Traditional Outsourcing x Cloud: “Old” Risks x “New” Risks – Alfredo Saad

Home / Knowledge Resources / Articles / Traditional Outsourcing x Cloud: “Old” Risks x “New” Risks – Alfredo Saad

Alfredo Saad Alfredo Saad – IT Outsourcing Consultant

As discussed in the previous article “Cloud: Take Care of the “New” Risks!”, whose reading is recommended, risk management shows some similarities but also some dissimilarities as we deal with traditional Outsourcing or Cloud scenarios. As mentioned, risks to be managed can be categorized into 3 groups:

  1. Risks which currently exist for “traditional” outsourcing and keep existing for cloud sourcing, although with different and evolving characteristics
  2. Risks which currently exist for “traditional” outsourcing, but do not exist for cloud sourcing
  3. Risks which do not exist for “traditional” outsourcing but have arisen for cloud sourcing

 

Let us detail, for each of the groups, the main risks to be managed. The list below is not exhaustive as other risks could be added depending on a specific environment or particular customer requirements:

  1. Risks which currently exist for “traditional” outsourcing and keep existing for cloud sourcing, although with different and evolving characteristics

These risks are associated to:

  • Identification and prioritization of the business drivers that motivated the decision
  • Definition of organization’s sourcing strategy
  • Provider(s) selection – main areas of risk are related to:

–              Due Diligence process

–              Flexibility, agility and scalability to support demand fluctuations

–              Business case structure

–              Pricing mechanism, billing information for internal chargeback and inflation adjustment index

–              Authorization control of users that can request additional services

–              Proofs of concept and pilot-tests

–              Solution adequacy and robustness

–              Skills permanent availability

  • Negotiation of contractual terms – main areas of risk are related to:

–              Data security, privacy, confidentiality and integrity

–              Industry regulations, audit tracking, compliance

–              Responsibility, indemnification and guarantees limitation

–              Legislation, taxes and currency exchange

–              Data backup and disaster recovery procedures

–              Service Level Agreements and penalties due for low performance

–              Limitation on use of third-parties by the provider

–              Technological refresh rules

–              Intellectual property of new products and services jointly developed

–              Contract cancellation and termination

  • Services transition – main areas of risk are related to:

–              Impact over customer business operations

–              Guarantee of assignment of key human resources and critical technical resources

–              Transition plan (activities, schedule, resources and responsibility)

  • Contract governance – main areas of risk are related to:

–              Conflicts resolution and escalation process

–              Governance structure

–              Relationship management

–              Conditions for contract modifications and renegotiation

 

  1. Risks which currently exist for “traditional” outsourcing, but do not exist for cloud sourcing

These risks are associated to:

  • Human resources – main areas of risk are related to:

–              Transfer schedule and procedures

–              Communication plan from both customer and provider HR areas

–              Definition of critical resources to be (or not to be) transferred

–              Team unmotivation and resistance

  • Assets – main areas of risk are related to:

–              Transfer schedule and procedures

–              Availability of transitory resources during transfer

–              Transfer of financial responsibility

  • In-flight projects – main areas of risk are related to:

–              Transfer schedule and procedures

–              Negotiation concerning responsibility and acceptance criteria

  • Pre-existing third-parties contracts – main areas of risk are related to:

–              Transfer schedule and procedures

–              Renegotiation with third parties

Leave a Reply