Table Of ContentPrelims.qxd 3/1/05 12:29 PM Page i
Managing the Risks of IT Outsourcing
This page intentionally left blank
Prelims.qxd 3/1/05 12:29 PM Page iii
Managing the Risks of IT Outsourcing
Ian Tho
AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD
PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
Prelims.qxd 3/1/05 12:29 PM Page iv
Elsevier Butterworth-Heinemann
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
30 Corporate Drive, Burlington, MA01803, USA
First published 2005
Copyright © 2005, Ian Tho. All rights reserved
No part of this publication may be reproduced in any material form
(including photocopying or storing in any medium by electronic means
and whether or not transiently or incidentally to some other use of this
publication) without the written permission of the copyright holder except
in accordance with the provisions of the Copyright, Designs and Patents Act
1988 or under the terms of a licence issued by the Copyright Licensing
Agency Ltd, 90 Tottenham Court Road, London, England W1T 4LP.
Applications for the copyright holder’s written permission to reproduce
any part of this publication should be addressed to the publishers
British Library Cataloguing in Publication Data
Acatalogue record for this book is available from the British Library
Library of Congress Control Number 200592252
Acatalogue record for this book is available from the Library of Congress
ISBN 0 7506 65742
For information on all Elsevier Butterworth-Heinemann
publications visit our web site at www.books.elsevier.com
Typeset by Charon Tec Pvt. Ltd, Chennai, India
www.charontec.com
Printed and bound in United Kingdom
iv
Prelims.qxd 3/1/05 12:29 PM Page v
Contents
About the author xiii
Preface xv
Section I: Language of IT Outsourcing (ITO) 1
Chapter 1: Common terms and concepts used in
outsourcing 3
1.1 The need to manage risks in IT outsourcing 4
1.2 The practice of outsourcing 5
1.3 Agreeing the definition of outsourcing 7
1.4 Contracting versus outsourcing 9
1.5 Blurred organizational boundaries 11
1.6 Differences in emphasis 12
Risk transfer difference 12
Buyer/Supplier relationship difference 12
Changes in process model difference 13
1.7 Process changes 16
1.8 Acceptance of information technology
outsourcing (ITO) 18
Early adopters and failures 19
1.9 Benefiting from ITO 20
Supplier benefits 23
Common (buyer and supplier) benefits 24
Buyer benefits 24
1.10 Outsourcing models 25
Outsourcing types 27
Complete/Selective outsourcing 28
Keiretsu 29
1.11 Outsourcing partnerships 30
v
Prelims.qxd 3/1/05 12:29 PM Page vi
Contents
1.12 Outsourcing contracts 34
1.13 Outsourcing and the implications for human
resource development 37
Chapter 2: Outsourcing the IT function 39
2.1 The ‘core competency’ argument 41
Performance of the IT function 42
Distinctive competency 44
Diversification and specialization 45
Outsourcing to derive the benefits of core
competency 46
2.2 The ‘economies of scale’ argument 47
2.3 Commoditization of IT 49
2.4 The role of IT in the organization 49
2.5 Outsourcing and the unique role(s)
of the IT function 50
The IT productivity paradox and outsourcing 53
Hidden costs 54
2.6 Information technology outsourcing risk 56
Section II: Measuring and understanding
IT outsourcing risks 61
Chapter 3: Measuring risks in IT outsourcing 63
3.1 Risk definition 65
3.2 Investigating risk 65
Intrusive factors (exogenous and
endogenous risks) 66
Operational and relationship risks 67
3.3 IT outsourcing risks (causes and effects) 69
Causality and random activity concept 70
3.4 Measuring risk exposure 71
Quantifying risk exposure 72
Risk exposure (RE) boundaries 72
3.5 Examples of risk management models 74
3.6 Difficulties in measuring risks and risk exposure 76
3.7 Measuring IT outsourcing (ITO) risks by
group/category 77
3.8 So why group risks? 79
Associating similar risk types 79
Evaluating over time 80
Considering risk characteristics and focus 80
Risk classification 81
vi
Prelims.qxd 3/1/05 12:29 PM Page vii
Contents
3.9 Identifying risk groups for IT outsourcing (ITO) 82
Recommended risk groups/dimensions 82
3.10 Visualizing risk patterns from arbitrary
risk dimensions 85
Linking risk dimensions with operational
and relationship risks 85
Illustrating risk exposure 86
Mapping possible risk dimensions against
the risk landscape 88
3.11 Constructing the signature 91
3.12 Graph types 91
Categorical scales on the axes 93
Rank-ordered scales on the axes 93
Likert scales on the axes 94
3.13 IT outsourcing and the risk dimension
signature (RDS) 94
Chapter 4: The challenge of understanding risks
when outsourcing the IT function 95
4.1 Interpreting the RDS 96
4.2 Computation of total risk exposure 98
Comparing buyer and supplier risks on the RDS 100
Interpreting the buyer and supplier RDSs 100
Further observations from risk signatures
or risk dimension signatures 101
4.3 Additional RDSs and patterns 103
Sample RDS patterns and interpretation 103
4.4 IT outsourcing (ITO) measurement framework 104
Considering multiplicity of risks 105
Considering contract periods 105
Considering buyer and supplier 106
4.5 Shifting the ‘effects of risk’ 107
Risk-shifts between buyer and supplier 107
4.6 Observing risks in an ITO environment 109
4.7 Winner’s curse 110
4.8 Agency theory 112
Chapter 5: Risk interaction in IT outsourcing 119
5.1 Interaction between supplier and buyer in
IT outsourcing 119
The paradox effect 120
Relationship dynamics between buyer
and supplier 121
vii
Prelims.qxd 3/1/05 12:29 PM Page viii
Contents
5.2 Implications of relationship for risk 121
Interplay between buyer and supplier RDSs 122
Sharing of risks between buyer and supplier 123
5.3 Sharing risks within one organization, between
value activities 123
Risk signature/RDS – supplier 124
Risk signature/RDS – buyer 125
5.4 Tolerance for risk exposure (risk appetite) 126
5.5 Mapping the risk signature 128
5.6 Evaluation dimensions 129
5.7 Analysing risk with the RDS 131
Empirical measurement 134
Data on risks and risk exposure 134
Interaction between categories 135
Section III: Mitigating (& managing) risks in
IT outsourcing 137
Chapter 6: Risk characteristics and behaviour
in an ITO exercise 139
6.1 Behaviour of risks 141
6.2 Risk appetite 143
6.3 Fundamental assumptions in understanding
risks 143
Cause & effect 143
Internal/external influences 144
Accuracy of risk classification/grouping 144
6.4 Effects of influences 144
6.5 Relationships between risk dimensions 145
Risk balancing 146
Changes in risk exposure (RE) 146
State of equilibrium 147
6.6 Game theory 149
6.7 Chaos theory 151
6.8 The perfect project 152
Chapter 7: Mitigating risks in an ITO environment 154
7.1 The ITO risk ecosystem 154
7.2 Predicting the behaviour of risks with the RDS 156
7.3 Depiction of the risk profile 157
7.4 Risk frameworks 157
Interplay between risk dimensions 159
viii
Prelims.qxd 3/1/05 12:29 PM Page ix
Contents
Interaction of intrusive factors 159
7.5 Using the concepts 159
Overcoming difficulties that may be encountered 160
Limitations 161
Important assumptions 163
7.6 Insights into risk behaviour using the RDS tool 164
7.7 Further remarks 166
Chapter 8: Acase study – ITO risks 168
8.1 Case study background 168
8.2 Risks identification 170
8.3 Internal (endogenous) risks 174
Buyer risks 175
Supplier risks 175
8.4 External (exogenous) risks 177
Buyer risks 177
Supplier risks 177
8.5 Risk profiles from participants in individual
and group sessions 180
8.6 Using the risk dimensions 183
8.7 The buyer & supplier RDS profiles 184
At the start of the ITO exercise 184
RDS for supplier S1 186
RDS for supplier S2 188
Qualitative assessment of the buyer RDS 191
Quantitative assessment of the buyer RDS 195
8.8 Concluding remarks 197
References 199
Index 203
ix
