Organizations all around the universe are progressively following the activity of outsourcing their IT map to service suppliers. However, the determination to outsource IT undertaking is non an easy undertaking. The hazard will largely impact the organisations as opposed to service supplier. Therefore, it is of import for the directors to pull off this activity. This paper presents how organisations manage their determination to outsource IT undertakings. Mixed method was used to garner the information sing current patterns. The analysis revealed that some organisations did non hold structured procedure to come up with the right determination to outsource. In the other manus, some of them assessed the hazard associated with the determination to outsource. The analysis of the findings was so used as a footing of the proposed model of Risk Management in Decision to Outsource IT Project. The proposed model can move as a guideline to assist organisations in doing the determination to outsource every bit good as measuring and pull offing hazard associated with the determination to outsource IT undertaking.
Keywords-risk direction ; determination to outsource model ; IT outsourcing ; hazard direction activities
IT outsourcing has become the popular operation theoretical account throughout the universe because the benefits are clear. Through IT outsourcing, organisations are able to concentrate on nucleus countries [ 15 ] [ 9 ] , cut down cost [ 4 ] , and better strategic place and addition competitory advantage [ 15 ] .
Malayan authorities besides takes this chance and has been actively affecting in IT outsourcing and doing its manner to go a cardinal participant in the planetary outsourcing sphere [ 8 ] . A research done by AT Kearney [ 2 ] shows that there is traveling to be more emphasize on IT outsourcing in the hereafter. However, organisations should recognize that IT outsourcing comes together with hazards. These hazards if non managed will impact the organisations public presentation. Therefore, it is of import to do certain that IT outsourcing is the right determination for the organisations. Hence, it is of import to find the activities undertook by organisations in order to analyse what activities contributes to success or failure in the determination activity.
This paper first nowadayss debut to put on the line direction in determination to outsource and methodological analysis. The findings from empirical and explorative survey are so presented. It is so followed by the description of the proposed model.
Risk Management in Decision to Outsource
Smith et Al. [ 10 ] defined IT outsourcing as the usage of external bureaus to treat, manage and maintain internal informations to supply information-related services. Meanwhile, IT outsourcing every bit defined by Dhar and Balakrishnan [ 15 ] is an act of deputing or reassigning some or all of the IT related determination devising rights, concern procedures, internal activities and services to external suppliers. Suppliers will develop, manage and administer these activities in conformity with agreed upon deliverables, public presentation criterions and end products, as set Forth in the contractual understanding [ 15 ] .
Powell and Klein [ 6 ] refer hazard direction as a procedure of choosing a class of action which provides an acceptable balance between likely benefits and exposure to hazards. Risk direction as defined by Kliem [ 12 ] is the procedure of reacting to an event that offers negative or positive effects. It is the procedure that involved hazard appraisal, hazard analysis, hazard extenuation and hazard control [ 1 ] .
Before IT outsourcing take topographic point, organisations should intentionally carry on their determination to outsource. The determination to insource or outsource has ne’er been an easy undertaking for those involved in the decision-making procedure [ 3 ] . Therefore, it is of import for the organisations to place and pull off hazard every bit early as possible to do certain that the hazard appear can be manages therefore increase the likeliness of the undertaking success. McCormack [ 7 ] and Venkateswar [ 11 ] mentioned that there have been figure of instances where outsourcing has had a negative impact due to miss of clip spent in the early phase.
Many things should be taken into consideration in order to guarantee that IT outsourcing is the best determination taken to let organisations concentrate on nucleus countries, cut down cost, better strategic place and addition competitory advantage. Research workers suggested that the determination to outsource should travel together with carry oning cost/benefit analysis ( CBA ) [ 13 ] and formulating realistic and accomplishable end [ 15 ] . Other things that should be considered in order to cut down hazard include the figure of service supplier to be involved in the IT undertaking and the type of relationship with them [ 14 ] [ 15 ] .
There is a batch of research done to guarantee the organisations are doing the right determination to outsource IT undertaking. However, some of the spreads in this country include limited research on puting up the hazard direction in IT outsourcing commission, deficiency of hazard direction patterns and limited guidelines that have construction flow [ 5 ] [ 9 ] . Therefore, this paper used assorted method techniques to research the current patterns of pull offing hazard in determination to outsource. Complement with best patterns from literature, the model of pull offing hazard in determination to outsource is proposed.
The aim of this paper is to suggest bit-by-bit guidelines in pull offing hazard in determination to outsource IT outsourcing undertaking. In ability to make that, the research first behavior empirical survey on how organisations in Malaysia conduct their analysis of determination to outsource. Towards recognizing the study, a set of questionnaire was prepared. The questionnaire has been validated with 10 organisations to corroborate its rightness and cogency. The questionnaire was so refined and distributed to 300 organisations with 30 % returned answer including from public and private organisations. After informations aggregations were completed, the variables were tested to see their dependability. The value of Cronbach ‘s Alpha is 0.969 which indicate that all the variables are consistent and dependable.
The interviews were so conducted with 9 organisations. The purpose of this exploratory survey was to look into in deeply how organisations in Malaysia come up with the determination to outsource. To carry through the aim, the organisations were asked inquiries sing how they performed their initial analysis, how the determination to outsource was made, who is responsible in doing the determination and is at that place any specific theoretical account or theory that were used in order to assist the decision-making procedure. Such geographic expeditions can assist others to understand the patterns that should be followed and the patterns that should be avoided in order to pull off hazard in determination to outsource. The analysis of both empirical and explorative findings is described in the following subdivision.
Analysis and Finding
From the study, the undermentioned findings are presented and discussed in the following subdivisions. The first subdivision discussed consequences of empirical determination and the 2nd subdivision discussed the consequences of explorative findings.
Consequences of Empirical Findingss
Some organisations did carry on hazard direction in IT outsourcing undertakings. However, since there were limited criterion guidelines and model to be followed, they were holding jobs. Therefore, there is a demand to place how precisely organizations pattern hazard direction in IT outsourcing undertakings so that the failings in current patterns can be improved. To make this, there is a demand to measure the organisations current hazard direction activities in IT outsourcing patterns. From the consequence, exposures in current patterns were identified, therefore, future sweetening can be proposed. Table I shows the hazard direction activities as practiced in IT outsourcing.
the hazard direction activities practised in it outsourcing
Select and understand the map to be outsources
Cost benefit analysis ( CBA )
Puting up realistic range
Puting up realistic agenda
Puting up realistic budget
Execution of control
Definition of range of hazards
Assign of duty
Designation and rating of the effectivity of current control
Continuous review/feedback on hazard direction schemes and public presentation
Regular coverage to senior direction
Hazard prioritization and choice of hazard that need active direction
Control effectivity measuring
Provide lesson learned
Risk Management Plan certification
Choice of control
Hazard ranking rating by hazard direction coordinator
Control recommendation rating by hazard direction coordinator
CBA of turn toing hazard
CBA rating by hazard direction coordinator
Service supplier as portion of hazard direction commission
Engagement of stakeholder in the hazard direction program ( RMP )
Risk direction commission creative activity
Determine the figure of service supplier
Table I shows the highest ranking of the patterns is to choose and understand the map to be outsourced. From the determination, it can be concluded that organisations earnestly pay attending on the choice of the map to be outsourced and understand the map before it is outsourced. It is believed that this action can future cut down the hazard of outsourcing broken map. When the organisations understand the map, it is easier for them to pull off the map.
CBA was extremely conducted as depicted in Table I. It might due to the fact that organisations should fix the budget program that should include the CBA of the peculiar map. From Table I, the 3rd, 4th and 5th ranks are puting up realistic range, agenda and budget. This is a good pattern since these demands are basic demands while suggesting a undertaking. With this findings, it shows that organisations are working up to put realistic range, agenda and budget to guarantee that their undertakings are deliverable within range, clip and cost.
Even though Table I shows that organisations largely performed CBA, the tabular array besides shows that the patterns of CBA of turn toing hazard and CBA rating by hazard direction coordinator are ranked low. This determination might bespeak that some of the organisations did non execute hazard direction therefore omitted these patterns. Table I besides shows that the patterns of hazard direction commission creative activity and service supplier as portion of hazard direction commission are ranked low. This might bespeak that some organisations did non value the importance of making the hazard direction commission for addition the potency of hazard direction in the undertaking and hazard sharing elements with the engagement of service supplier as portion of their commission. From Table I, it can be seen that the engagement of stakeholder in the RMP is besides low. This might due to the low patterns of hazard direction itself that limit the creative activity of RMP therefore cut down the engagement of stakeholder in the RMP.
The last ranking of the hazard direction patterns is determine the figure of service supplier as shown in Table I. This determination might demo that organisations did non recognize the hazard when they are non able to make up one’s mind the figure of service supplier that will be involved in their undertaking. They should be clear with the figure of service supplier because early planning will ease the coordination if multivendor construct is used. The consequence shows that some of the best practises as proposed by other research worker is omitted by the oranizations. This weaknesses invite job subsequently on in the IT outsourcing activity. Therefore, best practises from the current state of affairs would function as the footing of building the model. Meanwhile, the exposures of the current patterns will be taken into history while developing the model to function as the consciousness so that the errors will non go on in the hereafter.
Consequences of Exploratory Findings
From the analysis, some administrations appreciated hazard direction practises as a tool to assist them to cut down hazard in any undertaking. Some administrations had high consciousness of the importance of hazard direction. In the contrary, one administration admitted that it was hard to derive the support from the top direction to rehearse hazard direction in IT outsourcing. Still, the director was working hard to increase the consciousness of the importance of hazard direction in IT outsourcing. Meanwhile, the other administrations mentioned that they had the consciousness of the importance of hazard direction. Nevertheless, due to certain restraint, they still did non rehearse hazard direction.
Based on the analysis, there were few failings in the practises that were able to be identified. It include some of the administrations did non reexamine the ends and aims of the undertaking. One administration mentioned that they did non reexamine the ends and aims because they believed that the user had came up with realistic and accomplishable ends and aims and their engagement were unneeded. A few administrations mentioned that they did non to the full understand the undertaking. Therefore, it was hard for them to clearly specify their demands and demands. As a effect, the undertaking was harder to be managed because they themselves did non understand the undertaking.
The analysis besides revealed that some of the administrations did non carry on CBA. As a effect, the appraisal of cost involved in the undertakings was hard to be calculated. Without the cost appraisal, service supplier could bear down the undertaking with high cost. It was besides easy for the undertaking cost to increase since the administrations did non hold the mechanism to command the cost.
From the analysis, some administrations conducted hazard direction activities in IT outsourcing. The remainder of the administrations had high consciousness on the importance of hazard direction. However, due to inaccessibility of hazard direction in IT outsourcing guidelines, it was hard for them to pull off the hazards. Some of the administrations admitted that they omitted the hazard designation procedure due to clip restraint. One of the hazard direction activities included carry oning CBA for control that has been recommended. The analysis revealed that non many administrations conducted CBA for the control recommended. As a consequence, some of the control that has been recommended cost higher than it should.
Outsourcing can be considered as comparatively new in Malaysia. Therefore, the proper guidelines to be followed are in limited figure. Therefore, based on the current patterns, exposures will be identified and best patterns will be examined. Based on the determination and the extra of background theory, model of pull offing hazard in IT outsourcing undertaking is proposed. The item description of the model is explained in the following subdivision below.
The Framework of Risk direction in Decision to Outsource IT Project
This subdivision describes the bit-by-bit guidelines to pull off hazard in IT outsourcing undertaking. The analysis revealed that the patterns of hazard direction commission creative activity had non been given adequate attending. This limit the ability of the organisations to place hazard in IT outsourcing undertaking. In order to pull off hazard in the determination to outsource, this model proposes the creative activity of Risk Management IT Outsourcing Committee ( RMITOC ) . This commission will dwell of Risk Management IT Outsourcing Board ( RMITOB ) and Risk Management IT Outsourcing Steering Committee ( RMITOSC ) . This commission will be responsible to measure and measure whether IT outsourcing is the best option for their organisation. They will besides be responsible to place, buttocks and manage hazard in IT outsourcing undertaking.
In order to pull off hazard in determination to outsource, this model proposes four chief stairss viz. create concern instance, hazard appraisal on concern instance, hazard IT outsourcing intervention and petition for proposal. The item description for each measure is as follow.
For each IT undertaking proposed, the user should make concern instance. In order to clearly specify the undertaking demands, concern instance should incorporate the undermentioned information:
Introduction: To briefly depict the organisations ‘ background so that service supplier knows with whom they will be covering with.
Undertaking Goal and Objective: To clearly clear up the ends and aims of the system. The analysis revealed that this pattern is less considered therefore doing it hard for the organisations to put the accomplishable and mensurable criterion. Therefore, it is of import to include this component in the concern instance clearly.
Analysis of Current Situation: To analyse current state of affairs and hazard associated with it. In concurrence with the acceptance of Transaction Cost Theory ( TCT ) , the user should analyse their labour specialisation, dealing type, menace of self-interest and uncertainness of the undertaking.
Impact of the Undertaking: To guarantee the proposed undertaking conveying important positive impact to the organisations.
Analysis of Option and Recommendation: To analyse available option and effects of each option.
Preliminary Project Requirement: To depict the demands of the undertaking.
Budget Estimation and Financial Analysis: To gauge the budget for the undertaking. Fiscal analysis should include the cost required to develop the undertaking.
Schedule Appraisal: To gauge the agenda of the development of the undertaking.
Potential Hazard: To place the possible hazard associated with the proposed undertaking. This component is proposed in the concern instance in concurrence with the patterns of identifying and managing hazard in IT outsourcing undertaking.
Risk Assessment on Business Case
Business instance that has been prepared should be assessed by RMITOC. There are three cardinal procedure involved in this measure viz. assessment on current state of affairs, determination to outsource and put on the line IT outsourcing appraisal. The item description of each measure is described below.
Appraisal on Current Situation: In the concern instance, user has come up with the analysis of option. Therefore, in this measure, the RMITOC will reexamine the available option and compare it with analysis of current state of affairs. Previously, the organisations admitted that they have no theoretical account to assistance in the decision-making procedure. Therefore, in order to better the state of affairs in the decision-making procedure, this model proposes the adaptation of TCT. The version of TCT will let the RMITOC to do the determination to outsource or develop the undertaking in-house based on appraisal of current state of affairs by measuring four concept viz. economic systems of graduated table, dealing type, menace of self-interest and uncertainness. Table Two shows the appraisal of current state of affairs based on the four concepts and the impact of outsourcing to the undertaking.
proposed outsourcing determination based on dealing cost theory
Appraisal on Current Situation
Impact on the Undertaking
Concept: Economies of graduated table
Both organisation and future service supplier do non hold the required cognition and accomplishments
If the undertaking is outsourced, organisations will confront more hazard due to serve supplier ‘s deficiency of cognition and accomplishments. Organizations will besides incur the cost of covering with service supplier.
Organization has more cognition and accomplishment than future service supplier
Economies of graduated table is achieved by develop the undertaking in-house due to labour specialisation.
Service supplier has more cognition and accomplishment than organisation
Organizations can take the advantage of economic systems of graduated table from service supplier by holding labour specialisation.
Both organisation and future service supplier has knowledge and skill
More economic systems of graduated table gained by utilizing larger scale labour specialisation.
Concept: Transaction type
High plus specificity
The undertaking will incur higher coordination cost if it is outsourced because monitoring is required due to high uncertainness. Future service supplier might non hold effectual economic systems of graduated table because the ability to re-use the cognition, accomplishment and resources among multiple clients diminution.
Low plus specificity
Low coordination cost if the undertaking is outsourced.
Service supplier can accomplish economic systems of graduated table by recycling the cognition, accomplishment and resource.
Concept: Menace of self-interest
Small figure of service supplier
If the undertaking is outsourced, the chance of service supplier to act opportunistically is high. Therefore, monitoring is required therefore increasing the coordination cost. The organisation might besides lose the power to deal.
Many service suppliers
Less menace of self-interest in outsourcing because self-interest is merely a menace will little figure of service supplier ( Williamson, 1996 ) .
With high uncertainness, organisation might incur more coordination cost if outsourcing takes topographic point in order to guarantee the service supplier behaves consequently.
Less coordination cost because more information is known and easier to supervise the service supplier if outsourcing take topographic point.
2 ) Decision to Outsource: From the analysis of current state of affairs, the organisation can continue with their determination to outsource if they can accomplish economic systems of graduated table or benefiting from the economic systems of graduated table achieved by the service supplier, the undertaking is categorized as low plus specificity, low menace of self-interest and low degree of uncertainness. Once the determination to outsource has been finalized, RMITOC should carry on hazard in IT outsourcing appraisal.
3 ) Hazard in IT Outsourcing Assessment: The consequence of the analysis revealed that the patterns of hazard appraisal in the organisations are low. Therefore, the ability to measure hazard is reduced. To get the better of the failings, in this measure, the model proposed that RMITOSC to place and measure the hazard associated with the determination to outsource. The procedure of this measure is described in item below.
Hazard IT Outsourcing Identification: RMITOC will garner in a meeting. They will specify the range of the undertaking every bit good as the range of the hazard to be identified. The methods for placing hazard include checklist, brainstorming, interview, questionnaire and analyze historical informations. They should so categorise the information.
Hazard IT Outsourcing Analysis: In this measure, the RMITOSC should analyse the hazard by finding the likeliness and impact of the hazard.
Hazard IT Outsourcing Prioritization: RMITOSC should rank the hazard harmonizing to its impact and likeliness of happening.
Hazard IT Outsourcing Handling Strategy: RMITOSC should specify the hazard managing scheme and make up one’s mind whether to accept, avoid, reassign or extenuate the hazard
Control Recommendation and CBA: RMITOSC should place current control available and place the effectivity of the current control. If the current control is non effectual, RMITOSC should so come up with the new control and behavior CBA for each of control recommended
Issue Risk Assessment Form ( RAF ) : RMITOSC should include all the information associated with the hazards that have been identified in a signifier called Risk Assessment Form ( RAF ) . In the RAF, the information that should be included are risk class, hazard factor, hazard description, country affected, impact, likeliness, hazard degree, hazard managing scheme, control recommendation and CBA.
RAF rating: The RAF will so be submitted to the RMITOB. They will be responsible to measure and measure the information that has been provided in the RAF. If the RMITOB do non hold with the recommendation, RMITOC should remake the hazard IT outsourcing analysis measure. If all the recommendation has been agreed, the RMITOB will delegate the cardinal forces that will be responsible to pull off the hazard. The RAF will so be send back to RMITOSC.
Document Risk Management Plan ( RMP ) : All the information gathered from the RMITOB will be included in another signifier called Risk Management Plan ( RMP ) . This signifier should incorporate all the information in the RAF with the extra information such as control measure/ safeguard chosen, forces in charge, start/completion day of the month and position. The RMP should be included together as portion of the concern instance.
Hazard IT Outsourcing Treatment
Some of the organisations mentioned that they did non have the support from the top direction. Therefore, the debut of this measure allows the engagement of top direction. Their engagement will guarantee that hazard direction is being applied at all degree in a peculiar organisation. In this measure, the concern instance will be submitted to the top direction. They will reexamine the RMP. If they do non hold with the RMP, RMITOSC will reexamine the hazard IT outsourcing analysis measure once more. If the top direction approves the RMP, the RMITOC will continue with the hazard direction IT outsourcing execution where the control recommended will be implemented. They will besides be responsible to carry on hazard direction IT outsourcing monitoring to supervise the effectivity of control undertaken, supply lesson learned and carry on regular coverage to exceed direction. If the concern instance is rejected and necessitate some amendment, RMITOC will carry on the hazard appraisal on concern instance once more. If the overall concern instance is accepted, the RMITOC can continue with the following measure: Request for Proposal ( RFP ) . The item procedure of RFP is every bit described in the following paragraph.
Request for Proposal
This model proposes two procedures that should be taken in the RFP measure in order to pull off hazard viz. fixing the RFP and publishing the RFP. The item description of each procedure is described below.
Fixing the RFP: RFP contains statements of the organisation ‘s demand. The procedure of composing the RFP can assist the RMITOC to clearly clear up their demands. Therefore, this measure allows the RFP to be clearly written to cut down ambiguities in the demands. RFP is of import as a readying to service suppliers so that they can come up with the right demands as per requested by the organisations. The RFP that is clearly written will every bit good ease the procedure of reexamining them. Therefore, this model proposes that RFP be divided into four subdivisions.
The first subdivision is the debut that will move as a subdivision for the RMITOSC to depict the organisation ‘s background information, the features of the undertaking and the proposal rating standards. The 2nd subdivision is proficient demand. It will incorporate basic demand that will specify the basic features which service supplier should hold in order for them to win the contract. The model suggests that the RMITOSC petition for the undermentioned information: basic enfranchisement, experience, proficient staff, repute and public presentation, ability to accommodate to latest engineering, patterns of standard, policy and process, patterns of security, catastrophe recovery program, the use of subcontractors and hazard analysis. The information requested is really of import to be reviewed because the literatures have revealed that these elements contribute to put on the line in IT outsourcing. The analysis besides revealed that deficiency of this information can increase hazard in IT outsourcing. Therefore, in order to cut down the hazard in IT outsourcing, these information should be reviewed.
The 3rd subdivision is fiscal demand. It should incorporate information on how the RMITOSC would wish the service supplier to specify their fiscal status. The 4th subdivision should depict the direction for the format and content of the proposal. The RMITOSC should advert to service suppliers that failure to run into the format and content of the proposal will restrict their opportunity of winning the contract.
Publishing the RFP: Once the RFP is completed, RMITOC will publish the RFP to the prospect service supplier. The analysis revealed that there are several ways available in order to publish RFP viz. unfastened RFP, restricted RFP and direct dialogue. Once the RFP has been issued, RMITOC will have the proposals submitted by the interested service supplier.
The assorted method used in this paper allow for the probe of the patterns undertaken by the organisations in order to pull off hazard in the determination to outsource. The empirical analysis revealed that some organisations did non hold hazard direction commission, did non include service supplier as portion of their hazard direction commission and did non affect stakeholder in the hazard direction program. The explorative analysis revealed several failings including some of the administrations did non reexamine the ends and aims of the undertaking, some of the administrations did non carry on CBA. The analysis besides shows that some administrations conducted hazard direction activities in IT outsourcing. The remainder of the administrations had high consciousness on the importance of hazard direction. However, due to inaccessibility of hazard direction in IT outsourcing guidelines, it was hard for them to pull off the hazards.
The findings were so used as the footing for the development of the model. The proposed model can function as a guideline so that organisations are able to take a structured attack in order to do informed determinations sing the future way of their IT outsourcing undertakings.