Outsourcing governance and operational risk are two major topics on today’s agenda of top executives, especially in heavily regulated industries like financial services and healthcare. The reasons for this are not just because outsourcing is fraught with risk, whether onshore or ofshore, but also because of contiuous cost pressure, new regulatory laws, innovation and a highly dynamic business environment. Outsourcing raises the potential for trouble but companies can do much to reduce the threats.
At Leadmark we identify six kinds of operational risk in outsourcing:
Strategic risk arises when the services, products or activities of a service provider no longer align with the strategic intent, requirements of the organization or user/client expectations. Also in this category are longer term risks, such as losing the capability to execute outsourced processes in-house due to loss of talent and knowledge.
Provider risk arises when the service provider operates in an unsustainable manner (i.e. insufficient access to knowledge) or when service delivery is not in compliance with applicable laws and regulations.
Relational risk arises from an inbalance in power between outsourcing partners, poor communication, opportunistic behaviors and poor management of the engagement.
Service risk arises from services, products or activities of a service provider which do not align with contractually defined quality standards.
Financial risk arises when services, products or activities of a service provider generate higher costs or when financial processes are not executed correctly and conscientiously.
Coordination risk arises from the complexity of the arrangement which refers to the number of entities (e.g. contracts, processes, people, technologies, risks, issues) and relationships that have to be managed simultaneously to realize engagement objectives.
These risks, to some extent, can by mitigated by contract terms and controls. However, managing operational risk – based on an comprehensive framework – is an on-going activity that needs to be done continuously as an integral part of outsourcing governance. The value of sourced services, in terms of quality, cost and speed of delivery, can incur a negative impact resulting from inadequate or failed internal processes, people or systems, or from external events. Risk to value should be the basis for establishing metrics and KPIs and the continuous monitoring, reporting and management.
In this whitepaper we present a structured approach to risk management, within a coherent framework for governing outsourcing and third party relationships, allowing organizations to substantially recude risk and maximize value.
Brace yourself for a 20 page long read.