A survey has found high levels of satisfaction with third-party IT providers.
IT is still saddled with the role of cost-cutter in the business, a new report on outsourcing has found. A poll of senior business executives reveals that most Irish firms are achieving cost savings of between 25 and 39pc by farming out parts of their IT to external providers.
The report by the consulting and outsourcing firm Version 1 also identified other benefits of outsourcing, such as improved responsiveness and reliability of service, access to expert skills and the ability to take advantage of industry best practice.
Irish organisations have mostly increased their levels of outsourcing in the last 18 months and the findings suggest that trend is set to continue at least until the end of next year. The recession has inevitably led to restructuring, with many organisations looking for ways to strip out costs.
In the current economic climate, CIOs and CFOs need at least to be able to answer the question “why not outsource IT?”, according to Brendan McGettrick, enterprise director with Version 1 and co-author of the report.
Most common areas to outsource
The survey indicates that business applications, databases and hosting are the most popular areas to outsource, while other categories such as business processes and IT management were not being outsourced to the same extent.
McGettrick said there are several common scenarios that make organisations consider outsourcing: one is to hive off management of an application from a vendor that’s no longer around or to supplement skills that aren’t in the current IT department. An alternative reason is a tactical approach that addresses staff shortage in a particular part of the business.
Version 1 conducted the survey as part of an executive roundtable attended by senior executives from Irish organisations in the public and private sectors, ranging in size from medium (more than 500 employees) to large (more than 2,000 employees).
High levels of satisfaction with current agreements means all of the organisations present said they intended either to maintain or increase the amount of outsourcing they do.
Participants said that one of the advantages of looking closely at outsourcing is that it helps organisations to understand their own business better. To make any such deal work, companies need to adopt standard business processes “but that’s a good thing,” said one contributor.
One development to emerge at the event was that for large organisations with complex processes, there is a growing role for brokers – external specialists who help to negotiate the minefield of contracts and pick through the details to ensure the company doing the outsourcing is getting a good deal. “Whatever you write down is what you get,” pointed out one survey respondent.
Another participant at the event suggested that 50pc of the time given over to contract negotiation should be spent on provisions for termination and penalties for poor performance. However, he also said a service provider should be given the opportunity to earn back any penalties through prompt and measurable improvements in service.
The success of any project should be judged on business outcomes rather than cost alone, another attendee suggested.
Outsourcing risks
The report identified three of the main risks associated with outsourcing: data security, vendor management and contract lock-in. Issues around data security were high on executives’ lists of potential barriers to outsourcing, with regulatory compliance and data loss being the main concerns.
Attendees at the event said where the information is located and how it is managed is important from an auditing perspective, although another said outsourcing had improved governance within his organisation compared to what it could have achieved by itself.
Version 1’s CEO Justin Keatinge advised firms considering outsourcing to check that providers have a clearly defined security policy in place which adheres to recognised best practice and has provisions for good information security awareness programmes for staff.
He said it was important to ensure that a vendor’s actions are transparent and auditable. “Discuss your security policy with the vendor, and ask them if there are any areas where they are not compliant. Even when a vendor can not comply immediately, there are normally actions that can be taken to eliminate the risks,” Keatinge said.
Respondents also identified vendor management – or more exactly ineffective management – as another risk to effective outsourcing arrangements. The way to offset this risk, participants agreed, is acknowledging that the skills required to manage a third-party service provider are very different from those needed to manage an in-house IT department.
The third risk factor is vendor lock-in – complete dependency on the service provider because internal knowledge about a system or process has been eroded over time. The report said the ways to overcome these obstacles include comprehensive documentation, contract termination options, handover provisions and sourcing services from multiple providers.
Culturally, it can be difficult for organisations to move away from the idea of approaching a colleague in the IT department to fix a problem. Outsourcing agreements tend to be more formal but there can be ways to avoid having to make change requests for every minor adjustment that’s needed. “You can buy flexibility if you’re prepared to pay for it,” said one executive.
One final observation: what’s striking from the Version 1 report is, even though outsourcing has been with us for some time, many of the issues – and the risks in particular – are common to the IT industry’s current darling, cloud computing. The need for assurance around data security is present in both cases. To a lesser extent, organisations also want to have dependable levels of service with the option of financial compensation if those aren’t met. In some respects, maybe the cloud isn’t so new after all.
