Corruption and fraud are not new to Indians, but few expected to find them in the IT-services industry. After all, this is an industry whose founders are professional entrepreneurs, whose principal customers are the world's leading multinationals, whose shares are often listed on foreign stock exchanges (as is Satyam's on NYSE), whose profit margins are still among the fattest anywhere, and whose firms were thought to be at the vanguard of good governance. Indeed "Brand India" was largely built on the back of the Indian IT sector's reputation for quality, efficiency and integrity.

As the fourth largest Indian IT firm, Satyam helped create Brand India and also profited from it. Its founder, Ramalinga Raju, won international awards for leadership and corporate governance. Like other CEOs in his industry, Raju gave generously to charitable causes, even helping to launch a world-class 911-type emergency service in his home state of 80 million people. Raju also surrounded himself with blue-chip personalities: His boards, for instance, included the dean of India's leading private business school, a professor of corporate governance at Harvard Business School, a former President of India, and the former worldwide managing partner of McKinsey & Co. To top it off, Raju's company took its name from the Sanskrit word for "truth."

Management experts will spend years trying to understand why Raju's accounting fraud was not discovered sooner by auditors, directors, ratings agencies or regulators. Local investors seem to have been the first to get a whiff of foul play because for some time they undervalued Satyam's shares compared to other Indian IT firms. Ironically, Satyam's board and its auditors were among the last to suspect impropriety.

Financial investors have punished Satyam by dumping its shares and suing its directors and auditors. They will probably apply a higher risk premium to Indian stocks in the future, an unfortunate outcome for honest Indian companies. And they will diversify their portfolios and limit exposure to individual Indian companies. There's not much else that they can or should do.

However, U.S. companies that offshore work to companies like Satyam may have to reassess and fine-tune their strategies. Satyam appears to be a rotten apple in an otherwise good barrel, so it would be a mistake to pull back entirely from offshoring to India. But companies would do well to take another look at what they offshore and how.

For instance, U.S. firms may want to revisit the question of which activities form part of their core competencies and which are peripheral to their mission. IP-intensive or mission-critical work should not be offshored, or should be done through captive centers in low-cost countries like India rather than through third-party providers, even if the latter would be cheaper. Even when offshoring to third parties makes sense, there must be safeguards on data access and use, and all proprietary data must be housed in U.S. servers. Strategies for dealing with service disruption must be in place, whether through redundancy in the system or contingency plans for shifting work quickly from one offshore partner to another (or back home). U.S. firms must also guard against over-reliance on key personnel working for third-party providers lest they should bolt when their companies implode. U.S. firms can protect themselves against many of these risks by splitting offshoring contracts among many suppliers in many countries.