In this unit, we discuss the many sources of software, among those developing our own systems either through our own internal resources, or through outsourcing. Outsourcing has become a common choice, and over the preceding decades, we have seen the effects of globalization on outsourcing, and the increasing usage of foreign companies in systems development. Identify 2 particular risks that are specific to outsourcing or that may be augmented by outsourcing. (You may want to consider geopolitical, regulatory and social implications).
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Risk of employee turnover and loss of knowledge within company – when deciding to outsource, you are supplementing your own employee with the employees of another company. If these employees leave, your organization can suffer because key individuals with lots of knowledge are no longer around. In addition, if the outsourcing company was to go out of business, then your organization would need another way to continue without the outsourcer.
Increased risk of data breach – when choosing to do outsourcing. Particularly where the outsourcing requires company data to be sent to a third party. There are more opportunities for data to be breached either in transmission or additional employees gaining access.
I agree with your idea. There is one point that worth to be discussed. I agree with what you said employees turnover, but for outsourcing, if the company faces to employees turnover, most of the employees will be replaced (lost) is low-level manufacturing workers. In this situation, it also makes data breach happen, the workers may disclose the parameters of the products.
Tamekia I definitely agree with your comment about the outsourcing going out of business. My department outsourced the “how to video” process to a third-party vendor a few years ago. We provided the procedural process and information and the vendor created and owned the videos. The videos were wonderful. They assisted a student with obtaining information quickly without having to be bogged down with contacting the office directly. The idea of outsourcing for this particular function was wonderful, and then out of nowhere the company goes out of business. Leaving us with no instructional video, and a small void to fill. Although it was a very small outsourced function the loss of the material was felt when the company went out of business because it caused additional inquiries because the videos were no longer available.
So yes, I agree your organization can suffer if key individuals are lost or the outsourcing company goes out of business.
I agree. Loss of knowledge and risk of data breach are two very high risks of outsourcing. In fact when you think outsourcing risks these are the first two you someone would normally think about because they are the most logical and most common. I actually developed the same point in my blog post. the lack of knowledge can lead to a in quality of the work performed by the employees of the company outsourcing.
A risk associated with outsourcing systems development is lack in quality/detailed requirements. When describing your companies needs to an outside developer, specific requirements that your company needs may be overlooked because the outsource may not fully understand the purpose of your system requirements. Some aspects that a company is looking for in a system may be lost in translation when describing the needs to the outside developer due to language barriers, not fully understanding the product (not being an SME), or simply not being at the same place at the same time.
Another risk associated with outsourcing is security risk. For applications developed for users that will have to enter secure information, the business that is outsourcing the application development offshore will have to make sure that the security is top-notch at the outsourcing facility so the business does not put themselves or their clients in jeopardy.
Thank you for your sharing, I agree with you idea. If the company choose the outsourcing company, it may lose the control of their production. The outsourcing company may not pay much attention to the production. They even give the quality test to the products. However, the quality can directly affect users experience.
Hi Ami,
I definitely agree with your statement, and I also believe that some of these risks/issues could be worked through via the outsourcing contract or the SOW. The outsourcing contract provides the agreed upon level of service, the excepted timeframe in which the services are to be completed, and the penalties if the agreement is not upheld, etc. Whereas, as SOW lays out the specific activities and standards (regulation) the vendor has to complete the work. I believe the SOW would best address the issues you described. because the outsourcing contract provides the timeframe and level of services, whereas the SOW would identify if the work is being completed correctly and complying with any standards. As well as, if I were the client company I would definitely have a clause in the contract for a bi-annual or annual audit be conducted on all outsourced functions by a third party
You said some aspects that a company is looking for in a system may be lost in translation when describing the needs to the outside developer due to language barriers, not fully understanding the product, or simply not being at the same place at the same time. I totally agree that. The effective communication between a company and outside developer is very important.
The benefits of outsourcing cannot be overemphasized, but they come with some risks.
Example:
Loss of control – functions given to outsiders could reduce controls. Activities that a company has no direct control of can affect quality and production time. When the contractual agreement does not clearly spell out all parties functionalities, the vendor company could perform at their will and pleasure (pricing, subleasing, communication, security, etc).
Transaction Cost- most outsourcing decisions are made on financial basis (benefits), but there are other aspect that are to be taken into consideration. Some things to consider will be competitors (outsourcing ), political, currency and cost, reputation, security, governance, geographical location, local law, etc.
Thank you for your sharing. I just want to add some information to your second idea. Actually, most of the outsource related to pollution, environmental governance, and reputation. When the outsourcing company produces the production, it will also produces waste and pollution, which will affect the local environment. If the news report that event, the original should take part of responsibility of the pollution, and pay money to release the influence. At the same time, it also hurt company’s reputation.
Hanqing, that is a fine point and most organizations are cognizant of environmental obligation but if the local laws do not require the outsourcee to help clean up, the outsourcer sees that as a way of saving cost. At that point the issue of legality and ethicality come alive.
If the local laws require the outsourcee to help clean the environment, and that cost is extended to the outsourcer, it increases the cost of outsourcing. The decision of outsourcing should not only be base on the financial figures.
I agree with you, because companies cannot control the system provided from other organization. They can just configure the system in a certain range. Some system providers maintain the system by remote accessing. It may also causes unauthorized access.
I agree with you.
Outsourcing will result in the loss of controls. The outsourcing providers can from a different state even a different country. The far distance increases the difficulty of providing a strong outsourcing governance, so it is important for the company and its outsourcing partners to seek cultural and objectives synergy, establish clear responsibilities and accountabilities, and ensure to achieve the same goal based on both parties’ will.
Thank your for sharing your opinion. I totally agree with you. Loss of control – functions given to outsiders could reduce controls. As xinteng said the company cannot control all system properly from other organization.
No doubt business managers will lose some control over the processes outsourced by the IT provider, as all the outsourcing staff is managed on IT provider’s side. Lack of communication and visibility may result in the increase of time needed to complete the project.
I think so. The functions given to outsiders could reduce controls. And the contractual agreement should deliver clear ideas about what are responsibilities and functionalities for all parties.
Some risks associated with outsourcing could involve
Loss of control over the work and data: The organization could easily lose control over their work. For some employees it feels like they just toss their work over a wall and don’t know what happens to it, hoping that it comes back well done. Especially when the organization does not have a way to be updated for each task. If the outsourcing company sends the work out to a third party this could lead to data breach, because there is no way to ensure that the work stays withing the outsourcing company.
The Loss of competence is also a risk
If most of a certain type of work is being outsourced, the internal competence required to perform this work would disappear over time, making the organization too dependent on the outsourcing company.
I really interest the idea you said about the loss of competence. I did not realize before that will be one of the risk to the company. Of course, it will make the company over dependent on the outsourcing company, but we can also regard it as company structure integration, which help company raise work efficiency.
I think the loss of competence is an interesting point as well. However, when a company decides to outsource the IT service to a vendor, it means the company realized outsourcing can bring more values to the company, such as cost saving, resource optimization, and risk reduction.
Risk reduction, I think the issue of risk reduction will depend on other factors and might not be realistic or easily achieved. Example, Social Security Numbers are not treated the same in all environment, hiring processes (background check) are not the same in all environment, violations are not treated the same everywhere, etc. Thus, the contractual agreement must cover some issues extensively and the outsourcer must either transfer the risk (insurance) or accept the risk and have a contingency plan. Yet, should the risk exist, reputation is at stalk.
The loss of competence is the one I didn’t realize when I answered the question either. Even though the outsourcing may lead to the loss of competence of the outsourcing work in the company, the company may save much time and effort to focus on other works. Usually, a company will not outsource its primary services but the services that the company is not competitive in the markets. So from my point of view, the loss of competence is one of the potential risks but may not impact much if the company know its competitiveness and weakness.
Hi Mahugnon, Hanqing, Dongjie, Jing
Mahugnon- I agree with your statement and I can see how a loss of control and competence can become an issue/risk within an organization. It is important to maintain a liaison of the outsourced process within the organization which will prevent the organization from becoming too dependent on the outsourcing company. As well as the liaison can ensure the outsourcing company remains in line with the organization’s goals.
An organization that becomes too reliant on an outsourcing company could ultimately find themselves in a world of trouble. In an earlier post, I used an example of an outsourcing company that created “how to videos” from my department that went out of business. We were reliant on the outsourcing company but the process that they maintained wasn’t relevant enough for my department to go out of business. However, there are companies out there that rely way too heavily on their outsourcing provider that will definitely fall in line with your comment.
The risk of losing power is not easily noticeable, but it is real. Some global companies will set up their own IT service centers overseas to reduce costs or acquire skills. This actually reduces the loss of talent but will shift the focus of work to overseas regions.
Great point. The loss of competence is related to business continuity, What are your IT service providers’ business continuity plans? Can they continue their operations in the event that their core infrastructure or business is impacted by a natural disaster, threat to the electrical grid, geo-political upheaval, or other crisis? You can’t depend on your providers’ verbal assurances to these questions. Therefore, it is important to evaluate your provider’s business continuity plans.
http://deloitte.wsj.com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them/
Two risks associated with outsourcing software development are:
Hidden Costs- While it can be significantly cheaper to outsource software development rather than develop in house, there could potentially be hidden costs which hinder any savings a company is looking to achieve. Some of these hidden costs include labor costs, cost of software tools, costs associated with hardware and the physical office of the offshore team. It might be difficult to take into account the amount of resources offshore and what “payment pool” they belong in which could end up hurting the company as they may overpay for resources not needed or assigned to the project.. In this case, the actual costs might be greater than projected costs.
Quality of Product- Developing a software product offshore can certainly be beneficial especially from cost savings standpoint but it should not come at the cost of buggy software. The software might be functional but may not meet the quality standards the company is looking to achieve. Quality is very important especially if the software will be used by multiple consumers. every day. Depending on the time, resources, and money allocated to the offshore project, it’s possible that the person who develops the software also tests it. It is important to have a QA Analyst test the software before handing it back to the company. The risk here is receiving software whose quality is not up to par for consumers to use.
Yes, and still on the issue of hidden cost, with outsourcing a business might end up spending more resources than is needed or expected.
If the software service received is not quality or has errors as might happen with softwares, a business might end up paying as much or more debugging and fixing the errors. To avoid this, project requirements should be very clear to decrease the time needed to complete tasks and minimize the chance of redo process.
Hidden costs are a really interesting point! It’s important to think about how a decision may affect you in the long run. Like many consumer products, these tech solutions may also include hidden costs that a firm does not notice initially. I think on top of this, something to consider is that is it beneficial to pay an outsourcing firm a little less money and risk not getting your desired deliverable or is it better to stay within and have a stronger guarantee that what you ask for is what is delivered.
I agree with you,
The quality of the product can be one of the risks that company may hard to control. It is important for companies to have SLA to ensure proper services and functions be provided by the outsourcing providers.
Hiding cost risks is beyond my expectation. After all, the total amount of outsourcing contracts does not accurately reflect the company’s cost of providing IT services to third parties.
I agree with you. When cost reduction is the objective of outsourcing, there is typically a promise of early cash flow benefits and long-term cost savings. Certainly, a company can compare vendor costs with current costs and build technology and learning curves into future cost schedules. Conversely, it may not know about future possible cost savings or foresee technological discontinuities. These issues are probably matters of judgment.
Hidden cost is not easy to avoid. However, the potential costs could be controlled. Such as, rent and labor costs could be reduced by a effective cost estimation.
Outsourcing creates unique risk as it often causes organizations to relinquish control of their central processes. Two risks specific to outsourcing include:
The risk of security breaches. While this is an existing risk present even with in house operations, the opportunity for security breaches is augmented as organizations lose some control over the processes outsourced by the third party IT provider.
Differences or clashing between the company’s’ corporate cultures. It is important to identify compatibility with the outsourced company from the beginning to ensure uniformity or compatibility in the goals, strategies, structure, and approaches to situations. During the knowledge sharing process these topics should also be addressed. This is an area that can also be included during the RFP process and site visits to validate “compatibility”.
The possibility of of a data breach is a big one and really important to keep in mind. I thought you mentioning the differences a corporation can face in its company culture was really interesting. I feel that choosing an outsourced company that has a similar vision to yours and one that is able to adapt to your own changing circumstances is a good one to work with, otherwise it may cause hostility.
You are right outsourcing does expose a company to attacks as they lose control over the provider’s defensive practices. The important thing will be for the organization to continue prioritizing security in the IT function regardless of where it resides that means ensuring that your information is secure even if it is with your provider. There must be continuous reviews or audits on the provider’s current security strategies such as reviewing and assessing how educates are trained on security and ways of dealing with confidential data.
I agree with you. System selection should be based on business objectives and strategy. System is an important part in IT plan. IT plan should also compliance with overall business business plan. If the cultures are different between these companies. It is hard to achieve the business objective by implement of business strategy.
In the event of corporate culture differences or conflicts should be timely communication and remedial measures before the start of cooperation to find consistency and compatibility.
You are right. The difference of culture can be a risk when outsourcing when both companies have non compatible goals and structures. It can be a problem in the long run because this non compatibility can slow down certain processes due to the time it would take to coordinate things with the company abroad. Which time could be shortened if the companies had matching goals and structure. It is kind of the same as the one who posted about how time difference between both companies can also be a risk.
Unidentified authority is one of the risks in outsourcing. Companies should have lawful contract when they outsource the systems to other providers. There should be responsibilities list on the contracts to prevent data breach. If the contracts are not good enough for the outsourcing, unauthorized access may occur on the system. The system provider should have authority to remote access to the system for maintenance. However, they should not have authority to get information or data from the system. Therefore, the first risk for outsourcing is unidentified authority.
The second risk is that it is difficult to change system providers in outsourcing. When an organization uses certain system for a long time, it is hard for them to change system. Because employee in the organization get used to the system. Training them to use other systems effects work efficiency, Therefore, if the system provider terminates the service, it brings affects to their clients.
Yes, it is hard to change the outsourcing company. If the company choose outsource, the ability for company to produce the production will lost quickly. In this situation, company will over depend on the outsourcing company. If they want to change the outsourcing company, like you said, it will take long time for employees to learn the new knowledge, and it affects work efficiency. However, the company should also consider about the cost, if the price benefit can get from changing the company is bigger than the damage it takes, the company should change.
Your point is impressive. It is hard to change outsourcing company after a company or an organization uses a certain system for a period time. Changing outsourcing company is expensive since a company may also need to change its system or application. And training employee to adapt to new system also requires time and cost. It will be harder for a company to achieve cost-efficient goal and it is not good for long-term development.
I agree with you that unidentified authority is the one of the risk of outsourcing. Imaging a company faces a data breach, and it is hard to detect where the attack comes from. When company come to such a situation and especially when they have outsourcing, the responsibilities list on the contracts play a decisive role.
Hi.
I total agree with your points. Unidentified authority or Non authorized access to certain systems is a big threat as the company could loss control over its data. there fore there should be a clear list of who has access to what, and their level of access. The second point about the change in provider is very true. I have experienced it first hand during my internship in one of the big four accounting firms. During my internship I was informed that the company was switching from a old system to a new one and almost everyone in the firm had a hard time trying to learn and get used this new IT technology for email management, communications and daily work and calendar management and others.
The first risk of outsource is the quality of the products. It is sure that the outsource is good for company to save money. However, it also means that you will lose control to your production quality. The outsourcing company may not pay enough attention to the product quality, they may not do the quality test. But the product quality is directly affecting the users’ experience, it decides how many production you will sell and how large of market you will take.
The second risk of outsource is data breach. When you outsource the production to other company. When they start to producing the product, the specific parameters and data of the product will be find by the outsourcing company. The outsourcing can sell these data to your competitors, it can produce the production by itself, or they may change the parameters without your agreement.
I agree with you, because system providers may have authority to access in the system. If the authority cannot be identified properly, Data breach could occur on the system. That is one of he risks for outsourcing.
I agree with you Hanqing. To manage the outside vendor could not be as efficient as managing in-house IT service. The outside vendor may need to support many companies’ operation, therefore the response could be delayed when problems happen.
I agree with you. CIOs should first identify the service providers that either store or transmit confidential information. Next, CIOs should consider the volume and type of data those third parties handle, along with the frequency with which they handle it. The higher the volume of sensitive data a third party manages and the more frequently they handle it, the greater the risk that the confidentiality of that data will be compromised.
Source from: http://deloitte.wsj.com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them/
Good post, Hanqing. For your second point of risk, I would like to understand it as information/data leak. For outsourcing enterprise, they always have to share some sensitive information/data with outsourcing service providers. Therefore, if outsourcing service providers could not handle those information/data properly, it would cause serious information/data leak incident.
The two kinds of risks you mentioned are the most common, but they are also the most important. Outsourcing to third parties may result in quality problems due to non-strict control, thus affecting market share. And some third-party vendors may resell the company’s usage data to competitors because of the temptation of money is likely to occur because no one can guarantee that they will be emptied of the data without disclosure.
I agree with you. For the quality,The implications of a quality failure from an international source are much more severe than a quality failure from a domestic source. With the lead times involved with transporting goods from international sources, serious disruptions can occur and it can take several months to rectify the problem. To help minimize this risk, many companies prepare detailed product specifications for suppliers and insist on independent quality control inspections.
I agree with the point of the standard of production but I think that is controllable to some extend-quality check. I think it more difficulty to safeguard the blueprint from duplication which could increase competition. Again, it goes down to the contractual agreement and the commitment of all parties. Copyright is not a violation everywhere or is not punishable equally in all environment
The first risk would be the risks to the confidentiality of information. When companies want to outsource their IT project to other companies, whether the outsource companies doing good job or not, our companies need to give the data and every details to the outsource companies. and after the IT project was done. The risk for data breach is always higher than doing it by ourselves.
The second risk would be loss of control. The business managers will lose some control over the processes outsourced by the IT provider because all the outsourcing staff is managed on IT provider’s side. Lack of communication and visibility may result in the increase of time needed to complete the project.
Good point Ping. when a company outsourced its IT service, it could lose the confidentiality of information. For example, I read a news last semester. A recruiting company stored the applicants’ personal information on an Amazon server without any protection measurement. All the personal information stored on the server are under the risk of exposure. In this case, Amazon as a service vendor did not perform enough security control for the recruiting company. To avoid similar problem happen in the future, companies like the recruiting company should perform auditing and monitoring on the vendor periodically.
Well said, Ping.
The confidentiality issue you mentioned reminds companies of the importance of selecting a trusted outsourcing provider. Whether the partner has a strong internal control, a safe information system, or sound company policies established can be part of the considerations when choosing outsourcing provider.
As you said, the risks to confidentiality of information and loss of control are concerns brought by outsourcing. Outsourcing require information sharing which increases the possibility of data breach. And the company will lose its strong control over company’s data and information, which make harder for a company to react after any incidents happen. So the risks brought by outsourcing should not be ignored by company.
Great point. In my opinion, the confidentiality of information is the most important of the information security among the CIA triad (confidentiality, integrity, and availability). Hiring experienced and reliable company is crucial for the protection of provided information. The security issue is especially significant when the outsourced project involves highly sensitive data.
I agree with you. When an outsourcing company is hired by an organization, it is crucial to protect the organization’s important data and intellectual property.
There are three important questions should be considered:
Is the outsourcing company open for signing up NDA?
Does the company have previous experience in working with the sensitive data?
Successfully completed projects in financial, medical or government industries would be a huge plus
Risks associated with outsourcing software development could be:
Communication risk-communication is important in any collaboration. The outsourcing service provider can have a quite different enterprise culture, working languages, and time zone from your company. If there is a lack of a good communication during corporation, it would result in poor work effectiveness, unclear objectives, and become time-consuming to achieve company’s objectives.
Geopolitical risk-geopolitical climate should be take into account when deciding which country to outsource from. Usually, outsourcing providers in troubled areas (e.g. political turmoil) would be much less expensive. Without knowing the geopolitical climate would bring troubles result in unreasonable price or other bad decision making.
I agree with you, if the service provider is in different location, it is bad for communication between both parties. It will bring affects to work efficiency if there is any problem on the system. In addition, different countries have different policies on system. It also bring risks between both parties because of the differences of policies.
Geopolitical issues could also affect a business as they have to consider the stability of the political situation in the outsourcing country that won’t affect the long term functionality of the company.
Also, outsourcing means that the outsourced company is in another geographic location. So geolocation matters as you have to consider
– Time-zones
– Distance and accessibility, (how easy will it be to make on-site visits? Are there traveling issues? etc)
– Language issues. There are about 22 major different languages spoken in India, more than 150 languages and dialects are spoken by the Indigenous peoples in Brazil, etc; and these languages even within the same countries are not always mutually understandable.
– Travel Cost. Research should also be done in the event that the business wants or needs to visit the outsourcing company. Depending on the location, traveling overseas could be costly and time consuming; a flight from the U.S. to India will likely cost over a $1,000 and may involve multiple days of travel in each direction, whereas a flight to Costa Rica from the U.S. will cost about $500 and take a few hours
I totally agree with you the analysis of travel cost. If the company want to reduce the travel cost, the employees may be asked to have the business meeting online, but face-to-face communication cannot be replaced.
I agree with you, especially for geopolitical risk. Different area for outsourcing may brought different cost for a company. Before outsourcing, a company should know clear about the geopolitical climate for the area where it intend to outsource. It is a significant step to achieve cost-efficient goal for a company and to build a stable long-term relationship between the company and outsourcing company.
Well said. There are more viable offshore outsourcing destinations than ever before — a great boon for IT leaders seeking new sources of talent, language capabilities, nearshore support, and risk diversification. But IT organizations can no longer afford to take traditional view of outsourcing location assessment. The classic criteria for assessing geographic risk in an outsourcing location have been geopolitical stability, the general business environment, the quality of human capital, the legislative and regulatory environment, and the broader IT landscape.
Source from: https://www.cio.com/article/2384840/outsourcing/how-to-evaluate-the-risk-of-outsourcing-locations.html
I agree with you. Pay attention to the:
Time zones and the way outsourcing company overcomes those
Distance and the accessibility. How easy would it be to make on-site visits? Are there any traveling issues?
Payment options available
Place of company registration
Place where company holds their accounts. In some cases the location is important due to financial monitoring
Increase awareness of the region laws and regulations to better plan for incompatibilities and allowable tradeoffs.
Language barrier
Stability of the political situation in the country that won’t affect the long-term functionality of the company
Risks that may be augmented by outsourcing include:
The risk that the outsourcing company may go under or be taken over and the mother company may not have access to the source code for their software. (which is where the contracts in the outsourcing documents should have allowances for situations like this)
There is also the risk that the outsourcing company may not have strong security controls and they are breached, company data may be compromised, and the system may not be available. This breaches the principle of Confidentiality and Availability.
I totally agree with you regarding data breaches that may happen to an outsourcing company. Though an outsourcing company would be vetted before chosen, their security would always be questionable compared to your own. I thought that bringing up how an outsourcing company may go under/taken over is an interesting viewpoint. It is not one that I had thought of. I feel that having that aspect straightened out would probably take some time and delay any projects the firm had outsourced.
Good point, Folake. Strong security control is always important for any outsourcing service provider since they have to deal with a lot sensitive information/data everyday. One of the security control could be least privilige principle, so it only provides necessary access to authorized personnel at a limited time period. Also, physical control measure could be applied as well, such as security camera.
I agree with you, Folake. Security controls is indeed one of the biggest challenge when outsourcing different functions of business. It is important to have strong security controls in place to protect the confidentiality, integrity and availability of the information.
Some risks that may associate with outsourcing information system service could be:
First, if companies outsource the IT system to outside of the United States, communication could be a challenge. The service provider might in a different time zone, which means there might be time differences. For example, there is a 12 hours’ time difference between Indian and United States, which could make the real-time communication more difficult.
Second, when companies outsource the IT system aboard, it is harder to control the confidentiality of information. They might have different confidential levels and definitions of information between the two parties.
Hi,
I agree with your opinions on how outsourcing can cause difficulties when communicating with people who are halfway around the globe! It can definitely become challenging and make communication very difficult. Security is also an issue, like you mentioned. Because there is blind trust involved when going with an overseas option, you do not really know who you are working with and how they may manipulate the information you give them.
Hi Ami, thank you for your response. Besides the geographic problems, I think culture is another challenge for communication, such as languages. Misunderstanding could happen when people speak different languages.
I agree with you, if a company outsources its system to other company in different countries, it is difficult to communicate with service provider. Because the time may be different. It has bad affects to working efficiency. In addition, service provider has authority to access to the system. Employees may obtain information and disclose for personal purposes. Therefore, it is bad for confidentiality.
Agree. Difference time zone will make communication and negotiation inconvenient between company and outsourcing company. Besides that, different language and culture may make misunderstanding in daily operation and may decrease the level and standard of service. Meanwhile, the loss of data may be another concern regarding outsourcing, the confidentiality of information may be impacted in the process of outsourcing.
Well said. With the onrush of technology and Internet has changed the world tremendously and turned it into the global marketplace, time zone difference is the main problem of global outsourcing. Just imagine that you have an urgent issue, but all members of your remote team are offline.
I agree with you. I understand how difficult the outsourcing is outside of the United States. Especially in some countries that using small languages.
Great points, Dongjie! When multiple business functions are outsourced, it is important that companies synchronize well enough to produce better results. However, time difference can prove to be challenge leading to difficulties in communication and inefficiencies
Outsourcing is now a popular way for business to cut down cost and increase efficiency, there are also significant risks and challenges when managing outsourcing relationships.
When doing outsourcing in a different country, language and cultural barriers becomes a big challenge. Personality and community behaviors are different among employees in various geographies. It will impact communication adherence to program management. Time zone differences will be a problem for effective communication as well.
The business will also encounter the lack of business or domain knowledge when engaging the outsourcing. That is understand the strengths and weakness, domain skills, process expertise, employee capabilities, delivery ability etc. of their vendors. Basically, the further the vendor is, the more critical the issue becomes.
There are also geo-political instability, climatic conditions and civil situations that make the outsourcing engagement hard to be managed.
Source: http://www.tholons.com/nl_pdf/070710_risks_offshore_outsourcing.pdf
https://www.cio.com/article/2439495/outsourcing/outsourcing-outsourcing-definition-and-solutions.html
Well said, Xiaozhou.
Outsourcing could result in several risks, which requires companies to deal with different enterprise culture, even country cultures, languages, compliance issues, and as you mentioned, limited domain knowledge and geopolitical situation. So the outsourcing needs to take many elements into account and balance the benefits and the risks well.
Well down, Xiaozhou. One point you mentioned is absolutely a problem which is time zone. A company in US outsource their service to India which provide cheap but high qualities services with fewer language obstructs. However, the issues raised by time zone significantly increase the payroll fees for working overtimes to meet Eastern time and the reactions time for contingency issues happen in US.
Agree with your point in global differences. The rules and regulations are so different among the countries all over the world. Outsourcing in globalization is hard to make.
One of the risk of outsourcing is compliance with legal and regulatory requirements. Every country has its own legal regulatory issues. When outsourcing your function to a company in another country the expectation is to adhere to certain industry standards which much not be the case. This can now bring an issue of how do you measure performance if you do not use the same standards. You might also face the risk of having to comply to different cross border data flow legislative requirements.
Social implication of outsourcing include increase in unemployment, loss of income and competitive advantage for the country outsourcing its services. Then there is a challenge of different cultures, life styles and time zones that also have an impact on the business.
Hi Karabo, I really like your post. Outsourcing can increase in unemployment, but it can bring more job positions at the same time, One example is Foxconn. Apple outsources the assembling job to Foxconn in China which reduced the labor costs. It created a lot of job positions for Chinese society.
Hi Karabo,
Yes, I agree with your entire statement. Compliance with legal and regulatory requirements between different countries and cultures is a huge risk with outsourcing. Organizations found not complying have found themselves in a world of trouble and hefty fines to pay. You also mention time zones, which was an issue for my department a few years ago. Long story short, our main operating system was outsourced to a third party company who was based in a different time-zone. Needless to say when we experienced system issues it was a catastrophe to have the issues resolved in a “timely” manner. Someone or several employees from the outsourcing company were required to work during strange hours within there time zone just to resolve issues. And, in some cases early on we were stalled because there was no one available.
Your point about legal and regulatory requirements are really good ideas. When outsourcing, local rules, regulations, languages, and even culture will bring complicated issues. How to adapt to local area takes time and how to measure the performance need a set of standard. It is very important for a company to monitor its outsource functions are operated on the right track.
Outsourcing refers to the transfer of a business function to a third-party service provider. The most common process that is outsourced today is a company’s call center or IT functions. The reasons that most companies outsource is to allow them to be more flexible or agile in their day to day functions. Well-structured outsourcing arrangements would allow for more efficient distribution of roles and tasks within the business, as well as provide a range of benefits and risks. Nevertheless, there are several reasons for a company to choose to outsource such as cost reduction, unskilled employees, reduction of risk (in some cases), and simply the organization just can’t support the function.
Outsourcing also has several risks associated with it, such as lake of control, language and cultural barriers, differences in time zone, third-party data breaches, and the mishandling of a given function to a third party vendor. An example of the last two risk is the USIS mishandling of governmental background check for OPM in 2013/2014. To shorten the story USIS was not conducting the governmental background checks as contracted, and to top it off their SAP system was hacked which was managed by a third-party vendor. Ultimately causing the loss of PII for about 27k governmental employee.
Overall outsourcing can be very beneficial if properly conducted, but it can also be risky.
Well said, Lezlie. Call center and some basic IT functions are always the priority choice which an enterprise decides to outsourcing business. For example, customer service is closely related to our daily life. Outsourcing customer service can usually keep it run 24/7, however, sometimes the quality of service cannot be guaranteed due to culture conflict.
The risks of outsourcing could relate to confidentiality and geopolitical elements.
Outsourcing will bring the risk of data breach for companies. When a company outsource its IT service to external company, the information and data are shared to outsourcing company, the control of IT service by the company itself is becoming weaker. It increases the possibility of data breach by external company which threaten the confidentiality of information and may result financial and reputation loss for the company.
Geopolitical is another risk for outsourcing. Different time-zone, different culture and regulatory, and different language may result some difficulties for companies and outsourcing company to communicate, to react and to maintain good quality of service. Meanwhile, the cost of outsourcing also depends on geopolitical factors. There are more things to do to keep a cost-efficient balance.
One thing you mentioned that I consider interesting is reputation loss. Usually, when an organization determines to outsource its business to outsourcing service provider, it has to bear the risk of reputation loss. When an incident or information leak event happens, people or customer would look back to the outsourcing enterprise itself rather than outsourcing service provider since there is only a single brand demonstrated.
Well down, Yinyan. Geopolitical is indeed a key risk toward the outsourcing. like the companies in China that worked for the projects happened on the US. And in some countries like America the time zone is even different even within the countries, like Western Middle, and Eastern time.
Outsourcing can bring big benefits to your business, but there are significant risks and challenges when negotiating and managing outsourcing relationships.
At the heart of the problem is the inherent conflict of interest in any outsourcing arrangement. The client seeks better service, often at lower costs, than it would get doing the work itself. The vendor, however, wants to make a profit. That tension must be managed closely to ensure a successful outcome for both client and vendor.
Another cause of outsourcing failure is the rush to outsource in the absence of a good business case. Outsourcing pursued as a “quick fix” cost-cutting maneuver rather than an investment designed to enhance capabilities, expand globally, increase agility and profitability, or bolster competitive advantage is more likely to disappoint.
source: https://www.cio.com/article/2439495/outsourcing/outsourcing-outsourcing-definition-and-solutions.html
Yes, I agree with your points. There exist the inherent conflict of interest in any outsourcing arrangement. And some outsource in the absence of a good business case cause the outsourcing failure.
I agree with your first point. It is really important to know what is the market situation, the competitors’ advantages, and what the society needs.
I agree with you for your nice point. It is indeed about “the inherent conflict of interest in any outsourcing arrangement”.
1. Viability of Service Providers
The worst thing is the prospect that the provider will fail and leave customers in the lurch without access to critical services and systems. There have been a number of immediate and dramatic instances of failure of managed security service providers are threatened the ability of customers to stay in business.
2. Loss of Organizational Trust
A significant nonquantifiable risk occurs because outsourcing, especially of services, can be perceived as a breach in the employer-employee relationship. Employees may wonder which group or what function will be the next to be outsourced. Workers displaced into an outsourced organization often feel conflicted as to who their “real” boss is.
Reference: https://saylordotorg.github.io/text_fundamentals-of-global-strategy/s10-04-risks-associated-with-outsourc.html
Risks associated with outsourcing could be the loss of control over service quality and increasing threats to information system security.
The control over a business process could be potentially compromised when the process is outsourced. If an outsourcer and an outsourcee didn’t explicitly agree on the levels of services would be delivered and develop a service level agreement, the outsourcee might deliver services to outsourcer with minimum efforts.
When a company considers outsourcing IT functions and share information with service provider who has weak internal controls or security standards, the service provider might leak critical information of the outsourcer either intentionally or accidentally. Besides, people with malicious purposes might utilize the service provider as a gateway to break into the information systems of the outsourcer.
I agree with you of these two risks. The purpose of outsourcing is saving the cost for the company. If the outsourcer cannot achieve the goal and expectation of what the company wants, saving the cost is meaningless.
Also, if the company outsourcing IT functions and share the important internal information, the company might lose heavily.
Outsourcing as an important way to effectively allocate the producing resources. And it is common to outsource IT functions or even the whole departments for many small and middle companies and it also happens on large companies. Some IT companies own online services also do it for a batter business.
The first risk would be about the data and security protection. When the offshore vendors failed to protect the data from their part, you still need to take responsibilities for the damage of leaking data. You may find ways to mitigate risk by insurance and mention related issues and compensations on the contact, while you must be in charge with the reputation loss and legislations issues.
Another risk is about the services vendor failure to deliver. When your company outsourcing some critical functions or processes of your business. You may face big problems when your main vendors unexpectedly stop providing services. So, a contingency plan should be always on the table to prepare in case in advance.
Outsourcing your IT needs has a lot of benefits as it is cost efficient and provides instant access to specific knowledge and expertise. Nonetheless, these benefits go hand in hand with risks that cannot be avoided.
Loss of the control is one of the risks of outsourcing. No doubt business managers will lose some control over the processes outsourced by the IT provider, as all the outsourcing staff is managed on IT provider’s side. Lack of communication and visibility may result in the increase of time needed to complete the project.
The other risk that I identified is confidentiality of information. When an outsourcing company is hired by an organization, it is crucial to protect the organization’s important data and intellectual property.
Source from: https://hackernoon.com/6-main-outsourcing-risks-and-how-to-mitigate-them-2d9c0196a122
I would like to talk about the outsourcing in IT area. Two important things came to my mind when outsourcing is mentioned. One thing is that the core components of the system cannot be outsourced to others. If so, the company would lose its core competency. One example I can provide is software development. Apple owns its unique IOS system in the market for several years which is its core competency. It can be identified as a risk if the company outsource its whole product and idea.
The other thing is the product which needs to be iterated quickly cannot be outsourced. For example, Internet information technology. Because of the change of the applications and programs are fast, the development period is short, the upgrade and change need a lot of labor and resources, these all point to money. If the company outsource its Internet information technology, it is no doubt a risk. To be more specific, if the outsourcing team is developing an application, not finish yet, and Company A already paid the team money. At the same time, Company B releases a better application than the outsourcing team. Here is the risk, Company A spent money but still not get the expected application.
It is true that not all components can be outsourced, even their might be organizations producing similar products, companies always want to keep their core technology or products confidential, they want to assure the quality as well.
Also, it is always a complicated process to negotiate the outsourcing with other organizations, it requires a various back-and-forth discussion to reach a final agreement.
During the process of outsourcing, an organization must disclose a lot of information, including business strategy, performance indicators, and sensitive data, some of them could be considered as trade secrets. With the expansion of the scope of enterprise information communication, outsourcing service provider could not handle that kind of information properly so that information leak event would happen. Leakage would bring serious consequences on both operational and legal aspects to the enterprise.
Another type of risk for outsourcing could be interest conflict. Although outsourcing firms and outsourcing providers are strategic partnerships, they are also a community of risks. Because they are, after all, two different legal entities, each of whom would like to maximize their own interests. Therefore, there will be outsourcing enterprises hope outsourcing service providers do more, less profit, while outsourcing service providers hope to do less, more profits, it is destined to have a conflict of interest on both sides.
You make some great points. I would want to know what exactly my firm considers too valuable to outsource, including business strategy, KPI’s, and whatever sensitive data. Ironclad SLA’s should address this, but a SOC 2 report should also factor in somewhere. If the vendor can’t provide such documentation, it should be considered an unacceptable risk to the firm.
Outsourcing related risks include lack of control and lack of business or domain knowledge.
Lack of control – we know that outsourcing is the business contract to a third party to complete, sometimes because of the cost of the relationship will usually choose to practice in some low-cost countries, this time because of distance or time difference and other factors may cause Unforeseen circumstances cannot be controlled in time, resulting in losses.
Lack of knowledge of the business or domain – When the business is handed over to a third party, there may be a lack of knowledge of the domain, resulting in a very different result from what is expected and eventually increasing the cost of output.
Outsourcing your IT needs has a lot of benefits as it is cost efficient and provides instant access to specific knowledge and expertise. Nonetheless, these benefits go hand in hand with risks that cannot be avoided.
Loss of the control is one of the risks of outsourcing. No doubt business managers will lose some control over the processes outsourced by the IT provider, as all the outsourcing staff is managed on IT provider’s side. Lack of communication and visibility may result in the increase of time needed to complete the project.
The other risk that I identified is confidentiality of information. When an outsourcing company is hired by an organization, it is crucial to protect the organization’s important data and intellectual property.
Source from: https://hackernoon.com/6-main-outsourcing-risks-and-how-to-mitigate-them-2d9c0196a122
Great points, Xiaomin! Loss of control is indeed one of the risks of outscoring, Also, I believe it will be a great challenge to mother company to ensure that security awareness training programs are conducted by outsourced company in a periodic manner to have overall internal controls in place.
2 particular risks that are specific to outsourcing or that may be augmented by outsourcing:
The first risk is about Supplier risk. Any arrangement with suppliers has elements of risk involved with it; however, risks associated with sourcing internationally are often higher. With sourcing, the company must thoroughly investigate (i.e. carry out due diligence on) potential source markets and suppliers, making an in-depth risk assessment and checking the business practices of potential suppliers to identify any possible problems. The second risk is about Intellectual property protection. When companies share information with suppliers in countries that have less stringent regulations about intellectual property rights, proprietary information is often leaked. For some products this may constitute an insurmountable obstacle to outsourcing. In others, where the product is constantly evolving, the company may decide to dispense with patent protection, confident it can develop new products faster than the market can reverse engineer them.
http://www.tradeready.ca/2016/topics/supply-chain-management/4-biggest-outsourcing-risks-face/
One if not the big concern with outsourcing is security. From handling proprietary intellectual property to customer’s confidential information, a great deal trust must be established and maintained by the outsourcing vendor. This trust should be established by reputation, agreement and necessity.
Reputation can be found during the due diligence process of identifying an appropriate vendor. An agreement is defined and the contracts for what is expected from the outsourced vendor. A contract should discuss in detail all matters of handling and disposing of data. When outsourcing, the outsourcing company should look at the necessity of what data must be provided to the vendor. Companies should avoid outsourcing core processes or data of that would constitute a high risk if lost, disclosed or altered.
On the other hand outsourcing Software development could potentially reduce the risk that comes with building in-house. A vendor that provides the same products or services or other organizations is likely to stay around for a while. This longevity means that they will be around to support their products and That the popularity of their product means it would be more likely to be incorporated and 2 other services making it easier for those 2 products to communicate to each other. One of the biggest risks with in-house solutions is that it requires specialized knowledge to maintain. The longer the in-house solution is in place the more Specialized the maintenance becomes. With every update, patch and change to the in-house software the more complicated and harder to maintain it becomes. Also, the personnel who are knowledgeable of the in-house software become so specialized that their walls could be catastrophic to business processes or the organization.
This gets into concerns with legacy systems. If a firm outsources a given process, this should address the concern, but what about outsourcing enterprise architecture management? I know last semester we were told that this should never happen, but I bet it does, particularly if a firm doesn’t want to deal with the chaos of replacing some in-house solution with a new streamlined and integrated system.
Outsourcing can be an effective tool for an organization, but it is not without its flaws.
Outsourcing vendors are not actual employees of the company, and they are subject to separate expectations and culture compared to your own. This could lead to misuse of company assets. The vendor could be exposed to information or data that could endanger the company. To mitigate this issue, monitoring is a must. Companies should not put any trust in these people and reveal as little information as possible.
Another risk of outsourcing builds on the difference in company culture, and is related to a company’s brand appeal to consumers. Communication with a vendor can prove difficult due to time differences, and this can affect transportation/shipping as well. The location can also create a disconnect in culture. The differences in expectations and common courtesy can create issues and can affect reputation. It is important to know exactly what you are getting into when outsourcing.
Well down, You raise an Interesting ideal, Scheuren. The key conflicts between the vendors and us is different objects and business goals we have. What we need is not just a product which is the final goal for our vendors. What we want is actually an product could support our business goals.
You get into the concern of governance or oversight in an outsourcing situation, and this is indeed tough. How do you ensure adherence to company policy or culture if you’re not there or directly involved? Who can you trust to report back on the compliance? If disaster strikes – such as in the FoxConn factory story with Apple – who gets the blame, and – more importantly – who will consumers and regulators look at first? These are all difficult questions with no one answer. Given that massive cost-savings in outsourcing however, such calculations must be made by firms large and small.
As an auditor in the banking industry, I’ve considered several different risks that I feel would be considered by bank management in the event that a project were to be developed through outsourcing.
Considering geopolitical, regulatory, and social realms, the risk in my industry that can potentially fit all three categories would be the compromise or loss of data through outsourcing. Geopolitically speaking, if the vendor chosen to complete the project were domiciled in an area with different standards and regulations in regards to privacy, data needing to be protected could be shared for one of a few different reasons: Inadequate vendor security, security or systems breach, or unethical use of data for various purposes. In terms of regulation, the banking industry is required to provide privacy notices to customers on a regular basis. These notices disclose manners in which personal data may be used by the organization. A vendor chosen without very thorough due diligence may not share these requirements, leaving a more relaxed handling of data included in an outsourced project. The recent Equifax breach would serve as an excellent recent example of the social implications resulting from data falling into the wrong hands. In my bank, our various risk assessment efforts have determined that reputational risk is of the utmost importance, based on several factors. Socially, data compromised by security breach or mishandling of any type could be crippling to our business.
Another risk that stands out as unique to me, would be the lack of source code escrow required through licensing agreement in the project. Should the developer go out of business, mission critical software could potentially be left without maintenance or being abandoned altogether. In this case, having access to the necessary software info to ensure business continuity would be of paramount importance. Viewing this scenario from the regulatory and social angles, there could be great impact. Using banking as an industry example here, loss of data through abandonment may, at a minimum, have consumer privacy implications. On a higher level, abandonment could cause greater organizational risk to a bank during Federal examinations utilizing inTrex criteria, used by FDIC/FFIEC. Socially, a break in operations due to orphaned software could be very damaging to an organization when competing in an industry where nearly every competitor is aiming to provide high-level customer service and gain market share.
My personal takeaway in this discussion is that if choosing to outsource a project of this type, excellent vendor management processes must not only be in place, but executed flawlessly when choosing a developer. Analysis of the vendor must occur on several different levels, not limited to, financial risk, references from previous customers, and research on regulation, standards, and practices within the area a developer is located.
As an auditor in the banking industry, I’ve considered several different risks that I feel would be considered by bank management in the event that a project were to be developed through outsourcing.
Considering geopolitical, regulatory, and social realms, the risk in my industry that can potentially fit all three categories would be the compromise or loss of data through outsourcing. Geopolitically speaking, if the vendor chosen to complete the project were domiciled in an area with different standards and regulations in regards to privacy, data needing to be protected could be shared for one of a few different reasons: Inadequate vendor security, security or systems breach, or unethical use of data for various purposes. In terms of regulation, the banking industry is required to provide privacy notices to customers on a regular basis. These notices disclose manners in which personal data may be used by the organization. A vendor chosen without very thorough due diligence may not share these requirements, leaving a more relaxed handling of data included in an outsourced project. Equifax would serve as an excellent recent example of the social implications resulting from data falling into the wrong hands. In my bank, our various risk assessment efforts have determined that reputational risk is of the utmost importance, based on several factors. Socially, data compromised by security breach or mishandling of any type could be crippling to our business.
Another risk that stands out as unique to me, would be the lack of source code escrow required through licensing agreement in the project. Should the developer go out of business, mission critical software could potentially be left without maintenance or being abandoned altogether. In this case, having access to the necessary software info to ensure business continuity would be of the utmost importance. Viewing this scenario from the regulatory and social angles, there could be great impact. Using banking as an industry example here, loss of data through abandonment may, at a minimum, have consumer privacy implications. On a higher level, abandonment could cause greater organizational risk to a bank during Federal examinations utilizing inTrex criteria, used by FDIC/FFIEC. Socially, a break in operations due to orphaned software could be very damaging to an organization when competing in an industry where nearly every competitor is aiming to provide high-level customer service and gain market share.
My personal takeaway in this discussion is that if choosing to outsource a project of this type, excellent vendor management processes must not only be in place, but executed flawlessly when choosing a developer. Analysis of the vendor must occur on several different levels, not limited to, financial risk, references from previous customers, and research on regulation, standards, and practices within the area a developer is located.
Outsourcing is a great way to handle processes where there is better value, but issues can arise from it. One risk is that it can be difficult to control. Control is easy to keep when it is directly under you, for example if you are responsible for managing two schools next to each other vs two that are in different states. If they are next to each other, you can personally handle or visit issues right away and make sure they are handled in the way you would like. If they are in different states this requires trusting someone else to make sure things are done in the way you want and you can’t as easily step in and implement the changes you want.
Another risk is that the organization is more exposed to political and regulatory changes. The world is constantly experiencing a wide variety of issues and changes during this time. Even more so, country leaders are changing regulations the directly impact the bottom line of an organization. There is not much that can be done to help this. Planning for these changes and trying to make the best of them is the only solution, and can be incredibly risky.
Outsourcing your IT needs has a lot of benefits as it is cost efficient and provides instant access to specific knowledge and expertise. Nonetheless, these benefits go hand in hand with risks that cannot be avoided.
Loss of the control is one of the risks of outsourcing. No doubt business managers will lose some control over the processes outsourced by the IT provider, as all the outsourcing staff is managed on IT provider’s side. Lack of communication and visibility may result in the increase of time needed to complete the project.
The other risk that I identified is confidentiality of information. When an outsourcing company is hired by an organization, it is crucial to protect the organization’s important data and intellectual property.
Source from: https://hackernoon.com/6-main-outsourcing-risks-and-how-to-mitigate-them-2d9c0196a122
Outsourcing has a lot of benefits as it is cost-effective and provides instant access to specific knowledge and expertise. All these benefits go hand in hand with risks that cannot be avoided. Use of outsourcing involves customers, employee, and other highly sensitive information.
-Confidentiality of information and data protection
In the recent, IT environment use of outsourcing and vendors moving to cloud computing (SaaS) are increasing rapidly. While using the internal server to store data, the company is able to determine if the data security protection meets the level required by the organization. they also have a control over modifying the security level. In today’s world, the control is even more critical when are data security and breach requirements directed by law. Currently, legal requirements are built more around sensitive information such as customers confidential data. However, by outsourcing functions, the company/company client no longer makes the decisions nor does they have a control.
– The outsourcing project management
Managing a project in the outsourcing company can be a cumbersome job to handle and decrease the efficiency in the final result. This risk can break down into three main aspects.
1) Culture
One of the principal cons that firms point to are the capability to find development teams with the ability to successfully integrate into a company culture that was previously unknown.
2) Vendor Dependency
This aspect is more related to key competitive advantages of the outsourcing company that the firm would have no choice to move forward and depending on them for all similar such services.
3) Proprietary Information
This issue continues to be a real concern for firms how are relatively new to outsourcing concept. It’s not easy to turn over the firm’s information to an unknown third party, nor it’s advisable. By tracking the outsourcing company’s work history through the industry and same capacity companies, this comparison should be easier.
Culture is certainly important, and a failure to adapt to or blend into a client’s corporate culture would certainly be a problem. This is something that is often forgotten in the rush to handle the technical and legal considerations, but it is just as easily a deal-breaker.
Outsourcing has been a common trend as it has benefitted a lot of business organizations in more than one way. Companies choose to outsource different business functions in order to operate effectively an efficiently. Some companies outsource payroll function, and others outsource IT functions. The one I am familiar with is foreign companies outsourcing IT functions to companies in India. While there are multiple advantages to outsourcing, there are disadvantages or risks as well that cannot be overlooked. The two main risks can be:
shared sensitive information and time difference issues. When a company outsources, it has to share confidential information to the outsourcing company. This can impose a lot of risks to the information. Similarly, the different time zone can be problematic outsourcing business functions. It can be difficult for two companies to coordinate at all times. This can lead to loss of productivity and increase inefficiencies.
I agree the idea of potential data breach.
Definitely, when a company is negotiating outsourcing with other organizations, they need to share information and data to make sure the production process works well. However, it is always a question that to which extent should they do. If they don’t exchange enough information, the quality may not meet the requirement. Also the information security is under risk as well, they have to make sure other organizations won’t be able to get access to their information without notice.
You’re making a good point. It can be difficult for some companies to coordinate due to timezone. However during my internship in a big four accounting firm, I noticed that some of their IT function was outsource to companies in India and India has a huge time zone difference with us. Thinking back to it I did not really notice any particular issues regarding coordination with the workers in india that was due to time zone. So I feel like most big firms have that side of outsourcing issue figured out and they have ways to deal with it so that it doesn’t create any coordination issues.
Outsourcing risks can include:
Nationalization of assets.
In some nationalist countries, nationalization can be used as a political tool to eliminate foreign involvement, perhaps if the particular country is in a proxy war with the other. This can happen without compensation to the previous owner, so a firm would be potentially paralyzed by such a move. If, for example, a firm outsources its database management to some other country, and that government takes control of the company’s assets there, the firm would be completely without database management, barring any disaster recovery plan.
Potential Government Interference
In the example of Kaspersky Lab, a cyber firm might be compromised because of its other clients (the Russian government), so a firm outsourcing services to them might discover unwanted government surveillance of your business operations, potentially adding cost to the processes. If you have multiple national governments as clients – as Kaspersky does – this creates an almost impossible web of conflicts, something I would never want as a vendor or a client.
I think the point on government interference is something that I had not thought of. Being compromised by outside governments like Russia or other high-risk countries is something that is plausible, like we saw with the election.
That is an interesting point you made about the Nationalization of assets. That was something I did not think of and I think it is something that many firms neglect as well. The hardest part is the uncertainty you have to deal with because you cannot always predict the political climate in a country or when a war can break out. Which is why you need to be prepared at all time for anything.