Offshore Accounting BPO Company

 

Offshore Outsource Risks and Mitigation



Social Bookmarks
Learn Cybelink Social Bookmarks



FAQ
BPO FAQ
Cybelink BPO FAQ
How it Works?
Working with offshore accounting team
Offshore Outsource Risks and Mitigation

1. Introduction
Offshore outsourcing becoming a growing practice for all the companies, no matter the size of the company large, medium, or small, all companies are using offshore recourses for IT and BPO projects. As more and more companies, use the offshore outsource providers for their daily business operations it becomes critical for the businesses to understand the risks associated with offshore outsourcing. Understanding the offshore outsource risks is only the first step, companies must take proper steps to avoid it and have proper risk mitigation strategies to handle it as it arises in the projects. In this article we will explore common offshore outsource risks and discuss effective risk mitigation strategies to avoid it.

2. Common Offshore Outsource Risks
Following are some of the common risks faced by the companies in their offshore outsource initiatives:
  • Business Value risks
  • Legal risks
  • Offshore Personnel risks
  • Project risks
  • Offshore Vendor operational risks
  • Intellectual Property (IP) risks

Some of the risks like IP, Legal risks can be mitigated through outsource contract terms. However, contract alone cannot solve all the offshore outsource risks. You need to manage and monitor the risks regularly during outsource project execution. In the next section, we will explore each risk in detail and present different risk mitigation strategies for each one of them.

2.1 Business Value Risks
Before you start your offshore outsourcing initiative, you need to answer the question clearly.

What is the business value of offshore outsourcing for your company?

It may be innovation, cost saving, operational efficiency, better utilization of in-house resources or all of the above. Without clearly defining the business value, you are in risk of failing in your outsource initiative. Without defining the business value how do you measure the success of your outsource initiative to your company's management team? You can mitigate the business value risk by clearly identifying the value of outsourcing and figuring how long it will take to achieve it. For example, while working with offshore vendors, you may have to include costs associated with travel, remote project management, in-house and offshore personnel training, etc. This extra cost will increase your offshore budget and this may cause your business value goals not achievable in the short-term but in longer-term you may achieve it. In any case, you need to educate your peers and your executive management team about the business value risks up-front so that they can be aware of the "value model" of offshore outsourcing.

You can also mitigate business value risks in other ways like proper SLA negotiation in outsource contract and monitoring it effectively throughout the outsource project. The outsource project management can also be used as an effective tool in identifying and fixing the value risks as it arises in the outsource projects. For example, the outsource project plan should have specific items to satisfy the SLA and it should make people accountable for not meeting those SLA on the projects. The outsource project plan should have proper escalation procedure and emergency meetings in case the outsourced project value goals are not reached regularly.

2.2 Legal Risks
Numerous legal risks are associated with the offshore outsourcing, there are no clear rules exist to make the offshore outsource firm liable for security breach or other contract violations. Countries differ in their local laws for foreign firms seeking damages from outsource firms. You must work with a law firm specialized in drafting offshore outsource contract and have significant working knowledge with the laws of the country where the outsource work will be performed. As a outsource buyer, you may not get all the legal disputes to be resolved in your country's jurisdiction. You need to make a compromise with the outsource vendor to use various forums like domestic, international arbitration, etc to resolve the legal disputes. Simple approach to mitigate the legal risks are asking the right questions, working with your legal department to answer the questions so that you can understand the difficulties and educate your management team about it. Following are some of the legal questions you need to understand and find answers for it. Not all the questions might be applicable for your offshore outsource needs. Generally, you need to be aware of these questions so that you can plan to mitigate the legal risks in your offshore outsourcing.

  • Who owns the IP of technology developed by the offshore outsource vendor?
  • Can the offshore vendor use the technology developed for you to other companies?
  • How the IP of the business process and technology is protected in offshore location?
  • What are the milestone achievements? How are it measured and what legal actions you can take in case the offshore vendor misses it?
  • What liabilities the offshore vendor exposes your company both in your home country and in the country where the outsourced work is performed?
  • Is there any export control that needs to be addressed in your home country and where the work is performed?
  • Is the outsourced work is performed by the outsource vendor you signed the agreement or the outsource vendor subcontracts the work to different vendor?
  • What types of insurances the offshore vendor has and how it protects their work?
  • How the disputes are resolved? What laws are used to resolve it?
  • Where will the disputes be resolved and who owns the cost of it?
  • What are your enforcement options for contract breach, IP, theft, or negligence of trade secretes?
  • Will the judgment against the offshore vendor enforceable in your home country or the country where the offshore vendor is located.
  • When and how can you terminate the offshore outsource agreement?
  • Under what circumstances you can terminate the outsource contract?
  • What taxes your company and the offshore vendor's company is responsible?

By understanding above questions and have attorneys draft the offshore outsource contract; you can protect your company and have proper legal risk mitigation in place for your projects. This will also help you to educate your management team about the legal risks of offshore outsourcing the precautions you have taken to address them.

2.3. Offshore Personnel Risks
Before you start working with offshore vendor, you need to understand the labor laws and other regulations of the foreign country. Even though you may not be directly responsible for labor law violations of the offshore vendor, you may be indirectly responsible for your offshore vendor's actions. Many foreign countries do not have laws for employees like workplace discrimination, privacy, sexual harassment, etc. For example, India has different laws than US for terminating the employees. In India, you cannot terminate an employee without following a lengthy termination process. Failure to follow the process can result in fines for an employer operating in India. Even though you may not be legally bound to the labor laws in foreign countries you need to understand it so that you can use the offshore resources effectively by restructuring or changing it as it fits your project needs without violating the labor laws of the foreign country.

Offshore personnel risks are mitigated by understanding the offshore vendor's labor practices, by visiting the vendor's offshore location offices and meeting with their employees you can understand their HR policies, professionalism in dealing with employees, etc. More over how the offshore vendor treats their employees might be acceptable in their country but may not be acceptable in your country. The most common example is "sweatshop" working conditions, though not common in IT and BPO projects. Nevertheless, you need to do proper due diligence in mitigating the risks by regularly monitoring the HR practices of offshore vendor and putting the minimally acceptable working conditions of the offshore personnel in the outsource contract.

2.4. Project Risks
There are several project risks are associated with the offshore outsourcing like unrealistic cost saving, internal organization readiness, poor planning, improper integration of in house business processes with outsourced business processes, transition time, training, etc. Any new initiative will come with risks; working with offshore vendor is no different. Offshore vendor location, cultural, and time differences make it project management even more difficult in comparison to working with inshore outsource vendor. All the outsource project related risks can be mitigated by assessing the organizational readiness, creating internal organizational structure and having an outsource business champion coordinating the outsource initiative between the internal teams and the outsource vendor.

Many organizations successfully managed the BPO project related risks by creating proper organizational changes to succeed in outsourcing. Executive group, governance group, in house business process group, and outsourced business process groups. Similarly, in IT outsourcing projects, these groups can work together to manage the project risks successfully. These groups manage the risks by working with internal employees; outsource vendor employees, and customers on regular basis. Any time an issue arises in the project; appropriate steps are taken by properly communicating and fixing the issue with all the affected parties.

For BPO projects, you can use the BPO feasibility framework to manage all of the projects related risks successfully. In addition, you can create an offshore project risk matrix and engaging both your internal members and offshore vendor in the process will help you in mitigating the risks.

2.5. Offshore vendor operational risks
Identifying and assessing operational risks of offshore vendor is the most difficult task for you. Offshore vendor business practices vary from country to country. Business practices like bribes and other financial transactions that are questionable in western countries can be a routine in the offshore vendor's home country. You need to be careful and identify if you violate any regulatory requirements in your home country, for e.g., violating U.S. Foreign Corrupt Practices Act will incur significant fines and other legal ramifications to your company. First step in mitigating this risk is having proper written policies that strictly prohibit any conduct that is considered as a statutory violation. Proper implementation of the policy requires ensuring that you continuously monitor the activities of offshore vendor and take appropriate actions in case of violations of the policies.

Some times offshore vendor may exaggerate their business expertise, process and quality certifications, technical skills, etc. This risk can be mitigated simply by verifying their claims and talking with their existing customers and other industry references. You can also visit their offshore locations, discuss with their employees and assess their internal operational capabilities.

2.6. Intellectual Property (IP) Risks
Organizations have several sensitive business data, proprietary business processes, custom technical solutions, etc, protecting critical business information is a great concern for all businesses. You need to make sure the offshore vendor has proper security policies and procedures in place to protect your business IP from theft by employees, computer hackers, exposure by error or negligence, and corporate espionage. You also need to be aware of legal standards and business practices governing the protection of business data, which varies around the world. For example, Gartner gave Mexico very good, India Good, Brazil fair and China poor ratings for data and IP protection.

You can mitigate the IP risks of offshore outsourcing by assessing their security capabilities, checking if they follow any industry security consortium, security certifications etc. Following are some the industry consortiums and certifications that are popular in various industries.

Some industries like financial institutions have industry consortium, banking Industry Technology Secretariat, BITS have developed several security guidelines and best practices for managing and safeguarding financial business data. BITS also have recommendations for disaster recovery, periodic security audits, lawful treatment of data, etc.

The U.S. government has created Health Insurance Portability and Accountability Act, HIPAA that has exhaustive list of policies, processes, data confidentiality, disaster recovery, encryption standards and other safeguards that is applicable to all health care industries.

The ISO 27001 is a certification that is given to organizations that has strict information security policies and other security controls in their organizations. All the major Indian based outsource companies has secured the ISO 27001 certification.

The SANS (SysAdmin, Audit, Network, Security) is another source where you can find information about security policies and guidelines.

If the offshore vendor follows the industry standards or has certifications then it is a good sign that they have good security policies in place. However, having the security certifications and industry compliance guidelines for security are only the first step; you need to make sure that the security risks you most value are part of the certification process. You also make sure that the offshore vendor follows your industry's best practices and compliance guidelines of your home country. The industry best practices and certifications cannot eliminate the security breach in your offshore vendor's company; you need to assess your offshore vendor's security contingency and disaster recovery plans and procedures.

3. Conclusion
Before you begin the offshore vendor selection process, you must consider the risks of having a business relationship with a vendor in a different country. A good risk assessment strategy is to develop an offshore vendor risk matrix for each offshore vendor in consideration during the vendor selection process. The offshore vendor risk matrix can have outsource vendor industry maturity, market goodwill, access to credit, and financial stability etc.

Offshore outsourcing does not eliminate your business risks; it moves some of the risks to offshore vendor. You need to have proper contingency plans to go back to your old systems and business processes if everything failed with the offshore vendor. Developing a contingency plans and processes might be more expensive than the actual outsource project expenses itself but you must have the fallback plans to protect your company from the offshore outsourcing failures.

Finally, all the offshore outsource risks mentioned in this article can be managed effectively by doing proper due diligence in the offshore vendor selection process and assessing each one of the risks carefully and continuously managing the risks will ensure success in your offshore outsource initiatives.


Site Map | Privacy | Terms and Conditions | RSS

Copyright © Cybelink Systems, Inc. 2006 All Rights Reserved
BBB Online Reliability