Outsourcing your organisation’s IT function (in full or in part) has many benefits but these benefits often go hand in hand with risks. Here we share 5 of the most common IT outsourcing risks and how to handle them:
5 IT Outsourcing Risks To Avoid Or Resolve
#1: Loss of control
IT outsourcing by definition means that you’ll be handing over some of the managerial control of your IT function to an IT services provider. In most cases this is a benefit, it frees your team up to focus on other activities. However, ‘out of sight, out of mind’ is not the desired outcome; instead your provider and their team should really be an extension of your internal team, where you have transparency and visibility over everything that relates to your organisation.
How to avoid losing control? - Make sure all parties understand the parameters of the project; ensure that the services provided are aligned with business and operational goals, and that there is a clear protocol for changing deliverables; have a clear reporting systems and identify exactly what information you need from the provider; promote collaboration between each team.
#2: Loss of skills and knowledge
If you’re considering outsourcing your IT service desk or other operational functions to a IT outsourcing provider, you may be concerned that you’ll lose internal skills and knowledge. This could potentially make it difficult to bring a function back in-house or move to a different IT services provider. Access to skills is actually a motivating factor for outsourcing IT, when your organisation has a skills gap, but it’s an understandable concern when weighing up whether to recruit or outsource.
How to keep skills and knowledge in-house? Identify the most important skills required in-house and ensure you’re investing in training and CPD to keep your IT team up-to-date; investigate whether a hybrid outsourcing model may be appropriate, for example outsourcing 1st line tickets but retaining 2nd and 3rd in-house; consider also whether it would be beneficial for the service provider to work directly with your internal team, helping to upskill individuals and retain skills; ensure the IT service provider continually updates documentation and your organisation’s IT knowledge bank.
In theory IT outsourcing providers could be located anywhere in the world. Many of them are, the offshore outsourcing model is used by many organisations. However, for some organisations there is a risk when the provider is located on the other side of the globe. Time zones, language barriers and the ability to make on-site visits are obvious hurdles that might need to be overcome. Other considerations are the economic and political climate in the region the provider is located, as well as industry and local.
Is geolocation an issue? Be clear about what services you require and how location may affect service levels, and what compromises your organisation is prepared to make. Offshore providers can often be cheaper than onshore companies, but may not deliver the service your organisation requires. Factor in regulatory compliance, including the impact on your organisation’s clients and their governance. Think about the future and whether the provider is able to scale with your business and support development and growth.
#4: Security and compliance
Giving a 3rd party provider, and their employees or contractors, access to your IT systems and infrastructure is not without security risks. However, as well as functions such as IT support, many organisations are outsourcing cyber security and data protection to external providers: who can often do it much better than they can.
Is security a risk? The first step is to address any compliance issues and how working with a 3rd party provider impacts regulations. Then understand exactly what data and systems a provider will have access to, for example if an analyst offers desktop support they’ll potentially have access to corporate data stored on local drives and maybe network shares. Find out what data the provider needs, what they do with that data, how it is used and stored and how they protect it. Do background checks and get confidentiality agreements in place. Check for ISO 27001.
#5: Not aligned with business operations and objectives
Finally, an IT outsourcing risk can be a lack of alignment between the organisation’s day-to-day operations and strategic direction. Some providers are guilty of selling in their services without fully understanding the business and this can result in an organisation not getting value and positive ROI.
How to avoid this risk? Alarm bells should sound if the provider attempts to sell a one-size-fits-all service without first taking the time to understand your requirements, operations and business objectives. Put your IT requirement out to tender with a Request for Proposal to help shortlist providers and identify those that want to develop a strategic partnership with your organisation.
If you would like to discuss IT outsourcing in more detail please get in touch with me for an informal chat.
You may also like to download our discovery document that explores in-house vs. outsourcing options and the benefits of each model. Download our comparison report and discover how to handle the IT risks: