When planning to outsource all or part of an organization's IT functions, it is important to perform active risk management throughout all stages of the outsourcing lifecycle. As a quick recap of Part I of this series: managing project risk is a process of identifying potential failure points in a plan, determining the probability of occurrence, and then estimating the impact of each. With that information in hand, an organization can move to the next step of actively managing risks by deciding which risks are tolerable and which ones need mitigation.

After determining your overall strategy, it becomes time to seek out potential providers of the outsourced IT services your company needs. While you can always just call Lou, the second cousin of your sister-in-law who you met at a family barbecue and works for a big acronym company based in DC (don't laugh too hard, this happens all too often); the best method for accomplishing this selection is to run a competitive bid process and issue a Request for Proposal (RFP).

By reaching out to multiple providers experienced in the outsource services that your firm needs, you will encourage the bid(s) you receive to be competitively priced. In addition, you will likely get a disparity of viewpoints that will point out potential pitfalls that may have otherwise been missed. Finally, in deference to the adage about keeping all of one's eggs in one basket, having multiple vendors bid (and in some case jointly win) an outsourcing opportunity provides your organization with a fallback strategy if negotiations or delivery later go awry.

A simple - but frequently forgotten - risk management tenet to remember is that you want to provide every opportunity for your vendor to be a success. While this seems obvious, frequently executives can be heard saying things like "I don't worry about the details, that's what we pay them for" or "Our contract is ironclad, one misstep on their part and the penalties are so bad we'll practically own their company". While your trains sit idle as engineers try to figure out why the two tunnels didn't meet under the channel or your order screens remain dark while you sit in court arguing with your call center provider over liquidated damages, your clients are flocking elsewhere.

The more clarity and detail that you can provide in your RFP, the better your potential partners can determine if they can provide a solution and what it might entail. This does not mean that you have to tell them exactly what the solution is; one of the great benefits of a competitive bid process is the opportunity to have input from a variety of very knowledgeable organizations as to how to best meet your goal. It does mean, however, that you should provide as much specificity as possible in regard to your current state. If you do not have a complete inventory of your company's IT architecture / infrastructure including existing (legacy) application portfolio, IT support structure and current projects, costs, and service levels, then a high level assessment of components and their suitability for outsourcing (and/or insourcing) needs to be accomplished first.

Within the RFP process there are other ways of reducing risk. The more time that you can provide your potential partners to perform discovery and develop their response, the better. If for some reason your schedule is constrained, then provide as much access to internal subject matter experts for question and answers, follow-up meetings, etc. as possible.

Another easy tactic for reducing risk: throughout the RFP, try to use quantitative descriptions instead of qualitative ones wherever possible. A personal favorite is when I see a client request or a vendor promise "best-in-class". Firsthand experience has shown that when it comes to IT, "best in class" means something completely different to an aerospace firm than it does to a highway-paving firm.

Cutting to your bottom line, the more unknowns your outsource provider faces, the greater the risk. Risk costs money; the more risk that can be driven out of an IT outsourcing solution, the less a vendor will charge you and the greater the chance becomes for a successful outsource. The next article in this series will focus on assessing risks with the outsource providers that respond to your RFP.

Risk management and program management skills for IT outsourcing are specialized skills that many organizations have not had to previously develop an in-house expertise for. With experience on literally billions of dollars worth of these types of engagements, Alsbridge is happy to provide the objective, experienced knowledge and insight to guide your company in successfully navigating an IT Outsourcing effort.

About the Author

Stephen Reed is an established industry leader with a successful track record in Outsourcing, BPR, and Program Management in a wide variety of Industries. Receiving his PMP Certification in 1996 from the Project Management Institute, Stephen is a recognized expert in Risk Management, and was a contributing writer on the Project Management Body of Knowledge (PMBOK). The PMBOK is the standard used by over 100,000 professional project managers worldwide. To date, Stephen has successfully led the implementation of over $2 billion in outsourcing and technology solutions.

Stephen has a BA in Management from Loyola College and an MBA in International Business from the Sellinger School of Business.