 |
||||
|
|
|
||
|
Contents 
Outsourcing risk
High-risk areas
Mitigate don't hesitate
Written in ink?
IDC: Loss of control the biggest risk
Gartner's Oz VP sourcing |
|
||
|
|
||||
|
|
||||
Marks says some organisations spend a lot of time understanding what could go wrong but it's only once you start to deliver a service that you are able to measure what it is you are doing and how you are providing that service.
"We use a scorecard system, where we look at how we are doing in terms of SLAs, if we are losing money, whether the customer is trying to include more services than first scoped, and we do this on a regular basis during monthly meetings, with "red" cards being dealt with as early as possible rather than being allowed to accumulate and blow up," he says.
Dimension Data's general manager of service delivery Karen James says if you spend a lot of time mitigating risk, it doesn't need to be written into a contract.
"We involve ourselves in a lot of risk mitigation, rather than putting it into the costing, which we believe is not an effective approach," she says. James says some penalties are just there to crawl back money but are not in the supplier's control. She uses the example of outages per month at a site or a device. "There are a lot of possible reasons for this, but do you write this all up or do you ask if this is a realistic measure of performance," she says. "If a vendor has a problem, is that the service provider's fault?"
James says that in some cases, even if an SLA is in place and is met, the client might still penalise the supplier. "If you go into those sort of agreements, the risks aren't in your control, so you could fix the problem but there might be an overriding clause that says the client can penalise the supplier. It sounds crazy, but there are service contracts out there that do that," she adds.
Marks says people have become better at accepting or mitigating risk and that has made it more comfortable to manage the process before signing the contract and during delivery. There has also been a greater focus on delivering best practice and on using methodologies such as ITIL.
"There is a greater understanding that the supplier's business might change during a contract and adjustments need to be made," he says. "We capture details in one engagement and constantly learn from it. With the ongoing threat of new types of security attacks, we've got to be clear that when we identify one risk, the lessons can be applied across all our other engagements," he adds.
So important is the increase of risk, it's something that should be considered at the top level of the business, says KAZ's Richardson. "Information and communication technology is becoming ever more pervasive and more mission critical, and as this happens, dependence on effective risk management increases," he says. "This is a boardroom issue, fair and square."
