The Dreaded IT Risk Register!

  • Published on: 24 February 2015
  • By: Lesley Michaelis

You can see it now – a voice says “we need to review the IT Risk Register” and everyone suddenly has a more pressing meeting to go to. Perhaps the reason for this reluctance to review the register is born from the fact that it typically contains many items around technology and the need to invest in technology and infrastructure. Whilst it is important to acknowledge the significance of this, equal weight must be given to managing the risks relating to an outsource service.

One of the key risk areas where little attention is paid is around exit and effectively mitigating your risks around an exit strategy. Once you have been involved in a number of exits, have learned lessons and have the scars from a commercial and service perspective, you can appreciate that this is not an area to be ignored. Take a look back at the difficulties experienced by IBM and AstraZeneca widely publicised at the time. Proactively understanding the risks and putting risk mitigation strategies in place would bring enormous business benefits to organisations. This allows a well understood, smooth and commercially sound exit to be managed successfully with no surprises.

“It’s not me, it’s you…”

The end of an outsourcing relationship can be a difficult time. Typically there may have been a lengthy re-tendering process with the incumbent vendor going through many months of uncertainty. Equally, there may be legal issues and contract breach discussions which could even be the reason for the exit. Whatever the reasons or triggers for the exit, it is never an easy time for supplier or customer. Too often, the underlying triggers underpin the behaviour of both parties at a time when continuity of service, a smooth exit and successful transition need to be the focus areas.

This “emotionally driven” exit could easily be mitigated by proactively reviewing and testing the exit plan on a regular basis.

The IT outsourcing market is fairly mature. Long gone are the large outsourcing awards of everything to one party that were once in place. The market has moved to smaller value contracts; multi-source models with a comparative short-term average duration. This is why organisations are having to exit more frequently, often performing this exit with many suppliers simultaneously and dealing with offshore service transfer, thus increasing the complexity and risk.

More and more customers are also now looking at in-sourcing some of the services they had previously offshored, adding further complexity and issues for exit. How can you mitigate the risks of bringing knowledge back from an offshore location, bearing in mind issues such as culture alignment, different ways of working, logistics etc.? It is too late to start thinking about these issues as you enter the exit phase of a contract; you need to understand this before embarking on a new sourcing process.

I find this interesting: the fact that many organisations have been through complex exits, suffering as a consequence but this does not seem to have prevented the same issues happening again with no proactive, preventative measures put in place.

Industry Trends and the Growing Problem

No matter the industry, companies are no longer able to survive without technology. Big data, analytics, cloud, mobility, globalisation, social media, gamification, consumerisation, smartphones and tablets are all trends that are moving at an incredible pace. These trends are driving companies to innovate and be different in order to maintain their competitive edge. Underpinning all of these trends is technology and a vast array of outsourcing relationships of all different shapes and sizes. Having flexibility, agility and service continuity in IT service provision is the key to moving forward and gaining the competitive edge. Termination clauses, exit provisions, IPR ownership, asset ownership, key skills, knowledge transfer and inadequate documentation are all risk areas impacting the ability to embrace the change. Understanding and mitigating the risks can enable you to not only compete, but to stay ahead of the game.

Getting ahead of the Competition

So, why not make exit testing an item on your IT Risk Register and get ahead of your competitors? Quantum Plus has recently been working with a number of customers in this area to provide them with a clear way forward for them to minimise the potential impact and develop a strategy to enable a smooth exit. This is coupled with achieving their objectives of providing a more flexible and agile service for the future. In today’s changing marketplace with fast moving changes in technology and the necessity for strong alignment between IT and the business, don’t be the one who impacts the ability of your organisation to move forward by not having a risk mitigation strategy aligned to your supplier relationships.