Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - 10 Key Considerations When Offshoring Operations.


By Tejus Trivedi, CISA

The most common reason for off shoring operations is cost. However, inefficiently and inadequately planned off shoring can more than offset any savings in cost. An off shoring exercise is an integral part of a company's strategic risk plan. The same level of detail, planning and attention needs to be allocated to this project as with any other enterprise wide strategic initiative. As corporate governance increases, there is increased realization that any change in one part of the company affects the other. For example an IT off shoring initiative is going to have a big impact on how the business processes within the company function. Typically, every project of this scale, impact and magnitude will have a project management office (PMO) associated with it. The PMO can report the progress of this project on a regular basis to a committee formed for this specific purpose. The committee should consist of senior management including both IT and business of those applications that are going to be affected by such off shoring.

Below are outlined 10 important points to be kept in mind when off shoring.

1. Selecting the vendor: Vendor selection for providing offshore operation services needs to be a very well documented process such that the plan can be revisited either for updating it or audit or a 'lessons learned' type exercise. To be specific, other than quantitative factors such as number of years experience of the vendor firm, or the number of clients it has serviced, the following considerations should also be kept in mind:
        What kind of quality benchmarks (e.g. ISO, CMM, Six Sigma type total quality management practices etc) do the vendors track?
        Does the vendor follow recognized Coding standards?
        Awareness of IT Governance practices, good internal controls as well as formal well documented process flows.
        Qualifications, special skills, as well as knowledge of required software or development tools. This would reduce the amount of training needed to bring those employees at par with the client company's expectations.

2. Data Privacy: With increase in the awareness of corporate governance, data privacy is the first and the most critical concern that an organization faces in an off shoring operation. Such a risk has complex considerations when drawing up a contract, ranging from the country's laws for data privacy as well as the vendor firm's data security procedures. Such risks can be hedged by including the appropriate verbiage in the contract and service level agreements. If the client organization already has a Data Classification Policy in place, it becomes that much clearer on the expectations of security around different types of data e.g. Customer data, employee data and other data.

3. Employee Turnover: Turnover at the vendor firms is also a rising concern among client organizations. However, a high degree of employee turnover does not necessarily mean an inefficient or incapable organization. Some degree of turnover is a sign of a healthy and competitive industry but chronic turnover can also indicate larger problems which can become a client company's own if they choose to disregard it. What is counted as a high degree of turnover? An industry comparison of average turnover would be the best bet to follow.

4. Country specific risks: Off shoring is now a worldwide industry not limited to a couple of countries. Countries from Chile and Brazil to Poland in Europe and India, China and Pakistan in Asia to name a few, are in the forefront of the off shoring industry. There are different cultural practices, government declared holidays, and sometimes forced business closings by members of different political parties. Such instances maybe unheard of in the U.S but are a way of life in some countries. Most vendor organizations are prepared to deal with all such instances and can provide uninterrupted business services. But the client organization should be aware beforehand so that it knows what to expect when dealing with different countries.

5. Security Concerns : Besides the obvious physical security, some other key factors to be kept in mind:
a. Is there a separate designated operating space for each client company?
b. Does each client organization have exclusive employees devoted to their transactions? In some cases, where the vendor company services more than one company within the same industry such segregation will be essential especially in case of Business Process Offshoring.
c. The same level of segregation of duties that would be followed within the client organization should also be followed at the vendor location. These concerns include but are not limited to developers having production access, conflicting user access security etc.
d. Presence of a safe and secure channel for scanning, sending and receiving information. Detailed infrastructure cost and time considerations should be taken into account while building up a business case for off shoring.

6. Service Level Agreements: Some factors to be included while drafting different key indicators of performance within service level agreements:
a. Incase of IT maintenance type functions, the turnaround time for resolving issues. Especially critical when dealing with external customer facing applications.
b. Downtime over a threshold point for different applications.
c. Frequency and completeness of reporting metrics.
d. Incase of the Accounts Payable function being off shored, number of days lag for the payments to be made and accounted for.
This is a very brief list of performance indicators. Performance measurement will be based on the type of off shoring activity and the detailed process behind it.

7. Business Continuity Planning (BCP) for the vendor organization: What is critical to watch out for is not just the presence of such a plan but how often is this tested. The client organization needs to look at the BCP as if it were their own because it is their data and consequently also their market reputation that will be on the line incase of any disaster.

8. Change Management: Off shoring will bring about a huge change in the way employees perceive their employer company. Off shoring being a common cost saving strategy, some will accept it and move one. However, incase employees have to be let go; the company has to reveal its more human side. Training outside people to take over their own job of many years is something of an exercise in human emotional endurance and true, there have been ways including threat of termination incase of non compliance but a little understanding and counseling can go a long way in getting the required co-operation and keeping the company's image intact.

9. 'Knowledge Continuity Planning' for the client organization: Off shoring is purely a business decision. As the 'go-live' date approaches, employees are maybe let go and hand off are completed. However, consideration needs to be given to the knowledge drain that occurs as the employee exits the company. For example, an effort should be made for employees who have been key in the implementation of critical applications or have certain key business knowledge to be accommodated in other functions instead of being let go.

10. Auditability: Client organizations should include periodic auditing rights within their contractual agreements. Additionally, a SAS 70 Type II provided by a well qualified local firm could also be used.

It is in the client company's interest to offer to train the vendor company in compliance to specific US laws such as SOX, Basel II etc which can contribute to a more complete corporate governance exercise.

        This article is not intended to be an exhaustive list of all the critical aspects for an off shoring project.
        The numbering of the different off shoring considerations is arbitrary and not indicative of any risk ranking.

About the author: Tejus Trivedi is CEO of Auditopia Solutions LLC, a Governance, Risk and Compliance Consultancy. For additional information on Auditopia and its mission please visit"

Honesty is for the most part less profitable than dishonesty. -- Plato