Implementation > Managing Risks
What are the risks and what can you do?
The concept of risk management is that prevention is better than cure. Identify potential risks and take actions to avoid then occurring. Many companies will have a risk management methodology. Your provider should also have one and I have outlined one below. They are probably very similar. Get everyone to align on one approach so that you talk the same language. As well as an outline risk management process, I have provided sets of categories, example risks and mitigation approaches appropriate to BPO implementation.
To manage your risks:
- Identify potential risks: Bring together a set of people with broad knowledge of your business, change projects and outsourcing and brainstorm potentials risks. Using the risk categories can help to avoid missing important ones. After generating a brainstorm list, clarify the risk and group any that are essentially the same risk.
- Assess the risks: place each risk on a chart of impact vs. probability. I don't normally quantify the risks at this stage, just their relative positions. Discard any risks that are felt to be very unlikely or that have a very low impact.
- Develop mitigation actions for significant risks: Where a risk has the combination of likelihood and impact to make it significant, draw up mitigation actions. These may include monitoring factors that would bring about the issue, changing the way the implementation is carried out to avoid the risk, or taking steps to negate its impact.
- Log the risks and actions: The risks and actions should be kept on a risk log for tracking throughout the project.
- Integrate actions into the project plan: Adapt the project plan to incorporate the mitigation actions. This avoids having sperate planning lists and brings all the activities under the same monitoring process.
- Review periodically and when circumstances change: If there is a significant change in plan or circumstance, review and refresh the risk identification and assessment. Otherwise, undertake a review at each milestone.
Risk categories can help in making sure you include a broader coverage of potential risks.
|HR & Employees||Employee morale, retention etc.|
|External reputation & PR||Customer relationships etc.|
|Contract & Legal||Legal terms and conditions|
|Compliance and regulatory||compliance with legislation and standards|
|Technology & Systems||IT systems and infrastructure|
|Operational & Process||methods, procedures, skills|
|Provider relationship||Culture, communication, governance|
|Business Strategy & Management||Business direction changes, management support|
|Transition performance||The performance of the in-scope processes drops during transition.|
|Loss of knowledge & Skills||The company looses important knowledge and skills due to outsourcing|
|IP Leakage||Company intellectual property leaks to competitors|
|Extended transition period||The overall cost of the services is increased due to an extended transition|
|Staff attrition||Company staff are lost prior to or after transitions due to the changes|
|Dropped activities||Out of scope activities, previously undertaken by roles being replaced are discontinued by mistake|
|Changes increase costs||The cost benefit of outsourcing is lost due to inefficiencies and overlaps|
|Provider skills deficient||Staff recruited and training does not provide the required capability in service staff.|
|Technology failures||Service infrastructure or its integration with client systems has failures|
|Shadow organisations||Organisations in the company continue to replicate the services|
|Service under used||The client organisation does not make the expected use of the services.|
General mitigation approaches
Large areas of risk can be mitigated with sound approaches to Change Management (staff and organisational issues) and Governance (Operation and process performance, provider relationship). These are covered in the following two pages. Here, I would like to emphasize the value of having exit criteria for a set of stage gates agreed with your provider. Typical stage gates would be:
- Knowledge transfer complete
- staff recruitment (each tranche)
- Operating procedures signed off
- Proficiency of staff tested
- Service rehearsal
- Service readiness
- Service accepted
- Stabilisation exit