Outsourcing of business processes and functions is significantly on the rise.  Functions such as information technology (IT) are being outsourced often with the goal of cutting costs and maximizing profitability.  In fact, business process outsourcing is expected to grow to $1.2 trillion by 2006, according to some estimates. Outsourcing of business processes is not only done by large organizations, but the extent of outsourcing by small and medium sized businesses is on the rise.  Many argue that the Internet is enabling outsourcing of many business functions that formerly weren’t outsourcing candidates.
p. Analysis of outsourcing announcements by over 300 U.S. companies indicates that all types of business processes have outsourcing potential.  Supply chain processes comprised the largest percentage (28%) of outsourcing arrangements followed by insurance claims processing (16%), financial services (16%), and security transaction processing.  Within IT functions, hardware/software support comprised 26% of IT functions outsourced, along with network management (18%), and application development and programming (16%).
p. Often the rationale for outsourcing is cost containment or reduction.  Interestingly, the most often cited explanation by executives in these outsourcing announcements (24% of those examined) noted the desire to obtain external expertise as a primary reason for outsourcing.  While 20% of the announcements cited cost savings as a primary driver, 17% noted that the decision to outsource was motivated by a desire to help the organization focus on its core competencies.
p. So, the decision to outsource is being driven by the desire to manage multiple types of risks, including risks associated with increasing labor and other process costs.  If management focuses on risk reductions using a “silo-based” approach, however, they may fail to identify and manage new risks created by the outsourcing decision.  In some cases, new risks may not be significant when considered individually; however, but when they interact with other risk areas they may be excessive in the aggregate.  Thus, in the end, management’s decision to outsource to reduce certain risk exposures may ultimately increase the entity’s total risk portfolio.
p. Enterprise risk management (widely-known as “ERM”) is a growing business paradigm in the U.S. and abroad.  There are many calls for better risk management techniques, including calls for management’s design and implementation of ERM guidelines and processes.  Ultimately, an ERM approach to risk management seeks to manage risks to be within an acceptable level for key entity stakeholders, including shareholders.  An ERM view of the risks involved with outsourcing attempts to identify, assess, and respond to all significant risks associated with outsourcing decisions.
p. The decision to outsource may create risks to an entity’s strategy and market, operations, finance, human capital, IT, legal/compliance, and reputation.  For example, consider the following risk areas that may be affected by outsourcing:

  • Strategic/Market Risks – Outsourcing core business functions, such as customer handling activities, may threaten the entity’s strategy and market if poor communications and poor product/quality deliver occurs.
  • Operational Risks – Outsourcing portions of the supply-chain processes to the lower quality vendors may hinder production and delivery.
  • Financial Risks – Many hidden costs are associated with outsourcing, including training and infrastructure maintenance after the fact.
  • Human Capital Risks – Backlash from labor unions and other employee groups may occur when jobs are lost to outsourcing.
  • IT Risks – With many outsourcing arrangements dependent on Internet access, any breakdowns in connectivity and the need for an adequate IT infrastructure may create risks.
  • Legal/Regulatory Risks – Legal issues related to privacy, confidentiality, and security of business transactions may increase, and often enforcement must occur in non-U.S. legal systems.
  • Reputation Risks –  Negative perceptions in the U.S. associated with outsourcing may affect an enterprise’s overall reputation.

Outsourcing may lead to risks like these noted.  Furthermore, certain events may arise that could increase risks across multiple dimensions, which might increase the portfolio of risks facing the enterprise exponentially.  Thus, an ERM approach to managing risks related to outsourcing decisions is warranted.  ERM may help management and the board of directors live up to expectations related to effective risk management for any organization considering an outsourcing decision.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2004-07-01