
Email Address *