FW moderates an online discussion on current trends in outsourcing between Larry Calabro, a principal at Deloitte Consulting LLP, Alistair Maughan, a partner at Morrison & Foerster, and Joshua Konvisser, a partner at Pillsbury Winthrop Shaw Pittman LLP.
FW: In the current economic climate, are you seeing an increase in companies seeking to outsource certain functions to reduce costs? What advice would you give to companies in terms of developing an effective outsourcing strategy?
Calabro: Outsourcing of non-core business functions has continued to increase in the current environment. However, while the first couple of waves were focused on leveraging the labour arbitrage, suppliers are now looking to outsource greater proportions of a process and have the supplier take responsibility for the business outcomes. For developing an effective outsourcing strategy, a company should address two fundamental dimensions: First, selecting the ‘appropriate processes’ that are ready to outsource, i.e., have a baseline, defined outcome and appropriate documentation. Many critical functions are often deemed core – but if they do not create differentiation in the market, they can be outsourced – for example, 100 percent uptime on a retail website. Secondly, selecting the ‘appropriate/specific provider’ that is able to understand their business drivers and address their core business needs. They should establish a transparent and flexible relationship with the provider and set clear expectations and metrics to measure their effectiveness.
Maughan: Cost reduction has never gone away as one of the main reasons why organisations outsource. It has always been one of the top two items on the list of reasons to outsource – along with ‘raising quality’. Over the past few years, we have seen a lot of outsourcing restructuring projects where the overt target has been to reduce the costs of existing outsourcing transactions. This involves removing some of the higher cost elements and risk factors as part of an informed discussion with an existing outsourcing service provider. Whether in relation to first-time outsourcing, second generation outsourcing or outsource renegotiation, clear understanding and communication of the reasons underpinning a project remain key to developing an effective outsourcing strategy. Embedding that rationale in the business case and outsourcing relationship is a fundamental part of any successful outsourcing project.
Konvisser: Conventional wisdom is that when there is significant economic pressure, companies will look to outsourcing as a way to reduce costs. In fact, the economic climate does drive companies to explore outsourcing. That said, putting in place an outsourcing tends to be itself a material project that needs to be funded. Although one ‘needs to spend money to make money’, when budgets are tight, it actually becomes harder to complete an outsourcing transaction. Moreover, in addition to the project costs for an outsourcing initiative, there is also usually an up-front transition cost that again requires investment in the near-term for mid- to long-term savings. While providers used to be willing to finance this up-front investment into the ongoing rates, increased accounting scrutiny has made this practice less common and, where it is done, the financing charge may not be attractive to the client. In contrast, we have been seeing an uptick in traditional IT investment where incremental automation efforts can bring efficiencies without all of the inherent costs of a transformational outsourcing. In addition, as the economy opens up, we are starting to see a resurgence of outsourcing activity.
FW: How should companies go about selecting the right outsourcing partner? What background checks and due diligence would you recommend?
Maughan: Size matters a lot less than it used to. Selecting the right outsourcing partner is all about fit and feel. It seems like a lifetime ago since we saw full scope end-to-end outsourcing of a range of diverse services to the same outsourcing services provider. Most outsourcings now are targeted to particular sets (towers) of services in which the selected service provider has a great track record in that particular service scope. Obviously, verifying the outsourcing partner’s background and expertise in that tower is essential. We still see clients conduct reference checks with existing clients. It’s important to assess the service provider’s management approach as well as its service delivery history. Also, more than ever, doing suitable financial stability checks is important to make certain that you chose a long-term viable partner.
Konvisser: An adviser can be very helpful in narrowing the field of outsourcing providers. In addition, references are indispensable. One mistake we have seen is that a request for proposal will require the prospective providers to list references, but the client does not actually follow up with the references. These calls can be invaluable as most references—even very positive ones—will identify potential areas of weakness. Clients should also think carefully about the scale of their provider—bigger is not always better – the provider should have sufficient size and scale to address the client issues, but should be of a size that the client will be an important enough account and not become lost.
Calabro: A factor to outsourcing effectively is finding a partner who can execute not only on cost but on business objectives. The vendor should be able to demonstrate the breadth of qualifications in similar situations for that scale. The vendor should be able to relate to the client – industry, process, people – and build flexible models to map to business requirements. It is important for the vendor to demonstrate that they can help reduce ‘total cost of ownership’ as opposed to ‘unit cost’ while maintaining the ability to innovate and improve your applications and processes. Site visits, reference checks outside of those provided by the supplier, and drilling down on industry experience are all very useful. To gauge senior level commitment from the vendor it is important to get beyond the sales team and understand in detail how the delivery team will be structured as well as the team members’ capabilities and fit with the company’s need and culture.
FW: How can providers ensure they deliver quality for their clients and maintain high levels of service to meet client needs? Is it often difficult, for example, to strike a balance between output and quality?
Konvisser: Providers need to be honest with the client and with themselves during the sales and negotiation process. One of the most successful outsourcing programs of which I am aware is one in which the provider said “No, we cannot meet the desired timelines and with the level of quality the client has a right to expect”. While the negotiation was contentious, the result was a program in which the provider is consistently delivering quality work, on time. The provider has earned the respect and trust of the client by being honest, and by being able to deliver on its commitments. This is in stark contrast to programs where the provider has allowed the client to get the provider to commit to timelines and standards the provider cannot achieve, resulting in assured disappointment and failure.
Calabro: The outsourcing providers and buyers should both focus on clearly defining the desired outcomes first and then create appropriate SLAs and metrics that can help achieve those outcomes. It is important to set a combination of output and capacity driven metrics along with metrics that are directly related to relevant business level KPIs. It is important to strike a balance between alleviating cost pressure, resulting in the need to do repeatable work, and at the same time maintaining the ability to truly add value by continuously innovating and engaging in more complex tasks that would ultimately drive larger client impact. Close teaming between the provider and the client, alignment of client’s strategic goals and business objectives with the SLAs, frequent performance reviews and risk-reward frameworks tied directly to quality and productivity rather than just output, are important for an effective outsourcing arrangement.
Maughan: Customers and providers both need to be honest about what they actually want. There is no point a customer prioritising a reliable volume of output whereas the service provider is focused on maintenance of high level of services its key service driver. One of the lessons of the wave of renegotiations that has occurred over the past years has been to focus on what’s really important and prioritise that. We certainly see differences between service providers in terms of their ability to deliver continuous improvement – either in terms of process improvement or technology improvement – but that always comes at a price so it’s important to know at the outset whether that needs to be baked into the service price that the customer is paying.
FW: To what extent do outsourcing providers need to be flexible with their operations as business requirements change? Is it essential to have the ability to react when businesses increase or scale back outsourcing as needed?
Calabro: In the leading relationships, both the buyer and supplier show flexibility and collaboration. If suppliers are not flexible as business requirements change, over time the buyer will justifiably be aggrieved and unlikely to extend the scope or time of the outsourcing. However, the supplier often builds up ‘a factory’ to provide service to the buyer. Factories cannot be shut down or cut in half overnight and without cost, so both sides should be flexible. Joint forecasting can be a strategy to managing changes in scale. Most business needs and changes can be anticipated in time to respond well so if the vendors are engaged in the client’s planning process, the ability for the vendor to react optimally is enhanced considerably. If, along with this, the vendor has the ability to offer a variety of delivery and leverage models, the probability of an effective outsourcing arrangement is very high.
Konvisser: Client requirements, size, and scale will change over the course of an outsourcing relationship. Providers who are flexible and fair with their clients will be well-received and respected. Providers who are inflexible and tightly limit their clients to the terms of the agreement risk creating friction in the relationship which will make ongoing operations more difficult and will make extensions or renewals less likely.
Maughan: Increasingly, flexibility and scalable volumes is becoming an important element of outsourcing. The availability of highly scalable cloud computing solutions is part of the reason behind that – although that is not a solution that applies across the board since cloud largely offers an appropriate solution where the demand is for more commoditised services where the customer can accept what the service provider has to offer. Scalability in relation to highly customised services remains something that requires extra skill and expertise by the outsourcing service provider. Some service providers are better than others at flexing their offerings to meet changed demand circumstances. It’s not always the bigger vendors that are most flexible.
FW: What kinds of sector-specific issues do outsourcing providers need to manage? Are there challenges in achieving regulatory compliance, for example, when delivering services across different sectors and jurisdictions?
Maughan: Within the public sector, there is considerable downward price pressure and also pressure to commoditise services and deliver to standard platforms. The procurement framework is also been tightly managed. Within the financial services sector, banks and insurance companies are facing key regulatory changes, such as Solvency II and Basel III, over forthcoming years and the outsourcing sector needs to cope with the regulatory pressures on its end customers. Across all sectors, the handling of personal data is becoming much more highly regulated as the EU seeks to introduce a new regulation and the levels of fine and penalty for misuse of personal data become significantly greater. Generally, regulators are slow to pick up on new technology channels, whether that be cloud computing or the impact of trends such as the consumerisation of IT.
Konvisser: Outsource providers typically take the position that the client is responsible for managing its own compliance, including the interpretation of the applicable regulations. Of course, the client is ultimately liable for regulatory compliance, except for outsourcings of compliance activities such as tax computation and filing. That said, if a provider is able to facilitate that compliance, that provider gains a competitive advantage. While it may be difficult for a provider to take on the liability of guaranteeing compliance, providers would be well-advised to understand regulations applicable to their target industries and geographies, and to tune their services to facilitate compliance. For example, for a provider providing services to regulated financial services entities in the United States, offering ‘write once read many’ (WORM) data storage may facilitate transactions with clients subject to certain books and records requirements.
Calabro: It is extremely important for an outsourcing provider to bring industry or sector specific perspectives and experiences to the solution due to the variety of regulatory intensities and challenges between industries. Here are a few examples. In the financial services industry, regulators are demanding much stronger vendor management programs in banks. Stronger policies, risk management, and controls testing are at the top of the list, not to mention the security of personal identifiable information (PII), customer data, and analytics. Application outsourcing services for a retailer need to consider how the IT function will integrate with and utilise social media. In energy exploration and production, social media isn’t as important, but asset management applications are critical. Not only does each sector have distinct regulatory and security requirements, there are also differences between on-site and off-shore outsourcing especially when sensitive data is involved.
FW: Advances in information technology, digital data and ‘the cloud’ are having a significant impact on outsourcing activities and services. What IT-related issues do clients and providers need to consider in this area?
Konvisser: As offerings move from dedicated infrastructure to shared infrastructure, clients need to be focused on their security requirements, whether regulatory mandates or otherwise. The cloud provider, rightfully so, cannot change its offering for a specific client because providers’ systems and business models are based on the economies of a shared infrastructure. Thus clients need to evaluate the infrastructure as offered and determine if it aligns with their needs – if not, there is likely another offering that does. Keep in mind that at times more security is required, at a higher cost, but for certain non-sensitive applications, less security is required and a client can reap greater savings from the cloud. Also, because of the shared environment, an audit by one client could actually amount to a security breach for another. However, the provider can invest in certain audits, such as SSAE16 and ISAE3402, that it can conduct one time and use to satisfy the audit requirements of many clients.
Calabro: Advances in cloud, social, mobile and digital data are creating a reality where business solutions are increasingly served by a combination of on-premise software and public subscription-based services, deployed at the point of business impact via mobile devices, augmented with social context, and taking advantage of analytics across structured and unstructured data. Many of these emerging technologies require new skill-sets and delivery models – agile, studio-based, with multidisciplinary teams combining creative, user experience (UX), engineering, anchored by industry expertise. Some of the issues include increased complexity around pricing and contracting (especially vendor and contract management), integration costs, and concerns around data privacy and security. These technology advances also prompt more ‘fee for outcome’ work – changing the way IT services are procured, delivered, and measured. The provider base should be capable in emerging spaces, and in a position to assemble solutions that are much broader – while focused on business services, not just technology services.
Maughan: Cloud solutions are becoming much more embedded as part of a broader range of outsourced service platforms. This obviously has issues on the handling of data and on security. Clients need to understand that cloud involves less control over their own platforms. Remote service offerings require better due diligence, enhanced vendor management, and careful attention to audit rights and practices. Plenty of legal and reputational challenges emerge. Business continuity planning is critical.
FW: What kinds of risks might companies expose themselves to when entering outsourcing arrangements? How can these be managed and mitigated?
Calabro: An outsourcing arrangement entails many risks – short-term as well as long-term. There are risks related to the engagement itself, for example, risk of a failed transition due to poor planning/management or financial risk due to aggressive pricing/missed requirements. Then there are longer-term risks like the risk of sun-setting a new implementation because it moves to low cost operation mode and then it can’t continue to align with business needs or lack of innovation resulting in the need to undertake expensive transformation projects in the future. These risks can be mitigated to a large extent by establishing a strong relationship between the supplier and the buyer, managing the engagement through solid governance and establishing SLAs that are closely aligned with strategic business outcomes.
Maughan: It is really not possible to predict in all circumstances the risks that companies expose themselves to in outsourcing. This needs to be carefully considered in each case. Obviously, the company loses direct control over its own systems and processes but, hopefully, the trade-off is extra quality at a better price point. This needs to be managed by an appropriately sized retained team and governance structure to make certain that the externalisation process does not introduce unacceptable risks.
Konvisser: A fundamental characteristic of outsourcing is the transfer of control from the client to the provider. This means that the risk of service failure to the client’s business is now controlled by the provider. The best way to manage this risk is to properly incentivise the provider’s performance through the one remaining motivational tool retained by the client – money. This can be done both by designing a payment structure that incentivises quality performance, and through the use of service levels tailored toward key business results – rather than the inputs that alone do not drive business results – with appropriate financial credits for failure.
FW: Can you outline the key considerations that need to be made when structuring an outsourcing agreement and drawing up the relevant documentation?
Maughan: An outsourcing agreement is like a jigsaw. It needs to draw together the legal, technical, financial, HR, security and commercial considerations that have been discussed as part of the outsourcing project. It’s important to make certain that the elements of the jigsaw fit together in an appropriate fashion and also that you create something that is going to allow the parties to work together over the course of the forthcoming years. It’s important to create something that is sustainable and not so unwieldy that it becomes inoperable. An outsourcing contract should be a living document. All of the elements ought to work together as an integrated whole. It ought to cover the initial scope but it also needs to be flexible enough to cope with the key changes over the life of the contract, such as acquisitions and divestitures. It also needs to cope with pricing change in a way that convinces the customer that it is likely to continue to receive good value for money and is not going to leave the customer with an expensive white elephant in a few years’ time.
Calabro: While drafting an outsourcing agreement there are some obvious considerations like pricing mechanism, legal areas including IP, indemnifications, risk mitigation strategy in case of poor performance (by the vendor) and operational SLAs. However, there are some other areas that a buyer needs to focus on like – how will the relationship be governed and evolve over time? How does the company maintain some leverage over the supplier during a 3, 5, or 10 plus year relationship? And most importantly, how does the company determine that there will be continuous business alignment, innovation and effective management of their outsourced business processes/applications in order to realise true value out of the arrangement.
Konvisser: The outsourcing relationship is defined by four key components: scope of service (what will be done), service levels (how well it will be done), pricing, and governance/relationship management. These components need to operate in an integrated and holistic fashion to incentivise proper performance by the provider and to ensure that the provider is adequately compensated for the services. The outsourcing agreement needs to adequately address each of these components, as well as provide legal terms and conditions around the relationship. In addition, both providers and clients should focus on three key time periods: transition into the relationship; ongoing run during the relationship (which may include transformation); and disengagement assistance/knowledge transfer at the end of the relationship.
FW: What should companies do to effectively manage and monitor the outsourcing relationship going forward?
Konvisser: The first step is for clients to recognise that they need to affirmatively manage the outsourcing relationship. This may require skill sets that were not required in the company, and may not have been present within the company, prior to the outsourcing. Often new resources with the proper experience are required to manage outsourcings. The monitoring function requires receipt and review of detailed reports, and careful review of invoices. While it may not be appropriate or advisable for a client to raise every potential issue with the provider, the client needs to implement an strategy for intelligent enforcement of the contractual obligations so that the provider complies with the agreement but is not ‘nickel and dimed’, to the point of creating a contentious relationship.
Maughan: Outsourcing relationships work best when proactively monitored and managed. We recommend working in an open framework with a service provider to make certain for example that remedies are applied proactively, that approaches such as ‘fix first, argue later’ are applied when issues arise, that any problems are quickly separated from business-as-usual and are escalated with appropriate speed towards resolution. Letting bad things fester can damage the wider relationship.
Calabro: Since outsourcing relationships are typically long-term, it is important to establish a strong and transparent association between the buyer and the vendor. Setting very clear ground rules upfront and establishing a plan to achieve sustained business value out of the arrangement are critical to the effectiveness of an outsourcing arrangement. At the start of the arrangement, the buyer and the supplier should agree on baselining current state/metrics and set goals for measurable outcomes directly tied to business KPIs. Stakeholders and their roles need to be identified on both sides and there needs to be periodic evaluation of continuous improvement, ongoing innovations and alignment of services being provided back to the business objectives.
Larry Calabro is a principal at Deloitte Consulting LLP in the Technology practice and the Application Management Services National Service Line Leader. With 18 years helping clients in their efforts to get more business value from their technology investments, he has innovated a professional services model for application outsourcing ‘Value Level Management’ that is focused on achieving client outcomes. He can be contacted on +1 (703) 251 3777 or by email: email@example.com.
Alistair Maughan is a partner in the London office of Morrison & Foerster. He is co-chair of the Technology Transactions Group and a member of the Global Sourcing Group. Mr Maughan focuses on outsourcing and technology-based projects for major companies and public sector organisations. His primary areas of expertise include advising on outsourcing transactions (both IT and business process-driven; and both on-shore and offshore); negotiating contracts for the supply and acquisition of technology equipment, services and software; advising on data security and data privacy; advising on issues and contracts related to e-commerce; counselling public bodies on procurement policy and procedures; and drafting, negotiating and advising on all types of technology contracts and issues. He can be contacted on +44 (0)20 7920 4066 or by email: firstname.lastname@example.org.
Joshua Konvisser is a partner at Pillsbury Winthrop Shaw Pittman LLP. He represents clients in sophisticated technology transactions. Mr Konvisser's experience includes representing vendors and customers in complex sourcing and technology transactions such as information technology and business process outsourcing; computer software and systems transactions; technology transfers and distribution agreements; software licensing, marketing and development agreements, and cloud-based agreements. He also supports the firm’s e-discovery team by managing sourcing projects for firm clients as they evaluate and contract with e-discovery vendors for sophisticated services relating to collection and processing of electronically stored information. He can be contacted on +1 (212) 858 1027 or by email: email@example.com.
© Financier Worldwide
Deloitte Consulting LLP
Morrison & Foerster
Pillsbury Winthrop Shaw Pittman LLP