How to Evaluate the Risk of Outsourcing Locations
IT organizations and CIOs don't contract and outsource to countries, they contract and outsource to companies. Given that, it's time to stop assessing location-based risk in a vacuum because sometimes the 'riskiest' suppliers may have the most innovative solutions.
Tue, June 18, 2013
"The maturity of global delivery models also continues to increase, and given the demands of increasingly global businesses, this trend will only continue," says Charles Green, an analyst in the sourcing and vendor management practice of Forrester Research. "However while a geographically diverse portfolio of suppliers brings benefits it also requires clients to diligently manage the increased risk of such a portfolio."
The Classic Way to Assess Geographic Risk of an Outsourcing Location
The classic criteria for assessing geographic risk in an outsourcing location have been geopolitical stability, the general business environment, the quality of human capital, the legislative and regulatory environment, and the broader IT landscape. That's a good starting point, says Green. But it's too simple. The location analysis needs to feed into an analysis of specific vendor risk to be truly useful, according to Green.
Too often, IT outsourcing buyers seem to seek out the lowest risk options, both in terms of location and specific supplier. Indeed, 48 percent of respondents to a recent Forrester IT services survey said that better controlling or lowering supplier risk was a key governance priority.
But, Green points out, the "riskiest" suppliers may have the most innovative solutions.
The Right Way to Assess Geographic Risk of an Outsourcing Location
By combining location-based risk analysis with vendor viability information -- and weighing that against internal needs, tolerances, and capabilities, companies can make better overall offshoring decisions, says Green. "For example, if a location is evaluated as having high risk, there may be mitigating factors such as whether you already have a local presence in the country, the importance of the engagement (and whether it will touch your customers), as well as your vendor management capabilities," he says. "The concept acknowledges that there is a healthy degree of risk which companies should be willing to take depending on the engagement, rather than taking an approach where the lowest risk is the best option."
In addition, many IT service providers are now multinational with the ability to shift work between delivery centers, so looking at location in conjunction with supplier specifics provides a clearer picture of overall risk.
IT leaders can't afford to continue to look at location-based risk in a vacuum, according to Green. While every service provider is, in part, dependent on its local environment, "the quality and maturity of the provider will work to mitigate or exacerbate location dynamics," says Green. "Providers can take a number of actions to help mitigate the influence of geography, whether it is cultural training, process expertise, to having a network of delivery centers and partners so work can be shifted from one destination to another."
Belarus, for example, which the U.S. government called one of the "last outposts of tyranny" in 2005 is a viable IT outsourcing destination for many companies today. The country "would likely score poorly on a standard risk assessment, yet the intricate business and geopolitical environment masks a strong and vibrant IT culture with some of the leading providers in Central and Eastern Europe," says Green.
CIOs don't contract with countries, but companies. "Ultimately it is the client's relationship with the service provider, which will determine success or failure," Green says.