This is a Flickr badge showing public photos and videos from Chief Architect. Make your own badge here.

Search ...

Powered by Squarespace

Management Blog

Discussion on a variety of general IT management topics.


Enterprise Architecture: Ten Reasons why Outsourcing tends to fail... – A Repost!

First, I must declare an interest – I work for a leading global IT and business process outsourcing services provider.

More importantly, I must counter or clarify the ten reasons that James Govern has cited for outsourcing failure. I am not going to say that outsourcing is always right or that it never fails – on the contrary, the reasons listed are in general correct but the industry and its customers are learning. James has written an outline for a supplier evaluation, if you choose an outsourcer then they should be able to satisfy you on all these points. There are answers…

Cost-reduction expectations
James is half right here! An outsourcing strategy should be more sophisticated than cost reduction. However, the assertion that the cost differential cannot be sustained is flawed. First, the US Dollar will stabilize against other currencies. Second, as the labour pool in India is further expanded beyond the tier 1 cities, wage inflation is likely to reduce. Third, the offshore labour force is being developed in many countries around the world which will further restrain wage inflation.

Data security/protection
Large organisations will typically have many sites that are sited in different countries. They are already communicating with their suppliers and customers electronically. Adding another business partner, the outsource supplier, poses no greater security challenge. 

Equally, the same organisations have contractors and dissatisfied employees who are just as capable of injecting malicious or insecure code. A mainstream outsource supplier will have invested in security technologies and processes that most large organisations can only dream of. They have to in order to be credible.

Process discipline (CMM)
James hints at three issues here. The first is poor implementation of new processes. As with all best practice processes, they require best practice implementation. Good process implementation will, in general, speed up activities, reduce risk and costs. Initial implementation will often have some flaws. Process integration between the client and supplier organisation relies on cooperation by staff at the client organisation. Over time these flaws will be eliminated because the mainstream suppliers use self optimising processes.

The second issue relates to how the experience client staff work with the new supplier. Well designed process and organisational integration between the client and supplier will leverage the value of the experienced, heavyweight folk that work in client organisations. This takes effort on both sides, the supplier will have gone through the transition many times and will be able to advise on how to make it work.

The third issue is the assertion that experienced folk don’t need heavyweight processes. This is correct in most cases because these guys will have discipline and judgement that means that looser guidelines will suffice. However, few organisations can sustain IT departments built entirely from highly experienced staff.

Loss of business knowledge
One reason for outsourcing is to secure organisational knowledge. In many organisations, critical and IT business knowledge is trapped in the heads of a few key individuals. This poses a major threat to those businesses. Mainstream outsourcing organisations have well developed methods for knowledge capture and dissemination. They have to be good at it because their businesses depend on it.

In the short term there is the potential that some key element of knowledge will not be captured and an issue that relies on this knowledge will emerge. Over time, this potential will be reduced and the overall threat to the organisation will be reduced. Having the knowledge formally captured ensures that the threat does not re-emerge.

Vendor failure to deliver
IT as a whole does not have a great record of successful delivery. I suspect that research will show that mainstream outsourcers have a better record than end user companies. The reason is that they are specialists at it and invest far more in getting it right than a typical end user organisation. That is why they are growing.

Scope creep
I wasn’t quite sure what James was getting here. From an SDLC and commercial point of view there different approaches to handling changes. Different outsource vendors have different philosophies and approaches to managing changes – you can get a mismatch if you don’t think this through when you let the contract. You need an outsourcer that manages change in the way that you want to manage change.

Government oversight/regulation
I agree organisations need to identify and protect their business critical IP. Any outsourcer that lost critical IP would lose its credibility in the market. Again it is an area where the mainstream suppliers have to ensure that they are secure.

Culture is a big deal. The key is to take a good look at the engagement model – a strong onsite/onshore presence will reduce the risks in this area, as will a strong vertical focus.

Turnover of key personnel
The assertion that outsourcing removes the possibility of working with good people is plain wrong. Just the opposite, mainstream outsourcers have exceptional talent.

But your role may change, and the transition will involve bringing the outsource staff up to speed and this may not be what you want to be doing. So, in some cases people will leave. But some good people will thrive on the challenge of working to a new model and will embrace the opportunity to learn that bringing in an outsourcer brings with it.

Knowledge transfer
As I outlined in my discussion of “business knowledge”, knowledge transfer is a core competence of outsourcers. Staff from an outsource supplier bring different experience that may have more or less value than that of the incumbent staff.


Ventoro Outsourcing Research Report

  1. Develop a successful outsourcing strategy
  2. Implement a global sourcing model
  3. Manage a global team

Strategy & Management Bookshelves

I have updated the small list of books that I have found useful for developing business and IT strategy. I have added another small list of general management books.


RACI considered harmful...

As Chief Architect I had a responsibility for defining the security architecture.  We had a virus attack on some remote devices due to a supplier failing to install anti-virus software and then carrying out an upgrade using contaminated discs. What was my Responsibility or Accountability for this incident?

Formally, according to the RACI chart, I was in the clear.  We had delivered the policy.  The supplier had the "R"  for implementation, the internal infrastructure team had the "A".

My reaction was that we, the architecture team, had dropped the ball. We had let the business down and the subsequent loss of trade was in part down to us.  I had failed personally to ensure that the architecture was delivered, and my team felt the same way.

There were two things that, in hindsight, we could have done better.  We should have made sure the implementation plans were complete. And we should have made sure they were carried out.

What did we do to fix things?  The reaction from the team was instantaneous.  They got out there and made sure the situation was fixed both short term and long term. Was this "architecture"?  No, it was closer to incident management, problem management, and to project management. Did we ask permission?  No. Did we step on other people's toes?  Yes. Did we violate the RACI?  Yes. Was it the right thing to do? Absolutely!

Was the RACI chart wrong? No. If we were to get the RACI to cover every situation then we would be working on it for ever. And we would tie ourselves up in bureaucracy trying to deliver it.

There is something for more important than the formal RACI statements. It is pride in a job done well.  It is the personal contract with yourself. It is the expectation that you have of yourself. A high performance team develops a shared expectation.

Why is RACI harmful? It devalues pride. It allows you to point the finger at someone else when in reality you could have done something. It allows you to abdicate your collective and corporate responsibility to do the right thing, to be helpful, to be a good citizen. It encourages the worst kind of institutional politicing.


The CIO should kick the tires... (part 2)

It occurred to me that some CIOs may find the data center an intimidating environment. They may have a background in development or the business. Some data centers are fiercely guarded alien worlds where only the elite trusted forces of the operations manager may tread. In many organizations, there are cultural barriers between the operational world and projects with mutual distrust. A benefit of the CIO walking the data center is that they can start to break down this unhealthy divide.

But first the CIO must find the confidence to to get out there and not feel that problems may have been hidden or that they have been treated like a child. A visit to another CIO who has this cracked would be a good place to start. Hosting companies are always friendly if they think there is a prospect of some business. They will demonstrate what a good data center should be like, they will have war stories of places that they have taken on and recovered. They will be able to provide simple checklists to help identify good and bad practice. Three or four visits should give sufficient knowledge. Now its time to test the knowledge, a trip back to your CIO friend is probably a good idea.

Your first walk around the machine room... Does it feel secure? Do you get the feeling that everything is well ordered? If it looks wrong then it probably is. If it felt wrong then go with your gut feel, there probably is a problem.

As CIO, you have the right to be satisfied that the data center is run effectively. If you don't know then you have a duty to find out quickly. If you don't think it is then you have a duty to get it fixed, and fixed quickly.

Can't afford the time? Can you or your organization afford major IT failure?