Buyers of sourcing services must seriously consider risk when they contemplate outsourcing — and the results are often included in the outsourcing contract. Outside of disaster recovery and business continuity, though, most clients never follow up with an action plan after the engagement begins, nor do they consider additional risks associated with outsourcing. Between the pressure of transition and startup and the daily demands to deliver services and satisfy business stakeholders, risk is often left for “later.” Resist this tendency by ensuring that operational, reputational, financial and relationship risks are actively managed.
Consider these TPI Top 5 tips for making ongoing risk management a part of your governance process:
1. Identify risk responsibilities in the contract. Risk responsibility was documented and is likely scattered throughout your service provider contract in many different exhibits. Evaluate all your contract documents for every area where risk management and responsibility is identified, and make a risk responsibility matrix that shows what you and your service provider are contractually responsible for. Share the matrix with your entire management team and your service provider, and incorporate it into your governance process.
2. Identify and document additional risks in the engagement. Many potential risks in the engagement will not be addressed in the contract, including those your organization may cause. To determine potential risks, hold a series of workshops with your outsourcing management team, the service provider, business stakeholders, and any other organizational entities necessary. Contact us for a checklist of categories to examine closely for risk factors.
3. Rate the risks; develop and implement risk mitigation strategies. Rate each identified risk on a scale with two axes: probability and impact. Holding a group discussion can quickly identify risks that require mitigation strategies. Those that have high probability and high impact are obvious candidates for deeper consideration. Pay special attention to risks in the low probability/high impact category; strategize what you will do in every case where you think mitigation will be required, and identify (and act on) any mitigation requirements that might affect or change how you act in daily operations.
4. Manage your identified risks. Maintain a risk tracking log, noting when you encounter a situation where you need to activate your mitigation plan. Periodically meet with your key team members (and the service provider, when applicable) and review mitigation plan deployments to learn what worked and what could be improved. Periodically review your risk tracking log to determine if the risk profile (probability vs. impact) has changed, and update plans accordingly.
5. Publish your risk tracking tool. The risk tracking log can be as simple as an Excel spreadsheet, a more sophisticated Access or Lotus Notes database, or a commercial-off-the-shelf application. Whatever tool you use, ensure that everyone involved in the outsourced services management knows where to access the tracker. This is your roadmap for the organization to respond to risk events that will inevitably surface.
TPI’s Service Management & Governance experts can help you achieve your organizational goals through objective advice, knowledge of your industry and experience with arrangements from simple to complex. Contact Cynthia Batty, Director, TPI, to learn more.