You do not have to look far to see that IT outsourcing is experiencing a boom at the moment. The figures from IT consultancies and analysts all reflect the vigour with which private giants and public sector agencies are embracing the operational benefits that outsourcing can bring.
Research shows that there is a lot to be gained from a selective IT outsourcing strategy.
In Europe, 50 per cent of IT directors from industries that include retail, banking, insurance and the public sector say that selective outsourcing is the most effective way to reduce costs and improve performance.
Seventeen per cent say it brings value for money and 24 per cent say it guarantees their service levels. IT directors also believe that turning to outsourcing removes regular interruptions, enables greater focus on the job in hand and provides access to a wider skills’ pool.
It is not just IT that is being outsourced. All manner of business processes, from call centres to insurance claims’ processing and mortgage processing, are being offloaded to managed services specialists.
But regardless of the operation, the benefits of outsourcing may be diluted if directors do not carefully consider how the existing business continuity plan could be affected by outsourcing strategies.
Outsourcing operations can actually add to the risks the company is exposed to in a number of ways.
First, outsourcing a business operation introduces a new interface between which information and resources flow. This interface must be managed well to ensure the systems the business relies upon for decision-making, supply and demand rates and cashflow analysis are accurate every time. Of course, this interface is not infallible. Anything that hinders accurate information exchange such as system or network downtime can have a dramatic effect on operational performance.
Coupled with this is the issue of security. Be it user privileges or a hacker penetrating the outsourcer’s systems to obtain critical intelligence or expose customer data, these threats still exist in the partner organisation.
Just because an operation has been outsourced, it does not mean the risk has been outsourced too. In fact, the system interfaces might exaggerate the risk exposure. It is important to remember that this risk transfer applies to non-IT risks as well. Intangible assets can be harmed. Take, for example, the brand image and how it influences reputation with customers, suppliers and shareholders. If the outsourcer manages customers, will every customer receive the Brand X customer experience?All these risks and more can be managed but this cannot be achieved without consultative intervention from the business continuity manager. How can a BC manager intervene and support the outsourcing strategy?One way for the BC manager to manage the BC practices of outsourcers, or suppliers and partners for that matter, is to be known not just as a practitioner of BC but as the in-house BC consultant too.
Providing an open door for directors and project managers to seek consultancy about how their plans will affect risk exposure will be vital to retaining control of BC plans.
It will also ensure that the BC manager gathers the intelligence required to update the BC provisions and ultimately maintain the plan’s integrity.
After such reviews, the BC manager will be a good position to direct new rehearsal procedures. Successful rehearsals are pivotal to any BC invocation. Unless rehearsed and refined, no BC plan is worth its weight in paper. A dummy invocation makes sure that all expected risks can be managed effectively and helps identify the weaknesses in the plan that must be addressed.
Rehearsal will also help to manifest a very important quality in the culture – a respect for risk. Risk must be an integral part of all decisions made by all employees.
By manifesting an attitude to risk, project management teams should nat- urally incorporate the risk element into all plans and proposals.
They should also identify risk management as a desirable quality to look for in any supplier or partner. This is crucial when adopting partners that appreciate the need for thorough risk management and are therefore willing to participate in BC planning and testing.
In house, the BC manager should find ways to raise his profile with all employees. One way to achieve this is through training programmes that reinforce the importance of selecting partners that actively incorporate risk management in their day to day operations.
Another opportunity to raise the importance of BC would be to alter existing training programmes so that they incorporate risk management – for example, ensuring project management courses consider the impact of risk, how a change in the status quo can influence the company’s exposure and why introducing new practices and personnel can influence change in high level BC plans.
One thing is certain. All of the elements needed to manage business continuity in working partnerships rest on communication. Continuously communicating changes in operating structure, project plans and testing is essential for success.
The same must follow for BC. Two-way communication of changes to BC plans, the need for changes to BC plans and changes to invocation procedures will be imperative if financial, reputational and operational integrity are to be upheld.
Making sure that these best practices are impressed upon providers and those that manage them will help make for stable and secure partnerships.