High time for suppliers to take away risk from the CIO

It’s high time service providers take away risk from the CIO By Bindi Bhullar, director of HCL Technologies Following last week’s claim by Francis Maude, that the era of mega-IT contracts are over, it is my view that IT service providers of all sizes need to seriously rethink the way they approach IT projects.   Maude’s comments were something that has needed to be said for sometime now. The problem is that saying we need ‘shorter term IT projects’ is one thing, actually putting that into practice is an entirely different proposition.   Unfortunately, here lies the problem – for too long now service providers have been claiming that they want to implement clearer Service Level Agreements (SLAs), making them smaller, off the shelf and open source where possible. However, when you scratch beneath the surface, CIOs still find themselves locked into long-term deals, with poor metrics and no room to stop the contract at any stage.   One of the reasons is that to date, CIOs have naturally been inclined to focus on risk, and the shifting risk to their outsourcer. Meanwhile, service providers have tended to be more interested in the reward, while limiting risk to themselves. To date, many CIO outsourcing contracts are too complex and SLA driven. The need to be simplified, ideally, into a two pager with the ways of working clearly outlined. This would save a lot of time and energy all round, but unfortunately the established/ingrained Legal and Finance processes and regulations would be probably make this prohibitive in the current business environment.   Unfortunately, the current CIO/service provider standoff does little to drive the right behaviours from both sides. It is my view that service providers must take a more co-operative stance, sharing risk with their customers to build confidence for a long-term relationship. Then, as outsourcing relationships mature, organisations can move to Outcome Based Agreements (OBA), where suppliers are contracted specifically to achieve business outcomes for and with the customer. But before getting to this stage, it is important to define what a risk/reward system is, and how it benefits the CIO.   Risk and reward can mean different things. It can mean introducing a system of service performance. For example, an outsourcing provider may earn a bonus if they consistently exceed service performance. Alternatively, the reward could be the ability to offset or earn back previously incurred service credits. At a more collaborative level, the incentive could include a share of the improvement achieved or a percentage of the revenue earned by the business.   As a counterpoint, the risks could include a penalty payment for underperforming – such as not completing a project at a set deadline. Successful risk-reward systems are often based on projected revenue generation or cost savings and predefined SLAs.   The most obvious way of measuring performance for the purposes of service reward is against defined SLA agreements. Incentive mechanisms could also be linked to overall industry performance.   The service provider could, for example, qualify for more reward if its performance in certain key measures, over a defined period of time, puts it in the top quartile of industry performance in that particular set of metrics.   Alternatively, the CIO may prefer to tie risk and reward to their monthly internal SLA measurements, key business events or overall customer satisfaction measures.   Critically, a risk and reward system should be aligned with the business needs of the CIO. The outsourcer, regardless of economic conditions, should be focused on offering transparent value to the customer. This is the essence of a true partnership.   There is little point in the CIO penalising a service provider for failing to meet a response-time service level in a non-critical area of the business or, conversely, rewarding a service provider for meeting a specific availability target if the target has no material impact on the end user’s ability to function.   In one successful example of risk and reward, the service provider could offer to pay the CIO projected savings up front in cash. Then, the CIO could go on with reaping the rewards by exceeding the original cost savings estimate. After all, there is nothing like putting your money where your mouth is.   An example might be charging a standard price for all SAP upgrades delivered in a factory mode rather than a different price for each individual customer. Certainly it is an interesting argument and a model that service providers might prefer.   In summary, IT services, as a sector, is still immature in its approach to risk and reward and Outcome Based Agreements. However, with the industry still digesting Maude’s comments last week, it may not be long before we see risk/reward strategies bandied around the CIO’s team.