Outsourcing, like any business endeavor, carries some risk. Some of those risks (like change management, government, SLA compliance, cultural fit between buyer and supplier, and the big one–will the supplier be there next year?) appear year after year. But as outsourcing changes, new risks appear. An informal Outsourcing Journal poll of 34 attorneys and outsourcing service provider executives revealed the risks in 2005 and included ideas to mitigate those risks.
The Risks in Offshoring
Companies who offshore face the risk of their company’s reputation, says Jon Doyle, a partner at White & Case LLP. Both the media and labor unions are against job losses to foreign countries and have targeted companies who are offshoring. Many suppliers tell him their buyers want to do “stealth” deals so the public doesn’t find out their outsourcing has an offshore component.
Mike Jones, President and CEO of (i)Structure, says his company has won some outsourcing contracts only after he promised he would send no job offshore.
Doyle suggests that, in some cases, another way to mitigate this marketplace risk is to leverage the media and industry groups to explain coherently the rationale for offshoring. “These companies must demonstrate offshoring doesn’t mean bad things for their employees in the US. They can also show the benefits to other US sectors, like consumers,” he explains.
Privacy is another issue that will come to the fore in 2005, according to Doyle, whose entire outsourcing practice is cross-border. He says privacy laws “will impact outsourcing in a very direct way.” Few companies–both US and non-US–are entirely compliant with the rapidly evolving privacy laws in the countries in which they do business and may have difficulty synthesizing those laws with the laws of countries from which the private information originates. He advises his Silicon Valley clients “to not share their coveted intellectual property and other sensitive data with a company that doesn’t comply with the privacy protection laws.”
Alfred Binford, Vice President and General Manager of Unisys Global Outsourcing business for the Americas, says this year’s 9/11 Report told the world, “We are safer but not safe.” He believes many suppliers “still don’t realize how critical it is to design high levels of physical and electronic security.” This year they must focus on data security..
The best way to mitigate this is for buyers to do a thorough due diligence to ensure their suppliers have processes in place that make them feel comfortable.
The Risk of Rising Interest Rates
Matt Furton, of counsel with Lord, Bissell & Brook, sees disentanglement issues becoming an issue in 2005 due to the new rising interest rate environment. “All of a sudden the risk/reward calculations will change,” he explains. He says that when the prospect of future mutual benefit goes away, so does the glue that holds both parties together. He posits companies need to be cognizant of the risks involved in early termination of their outsourcing contracts when making decisions.
The changing economy may also alter the product mix at a buyer’s company. What if that company drops a product line that the supplier was supporting? Outsourcing contracts have always needed to be flexible to handle the unexpected; rising interest rates may put those contracts to the test this year.
With the offshore economics so compelling and the US election over, everyone expects outsourcing deals to grow this year. “Outsourcing is hot right now,” points out Doyle. And when things get hot, the laws of supply and demand take over. Doyle worries that there “may not be enough good providers” to handle the work, especially for the small-to-medium sized businesses. “If the big providers have their plates full from the big, global companies, what does a buyer do if all the really good providers are too busy?”
He has the same worries about India’s capacity. “As big as India is, its suppliers may not have enough trained employees to be able to handle a big change in demand on a dime,” he says.
The alternatives for a buyer here are tricky. Doyle says “money talks;” offering more money may make the account more attractive. “But does this cost differential make sense?” he asks rhetorically. The other option is to keep the process in-house until “the suppliers you want to work with become available.”
Another risk to buyers who do BPO deals this year is the changing landscape of BPO suppliers and service offerings. According to Dan Masur, Partner, Mayer, Brown, Rowe & Maw, “New service providers, including established IT providers, are flocking to the exploding BPO market.” Because the market is relatively immature, he predicts the range of services they offer and the processes, tools, and facilities they use to deliver them “will be very different two years from now.” One result: he says there are “lots of players who haven’t really worked through the details of their service delivery model.” Even the big suppliers are in the same boat; Masur says in many cases they too “are making it up as they go.”
He recommends penning a contract “that can evolve with the market” since he predicts BPO services will become “cheaper and more reliable as the suppliers build out their service centers and develop their tools.”
Furton says long-term outsourcing relationships may come under strain this year because of the need to implement laws like Sarbanes-Oxley, known as SOX. (Implementation is done by corporate fiscal year, so 2005 will be the first date to comply for many.) He says buyers feel they have the right to ask their suppliers to prepare service auditor reports, a costly process that includes having an accounting firm visit the supplier’s facilities to evaluate its financial controls and processes. “These reports can be very expensive,” says the attorney. “And who pays for them?” He says the outsourcing parties have to negotiate this new expense. At the same time, he says buyers and suppliers may disagree about the thoroughness of the audit required under the new law.
“Sarbanes-Oxley compliance will be a major issue for CIOs this year,” adds Kevin Colangelo, a Senior Associate at Kramer Levin Naftalis & Frankel LLP. Companies that have outsourced any part of their finance and accounting process have an even greater challenge “to ensure the reporting processes are consistent.” He says that becomes “a pretty daunting task,” especially if the supplier sent some of the work offshore.
He warns buyers that they should not delegate SOX compliance to their suppliers. “You have to require your supplier to put in the controls you want on your behalf,” he says.
Another possible risk is government intervention. With the Bush reelection, outsourcing companies breathed a sigh of relief, believing the federal government will not pass legislation detrimental to offshore outsourcing. But state governments may still be a threat.
Bruce Leshine, a Partner at Levine, Blaszak, Block & Boothby, LLP, foresees the near-term convergence of information technology and telecommunications in formerly IT-centric outsourcing transactions with the advent of VoIP (voice over Internet Protocol). However, along with the potential economic benefits and management efficiencies that this IT-telecom convergence may bring, it poses risk “because VoIP technologies are still in a growing stage.” Performance of VoIP in delivering voice transmissions is wide-ranging, and the security of sending telecommunications over the Internet is not as well proven as over traditional landlines. “Buyers may be underestimating the technology risks involved,” he says.
Secondly, he warns buyers of IT-telecom combined outsourced services to make sure their IT supplier demonstrates that it can deliver both on such an integrated basis. “The suppliers can’t pretend they know how to do it,” he says. Leshine says the past is littered with IT suppliers who promised their buyers they could also handle their telecom needs and then the transaction blew up in their faces.”
Ask the suppliers if they are using and managing VoIP themselves and not simply re-selling third-party telecom. Often, when the IT supplier is the guinea pig, it works out the kinks quickly. Getronics is one supplier that tested its VoIP technology on itself and now shares the lessons learned and best practices with its clients.
Colangelo offers the best advice for risk mitigation, which is evergreen: “Risk management starts with the right relationship. Each side has to have the right expectations and understand what the other side wants.”
How the poll was conducted: The Outsourcing Journal phoned outsourcing executives during November and December, 2004, and interviewed them for this poll.