Outsourcing can sink your reputation. Get a grip on the risks.
Over the last five years, corporate America has increasingly turned to outsourcing and offshoring to gain efficiency. Companies assumed that outsourcers could integrate people, processes and systems more efficiently and cost-effectively than they could achieve this integration on their own. In retrospect, however, many of these companies discovered that they didn't fully consider the risks of these relationships, even if they put stringent service-level agreements (SLAs) in place.
Perhaps processes were outsourced because the management and execution activities were viewed as undifferentiating. Yet as mundane or complex as they may seem, your business processes are often directly connected to the brand value and reputation of your company. Many seemingly isolated processes actually touch crucial business relationships or can impair your ability to live up to corporate legal responsibilities. In some cases, processes can actually define your position in an industry.
Outsourcing can damage shareholder value and your business reputation because it shifts responsibility to a third party and introduces risk. Commonly outsourced processes and functions include accounts payable and receivables, outbound call centers, return merchandise authorization, service activation and service, and new product sales, to name just a few. Once these roles and tasks are no longer under your control, you may have a problem long before you realize it. Accountability is far more difficult to achieve when outsourcing is in place—SLAs notwithstanding.
In an example that points to a potential impact on brand value, Dell—which has one of the most efficient supply chains in the world—has outsourced aspects of its account management and purchase requisition processes to an offshore service provider. The simplest tasks of consolidating accounts and invoices and processing address changes are now sent overseas to India. These seemingly innocuous changes have introduced delays and made it more difficult for Dell to maintain its reputation for high-quality customer service.
In some cases, regulation makes outsourcing particularly risky. Laws such as HIPAA, for example, require greater process oversight to protect medical information. Health care providers are outsourcing tasks such as medical transcription, and insurers are outsourcing claims processing, predominately to India, yet there are no requirements for these service providers to comply with U.S. regulations under Indian law. How can this data be monitored and securely integrated into a single enterprise view if the underlying processes are outsourced?
Most organizations that outsource don't have visibility into and don't require notification of critical events within their outsourced business processes. Nor do most outsourcers offer BI systems with performance metrics that can be shared. Worse still, data management and integration activities required for business or regulatory reasons are often inefficient or missing. In fact, in most cases, the data provided from an outsourcer is manually assembled and transmitted or shipped as an extract. Sometimes the data is copied, pasted and manipulated in spreadsheets. This, of course, is a significant problem because there's no insight into where the data originated or what happened to it once it was placed in the spreadsheet. This is a common problem in order fulfillment, customer service resolution and even accounting processes that are outsourced.
Business process outsourcing is here to stay, so we can only focus on improving its performance and on understanding related risks. How can you ensure that you've considered and addressed the risks? Start by committing more time and resources to gaining direct insight into your outsourced business processes. Reassess SLAs and technology infrastructures to ensure visibility, and reexamine the outsourcers themselves to identify financial and business risks. Your efforts will be well worth it.
Use an independent consultant to assess your service provider's systems, your own systems and your data integration practices. In particular, determine your current service level and whether your operational data and metrics are accurate and secure. Lastly, take more direct responsibility for your business processes and for the secure integration of data back into your information systems. The ability to monitor and measure processes inside and outside the enterprise is strategic—and vital—to your business and its reputation.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.