Assessing the Risk of IT Outsourcing

Ce texte porte sur l'évaluation du risque d'impartition des services informatiques. Le risque est défini ici comme étant fonction d'événements indésirables pouvant résulter d'une décision d'impartir, et des facteurs pouvant mener à ces événements indésirables. La théorie des coûts de transaction et la théorie de l'agence servent de base théorique à l'identification des principaux facteurs de risque. Les événements indésirables sont identifiés à partir d'une recension des écrits sur l'impartition des services informatiques.Outsourcing decisions, and contractual arrangements of the type required by an IT outsourcing deal, entail risks. This is not to say that outsourcing is bad in itself. It only means that, as in other risky business ventures such as new product development, capital investments, and IS projects, risk assessment and risk management are important contributors to the success of an IT outsourcing venture. This paper focuses on risk assessment. After providing a brief conceptual definition of risk, the paper reviews the empirical literature in order to identify the0501n undesirable outcomes that may result from an IT outsourcing deal. It then uses transaction cost and agency theory as a primary theoretical basis, and proposes a framework for categorizing risk factors which have been identified in the literature. Finally, the paper discusses the dynamics of risk, by examining how the various risk factors are linked to the undesirable outcome

Development of a Risk Assessment Model for Global Information Technology Outsourcing

Global Information Technology (IT) outsourcing has been recognized to have important potential benefits. However, researchers and practitioners also recognize potential risks involved in global IT outsourcing, which sometimes lead to undesirable consequences. This paper develops a model to assess risks in global IT outsourcing. Specifically, this paper begins by identifying global IT outsourcing risk factors by considering the national infrastructure, organizational infrastructure, and project environment. Second, a Global IT Outsourcing (GITO) engagement model for risk assessment is developed to logically link all these risk factors together. Third, one quantifiable approach based on a relative-weighted assessment model is presented to demonstrate how the risks in the GITO engagement model can actually be measured and assessed. Such an overall measurement of global IT outsourcing risks establishes a reference point for assessing global IT project outsourcing risks, and will assist managers to enhance global IT outsourcing’s effectiveness and realize its vast potential. This paper will also benefit high-level decision makers including executives, policy planners, and managers working on decisions regarding global IT outsourcing, such as decisions on selecting an outsourcee country with a lower level of risk

The Impact of Global Outsourcing on IT Providers

This article examines the impact of Global IT Outsourcing on Information Technology (IT) firms from the off-shore sourcing perspective. IT Providers are defined in this article as companies that produce IT as opposed to companies that consume IT. To assess the impact of outsourcing on such companies, this article presents an Enterprise Architecture (EA) view of IT and uses it as the framework to determine the impact of outsourcing. The three dimensions of Enterprise Architecture include people, process and product and/or services. The article argues that if the sourcing decisions are based purely on short term goals such as cost, then the long term viability of the IT firm may be compromised. Lack of an IT development model and lack of IT metrics makes it difficult for IT Providers to truly plan and manage the off-shore resources. This article suggests that shorter development cycles, requirements volatility, and the need for constant developer-user interaction makes off-shore outsourcing more difficult. To address these challenges, organizations should develop metrics and governance practices based on experience. This article also proposes that the type of product or service is critical in addressing the decision to outsource. The higher the intellectual (or proprietary) content, the higher is the risk when outsourcing. This article presents two simple frameworks, one for assessing the benefits and risk of outsourcing for IT infrastructure services and the other for IT applications. IT Providers are advised to pay particular attention to the life cycle model of off-shoring where early gains give way to a learning and adjustment phase. If the IT firm successfully develops a rich experience base and adjusts the off shore model, then sustained benefits can be realized

Managing IT outsourcing risks: the case of large organisations in South Africa.

Masters Degree. University of KwaZulu-Natal, Durban.Information technology (IT) is significant to achieving business objectives. Despite the significance of IT to the business, organisations are outsourcing the whole, or part thereof, of their IT department to reduce cost and focus on the core of their business. The outsourcing of IT, however, comes together with risks such as vendor lock-in, loss of control and information breaches that could lead to IT outsourcing (ITO) failure. If these risks are not properly identified and managed, organisations will remain vulnerable. While studies have been conducted on ITO and risk management, very few have conducted exploratory research to address how to manage the risks of ITO. Hence, using a qualitative approach, this study explored how large organisations manage the common risks of ITO. These risks are the operational risk, business continuity risk, data privacy risk and compliance risk of the IT Service Provider (ITSP). The study further explored the impact of these risks on large organisations and the mitigating controls organisations can have in place to reduce their impact and likelihood of occurrence. Interviews, which were recorded, was conducted with 12 experts from two large organisations in South Africa. The recorded interviews were transcribed, coded using NVivo software and analysed using thematic analysis. The main themes of this study were governance, develop ITO risk profile, ITSP audit, risk treatment, and assurance. Findings show that organisations need to constitute a Risk Management Committee with a substantial level of experience in the management of risks and ITO. This is to ensure the effective identification, assessment and treatment of ITO risks. Furthermore, the constituted Risk Committee must conduct verification exercises to identify the inherent risks of ITO. They must also conduct maturity assessment and business impact analysis (BIA) in assessing the probability of occurrence and impact of ITO risks. The Committee must establish technical and administrative controls in mitigating the risks of ITO. The findings further show that organisations must integrate risk governance and assurance polices in their ITO risk management strategy to continuously monitor residual risks and identify potentially new risks. A governance Framework for IT Service Provider Risk Management (ITSPRM) that may serve as a guide in the effective management of ITO risks was also developed and presented

Sukuk dan wakaf bagi majukan Kampong Bharu

Sejak berkurun lamanya, filantrofi telah memainkan peranan penting dalam menyumbang kepada meningkatkan kebajikan seluruh manusia di muka bumi ini. Dalam konteks ini, wakaf merupakan penyelamat yang mampu menyediakan pelbagai kemudahan untuk rakyat yang memerlukan. Wakaf dapat menjadi sebagai benteng yang kukuh menyelamatkan umat daripada hakisan sosial dan juga ekonomi. Apabila dana wakaf dikumpul dan digunakan dengan sebaik-baiknya, berbagai bentuk pembangunan ekonomi boleh dilakukan dengan menggunakan pendanaan melalui wakaf

Managing the Risk of IT Outsourcing

While it can bring several benefits, IT outsourcing entails some risks. As it is the case in other types of investments or business ventures, the risk associated to an IT outsourcing project must be evaluated and managed. This paper proposes a framework for the management of IT outsourcing risk, and assesses the usefulness of the framework using data gathered about two cases of system development outsourcing. After providing a conceptual definition of risk and of risk exposure, the paper presents the proposed risk management framework. The two cases are then described along with the evaluation of the level of risk exposure of each, and the risk management mechanisms that were included in the contracts. The results of the study suggest that by charting the various items that contribute to risk exposure, and by specifically applying the appropriate mechanisms that can target the elements with the higher levels of risk exposure, outsourcing risk can be adequately managed. L'impartition des services informatiques, même si elle peut entrainer de nombreux bénéfices, implique un risque. Comme tout type d'investissement, ce risque doit être évalué et géré. Cet article propose un cadre d'analyse pour le risque d'impartition des services informatiques, et évalue ce cadre à l'aide d'une étude de cas. Ce cas présente deux décisions d'impartition de services informatiques, dans le domaine de l'assurance. Le niveau de risque de chaque décision est évalué et les mécanismes permettant de gérer ce risque sont présentés. Les résultats montrent que, en détaillant les facteurs de risque et les événenents correspondants, il est possible de cibler les éléments les plus risqués et de réduire le risque à un niveau acceptable.Outsourcing of IS, IS risk management, agency theory, transaction cost economics, case study, Sous-traitance des systèmes informatiques, gestion du risque des systèmes informatiques, théorie de l'agance, économie des coûts de transaction, étude de cas

A decision-making approach for investigating the potential effects of near sourcing on supply chain

Purpose - Near sourcing is starting to be regarded as a valid alternative to global sourcing in order to leverage supply chain (SC) responsiveness and economic efficiency. The present work proposes a decision-making approach developed in collaboration with a leading Italian retailer that was willing to turn the global store furniture procurement process into near sourcing. Design/methodology/approach - Action research is employed. The limitations of the traditional SC organisation and purchasing process of the company are first identified. On such basis, an inventory management model is applied to run spreadsheet estimates where different purchasing and SC management strategies are adopted to determine the solution providing the lowest cost performance. Finally, a risk analysis of the selected best SC arrangement is conducted and results are discussed. Findings - Switching from East Asian suppliers to continental vendors enables a SC reengineering that increases flexibility and responsiveness to demand uncertainty which, together with decreased transportation costs, assures economic viability, thus proving the benefits of near sourcing. Research limitations/implications - The decision-making framework provides a methodological roadmap to address the comparison between near and global sourcing policies and to calculate the savings of the former against the latter. The approach could include additional organisational aspects and cost categories impacting on near sourcing and could be adapted to investigate different products, services, and business sectors. Originality/value - The work provides SC researchers and practitioners with a structured approach for understanding what drives companies to adopt near sourcing and for quantitatively assessing its advantage

Managing IT Outsourcing Risk: Lessons Learned

This document takes stock from several studies on outsourcing risk. A definition of risk is offered and illustration from many case studies is used to show how risk can be managed. Results show that an active risk management approach can reduce risk exposure subtantially while enabling the organizations to still reap the benefits associated with outsourcing. Cet article fait un constat des leçons tirées de récentes analyses du risque d'impartition. Une définition opérationnelle du risque d'impartition est donnée. Les mécanismes de gestion de risque sont également discutés. Les résultats de différentes études démontrent qu'une gestion active du risque permet de réduire sensiblement les niveaux d'exposition au risque, notamment dans le cas de contrats d'impartition des technologies de l'information.Outsourcing of IS, IS risk management, agency theory, transaction cost economics, decision making under risk and uncertainty, Impartition, gestion des risques, agence, coûts de transaction, décision, risque et incertitude

CRAC: Confidentiality Risk Assessment and IT-Architecture Comparison

CRAC is an IT-architecture-based method for assessing and comparing confidentiality risks of distributed IT systems. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets), and the paths that may be followed by different attackers (e.g. insider and outsider). We evaluate its effectiveness by applying it to a real-world outsourcing case

Objectivity and independence: the dual roles of external auditors and forensic accountants

This paper is aimed at illustrating that certain capacities exist whereby the dual role of the external auditor (in undertaking internal audit roles as well as skilled persons roles) could be exercised to the optimal and maximum benefit of an entity or organisation. It also aims to accentuate on why a return to and focus on traditional auditing techniques, as well as auditing techniques which focus on internal controls is a much needed move. In so doing, it contributes to the extant literature by highlighting why such a move should be facilitated, as well as proposing means whereby such a move would be facilitated - namely, through a focus on benefits which could be derived where the external auditor is able to incorporate certain internal audit responsibilities. The paper also draws attention to safeguards which require due consideration if the ever important attributes of objectivity and independence are not to be compromised. Risks associated with the overlapping roles of testifying and consulting experts in Forensic Accounting will also be considered in this paper. Whilst the benefits and potentials of the dual roles assumed by external auditors are emphasized, as well as the need to ensure that safeguards operating to guard against a compromise of objectivity and independence are in place, authors' opinions in support of dual roles also take into consideration the utmost priority of ethical values. The paper hence also highlights the fact that such dual roles are appropriate in certain cases – as illustrated by justifications for limitations imposed by the Sarbanes Oxley Act and other relevant and applicable legislation – even though instances also persist where section 201 of Sarbanes-Oxley, with regard to internal audit outsourcing, may have been over-reactionary and may continue to hinder both companies and their auditors