Expect more selective IT outsourcing, part 1

A recent survey by Colemen Parks shows that 90% of senior decision makers believe that the business cycles remain very volatile in the coming years and 80% believe that their organizations should become more flexible in their approach of business and technology.

Business agility and common sourcing practices in IT are two words which are drifting apart. And the gap between both worlds increases only with the current pressures on cost (see also this post). The CIO is now still able to sell its traditional sourcing decisions to the business as having no other choice due to the economic situation. But signing a five year outsourcing contract for the whole infrastructure or application portfolio puts both IT and business in a straight jacket with limited ability to maneuver.

The economy will be picking up soon and that means that business are looking forward again and beyond short term cost cutting. The organization as a whole will have to shape up and make sure it has adequate long term strategic advantages available to deal with:

• Competition (ever fiercer competitors and demanding customers; decreasing pricing power; and profit margin and continuing pressure to increase productivity)
• Rapid pace of innovation and changes (more product variety and shorter product life; faster response to changing market; expensive R&D; and increasing risk for obsolescence)
• Globalization (lower trade barriers; faster deployment of resources and technology for worldwide facilities; easier access to low-cost economies; and more options for sourcing at lower risks)
• Increasing complexity of product and process technology (expensive investment for new product development and/or production facilities; and wide array of knowledge or expertise for management)

And IT has to be able to stand side by side with the business to capture opportunities and deal with threats. Depending on whether the CIO acts like a Chief Infrastructure Officer or Chief Integration Officer will IT and sourcing be able to add to the success of the business or limit it. To me a Chief Infrastructure Officer is somebody who focuses on:

• short term objectives, (obeying to any demand to cut costs)
• technology and
• the IT department.

A Chief Integration Officer on the other hand focuses on:

• balancing short and long term objectives, (includes pushing back if objectives damage long term growth)
• adding measurable business value (more on that here and here)
• the organization as a whole

The difference in CIO is also reflected in the sourcing strategy. The old-school CIO is more likely to opt for outsourcing technical silo’s as it allows for maximum short term gain (maximum volume, technology driven), the newby-CIO will look define its sourcing strategy based on the characteristics and needs of both business and IT (selective, business sensitive).

I am convinced that in the medium term organization choosing selecting sourcing arrangements will be the winners, because:

• Achieving 15% less cost (traditional sourcing) versus 10% (selective sourcing) is not going to make such a huge difference. Example: if the IT budget is 5% of the companies’ overall budget than 15% less counts for a 0.75% reduction of overall budget. So sourcing is not going to save the company if it is standing at the abyss.
• The standardization enforced by traditional sourcing (otherwise the vendor cannot achieve the economies of scale required to reduce costs) introduces a lack of flexibility (except maybe for volume flexibility), agility and choice, which forces the business to set up their own IT departments or buy IT services as soon as the economy picks up again. This will introduce hidden IT costs which will have an impact on the bottom line performance.
• Selective sourcing arrangements have a lower risk profile and thus a lower value at risk (VaR) than traditional sourcing contracts which typically make it into the newspapers if they fail because of the $$$ at stake. If the scope of the selective sourcing contract is derived from the characteristics and needs of one or more specific business unit/process is it also easier to get active buy-in from the business owners. This in contrast to generic infrastructure or application contracts for which it is much harder to find an active sponsor in the business domain.

In a future posting on this subject I will elaborate a bit more on why I believe selective sourcing has the future and how one can scope these sourcing arrangements.

Better sourcing decisions by using Real Options

The use of financial business cases to guide sourcing decisions is common practice. And with the current pressure on lowering cost, needs even the smallest investment to be accompanied with a business case showing a solid financial return. The effectiveness of the typical financial business case can be further improved in two key area’s. These are:

• Monitoring whether the expected return and investment envisioned in the business case materialize and, 
• The limitations of the standard Discounted Cash Flow (DCF) methods as it ignores the required flexibility required to define, execute and manage investments.

In this post I explore how Real Options can help to overcome these drawbacks.

The typical DCF calculation assumes a static scenario, ignoring the financial value represented by the flexibility to change course during an (outsource) project. In real life people learn during a project, and want to adjust their decisions accordingly, effecting the business case. Think of a manager who wants to change the speed or scope of an outsourcing after the first part of the transition turned out to be more cumbersome than expected. Real Options enable an organization to incorporate this kind of dynamics into their business case, creating more insight into the true value of the decision to outsource.

The DCF calculation assumes that the original course of action will be executed in full. In practice, companies like to have the option to adjust their planning by postponing, speed up or cancelling an decision to outsource/invest. This flexibility represents a financial value, which is not captured in standard DCF calculations.

For those outsourcing or shared service projects which represent a lot of value to the company is it however important to adjust the speed and direction of the project. Project managers have already their tools to manage the dynamics and complexities of day-to-day life by applying funnel management, stage gates and working with phases. Including them into the business case without having to resort to very complex financial models, is however less common.

By applying the Real-Option methodology, different outcomes and scenario’s get a financial value. This is done by adding options to the business case, but without the original complexity embedded in the methodology created by Black & Scholes (1973). The approach allows to value ‘flexibility’, something which is required of anybody participating within a sourcing project.

Risk and return are firmly interlinked with each other and as the expected return of outsourcing if higher than internal production, has the risk profile also higher (assuming no free lunches exist). This means the required discount rate will be higher, (WACC) resulting in a lower DCF keeping the return constant.

The value of an option increases on the other hand if the risk increases. The option to exit from a shared service or outsource initiative becomes higher if the risk profile increases. Higher risk also leads to a larger spread between the best and worse case scenario’s in the business case. This means that the value of the options at disposal to the management can represent a substantial value, increasing the insight in the true financial potential of a business case. The value of the options can be demonstrated, quiet easily, by using option price models (these can be far less complex than the original models by Black & Scholes (1973)).

Using options to structure investment decisions enables the management to analyze the financial impact of decisions made during the whole life cycle of an outsourcing or shared service initiative (cradle to grave). Applied in its simplest form is outsourcing an call option, the right but not the obligation to outsource certain activities. The value of the option can change during the engagement as for example economic developments impact projected growth figures. Is the value in the new situation equal of higher, than the management executes the option. Is the value of the option lower, the option becomes void.

Other types of options related to outsourcing are increasing the scope (e.g. processes, countries) or the decision to invest in a transformation. The right to sell (put option) can be translated among others in terminating the contract, decreasing the scope or a transition to another vendor (this last one combines a put option with a call option). The third type of option is an investment to learn. Think for example of the cost involved with a due diligence or benchmark. A learning option influences the value of a call or put option, by reducing its risk/uncertainty.

Applying real options to business cases enables an organization to capture better the true dynamics of an outsourcing deal because the business case can be adjusted to reflect the changes in economic and organizational reality. This at the same time increase the value and importance of monitoring the investments and return envisioned in the business case. In a future post I will provide a concrete example on how it looks in an excel sheet. The focus of this post was to provide some theoretical background.

Sources:
T. Blommaert, S. van den Broek, E. Curfs, Methodiek voor betere besluitvorming van (strategische) IT investeringen, Informatie, 2009.  
T. Copeland, P. Keeman, Making Real Options Real, McKinsey Quarterly 1998 no 3.
T. Luehrman, Strategy as a portfolio of real options, Harvard Business Review, september-october 1993.

Value chain-based sourcing of IT, part 2

In the first part of this post I stated that the continuous drive to reduce IT cost by standardization will come to a point where the reduced IT cost are outstripped by the ‘damage’ it causes to the business. The drive for standardisation is further increased by the commonly used method to scope outsourcing contracts. In this post I provide an scoping approach which I believe will gain substantially in the coming years: selective sourcing contracts with a scope derived from differentiated business demands.

The importance of accountability towards the Business regarding the quantitative and qualitative added value of IT will only increase more and more. The Business demands to know how IT supports the opportunities and risks the Business faces due to increasing complexity, competition, globalization and other trends. It is up to the Business to provide insight in the opportunities and risks it faces, while the IT organization is responsible to translate them into IT value and risk drivers. These drivers guide the IT organizational change, investment decisions and sourcing strategy.

One should look more from a business perspective towards the IT value chain and subsequently provides concrete adjustments which allow for sustainable improvement (including definition of the sourcing strategy). This is the first step leading to a fully transparent business IT alignment (see illustration).

The transparency of Business IT alignment is the foundation to connect the performance of the IT organization with the actual demand of the business processes. The results of this approach: more added value for the Business and a more cost-effective IT organization, which invests in innovations which really count. Tomorrow’s IT organization is able to demonstrate accountability over its performance as an integral contribution to the overall performance of the company. An example:

The IT department of a high tech company thought it could reduce cost by applying the same service levels for both R&D and Manufacturing. By doing this they overlooked the elemental differences in demands of both functions. The R&D departments got higher availability service levels than required, but were not able to get access to the latest state-of-the-art hardware to design and test their new products.

In this example the R&D departments were supplied with higher than required service levels at the cost of the capability to innovate, outsourcing was the catalyst. By the introduction of generic IT services it would be easier to find a suitable vendor, allowing the IT organization to meet its cost saving target. The negative impact on the business however, was estimated as being zilch until it was too late.

Outsourcing without making an adequate assessment of its impact on the organization as a whole, opens the door to a disappointment. For this reason one should look from the initial start beyond a superficial business case. It necessary to benefit as an organization as a whole in terms of more value and a lower or equal risk profile. Only then an outsourcing contract can be truly successful. A concrete example is the usage of Real Options for assessing sourcing scenario’s. Real Options allow the dynamics of both Business and IT to be quantified, providing a more realistic estimation of the potential value of the business case. Balancing IT value and Business value is depicted schematically in the illustration below.

Value chain-based sourcing of IT, part 1

As pointed out in the post below this one is the scope of IT outsourcing contracts typically driven by the IT internal focus to cut cost. Cutting cost can be achieved by economies of scale and standardization of similar activities and assets. This means that the scope of typically outsource contracts is defined in terms of infrastructure support, network support, datacenter facility management, application development or application support.

This ‘horizontal’ orientation his however not aligned with the requirements of the business processes (see illustration). Their needs cut through the horizontal IT service and process stacks. Business managers which see themselves confronted with a supply that does not match their needs triggers unhappy faces towards the IT department and the start of a creative process to get the IT services they want. The result is that business managers will work their way around the standard service catalogue by hiring their own IT staff or getting (additional) services from other vendors. I have seen it happening with a Business Unit of a large Dutch bank/insurer where the central IT department got so sluggish and unresponsive to any request that was not in the standard catalogue that the BU built its own datacenter. So far for IT efficiency by centralisation/outsourcing…

Standardisation is good, but I believe that it has gone too far in many situations. Being tied to a long term contract with an external service provider which allows only for flexibility when the client pays serious $$ is not the way to go. The market requires companies to act faster and more agile as ever before and I think that we are at the top of the ‘standard’ outsource and shared service cycle. Large companies with experience in IT outsourcing will move more towards selective sourcing arrangements. These companies can generate economies of scale by themselves and don’t need an external service provider anymore. AEGON is an example of a company which decided to insource their infrastructure services again after having EDS/HP taking care of it for more than a decade. I guess that EDS/HP has optimized as best as they could and now AEGON wants to be fully in control again by itself.

This company can achieve enough economies of scale by itself and has learned from EDS/HP everything there is to learn about managing infrastructure for operational excellence. Insourcing after outsourcing allows AEGON to combine the low cost experience and setup of their infrastructure with the advantages of being in full control again.

Full outsourcing of infrastructure, application development and the like will however continue (at least for a while). There are enough companies which have a smaller IT department or are new to IT outsourcing. They are the customers of tomorrow, but as said before do I expect a shift from large scale ‘horizontal’ scope outsourcing to selective scope contracts which balance better the needs/objectives of both the IT department and business units/processes.

To define the scope of selective sourcing contracts and services which can be standardised without hurting the business, principles of value-based management and risk management can be used. The approach allows the IT organisation improve its accountability towards the business by aligning its IT services with the opportunities and risks the business managers face every day. I will describe this approach in the second part of this post.

IT sourcing practises damage business IT alignment

IT-organisations are more than ever before under pressure to cut their cost. Many business managers see IT as a cost centre which adds limited value. And activities with a limited perceived value are the ones which get the highest cost reduction targets.

In reality does IT add a lot of value, but the typical IT organisation is not able to sell that message. It starts with the subjects IT talks about with the business. In 9 out of 10 cases is IT uses to automate manual activities resulting in a cheaper and faster business process. So using IT using to reduce cost.

The IT organisation increases this perception by organising itself into functional silo’s in an attempt to increase internal efficiency. So all network engineers in one department and all application developers in another. To improve standardisation and efficiency even further best practises and models like Cobit (IT governance), BiSL (information management), ASL (development), CMMi (development), ITIL (operations) and ISO20000 (operations) are implemented to standardise processes and control.

This ‘horizontal’ design allows for maximum efficiency from an internal IT perspective. It is therefor not more than logical that this approacg is also reflected within the sourcing strategy: the network infrastructure or application development is being outsourced, again to optimize the IT budget (typically forgetting the trade off between positive effect on IT value versus negative effect on business value).

The IT value created from a business perspective cuts vertically through the horizontal IT ‘ stacks’ and process models (from information mgt to development to operations). One can however seriously doubt whether the actual business demand will survive a collision with all the standard process models and best practises. I have seen change management procedures which have 15 control and decision making steps. Nothing moves anymore within such organisations and IT people are keeping each other and the business busy with procedures and templates. In the mean while is the business getting more and more frustrated with the IT.

By the continuing increase of standardisation, among other driven by outsourcing, get the real demands of the business forgotten, damaging the perception of IT as a value centre. In many cases do the business managers trying to sell the product in the front office (KPIs: flexibility, time-to-market) the same IT service as the business manager running the back office (KPIs: low cost, high volume). The result is a vicious cycle of business managers getting unhappier with the IT services delivered, leading to even more pressure to cut cost (the balance shifts too far to the right in the illustration below).

I expect myself that the whole trend of standardisation might be at the top of its cycle and that business units will soon start demanding more tailor made IT services again. Either the centralised/shared IT organisation starts to break down some of its walls are the decentralised business units will start building their own IT organisation again to compensate the mismatch between demand and supply.

This also means that IT organisations have to rethink their current sourcing practises as outsourcing per horizontal stack limits the ability to align its value chain to the business value chain.

From procurement function to sourcing function

Procurement as a business discipline has matured over the past few decades. The times are over of procurement as an intermediary functions that records agreements with suppliers and supervises their fulfilment. That is too limited a view in today’s business environment, where management is confronted with a multitude of issues impacting on the role and responsibilities of procurement.

 It has been recognised that an effective and efficient procurement function can significantly contribute to business’ bottom line: competitive financial result. What’s more, many organisations feel the need to improve their relationships with suppliers in order to be better able to reduce costs, improve quality, increase flexibility and boost innovation in order to survive.

Especially in these challenging economic times where outsourcing is used as a means to cut cost quickly is it necessary to move away from the traditional role of procurement as an intermediary functions that records agreements with suppliers and supervises their fulfilment. That is too limited a view in today’s business environment, where management is confronted with a multitude of issues impacting on the role and responsibilities of procurement.

Procurement looks traditionally at sourcing as buying services and products from a ratter limited perspective by defining a objective (e.g. less 20% cost), input (e.g. an existing supply contract), process (e.g. renegotiation) and output (e.g. a new supply contract). This is called the system theory and pays little or no attention to the effects of (irrational) human behaviour from those who are involved in the process.

A strategic sourcing function adds various elements to the system theory by incorporating various ‘soft’ elements including conflict management, principles of game theory and decision making theories. As a result is the focus of sourcing in contrast to purchasing more on the inherent conflicts of interests between buyer and seller and their dilemma’s.

Furthermore does (strategic) sourcing include the following elements into the decision making process:

• entry and exit from supplier markets, 
• capacity development, 
• selection and management of sources of supply, 
• innovation and, 
• cost development over a long term.

To evolve from a procurement officer into a sourcing officer it is thus required to develop both interpersonal skills as the engagements are typically more complex and have a higher Value at Risk (VaR) than typical procurement engagements. And also here may adjustments to the bonus structure may ensure that the strategic and long term nature of sourcing engagements is reflected in the decision making process. The lowest bid does not necessarily mean the lowest TCO, while typical procurement officers get their bonus on negotiating the lowest price for the initial contract.

Will offshoring harm Western service economies?

"Restoring American Competitiveness" is an article from Gary Pisano and Willy Shih in the juli/august issue of Harvard Business Review. The article points out that, against the general consensus, American companies will be unable to develop the next generation high tech products due to underestimating the impact of sending their manufacturing offshore. If this is true, can similar effects be expected for the service industry? In other words: will Western countries not only have to fight an uphill battle in manufacturing, but soon also in services?

The article in HBR uses the value chain of personal computers and laptops as an example. Where American companies like HP, Dell and Compaq outsourced initially only their manufacturing to low cost offshore destinations, is now almost the whole industry based in Asia. Every laptop sold by an American brand, with the exception of Apple, is today designed, developed and manufactured outside the U.S.. The same applies to most phones and other mobile devices.

 With manufacturing leaving its shores, developed countries tend to focus on creating economic growth through designing and producing services. I wonder however whether the following quote from the article is also applicable to the service industry (p119): One [myth] is the popular belief that an advanced economy like the United States no longer needs to manufacture and can thrive exclusively as a hub for high-value-added design and innovation. In reality, there are relatively few high-tech industries where the manufacturing process is not a factor in developing new - especially, radically new - products."

In other words, are we in Europe and United States still able to develop new high added value IT services if the graduates leaving the universities today start working in an environment where the developers and support engineers can only be reach by telephone and video conferencing?

Today there are still plenty of employees available in American and European companies who were used to sit behind ‘produce’ the service themselves (e.g. develop software, process mortgages). They will however retire in the coming decades leaves employees which have to manage and instruct offshore suppliers based on theoretical experience only. It is already difficult as an experienced hands-on manager to get the services delivered from an offshore vendor, let alone a situation where all the hard core knowledge of creating and delivering services is overseas.

The argument of the authors that an intact value chain is important for future innovation conflicts thus with the message within Thomas Friedman’s in “The World is Flat”. Friedman believes that geographies lost their importance due to the ability to communicate anytime, anywhere to anybody in the world. Also Amar Bhide’s book "The Venturesome Economy" (2008) argues that innovations will find their way to the customer, regardless of the country it was invented.

Personally I believe that this last argument is flawed. An economy can grow only if it produces products and services which customers want to buy. As soon as all the innovations have to be imported the trade balance will become uneven (in the case of the US: collapse completely as there is already a considerable deficit) which in the end will result in a society which gets poorer instead of richer. I think that, regardless of which author is right, we have to be careful that Europe and America don’t end up being locations where everybody is a ‘managers’ and nobody doing any actual value added work anymore.

CMMi for aquisitions versus eSCM, ISPL and other standards, part 2

In the previous post related to this topic I wrote some of my thoughts on CMMi for acquisitions and ISO/IEC 12207.These two plus ISPL are models which can be used to structure an outsourcing process. The aim of these models in a nutshell is providing the client organisation with:

• the right service/product,
• for the best price,
• at the desired quality levels,
• from the best vendor,
• at or within the risk appetite of the company.

The three models mentioned in these posts scratch only the surface of (proprietary) models which can be used to structure an outsource process.

For those situations where these models are too complex, ISO 9001:2008 could be of help as purchasing is one of the processes addressed. The purchase process described consists of three sub-processes: supplier evaluation (section 7.4.1), purchase orders (section 7.4.2) and goods receipts checks (7.4.3).

CMMi for acquisitions and ISO/IEC 12207 were addressed in the previous post, but not ISPL. ISPL stands for Information Services Procurement Library (ISPL) and is a best practice library for the management of Information Technology related sourcing (only ISO9001 is generic, all other models discussed in these two posts have an IT peregrine). The creation of the model was sponsored by the European Community and it aims to help both the customer and supplier organization to structure the sourcing/acquisition process. It provides guidelines and examples to structure a RfX, construct the contract and delivery plan. It can be used regardless of sourcing application development services or application/infrastructure support.

Like with CMMi for acquisitions and ISO/IEC 12207 provides ISPL a very thorough approach and supports the establishment of a structured and risk conscious sourcing process. I found especially the elements regarding risk management useful to deploy during my own engagements. Applying the best practice as a whole is however not something I would do easily as it would require a whole forest of trees to be cut down for paper. It can, as with CMMi for acquisitions and ISO/IEC 12207 be quiet bureaucratic and should thus be used only for very complex and risky engagements. I would typically expect for example the military to fully deploy it when they request some innovative and complex software solution.

Managing demand and supply
The models discussed until now focused on managing the process from sourcing strategy (make-buy decision) up to the signing of the contract. They also spend some attention to the delivery and monitoring of the contract, but it is not their primary focus.

Aligning demand and supply is however an important, if not determining, factor in the success of outsourcing relationships. An organization must be equipped for the task of managing its relationships with external suppliers as effectively as possible. As expressed by Earl (Earl 1996): “If the decision is to outsource, good management remains a necessity, so that the organization can function as an informed buyer and a demanding client”. Studies from research bureau’s including Gartner reveal that after outsourcing the client company must possess a "high number of very skilled and qualified people who understand the business, as well as relationship and vendor management” (Terdiman, 1999).

Various sourcing advisory firms and universities have in the meantime jumped into this gap and created best practices/standards/models to guide the retained organization. Some are proprietary (ISLite from Gartner) and some are open (eSCM, Carnegie Mellon University).

eSCM (e-Sourcing Capability Model) shares many similarities with CMMi for acquisitions as it also incorporates a maturity model. The client version of eSCM consists of 95 practices which are distributed along three dimensions: sourcing life-cycle, capability area and capability level. There are not one or two capability areas, but 17. The sourcing lifecycle consists of four stages and there are five maturity levels.

I expect the information provided on eSCM allows for stating that, yes this is also a very well constructed and elaborate standard/model, but like with all the other models does the user have to cherry pick the useful items. Deploying the full suite is likely to create a retained organization which will consume all projected outsourcing benefits.

Regardless of which model or standard you wish to use to manage demand-supply, just make sure you make sure it is able to:

• Consolidate demands to ensure lower supply cost;
• Purchase from few suppliers to increase in volume and thus lower cost;
• Active quality monitoring of the services, taking into consideration the intentions expressed in the contract;
• Continuous improve the professionalization of the retained organization resulting in lower overhead cost for managing demand and supply.

Which Chinese Service Providers are out there?

In this post I wrote on the rise of the Chinese IT service providers which could be the new kids on the block and give established Indian service providers a run for their money. Here I want to provide some insights on the Chinese supplier market of IT services. Feel free to add any comments if you feel that I missed out some vital information.

One way established service providers deal with the Chinese ‘treat’ is partnering with them, like Yucheng Technologies and Convergys. Yucheng is a China-based IT solution provider and Convergys a U.S. based provider of customer and employee relationship management solutions. As per the agreement, Yucheng Technologies will sell Convergys' Intervoice Edify Voice Interaction Platform (EVIP) and Convergys Dynamic Decisioning Solutions in the Chinese market.

I wonder however whether this is a smart move in the long term. Like with the car industry did Chinese companies learn how to make cars by partnering with Western car manufacturers. Especially American car manufacturers outsourced part of their manufacturing to countries like China to leverage on its lower cost levels. This however allowed local players to learn the art of car building, resulting in American car manufacturers now having to compete with Chinese car manufacturers they used to partner with. This is no problem if it was a deliberate strategy, but I doubt very much whether those American senior managers looked beyond the short term cost saving. That outsourcing of production activities to low cost countries may harm is confirmed by Gary Pisano en Willy Shih from Harvard Business School (more here).

I do not try to state here that Western and Indian service providers should not partner with Chinese competitors, but that one should look beyond the short term benefits. A partnership should be beneficial for all parties involved, both in short and long term

Infosys, a tier 1 Indian service provider, sees China both as a delivery and client location. Where Infosys focussed for the last six years on delivering services from China to oversees clients, does the company see China now also as a potential client market. It generates now some one third of its Chinese revenue from local clients, but is seeking to expand that. Beside Infosys did companies like IBM and Hewlett-Packard also built a strong presence in China. That China is becoming a serious destination for IT outsourcing show the following figures:

• Value of IT outsourcing market in 2003 was just US$0.4 billion
• Value of IT outsourcing market in 2008 was around US$2.5 billion (based on Gartner Research annual growth figures of 44%)

To support local and oversees vendors, Chinese government has been providing stanch support for the industry by accelerating infrastructure programs and promoting the country to global business community. Some more figures indicating that China is not to be underestimated as a (future) destination for offshoring ITO and BPO services:

• In China some 600,000 engineers graduate annually
• In India some 400,000 engineers graduate annually
• In the US some 70,000 engineers graduate annually
• In Europe some 100,000 engineers graduate annually

The sheer numbers of university graduates provides a furtile ground for local and oversees service providers. An overview with Chinese ITO and BPO service providers can be found here. It demonstrates that there are not just one or two Chinese ITO and BPO service providers out there, but a whole list with potential competitors for European, American and Indian suppliers.

Tata Consultancy Services (TCS) is like Infosys also seeing China as more than a delivery destination. Its global accounts are still growing faster than regional and domestic business, but the gap is closing slowly. Indian service providers see China however still as a location for low-end coding and service work and let more sophisticated work be executed by Indian workers. I hope however that Western and Indian service providers are aware that Chinese are fast learners and will give Indian workers a run for their money pretty soon.

Reducing the cost of regulatory compliance for outsource contracts, part 3

This post is the third in a row in which I write on a methodology I created to improve the effectiveness and efficiency of managing regulatory risk when outsourcing. The first two posts are here and here. Below I write on translating the risk/value ratio’s of the outsource contracts into the optimum control strategy.

The starting point is the contract portfolio in which the value and compliance risk of the outsource contracts are plotted. The position drives among others the resources spend by the compliance function on monitoring a contract. The control and monitor activities are typically described in a so called Compliance Program which is the overarching framework that encompasses the different activities and responsibilities performed by the compliance function.

Compliance cost can be reduced further by applying only a ´golden´ control and monitoring approach when it is really necessary (for example at high risk and value) and select a ´silver´ or ´bronze´ approach elsewhere (see figure).

By strengthening the collaboration of the so called ‘three lines of defence’ and other risk disciplines (for example, operational and information risk departments) even more efficiency gains may be achieved. For example, the department Operational Risk Management (ORM) is usually responsible for controlling the risk related to business and IT continuity. Within the Dutch banking regulation Wft, requirements are stated regarding IT continuity. To comply with this regulation the compliance department may choose to come up with new controls or look into existing assurance measures and add where necessary.

The desired end result is a cooperation in which the lines of defence and risk disciplines make use of a shared set of procedures, risk-control matrices, control measures, reports etc. However, this requires the willingness to put the needs of the group above ones own.

In the figure, the translation is made from the position a regulated object has within a portfolio (see figure in second post) to the corresponding control and monitor strategy. The strategy can be defined in terms of the lines of defence that are involved in the monitoring. This way, the choice can be made only to have the first and second line monitoring in case of a ´bronze´ control and to only give the third line a prominent role in case of a ´silver´ and ´gold´ control.

Removing the discrepancy between the current and desired control maturity can be done by means of an improvement plan or by including actions in the monitoring plan. Optimize the expenses by first of all implementing those improvement actions that have the highest risk reducing effect at the lowest (in)direct costs.

What are the results that can be achieved?
At the compliance department which implemented this methodology a minimum base set has been defined consisting of requirements to which external suppliers have to comply and future suppliers will tested against during the due diligence process. Besides that, together with the retained organization (which acts on behalf of the business as the first line of defence) and existing suppliers, there are talks on creating control frameworks in which a balance is sought between the best practises of the supplier and the requirements and wishes of the bank. Among others, this is a way to try to limit the check related to compliance the supplier submits each month.

In principle all objects (for example products, markets and activities) that are regulated and over which the financial institution runs a reputation risk, can profit from the described approach. The compliance program can be designed both more effective and more efficient than is currently often the case and besides that, by means of continues documenting the steps, a risk-based ´compliance dossier´ for regulated objects is being constructed.

This dossier can be used to indicate to internal and external stakeholders that the organization is ´in control´ and that the organization is acting not only within the law but also in the spirit of the law. Eventually (also in the law) it is about adequately controlling the risk underlying the requirements demanded by the legislator.

The most added value however, is the insight that is gained between the financial value of, for example, a pension product, the compliance risk an organization has and the money that is spent on compliance. This insight will enable management to make a well-informed decision based on possible scenarios that can further optimize the relation between risk and value. No one is waiting for the situation ABN Amro found itself in during 2005 when it had to pay $80 million to the US government because of involvement in money transactions to Iranian and Libyan entities.