| Outsourcing - the business continuity implications Russell Flower considers how business continuity managers keep control of the risks in an outsourcing environment. You don’t have to look far to see that IT outsourcing is experiencing a boom at the moment. The figures from IT consultancies and analysts all reflect the vigour with which private giants and public sector agencies are embracing the operational benefits outsourcing brings. And wisely too. Research shows that there is much to be gained from a selective IT outsourcing strategy. In Europe 50 percent of IT directors from industries that include retail, banking, insurance and the public sector say that selective outsourcing is the most effective way to reduce costs and improve performance. 17 percent say it brings value for money and 24 percent state that it guarantees their service levels. IT directors also believe that turning to outsourcing removes regular interruptions, enables greater focus on the job in hand and provides access to a wider skills pool. And it’s not just IT that’s being outsourced. All manner of business processes, from call centres to insurance claims processing, are being off-loaded to managed services specialists. But regardless of the operation, the benefits of outsourcing may be diluted if directors do not carefully consider how the existing business continuity plan could be affected by outsourcing strategies. That’s because outsourcing operations can actually add to the risks the company is exposed to in a number of ways. Firstly, outsourcing a business operation introduces a new interface between which information and resource flows. This interface must be managed well to ensure the systems the business relies upon for decision making, supply and demand rates and cash flow analysis are accurate every time. Of course this interface is not infallible. Anything that hinders accurate information exchange such as system or network downtime can have a dramatic effect on operational performance. Coupled with this is the issue of security. Be it user privileges or a hacker penetrating the outsourcer’s systems to obtain critical intelligence or expose customer data, these threats still exist in the partner organisation. Just because an operation has been outsourced it doesn’t mean the risk has been outsourced too. In fact the system interfaces might exaggerate the risk exposure. And it’s important to remember that this ‘risk transfer’ applies to non IT risks as well. Intangible assets can be harmed too. Take for example the brand image and how it influences reputation with customers, suppliers and shareholders. If the outsourcer manages customers for example, will every customer receive the ‘x brand’ customer experience? All these risks and more can be managed. But the proficiency to which these threats must be managed cannot be achieved without consultative intervention from the business continuity manager. So how can a BCM intervene and support the outsourcing strategy? One way for the BCM to manage the business continuity practices of outsourcers, or suppliers and partners for that matter, is to be known not just as a practitioner of business continuity but as the in-house BC consultant too. Providing an open door for directors and project managers to seek consultancy about how their plans will impact risk exposure will be vital to retaining control of business continuity plans. It will also ensure the BCM gathers the intelligence required to update the business continuity provisions and ultimately maintain the plan’s integrity. After such reviews the BCM will be in a good position to direct new rehearsal procedures. Successful rehearsals are pivotal to any business continuity invocation. Unless rehearsed and refined no business continuity plan is worth its weight in paper. A dummy invocation makes sure all expected risks can be managed effectively and helps identify the weaknesses in the plan that must be addressed. Rehearsal will also help to manifest a very important quality in the culture – a respect for risk. Risk must be an integral part of all decisions made by all employees. By manifesting an attitude to risk, project management teams should naturally incorporate the risk element into all plans and proposals. They should also identify risk management as a desirable quality to look for in any supplier or partner. This is crucial when adopting partners that appreciate the need for thorough risk management and are therefore willing to participate in business continuity planning and testing. In house the BCM should find ways to raise his/her profile with all employees. One way to achieve this is through training programmes that reinforce the importance of selecting partners that actively incorporate risk management in their day to day operations. Another opportunity to raise the importance of business continuity would be to alter existing training programmes so that they incorporate risk management. So for example ensuring project management courses consider the impact of risk, how a change in the status quo can influence the company’s exposure and why introducing new practices and personnel can influence change in high level business continuity plans. One thing is certain. All of the elements needed to manage business continuity in working partnerships rest on communication. Continuously communicating changes in operating structure, project plans and testing is imperative for success. And the same must follow for business continuity. Two way communication of changes to business continuity plans, the need for changes to business continuity plans, and changes to invocation procedures will be imperative if financial, reputational and operational integrity are to be upheld. Making sure these best practices are impressed upon providers and those that manage them will help make for stable and secure partnerships. Russell Flower is managed services director at Synstar.
•Date:
5th December 2003 •Region: UK / Worldwide.•Type:
Article •Topic: BC
general |
