OF Icon

Outsourcing Fundamentals

Independent guide to Outsourcing: BPO strategy, Service Provider selection, contracting and implementation projects. Assessing and improving your current service.

Implementation > Managing Risks

What are the risks and what can you do?

Risk Management

The concept of risk management is that prevention is better than cure. Identify potential risks and take actions to avoid then occurring. Many companies will have a risk management methodology. Your provider should also have one and I have outlined one below. They are probably very similar. Get everyone to align on one approach so that you talk the same language. As well as an outline risk management process, I have provided sets of categories, example risks and mitigation approaches appropriate to BPO implementation.

To manage your risks:

  1. Identify potential risks: Bring together a set of people with broad knowledge of your business, change projects and outsourcing and brainstorm potentials risks. Using the risk categories can help to avoid missing important ones. After generating a brainstorm list, clarify the risk and group any that are essentially the same risk.
  2. Assess the risks: place each risk on a chart of impact vs. probability. I don't normally quantify the risks at this stage, just their relative positions. Discard any risks that are felt to be very unlikely or that have a very low impact.
  3. Develop mitigation actions for significant risks: Where a risk has the combination of likelihood and impact to make it significant, draw up mitigation actions. These may include monitoring factors that would bring about the issue, changing the way the implementation is carried out to avoid the risk, or taking steps to negate its impact.
  4. Log the risks and actions: The risks and actions should be kept on a risk log for tracking throughout the project.
  5. Integrate actions into the project plan: Adapt the project plan to incorporate the mitigation actions. This avoids having sperate planning lists and brings all the activities under the same monitoring process.
  6. Review periodically and when circumstances change: If there is a significant change in plan or circumstance, review and refresh the risk identification and assessment. Otherwise, undertake a review at each milestone.

Risk Categories

Risk categories can help in making sure you include a broader coverage of potential risks.

HR & EmployeesEmployee morale, retention etc.
External reputation & PRCustomer relationships etc.
Contract & LegalLegal terms and conditions
Compliance and regulatorycompliance with legislation and standards
Technology & SystemsIT systems and infrastructure
Operational & Processmethods, procedures, skills
Provider relationshipCulture, communication, governance
Business Strategy & ManagementBusiness direction changes, management support

Risk Examples

Transition performanceThe performance of the in-scope processes drops during transition.
Loss of knowledge & SkillsThe company looses important knowledge and skills due to outsourcing
IP LeakageCompany intellectual property leaks to competitors
Extended transition periodThe overall cost of the services is increased due to an extended transition
Staff attritionCompany staff are lost prior to or after transitions due to the changes
Dropped activitiesOut of scope activities, previously undertaken by roles being replaced are discontinued by mistake
Changes increase costsThe cost benefit of outsourcing is lost due to inefficiencies and overlaps
Provider skills deficientStaff recruited and training does not provide the required capability in service staff.
Technology failuresService infrastructure or its integration with client systems has failures
Shadow organisationsOrganisations in the company continue to replicate the services
Service under usedThe client organisation does not make the expected use of the services.

General mitigation approaches

Large areas of risk can be mitigated with sound approaches to Change Management (staff and organisational issues) and Governance (Operation and process performance, provider relationship). These are covered in the following two pages. Here, I would like to emphasize the value of having exit criteria for a set of stage gates agreed with your provider. Typical stage gates would be:

  • Knowledge transfer complete
  • staff recruitment (each tranche)
  • Operating procedures signed off
  • Proficiency of staff tested
  • Service rehearsal
  • Service readiness
  • Service accepted
  • Stabilisation exit